The Ultimate Guide to Customer Onboarding for Compliance Teams – Part 1

Compliance and customer onboarding are two important and highly interconnected concepts and processes for regulated businesses such as Financial Institutions (FIs) and Virtual Asset Service Providers (VASPs).

While serving as what is often the first point of contact that will give a new customer their first impressions of your business — the customer onboarding process is also a critical security juncture that requires carrying out efficient and robust Know Your Customer (KYC) and other compliance-related checks. 

Customer onboarding is the first step of allowing customers to use a company’s services or products. When it comes to regulated businesses, it also means verifying a customer’s identity and approving their account to access services and products. 

For FIs and VASPs, it also involves Know Your Customer (KYC) and Anti-Money Laundering (AML) checks, which help to protect customers, financial institutions, and businesses from fraudulent activities. 

KYC checks involve verifying a customer’s identity using ID documents like a passport or driver’s license, as well as verifying information such as age, authenticity of the documents and address. AML checks involve conducting background checks on customers to ensure they are not involved in money laundering or any other illegal activities. With both KYC and AML checks in place, businesses can create an effective onboarding process that meets legal requirements while offering their customers convenience and protection.

Customer onboarding also involves introducing new customers to your business, product or service. It involves teaching them about their new product or service, helping them understand how to use it and setting up any necessary accounts or permissions. By offering a great customer onboarding experience you can build lasting relationships with your customers and help them get the most out of your product or service. 

Compliance ensures that all operations are conducted in accordance with applicable laws, regulations, and industry standards developed by national and international regulators. For instance, in order to comply with most countries’ AML laws, regulated businesses must perform KYC checks before onboarding new customers. 

This includes verifying identity documents, collecting basic information about the customer’s source of income/wealth, and assessing whether there may be any suspicious activities associated with the customer’s accounts. All this information must then be stored securely, which can be achieved by implementing strong security protocols during the onboarding process.

Similarly, data privacy regulations can also affect customer onboarding processes. These rules require companies to protect customers’ personal details and inform them about how their data will be used. As such, companies must take appropriate measures when gathering and storing customer data so as not to violate any laws or put customers at risk of exploitation.

Without compliance in place to keep these practices under control, regulated businesses can be more easily used as a conduit or tool for illicit financial activity. Most global AML laws view a failure to properly implement adequate AML measures as a crime that can incur serious financial penalties or criminal sanctioning. 

The relationship between customer onboarding and compliance is significant since compliance helps ensure that customer onboarding is completed properly — and according to laws that seek to mitigate money laundering and other crimes such as terrorist financing and fraud. As customer onboarding marks the start of a business’ relationship with a new customer, ensuring that it is done in accordance with regulations and AML/KYC best practices is essential. 

The key objectives and role of compliance within a customer onboarding process are to: 

1. Ensure customer data is accurate and up to date
2. Provide transparent communication about compliance requirements
3. Establish clear and consistent onboarding processes for customers
4. Confirm customers understand the terms of service before closing a deal
5. Track customer compliance status regularly through audits and review procedures
6. Monitor activity from new customers to prevent fraud or illegal activities 
7. Abide by all applicable laws and regulations related to customer onboarding 
8. Ensure customer payment information is securely stored 
9. Protect confidential information shared with customers during onboarding   
10. Establish system security protocols for storing sensitive user data

The often-forgotten factor: Customer Experience

The success of a customer onboarding process also lies in its ability to create a smooth transition from unfamiliarity with your product or service to becoming an expert user. A good customer onboarding process should enable customers to quickly become comfortable with the product or service they are using, making them more likely to use it over again and increase their satisfaction with the experience overall. This can be called the Customer Verification Experience. 

When implementing customer onboarding experience there are several key steps that must be taken into account: 

1) Establish clear goals – identify exactly what needs to be achieved during the customer onboarding process and set measurable objectives accordingly. 

2) Craft an effective message – deliver the right message in a way that resonates with customers while being mindful of their expectations regarding your product/service. 

