Meeting Global Practice Standards for Know

Your Customer (KYC) and Enhanced Due

Diligence (EDD)
2 April 2012

Scott Burton

1
Overview on Global Practice Standards for
KYC & EDD

Achieving
• Meeting International and Local KYC Expectations
Enterprise-Wide
Governance

• To identify your customer’s customer

Implementing
Practical Steps

• Across business lines

Having a Global • Across jurisdictions
KYC/EDD
Approach

2
 Achieving Enterprise-Wide Governance

• Organisation Structure

• Global Minimum Standards

• Policy and Procedures Framework

• Technology

• Training / Development

• Communication

• Self-Testing

3
 Implementing Practical Steps to Identify your
Customer’s Customer
Reliance on Intermediary to perform
due diligence…

Is intermediary regulated?

Who should you do Due Diligence on? Is intermediary from a jurisdiction that meets
FATF standards & subject to AML laws?

If not based in a FATF country, does the

intermediary apply procedures & standards that
are equivalent to those intermediaries that are
subject to AML laws in FATF country?

4
 Implementing Practical Steps to Identify your
Customer’s Customer
Reliance on Intermediary to perform
customer identification…

Client Identification framework equivalent to

FATF standards

Appropriate level of due diligence on higher

risk clients such as PEP, Sanctioned
individuals or entities

What level of Due Diligence should be AML Questionnaire / Certification / Appropriate framework to report suspicious
conducted? Representations & Warranties activities

Appropriate KYC/AML training conducted

for employees of intermediaries

Record retention of due diligence performed

on customer

5
 Having a Global KYC/EDD Approach
Why Enhanced Due Diligence (EDD) important?
- A major regulatory focus

“A rigorous and robust process of investigation

over and above (KYC) procedures, that seeks with
reasonable assurance to verify and validate the
customer’s identity; understand and test the
customer’s profile, business and account activity;
identify relevant adverse information and risk
assess the potential for money laundering and/or
terrorist financing to support actionable decisions
to mitigate against financial, regulatory and
reputational risk and ensure regulatory
compliance”
(ACAMS Today July/August 2006)
Royal Bank of Canada

6
 Having a Global KYC/EDD Approach
EDD - The Risk Based Approach at Credit Suisse

Company A
• Low Risk Simplified CDD e.g. proof
Listed institution headquartered of exchange listing etc.
in the U.S.

Company B Enhanced Due Diligence

• Higher Risk (EDD) e.g. standard CDD
Private Company with a
complicated ownership structure plus verification of UBOs;
incorporated in Venezuela third party due diligence
report etc.

7
 Having a Global KYC/EDD Approach
EDD Process at Credit Suisse
1. On-Boarding
(Risk Criteria)
• At the point of on-boarding,
clients are filtered into
appropriate risk categories as
per the defined risk
criteria/triggers – further to
minimum standards - set for the
location and/or division e.g.
standard, enhanced etc.
2. On-Boarding
(Measures)
• EDD clients are subject to
additional measures - further to
standard risk e.g. verification
of UBO(s) beyond 10%
ownership assessment of risk
profile, desk research via
Factiva or Lexis/Nexis and
Google; 3rd Party Due
Diligence Report as applicable
etc.
3. On-Going
(Monitoring/Surveillance)
•EDD clients are subject to
additional measures – further to
standard risk
monitoring/surveillance
requirements e.g. risk assessed
customer scores etc.
4. On-Going
(Review)
• EDD clients are subject to
frequent review (normally every
year) e.g. adverse media
research, transaction look-back.
assessment of risk profile etc.
8
 Having a Global KYC/EDD Approach
KYC Information Standards - CAAT
Maintaining complete and accurate KYC information within client files (whether electronic
or physical) is an essential first step towards ensuring adherance to regulatory
obligations.

•COMPLETE: The collected KYC information must provide a comprehensive

understanding of the client’s profile and proposed transactional activity; the details, in
addition to the source of the information, must be fully explained and all corroborating
evidence documented/substantiated within the client file (e.g. copies of company
registration or screening/media search results etc.)

•ACCURATE: KYC information must be reviewed and updated (as necessary) on a

periodic basis and/or as soon as a material change to the client’s profile has been
discovered/detected e.g. change of address or source of income etc

•ACCESSIBLE: Client files must be maintained in a format and location that is readily
accessible and available to any authorized employee upon request

•TRANSPARENT: KYC information must be clearly and concisely presented within the
client file. The chosen format must allow for any competent and/or reasonable third party
(e.g. Compliance, Audit, Regulator etc.) to easily and readily understand a client’s profile

9
 Having a Global KYC/EDD Approach
Key Components of an Effective EDD Program

Training & Client Involvement of Top Control Issue

Communication Documentation Compliance • Management
• Awareness • Business needs to • Harmonization and control via
through top comply with the improvement of centrally-performed
management policies in respect EDD process using spot checks
communications of the completion of a risk-based • Compliance control
• Training for the client profile approach via escalation and
Business (e.g. and AML implementation of a
by using good documentation (i.e. disciplinary matrix
and bad background report • Clear audit trail
examples) for unusual
transactions)

10
 Having a Global KYC/EDD Approach
Common EDD Failings

• Client profile may not be up-to-date

• Documentation on unusual transactions was not

sufficiently meaningful and was not comprehensible

• Quality of the documentation generally declines during the

duration of the business relationship

• Not possible for an expert third party to establish the

plausibility of the origin and growth of assets

11
 Conclusion

What is your organisation’s enterprise-wide

governance? Does it meet both international
and local expectations?

Have you incorporated practical steps to

identify your customer’s customer?

Is there a consistent and thorough global

KYC/EDD approach in your organisation?

Disclaimer:
The materials contained in this presentation are meant for information sharing. Credit Suisse AG, its subsidiaries and employees accept no responsibility for
errors or omissions in this material, or for any loss or damage arising from the use of this material.

12