STUDENT NAME : NNANYERE CHIOMA C.

MAT.NO : 20/022514/LAW
COURSE : BANKING LAW II (BUL322)

TOPIC
CUSTOMER DILIGENCE (CDD) AND KNOW YOUR CUSTOMER (KYC) IN MONEY LAUNDERING.

Money laundering is the illegal process of making large amounts of money generated by
criminal activity, such as drug trafficking, arms dealing and smuggling and terrorist funding
to have come from a legitimate source. The money from the criminal activity is considered
dirty and the process “launders” it to make it look clean.
Most contemporary financial companies have Anti-money laundering establishments of
which the Customer Due Diligence (CDD) and Know Your Customer (KYC) are inclusive.
The Customer Due Diligence is a process that financial institutions, businesses and other
organizations use to gather information about their customers and clients in order to identify
and mitigate risk such as money laundering, financing terrorism and other illicit activities. It
involves verifying the identities of customers, understanding their financial activities, and
assessing potential risks associated with their transactions. CDD is essential for maintaining
regulatory compliance, mitigating financial crimes, and safe guarding the integrity of the
financial system.
HISTORY
The history of customer due diligence can be traced back to the efforts to combat money laundering and
terrorist financing. In the late 1980s and early 1990s, concerns grew over the increasing use of the global
financial system for illegal activities. Governments and international organizations began implementing
measures to address these concerns, leading to the development of CDD as an essential component of anti-
money laundering (AML) and counter-terrorist financing (CTF) frameworks.

the key milestones in the history of customer due diligence:

1989: The Financial Action Task Force (FATF) was established by the G7 countries to
combat money laundering and terrorist financing. It issued its first set of recommendations in
1990, which laid the foundation for CDD requirements.
1996: The FATF's "Forty Recommendations" introduced the concept of CDD, which
included the need for customer identification, record-keeping, and reporting suspicious
transactions.
Late 1990s: Several countries, including the United States and members of the European
Union, implemented legislation to comply with the FATF recommendations. These laws
required financial institutions to establish and implement CDD procedures.
2001: The September 11 attacks in the United States prompted increased efforts to combat
terrorist financing. The USA PATRIOT Act was enacted, imposing stricter requirements for
customer identification and due diligence on financial institutions in the United States.
2003: The FATF revised its recommendations and issued the "Special Recommendations on
Terrorist Financing," which expanded the scope of CDD to cover the identification and
verification of beneficial owners of legal entities.
2005: The Third European Money Laundering Directive was implemented, harmonizing
CDD requirements across EU member states and introducing the concept of a risk-based
approach to due diligence.
2012: The FATF updated its recommendations to strengthen CDD measures and emphasize
the importance of a risk-based approach. It also introduced the notion of simplified due
diligence for low-risk customers.
2017: The FATF issued new guidance on the application of a risk-based approach to
customer due diligence, emphasizing the need for ongoing monitoring of customer
relationships.
2018: The European Union implemented the Fourth Anti-Money Laundering Directive,
which introduced stricter CDD requirements, including enhanced due diligence for high-risk
customers and the establishment of central registers of beneficial ownership.
2021: The FATF issued guidance on the implementation of effective customer due diligence
for virtual assets and virtual asset service providers, reflecting the growing importance of
cryptocurrencies and other digital assets.
Money Laundering (Prohibition) Act 2004: The Money Laundering (Prohibition) Act was
enacted in 2004 to provide a legal framework for combating money laundering and other
financial crimes in Nigeria. This act required financial institutions to implement measures to
identify and verify the identity of their customers and monitor their transactions.
The Money Laundering (Prohibition) Act, 2011 criminalizes money laundering activities in
Nigeria and places obligations on financial institutions to conduct customer due diligence. It
requires financial institutions to identify and verify the identity of their customers, maintain
records of transactions, and report suspicious activities to the appropriate authorities.
Who does the Customer Due Diligence (CDD) procedure affect?

The Customer Due Diligence (CDD) rule applies to banks, brokers in mutual funds,
securities, future commissions, finance merchants and businesses that handle financial
transactions on behalf of customers.
What are the components of Customer Due Diligence (CDD)?

