03/11/2022 Alexander

Standard Definitions in Corporate Compliance

With the ever-growing concern of money laundering being a tool for terrorist financing, corruption and assisting severe crimes such as tax evasion and drug trafficking, corporate compliance has become the default response to this issue. In this article, we will break down what corporate compliance is and how it works.

Know Your Customer and its variations 

Corporate compliance is a set of tools that facilitates anti-money laundering. The most common acronyms are:

  • KYC – Know Your Customer
  • KYB – Know Your Business
  • KYE – Know Your Employee

KYC (Know Your Customer) is the process by which banks and regulatory frameworks do everything in their legal capacity to know who their customer is.

KYC always includes knowing the nature of the client but can also extend to knowing the nature of their client’s activities and if the money they are transacting with is gained from illicit methods. Additionally, banks and other obliged institutions must scrutinize if the client record matches anyone who has economic sanctions against them, is suspected of criminal activities, or are PEPs.

Obliged institutions

An obliged institution is an entity required by law to detect and prevent money laundering. They must report all suspicions of money laundering.

What is a politically exposed person (PEP)? 

PEP (Politically Exposed Person) is a person who holds the responsibility and office of a senior public official. These persons are exposed to greater chances of bribery, kickbacks (negotiated bribery) and corruption because of their position, so it becomes crucial to apply enhanced due diligence for PEPs. As a result, determining who is or who is not a PEP is very important.

What is customer due diligence (CDD)? 

Before tackling enhanced due diligence, let’s first define customer due diligence. When a person, natural or legal, deposits a large sum of money into a bank, the obliged institution must ensure that the money and the person or entity are scrutinized for any suspicious activity, illicitness, and illegality. Therefore, banks must report the deposit to a complex regulatory framework which applies methods such as CDD (Customer Due Diligence).

What does customer due diligence (CDD) involve? 

CDD involves accumulating all the available data in relation to a customer to sufficiently conduct anti-money laundering and prevent terrorist financing activities. It is the process of carrying out risk assessments that are crucial to evaluate any risks that the customer may postulate.

The difference between KYC and CDD

CDD is more focused on preventing money laundering while KYC refers to the entire accumulation-of-data process for any company/firm regardless of their area of practice. Furthermore, while CDD may result in reporting of suspicious activities or criminal behavior, KYC is the act of verifying the customer.

In the United States, CDD has been broken down into 4 core requirements to achieve corporate compliance. The US treasury’s Financial Crimes Enforcement Network lays out that:

  1. CDD involves the identification and verification of customers (like KYC);
  2. Identification and verification of beneficial owners who own 25% or more of companies that are opening accounts;
  3. CDD includes the process of understanding the nature and purpose of customer relationships for risk profile development;
  4. CDD requires ongoing monitoring for identification and reporting of suspicious transactions and maintenance of up to date customer information.

Information to look out for in CDD

While carrying out CDD, it is important to identify any information that may suggest money laundering. It could involve tracking transactions to determine if smurfing (breaking down large sums of money into smaller sums to eradicate their source) or layering (keeping money idle for five or more business days to avoid scrutiny or raise suspicion) is being conducted. It may also include information indicating money movement to an offshore bank account, banks who only deal with non-residents of their operating jurisdiction. Finally, CDD may involve identifying information relating to significant investments in infrastructure or takeovers, possibly attempting to buy a shell company and legalizing the illicit money.

When to carry out enhanced due diligence (EDD)

After all customer due diligence stages have been completed, enhanced due diligence (EDD) is carried out for people who have shown reasons to be more likely to commit money laundering. EDD is an enhanced stage where CDD is carried out to document more information about the customers and their transactions.

Standard methods of corporate compliance 

Most companies generally adopt KYC, KYB and KYE as methods of corporate compliance. KYB is like KYC except that KYB (Knowing Your Business) must also identify and verify business representatives because their customers are those businesses. This is very common in most B2B transactions where businesses deal with other companies. KYE (Knowing Your Employees)  is generally carried out by the companies with regards to their own employees.

Regulatory bodies involved in corporate compliance

After conducting such strict methods of identification, verification and reporting, it is also essential that customers feel safe to give their assets to an institution for them to handle it. This is where the CASS (UK Financial Conduct Authority’s Client Assets Sourcebook) provides all regulations that a company should comply with when they are handling client assets. Whilst CASS is being complied with, in relation to the code of conduct of Financial institutions, COCON (UK Financial Conduct Authority’s Code of Conduct Sourcebook) provides further rules, ensuring that the institution complies with the traditional codes of conduct.

Data protection

Data protection is also crucial. Data protection means that the company has all its customers’ data protected so customers can feel safe disclosing information. Another important aspect is following prudential regulations. The Prudential Regulation Authority ensures that these prudential regulations are complied with. This would mean that companies, especially financial institutions, are reducing the risk of going into a stage where they can no longer pay back their customers/clients.

All this is done to ensure that a compliance and ESG framework is maintained, and all compliance risks, conflicts of interest and corruption are avoided. ESG are environmental, social and governance (non-financial) factors that must be complied with by a company, moreso in the past few years owing to the increasing need for sustainability.

In conclusion, corporate compliance is a combination of companies complying with a good code of conduct and ensuring to the best of their ability that their customers are not engaged in activities that may facilitate or enhance money laundering, terrorist financing and tax crimes.