Do you like cookies? 🍪 We use cookies, just to track visits to our website, we store no personal details. By using our site, you acknowledge that you have read and understand our Cookie Policy, Privacy Policy, and our Terms of Service.
Corporate entities, with their complex networks and multifaceted operations, can become havens for criminal activity. Illicit money and unlawful actions can be hidden within layers of transactions across subsidiaries and partnerships, obscure beneficial owners, and dubious front businesses. How can financial institutions conduct proper KYC to avoid falling prey to these wrongdoers?
Properly conducting Know Your Customer (KYC) investigations on corporate clients is essential for financial institutions. It not only helps to halt the flow of criminal activities but also prevents regulatory fines, reputational damage, and loss of customer trust.
KYC checks on corporate clients are inherently more complex than those for retail customers. This complexity stems from the intricate ownership structures and layers associated with corporate entities, necessitating a thorough investigation into the business’s operational background, beneficial ownership, and any potential red flags within their networks and transactions.
Let’s explore how these comprehensive checks can be effectively carried out.
Why must financial institutions screen companies?
The FATF states that entities can be misused in several ways, including money laundering, bribery and corruption, improper insider dealings, tax fraud, financing of terrorist activities and other forms of illegal activities.
While regulations such as the European AML Directives focus on entities that are of higher AML risk, such as virtual currency providers or art traders, financial institutions should conduct KYC on companies across all sectors to identify and mitigate potential risks associated with money laundering and terrorist financing activities in a broad array of business contexts.
This allows financial institutions to establish a robust understanding of their customers' financial activities, assess the legitimacy of transactions, and detect any suspicious or unusual patterns that may indicate illicit behavior.
In December 2023, BNP Paribas Securities Services was accused by French and American authorities of “aggravated money laundering.” The French financial institution failed to monitor and conduct KYC on TCR International Limited, a company registered in Cyprus, who between 2019 and 2021 transferred several hundred million euros and dollars of dubious origins and with no economic logic.
What documents are needed to conduct KYC on corporates?
To conduct proper KYC on corporate entities, financial institutions must collect the following documents and information:
1
Copy of valid ID/passport of the beneficial owners - this requirement allows AML experts to verify the identities of individuals who ultimately control or benefit from the corporate entity. The copies should clearly show the full name, date of birth, place of birth, validity, and registration number of the individual(s).
2
Proof of address – AML experts should also ask for the proof of address of the beneficial owner and location of residence. This can be done through a bill or any other similar document.
3
Beneficial ownership declaration – this document requires the company to disclose detailed information about its ultimate beneficial owners, including their identities, ownership percentages, and relationships to the company. It helps financial institutions identify and verify individuals who ultimately control or benefit from the company, enabling thorough due diligence and risk assessment.
4
Copy of valid ID/passport of authorized persons – persons authorized to sign for the beneficial owner(s), take decisions for the company, etc. should also provide a copy of their identification document.
5
Document evidencing power granted to authorized persons – this document, such as a power of attorney or a board resolution, verifies that the individuals acting on behalf of the company have the legitimate authority to make decisions, conduct transactions, and represent the company in various matters, ensuring that all activities are sanctioned by the corporate entity's governing bodies.
6
Company register – this document provides official confirmation of the company's legal status and registered address, offering AML experts crucial information about the entity's formation, its directors, and shareholders, which helps in assessing the legitimacy and risk profile of the corporate customer. A chamber of commerce extract can also be used.
7
Certificate of incorporation – this document serves as legal proof that the company has been formally established and recognized as a legal entity by the relevant authorities. It provides essential details such as the company's name, date of incorporation, and registration number, helping AML experts verify the company's existence and legitimacy.
8
Articles of Association – this document outlines the internal rules and regulations governing the management and operation of the company, including details about shareholders' rights, directors' powers, and procedures for decision-making. Reviewing the Articles of Association allows AML experts to understand the company's corporate structure, governance practices, and potential risk factors, aiding in the assessment of its compliance with regulatory requirements and identification of any red flags.