There are four components or requirements of CDD, which include:

Customer identification and verification

Understanding the nature and purpose of the business-customer relationship
Beneficial ownership identification and verification
Ongoing monitoring for suspicious activities

These four points answer the question, “What are the 4 Customer Due Diligence
Requirements for Businesses?”
What are the types of Customer Due Diligence (CDD)?

There are three types of CDD. They include:

Standard
Simplified
Enhanced

Simplified Customer Due Diligence

Simplified Customer Due Diligence is applied when a customer risk assessment process has
proven the business-customer relationship to have a low potential for money laundering and
other financial crimes. In such a situation, the business is only required to identify the
customer and not necessarily verify his or her identity.

Standard Customer Due Diligence

This type of CDD involves identifying the customer through reliable independent sources.
The purpose of this process is to identify the nature of the business-customer relationship and
take subsequent actions where necessary.

Enhanced Customer Due Diligence

This CDD is applied when the risk of money laundering/ terrorism financing is high, e.g if
the customer is a Politically Exposed Person (PEP) or from a high-risk nation. The extra
processes carried out for enhanced due diligence may include:

Requesting additional information from the customer

Establishing the intended nature of the business relationship
Obtaining information on the source of the customer’s funds or wealth
Establishing the purpose of the transaction
Carrying out ongoing monitoring of the customer’s activities
In the 2022 amendment of this act by former president Muhammadu Buhari, In addition to
existing obligations on the relevant institutions to identify and verify the identity of their
customers, the Act imposed further obligations on them to identify a customer, whether
permanent or occasional, natural or legal person, or any other form of legal arrangement,
using identification documents as may be prescribed in relevant regulations.
Furthermore, the Act required that the relevant institutions verify the identity of these
customers using reliable, independent sources, documents, data or information. The Act also
requires these institutions to take reasonable measures to identify and verify the identity of
any person purporting to act on behalf of a customer, and ensure such a person is duly
authorized.10
The Act also requires the relevant institutions to undertake customer due diligence measures
in the following circumstances:
a. When establishing business relationships;
b. When carrying out occasional transactions beyond the applicable designated threshold
prescribed by relevant regulations, including transactions carried out in a single
operation or in several operations that appears to be linked,
c. When carrying out occasional transactions that are wire transfers,
d. Where there is a suspicion of money laundering or terrorist financing regardless of
any exemptions or thresholds and;
e. Where there are doubts about the veracity or adequacy of previously obtained
identification data.11 Moreso, the Act imposes an obligation on the relevant
institutions, where they suspect or have reasonable grounds to suspect that the amount
involved in a transaction is the proceeds of a crime or an illegal act, to require
identification of the customer notwithstanding that the amount involved in the
transaction is less than US$1,000 or its equivalent.12

Central Bank of Nigeria (CBN)

Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) Regulations,
2013: The CBN issued these regulations to provide guidelines for financial institutions to
implement effective customer due diligence procedures. It outlines the requirements for customer
identification, record-keeping, risk assessment, and reporting suspicious transactions.

