Transforming Client Onboarding with Robust AML Procedures
Getting more clients and business growth are the primary goals of every business. With the increasing number of clients, a robust client onboarding mechanism can help businesses rule out the potential risk of financial crimes, including Money Laundering (ML), Terrorism Financing (TF), and Proliferation Financing (PF) associated with clients. This blog discusses the prevalent Anti-Money Laundering (AML) requirements and procedures, such as KYC (Know Your Customer) and CDD (Customer Due Diligence) requirements, to be considered while conducting client onboarding by businesses operating in Singapore.
By incorporating AML practices in routine business operations, such as client onboarding, businesses can ensure greater profits and a secure work environment for themselves. Through this blog, businesses can develop an understanding of how to easily and efficiently integrate AML practices into their routine onboarding process.
Risks to be Considered While Conducting Client Onboarding
Client onboarding is the process of getting new clients who set up an account with a business and avail themselves of the products/services offered by such businesses.
However, businesses need to be mindful that some of the clients may increase a business’s exposure to ML/TF/PF threats if such clients are identified as:
Sanctioned Individuals:
Specific individuals or entities subject to targeted financial sanctions by the United Nations Security Council or other relevant committees or international sanctions lists that contribute to the threat or breach of international peace and security.
Politically Exposed Persons (PEPs):
PEPs are individuals entrusted with essential public functions, including the role held by the head of state, head of government, government minister, senior civil or public servant, senior judicial or military official, senior executive of a state-owned corporation, or senior political party official in Singapore or any other jurisdiction outside Singapore. However, mid-level or junior officials are not considered as PEPs.
Individuals who perform essential functions for international organisations, such as working in the capacity of a director, deputy director, member of the board, and member of the senior management of an international organisation, are also considered PEPs. However, mid-level or junior officials are not considered PEPs.
Terrorists or Terrorist Groups:
Individuals or groups engaged in terrorist activities or terrorism financing (TF).
Originate from or Connected to High-Risk Countries:
Individuals or entities belonging to countries that have significant strategic loopholes in their AML/CFT frameworks.
Behaviour Suggests Money Laundering Activities:
If the client’s behaviour resembles the commonly observed red flags or typologies.
Prior Connection with Financial Crimes:
Individuals or entities previously associated with financial crimes, such as tax evasion, corruption, bribery, etc.
AML Compliance Procedures to Follow During the Client Onboarding Process
In order to counter ML/TF/PF effectively, businesses need to identify and categorise their potential clients into high-risk, medium-risk and low-risk clients.
This identification and classification help businesses decide whether to form a business relationship with a client. Businesses apply the following procedures during client onboarding to identify and segregate clients based on the risk appetite of their respective businesses:
Know Your Customer (KYC):
Businesses must undertake KYC processes to identify a client by obtaining particulars such as names, addresses, contact numbers, and other critical information. Further, collect documents and verify the details submitted by the client.
Client Screening:
Businesses must screen the client against lists of sanctions, Politically Exposed Persons (PEPs), terrorists, and negative news sources.
Risk Assessment:
Before onboarding a client, businesses must assess the client’s risk based on the client’s business, location, transaction, delivery channels, and products/services.
Configure Transaction Monitoring Rules:
Establish transaction monitoring rules based on the expected nature, size, and volume of the customer’s transactions, along with other identified risk factors.
Record-Keeping:
Maintain records of all processes undertaken for the client and their results for further reference and usage.
Review and Audits:
Review the client onboarding process to ensure its effectiveness and alignment with regulatory requirements.
Businesses must follow these processes while onboarding new clients. These measures ensure that businesses do not onboard clients linked to illicit activities.
Client Onboarding Regulations in Singapore
Singapore has always been at the forefront of setting global standards for a secure business environment. The Corruption, Drug Trafficking, and Other Serious Crimes (Confiscation of Benefits) Act is the main law that criminalises laundering funds from illicit activities.
To streamline the regulatory practices, a regulatory authority has been established for each sector to define regulatory requirements and ensure compliance by regulated entities.
