Special Circumstances - Amending AML/CTF Program Part B - ACIP / KYC
What if you can undertake the Applicable Customer Identification Procedures (ACIP) / Know Your Customer (KYC) but not to the standard mandated by your AML/CTF Program Part B? The best, perhaps only, solution is to change your AML/CTF Program and related ACIP/KYC procedures.
Those reporting entities which only provide services to low / medium risk individuals and who utilise electronic safe harbour verification should not be troubled. So long as their outsourced KYC provider keeps operating (you might want to check).
Documentation Based Verification
For nearly all others, including those which provide designated services to companies and trusts etc, they will need to turn their mind to what their AML/CTF Program Part B says about verification from documentation and the intricacies of Rule 4.9 - Verification from Documentation.
With respect to verification from documentationRule 4.9.3 (individuals) and 4.9.5 (non-individuals) are highly useful Rules in a reporting entity’s KYC and on-boarding tool-kit.
It is worth stating Rule 4.9.3 in full:
“An AML/CTF program must include appropriate risk-based systems and controls for the reporting entity to determine:
(1) what reliable and independent documentation the reporting entity will require for the purpose of verifying the individual’s name and date of birth and/or residential address (as the case may be);
(2) if any other KYC information about an individual is to be verified – what reliable and independent documentation may be used to verify that information;
(3) whether, and in what circumstances, the reporting entity is prepared to rely upon a copy of a reliable and independent document;
(4) in what circumstances a reporting entity will take steps to determine whether a document produced about an individual may have been forged, tampered with, cancelled or stolen and, if so, what steps the reporting entity will take to establish whether or not the document has been forged, tampered with, cancelled or stolen;
(5) whether the reporting entity will use any authentication service that may be available in respect of a document; and
(6) whether, and how, to confirm KYC information about an individual by independently initiating contact with the person that the individual claims to be.”
Rule 4.9.5 is similar with respect to non-individuals.
How to utilise Rule 4.9.3 to your advantage
An example might be a reporting entity wanting to rely on a copy (or a photograph) of a identification document (e.g. a driver’s licence) instead of a certified copy. Under Part B in most AML/CTF Programs reliance upon an uncertified copy would not be allowed. However, if Rule 4.9.3 is correctly utilised then with an appropriate risk assessment and a re-wording of your AML/CTF Program Part B relying on an uncertified copy could be acceptable.
Remember, the overarching obligation is for a reporting entity to have “appropriate risk-based systems and controls that are designed to enable the reporting entity to be reasonably satisfied, where a customer is an individual, that the customer is the individual that he or she claims to be”. Replicate for the types of non-individual customers.
Amending Your AML/CTF Program
The key steps include:
- Understand your current Part B and ACIP / KYC procedures;
- Read Rule 4.9.3 (or 4.9,5) (then read it again);
- Undertake a gap analysis between the anticipated Part B wording and KYC procedures, and the current ML/TF Risk Assessment / Part B wording KYC procedures;
- Undertake a risk assessment based upon Rule 4.9;
- Draft the amended Part B (and Part A if necessary);
- Have the amended Part A and Part B approved;
- Implement the new procedures;
This is only an outline of the steps that might be involved.
During the process keep referring back to the Rules to ensure that you meet, and document, all the requirements.
This is not legal advice. If you need legal advice on your specific circumstances please see your lawyers for tailored legal advice.