Section 13(1) states unambiguously that A financial institution shall undertake Customer Due
Diligence
CDD') measures when-
(a) business relationships are established.
(b) carrying out occasional transactions above the applicable and designated
threshold of US$1,000 or its equivalent in other currencies or as may be determined by the CB
from time to time, including where the transaction is carried out in a single operation or several
operations that appear to be linked;
(c) carrying out occasional transactions that are wire transfers, including those applicable to cross-
border and domestic transfers between financial institutions and when credit or debit cards are
used as a payment system to effect money transfer ;
(a) there is a suspicion of money laundering or terrorist financing, regardless of any exemptions or
any other thresholds referred to in these Regulations; or
(e) there are doubts on the veracity or adequacy of previously obtained customer identification
data.
(2) The measures in paragraphs (a), (b) and (c) of sub-regulation (1) of this
regulation, shall not apply to payments in respect of-
ii. any transfer flowing from a transaction carried out using a credit or debit
card so long as the credit or debit card number accompanying such
transfers flow from the transactions such as withdrawals from a bank account
through an ATM machine, cash advances from a credit card or payment for goods.
ii. Inter-financial institution transfers and settlements where both the originator-person and the
beneficial-person are financial institutions acting on their behalf.
(3) Financial institutions, must not after obtaining all the necessary documents and being so
satisfied, repeatedly perform identification and verification
exercise every time a customer conducts a transaction except there is a suspicion that the
previously obtained information is not complete or has changed.
14(1) A financial institution shall identify their customers, whether permanent or occasional,
natural or legal persons, or legal arrangements, and verify the customers" identities using reliable,
independently sourced documents, data or information.
(2) A financial institution shall carry out the full range of the CDD measures contained in these
Regulations, the relevant provisions of the Money Laundering (Prohibition) Act, 2011 (as
amended), and any other relevant laws or Regulations.
(3) Financial institutions shall apply the DD measures on a risk-sensitive basis.
(4) Types of customer information to be obtained and identification data to
be used to verify the information are contained in Schedule Il to these Regulations.
(5) Where the customer is a legal person or a legal arrangement, the financial institution shall-
(a) identify any person purporting to have been authorized to act on behalf
of that customer by obtaining evidence of the customer's identity and verifying the identity of the
authorized person; and
(h) identity and verify the legal status of the legal person or legal
arrangement by obtaining proof of incorporation from the Corporate Affairs Commission (CAC*)
or similar evidence of establishment or existence and any other relevant information.
15-(1)
A financial institution shall identify and take reasonable steps to verify the identity of a beneficial-
owner, using relevant information or data
obtained from a reliable source to satisfy itself that it knows who the beneficial owner is through
methods including-
(i) for legal persons :
(ii) identifying and verifying the natural persons, where they exist, that have ultimate controlling
ownership interest in a legal person, taking into cognizance the fact that ownership interests can be
so diversified that there may be no natural persons (whether acting alone or with others)
exercising control of the legal person or arrangement through ownership;
(in to the extent that it is manifestly clear under sub paragraph (;) of this
paragraph that the persons with the controlling ownership interest are the beneficial
owners or where no natural person exerts control through ownership interests,
identify and verity the natural persons, where they exist, exercising control of the
legal person or arrangement through other means ; and n0) where a natural person is not identified
under sub-paragraph (;) or (i)
of this paragraph, financial institutions shall identify and take reasonable
measures to verify the identity of the relevant natural person who holds senior
management position in the legal person,
(h) for legal arrangements- such as trust arrangement, financial institutions shall identify and
verify the identity of the settlor, the trustee, the protector
where they exist, the beneficiaries or class of beneficiaries, and any other
natural person exercising ultimate or effective control over the trust including through a chain of
control or ownership; and
(c) for other types of legal arrangements, the financial institutions shall identify and verity persons
in equivalent or similar positions.
(2) Financial institutions shall in respect of all customers, determine whether a customer is acting
on behalf of another person or not and where the customer is acting on behalf of another person,
Lake reasonable steps to obtain sufficient
identification-data and verify the identity of the other person.
(3) A financial institution shall take reasonable measures in respect of customers that are legal
persons or legal arrangements to-
(a) understand the ownership and control structure of such a customer and
(h) determine the natural persons that ultimately own or control the
customer.
(4) In the exercise of its responsibility under this regulation, a financial institution shall take into
account that natural persons include those persons who exercise ultimate or effective control over
the legal person or arrangement
and factors to be taken into consideration to satisfactorily perform this function
include:
(a) for companies - the natural persons shall own the controlling interests
and comprise the mind and management of the company ; and
(h) for trusts - the natural persons shall be the settlor, the trustee or person
exercising effective control over the trust and the beneficiaries:
(5) Where a customer or an owner of the controlling interest is a company listed on a stock
exchange and subject lo disclosure requirements (either by stock exchange rules or by law or other
enforceable means) which impose requirements
to ensure adequate transparency of beneficial ownership, or is a majority-owned
subsidiary of such a company, it is not necessary to identify and verify the identity
of any shareholder or beneficial owner of the company.
(6) The relevant identification data referred to in the foregoing regulation
may be obtained from a public register, the customer and other reliable sources,
and for this purpose, ownership of 5% interest or more in a company is applicable.
The challenges of implementing CDD
Banks are under increasing pressure to prevent money laundering and terrorist financing, which
has led to implementing customer due diligence (CDD) measures. However, CDD can be
challenging for banks due to its complexity and the resources required to implement it effectively.