3) Provide necessary resources – make sure relevant information is available for your customers so they can easily find what they need when they need it. 

4) Monitor progress – track customer behavior throughout their journey so that you can adjust and optimize as required. 

5) Personalize communication – utilize personalization techniques such as segmentation for improved engagement levels with customers. 

6) Implement feedback loops – collect feedback from customers regularly in order for improvements to be made where necessary, as well as creating better experiences for future users. 

With all these steps taken into consideration, you can ensure that your customer onboarding process is successful and leads to increased loyalty from users. 

Ensuring that you see through each step properly and efficiently will also lead to higher conversion rates from potential customers who have been exposed to your products/services during the initial stages of their journey. With this knowledge in hand you can rest assured knowing that you have done all you can do give yourself every chance of success.

AML Regulation

The history of anti-money laundering (AML) regulations is a long one, stretching back to the early 1970s. The first major AML legislation was created in 1970 with the Bank Secrecy Act, which required financial institutions to maintain records and file reports of suspicious activity associated with potentially illegal transactions. Over time, as money laundering grew into a global problem, other countries began to implement their own AML regulations. 

In 1988, the Financial Action Task Force (FATF) was created by G7 countries as an international body to set standards and guidelines on combating money laundering, terrorist financing and other related threats to the international financial system. Since then, FATF has become an important player in developing AML policy at both national and international levels — the Recommendations it develops are adopted by its signatory countries into their national law codes in order to equalize the global AML regulatory landscape. 

The 1990s saw more robust AML enforcement take shape. The European Union adopted its first comprehensive framework for AML in 1991. In 1993, the USA passed its own Money Laundering Control Act which mandated that all US financial institutions must maintain records and file reports on suspicious activity related to money laundering. 

In 2001, following the 9/11 attacks on the United States, FATF introduced a new set of recommended measures which included enhanced customer due diligence requirements for both domestic and foreign clients; strengthened banking transparency requirements; and improved coordination among various law enforcement agencies around the world. 

This laid the groundwork for many of today’s current AML regulations including those found within Europe’s 6th Anti-Money Laundering Directive (6AMLD) and laws (2018) or the US’ FinCEN regulations. Today many other countries have implemented their own AML laws based on FATF recommendations with varying degrees of effectiveness or stringency. 

As technology advances so too do methods used by criminals looking to launder money or finance terrorism activities – leading to an ever-evolving landscape of global AML standards and regulations. We cover global AML regulations regularly in our Regulatory Focus series. 

Onboarding challenges

Implementing compliant customer onboarding is a complex process, requiring organizations to manage multiple compliance requirements and regulations. 

It involves overcoming numerous interconnected and dynamic challenges, such as: 

• Ensuring customer data accuracy and integrity
• Complying with international regulations to verify customers’ identity
• Developing efficient and secure authentication processes
• Establishing an effective KYC process
• Automating and optimizing compliance processes to reduce drop-off rates and customer dissatisfaction
• Staying up-to-date on ever-evolving compliance requirements
• Keeping customer data safe from hackers are all challenges businesses face when implementing a compliant onboarding system. 

Data accuracy is essential for reliable customer verification and fraud protection. 

Establishing secure authentication processes can be difficult as they must conform to standards set by the major credit card companies while also meeting the organization’s internal security policies. 

Additionally, adhering to international regulations is critical in order to prevent legal action from governing bodies. This means consistently staying up-to-date on ever-evolving compliance requirements — which can be a challenge as laws are constantly being revised. 

Finally, protecting customer data from potential malicious actors requires businesses to employ robust cyber security measures and keep their systems up-to-date with the latest security patches. 

Developing a KYC-based Customer Onboarding Journey

Regulated businesses must walk a fine line between implementing robust and effective KYC/AML on new and existing customers — while ensuring these processes are not negatively impacting customer experience or severely limiting the businesses’ growth and financial health. 

The most efficient way to create a uniform and considered approach to this challenge is to develop common policies, controls, and procedures (PCPs) that guide a businesses’ compliant customer onboarding protocols.  

