One aspect of KYC checking is to verify that the customer is not on any list of known fraudsters, terrorists or money launderers, such as the Office of Foreign Assets Control's Specially Designated Nationals list. This list contains thousands of entries and is updated at least monthly. As well as sanctions lists there are lists of third party vendors that track links between persons regarded as high-risk owing to negative reports in the media about them or in public records.
Beyond name matching, a key aspect of KYC controls is to monitor transactions of a customer against their recorded profile, history on the customers account(s) and with peers.
Banks doing KYC monitoring for anti-money laundering (AML) and Counter-Terrorism Financing (CTF) purposes increasingly use specialised transaction monitoring software, particularly names analysis software and trend monitoring software. The generated alerts identify unusual activity which is then subject to due diligence or enhanced due diligence (EDD) processes that use internal and external sources of information on the subject, including the internet. This helps to determine whether a transaction or activity is suspicious and requires reporting to the authorities. In the US it would require Suspicious Activity Reporting (SAR) filing to Financial Crimes Enforcement Network (FinCEN). In the UK it would require a report to Serious Organised Crime Agency (SOCA).
Know Your Customer processes are also employed by regular companies of all sizes, for the purpose of ensuring their proposed agents', consultants' or distributors' anti-bribery compliance. Banks, insurers and export credit agencies are increasingly demanding that customers provide detailed anti-corruption due diligence information, to verify their probity and integrity.
Some specialist consultancies help multinational companies and SMEs conduct Know Your Customer processes when entering new markets.
EDD has not been internationally defined. As a result financial institutions are at risk of being held to differing standards dependent upon their jurisdiction and regulatory environment. An article published by Peter Warrack in the July 2006 edition of ACAMS Today (Association of Certified Anti-Money laundering Specialists) suggests the following:
“A rigorous and robust process of investigation over and above (KYC) procedures, that seeks with reasonable assurance to verify and validate the customer’s identity; understand and test the customer’s profile, business and account activity; identify relevant adverse information and risk assess the potential for money laundering and / or terrorist financing to support actionable decisions to mitigate against financial, regulatory and reputational risk and ensure regulatory compliance.”
Using a risk-based, tiered approach the definition can be tailored to suit a particular product or service.
It is assumed that usually EDD is triggered by regulatory requirement, risk-scoring and detection systems and that in a tiered approach, the process becomes more manual as the level of EDD increases.
Generally this means consistent, thorough and accurate. The process must be documented and available for inspection by regulators.
The process must be SMART (Specific, Measurable, Achievable, Realistic and Timebound), scalable and proportionate to the risk and resources.
EDD files rely upon initial client screening. This definition requires revalidation of the customer’s identity – knowing the client’s identity, not who they say they are. EDD processes should use a tiered approach dependent upon the risk.
Crucial to the integrity of any EDD process is the reliability of information and information sources, the type and quality of information sources used, properly trained analysts who know where to look for information, how to look and how to corroborate, interpret and decide the results.
Searching on Google, for example, means different things to different people. Experience has shown poor returns from staff that believed they were experienced, but in practice were not and consequently failed to find relevant information.
What is reasonable depends upon factors including jurisdiction, risk and resources. For sanction matches it depends upon information provided by regulators. In all cases the suggested standard is to the civil standard of proof i.e. on the balance of probability.
Examples include fraud and other dishonesty, drug trafficking, smuggling or other proscribed offences, references to money laundering, or conducting business, residing in or frequenting countries deemed by the Financial Action Task Force and/or (institution) as being countries under sanction or countries with which (institution) does not do business; to official sanctions or watch lists; and to investigations, convictions or disciplinary findings by authorized regulatory bodies.
In USA: Pursuant to the USA Patriot Act of 2001, the Secretary of the Treasury was required to finalize regulations before October 26 2002, so KYC is now mandatory for all US banks
In India: RBI has introduced KYC guidelines for all banks first time vide circular DBOD. No. AML.BC.18/ 14.01.001/2002-2003 dated August 16 2002. Later vide circular no DBOD.NO.AML.BC.58/14.01.001/2004-05 dated November 29 2004, RBI has directed that all banks shall ensure that they are fully compliant with the provisions of this circular before December 31 2005. Therefore KYC is fully implemented in India.
In South Africa: The Financial Intelligence Centre Act 38 of 2001 (FICA)
news reports from: