Each customer poses individual AML/CTF risk factors for CDD/KYC to an organization. Let’s look at individual risk factors in more detail:
The AML/CTF Risk Factors For CDD/KYC
Banks and financial institutions, as well as obligated financial service providers, must verify the identities of their customers and the nature of the business in which they are involved in order to understand the money laundering risks that they face. Customer due diligence refers to the process of establishing customer identities (CDD).
Customer Risk Factors
In terms of the customer risk factors, six attributes can lead to EDD.
- Firstly, the bulk of your customer’s customers are foreigners or non-residents.
- Secondly, your customer is an asset-holding vehicle.
- Thirdly, your customer is a Politically Exposed Person, or PEP, or is a politically exposed person’s family members or known associates.
- Next, your customer has nominee shareholders, or shares of the company are issued in bearer form.
- Fifthly, your customer is a cash-intensive business.
- And lastly, your customer is expected to exceed certain limits in the number of daily cash transactions. For example, in Switzerland, this amount starts at one hundred thousand francs.
Geographical Risk Factors
Secondly, there are geographical risk factors that can lead to EDD. These factors include the following six attributes.
- Firstly, countries without adequate anti-money laundering prevention systems as identified by credible sources. For example, North Korea and Iran, which the Financial Action Task Force has identified as having material deficiencies.
- Secondly, countries under sanctions and embargoes or similar measures. This can include countries such as Russia, Iran, and North Korea, which the United States of America sanctions.
- Thirdly, some countries are notorious for general levels of corruption, as identified by credible sources. For example Venezuela and Yemen have been listed as such on the transparency index list.
- Fourthly, countries are blacklisted for financing or supporting terrorist activities. According to the State Sponsors of Terrorism list, these countries include Iran, Syria, and Sudan.
- Fifthly, locations that have designated terrorist organizations operating within their country. Examples of this are Syria, Iraq, and Somalia.
- Lastly, countries that are not members of the Financial Action Task Force and its partners.
Additional Risk Factors
In terms of additional risk factor categories, other risk factors might lead to enhanced due diligence, but which is rather individual to certain types of organizations or financial institutions. This includes private and correspondent banking, for example. These banks are revenue-driven and maintain a high level of confidentiality. Hence, they are naturally more prone to money laundering than others.
What Is CDD/Customer Due Diligence?
Customer Due Diligence (CDD) is the process of gathering identifying information in order to confirm a customer’s identity and more accurately assess the level of criminal risk they pose. CDD requires businesses to collect a customer’s name and address, information about the business in which they are involved, and how they intend to use their account. Companies should then verify that information with official documents such as driving licenses, passports, utility bills, and incorporation documents to ensure that customers are being truthful.
CDD is a key component of the Know Your Customer (KYC) process, which requires businesses to understand who their customers are, their financial behavior, and the level of money laundering or terrorism financing risk they pose. CDD requirements must be implemented as part of domestic AML/CFT legislation in all Financial Action Task Force (FATF) member countries.
How To Perform Customer Due Diligence?
Companies should implement risk-based CDD measures that reflect the specific level of AML/CFT risk that individual customers present, in accordance with FATF guidance. Companies can use risk-based due diligence to balance their compliance obligations with their budget and resource requirements while also preserving customer experiences. Firms may deploy faster and more efficient CDD for low risk customers and slower, more intensive, enhanced due diligence (EDD) for high risk customers under a risk-based approach, which may have a negative impact on customer experiences.
Keeping this in mind, an effective CDD procedure should include the following steps:
- Companies should establish the identity and business activities of their new potential customer prior to beginning a business relationship, with the goal of identifying bad actors as early as possible.
- Companies should categorize their risk level once a customer has been identified with a high degree of certainty. This information should be kept in a digitally secure location that is easily accessible for future regulatory checks.
- Companies should determine whether more intensive enhanced due diligence measures are required after determining a customer’s risk category.
What is KYC/Know Your Customer?
Know Your Customer (KYC) is the process of verifying your customers’ identities before or during the time they begin doing business with you. KYC also refers to the regulated bank customer identity verification practices used to assess and monitor customer risk. The KYC procedure is also a legal requirement intended to combat money laundering (AML).
Regulations for financial institutions to better verify customer identities during account opening and maintenance are becoming increasingly stringent. KYC policies necessitate “reasonable due diligence” in order to know (and retain) the essential facts about each customer. Companies of all sizes are embracing KYC procedures to protect themselves and their customers, whether they are technically subject to KYC regulations or not.
To help you meet your KYC obligations, you’ll need an identity verification solution that provides both convenience for your customers and security for your business. Look for mobile and web-enabled solutions that use on-device technology, biometric authentication (such as facial recognition with liveness detection), compliant machine learning, and identity experts to achieve accurate identity results in the seamless digital environment that your customers expect.
Where CDD measures raise suspicions or reasonable grounds to believe that a customer is involved in criminal activity, businesses must report that information to their jurisdiction’s financial intelligence unit (FIU) via a suspicious activity report in a timely manner (SAR).
Employees, company directors, and officers are protected from criminal and civil liability if they report suspicious activity to authorities in good faith, according to AML/CFT legislation. According to FATF standards, that protection applies regardless of contractual, legislative, or administrative provisions and “even if the reporting parties did not know exactly what the underlying criminal activity was, and regardless of whether the illegal activity actually occurred.”