Detecting High ML/TF risk Customers through KYC, KYB and CDD

## <img data-recalc-dims="1" loading="lazy" decoding="async" src="https://i0.wp.com/complyguardian.com/wp-content/uploads/2023/08/Detecting-high-ml-tf-risk-customers-Compliance-Guardian.png?resize=400%2C510&#038;ssl=1" alt="Detecting high-risk customers through KYC, KYB & CDD. AML/CFT solutions for high AML/CTF Risk management." width="400" height="510">

One of the key elements of the Anti-money Laundering and countering financing of terrorism (AML/CFT) laws and regulations is a risk-based approach towards the customer base. Properly establishing and allocating ML/TF Risk Ratings is one of the key parts of AML/CTF Risk management. Obviously, when it comes to initial customer due diligence (CDD) and ongoing AML/CFT compliance, including transaction monitoring, Transaction Risk Management, CFT controls, KYC measures etc., higher initial and ongoing standards are expected to apply to high-risk customers.

However, in order to do that, an AML/CFT reporting entity must define the parameters for customer money laundering and terrorism financing (ML/TF) risk rating through the Customer Risk Rating Model and implement this model through AML/CFT procedures and protocols.

AML/CFT Rules and High-Risk Customers

Often the AML/CFT (aka AML/CTF) rules would dictate that, in some cases, a reporting entity must go further than standard customer due diligence (CDD). This is more about anti-money laundering than CFT. The reason for that is some types of customers have been historically associated with higher chances of money laundering.

For example, in New Zealand, the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 would require a reporting entity to collect and verify information about sources of funds (SOW) of trusts, investment vehicles and politically exposed persons (PEP).

In Australia, foreign PEPs must undergo compulsory enhanced customer due diligence (ECDD or EDD). So, one has to check its local AML/CFT legislation. If it says that certain types of customers have to go through EDD, it could very well be a good starting point in considering whether to treat this category as representing higher ML/TF risk.

High-Risk Customers and AML/CFT Risk Assessment

Another basic requirement for an AML/CFT reporting entity is to conduct an AML/CFT Risk Assessment.

A sound AML/CFT Risk Assessment is based on the applicable sector risk guide, where AML/CFT supervisors tell reporting entities that certain types of clients represent higher ML/TF risks. These clients are commonly at higher risk because:

• of their location (high-risk jurisdictions, a country associated with a lack of AML/CFT measures, offshore tax haven)

• their legal structure, an entity with nominee directors, shareholders, limited partnerships and limited liability partnerships, trading trusts and other legal structures favouring anonymity;

• their sources of wealth associated with higher ML/TF industries, such as gambling, art, online adult services, crypto assets and cryptocurrency, etc.

High-Risk Customers and KYB Analysis

A part of the AML/CFT Assessment is called Know Your Business or KYB analysis. This includes looking at the potential ML/TF weaknesses of the entity’s AML/CFT-regulated business, including different types of clients.

Here a reporting entity has to consider further than just the types of clients it wishes to onboard and look at the jurisdictions of its operations, institutions involved in its operation, its delivery methods for AML/CFT regulated products or services and the scale and complexity of its products.

Suppose a reporting entity targets a specific client group or operates in a specific market. In that case, it must understand what types of clients would present higher ML/TF risks in the particular circumstances.

For example, onboarding a corporate client incorporated in country A with beneficial owners located in country B, which is a high-risk jurisdiction, or with financial sources originating from country B could render this client to pose a higher ML/TF risk.

Another example is where a client deposits funds through cryptocurrency instead of FIAT or there are third-party transactions.

A client from a high-risk jurisdiction onboarded via a non-face-to-face onboarding model.

Click here for more ML/TF Risk Considerations and KYB analysis.

CDD, KYC and High-Risk Customers

This is about customer risk rating practices when it comes to the actual onboarding and ongoing monitoring, as opposed to establishing the AML/CFT parameters for high-risk customers.

When a customer applies to establish a business relationship with a reporting entity, it is up to an entity to establish a set of know-your-customer KYC measures to ensure it collects and verifies enough information about the potential client to rank him initially and then updates the customer’s profiles based on their behaviour and other material changes. A lot of KYC information could be gathered through an effective CDD process.

This includes customers’ beneficial ownership, location, sources of funds, nature of business, the purpose of establishing the relationship with an entity, value of transactions, etc. Based on the information, an EDD procedure could often apply. More information about ECDD and EDD requirements could be found here.

For example, a customer declares that it would conduct large and complex transactions through an entity, a customer is identified as a PEP person, a customer with a complex beneficial ownership structure, etc.

High-Risk Customers and ongoing monitoring

There are two basic considerations when it comes to ML/TF risk levels and ongoing AML/CFT compliance obligations. One in respect of the existing high-risk customers. Another is about keeping customers’ risk levels up to date, which applies to the entire customer base.

Existing High-Risk Customers

Once a customer’s ML/TF risk level is properly identified, a customer should be appropriately monitored. It would not be appropriate to say that the reporting entity’s obligations end there. Detecting large, complex, unusual and suspicious transactions is key to ongoing AML/CTF compliance. When it comes to high-risk customers, this has to be done particularly diligently, comparing new data with available KYC information. Furthermore, identifying suspicious activities and material changes in the relationship between an existing customer and a reporting entity is another obligation. Ongoing monitoring is all clients in general and high-risk clients, in particular, are essential elements of the reporting entity’s AML/CFT Programme (aka AML/CTF Program).

Reallocating ML/TF risk levels

Once an ML/TF level is allocated during the onboarding, it is generally subject to change involving material changes and customers’ behaviour. A low-risk customer could easily become a high-risk customer. A reporting entity’s responsibility is to have efficient AML/CFT monitoring policies and procedures to capture these changes.

For example, a corporate customer changes its beneficial ownership and is now owned by a legal entity located in a high ML/TF jurisdiction, a low-risk customer conducts a series of large or complex transactions, or there are multiple third-party transactions to a customer’s account that have no apparent economic purpose, or a dormant customer with low transaction volumes suddenly increases those drastically.

While enhanced due diligence on questionable transactions, including gathering and verifying information about sources of funds (SOF), could solve much ambiguity about customers’ behaviour, a reporting entity should not forget to review the customer’s ML/TF risk level based on the new information and updated customer’s behaviour.