A business’ PCPs should be designed to reflect the types of threats that your specific business activity, sector and jurisdiction involves. There is no one-size-fits all PCP formula — but there are some general goals they should be designed to reach. 

These include PCPs for:

• Verifying the identity of individual and corporate customers, and whether the latter are regulated entities.
• Understanding the Ultimate Beneficial Ownership (UBO) structures of corporate customers. 
• Identifying and verifying the source of wealth for funds used in transactions you process.
• Having a structured and effective method for determining whether individual customers are politically exposed persons (PEPs), present on global financial crime watchlists or sanctions lists — or present any other increased risk, such as by being based in high-risk jurisdictions. 
• Determining when simplified due diligence (SDD) can be applied to low-risk customers in order to expedite their onboarding and optimize your resources for compliance checks where they are needed. It’s very important to have a full-proof method for making this determination, for obvious reasons. 
• Determining when standard due diligence will be applied — the most common due diligence checks that your company will carry out on the majority of your clients. 
• Creating a timeframe and schedule for carrying out reviews of your due diligence / KYC processes and protocols for upgrading or adjusting the processes. As AML/compliance challenges and responsibilities frequently change, it is important to have a clear and consistent approach to making sure your due diligence/KYC processes are up to date and effective. 
• Clear and considered criteria for choosing third party due diligence / KYC providers to help your business meet its compliance challenges. 
• Ongoing monitoring of previously onboarded clients to detect any changes in their risk profile or suspicious activity. This will involve defining how often monitoring will need to be carried out — depending on a client’s risk profile. It will also outline the types of checks that will need to be applied. 
• Selecting and training your compliance team — and defining the types of responsibilities that will be assigned to each of them. 
• Record keeping of your onboarding processes. This needs to be carried out in a consistent and uniform way that can be accessible in the event of a regulatory audit — while adhering to data privacy and protection rules such as the EU’s GDPR. 
• Processes for independently reviewing and auditing your onboarding process and implementing the findings of audits into new iterations and upgrades. 
• Suspicious activity reporting — how is suspicious activity classified, detected and dealt with, in accordance with relevant regulations? Who is responsible for submitting Suspicious Activity Reports to the relevant authorities? 

Risk: Types and Solutions

A recurring theme of compliance and onboarding PCPs is the concept of Risk. 

In addition to denoting threats and challenges, the Risk concept is also a powerful tool that can be leveraged in the fight against these threats. 

The FATF has long advocated for regulated businesses to use a Risk-Based Approach (RBA) to AML, CTF and KYC. 

In simple terms, an RBA involves classifying prospective customers according to their risk profile — and then passing them through customized onboarding procedures and checks that reflect that risk profile. For example, a simple RBA structure would classify potential customers as:

1. Low risk — processed with SDD 
2. Medium risk — processed through standard Customer Due Diligence (CDD) 
3. High risk — processed through Enhanced Due Diligence (EDD)
4. Proscribed — a clear money laundering or terrorist financing threat means the prospective client will be turned away

This allows compliance resources to be used more efficiently and effectively, allocating more stringent checks where needed while passing lower risk customers through more expedited onboarding processes. 

As well as optimizing compliance resources, this ensures that customers are not subjected to unnecessary onboarding procedures that can become frustrating and lead to higher abandonment rates. 

Not so complicated, right? Well, the complexity of course comes with how to define and measure risk relative to your business and its unique context and client base. 

This is where Risk Assessment comes in. 

Risk Assessment

The first step in an effective RBA is to carry out a Risk Assessment for your entire business. The aim of this will be to:

1. Identify and understand the threats facing your business from a money laundering and terrorist financing perspective. This will allow you to more efficiently classify your clients based on the specific risk they pose to you. 
2. Formulate the appropriate solutions and approaches for dealings with these risks, on the tiered basis of an RBA.

This process will involve gaining a comprehensive understanding of two types of risk: Product/Service Risk, Client Risk and Geographic Risk. 

