What is the Difference Between KYC and CDD?
The world of anti-money laundering (AML) is full of acronyms.
KYC (Know Your Customer) denotes the checks carried out at the beginning of a customer relationship to identify and verify they are who they say they are. This is especially prevalent within organizations which are subject to AML regulations.
Many businesses wishing to know more about their potential customers before they sign contracts or otherwise engage with them carry out due diligence to see if the person or entity is litigious, prone to late payment or non-payment of monies due. All part of good governance.
As KYC developed it could be seen that the identification and verification checks were limited in their effectiveness in combating money laundering, and identifying the source of funds became the focus. This development encouraged providers to supply client-checking software which can also pick up whether a third-party organisation or individual is subject to trade sanctions.
Now trade sanction checking is an integral part of client onboarding as failure to comply with trade sanctions is a strict liability offence (where no rationale for a breach is entertained by relevant authorities) and an essential part of Client Due Diligence (CDD).
Indeed, the recently enacted Sanctions and Anti-Money Laundering Act 2018 brings these two together in the UK for the first time, and the Statutory Instruments that will enable implementation are expected to align with the date of Brexit to enable the UK to impose and remove sanctions independently of the European Union.
For regulated entities, the KYC checks that sufficed in the past have now developed into CDD programmes, and the main difference between KYC and CDD, apart from the emphasis on the source of funds, is that the CDD checks continue throughout the client relationship. CDD provides an ongoing assurance framework for organisations, especially those carrying out large numbers of transactions daily such as banks and investment houses. They use sophisticated software developed for the purpose so that movements of funds can be monitored and suspicious activity, or “red flags” can be spotted. In this way, CDD continues the good work carried out at the start of the client relationship with KYC and beneficial ownership activity, all the time giving better assurance that the organisation’s systems are not being used to launder the proceeds of crime.
Because of this, CDD is embedded as an integral part of the AML program, including that of transaction volume, monetary amounts and geographical distribution are carried out at regular intervals. On a note of caution, however, checking software systems are only as good as the programmes that are put into them which must be regularly updated to produce results. Thorough research is necessary before purchasing systems to provide CDD capability for a specific purpose if the resultant controls are going to be relevant and therefore work well. Depending on the nature of the monitoring and sophistication of automated systems, the “regular intervals” in which monitoring is repeated can range from real-time each day to annually.
Once the initial KYC and ongoing CDD controls are agreed, the AML programme needs to come alive. Tailored and focussed training to employees at all levels of the organization is necessary to enable them to understand why controls are there, what they are for, and how to use them. Quite apart from being very sensible if you want your people to carry the controls out in practice in a knowledgeable and effective manner, the person responsible for the implementation and effectiveness of AML controls, sometimes referred to as the Money Laundering Reporting Officer, can face serious legal penalties for failing to adequately train employees, which can include fines and jail time.
Once training is completed, implementing KYC and CDD into operational controls requires employees to engage with them. For the author, this is the pivotal moment when KYC and CDD become integral parts of AML controls. Without effective training and employee engagement who knows or cares about KYC and CDD?
Those in customer-facing roles can be vigilant to watch for the signs that a customer may be trying to launder money and the whole AML program becomes clear to those implementing, delivering and managing it. In the back office, those checking the red flags will better understand the relevance of data collected. Effective training also ensures that employees get the most out of expensive monitoring systems and utilise AML measures optimally. Does the software “talk to” operating systems already in place? Does it have the capacity to provide data points from which to report on? Will it assist the organisation to fulfil its regulatory requirements? If not, engage to improve!
Criminals will always try to circumvent your AML program. They are opportunists looking for the way into your organization’s systems by exploiting the weak points they may find.
However, by far the most efficient at spotting weak points tend to be the very employees within the organisation itself, and your AML program will need to address internal as well as external risks. Even with training, employees who feel unfairly treated or just spot an unguarded opportunity may see how much they can get out of their organisation unnoticed. This is why the successful AML programme needs an ongoing strategy, such as the one presented in Anti-Money Laundering: A Practical Guide to Reducing Organisational Risk.
Summing up, AML is far more than initial KYC checks and to remain effective AML programs must develop in line with perceived threats, new legislation and regulatory requirements. Constant evolution of the control environment in your organization will let prospective clients who are money launderers know that they are unlikely to be able to securely enjoy the fruits of their criminality via your systems. Indeed, such is the success of AML controls in the regulated sector that regulation is ever expanding to prevent criminals from easily laundering their dirty money in other sectors too. The watchword for AML compliance is vigilance, which criminals do not like in an organisation, and your AML vigilance will protect your organisation from being used as a target to launder their dirty money.