CDD collects information about a customer's identity, business activities, and financial
transactions. This information must then be analyzed to assess the risk that the customer may
pose. Banks must have robust systems and processes to ensure that CDD is carried out correctly.

The challenges of implementing CDD can be significant. Still, banks must take these measures to
protect themselves and society from the threat of money laundering and terrorist financing. Banks
must also have appropriate systems and controls to ensure they do not provide financial services to
persons or entities subject to asset freezing, sanctions, or designated by the UN Security Council.

Banks have long used manual processes to gather the required information from new customers.
However, manual CDD processes are no longer adequate with the increasing complexity of
financial crimes. Banks are turning to software solutions to automate and streamline CDD.

Banks that use software for customer due diligence can improve their compliance with regulations
and reduce their risk of being involved in financial crimes.

Software solutions help banks in several ways. First, they can quickly gather customer information
from multiple sources and automatically populate customer records. This saves time and reduces
errors. Second, software solutions can continuously monitor customer activity and flag suspicious
behavior. This helps banks proactively identify potential financial crimes before they happen.

In other words, the software can automate the customer due diligence process, making it more
efficient and less prone to error. It can also help banks keep track of their customers’ activities and
identify patterns that may be suspicious.
Why CDD is essential for banking

Banking is a critical sector of the economy, and banks play a pivotal role in ensuring the financial
system's stability. To protect the interests of shareholders, customers, and other stakeholders,
banks must have strong customer due diligence (CDD) procedures.

CDD is essential for banking as it helps to identify and manage risk. It allows banks to assess
whether a customer poses a high risk of money laundering or terrorist financing and take
appropriate measures to mitigate that risk. It also helps banks better understand their customers
and build stronger relationships.

CDD is critical to comply with anti-money laundering (AML) regulations. AML regulations
require banks to know their customers and business activities to identify and report suspicious
transactions. CDD helps banks to meet these regulatory requirements and avoid hefty fines for
non-compliance. Banks can use various sources and methods to obtain information about their
customers, including Customer identification information, such as company and personal details,
date of birth, national identity number, driver’s license number, and passport number.

KNOW YOUR CUSTOMER

With recent increases in fraud and other types of digital crime, regulations are stronger than ever.
As such, it has never been more important for financial institutions to ensure compliance with
regulatory requirements – to protect themselves and their consumers, and avoid regulatory
penalties. It's no news that the banking sector is one of the most regulated industries, especially
concerning KYC and AML compliance. This is because although the customer is liable for any
fraudulent activities, banks also share the responsibility with individuals that transact with their
business.
 The concept of Know Your Customer has been a central principle in customer due diligence.
Nigerian financial institutions are required to obtain and verify information about their customers'
identity, including personal details, address, source of funds, and purpose of the account or
transaction. Know Your Customer (KYC) refers to the process by which businesses verify the
identity and assess the risk associated with their customers. It is a regulatory requirement in many
industries, particularly in banking and financial services, to prevent money laundering, terrorist
financing, and other illicit activities. KYC involves gathering relevant information about
customers, such as identification documents, address proof, and other personal details, and
conducting due diligence to ensure compliance with legal and ethical standards. The objective is
to establish the customer's identity, evaluate their reputation, and understand the nature of their
financial transactions to mitigate risks and maintain a secure business environment. The law
stipulates that all financial institutions and non-designate must conduct due diligence
and identification of their customers, particularly persons alleging to act on behalf of its
customers, in order to scrutinise such transactions.
The implementation of a robust KYC framework offers several benefits in the fight
against money laundering.
Firstly, KYC helps financial institutions establish the identity of their customers, ensuring
that they are dealing with legitimate individuals or entities. By verifying customers'
identities through reliable identification documents, such as passports or national ID
cards, financial institutions can minimize the risk of anonymous transactions and the use
of false identities to launder money.
Secondly, KYC enables financial institutions to gather relevant information about their
customers' financial activities and sources of funds. This information allows institutions
to assess the legitimacy of these funds and identify any suspicious or illegal activities. By
scrutinizing transaction patterns and conducting due diligence on customers, institutions
can identify red flags and potential money laundering schemes.
Furthermore, KYC promotes the principle of customer due diligence, which involves
ongoing monitoring of customer transactions and activities. Regularly reviewing
customer information and transactional behavior helps financial institutions detect
unusual or suspicious patterns that may indicate money laundering. By promptly
identifying and reporting such activities to the appropriate authorities, financial
institutions contribute to the prevention and deterrence of money laundering.
In addition, KYC facilitates the exchange of information among financial institutions and
regulatory bodies. Sharing information on suspicious customers or transactions allows
for a coordinated effort in combating money laundering. Collaborative efforts among
institutions enhance the effectiveness of anti-money laundering measures and strengthen
the overall financial system's integrity.
Moreover, KYC requirements act as a deterrent for potential money launderers. The
stringent verification processes and the need to provide legitimate identification and
transactional information discourage criminals from using the financial system for illegal
purposes. This creates a hostile environment for money laundering activities and helps
safeguard the integrity of the financial sector.
Overall, KYC plays a crucial role in combating money laundering by establishing the
identity of customers, monitoring their activities, detecting suspicious transactions,
facilitating information sharing, and acting as a deterrent for potential criminals.
Financial institutions that adhere to robust KYC procedures contribute to the global
efforts in preventing money laundering and ensuring the integrity of the financial system.

