Know Your Client (KYC): What It Is and 3 Key Steps

Three Steps to Implementing KYC Processes with the Third-Party Risk Lifecycle

Financial institutions can leverage the same processes and technologies already in place for managing third-party vendor and supplier risks for assessing and monitoring KYC risks as well. Consider these capabilities at every stage of the relationship:

1. Build a Comprehensive Institutional Client Profile to Satisfy the CIP

Just as you conduct pre-contract due diligence into potential vendors or suppliers, you can also perform due diligence on potential institutional clients and investors – and, in some cases, even individual members of the institutional leadership team. To accomplish this, build a comprehensive profile that includes key identifying information, including:

• Company demographics: Information such as beneficial ownership, legal name, year founded, number of employees, estimated revenues, industry, and sector of the client organization. This data should be automatically included in a comprehensive profile at time of client onboarding.
• EIN (Tax ID): Having this information automatically rolled up into the client profile simplifies the process of setting up a new client in your client management system. It can also help you track court judgements and other legal proceedings.
• Corruption Perceptions Index (CPI) scores: CPI scores rank countries/territories based on how corrupt a country’s public sector is perceived to be by experts and business executives. A CPI score is a composite index and is the most widely used indicator of corruption worldwide. Having a CPI score associated with every client institution helps to provide a baseline of information to help your organization take a firm stance on bribery and corruption.
• Modern Slavery checks: More in line with reputational and legal risks, as part of the comprehensive client profile, conduct a check against public records to determine if the institutional client has published Modern Slavery statements. Having a client’s Modern Slavery statement means that your organization takes seriously the risk of slavery in all its forms.

This information provides a baseline to then conduct a more complete client assessment based on data gathered.

2. Perform Comprehensive Due Diligence

Once onboarded, instead of sending emails with spreadsheet questionnaire attachments to clients asking them to attest to their company’s ABAC and AML processes, automate the process with a centralized and targeted assessment integrated with your existing third-party risk management assessments. This will give you the ability to centrally review and approve assessment responses, and to automatically register risks or reject responses and request additional input or evidence uploads for attestation. An additional benefit is centralizing this information for all of your clients to simplify FINRA reporting.

3. Continuously Monitor for Changes in Client Financial, Operational and Reputational Status

A lot can happen between the time you initially onboard and assess a new client and when you have to perform your annual compliance reporting. Therefore, continuously monitor for client financial, operational, and reputational updates including:

• Data breaches: Clients impacted by breaches can be exposed to bribery, blackmail or other crimes related to the misuse of their personal information.
• Adverse media and negative news: A client’s reputational problems can quickly become your firm’s reputational problem. Understanding media coverage can be the first step in determining if further investigations should be conducted.
• Global regulatory and legal sanctions: Doing business with a sanctioned individual or entity can result in government-levied fines and legal charges against company leaders. Government, regulatory, and financial organizations such as the U.S. Department of the Treasury Office of Foreign Assets Control (OFAC), the UK Sanctions List, the EU Consolidated List of Sanctions, the Australian government, and many others maintain lists of sanctioned individuals and companies.
• State-owned and government-linked enterprise activity: The U.S. Department of the Treasury Specially Designated Nationals (SDN) and Blocked Persons contains a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. Organizations should regularly check this list to ensure they are not doing business with blocked individuals.
• Politically exposed persons (PEPs): Several government agencies, regulatory bodies, and information libraries such as the FFIEC and LexisNexis maintain PEP lists to counter money laundering activities.
• Operational updates: Look for public and private sources of operational information, including M&A activity, business news, management and leadership changes, competitive news, and related information that can signal a shift in strategy.
• Financial performance: A picture of the institutional investor’s financial performance data, including turnover, profit and loss, shareholder funds, credit ratings, payment history, bankruptcies, and investments will help to continually evaluate their health for informed lending decisions.

A common problem among many organizations is consolidating the insights from these various disparate and siloed sources and making sense of it all to act on risks in a timely fashion.

Take Action on Client Risks

Know Your Client (KYC) procedures serve as a fundamental risk management tool for businesses operating in a complex financial and regulatory environment. By verifying institutional client information, conducting due diligence, and implementing ongoing monitoring, your organization can reduce the risk of financial crimes, maintain compliance, protect its reputation, and strengthen customer relationships. Embracing KYC practices is not only a regulatory requirement, but also a strategic imperative that enables companies to navigate risk effectively and thrive in a rapidly evolving business landscape.

Prevalent enables companies to leverage the same solution used to assess and monitor their third parties to also assess and monitor institutional clients to enable a KYC program with comprehensive assessments, consolidated monitoring from multiple sources, and dedicated regulatory reporting.

For more on assessing your KYC program, request a demo or contact us today.