There are no “tricks”

There are no “tricks” when it comes to KYC. If you want to stay compliant, you should avoid shortcuts. Don’t look for the easy way out. Those that do will eventually be hit with hefty fines.

Transparency is the theme

“Transparency” must be instilled in the company culture from top to bottom, especially when dealing with regulators. If it looks fuzzy or odd, it probably is. And chances are it won’t stand-up under the bright light of regulatory scrutiny.

Establish a strong relationship with regulators

Developing a professional relationship with regulators will go a long way toward building trust and good faith. You should demonstrate a consistent professional manner in your dealings with regulators.

Regulators must view your company as trustworthy

Trust needs to be built up over time. It is a continuous process that requires effort from the get go. It is a valuable commodity that should not be squandered.

Working with the industry is the most effective mechanism for compliance
There are many industry bodies and working groups whose aim is to support companies in learning about and building compliance capabilities. Join them and help foster dialogue. Being antagonistic or playing against the industry will get you nowhere.

KYC is indispensable for your company’s reputation

Although developing and maintaining a rigorous KYC process might seem like a hassle, it can actually increase revenue due to the perception it creates about your company. A better reputation leads to more customers.

Clients feel safer when you have good KYC practices

Good KYC practices prove your company is serious and capable. Clients are more willing to do business with you if they feel safe and secure.

KYC saves you money!

Just as a good KYC policy can help your reputation, it can also save you money by avoiding fines and revenue lost to competitors. An automated KYC process also saves your analysts time, which boosts company efficiency and lowers costs.

You must own your information

You must keep records and audit trails of every transaction, as well as the documents or data you’ve used in user verification. Failing to do so can cause you loosing your money transmitter license.

When performing Sanctions Screening...

Besides checking for a match, be diligent about finding false positives. Be sure to check IDs, search the web for negative news and evaluate additional documents that your clients can provide.

In case of suspicious activity or a sanctions match, send the user a questionnaire. Do research. Keep the user in the loop.
Ask customers to provide name, location, job, salary, and source of funds. Keep a record of the responses you receive. Follow up with regular research. Check their names for scandals, places they travel, and anything that could explain their behavior. Provide your customer with a transactional behavior form, allowing them to explain their transactions. Keep a record! Use a case management solution.

Monitor suspicious users for consistency

Use your records to see if the explanations provided account for the behavior, both historical and in the present. Keep watching. Be vigilant!

When in doubt, file a report. Keep everything up-to- date.
It’s always safer to file a report. Update your records at least once a year for users you’ve identified on the PEP (Politically Exposed Persons) list, resend questionnaires and keep your information updated.

You need to include US PATRIOT ACT and BSA requirements, OFAC list, SDN list, and lists made by other governments
While your company may be under one jurisdiction, depending on (the location of) your customers, you may have to comply with a variety of different regulations your clients may be subject to. It’s better to screen against all of these lists from the start. We live in a borderless world.

Money transmitting has moved from a 2D process (sender/recipient), to a 3D one
This includes the internet and a variety of methods to transmit - your filter must include all these elements: sender, receiver, and method; so your compliance team is able to look at alerts and identify anomalies to determine true hits or false positives.

You must document your actions!

Whether or not you are blocking a transaction or stopping a client, regulators are looking for insight into the reasons for your actions. You need to have documented reasoning for every action you take.

OFAC is not a very forgiving group, if you do something wrong, you’re going to get fined
Self-explanatory! It is a matter of time.

CTR is required for transactions in excess of $10,000.00, so filings are not required until the transaction amount is $10,000.01 or greater.
However, if it is an unusual amount, or unusual behavior from the customer, you need to keep a record and potentially file a Suspicious Activity Report (SAR). All of these discussions need to be reported up to executives, so that they’re fully aware of what’s going on.

Once you identify a suspicious user, you must speak with them
This way you can find out whether or not their behavior is normal. Out-of-band (OOB) mechanisms are important.

OOB mechanisms should be built-in to the user experience
OOB mechanisms are most effective when they are a natural part of the KYC process and user experience. If implemented well, your users won’t feel added friction in the validation process.

Just the fact that they respond to OOB questions, even if they weren’t correct, can be used as a positive
Responding to OOB questions is a good sign. Even if the answer they give isn’t correct, or if the data doesn’t match. There is a very positive correlation to trying to respond versus ignoring it. If the response of the OOB is not satisfactory, follow up with a live conversation if possible -- don’t take it for granted either.