Product/Service Risk

A key step to understanding the AML/CTF risks your business faces is truly understanding the risks posed by the product(s) or service(s) you offer. 

You will need to answer questions that include:

• Does your product/service offer clients the ability to transact anonymously? 
• What loopholes are there in your AML/KYC systems?
• What are examples of your industry peers being exploited by financial criminals?
• What KYC / AML / CTF rules are applied/recommended by relevant national and international regulators? 

Identifying Client Risks

Client Risks — from an AML/CTF perspective — can be determined by a client’s position, wealth profile, location, business activities, and many more factors. 

During your risk assessment, you will need to determine the levels of risk that the many different types of clients you will encounter will present to you — so that you can design your KYC onboarding process to reflect and mitigate the threat they pose to you. 

Examples of the types of clients that businesses need to  that will normally be processed through EDD include: 

• Politically exposed persons (PEPs)
• Clients involved in cash transactions, such as money transfer agents, bureaux de change, gaming companies
• VASPs
• FIs
• Businesses based in offshore tax or banking havens
• Trusts and unregulated charities 
• High risk companies such as arms dealers, precious metals dealers, real estate brokers and art dealers
• Companies in jurisdictions with lax regulation
• Shell companies or accounts established by corporate secretaries or service companies, where the UBOs are not disclosed. 
• Any companies dealing with public contracts
• Any company or individual ever suspected of being involved in money laundering or other financial crime
• Any companies or individuals on watchlists or sanctions lists 

Identifying that a client belongs to one of these categories does not automatically mean that they will need to be processed through EDD (or outright rejected from an onboarding process). Their Risk Profile will need to be determined by assessing numerous variables that include:

1. The size(s) of their transactions
2. If they have previously committed crimes, whether they have met their legal obligations and are now not bound by legal restrictions
3. If they are PEPs — understanding their specific roles and whether this poses a heightened threat to your business

Identifying Geographic Risks

Geographic Risks relate to the risks posed by doing business with clients with a footprint in different jurisdictions. These include countries/jurisdictions with: 

• A heightened threat of money laundering / terrorist financing from certain countries
• Presence on global AML/CTF watchlists such as those compiled by the FATF and other global regulatory watchdogs, organizations and national regulators
• A high risk of drug trafficking or weak government institutions 

As with Client Risk, it’s important to maintain a nuanced approach for each customer, and to weigh the risk they present to you based on their broader risk profile. 

As such, it will be important to formulate a clear and considered approach for allocating risk scores based on Geographic Risk.

Translating Risk Assessments into an RBA

Building a robust RBA involves assigning risk scores to your prospective clients based on a range of risk values, usually ranging from 1 to 3. The sum of these risk scores can then be used to determine whether the customer is processed as low, medium or high risk — or rejected altogether. 

How you formulate your risk scoring system will depend on your initial business-wide risk assessment and the specific risks that you face. This will take into account your compliance responsibilities, the jurisdictions you and your customers operate in, your specific industry and business activity, and many more. 

The Importance of Know Your Customer (KYC)

Now, let’s delve into the key considerations for implementing effective AML / CTF protocols as part of a compliant onboarding process.

The primary objectives of KYC during onboarding are to:

• Verify the identity of the prospective customer/client
• Identifying illegitimate or high-risk actors.
• Understanding their intended use of your product/service

When should KYC start?

The timing can vary across jurisdictions and sectors, but it’s generally recommended to initiate Customer Due Diligence (CDD)-based KYC as early as possible, typically before carrying out the following:

• Establishing a business relationship with a client.
• Undertaking any significant work or providing benefits to the client.
• Receiving any funds from the client.
• Conducting occasional transactions that exceed a certain de minimis amount (the specific amount will depend on your jurisdiction).

Ideally, the verification of the client’s identity, the person representing them, or the underlying UBO of a corporate customer should take place before your business has facilitated any transactions – or before establishing a business relationship.

However, in practice, achieving this ideal scenario isn’t always feasible.

