When assessing the risks involved in business relationships with their clients, financial institutions and obliged entities worldwide, including Cyprus, must take steps to ensure that the relevant, accurate and reliable information is collected and evaluated in accordance with the Client Due Diligence (CDD) procedures and the Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) legislations, with the Know Your Customer (KYC) process being of crucial importance in the financial industry.
What is KYC?
KYC is the mandatory process of identifying and verifying the identity of the client and the origin of their wealth, as well as assessing corporate structures and validating registration credentials of their business, to ensure that any and all disclosure requirements are met under the scope of the AML/CFT compliance. Hence, KYC due diligence measures apply to both natural persons and legal entities, in which case it may be referred to as the Know Your Business (KYB). The objective of the KYC is to comprehend the financial background and business activities of a client, enabling the financial institutions and obliged entities to understand, mitigate and manage the Money Laundering and Terrorist Financing (ML/TF) risks associated with the clients and their business transactions.
When is KYC conducted?
Before entering into a business relationship, financial institutions and obliged entities are required to take reasonable measures to understand the ownership and control structure of their client’s business, as well as to document their findings in a diligent manner on the checks conducted to establish the identity of the Ultimate Beneficial Owners (UBOs) and any and all natural persons relevant to their business, in accordance with the provisions of the Law of the relevant jurisdiction.
In addition to being conducted as an ongoing monitoring periodically – to confirm the validity of the information gathered during the initial CDD and KYC checks, these procedures are further performed as follows:
Who conducts KYC?
Financial institutions and obliged entities are required to conduct and maintain KYC and CDD procedures, and are the responsibility of their officially assigned Compliance Officers. EU framework for obliged entities applies to financial services institutions, i.e. credit institutions, banks, insurance companies, investment firms, etc; notaries and other legal professionals; auditors, external accountants and tax advisers; fiduciary services providers; gambling services; estate agents; providers engaged in exchange services between virtual currencies and fiat currencies; custodian wallet providers; persons trading in works of art and other persons trading in goods to the extent that payments are made or received in cash amounting €10K or higher in a single or multiple linked transactions.
Which information and documents are required to conduct KYC?
Though the requirements may differ in some jurisdictions, the general guidelines for the KYC globally require presenting documentation which will confirm the identity of the natural person, their date of birth, their current residence, their occupation and educational background, a bank reference confirming good character and the documentation supporting their source of wealth. As regards the legal entities, full set of corporate documents, confirmation of good standing, business address, bank reference, tax residency, financial records, and supporting documents for UBOs and all natural persons in the corporate structure are required. Additional documents may be required, depending on the risk classification of the client.
What is KYC risk classification?
Applying the Risk Based Approach (RBA), financial institutions and obliged entities are required to classify their clients in accordance with an independent analysis of risk of ML/TF, ranging from: i) Low Risk, applying the Simplified Due Diligence (SDD) procedures; ii) Normal Risk, applying the Basic Due Diligence (CDD) procedures; and iii) High Risk, applying the Enhanced Due Diligence (EDD) procedures, meaning that the risk level assigned to the client will determine the appropriate due diligence and monitoring processes. The Compliance Officer can override the risk assessment scores, subject to appropriate reasoning and supported with relevant documentation.
Whereas the e.g. Politically Exposed Persons (PEPs), high-risk third countries, precious metals dealers, etc will, by default, be classified as high-risk clients, multiple factors can contribute to being classified as high-risk, in accordance with the provisions of the Law of the relevant jurisdiction and depending on the financial institution’s and/or obliged entity’s acceptance policy. Within the scope of the KYC processing, financial institutions and obliged entities are required to conduct sanctions screening and PEP lists checks, as particular countries, regimes, groups, companies, or individuals can be sanctioned – including asset freezes, travel bans, trade embargoes, economic sanctions, etc, by using publicly available sanction lists, created by governments or international bodies – for example, EU Consolidated List of Sanctions, UK HMT Consolidated List of Financial Sanctions Targets, OFAC Specially Designated Nationals and Blocked Persons List, United Nations Security Council Consolidated List, and many more.
Meeting the minimum KYC requirements is no longer considered sufficient, and additional clarifications, documentation and information are now encouraged to be submitted voluntarily, in an ongoing pursuit of transparency. Beyond the KYC procedures, even though it is not yet formally required, the Know Your Customer’s Customer (KYCC) has become highly recommended under the scope of the AML/CFT compliance.
For more information on the KYC and how these procedures can affect you and your business, please contact us on [email protected]