9
Shareholder register – this document provides a comprehensive list of individuals or entities that hold shares in the company, along with details of their ownership stakes. Examining the shareholder register allows AML experts to identify the ultimate beneficial owners of the company, understand the ownership structure, and assess any potential risks associated with undisclosed or complex ownership arrangements.
10
Source of funds declaration – this document requires the company to provide information about the origin and legitimacy of the funds used for its operations, investments, or transactions. It helps financial institutions verify that the funds are derived from legitimate sources and are not associated with illicit activities such as money laundering, corruption, or terrorist financing.
In the EU, under the 5th AML Directive, financial institutions have access to national ultimate beneficial owners (UBO) registers that allow them to verify the identities of beneficial owners more efficiently and accurately. Check out our article on UBO registers to learn more.
What additional checks should be done on high-risk entities?
High-risk entities often present complexities and challenges that necessitate a more rigorous approach compared to standard due diligence. When dealing with high-risk entities, financial institutions must implement enhanced due diligence (EDD) measures to mitigate potential risks.
Aside from the documents listed above, AML experts should also obtain the geographic locations of the company, its branches, and its subsidiaries to verify that they do not conduct business in sanctioned countries or in locations that may pose a heightened risk. A list of counterparties or other entities with which they conduct business, along with their location, should also be asked.
If possible, in-person interviews should be conducted by the business unit at the KYC stage to ensure that the entity’s key personnel and beneficial owners can offer additional verification and clarity on the entity’s purpose, structure, and operational methods. Site visits to the high-risk entity’s operational locations can also yield valuable insights into the legitimacy of its activities.
Furthermore, it is crucial to verify that high-risk businesses do not engage in the trade of dual use goods. These are goods that can be used for both civilian and military purposes. Letters attesting that the companies do not deal in such items should be issued and signed by the company if deemed necessary.
What are red flags related to corporate clients?
When conducting KYC on corporate entities, the following behaviour may trigger a suspicion:
Inconsistent or incomplete documentation provided during the onboarding process.
Unexplained discrepancies between the company's stated business activities and its financial transactions.
Transactions involving high-risk jurisdictions known for money laundering or terrorist financing.
Complex corporate structures involving multiple layers of ownership or offshore entities designed to obscure beneficial ownership.
Use of nominee shareholders or directors to conceal the true beneficial owners of the company.
Lack of transparency or refusal to provide requested information or documentation during the KYC process.
Involvement in industries or sectors known for a high risk of financial crime, such as casinos, money service businesses, or shell companies.
Discovery of adverse media reports or negative information about the company or its key personnel, indicating potential reputational or integrity risks.
Unexplained sources of wealth or funding for the company's operations, investments, or expansion initiatives.
Use of cash-intensive businesses or front companies to funnel illicit funds through legitimate channels.
Inconsistencies in the company's stated ownership structure or beneficial ownership information across different documents or databases.
Why is constant verification important for corporates?
As corporate structures, ownership, and associated risk profiles can change over time, regular updates and checks of client information help institutions maintain accurate records and understand the current nature of their business relationships.
This can be done through periodic reviews and monitoring of client accounts, which involve reassessing the client's risk profile, verifying the accuracy of previously provided information, and collecting any new or updated documentation as necessary.
By staying vigilant and proactive in their due diligence efforts, financial institutions can effectively mitigate the risks associated with money laundering, terrorist financing, and other illicit financial activities, thereby safeguarding their reputation and maintaining compliance with regulatory requirements.
Critics believe that AML fines are inefficient, but how can they be improved? Explore our article to learn how lawmakers...
Financial InstitutionsFri 15 March 2024
Experts in risk management and regulatory compliance
Pideeco is a consultancy firm providing legal services, business solutions, operational assistance and educational material for professionals in the financial industry.
We are based in Brussels and we specialize in regulatory risk compliance services covering the Eurozone.
Pideeco combines professional Regulatory knowledge and technical expertise to safeguard your business’ reputational and operational risk. Our unique customer-centric approach helps us build strategical and legitimate cost-efficient remedies.
Working with us means reaching out to complementary people, allowing for original thinking and innovative vision.