Know Your Customer (KYC):
Businesses are required by their respective sectoral regulatory authorities to obtain client information such as:
- Full name, including aliases
- Unique identification number
- Registered address
- Date of Birth or date of incorporation/registration
Additional case-specific documents must also be collected based on the client’s business structure:
- Name, legal form and proof of existence
- Instrument under which the entity is constituted
- Identities of Directors/ Senior-most executive official
- Principal place of business
- Ultimate Beneficial Owners
Businesses must verify the information provided by the client using reliable sources such as:
- Information available on client’s website or published annual reports,
- Information available with public sources such as government directories (Bizfile+), annual returns and filings with regulatory bodies,
- Information from other reliable sources like research reports.
Name Screening:
Regulatory authorities require businesses to take reasonable measures to determine if the client or their family members or close associates are Politically Exposed Persons (PEPs). If the client or its family or associates are identified as PEPs, then enhanced due diligence measures must be taken. If there is a reason for a business to suspect that the client may be a terrorist or sanctioned individual, the business must:
- Refuse to enter into any transaction with such client,
- Terminate any transaction entered into with the client,
- Report the police.
Risk Assessment:
Regulatory authorities have specified factors that registered entities must consider when conducting a risk assessment of a client, including:
- Type of client
- Scale of client’s business activities
- Purpose of Business relationship with the client
- Geographic area of client’s business activities
- Client’s business relationships/transactions with persons from/in countries with inadequate AML/CFT measures
- Layers of the client’s business structure
Risk-Based Approach:
Businesses must perform due diligence measures in accordance with the client’s risk profile. For high-risk customers, EDD measures must be taken, such as:
- Approval of a senior management official is required before entering into a business relationship with the client.
- Reasonable steps must be taken to establish the relevant person’s source of wealth and source of funds
- Record the basis of assessment
Where the client’s risk profile is low, businesses can take appropriate simplified or standard due diligence measures to identify the client, its beneficial owners and persons acting on behalf of the client.
Transaction Monitoring:
Businesses must ascertain that the client’s transactions are consistent with the business’s knowledge of the client, the client’s income and sources of funds.
Record Keeping:
Businesses must maintain records for a period prescribed by their respective regulatory authorities of the following information:
- All transactions with the client
- All information of the client collected during the CDD process
- Copy of supporting documents relied on during the CDD process
Review and Audit:
Businesses must implement an independent audit and review mechanism to periodically assess the effectiveness of the business’s AML program.
Tech Initiatives for Improved Client Onboarding Compliance
To streamline the onboarding process, the Monetary Authority of Singapore (MAS) has recognised the MyInfo platform as a reliable source for identifying and verifying customer details such as name, unique identification number, date of birth, nationality, and residential address. Where the MyInfo platform is used, Financial Institutions are not required to obtain additional identification documents or photographs of the client.
Another initiative is non-face-to-face client identity verification. Secure methods such as digital signature, biometric identification, and real-time video conferencing. MAS recommends that regulated entities adopt technological solutions to improve AML efforts, including the client onboarding processes.
For companies registered in Singapore by its residents, verification of corporate structure is easier. However, in the
case of a foreign company or a company registered in Singapore by foreigners, a simple verification through video conferencing won’t suffice. Businesses should ensure additional checks by verifying soft copies of registration certificates of such foreign companies or companies registered by foreign persons.
Manual checks of scanned documents can be cumbersome, leading to delays or false results. So, businesses must adopt advanced technological software or systems and deploy experienced compliance teams to handle the verification process. Advanced systems leverage AI, biometrics, and authentication tools for accurate and faster results.
The regulatory authorities have created an email alert system to send UN sanctions list updates to Financial Institutions (FIs) and Designated Non-Financial Businesses and Professions (DNFBPs). Such government initiatives make compliance easier for businesses.
Best Practices of Client Onboarding in AML
Adopt the following best practices of customer onboarding to enable AML compliance:
Follow the precise AML-incorporated client onboarding process.
