This blog was originally created by RDC and published on rdc.com.
When it comes to onboarding new clients and carrying out due diligence, financial institutions applying a risk-based approach (RBA) will implement an appropriate level of customer screening. But one client can engage across multiple lines of business with varying levels of risk, creating a paradox: screening drives the risk rating a bank assigns its customers, however, the risk rating determines the level of screening required. Clearly one size does not fit all and the need to react to changing conditions and carry out ongoing monitoring is clear.
In this blog, I’ll use a hypothetical example to walk you through the KYC and AML screening process, contextualize some of the various AML screening requirements and highlight the importance of applying different levels of screening throughout the client lifecycle – from the perspective of an account manager working for a major bank. Whilst a hypothetical scenario, it will likely bear some familiarity to anyone working in KYC.
AML & KYC Onboarding Process for a Privately-Owned Bank
Let’s imagine you’re working at a major bank that is on-boarding a privately-owned bank incorporated in Cyprus. Based upon the initial data, they aren’t necessarily high risk, but they aren’t low risk either. You settle on medium risk and apply your risk-based screening methodology which returns no matches for politically exposed persons (PEPs) and no sanctions issues. What you do find is evidence that a board member has been accused of accepting bribes to facilitate loans to a construction customer that’s building a motorway in a high-risk jurisdiction. Would this new information change your view of medium risk? After all, they’re only accusations, right?
An RBA should be applied and there is a requirement for enhanced due diligence (or EDD) to see if this is simply a politically motivated act or if there is substance to the accusations. Bad actors need to score very high on the risk rating of a regulatory body before they’re considered worthy of economic sanctions, and not all people who benefit from political influence are considered PEPs. An efficient and robust adverse media screening process, coupled with one for PEPs screening and Sanctions screening, is a must if you are serious about identifying and mitigating money laundering risk and meeting your KYC and AML screening requirements.
So, you’ve carried out your EDD and the individual concerned has not been arrested, no charges have been made and there’s no ‘new’ news to report. There are no other risk factors, so you open the account marking a review date for two years’ time. You add the client to your ongoing KYC and AML monitoring list which will pick up any significant changes in their circumstances and notify you.
Reviewing KYC Procedures
23 months have passed and it’s now time to renew your client’s KYC ‘up to current standards’ as stated in the procedures that your new MLRO issued. You check the client’s most recent annual report and note that the senior manager who was accused of wrongdoing left the company to be replaced by a new board member. You remove the old name from your file and replace it with the new one, after confirming this with the client, and carry out your KYC screening process.
Annoyingly, the new name is the subject of potential adverse media relating to paying ‘facilitation fees’ to get loan applications processed in an EU member state. You weren’t expecting this and whilst it’s only an accusation, a theme is emerging.
You speak with your ongoing monitoring screening team to ask what constitutes a ‘significant change’ and new board members is not considered ‘significant’ enough to trigger an alert. Now what do you do? Your client’s KYC expires in three weeks and they’ve just requested you to add wire payments and a demand deposit account to their products.
This deal will generate significant revenue for you, and you are keen to assist – after all, it could set you up for a bonus next year. Furthermore, if you can help them out quickly, they are keen to learn more about how you how you can enable them to facilitate international trade as they’re expanding into the Levant region.
Changing Circumstances in the AML & KYC Screening Process
The ‘rules’ have changed, and the circumstances are now quite different on both sides. Your customer has a new board member and a revised business model, while you have a new MLRO and your company's KYC and AML policy has changed. After your line manager’s review, they suggest you speak with compliance and explain the situation to them, but they have a few questions: ‘When did the old Board member leave?’, ‘Were there any follow up accusations?’, ‘What else can we find on the new Board member?’. They state that they will go away and review the current settings for ongoing monitoring as the new MLRO has a much stricter approach.
You perform EDD on the old board member and it transpires they were asked to resign from the board due to the allegations, but nothing further occurred. The new board member joined around 18 months ago but had a ‘clean’ record. The tolerance levels for your ongoing monitoring can easily be changed as you now have a new vendor and your compliance contact confirms the new ‘tighter’ settings are in place. They thank you for bringing this to their attention.
You agree with compliance. The account should be high risk and subject to greater scrutiny, including identifying all the ultimate beneficial owners (UBOs) down to 10%, from the previous 25%. You revert to your client who tells you there haven’t been any changes in ownership since the relationship began but they provide you – eventually – with a convoluted organization chart detailing the UBOs. Amongst them you recognise the name of a high profile, wealthy individual from Eastern Europe. There are suspicions about how they generated their wealth, so you go back to your client – again – and ask them for more information.
To say they’re getting impatient would be an understatement. They threaten to close their account and go elsewhere if you can’t sort out their ‘simple’ new products request. Their KYC expires next week and, should it go overdue, there could be performance management issues for you and payment settlement issues for your client.
You undertake EDD, including screening on the Eastern European UBO. It transpires that not only are they a PEP, but they are the subject of adverse media and are also on the Sectoral Sanctions Identifications (SSI) List. Compliance are unlikely to be happy about this and you’ve heard from colleagues about accounts being blocked or even terminated.
Implementing a Dynamic Screening Approach
Circumstances change, market conditions change, products change, risk appetites change, and financial institutions need to change accordingly to reflect all these factors. The world of adverse media does not stop and being able to determine if your customer, or their customers, are of ‘interest’ from a financial crime perspective is effectively your ‘licence to trade’.
RDC’s KYC and AML software operates on a highly curated risk database. It categorizes customers into more than 90 offence types and stages, making it easy to configure the level of screening to changing levels of risk – for client onboarding and ongoing KYC and AML monitoring.