All business interactions require thorough and effective due diligence in order to confirm that customers and suppliers are who they say they are.

This involves conducting checks at the initial onboarding stage, at ongoing regular intervals thereafter, and if any change in circumstance should trigger concern (e.g., if someone has lost their job but appears to have a lot of newly acquired funds – as this could be perceived as a red flag).

The aim of due diligence is to detect, deter, and prohibit money laundering and associated terrorist financing activity from taking place, and it’s important that everyone at your organisation understands the role they play in mitigating these risks.

It is estimated that money laundering activities in the UK equate to approximately 2-5% of GDP. This means that between £36-90 billion of criminal finances are laundered through the UK economy annually (and that’s a prudent estimate!).

People who commit financial crimes are not always easy to spot; they often distance themselves from suspicious activity by using third parties, moving money around different jurisdictions, or hiding behind shell (false) companies.

There are signs and risk factors that indicate that a link to money laundering could be likely, however – and this is exactly why knowing your customer and performing effective due diligence for each client, supplier, and transaction is an essential part of anti-money laundering compliance.

Put simply, due diligence helps organisations tackle financial crimes and ensures your assets and your customers’ assets stay safe.

Know your customer

Standard due diligence involves a process called ‘know your customer’ or ‘KYC’. This process is designed to protect organisations against types of fraud, corruption, money laundering, and terrorist financing and involves three steps:

1. Establishing customers/suppliers’ identity (in The UK, for example, this commonly involves checking that the individual is on the electoral register and asking them to provide a current passport, driving license, or birth certificate, as well as a utility bill, council tax bill, or mortgage statement as proof of address).
2. Understanding the nature of the customer/suppliers’ activities and checking the source of their funds is legitimate (this may also include checking the person is not politically exposed and is not on any sanction lists, such as the one published by The International Criminal Police Organisation, Interpol).
3. Performing continuous monitoring (this process ensures that business relationships and transactions are consistent and that no unusual activity, or ‘red flags’, appear once the relationship is established).

Recently banks and other regulators have indicated that a move towards standardised KYC requirements would be beneficial. After all, having common internal processes across the board would remove any ambiguity about KYC procedures and ensure everyone – no matter the size of their company or the industry in which they operate – performs these checks to a universally accepted, basic level.

Unfortunately, there is still a way to go before we achieve this, and a number of global and local initiatives to collaborate on this and set standarised KYC checks have failed to stick.

With this is mind, it’s more important than ever that each organisation take responsibility for performing their own KYC to a high standard, training employees on its importance, and ensuring appropriate steps are in place to protect individuals and the company alike.

Enhanced due diligence

For some customers and suppliers understood to be ‘high risk’, standard due diligence is not enough.

In fact, in order to mitigate the risk of financial crime effectively, it’s imperative that organisations make additional, in-depth background checks on certain people. This is known as ‘enhanced due diligence’ or ‘EDD’.

EDD is essentially a risk-based approach; it doesn’t automatically suggest wrongdoing by anyone, rather it’s a way of ensuring protections against financial crime remain effective.

High risk clients or suppliers who necessitate EDD might include:

• Politically exposed persons (PEPs), in other words people with high-profile political roles or who perform prominent public functions (this also includes the family members and close associates of PEPs).
• Special interest persons (SIPs), in other words those who have a known history of involvement with financial crimes. Remember, a person doesn’t have to have been convicted to be considered an SIP. They could have been previously accused of financial crimes or be currently facing court proceedings.
• Anyone with sanctions against them.
• People who have had negative media reports made against them.
• People with a high-net worth.
• Clients who are involved in unusual, complex, or seemingly purposeless transactions (these can be large amounts of money or very tiny transactions).

There are other geographical factors considered high-risk and that would necessitate EDD too, these include people with links to:

• Countries that have sanctions or embargoes against them
• Countries on the Financial Action Task Force’s (FATF) list of Other Monitored Jurisdictions (greylist)
• Countries on the FATF list of Call for Action Jurisdictions (blacklist)
• High-risk third countries
• Countries containing proscribed terrorist organisations (including the UK)

Additionally, any person using private, offshore, or correspondence banking may be considered high risk (particularly if they have no family or business ties to where their bank is geographically located). The high-levels of confidentiality that private banks offer make them much more likely to be involved with money laundering and clients of these organisations are therefore subject to additional EDD checks.

What does enhanced due diligence involve?

Enhanced due diligence involves requesting additional identity documents in order to verify that customers are who they say they are and often includes more in-depth background checks and additional investigations.

When performing enhanced due diligence it’s important to:

1. Establish the origin and ultimate beneficial ownership (UBO) of funds

This means obtaining proof to indicate the origin of wealth and ensure its legitimacy.

Organisations may also compare the value of a person’s financial and non-financial assets with that of their real assets to ensure the numbers add-up and seem viable. Inconsistencies between net-worth, source of wealth, and earnings should be cause for suspicion and trigger further investigation work to take place.

If the person owns an organisation, it will also be important to establish who benefits financially from the ownership and to thoroughly verify this identity.

2. Track ongoing transactions

Organisations will need to keep a close eye on the transaction history of their client or supplier, including that of any interested stakeholders, persons, or organisations, and analyse the purpose and nature of these transactions.

In particular, be on the lookout for inconsistencies between the projected value of goods and services and the amount paid or received. Again, any inconsistencies should trigger alarm bells and will require a valid explanation.

3. Check for adverse media coverage

Negative news reports about your client or supplier should be a red flag, as these speak to the track record and public reputation of the person or entity you’re about to enter into business with.

Any past accusations of financial crime – even if charges were dropped – will be cause for enhanced monitoring and investigation and, of course, established involvement with financial crime indicates a very high risk indeed.

4. Conduct an onsite visit

You may wish to visit your client or supplier at their physical business address to verify their place of work and to verify they are the person they claim to be.

This is also an opportunity to check that the operation address matches the address on any documentation they have provided (e.g., invoices). If these addresses do not match, or the organisation you find is not what you expected based on the information your customer presented to you, this is cause for concern.

An on-site visit may also be vital to obtain physical verification documents that cannot be sourced digitally.

5. Create a further investigation plan

After you’ve conducted all the above processes and determined that the client in question isn’t too high-risk for you to continue working with them, you’ll need to create a report outlining your EDD plans for monitoring your client in the future.

A timetable should be included in this report, detailing when certain monitoring actions will be carried out. Your report, along with all of the information you’ve acquired up to this point, should be kept in a secure location.

6. Develop an ongoing monitoring strategy

Make a plan to keep track of your client’s progress in the future. This should be done alongside a thorough review of the information they’ve already provided. Certain transactions may not appear suspicious in isolation, but they may be part of a larger pattern of activities that point to illegal activity.

Can we help?

Did you know, getting your employees up to speed on the latest AML regulations, including the importance of due diligence checks, is one of the most effective ways to protect your company and its assets from illegal activity?

We hope this article has helped our readers understand the importance of due diligence and what it means for your organisation. However, if there’s anything we can help you with, please do get in touch via email or on 01509 611019.

Check out our freshly updated, all new, anti money laundering collection including short courses on Due Diligence and Enhanced Due Diligence.