- Customer Identification: Collect data on customers and verify the same with the help of documentary proof.
- Risk Assessment: Identify the potential risks of the customer to the business and create a risk profile. Categorise the customer as low, medium, or high risk.
- Due Diligence: Standard due diligence is enough if the client is low-risk. In the case of a high-risk client, undertake enhanced customer due diligence, collect more data on such customers, and escalate the case to higher-level authorities.
- Account Opening: On collecting all the customer information, if the client’s risk profile is low or medium, proceed with account opening. If the client is high-risk or only half of the data points are available, reject the application.
- Annual Assessment: Assess the client’s transactions to detect sudden anomalies. Re-evaluate their risks to check for any changes in risk levels and act accordingly.
Create a crisp and clear client onboarding strategy
A business-client relationship is usually a long-term relationship. So, it is not ideal for any business to start an onboarding process without a clear strategy.
Hence, businesses need to define their onboarding strategy.
- Start by defining the objectives of the onboarding process.
- Make a list of all the goals the organisation aims to achieve with this onboarding process.
- Identify the outcomes that the business wishes to achieve.
- Define the step-by-step procedure and guidelines for each step.
- List the resources required for each task.
- Decide upon the timelines and costs associated with each step.
This will provide a clear direction for the client onboarding process execution.
Update the client onboarding process with changing regulatory requirements
While onboarding customers, businesses need to consider the AML regulations related to:
- KYC
- CDD
- Transaction monitoring
- Customer screening
Businesses must perform these procedures while onboarding customers. Any changes in these processes must be reflected in the onboarding process. Thus, it is essential to be updated with the regulatory environment and adapt the business’s internal policies to regulatory changes. These adjustments can ensure proper compliance with regulatory requirements during the customer onboarding process.
Use a combination of human and technology-based techniques for identification and verification
A client onboarding process involves the following processes:
- Data collection
- Assessment
- Verification
- Recordkeeping
Manual handling of these processes can be taxing and time-consuming and may lead to high false positives and false negatives. There is a high chance of human error and negligence in identifying critical data. The time-consuming nature of the entire manual process can be a pain point for the customer.
Businesses often resort to advanced technological solutions to tackle this challenge. Automated KYC and CDD solutions collect and verify customers’ data. Advanced systems ensure safe recordkeeping and an overall efficient and secure customer onboarding experience.
Moreover, customers enjoy the automated client onboarding process because it is faster, more accurate, and less complicated. Customers are less likely to get frustrated with repetitive, complicated, or unnecessary questions, so the friction points diminish. Hence, customer drop-offs decrease.
However, complete neglect of human insights is a big mistake. Human eyes can notice strange customer behaviour, which even technology cannot. So, manual checks and technology scanning are necessary to get a 360-degree view of customer risks.
Embrace remote KYC and due diligence methods
MAS has issued circulars for the use of MyInfo and CDD Measure for non-face-to-face business relations. It involves data collection and validation using video conferencing, biometric identification, and digital signature. Regulated entities are encouraged to embrace remote KYC for the following reasons:
- It adds to customers’ convenience. It enables customers to complete the process from anywhere at any time using their devices.
- It avoids the hassle of office visits and producing physical documents. All these are manageable digitally, adding to a positive user experience.
- When customers complete the identification and validation processes remotely, the onboarding is accelerated. Saving time on client onboarding allows businesses to focus on other strategic tasks.
- Technological interventions by the government and regulatory authorities such as MyInfo and Singpass provide the necessary features to check the authenticity of documents and information. This ensures enhanced risk management.
If customers are happy, there are fewer chances of drop-offs.
Train the employees on client onboarding in AML
Client onboarding processes require managing a lot of information and documentation, which requires trained and skilled employees. Unskilled employees affect the process’s quality.
