Implementing and conducting a due diligence strategy can be daunting. This is particularly true if you don’t know where to start or the steps you must include.
To help, here’s a quick explanation of the key steps you must include in your company’s due diligence program if you want to implement KYC best practices:
- Ascertain the identity and location of the potential customer
- Gain an understanding of the customer’s business activities
- Classify the risk category of the customer in question and define what type of customer they will be
- Digitally store all the above information and any documentation provided
- Create processes for ongoing monitoring and criteria for triggering additional due diligence measures
If SDD or CDD measures show that a customer poses a heightened level of risk, then you must follow the correct processes in order to establish whether EDD processes must be followed. Factors that show EDD may be required include:
- The location of the customer
- The customer’s occupation
- The customer’s purpose for opening the account
- The expected pattern of activity (including transaction type, volume, and frequency)
- Expected payment methods
- Whether transactions will be made across borders or with high-risk individuals
If you determine that an individual must be subjected to EDD, then you should keep records of the EDD performed on that customer (or potential customer). This is necessary in case there’s a regulatory audit.
Much like with SDD and CDD, you must also outline criteria for how and when the account will be subjected to ongoing monitoring.
Continuous monitoring
Although customers must be Ondato verification identified and verified before they can open an account or access a service for the first time, they must also be monitored on an ongoing basis. After all, a customer’s risk profile could change dramatically after the initial onboarding, and your organization has an obligation to respond.
By continuously monitoring each customer, you can ensure that their activities are consistent with their established risk profile. Some factors you may wish to monitor include:
- Sudden spikes in activities or transaction values
- Unusual cross-border activities
- Interaction with people on sanctions lists
- Adverse media mentions
If an individual’s activities are deemed to be particularly unusual, then you may be required to file a Suspicious Activity Report (SAR) with the relevant authorities.
The level of ongoing monitoring each account is subjected to will largely be determined by the level of risk posed by the customer. Those who pose a higher level of risk will usually be subjected to more regular and more comprehensive checks than low risk customers.