Delaying KYC

There are instances in which businesses may conduct KYC onboarding after a transaction has already commenced, mainly due to technical or procedural reasons. However, such delays should be limited and treated as an exception.

Customer due diligence onboarding should only be deferred when the risk of money laundering or terrorist financing is minimal, and it is necessary to avoid disrupting regular business operations.

For instance, a financial institution might open an account for a client before completing their identity verification, as long as the institution ensures that no transactions are conducted by or on behalf of the client until the verification process is finished.

In such situations, the onboarding team should utilize the firm-wide risk assessment to evaluate whether the client or matter poses a low risk in terms of money laundering or terrorist financing. Any decision made during this process must be documented in the specific client or matter risk assessment.

Ongoing Monitoring

Throughout the entire duration of a transaction, it is essential to carry out ongoing monitoring. This involves conducting reviews in the following scenarios:

• Whenever there is an indication that the customer’s identity or the beneficial owners’ identity has changed.
• When transactions seem inconsistent with the onboarding party’s existing knowledge of the customer.
• Any other circumstances that may arise during the course of the business relationship, leading to suspicions of money laundering, fraud or terrorist financing.

In exceptional cases, there might be a need to determine whether a report should be filed with relevant authorities. Nonetheless, it is essential to exercise caution and adhere to rigorous due diligence practices to mitigate potential risks effectively.

Declining Onboarding (and Halting Transactions)

If your business is unable to perform effective KYC during the onboarding stage, it is imperative to reject a prospective customer’s onboarding request.

It is also essential to refrain from engaging in any transactions with the client through a bank account or establishing any other form of business relationship with them.

Depending on the jurisdiction, there might be an obligation to report suspicions of money laundering or terrorist financing – known as Suspicious Activity Reports (SARs) – to the relevant law enforcement or supervisory authorities.

Clear and Transparent Onboarding Procedures

To ensure a smooth onboarding experience, it is crucial to establish well-defined and easily understandable onboarding processes. Communicating these procedures to your clients from the outset is not only essential for legal compliance but also to effectively manage their expectations throughout the onboarding journey – and build a positive Customer Experience. 

In the past, many businesses chose to carry out their KYC onboarding using manual processes, with human compliance teams reviewing paper or electronic submissions. While some businesses could cope with this approach by using extensive resources, it also often served as a barrier for smaller businesses with less access to funds. It also led to long onboarding times, high drop-out rates and non-uniform or inconsistent document submissions and record-keeping. 

When it comes to regulatory compliance, it is vital to record all onboarding protocols and any decisions made concerning specific clients as part of your RBA and KYC onboarding. This documentation will aid in maintaining compliance and accountability throughout the onboarding process. Automated KYC onboarding solutions make efficient record keeping much more simple and straightforward. 

Harmonizing Onboarding Practices Across Jurisdictions

It is highly advisable to streamline and coordinate your onboarding processes and ongoing monitoring standards across all the regions where your business operates. If you have a physical or legal presence across multiple jurisdictions, it’s important that local branches adhere to local standards and requirements. 

For instance, if there are variations in minimum reporting thresholds across different jurisdictions, it is prudent to apply the highest level of KYC onboarding and monitoring due diligence uniformly across the board.

KYC is often used as a blanket term when referring identity and compliance checks on any customer – whether they are an individual or a corporate customer. Know Your Business – or KYB – is often used to describe onboarding checks carried out on corporate customers. 

KYC for Individuals

The KYC onboarding process for natural persons usually involves first acquiring information from the potential customer that can include: 

• Legal names, including any previous legal names, former names, or maiden names
• Residential address, and if applicable, business address
• Gender
• Date of birth
• Place of birth
• Occupation and employer’s name
• Nationality and residency status
• Telephone number and email address
• Any unique official identifier
• Other identifiers such as a sample of the client’s signature

Additionally, the onboarding team must verify the provided information from independent and reliable sources. This verification process involves:

Primary Document Verification: This entails obtaining official documents and having them certified by authorized individuals, such as lawyers or accountants. Address confirmation can be achieved through bills sent to the given address, provided they are not older than a specified date.

