Serve the purpose of an AML KYC program – Periodic Reviews

18 May Serve the purpose of an AML KYC program – Periodic Reviews

OK, Let me ask you this, when you buy a car you do check everything right from the interiors to exteriors to the mechanical aspects such as brakes, clutch, and accelerator? And I am sure at regular intervals you get it serviced just to make sure that your car is perfect and does not put yourself or your family in a risky situation while driving.

The same logic applies to financial institutions as regulators require banks and non-banking financial institutions to perform AML KYC due diligence when on-boarding a new customer and also on a periodic basis throughout the life of the relationship.

Stale documentation does not serve the purpose of an AML KYC program and hence requires the documents to be updated on a regular time period which is why regulators stress so much on performing periodic reviews. While collecting the fresh set of documents one might be able to capture any material change in the customer profile which might have taken place after on-boarding the customer.

Periodic reviews also allow the financial institutions to keep an eye on the risk rating of the customer to make sure that the risk rating assigned to the customer continues to reflect the appropriate risk rating.

When to perform

The frequency for performing periodic reviews might vary from institution to institution. With no set guidelines from regulatory bodies, Financial Institutions have taken a Risk Based Approach and based on a consultation with industry peers the standard is every 1, 2 and 3 years. With High risk customers requiring a Periodic Review every 12 months, Medium 24 and Low risk every 36 months.

There is a slight difference between the due diligence for new client on-boarding and periodic reviews, below is a list of tasks to be performed for periodic reviews. However its worth highlighting each Financial Institution should tune their documentation requirements based on their Business needs:

1. Review the basic information about the customer as Name, Address, Occupation, Source of Funds for individual customers and if it is a corporate customer check for the information available on file against the information available in the public domain or by asking the customer directly, such as a change in the shareholders, controlling parties, Sanction exposure.
2. Screen the customers against PEP, sanctions and negative media for any potential hits, and also the new parties who are now associated with the customer such as new shareholders /management.
3. Re-calculate the risk score, based on the two steps above and see if the customer is still within the in the risk appetite or not and take action accordingly.
4. See if the customer transactions both debit and credit are within the expected scale and if there is any abnormal spike the same can be investigated further, one has to keep in mind that not all abnormal spikes are dangerous.

Thanks to technological advancements in the area of RegTechs today most of the organisations are able to tap the most of technology and implement real-time transaction monitoring systems to detect any anomalies and report them back.