AML Compliance: KYC And Due Diligence


aml115AML compliance is filled with fascinating issues, lots of acronyms, and plenty of common sense.  One of my favorite areas is KYC (which I originally thought stood for KFC – Kentucky Fried Chicken), or Know Your Customer.

KYC is a critical area for every financial institution.  Due diligence kicks in depending on initial information collected on specific customers.  It is a rapid fire due diligence screening process.  Banks and other financial institutions have been criticized by regulators and Congressional investigators for weak controls in this area, especially if banks delay acting on due diligence while holding onto customer accounts.  This was a specific criticism made by Senator Levin against banks investigated by the Senate Permanent Subcommittee on Investigations.

The first step in any KYC program is a bank’s Customer Identification Program (“CIP”) which requires a bank to collect and document a customer’s name, date of birth, address and identification presented.aml21

The second step is Customer Due Diligence (“CDD”) which requires the bank to obtain information to verify the customer’s identity and assess the risk.  If the CDD inquiry leads to a high risk determination, the bank has to conduct an Enhanced Due Diligence (“EDD”).

The precise procedures for CDD and EDD depend on the risk profile for a bank.  There are significant differences in risk profiles between a bank operating in Missouri and New York City or Miami, and this is reflected in the risk profiles for customer due diligence.

Banks need to have access to reliable open source intelligence.  Many of the companies offering due diligence services for corruption purposes have been around for years providing support for AML due diligence programs.

To determine the relevant risks, banks need to collect information on the customer’s: (1) nature of business; (2) purpose of account; (3) expected pattern of activity (volume, nature of transactions, and amounts); (4) origination and destination of funds; (5) basic business documentation; (6) business customer’s customers (e.g. international customers or banks);  (7) nominal and beneficial owners of the account; (8) business reputation and references; (9) other business and personal business interests; and (10) location of business in relation to bank.  This is not an exhaustive list.  Banks may need additional information depending on the specific facts presents but this is a good beginning list.

Expected and average activity are important issues to develop because they become measuring stocks to use to identify suspicious transactions.  This inquiry focuses on expected deposits (and sources); withdrawals; cash transactions; wire transfer transactions; originating and destination countries.

aml23Within this information, a bank can segment this information into categories relating to customer type, geography, nature of business, account type, balance and transaction volume.

All of this information goes into the creation of a customer profile model against which activity is measured – suspicious transactions then can be easily identified using AML software models and products.  It sounds relatively easy but there are a number of important steps in the process which I have glossed over as to defining specific elements in a customer profile and trigger points for flagging suspicious transactions for follow-up investigation.

Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Michael Volkov, The Volkov Law Group | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.