The best way to limit risk in a financial institution is through proper customer due diligence. Financial Institutions (FI) are required to collect enough customer information that will allow them to mitigate risks, and to develop a customer acceptance policy and procedure to comply with requirements set forth by the Bank Secrecy Act (BSA). Under the USA PATRIOT Act, each FI is required to also have a written CIP or Customer Identification Program, which can be altered or customized based on the specific business, incorporated into the FI’s BSA/AML compliance program and approved by its Board of Directors.
Each CIP’s purpose is to allow the FI to reasonably pinpoint the true identity of each customer. To do this the CIP must include an account opening procedure that requires the FI to collect specific identifying information for each potential customer. These opening procedures include obtaining information such as name, date of birth, address, and identification number; i.e. driver’s license or passport number. In addition to this, the FI may need further information such as the customer’s recent utility bill in order to verify the current address of the customer and complete the account opening process. The CIP must also include risk-based procedures for verifying the identity of each customer within a reasonable amount of time after the account has been opened.
When determining the risk profile for a customer, the CIP must take into account the customer’s background, occupation, source of wealth, country of origin, products used, and the nature and purpose of the account. This helps the FI determine the overall risk of doing business with the customer and what measures need to be taken in order to manage those risks, if any, such as enhanced due diligence.
These are just the initial traits of a good customer due diligence program that will help FI’s ensure Anti-Money Laundering (AML) and Know-Your-Customer (KYC) compliance. The Financial Crimes Enforcement Network (FinCEN) believes that there are four core elements, or pillars, of a sound customer due diligence program; (1) customer identification and verification, (2) beneficial ownership identification and verification, (3) understanding the nature and purpose of customer relationships to develop a customer risk profile, and (4) ongoing monitoring for reporting suspicious transactions and maintaining and updating customer information.
FinCEN published their final rule for customer due diligence on May 11, 2016 and declared that FI’s have until May 11, 2018 to be fully compliant. In addition to the four elements listed above, the final rule, or 5th pillar, requires that an FI establishes a systematic procedure for identifying and verifying its customers including identifying the ultimate beneficial owner (UBO) or any person(s) authorized to act on their behalf. Generally, FI’s should not carry out any financial transactions or establish relationships with potential customers until their true identity has been verified.
Identifying the identities and UBO’s of potential customers prior to conducting any transactions on their behalf should be a top priority for all FI’s regardless if they are mandated to do so or not because knowing who you are doing business with from the start will help mitigate risks for money laundering or other illicit activities that will in turn help prevent large fines and other penalties including reputational damage for the institution.
For the full article, click here.