LO 61.2: Describe recommended practices for the acceptance, verification, and identification of customers at a bank.
Customer Acceptance
Sources of income and wealth. Banks must determine which customers pose a high risk of ML/FT. Factors the bank should consider include the customers: Background. Occupation including public and/or high profile figures. Business activities.
Country of origin. Country of residence, if different from country of origin. Choice and use of bank products and services. Nature and purpose of the bank account. Linked accounts. For lower-risk customers, simplified assessment procedures may be used (e.g., a customer with low balances who uses the account for routine banking needs). Also, the customer acceptance standards must not be so restrictive that they deny access to the general public, especially financially or socially disadvantaged persons.
Enhanced due diligence may be required for: Accounts with large balances and regular cross-border wire transfers. A politically exposed person (PEP), especially foreign PEPs.
Page 318
2018 Kaplan, Inc.
Topic 61 Cross Reference to GARP Assigned Reading – Basel Committee on Banking Supervision
Banks must determine the risks they are willing to accept in order to do business with higher-risk customers. The bank must also determine the circumstances under which it will not accept a new business relationship or will terminate an existing relationship.
Customer Verification
The Financial Action Task Force (FATF) Recommendation 10 defines a customer as any person entering into a business relationship with a bank or carrying out an occasional financial transaction with a bank. Banks must, according to FATF standards, identify customers and verify their identity. Banks must establish a systematic procedure for identifying and verifying customers. In some cases, the bank must identify and verify a person acting on behalf of a beneficial owner(s).
In terms of verification of a persons identity, the bank must be aware that the best documentation is that which is difficult to forge or to obtain illicitly. A bank may require a written declaration of the identity of a beneficial owner but should not rely solely on such a declaration. A bank must not forgo identification and verification simply because the customer cannot be present for an interview. The bank should pay particular attention to customers from jurisdictions that are known to have AML/CFT deficiencies. Enhanced due diligence is called for in these circumstances.
Customer Identification
Size of the transactions of the customer. In order to develop customer risk profiles (or categories of customers), the bank should collect data pertaining to the: Purpose of the relationship or of the occasional banking transaction. Level of assets.
Regularity or duration of the banking relationship. Expected level of activity. Types of transactions.
The bank should identify normal behavior for particular customers or categories of customers and activities that deviate from normal and might be labeled unusual or suspicious.
Sources of customer funds, income, or wealth (if necessary).
Identity cards. Customer identification documentation may include: Passports.
Driving licenses. Account files such as financial transaction records. Business correspondence. If the bank cannot perform CDD, it should not open the account or perform a transaction. If the bank must, so as to not interrupt the normal conduct of business, engage in a business transaction prior to verification, and ultimately cannot verify the customers identity, then the bank should consider filing an STR. The customer should not be informed that the STR has been or will be filed, either directly or indirectly.
2018 Kaplan, Inc.
Page 319
Topic 61 Cross Reference to GARP Assigned Reading – Basel Committee on Banking Superversion
If the bank believes a customer has been refused banking services from another bank due to concerns about illicit activities, the bank should consider classifying the customer as high risk and engage in enhanced CDD or reject the customer altogether. If the customer insists on anonymity (or gives an obviously fictitious name), the bank should refuse to accept the customer. Numbered accounts may provide a level of confidentiality for a customer, but the bank must still verify the identity of the account holder.
Ongoing monitoring of customer accounts and vigilant record-keeping are necessary to ML/FT risk management.