Third Party Verification: This involves cross-checking references from other financial institutions and businesses, contacting the client by phone to verify the information provided, and accessing public registers or private databases. While face-to-face meetings with the client are preferable for added assurance, remote video conferencing is also an acceptable method. By using technology such as Liveness Detection, verification through video calls or uploaded selfies can be achieved with reduced risk of fraud through impersonation or fabrication.

Corporate KYC / KYB

When onboarding legal persons or corporate entities as potential clients, a KYB process will collect and verify information that includes:

• Name of the organization
• Proof of incorporation
• Registered address
• Telephone number
• Official identification numbers
• Financial information
• Identity of any UBOs and persons of significant control (PSC)
• Proof of proper authorization and identification of the person acting on behalf of the legal person (if any)
• Identity of senior management officials
• Identity of persons operating the account
• Planned use of the account
• Planned frequency of transactions and sources of funds to be deposited into any bank account
• Destination of funds passing through the account

As with Individual KYC, confirmation of this information from independent and reliable sources can be achieved through:

Primary Document Verification: This involves reviewing official corporate filings, such as the certificate of incorporation, company memorandum, articles of association, shareholder agreements, partnership agreements, trust deeds, audited and unaudited financial accounts, management accounts, etc.

Third Party Verification: This may include accessing private databases, public registers, company searches, insolvency searches, references from other financial institutions, conducting calls, site visits, and arranging face-to-face meetings with the clients, etc. 

The extent of this verification process will depend on client’s risk profile

3 Levels of Due Diligence

As previously mentioned, the RBA involves assessing risks and allocating varying levels of due diligence to different clients. The specific parameters of your onboarding process and the scope of each due diligence tier will be determined by your own risk assessment. However, it is essential to understand the general distinctions among three degrees of customer due diligence: standard (CDD), simplified (SDD) and enhanced (EDD).

1. Standard Due Diligence

The standard level of due diligence is typically applied to most clients. In these situations, there is an acknowledgment of potential risks related to criminal money laundering or terrorist financing, but the probability of such risks materializing is considered low.

According to the FATF’s Recommendation 10, the following criteria define CDD for client onboarding:

• Identification and verification of the customer’s identity using reliable, independent source documents, data, or information.
• Identification of the UBO(s) and reasonable measures to verify their identity, ensuring the financial institution / VASP comprehends the ownership and control structure of the customer for legal persons and arrangements.
• Understanding and obtaining relevant information about the purpose and nature of the business relationship.
• Ongoing due diligence on the business relationship – and scrutiny of transactions throughout the relationship – to ensure consistency with the institution’s understanding of the customer’s business and risk profile, including the source of funds if necessary.
• Verification of the authorization and identity of any person(s) acting on behalf of the customer, including their managers or trustees.

It is crucial to remember that these standard onboarding practices represent the baseline approach. In practice, the level of due diligence may be adjusted based on the specific level of risk associated with each client.

2. Enhanced Due Diligence (EDD)

When faced with a higher risk of money laundering or terrorist financing, it’s necessary to carry out more extensive, enhanced checks on potential customers.

In general, if either you or a supervisory authority identifies specific risks to the jurisdiction or sector, an EDD approach becomes necessary. As described previously, this entails identifying particular product and service risks, geographic risks, and client risks that may require an increased level of due diligence.

According to FATF’s explicit requirements in such circumstances, regulated businesses should thoroughly examine complex, unusually large transactions, as well as transactions with no apparent economic or lawful purpose. In cases where money laundering or terrorist financing risks are higher, EDD measures should also be conducted reflecting the risks identified in the Risk Assessment. This includes intensifying monitoring of the business relationship to identify unusual or suspicious activities.

