AML Compliance: KYC And Due Diligence


aml115AML compliance is filled with fascinating issues, lots of acronyms, and plenty of common sense.  One of my favorite areas is KYC (which I originally thought stood for KFC – Kentucky Fried Chicken), or Know Your Customer.

KYC is a critical area for every financial institution.  Due diligence kicks in depending on initial information collected on specific customers.  It is a rapid fire due diligence screening process.  Banks and other financial institutions have been criticized by regulators and Congressional investigators for weak controls in this area, especially if banks delay acting on due diligence while holding onto customer accounts.  This was a specific criticism made by Senator Levin against banks investigated by the Senate Permanent Subcommittee on Investigations.

The first step in any KYC program is a bank’s Customer Identification Program (“CIP”) which requires a bank to collect and document a customer’s name, date of birth, address and identification presented.aml21

The second step is Customer Due Diligence (“CDD”) which requires the bank to obtain information to verify the customer’s identity and assess the risk.  If the CDD inquiry leads to a high risk determination, the bank has to conduct an Enhanced Due Diligence (“EDD”).

The precise procedures for CDD and EDD depend on the risk profile for a bank.  There are significant differences in risk profiles between a bank operating in Missouri and New York City or Miami, and this is reflected in the risk profiles for customer due diligence.

Banks need to have access to reliable open source intelligence.  Many of the companies offering due diligence services for corruption purposes have been around for years providing support for AML due diligence programs.

To determine the relevant risks, banks need to collect information on the customer’s: (1) nature of business; (2) purpose of account; (3) expected pattern of activity (volume, nature of transactions, and amounts); (4) origination and destination of funds; (5) basic business documentation; (6) business customer’s customers (e.g. international customers or banks);  (7) nominal and beneficial owners of the account; (8) business reputation and references; (9) other business and personal business interests; and (10) location of business in relation to bank.  This is not an exhaustive list.  Banks may need additional information depending on the specific facts presents but this is a good beginning list.

Expected and average activity are important issues to develop because they become measuring stocks to use to identify suspicious transactions.  This inquiry focuses on expected deposits (and sources); withdrawals; cash transactions; wire transfer transactions; originating and destination countries.

aml23Within this information, a bank can segment this information into categories relating to customer type, geography, nature of business, account type, balance and transaction volume.

All of this information goes into the creation of a customer profile model against which activity is measured – suspicious transactions then can be easily identified using AML software models and products.  It sounds relatively easy but there are a number of important steps in the process which I have glossed over as to defining specific elements in a customer profile and trigger points for flagging suspicious transactions for follow-up investigation.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Michael Volkov, The Volkov Law Group | Attorney Advertising

Written by:


The Volkov Law Group on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.