Know Your Customer (KYC) Compliance
The principles underpinning AML/CTF revolve around identifying and verifying the identity of a prospective customer. In particular, a Reporting Entity’s AML/CTF Program must note whether any further KYC information should be collected in regard to its customers and in what circumstances the existing KYC information should be updated or verified.
The appropriate level of KYC information to be collected and verified must be determined before an entity commences a contractual relationship with a customer as part of the initial applicable customer identification procedure and monitored on an ongoing basis.
In order for a Reporting Entity to ensure that it maintains accurate and current details in regard to its KYC information, it must institute a risk-based system whereby additional requirements apply for those customers with higher risk weightings. KYC risk weightings would need to take into account the following considerations:
The customer type (for example, company, trust, government body, etc).
The type of Designated Service being provided.
The manner by which the Designated Service is delivered.
The jurisdiction of the customer and/or the transaction.
The resultant risk weighting is a trigger as to whether additional, or enhanced, KYC information needs to be obtained - for example, if the customer represents a high ML/TF Risk, or if there are suspicions as to the veracity of the customer or of the relevant transaction.
Depending on the applicable risk weighting, a Reporting Entity is required to determine in what circumstances further KYC information should be collected or verified in respect of customers (or beneficial owners of customers), so that it may review and update KYC information for the purposes of ongoing customer due diligence.
As an example, the following information must be collected from a customer who is an individual:
Their full name.
Their date of birth.
Their residential address.
The following details must be verified (for example, by sighting their passport or driver’s licence):
The customer’s full name, and
Either the customer’s date of birth or their residential address.
It is important to note that these are the minimum KYC requirements. If the Reporting Entity has determined that the customer, in fact, represents a higher ML/TF Risk, then it is incumbent on it to undertake an enhanced KYC program.
It is also important for a Reporting Entity to recognise the potential implications of any change to a customer’s KYC information, as the possibility exists that it may face additional risks following a significant change to a customer’s circumstances. In this way, the KYC principles do not cease once a customer is approved.
A Reporting Entity needs to be cognisant of the source and origin of its customers’ funds as well as being able to monitor their transactions.
If you would like further information about your KYC obligations, please contact Ariel & Associates and we would be more than happy to assist you with:
Drafting or amending your AML/CTF Program to ensure it contains the appropriate KYC disclosures.
Reviewing your policies and procedures to ensure you are collecting appropriate information pursuant to your KYC requirements.
Undertaking a compliance audit of your KYC policies and procedures.