Who needs to have KYC processes?

KYC is required for any financial institution that deals with
customers while opening and maintaining financial accounts. When
a business onboards a new client, or when a current client acquires
a regulated product, standard KYC procedures generally apply.
Financial institutions that need to comply with KYC protocols
include:
  Banks
 Credit unions
 Wealth management firms and broker-dealers
 Finance tech applications (fintech apps), depending on the activities in which they
engage
 Private lenders and lending platforms
KYC regulations have become an increasingly critical issue for
almost any institution interacting with money (so, just about every
business.) While banks are required to comply with KYC to limit
fraud, they also pass down those requirements to organizations with
whom they do business.

The 3 components of a KYC process.

While the exact implementation process is left to the financial institution, a three-step
process for KYC is standard and specified in many countries’ regulations. This is often
referred to as the three components or pillars of KYC, and involves:
Customer Identification Program (CIP)
Customer Due Diligence (CDD)
Ongoing Monitoring
Customer Identification Program (CIP)

The first step in KYC processes is to establish that the customer is who they claim to be.
This requires any customer – both individual and corporate – to have their identity
verified.
For all individuals involved (including the identified beneficial owners for corporate
customers), identity details must be obtained and verified. Documents usually include
those that contain the following:
Name
Address
Date of birth
 Government-issued identity number
Other government-issued identities (such as passport or driving licence
For corporate customers, verification documents may also include a business license,
articles of incorporation, partnership agreements or financial statements. Financial
institutions also need to establish the company’s ownership structure and identify the
Ultimate Beneficial Owners (UBOs).
Proper collection and use of this data is also part of CIP requirements. Institutions should
be able to verify it – and do so in a timely manner. Procedures for doing so should be well
documented and followed by all staff involved.

To comply with the Customer Identification Program, financial

institutions must ask customers for identifying information. Every
financial institution conducts its own CIP process based on its risk
profile, so a customer may be asked for different information
depending on the institution.
For an individual, KYC documents could include:
 A driver’s license
 A passport
For a company, the information may include:
 Certified articles of incorporation
 Government-issued business license
 Partnership agreement
 Trust instrument
For either a business or an individual, further verifying information
might include:
 Financial references
 Information from a consumer reporting agency or public database
 A financial statement

Customer Due Diligence (CDD)

