No risk management program will ever guarantee complete protection against money laundering and terrorism financing risks – this is not realistic. Instead, Financial institutions (FIs) must develop and implement procedures to help identify, prioritise, and control their risks, including monitoring the effectiveness of their risk management.
FIs need to prioritise a proactive approach to their Customer Due Diligence (CDD) program – covering every stage of the customer relationship. By relying on the assessed risk level of a customer during their onboarding, FIs are then dependent on a trigger event to review or update customer information. Therefore, FIs would never perform KYC reviews for some customers without a trigger event, leading to potential incomplete customer data and inaccurate risk-based decisions.
Global regulatory recommendations
The diversity of worldwide regulations challenge FIs to adopt a flexible and conditional approach to their KYC remediation frequency. Global financial authorities (such as FATF, Basel and FinCEN) place the responsibility on FIs to determine how frequently they conduct risk-based KYC reviews.
Proactive risk management
A multi-layered approach that is reliant on both trigger events and periodic remediation is the best method for FIs to recognise, reduce and manage their risks. FIs need to implement a proactive CDD program that periodically reviews customer information per their onboarding anniversary (such as every six months) and their risk level (such as every three months for high-risk entities). Additionally, financial institutions can conduct reactive trigger or event-driven (perpetual monitoring) Enhanced CDD checks when necessary to improve the strength of their risk management program.
Customer due diligence life cycle
To learn more, read our white paper on the importance of proactive KYC and remediation.