FCA and PRA licenses (authorisations) and ongoing compliance support, training, recruitment. Contact us 7 days a week, 8am-11pm. Free consultations. Phone / Whatsapp: +4478 3368 4449  Email: hirett.co.uk@gmail.com

← Return to the Table of Content for all MCOB pages

Know Your Customer & Due Diligence

10.1 Introduction

Know Your Customer (KYC) has become the common wording for the process of a business verifying the identity of its clients or customers. It is most prominent in the financial services industry but is also a universally used term for any business who could be subject to financial crime or bribery risks.

Most companies know use standardised KYC procedures, controls and measures for assessing, checking and identifying clients, business relationships, suppliers, agents, contractors and even employees to ensure that bribery, corruption, fraud and financial crime risks are kept to a minimum or prevented altogether where possible. Many larger or more exposed firms also demand that the firms with who they work evidence robust and structured KYC procedures and controls in place prior to forming a business relationship to mitigate against third party financial crime and bribery.

Know Your Customer policies and procedures are generally a global requirement to help firms prevent identity theft, financial fraud, money laundering and terrorist financing. There are a number of agencies, associations and governing bodies across the globe, set up to enforce AML rules and oversee global collaboration in this area. One of the main agencies in the area of financial crime prevention is The Financial Action Task Force (FATF).

10.1.1 Know Your Customer Controls

KYC controls are designed to prevent banks and other susceptible financial organisation from being used, intentionally or unintentionally, by criminal elements for money laundering activities. Such controls will also help a firm to understand their clients and customers and protect themselves from external risks. The company’s KYC controls include: –

[ADD/DELETE YOUR CONTROLS AS APPLICABLE]

  • Collection and analyse basic identity information (using the Due Diligence questionnaire form)
  • Obtain evidence documents to support an Individual’s Identity:
    • Passport or Photo Card Drivers Licence (or other government issued document)
    • Proof of Residential Address (dated within last 3 months)
  • Obtain evidence documents to support a Legal Entity:
    • Full Legal Name & Certificate of Incorporation
    • Registered office in country of incorporation and business address
  • Use ID and gathered information to carry out background checks with reputable source, to include:
    • Background check
    • Credit Check
    • ID Check
    • Address Confirmation
    • Trading Status (if business)
  • Review individual/business name (and/or business type/location) against known parties list (e.g. high level, enhanced, politically exposed person etc)
  • Identifying the beneficial owner, and taking reasonable measures to verify the identity of
  • the beneficial owner such that we are satisfied that we know who the beneficial owner is
  • Assessment of risk to business based on internal risk assessment matrix and controls
  • Obtain information on the purpose and intended nature of the business relationship
  • Initial and ongoing monitoring and reviews on the business relationship and of the customer’s transactions against expected behaviour
  • Recording of all due diligence information and ongoing transactions

10.1.2 Enhanced Due Diligence

Enhanced Due Diligence (EDD) is sometimes needed for higher risk customers who present increased exposure and/or a higher threat with regards to money laundering or terrorist financing risks. the company consider the below circumstances to require EDD: –

[ADD/DELETE YOUR CONTROLS AS APPLICABLE]

  • Where an individual or legal identity has been risk assessed, and scored as presenting a higher risk in terms of money laundering or terrorist financing
  • Where any obtained due diligence document or response is not conclusive in either proving an identity, or registered/residential address
  • Where the customer has not been physically present for identification purposes or in the case of legal entities, where a physical site visit has not taken place
  • Where the individual or legal entity is from a non- European Economic Area (EEA) state
  • Where the business relationship is with a PEP.