If you’re starting a new business or rethinking processes in an existing one, dealing with AML compliance can seem daunting. Compliance officers, audits, customer due diligence, copies of passports and risk assessments – they can be a lot to get your head around.
Most of the requirements focus on customer due diligence and risk assessment, so that’s a good place to start. By building AML into your customer onboarding procedures, you make it easier to meet requirements without a lot of additional work. Rather than thinking of compliance as an added burden on you and your customers, it becomes a standard part of the process.
Here’s how to make AML requirements a key part of onboarding in your business.
When new AML/CTF requirements were introduced early in 2019, the compliance burden on financial service organisations seemed daunting.
The amended law is designed to prevent criminal activity – money laundering and funding of terrorist groups – through complex financial transactions. It requires businesses that deal with large sums of money – like accounting firms, banks and other lenders, law firms, and real estate agents – to put systems in place that detect and deter money laundering. This includes verifying identification and other details, looking at the origins of clients’ finances and reporting if there are any red flags of illegal activity.
Among other things, businesses need to have a compliance officer to handle AML/CTF requirements, manage customer onboarding and record-keeping, and provide details for auditors regularly.
Customer onboarding and AML
Know Your Customer (KYC) is a key aspect of AML compliance. The law requires businesses to collect and verify information and make risk assessments on every new customer, so KYC needs to be part of your onboarding process.
Before the amendments, taking on new customers meant getting their names, addresses and little else. Now, businesses must take each new client through an extensive verification and risk assessment process before they can start work.
The law doesn’t specify how to manage AML requirements, so your business can choose to use paper forms and manual processes, or a digital AML/KYC solution like First AML. Although paper-based processes work for many businesses, it can be simpler and less frustrating to manage data collection and storage with an online system.
AML onboarding requirements
The AML process needs to be completed not only for customers but for any beneficiaries of the business or trust involved and anyone acting on behalf of your customer.
These requirements include:
- Collecting and verifying ID
- Recording and verifying the customer’s address
- Collecting business details including address and registration number
- Viewing documentation that proves the origin of the customer’s finances
- Assessing the AML risk for each customer
- Completing an in-depth AML process if the risk is determined to be high
- Collecting a declaration showing that the details provided are accurate
It all sounds very complicated, but once you implement AML processes into your onboarding procedures, they become second nature.
Implementing AML in four simple steps
AML requirements are manageable when broken down into basic steps. Each step can have its challenges depending on the customer, but understanding the broad outline of the requirements is a good place to start.
Step 1: ID collection and verification
Whether you’re using an in-person process or an online system, the first step is collecting basic details about your new customer. Full name, date of birth, address and company ID or registration number are key if you’re dealing with a business client. This step needs to be completed for any new customer, beneficial owner of the business or anyone acting on behalf of the customer.
The details need to be backed up with documentation – like a passport or other valid photo ID, proof of address and business registration details. If you’re collecting details in person, you can take photocopies of the relevant documents, then sign and date them for your records. If you’re onboarding remotely, your customers may need to get a Justice of the Peace (JP) or other trustee to certify copies of their documents before they’re uploaded.
Step 2: Risk assessment
This step involves assessing the level of risk presented by new customers and using that information to determine the next steps. This means asking customers – in person or via a form – why they’re seeking to work with your business, and establishing the origin of their finances. Some businesses are happy to simply ask customers about their financial background, while others require documentation including bank statements or wills.
Once the risk assessment is complete, you can continue with a simplified, standard or enhanced due diligence process.
Step 3: Declaration of details
Along with customer details, documentation and any other background checks, you need customers to sign a declaration that their information is correct and truthful. This must be signed in person, certified by a JP or completed via a recognised online verification system like First AML.
Step 4: Record and track
Once the onboarding process is complete, you need to keep records of customer details including signed and dated copies of ID and other documentation. This can mean keeping physical copies or using a CRM system to save scans to the cloud.
However you manage your record-keeping, it needs to be secure so sensitive customer details can’t be accessed by outsiders – using a secure database or cloud storage facility. It’s also important that they’re accessible to people within your business, so you can share documentation with auditors if necessary.
Develop a KYC process for your business
Key elements of the KYC process differ for various types of business, so before you start, it’s essential to look at the guidelines for your sector.
There are several ways to manage onboarding but the important thing is having a process in place, so you and your staff don’t miss crucial compliance details or signs of illegal activity.
About First AML
First AML is an AML technology provider, and the maker of Source, an all-in-one AML platform. Source powers thousands of compliance experts around the globe to reduce the time and cost burden of complex and international entity KYC. Its enterprise-wide, long term approach to the KYC / CDD data lifecycle addresses time and cost challenges while minimising compliance, reputational and security risks.