The circumstances where customer identification and verification must be performed is before onboarding the customers. However, this may be an ongoing process, depending on the changes in the risk profile of the customers after onboarding, where it may be essential to interrupt the initial due diligence.
To comply with regulatory requirements, the organization must have a written Customer Identification Program (CIP) that is appropriate for its size and type of business. The CIP must be incorporated into the organization’s AML compliance program, which is subject to approval by the board of directors.
Reliance on Identification and Verification
The CDD measures set out in FATF’s Recommendation do not imply that organizations have to repeatedly identify and verify the identity of each customer every time that a customer conducts a transaction. An organization is entitled to rely on the identification and verification steps that it has already undertaken unless there are doubts about the veracity of that information.
Examples of situations that might lead an organization to have such doubts could be where there is a suspicion of money laundering or terrorist financing about the particular customer, or where there is a material change in the way that the customer’s account is operated which is not consistent with the customer’s initial risk and business profile.
Timing of Customer Identification and Verification
Customers must be identified in the following cases:
- Non-face-to-face business.
- Securities transactions. In the securities industry, companies and intermediaries may be required to perform transactions very rapidly, according to the market conditions at the time the customer is contacting them, and the performance of the transaction may be required before verification of identity is completed.
- Life insurance business. About life insurance business, countries may permit the identification and verification of the beneficiary under the policy to take place after having established the business relationship with the policy holder.
The general rule is that customers must be subject to the full range of CDD measures, including the requirement to identify the beneficial owner. Nevertheless, there are circumstances where the risk of money laundering or terrorist financing is lower, where information on the identity of the customer and the beneficial owner of a customer is publicly available.
Adequate checks and controls exist elsewhere in national systems. In such circumstances, it could be reasonable for a country to allow its financial institutions to apply simplified or reduced CDD measures when identifying and verifying the identity of the customer and the beneficial owner.
A customer identification program and ongoing customer diligence processes will help to identify the unusual transactions and behavior, to identify and manage high-risk clients and customers and report the suspicious matters, when identified and investigated. Understanding who ultimately has control of your customer plays an important role in detecting, disrupting.
Preventing money laundering and terrorism financing. It can also protect your business or organization from being exploited for other forms of criminal activity. All organizations must identify the beneficial owners of their customers and assess the money laundering/terrorism financing risk they pose. A beneficial owner is an individual who ultimately owns or controls an entity such as a company, trust, or partnership.
Verification of the customers or accounts establishes the authenticity of collected data through documentation and independent documentary and electronic sources. Any government-issued identification evidence will be utilized to verify an individual’s identity. For entities, specific constitution documents are needed, such as the articles of incorporation, a certificate of registration, and a license to do the specific business.
Using the internet may also verify the customer information, although caution should be used in selecting which websites are to be utilized. To get the best results, a search on government-maintained websites or any relevant third-party paid services may be used for obtaining the information about the customers, to perform the verification process.
To determine whether electronic data or information is reliable and independent, the following attributes of data or information must be considered:
- Up-to-date information
- The comprehensiveness of the data
- Reliable and independent source from which data or information is gathered
Following are different cases, where for verification, the organization has to perform a certain process or verification processes, before the opening of the account or establishing a new relationship:
When an account is opened by an individual who has a power-of-attorney for a competent person, the individual with a power-of-attorney is merely an agent acting on behalf of the person that opens the account. Therefore, the “customer” will be the named owner of the account rather than the individual with a power of attorney over the account. Therefore, the real owner must be identified and verified by the organization.
Co-owner of Existing Account
In case a person who becomes the co-owner of an existing deposit account is considered as a “customer” subject to the identification and verification, before the opening of the account, because that person is establishing a new account relationship with the organization.
When a new borrower who is substituted for an existing borrower through an assumption of a loan is also considered as a “customer” of the organization because the new borrower is establishing a new account relationship, therefore must be identified and verified.
In situations when a person receives a credit card from the issuing bank, is receiving an extension of credit or loan from the bank, therefore is establishing an account with, the issuing bank. The credit card issuing bank is responsible for ensuring that the customer is identified and verified.
A loan and a time deposit obtained from a bank are each considered as an “account” for purposes of the identification and verification of the customer. For purposes of the customer verification, each time a loan is renewed or a certificate of deposit is rolled over, the bank establishes another formal banking relationship with the customer, and a new account is established, therefore measures are taken to ensure the verification of the customer.
An organization must identify and know its clients and customers. The customer identification procedures including know your customer (KYC) procedures must be documented as part of the AML/CTF program. To identify, mitigate and manage money laundering and terrorism financing (ML/TF) risks, the organization needs to design and implement the ongoing customer diligence processes. This includes developing and documenting an EDD program and a transaction monitoring process.