Training must be provided on the significance of AML compliance and employee responsibilities. Employees must know the KYC and CDD data points to collect to build the risk profile. These include:
- Identity
- Contact details
- Sources of income/wealth
- Beneficial owners
- Credibility score
- Any mention of sanctions or PEPs
Efficient data collection and verification with documents ensure quality and correct results. Employees must keep up with the latest industry trends, best practices in client onboarding, and AML regulations.
Recordkeeping- The backbone of the AML program
The client onboarding process leads to a massive load of data. Businesses must maintain records of every step of the onboarding process, including KYC, CDD, and KYT (Know Your Transaction) procedures. Records are essential for future use and to ensure compliance. Advanced technologies have systems in place to collect and validate data, which can be used for record keeping.
Authorities refer to these records when conducting audits or investigations of an organisation’s AML compliance processes. Businesses must furnish records such as account details and information about the entity when submitting suspicious activity and cash transaction reports to the Suspicious Transaction Reporting Office (STRO) using the STRO Online Notices and Reporting Platform (SONAR).
Creating a balance between AML compliance and customer experience
It is important to strike a balance between adhering to regulatory requirements and catering to the client’s needs. Businesses can take the following steps to enhance client experience while performing AML procedures:
- Making efforts to reduce the time taken in AML procedures with the help of advanced technologies
- Prioritising the client’s data privacy and ensuring transparency during the onboarding process to build trust
- Engaging the client with the business’s core products or services to create a long-term relationship.
Businesses can adopt such strategies to improve the customer experience while completing the client onboarding process.
Motivate customers to furnish correct, complete, and updated data
Clients may not always be ready to furnish their information. They might find the data collection process tedious and invasive. So, it becomes important for businesses to devise effective ways to gather data from customers like:
- Explaining the significance of AML compliance to the client.
- Making the data collection process more manageable and smoother.
- Train employees to engage with clients during the onboarding process to make it a more comfortable experience.
- Incorporate technological solutions to speed up the process.
Adopt a risk-based approach for further due diligence
Upon performing KYC, businesses can identify client risks. So, based on the customer’s risk profile, businesses can perform adequate due diligence measures.
Thus, a risk-based approach must be adopted for customer due diligence. Applying the same and consistent due diligence for all customers is a big mistake.
So, due diligence measures vary based on a customer’s risk profile. If a client is high-risk, enhanced due diligence (EDD) is required. A simple CDD or standard CDD would suffice if the risk is low. This process allows businesses to determine their client acceptance and exit policy.
Increase the KYC and due diligence intensity for foreign customers
The involvement of more than one country changes the story of AML compliance. There are differences in AML regulations, and distinct identification and verification rules exist. These variances affect the process of validating customer data. Therefore, businesses must exercise greater caution while dealing with cross-border transactions.
Organisations can adhere to the following practices:
- Collect more data about foreign clients, their agents and beneficial owners.
- Assess the AML regulations of the jurisdiction that the client belongs to or is connected with.
- Perform client screening against that jurisdiction’s local sanctions list, PEP lists, and adverse media information.
Ensure sufficient data security policies for keeping customer data safe
In the current times, data protection is a significant concern. Businesses store large quantities of customer data. Ignoring data security may make customer identities and documents unsafe. So, businesses must ensure data protection by implementing these principles:
- Maintain data confidentiality and security.
- Implement technological solutions to prevent data breaches and hacking.
- Follow privacy regulations to avoid any access by non-permitted users.
- Adopt sound cybersecurity measures and anti-malware policies to protect customer data from malicious actors.
Corroborate client representation with reliable information
It is important not to rely solely on the information provided by the client. Businesses must verify client’s information with reliable documents and evidence. For instance, Businesses can seek a company memorandum and articles of association to verify the particulars of a corporate entity and identify its beneficial owners.
For Politically Exposed Persons (PEPs) or prominent public profiles, businesses can corroborate such client representation against reliable public information sources.
Conclusion
Implementing the above-mentioned best practices can ensure a safe and smooth onboarding process that can culminate into a long-term business relationship with mutual benefit for businesses and clients.
About the Author
Pathik Shah
FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)
Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.