KYC- Periodic Refresh (PR) Process

KYC is a critical process for financial institutions to verify the identity and risk profile of their
customers. It helps prevent financial crimes and ensure regulatory compliance.

The KYC Periodic refresh process ensures that client data remains accurate and compliant with anti-
money laundering (AML) and counter-terrorism financing (CTF) regulations. This detailed workflow
outlines the key stages in the KYC refresh program, guiding compliance and operations teams through
the comprehensive review and validation of client information.
The KYC Periodic Refresh Workflow
Initial Data Collection
The workflow begins with the collection of annual book data from the bank, which serves as the initial input for each
client's KYC refresh process.

Case Initiation
The case is then assigned to an analyst, marking the transition from the "Not Started" status to the "Initial
Utilisation" stage, where the analyst reviews the existing data and identifies any missing information or documents
required. Note : This stage is also called PreOutreach/CDD- Customer due diligence

Outreach and Client Response – Note all cases should reach Outreach stage within 60 days of case initiation
In the event of data gaps, the analyst initiates outreach to the client ( Note : they are Bank’s client/ known as counterparty) to
obtain the necessary documents and information. The case then enters the "Outreach" stage, where the status is
monitored, and the team tracks the minimum, maximum, and average aging of cases in this stage.
Ensuring Quality and Compliance
Second Line Review
If the analyst identifies any material
impact or issues during their review,
the case is escalated to the bank's
second line for further evaluation.
The second line may either approve
the case or provide additional
guidance to the analyst. This stage is also
called Post Outreach/EDD- Enhanced due diligence
Quality Control Checks
Once the analyst has incorporated the
second line's feedback, the case
undergoes a series of quality control
checks to ensure the accuracy and
completeness of the data. Errors
identified during these checks are
categorized as valid/invalid and
material/non material, critical/non
critical.
Corrections and Validation
The analyst then corrects any
identified errors, and the case moves
through the "Corrections" and "QC
Validation" stages to ensure the data
is accurate and compliant before the
final bank QC and sign-off.
Closure of Period Refresh
Final Bank QC
The completed case is forwarded to the bank for a final quality control check and sign-off, ensuring the KYC refresh
process has been thoroughly reviewed and meets the bank's stringent compliance standards.

Case Completion
Once the bank has approved the case, it is marked as complete, and the records are updated. Note : The case
completion date is predetermined and popularly know as NRD (next review date)
The case is then archived, completing the KYC refresh workflow and setting the stage for the next annual cycle.

Continuous Improvement
The insights and metrics gathered throughout the workflow, such as aging of cases and error categorization, provide
valuable feedback for the bank to continuously refine and optimize the KYC refresh process, ensuring it remains
efficient and effective.
Importance of Periodic KYC Refresh
1 Detect Changes
Periodic KYC refresh helps detect changes in a customer's risk profile over time.

2 Mitigate Risks
It enables institutions to proactively mitigate emerging risks and fraud.

3 Maintain Compliance
Periodic KYC is often a regulatory requirement to ensure ongoing compliance.
Regulatory Requirements for Periodic KYC
Refresh

1 Frequency
2 Escalation
Regulators often mandate a minimum frequency, such as Higher-risk customers may require more frequent
every 1-3 years (1 year for high risk clients, 2 years for KYC checks.
moderate risk clients and 3 years for low risk clients

3 Documentation 4 Audits
Institutions must document their KYC processes and Regulatory bodies can audit an institution's KYC
keep records. practices.
Detecting Changes in Customer Risk Profile
Residential Changes Financial Changes Behavioral Changes

New address, ownership changes, or Significant changes in income, Evasiveness, unusual activity, or
move to a high-risk area. assets, transactions, or payment signs of potential criminal
patterns. involvement.
 KYC : Important Terms and Definitions
•KYC (Know Your Customer): The process of a business verifying the identity of its clients and assessing potential risks of illegal
intentions for the business relationship.

