Benjamin M Musau
KYC, CDD and EDD
- What is the difference between KYC and Customer Due Diligence and Enhanced Customer Due Diligence?
(i) KYC is the abbreviated name of Know Your Customer. According to the online Wikipedia, Know your customer (KYC) is the due diligence and bank regulation that financial institutions and other regulated companies must perform in order to identify their clients and ascertain relevant information pertinent to doing financial business with them. In the USA, KYC is typically a policy implemented to conform to a customer identification program mandated under the Bank Secrecy Act and USA Patriot Act. The main purpose of KYC policies and programs is to prevent identity theft fraud, money laundering and terrorist financing.
(ii) The generated alerts identify unusual activity which is then subject to due diligence or enhanced due diligence (EDD) processes that use internal and external sources of information on the subject, including the internet.
(a) Customer Due Diligence (CDD) is actually part of KYC because KYC is the due diligence that financial institutions and other regulated companies must perform in order to identify their clients and ascertain relevant information pertinent to identify their clients and ascertain relevant information pertinent to doing financial business with them.
(b) While Enhanced Customer Due Diligence (ECDD) has not been internationally defined, it is generally agreed that it is a process of investigation that is rigorous and robust over and above the KYC procedures. ECDD seeks with reasonable assurance to verify and validate the customer’s identity, understand and test the customer’s profile, business and account activity. It seeks to identify relevant adverse information and risk by assessing the potential for money laundering or terrorist financing to support actionable decisions to mitigate against financial, regulatory and reputational risk and ensure regulatory compliance. The absence of an internationally accepted definition of ECDD means that financial institutions are at risk of being held to differing standards depending on their location, jurisdiction and applicable regulatory environment.
- The factors that a bank or other financial institution should take into account in determining to perform enhanced due diligence for high-risk customers are as follows:
(a) The customer’s business activity;
(b) Ownership structure;
(c) Anticipated or actual volume; and
(d) Types of transactions, including those transactions involving higher risk jurisdictions.
- The four situations where a bank or other financial institution must file a Suspicious Activity Report (SAR) are:
(a) For any known or suspected violations of federal criminal laws or regulations committed/attempted against or through the institution if it involves or aggregates at least US$5,000 in funds or other assets and the bank knows, suspects, or has reason to suspect the funds are:
(i) Obtained from illegal activity;
(ii) Intended or conducted to hide or disguise funds or assets derived from illegal activity;
(iii) Designed to evade any reporting requirements under the Bank Secrecy Act (BSA).
(b) For any know or suspected federal criminal violations committed or attempted against or through the institution involving funds:
(i) Transacted with no business or lawful purpose;
(ii) Not the sort the customer normally engages;
(iii) The institution knows of no reasonable explanation for the transaction after examining available facts including the background and possible purpose of the transaction.
(c) Any transaction or pattern of transactions conducted or attempted that is suspicious and involves or aggregates funds or assets of at least US$2,000 if the MSB knows, suspects, or has reason to suspect the transactions are:
(i) Derived from illegal activity or is intended to hide or disguise funds or assets derived from illegal activity;
(ii) Designed to evade the requirements of the BSA, whether through structuring or other means;
(iii) Serves no business or apparent lawful purpose and the MSB knows of no reasonable explanation for the transaction after examining all available facts.
(iv) Issuers are required to report transactions or pattern of transactions that are suspicious and involve or aggregate funds or other assets of at least US$5,000 if identification of transactions is derived from review of clearance records or other similar records of items sold or processed.
- ‘Safe harbor’ for a bank in the context of a SAR
(a) “Safe harbor” is the protection from civil liability provided under federal law (31 U.S.C. 5318(g)(3)) to financial institutions and their directors, officers, employees or agents that report suspicious activity to FinCEN or appropriate law enforcement or supervisory agencies.
(b) A financial institution is prohibited from notifying any person involved in the transaction that the transaction was report on a SAR (31 U.S.C. 5318(g)(2)).
(c) If you receive a subpoena for a SAR, or a request of any kind to produce a copy of a SAR (other than a request by FinCEN, or an appropriate law enforcement or supervisory agency), you are requirement to contact FinCEN’s Office of Chief Counsel at (703) 905-3590 immediately; federally regulated depository institutions should also contact their regulator.
- What is a national security letter (NSL)?
(a) A national security letter (NSL) is a form of administrative subpoena used by the U.S. Federal Bureau of Investigation and reportedly by other U.S. Government Agencies including the Central Intelligence Agency and the Department of Defense. It a demand letter issued to a particular entity of organization to turn over various records and data pertaining to individuals.
(b) NSL’s can only request non-content information, such as transactional records, phone numbers dialed or e-mail addresses mailed to and from. They require no probable cause or judicial oversight. They also contain a gag order, preventing the recipient of the letter from disclosing that the letter was ever issued.
(c) The gag order was ruled unconstitutional as an infringement of free speech, in Doe v Ashcroft case.
- Are banks and other financial institutions obligated to investigate the underlying crime (the predicate crime) behind money laundering?
(a) No. The obligation of banks and other financial institutions in the context of money laundering investigations is to file the SARs. The investigation of the underlying crime is a matter for the criminal investigation authorities.
- What is the time frame for the filing of a SAR? Must the Board of Directors be notified?
(a) A review must be initiated promptly upon identification of unusual activity that warrants an investigation. The time frame required for completing review of the identified activity, however, may vary given the situation.
(b) The 30-day or (60-day) period does not begin until an appropriate review is conducted and a determination is made that the transaction under review is suspicious within the meaning of the SAR regulations.
(c) The Bank’s board of directors must be notified of SAR filings, and such filings and information contained in the filings must remain confidential, unless properly requested by law enforcement.
(d) Financial institutions are protected from liability to customers for disclosures of possible violations of law under safe habor provisions. Safe harbor covers all reports (including supporting SAR documentation) of suspected or known criminal violations and suspicious activities to law enforcement and the financial institution’s supervisory authority.
- Must the head office and controlling companies be notified?
(a) No. However, banks are at liberty to share SARs with head office and controlling companies.
References:
- http://en.wikipedia.org/wiki/Know_your_customer
- http://www.ffiec.gov/bsa_aml_infobase/pages_manual/OLM_013.htm
- http://www.irs.gov/businesses/small/article/0,,id=154557,00.html
- http://en.wikipedia.org/wiki/National_Security_Letter
- http://www.bankersonline.com/security/guru2008/gurus_sec101308b.html
- Money Laundering, A Banker’s Guide to Avoiding Problems
February 22, 2011
I am a Kenyan Advocate and the Managing Partner of B M Musau & Co., Advocates, a position I have held since 1999. My work encompasses regulatory reforms, reduction of administrative burdens, the structure of business entities, joint ventures, acquisitions, banking, foreign investment and other general corporate areas
Write a comment: