Financial institutions use customer due diligence as an element of know-your-customer (KYC) steps to comply with anti-money-laundering laws (AML) and protect your organisation from financial crime. Enhanced due diligence (EDD) are measures taken for accounts or activities which pose a greater risk.
What effective EDD procedures can you use to minimise risk and maintain practical compliance standards when onboarding high-risk customers?
Risk management procedures often differ based on a customer’s risk profile. It starts by taking steps to ensure you know who you are dealing with, understanding their activities and assessing their risk of money laundering.
Proper customer identification procedures (CIP), are the starting point for identifying either individuals or businesses. After all, how can you vet a customer if you do not know exactly who you are dealing with? Gathering essential identifying information and validating that information is the first step to CDD compliance and reducing risk.
After that, you need to determine what a normal and expected activity for that prospective account holder is. These determinations might be based on a customer classification system that you have put in place or on the type of account. With clearly defined policies, a risk-based approach makes it easier for staff to implement analysis and compliance staff to report to regulators, if necessary.
Enhanced Due Diligence KYC factors
Across the industry, the following factors need to be considered when an account does require EDD:
- Location of the business
- Occupation or nature of business
- Purpose of the business transactions
- Expected pattern of activity in terms of transaction types, monetary volume and frequency
- Expected origination of payments and method of payment
- Articles of incorporation, partnership agreements and business certificates
- Understanding the customer’s customers
- Identification of beneficial owners of an account or customer
- Details of other personal and business relationships the customer maintains
- Approximate salary or annual sales
- AML policies and procedures in place
- Third-party documentation
- Local market reputation through review of media sources
Industries with a higher risk of money laundering, such as gambling, often have EDD requirements. Many jurisdictions have threshold limits for transaction amounts that, if exceeded, trigger EDD. Certain relationships, such as with shell banks, also call for EDD; there are many other situations where local regulations for EDD come into play, so knowing the exact details of your jurisdiction is prudent.
Enhanced Due Diligence measures
So what should you do when you get a client that requires EDD to be performed? Of course, you are able to decide not to do business with the client, however, this causes you to turn away legitimate business and results in a loss of business and revenue.
The Financial Action Task Force (FATF) has recommended that a risk-based approach be followed, “the amount and type of information obtained, and the extent to which this information is verified, must be increased where the risk associated with the business relationship is higher.” With a risk-based approach, a blanket rejection for high-risk clients is no longer necessary as your procedures may now adapt to the situation.
Following this suggestion, GloRep has developed a risk based system which is fully customisable to the requirements of your individual business.
The other advantages of a risk-based approach include its adaptability to the size and strengths of your institution, it takes a holistic view of a customer and their associated risk, and it also offers flexibility with how conditions, technology and other factors change.
Some EDD practical steps suggested by the FATF, include:
- Obtaining additional identifying information from a wider variety or more robust sources and using the information to inform the individual customer risk assessment
- Carrying out additional searches (for example, verifiable adverse media searches) to inform the individual customer risk assessment
- Commissioning an intelligence report on the customer or beneficial owner to understand better the risk that the customer or beneficial owner may be involved in criminal activity
- Verifying the source of funds or wealth involved in the business relationship to be satisfied that they do not constitute the proceeds from crime
- Seeking additional information from the customer about the purpose and intended nature of the business relationship
It is not good enough to only run checks once and be done with it. Another FATF recommendation is a risk-based monitoring strategy that catches suspicious activity or changes in the risk profile:
Enhanced monitoring should be required for higher-risk situations, while banks may decide to reduce the frequency and intensity of monitoring where the risks are lower.
Beneficial ownership EDD requirements
Increasingly, checking the Ultimate Beneficial Ownership (UBO) structure is becoming an EDD requirement. To the extent an account holder engages in international transactions, financial institutions need to know the beneficial owners of the account holder to comply with OFAC (Office of Foreign Assets Control) sanctions requirements or to conduct meaningful due diligence of the account.
From an FCPA (Foreign Corrupt Practices Act) perspective, a company has to identify the beneficial owners of its third-party intermediaries. A company cannot satisfy its compliance programs by simply checking the name of a private company in its database without checking the beneficial owners, officers and directors of the same company.
The FATF, in an analysis of beneficial ownership best practices, noted the issue of tracing UBO information when dealing with foreign ownership or directorship and suggested enhanced measures for these types of entities. In some countries, the “individual/legal person is required to provide a comprehensive set of information, including on the financial standing of the foreign individual/legal person, the ownership and control structure of the foreign legal person, and copies of founding documents and agreements regulating the powers to bind the legal person.”