•CDD (Customer Due Diligence): A process that involves verifying the identity of customers and assessing the risks they pose,
including obtaining information on the intended nature of the business relationship.

•EDD (Enhanced Due Diligence): Additional scrutiny applied to higher-risk customers, which may include obtaining more detailed
information and conducting more rigorous checks.

•AML (Anti-Money Laundering): A set of procedures, laws, or regulations designed to stop the practice of generating income through
illegal actions.

•PEP (Politically Exposed Person): An individual who holds a prominent public position or function and, due to their position and
influence, may present a higher risk for potential involvement in bribery and corruption.

•Beneficial Owner: The individual who ultimately owns or controls a customer and/or the person on whose behalf a transaction is being
conducted.

•Risk Assessment: The process of identifying and analyzing potential issues that could negatively impact key business initiatives or
critical projects in order to help organizations avoid or mitigate those risks.

•Sanctions Screening: The process of determining if a person or entity is subject to sanctions by governments or international bodies,
which can include restrictions on doing business.

•Watchlist Filtering: The process of screening customer information against lists of known or suspected terrorists, criminals, and
sanctioned entities.
 KYC : Important Terms and Definitions
•Periodic Review: Regularly scheduled evaluations of customer information and activity to ensure ongoing compliance with KYC and
AML regulations.

•Customer Risk Rating: The process of assigning a risk level to a customer based on various factors, including the type of business,
geographical location, and transaction patterns.

•KYC Refresh: The periodic process of updating and validating customer information to ensure it remains accurate and compliant with
regulatory requirements generally within 1-3 years.

•Customer Identification Program (CIP): Part of the KYC process that involves collecting and verifying information to ensure that
customers are who they claim to be.

•Financial Action Task Force (FATF): An intergovernmental organization that develops policies to combat money laundering and
terrorism financing.

•Source of Funds: Information on the origin of the particular funds involved in transactions, providing insight into the legitimacy of the
financial activity.

•Transaction Monitoring: The process of reviewing, analyzing, and reporting transactions to detect suspicious activity that may
indicate money laundering or other illegal activities.

•KYC Documentation: The documents required to verify a customer's identity, such as government-issued IDs, utility bills, and
financial statements.

•Regulatory Compliance: Adherence to laws, regulations, guidelines, and specifications relevant to the business processes.
•Onboarding: The process of integrating a new customer into the bank's system, which includes collecting KYC information and
conducting initial due diligence.

•De-scoped: De-scoping refers to the decision to exclude a customer or a group of customers from the ongoing KYC review or
periodic refresh process. This could happen for several reasons, such as the customer no longer meeting certain criteria, having an
inactive account, or other risk assessments that determine they are not necessary to include in the current scope of KYC activities for
the current year.

•Offboarding: Offboarding refers to the formal termination of a business relationship with a customer. This involves closing accounts,
finalizing any remaining transactions, and ensuring that all regulatory and compliance requirements are met. Offboarding is typically
carried out when a customer no longer meets the institution's risk tolerance, fails to provide required KYC information, or voluntarily
decides to close their account.

Pre-Outreach: Pre-Outreach refers to the preparatory phase in the KYC process where the institution gathers and reviews existing
customer information to determine what additional information or documentation is needed to complete the KYC update. This phase
involves assessing the customer's current data, identifying gaps, and planning the communication strategy for reaching out to the
customer.

Outreach: Outreach is the phase in the KYC process where the institution actively contacts the customer to request the necessary
information or documentation required to complete the KYC review. This can involve multiple channels of communication, such as
emails, phone calls, letters, or digital platforms, and aims to engage the customer in providing the needed information promptly.

Post-Outreach: Post-Outreach refers to the activities that occur after the customer has been contacted and the required information
or documentation has been received. This phase involves verifying and validating the submitted information, updating the customer's
profile, and ensuring that all regulatory and compliance requirements are met. Additionally, any follow-up actions, such as additional
requests for information or finalizing risk assessments, are carried out during this phase.