While no exhaustive list can encompass all potential risks, here are some key indicators of money laundering and terrorist financing threats that may necessitate more investigation and/or re-processing a customer through more stringent EDD checks:

Product/Service Risk

• Anonymity loopholes in transactions
• Third-party payments into business accounts.
• Unclear UBO data
• Involvement of private banking services.
• Complex or unusual transaction patterns lacking a clear economic rationale.
• Change in jurisdictional footprint or business activity

Geographic risk

• Jurisdictions subject to embargoes, sanctions, or restrictions by international organizations
• Jurisdictions identified with on FATF, EU, US AML/CTF watchlists, black lists or gray lists
• Countries or regions that have a demonstrated track record of problematic AML regulation

Client risk

• Cash-intensive businesses involving anonymous transactions.
• Complex ownership structures 
• PEPs or their family members or close associates as clients.
• Clients providing false identification documentation 

EDD Considerations

When applying EDD, FATF recommends obtaining senior management approval before establishing or continuing a business relationship. Specific measures that may be necessary include:

• Gathering additional information beyond standard onboarding requirements from reliable, independent sources to verify relevant persons’ information, including occupation and asset volume.
• Running adverse media searches on the client.
• Understanding the background and context of the client and/or proposed transaction.
• Gaining insight into the ownership of the client and other parties involved in transactions.
• Ensuring transaction consistency with the intended nature of the business relationship.
• Ongoing monitoring of the client and the business relationship.
• Regular updates to client and beneficial owner identification data.
• Enhanced monitoring of the business relationship through increased and timed controls, focusing on patterns that require extra due diligence.
• Understanding the client’s source of wealth and funds for specific transactions.
• Identifying individuals with control over the proposed account, including signatories and guarantors.
• Obtaining information on the client’s occupation, domicile, and primary trade area.
• Securing banking references, financial statements, and other relevant documentation.

Jurisdictional Considerations

In some cases, certain institutions may avoid implementing EDD based on regional regulatory variations. 

For instance, businesses operating in the European Economic Area (EEA) may not need to apply EDD if specific conditions are met, such as the client being a branch or majority-owned subsidiary of an entity established in an EEA state that meets certain obligations and supervision requirements.

3. Simplified Due Diligence

Implementing a lower level of due diligence can expedite the onboarding process and allocate fewer resources to clients and transactions deemed to have lower risk levels. When SDD is applied, the business still performs onboarding and ongoing monitoring but adjusts the timing, extent, and type of steps taken in the process.

Product / service types that present reduced money laundering or terrorist financing threats include:

Product/Service Risks

• Life insurance policies with low premiums
• Insurance policies for pension schemes with no early surrender option and no use as collateral.
• Retirement benefit schemes with contributions deducted from employees’ wages and non-assignable member interests.
• Financial products or services designed to provide limited services to specific client types for the purpose of increasing financial inclusion.

Geographical risks

• Client residing, established, or operating in a country with effective AML / CTF systems.
• A third country identified by credible sources as having low criminal activity, corruption, or terrorism.
• A third country recognized as compliant with FATF Recommendations, effectively implementing them, and having effective supervision and monitoring of institutions.
• A jurisdiction where the business has substantial experience and confidence in conducting activities.

Client risks

• Individuals residing in a lower-risk geographical region.
• Client being a publicly owned enterprise 
• Public company listed on a recognized regulated market with effective transparency of beneficial ownership requirements.
• Individuals regulated by recognized regulatory authorities (e.g., lawyers and accountants).

That being said —lower money laundering and terrorist financing risk for identification and verification purposes doesn’t necessarily imply lower risk for all CDD measures or ongoing transaction monitoring. The level of due diligence should be continually reassessed to ensure a customer’s risk profile does not change after they have been onboarded. 

If a customer’s risk profile has changed, for example by a client relocating to a country with a high money laundering risk or assuming public office and becoming a PEP, then it may be necessary to reexamine their activity through CDD or EDD. 

Ready to make compliance your competitive advantage? Get in touch to find out how KYC-Chain can transform your customer onboarding experience –  we’ll be happy to arrange a demo.