Customer Due Diligence (CDD) takes verification further and asks whether financial
institutions trust the customer. CDD is about establishing a customer’s risk level and to
what extent they can be trusted.
There are three levels of CDD. Basic due diligence is carried out for all customers to
establish their level of risk. This can involve collecting additional information,
establishing the location of the customer, and types or patterns of transactions. For
corporate customers, due diligence needs to be carried out for all individuals that are
identified as UBOs.
Simplified Due Diligence (SDD). For customers and accounts deemed to be at very low
risk, SDD can be used. With this, the full checks of CDD are not needed.
Enhanced Due Diligence (EDD). On the other hand, much more analysis is done under
the EDD approach for a customer thought to be at higher risk. This could include
obtaining more information from customers, additional checks with agencies or public
sources, or further investigation into accounts and transactions.
Regulators specify the need to carry out EDD, but will not detail the exact steps to be
taken. Thus, it is up to individual financial institutions to establish the appropriate level
of risk.
CDD is an ongoing process, not just carried out when onboarding a new customer. A
customer’s activity and risk profile can change over time, and periodic CDD monitoring
 should be conducted. Full CDD and EDD records need to be kept for internal or
regulatory audit purposes.

The purpose of KYC is to combat money laundering, terrorist financing, fraud, and other
illicit activities. By understanding the background and risk profile of customers,
organizations can mitigate potential risks and comply with regulatory requirements.

KYC involves collecting and verifying customer information such as identification

documents, address proof, and financial records. This information is then cross-checked
against various databases and watchlists to ensure that the customer does not have a history
of involvement in criminal activities. The KYC process is not only a legal obligation but also
serves as a deterrent for potential wrongdoers.

Several cases have highlighted the significance of KYC in preventing financial crimes. One
such case is the United States v. HSBC Bank, where the bank was charged with facilitating
money laundering by drug cartels and violating anti-money laundering regulations. The case
emphasized the importance of robust KYC procedures to detect suspicious transactions and
prevent illicit funds from entering the financial system.

Another notable case is the ING Bank case, where the bank was fined for failing to
implement adequate KYC measures. ING allowed large sums of money to flow through its
accounts without conducting sufficient due diligence, leading to potential money laundering
activities. This case underscored the need for stringent KYC processes and highlighted the
severe consequences of non-compliance.

KYC also plays a vital role in preventing identity theft and fraud. For instance, the Equifax
data breach in 2017 compromised the personal information of millions of individuals. This
incident demonstrated the need for organizations to implement robust identity verification
processes during customer onboarding to prevent fraudulent activities.

KYC is essential for businesses and financial institutions to safeguard themselves against
financial crimes, comply with regulations, and protect their customers. It acts as a barrier
against money laundering, terrorist financing, fraud, and identity theft. The aforementioned
cases illustrate the importance of implementing effective KYC procedures to prevent illicit
activities and maintain the integrity of the financial system.
What are the KYC documents required for opening bank accounts?

Banks are required to ask customers for specific reliable documents in order to prove their
identity during the account opening process. These documents include:

Utility bills
Government-issued Identification number
Government-issued IDs (e.g. driver’s license, passport, voters card, etc.)
Trust instrument
Partnership agreement
Certified articles of incorporation
Government-issued business license
Financial statements
Financial references
Data from a public database or consumer reporting agency
The specific documents requested may vary depending on the type of customer (e.g. business
or an individual), type of account, or necessary extra security measures. Banks are also
allowed to determine other specific documents as long as they can verify the data it provides.
This is also referred to as corporate KYC.
What triggers KYC reverification?
Certain activities can require organizations to reverify customers
with an updated KYC process. Triggers for KYC reverification can
include:
 Unusual transaction activity
 New information or changes to the client
 Change in the client’s occupation
 Change in the nature of a client’s business
 Adding new parties to an account
For example, as a result of initial due diligence and ongoing
monitoring, a bank might flag risk factors like frequent wire
transfers, international transactions, and interactions with off-shore
financial centers. A “high-risk” account is then monitored more
frequently, and the customer might be asked to explain transactions
or update other KYC-related information periodically.

How much does KYC cost businesses and banks?

