Effective Enhanced Due Diligence (EDD) procedures to Know Your Customer (KYC) are incredibly important for financial institutions and other organisations to investigate high risk individuals for issues including money laundering and fraudulent behaviour. According to Fenergo, global regulators issued financial institutions with more than $10 billion in Anti-Money Laundering (AML) fines, up 26 per cent on 2019. Of this total, UK authorities issued the second highest number of fines at $199,306,927. In one case, they fined the German Bank Commerzbank, $47 million. In addition, the Bounce Back Loan Fraud debacle highlighted the sophistication and determination of criminals to assume different identities and defraud the financial sector.
The reasons to do enhanced due diligence go beyond the possibility of being fined; if a business is found to be handling money gained from criminal activities, it can be very damaging for its reputation, and it could be inadvertently aiding the promotion and financing of terrorism. But on a more positive note, EDD can lead to insights into your customers that help you serve them better and improve customer satisfaction and revenue.
In this best practice guide, we look at what enhanced due diligence is, when it needs to be done, and best practice for cost-effectively carrying out enhanced due diligence whilst ensuring the maximum level of effectiveness and cost-efficiency.
What Are Enhanced Due Diligence Checks?
Enhanced due diligence checks are, as the name states, additional, more thorough checks than basic customer due diligence ones. They are required when a customer has been identified as a higher risk to your business, either when they are onboarded or due to their ongoing activities like deposits or changes in their business details, among others. As enhanced checks are more time-consuming and a greater expense for your business, it is important to limit the time spent carrying out enhanced due diligence, compared to basic due diligence checks.
A risk-based approach
Due diligence needs to be done for numerous reasons: regulatory purposes if mandated by the Money Laundering Act or affordability if you are a gambling operator; a more general threat of fraud; or for reputational reasons – for example, around human slavery in your third party supply chain. It can therefore be daunting to start to plan out your due diligence program; however, for guidance on a way forward, it is possible to look to the Financial Action Task Force (FATF) which expects that all countries and businesses operate using a risk-based approach to anti-money laundering precautions. In other words, list out key factors in the background and activities of your customer, risk score according to the severity of threat, and assign them to a level of due diligence. In banking that may mean when someone opens a new bank account, a UK passport, solid address history, and no CCJs would result in nothing more than basic due diligence, while an attempt to deposit hundreds of thousands of pounds, or continual changes to the makeup of the company’s directorship will mean enhanced due diligence is necessary.
Evaluating risk and deciding when to do enhanced due diligence
Unfortunately, deciding the risk factors that should trigger enhanced due diligence are not always obvious. If we continue to look at AML regulations, in Europe, under Article 18 of 4AMLD, any business located in a country on the High-Risk Third Countries list requires EDD. Similarly, any politically exposed persons (PEPs) or their close associates or family members must also go through the more thorough examination process. You should also consider the following:
Customer Risk Factors
– The customer is a Politically Exposed Person (PEP)
– The customer is a Special Interest Person (SIP)
– Any person or entity with a sanction
– A large amount of adverse media or news
– High net-worth
– Customers associated with unusual, complex or purposeless transactions
Geographical Risk Factors:
– Countries which have sanctions or embargoes levelled against them
– High-risk third countries
– A country on the FATF list of Other Monitored Jurisdictions (greylist)
– A country on the FATF list of Call for Action Jurisdictions (blacklist)
– Any countries which have proscribed terrorist organisations within them
In addition, if the client is using correspondence or private banking the very high levels of confidentiality involved mean there is a higher chance of money laundering and therefore enhanced due diligence is necessary.
Enhanced due diligence best practices
With the consequences in terms of fines, fraud and reputational damage, it is extremely important to make sure you have best-in-class processes for EDD investigations and checks.
There are no official guidelines on what enhanced due diligence should entail, what the report should look like, and how much information on a customer it is necessary to collect. However, there are a number of steps you can do to ensure you done your checks to the highest standard:
Use multiple sources
Without an official set of guidelines, you must show that you have tried to find information on the person from across various different data sources. For example, in the case of AML regulations, if the customer is trying to deposit a large amount of money, your objective should be to show that it is within their means to have that money legitimately and you have verified the source of funds. Some of the ways you might do that are to show they have numerous businesses they have run for a while, that they have property, or that they have a high paying job. This might be shown from land registry documents, companies house, and from financial data from Experian, TransUnion or Equifax.
Open-source intelligence is recommended to be used by both the FCA and the Gambling Commission. Adverse media or open-source intelligence (OSINT) is extremely helpful as it may reveal details around recent inheritances, a wealthy background, that they were an ex-professional footballer or singer, or any other thing that could justify your decision.
Rigorous investigative methodology
It is not enough to just gather a lot of information from various sources if they don’t plausibly address the risk. It is therefore essential for you to clearly state why you collected from these sources above others and risk score the finding.
Your investigation should show that when false positives have arisen that those avenues have been thoroughly investigated and discounted rather than ignored.
Your entire process should be documented and all evidence and research auditable with sources attributed in a standardised report. This is particularly important as you may be asked to provide that report a long period after it is initially written, necessitating the need to also make sure all sources are still available, and your report is up-to-date.
As links and suspicious activity needs to be thoroughly investigated, you should ask yourself as a business if you have the in-house skills to carry out credible, professional EDD checks. If not, you should look to employ a consultant or business that has this expertise.
Understand the level of risk and match it with more enhanced levels of due diligence. If you have a Politically Exposed Person (PEP), they are a higher risk because of the potential to be used for money laundering.
Re-engage your customer
Assume your customer is legitimate and ask them to help with the EDD check by answering questions and providing further evidence.
As the status of a customer can change at any time, it shouldn’t be the case that you just do the check while onboarding or after a large deposit. You should build ongoing monitoring into your processes to check for changes to the risk triggers.
Manually doing this kind of check across multiple data sources is an extremely time-consuming exercise, fraught with human error as you have to copy and paste and explore suspicious activity red flags over numerous data sources. A software solution that can automate this process allows you to get the research done for an EDD check much faster, leaving you with more time to make the right decision. In addition, it will allow you to generate a standardised and auditable report to present to the relevant authorities when called upon to do so.
Synalogik’s software platform, Scout®, is a one-of-a-kind efficiency solution when multiple disparate data sources are needed for Enhanced due diligence checks and investigations. Scout is data agnostic, integrating internal, open source and out-of-the-box most 3rd party data providers, allowing you to seamlessly automate search and reporting across all the datasets you use, not just the ones included from your solution provider. Our 3rd party integrations include Equifax, W2 Global, LexisNexis, Creditsafe, TransUnion, GBG and many more.
Our open approach means it is possible to have more complete automation across all your datasets, delivering greater efficiency and insight. Our customer include Hastings Direct, AIG, Entain, Buzz Bingo, Betway and the Insolvency Service.