Know Your Customer as Well as They Know You

Six Actionable Insights for KYC Compliance

In today’s global and fast-paced business environment, fraudsters have multiple ways to identify and exploit your company’s vulnerabilities. That makes knowing details about who you are doing business with critically important. By having well-thought-out processes in place, you can mitigate the risk of being victimized by fraud and help prevent your company from violating critical compliance requirements.

Knowing Your Customer (KYC)

As a Credit or Treasury professional, you must remain aware of the best KYC practices and compliance requirements that apply to your business. Lax KYC controls can result in time-consuming collection issues, unnecessary bad debts, and serious compliance violations.

There are many inherent risks if you do not perform a thorough due diligence at the outset of a business relationship or when a customer’s ownership changes. Whether you sell domestically or internationally, your company must adhere to compliance requirements. Protective KYC policies reduce the risk of violations stemming from sales to prohibited countries, companies, or individuals.

Compliance requirements are subject to change, so regular monitoring is needed. Based on the severity of a violation, your company could be subject to monetary penalties or even criminal charges.

Follow the Compliance Requirements that Apply to Your Company

Trade creditors (B2B vendors or exporters offering credit terms) are generally not directly regulated under financial-sector KYC/AML rules unless they operate within a regulated industry, such as finance or securities. Even when not legally mandated, there are many benefits for trade creditors to adopt KYC procedures as a risk management best practice, especially when dealing with high-value or international transactions.

The following references are intended as a guide to help you structure a KYC process. This is not a complete list of the potential compliance requirements you should be aware of. It is important to understand the local requirements if your company sells internationally.

The US Financial Crimes Enforcement Network (FinCEN) has strict rules for compliance by financial institutions. Although these requirements may not apply to your business directly, they provide guidelines for your company's credit and treasury policies and controls.

In addition, the Department of Justice (DOJ) “Principles of Federal Prosecution of Business Organizations” also provides trade creditors with specific factors considered violations by prosecutors. The Office of Foreign Assets Control (OFAC) and DOJ Anti-Money Laundering (AML) also provide KYC compliance guidelines of which you should be aware.

DOJ’s KYC Requirements

As you develop or assess your company’s KYC process, consider the following three overarching DOJ requirements:

1. The compliance program is to be well-designed to detect and prevent misconduct that is most likely to occur, considering the company’s or individual’s characteristics:

   1. Company characteristics:

      1. Company location(s)

      2. Industry sector(s)

      3. The company’s regulatory landscape

   2. Potential compliance risks:

      1. Payments to foreign officials

      2. Use of third parties

      3. Gifts, travel, and entertainment expenses

      4. Charitable and political donations

   3. The nature and scope of the company’s business:

      1. Potential clients and business partners

      2. Transactions with foreign governments

2. The company applies the program earnestly and in good faith: The company’s documented processes and actual behavior should demonstrate that compliance is taken seriously by showing:

   1. There are adequate resources available to enforce compliance

   2. An established process to identify, analyze, and address risks

   3. The company collects the information and tracks metrics needed to ensure compliance

   4. Adequate resources are allocated to provide effective scrutiny on higher risks

3. The compliance program is implemented and actively followed: Aside from dedicated resources and documented policies, a company should be actively adhering to current requirements. This is demonstrated by:

   1. Regular updates and modifications to address “lessons learned” when misconduct or other shortcomings in the compliance program are identified.

   2. Periodic training a certification for all directors and officers, relevant employees, and, where appropriate, agents and business partners.

Actionable Insights

Consider the following four action areas to manage your KYC process in a way that minimizes risks and maintains compliance:

1. Identify and verify:

   1. Identify the beneficial owners of companies applying for credit or currently doing business with your company.

   2. Do what is necessary to verify the authenticity of all customer documents.

   3. Obtain and review information from reporting agencies or relevant public databases.

   4. Seek and verify valid financial references.

   5. Request and review customer financial statements.

2. Complete a thorough due diligence:

   1. Understand the nature and purpose of the seller/customer relationship.

   2. Develop and maintain customer risk profiles as part of your decision process.

   3. Routinely reference OFAC country, company, and individual embargo listings. Refer to https://ofac.treasury.gov and reference “Sanctions Programs and Country Information” and “Specially Designated Nationals (SDN)” listings.

3. When selling to a company, require:

   1. Certified articles of incorporation issued by the governing authority

   2. A government-issued business license

   3. A Partnership Agreement if applicable

4. For an individual, sole proprietor, or small business owner: Require a current government-issued identification with a photo, proving nationality or residence. (A driver’s license or passport)

5. Monitor continuously:

   1. Identify and report suspicious transactions

   2. Keep risk profiles up to date

   3. Maintain and update customer information

6. For international business, additional precautions may be necessary:

   1. KYC requirements are more likely to be mandatory for trade creditors in some regions, especially in the EU and certain Asian markets. Consider requiring more extensive documentation and implementing an ongoing monitoring process.

   2. Verify business registration and ownership documents.

   3. Perform additional due diligence for high-risk markets or industries, including background checks and financial health assessments.

   4. Cross-reference information provided by the customer with government registries and third-party databases.

   5. Continuously monitor transactions for suspicious activity and maintain up-to-date records for compliance audits.

7. Watch out for high-risk warning signs:

   1. Unusual changes in activity: Significant requests for an increase in the credit line, or a spike in order activity.

   2. Changes in ship-to or remit-to locations.

   3. Alarming information about the customer’s business or management.

   4. Changes in the customer’s management or structure.

   5. Change in the customer’s ownership or new equity partners.

   6. A sudden change in the type of activities a company engages in to generate revenue, the industry it operates in, or the products or services it sells.

The Bottom Line

In today’s complex business environment, robust Know Your Customer (KYC) practices are critical to protect your company from fraud, compliance violations, and financial losses. Credit and Treasury professionals must implement thorough due diligence, stay current with evolving regulations, and maintain vigilant monitoring of customer relationships.

Key steps towards ongoing compliance include verifying customer identities, assessing risk profiles, adhering to US and international compliance guidelines (such as FinCEN, DOJ, OFAC, and other local requirements), and watching for warning signs of high-risk activity. Effective KYC programs require ongoing updates, dedicated resources, and a culture of compliance to minimize risk and ensure business integrity.