According to Plaid In 2021, financial institutions spent an estimated
$37.1 billion on AML-KYC compliance technology and operations.
Beyond the immediate cost of implementing processes, KYC has
other costs, such as increased time investment and higher
customer churn.
However, non-compliance with KYC processes can increase costs
as well. Failing to meet KYC requirements can lead to increasingly
steep fines. In 2013 and 2014, $4.3 billion in fines were levied against
financial institutions, which quadrupled the fines of the nine
previous years combined. For example, JP Morganwas fined more
than $2 billion for a failure to report suspicious activities. In 2021
alone, financial institutions were fined $2.7 billion.
A KPMG report has revealed that Nigerian
banks spend billions of naira annually to im-
plement the Know Your Customer (KYC),
which is a compulsory regulatory tool used
to reduce the menace of money laundering,
terrorist financing and corruption, especially in managing public finance.
The report stated that its survey showed that individual banks could spend between N50
million and N400 million per annum on KYC requirement depending on the customer base of
the bank.
The report also stated that on average, between 15 to 30 per cent of customers who start the
KYC process do not complete it, because the process is too manual, information required
would be difficult to obtain and time consuming and could last for more than four weeks in
some cases.

What makes KYC challenging for banks

How do you know a customer who has no registered legal identity or whose legal identity
cannot be verified.This is the biggest challenge for banks operating out of Nigeria – where
according to the Director-General of the National Identity Management Commission 100
million people cannot officially prove their identities.
In Nigeria for example, data on Nigerian citizens is held in disparate systems e.g. Nigerian
Immigration Service (NIS), National Identity Management Commission (NIMC), the Federal
Road Safety Corps (FRSC), the Independent National Electoral Commission (INEC),
Nigerian Communication Commission (NCC) among others.
It is not impossible for an individual to have different identities on these different databases –
banks therefore lack a single data source that is either complete or reliable. Identities are
difficult to verify and in some cases impossible. As a result of this, banks incur significant
cost in attempting to ascertain the identities of some customers, whose transaction value and
volume over a period may be lower than the cost of verifying their identities.
Also, with the knowledge that obtaining a drivers’ license or an international passport may
not enable you to adequately identify your customer, banks now approach this with a tick box
mentality.
Another major challenge is that some of the KYC regulations may not add value
to the process, but still require significant resource to achieve. An example is the requirement
for customers to be contacted when an ID card expires.This adds little value to the KYC
process but places immense pressure on both the banks and customers.
According to the survey, the most challenging procedures relating to KYC are:

