Know your client (KYC) standards are an important set of rules aimed at protecting companies operating internationally from being used by criminal elements for money laundering, terrorism finance, and fraud schemes. Verifying the identities of clients, customers, suppliers, and anyone associated with a business and assessing risk factors of doing business with these parties is the best way to mitigate any risks to your business.
While financial institutions have traditionally been accountable for carrying out KYC compliance checks, more and more jurisdictions are expanding their requirements to include all company types. As transparency in business has gained significant importance, KYC requirements have become a critical part of a business’ ongoing compliance.
KYC checks are not only a must-do in the U.S., but it is also imperative for companies operating internationally to understand the requirements in each jurisdiction in which they do business and conduct the necessary due diligence to protect their business against unforeseen reputational damages.
Global KYC rules
International guidelines for KYC are established by an inter-governmental organization known as the Financial Action Task Force (FATF). This organization sets international standards that are aimed at preventing illegal activities from taking place. Over 200 countries and jurisdictions have committed to implementing local regulations based on FATF’s recommendations and are holding companies that operate within their jurisdictions accountable for following KYC rules. The purpose is to ensure that companies are performing the appropriate due diligence when engaging with clients in the country. FATF conducts ongoing evaluations of each country and its compliance with its guidelines.
The U.S. has a long history of combatting financial crimes stemming from the Bank Secrecy Act established in 1970. Since then, numerous other laws have enhanced and amended the BSA to provide more robust guidelines and the most effective tools to combat illegal transactions, one of the most important being the US Patriot Act of 2001. The Patriot Act referred to as the International Money Laundering Abatement and Financial Anti-Terrorism Act expanded to include the criminalization of terrorism financing and strengthened the existing BSA framework for customer identification procedures. Today, the U.S. is considered to have the strictest KYC regulations of any country.
The European Union established its first anti-money laundering directive in 1990, requiring that entities apply customer due diligence requirements when entering into a business relationship. This legislation has been revised many times to mitigate risks relating to money laundering and terrorism financing. In 2015, the EU adopted a modernized regulatory framework to enhance the prevention of criminal acts through the financial system, referred to as the 4th AML or 4th Anti-Money Laundering Directive. More recently, the 5th amendment to the directive or 5th AML introduces substantial enhancements in transparency by requiring member states to set up public registers for companies, trusts, and other financial vehicles.
Steps to an effective international KYC compliance
Below we outline three key steps to ensuring compliance with KYC rules as you conduct business internationally.
Establishing a process to effectively verify an individual’s identity
The first step in assessing the risk of doing business with a client or a potential client is to confirm they are who they say they are. For this, companies are required to collect the necessary information to verify the identity of the business, its representatives, and anyone associated with it. Each country has differing requirements and thresholds depending on the type of business, but ultimately they all instruct that a company’s customer identification procedures must be appropriate for the size and type of business and enables it to form a reasonable belief that it knows the true identity of each their customers.
Conducting due diligence assessments
To effectively manage risk and protect against criminals, terrorists, and Politically Exposed Persons (PEPs) who might present a risk to your business, a due diligence assessment must be carried out as part of the KYC process. To verify the identity and business history of individuals the following information is typically reviewed:
- Personal identification documents such as passports, government-issued documents, and ID cards, etc.
- Tax IDs
- Certified articles of incorporation
- Government-issued business license
- Partnership agreements
- Financial references
- Information from a consumer reporting agency or public database
- Screening sanctions lists
- Information about ultimate beneficial owners (UBO)
- An audit of a person’s public function and identification of any potential abuse of their position
These details, among others, help businesses obtain a clear overview of the identity and location of current or potential clients and a good understanding of their business activities. They also help classify a customer’s risk category, what type of customer they are, and whether further due diligence is necessary. For example, the location or occupation of the person affiliated with the business, expected pattern of activity, and types of transactions, amounts, and frequency could be a red flag. These may be triggers that suggest additional information searches or audits may be required.
Conducting periodic KYC assessments on existing customers can be beneficial to companies operating in multiple jurisdictions. Because existing customers have the potential to transition into higher-risk categories over time, ongoing monitoring should include oversight of customer business activities such as out of the area or unusual cross-border activities, the inclusion of people or beneficiaries on sanction lists, and adverse media mentions.
It is important to keep records of all previous due diligence performed on each customer or potential customer in the event of a regulatory audit; and if their status changes or are being pursued for any unauthorized activities, your business will be better protected. A best practice is to conduct KYC checks one to two times a year.
Challenges of KYC implementation
International KYC requirements and standards are constantly evolving and meeting these standards can be challenging and costly as penalties for non-compliance increase. Pressure is also placed on local jurisdictions who struggle to keep up with changing regulations and a lack of systems for fulfilling important KYC checks.
Advances in technology such as digital identity verification processes are aimed at easing KYC across borders; but concerns over regulatory limitations, data privacy, and global scaling make the implementation of these solutions a challenge.
While meeting U.S. requirements is imperative, getting the support of a provider who can help navigate KYC requirements in each local jurisdiction is key to ensuring compliance – while helping save time, money, and hassle.
KYC regulations are in place to protect companies from being implicated in criminal activities. Companies can be held liable from a civil and criminal perspective if they fail to complete required KYC assessments, keeping pace with changes in customer and partner business structures, and additions to sanction lists. A failure to do so can also result in reputational damage and be detrimental to growth.
CT’s experience can help your company navigate the intricacies of this process in each of the countries you do business in, helping address any compliance needs. Most importantly, we coordinate from the U.S. adhering to the strictest guidelines through one-point of contact.
CT helps verify the identity and business history of individuals you're considering doing business with so you can proceed with confidence:
- Politically exposed persons searches: Individuals who are public-facing and associated with a business increase risk for the company. This search audits a person's public function and identifies potential abuse of their position.
- Patriot Act/OFAC searches: Determines if an individual is on the U.S. government's watch list by searching the Office of Foreign Assets Control (OFAC) database.
- Anti-money laundering searches: Examines international watch lists for suspicious money placement, layering, and integration.
- Regulatory agency searches: Determines any known infringements and sanctions from international regulatory agencies.
To learn more about how CT’s Global Corporate Services can help address your compliance requirements as you do business around the world, contact a CT representative at (855) 444-5358 (toll-free U.S.).