A number of questions arise when it comes to KYC reviews (adjustment projects or annual reviews). There are six points we think are relevant for carrying them out successfully.
Point 1: Target definition & planning
The goals of a KYC review should be clearly defined. This ensures that you can carry out the adjustment project or annual review in a structured manner. Keep the following points in mind:
- Formalities: Are the necessary account documents on hand, do they meet quality standards and are they still plausible? Often situations arise where CBD documents are no longer up to date or sometimes new queries arise in connection with a CBD change (e.g. reason for a domiciliary company with the change in 2020).
- KYC/supporting documents: Are the prescribed KYC elements on hand and of adequate quality, i.e. are facts underpinned with supporting documents, where necessary?
- Due diligence: Are there any indications of money laundering violations or other risks (e.g. reputational risks) in public media and licensed databases (e.g. LexisNexis)?
- Transaction patterns: Do the customer’s actual transaction patterns match up with expected behaviour and, if not – is there an explanation for discrepancies?
- Internal checks: Have internal checks been complied with (e.g. annual PEP analysis)?
As far as the scale and time needed for the project are concerned, we recommend carrying out one estimate for risk customers and one for standard customers.
Another planning aspect is sequencing/prioritisation during implementation; this can be broken down as follows:
- Grading by risk-based criteria: AuM, turnover, customer risk rating, number of transaction warnings or other special attributes (e.g. MROS notifications, use of a risk product)
- By complexity: Customer type (private customer, OpCo, DomCo, trust, foundation, EAM…) or else by region
- With the help of statistical methods: Identifying outliers or KYC integrity calculations
Point 2: Project governance
In addition to the actual content, another crucial factor is how the project is set up and monitored. In specialist terms this is project governance. The core elements of this are:
- Sponsor: Who is the project sponsor and what is their hierarchical level? The higher the hierarchical level, the more effectively they can provide support when problems arise (e.g. in the event of a budgetary shortage, a lack of will to implement…). As a rule of thumb we recommend getting one individual from management on board as a project sponsor.
- Project manager: Who will assume responsibility for implementing and attaining the quantitative and qualitative requirements? External consultants can be used to fill this roll, depending on the corporate culture.
- Project team: Which individuals from front office and compliance will perform the key duties? Where are additional resources required to make up for insufficient capacity? Or else: where does it make sense to use best practices to recruit external resources, e.g. to preserve independence between the different lines of defence?
- Committees/meetings: Which committees/meetings are necessary for the project? From the steering committee that makes the strategic decisions and has authority over budget, timeline and quality changes through to project meetings and votes with stakeholders (e.g. via a sounding board).
In the second part [open article here] we will look at the communication strategy, the training measures, issues around software support, as well as progress and deviation checks and quality management.