Remediating Legacy Accounts: All of the responding banks stated that they have undertaken
a KYC remediation exercise within two (2) years of taking the survey.
The remediation exercise was triggered by a variety of reasons, including:
• Regulatory requirements / sanctions
• Organisation policy
• Outdated KYC documents
• Significant number of legacy accounts with incomplete KYC
• Refresh/enhancement of existing systems/ acquisition of new systems
In most cases, the remediation process lasted over four (4) months, however, a majority of
respondents noted that they only successfully remediated less than 40% of their legacy
accounts.
Identifying complex ownership structures: There are a few challenges with understanding
complex ownership structures:
• The Corporate Affairs Commission in Nigeria does not currently enable electronic searches
of company records, in particular director / shareholder information search. This impacts the
efficiency of confirming corporate records and/ or relationships.
• Data privacy: Organisations with complex ownership structures are usually incorporated in
tax haven countries with strict laws on data privacy and secrecy. Also, ultimate beneficial
ownership of the assets may be hidden through multiple layers and the use of proxies. The
decision making around ownership is therefore left to banks.
• Bank employees may not have expertise in identifying the complex business structures, and
understanding of trusts or numerous classes of shares, which are commonly used to
complicate business structures.
Address Verification: Address verification is a crucial KYC regulatory requirement as it
assists with linking a customer to a particular location.
Address verification has proven to be quite a challenge for banks, as it requires banks to
physically visit the address provided by the customers, in order to determine its validity.
These addresses are sometimes in remote locations or locations that are not easily accessible
to the Bank.
Address verification in Nigeria is further made complex by the poor address systems in
Nigeria as some locations do not have registered addresses. Keeping track of the customers’
address changes is also a big challenge to banks primarily because addresses are not tied to
existing identification management systems.
In a bid to address this challenge, banks generally outsource the verification process to third
parties, however, this risk of a failed address verification still lies with the banks.
Absence of country-wide database: Currently in Nigeria, there is no widely adopted
centralized identity management system that captures the identity of all the citizens and
residents of the country. Data on Nigerian citizens is held in disparate systems e.g. Nigeria
Immigration Service (NIS), National Identity Management Commission (NIMC), the Federal
Road Safety Corps (FRSC), the Independent National Electoral Commission (INEC),
Nigerian Communication Commission (NCC) among others.
NIMC is seeking to address this challenge by integrating the NIN with other databases
including the Sim Card registration database. According to the NCC, the NIN database
currently contains up to 51 Million records. However, the implication of the current state for
banks is that verification of identities requires them to interface with the different databases.
There are also questions on the integrity of these databases as there are concerns of
conflicting, duplicate and inaccurate data.
Impact of digitization of customer onboarding
• Extract and process data
from a high volume and variety of documents
• Optimise the process of risk-rating customers and generate accurate risk profiles
• Automate rule-based tasks
• Reduce the occurrence of false positives
• Secure customer data and reduce the threat of data breaches
• Flag suspicious activity in real time
• Enable a process that is more customer friendly
• Provides better sources of input into other tools such as transaction monitoring and sanction
screening tools
• Facilitate ease of remediation
CCO Insight stated thus;
“A major pain point for banks in Nigeria is the PEP conversation. First of all, who is a PEP?
As currently defined any Nigerian could be a PEP – without due regard to the risks that these
persons portend to the financial system.
We need to start by first defining who PEPs are in such a way that we are capturing those
people who actually pose a real risk.”
How to address the challenges?
• Digitization of Customer Onboarding:
In 2020, the Covid-19 pandemic has driven a significant shift to digital/remote approach in
almost all sectors including banking. CCOs believe that regulators should put in place
guidelines that enable digital KYC to the extent possible.This will not only increase
efficiency in the onboarding process but also eliminate waste. Some of the aspects of KYC
that regulators can consider digitizing include but are not limited to:
i. Acceptance of digital reference for current account:This process can easily be integrated
into the existing digital channels that most banks have.
ii. Video KYC: Banks should be allowed to interact with customers at onboarding via video
links.
iii. Acceptance of digitally submitted documents that can be verified by third parties.
• Artificial intelligence, Machine Learning and Robotics:
i. Updating of Customer Risk Rating: Using AI and Machine Learning to learn from a
specific customer’s behavior and utilizing the data to automatically update risk ratings
reduces the probability that a customer’s risk will be incorrectly assessed due to dated risk
ratings. AI also presents banks with the opportunity to automatically update their customer
risk ratings.
ii. Ultimate Beneficial Ownership: Due to the ability of AI to transform large volumes and
variety of data into organized usable information, personnel responsible for KYC in banks are
better able to draw accurate conclusions when conducting KYC reviews.
iii. Onboarding Document Management: Robotic Process Automation (“RPA”) can be used
to sort and standardize the documentation of a KYC profile, reduces review time due to the
consistency of files throughout an institution and provides banks with easy access to relevant
onboarding information.
iv. Standardized Research Protocol for Online Reviews: banks can utilize RPA to perform
negative news and public domain searches for reviewers, which allows reviewers to focus on
evaluating the accuracy of customer’s risk rating, reduces time spent and increases efficiency.
• CAC Digital Platform:
CAC digital public search function currently enables interested parties to carry out a high-
level search on corporate entities, this search shows the registered name, registered address,
RC number and date of incorporation of entities. However, obtaining information on directors
and shareholders of companies still has to be carried out manually. To drive efficiency in
onboarding of corporate entities and identification of complex ownership structures, the CAC
should consider further digitizing its records to enable electronic search on directors and
shareholders.
• PEP Identification:
CCOs are concerned that the current definition of Politically Exposed Persons
in Nigeria is overly broad – making room for ambiguity, which inevitably leads
to non-compliance. Regulators may consider streamlining the definition of PEP taking into
consideration global leading practice and local circumstances. In addition, the industry should
consider having a central PEP database supported by the regulator and with clear parameters
for updates. This will go a long way in addressing the inconsistencies in PEP identification in
the industry.