This post has already been read 618 times!
How to Conduct Customer Due Diligence
It is of fundamental importance to institutes to understand who their customers are. How to conduct customer due diligence is therefore central to combating crime. Data management for customers is a critical issue. Today, institutes struggle to match up customer data from inside their own systems. Operation Embrace aims to change this for them.
In this article we will identify high level guidance to framework customer due diligence.
Customer Due Diligence
- Main Elements:
Account Opening, Customer Identification and Verification
- A sound CDD program should have reliable customer identification and account opening procedures.
- Institutions should adopt account opening procedures that allow them to determine the true identity of customers.
- Institutions should set identification standards tailored to the risk posed by particular customers.
- Specific regulations and laws that set out what institutions are required to do regarding customer identification.
- Each customer should be asked:
- Telephone number etc.
- Date and place of birth
- Personal ID number (tax/passport number)
- Type of accounts and nature of relationship with FI
- Signature VERIFY THE INFORMATION
- ALSO: When appropriate, obtain information about the source of wealth, source of funds and the customer’s line of business.
- Apply equally effective customer identification procedures for non-face-to-face customers as for those available for interview.
- For corporate entities:
- Name of institution Principal place of its business operations, Mailing address.
- Names of primary contact people or those authorized to use the account, Contact people’s telephone and fax numbers
- Some form of official identification number, if available (e.g., tax identification number)
- The original or certified copy of the Certificate of Incorporation, etc.
- Board of Directors resolution to open an account and identification of those who have authority to operate the account, including beneficial owners
- Nature and purpose of business, and its legitimacy
Customer data should then be mapped with metadata to explain how, when, where, who and what was recorded and why. The data should be identified and categorised to allow future mapping to other data-sets that may not align exactly (for example the middle name or date of birth missing but an age and first/surname being available in a second data-set)
Customer Identification Program (CIP)
- Identifying information
- Complying with record-keeping requirements
- Checking new accounts against prescribed government lists, if applicable
- Providing adequate notice about customer identification requirements
- Covering the institution’s reliance on other financial institutions or third parties, if applicable.
- Determining whether and when suspicious transaction reports should be filed
- Conducting a risk analysis of customers
- Opening new accounts for existing customers
- Obtaining the approval of the board of directors, either separately or as part of AML/CFT program
- Conducting audit and training programs to ensure that the CIP is adequately incorporated
- Verifying that all new accounts are checked against government lists
Consolidated Customer Due Diligence
- According to the Basel Committee, a global risk management program for CDD should incorporate consistent identification and monitoring of customer accounts globally across business lines and geographical locations, as well as oversight at the parent level
- Appliance of customer acceptance policy, procedures for customer identification, process for monitoring and risk management framework on a global basis
- CLASH? Where the minimum CDD standards of the home and host countries differ, offices in host jurisdictions should apply the higher standard of the two. Where this appears not to be possible, the institution should confer with its home office and attorneys
- Determine customer does not appear on designated lists provided by a government or international body
- Determine whether customer may currently or previously maintained a government position that meets a statutory or organizational PEP definition
- Negative Media
- Determine whether customer appears in media publications in negative manner, that a financial institution may consider risk relevant
Know Your Employee (KYE) Program
- Having equal programs for know your customer and for know your employee are essential.
- A criminally co-opted bank employee might facilitate money laundering (insider abuse/”enemy within”)
- Goal: Allows firm to understand an employee’s background, conflicts of interest and susceptibility to money laundering complicity.
- Background screening – a minimum, reveals information on a job applicant’s criminal convictions. When applying for a job and on an ongoing basis.
- Policies, procedures, internal controls
- Code of conduct/ethics
- Levels of authority
- Compliance with personnel laws and regulations
- Accountability, Monitoring, Dual controls
Knowing who an employee or customer is can make managing financial crime easier to manage. Institutes should have controls, policies, processes and cultural cues to help them manage risk.