Global companies should incorporate AML risks into their risk analysis of their third-party distributors, agents and other intermediaries. The basic questionnaire, due diligence risk analysis, contractual provisions, training, and partner code of conduct should reflect attention to this risk.
To the extent that global companies rely on a network of third-party distributors and sub-distributors, global companies should include contractual provisions to flow-down policies and requirements to sub-distributors and other entities in the distribution chain.
Global companies also should examine their vendors and suppliers for potential AML risks. In contrast to its distribution channel, where global companies receive money, global companies’ AML risks are less significant in its supply chain because of the lower risk that a supplier’s supplier (or vendor’s vendor) may be involved in criminal activity and attempting to launder proceeds through the sale of a product or service.
Global companies face AML risk through two primary money laundering techniques: (1) trade-based money laundering, where criminals utilize cross-border transactions to obfuscate the source or destination of funds, and (2) third party payments, where money is given to or received from a different entity than the services were received from or provided to in order to transfer funds without utilizing traditional banking routes subject to tighter financial controls.
Despite the comparatively low AML risk, for significant vendors and suppliers, global companies should conduct appropriate AML due diligence as part of the procurement process and incorporate AML issues into the procurement due diligence process.
Similar to its distributors, global companies should leverage its relationships with its major vendors and suppliers and enlist the support of the vendors and suppliers to mitigate AML risks further down the supply chain.
KYC CDD Best Practices
“KYC” refers to the steps taken by a financial institution (or business) to:
A best-practices KYC program will include the following:
A CIP is the starting point for any KYC process. In the financial institution context, a best practice is for the relationship manager to initiate the CIP process but coordinate and communicate with the due diligence manager.
In implementing this component, clear, defined processes are essential. A consistent method of onboarding third parties indicates that an organization takes KYC seriously. All processes should be thoroughly documented to create a strong audit trail of decisions made. A company should keep an internal database with approved and disapproved third parties, vendors and suppliers to avoid duplication of effort.
At a minimum, due diligence should confirm beneficial owners, sanctions list screening of beneficial owners and relevant entities, politically exposed persons (“PEP”) involvement, and other government database checks. To confirm whether or not an owner is a PEP, global companies should initially identify the owners of the customer, conduct reference checks, review database sources and Internet checks, and, if necessary, interview the individual and possibly other owners.
In determining what level of due diligence is appropriate (CDD v. EDD), a company should look for “red flags” relating to:
EDD steps may include senior management approval, additional due diligence investigations, on-site visits, contractual certifications, third-party audits, and source of funds certifications,
Conducting EDD on all customers is burdensome and undermines the purpose of a risk-based AML Program. By nature, some customers will inevitably present lower risks than others.
Best practices for financial institutions include transaction monitoring systems and refreshing due diligence information every six to twelve months.