Part 3: Understanding Compliance Roles

Part 1 and Part 2 of this guide focused on risk, due diligence, beneficial ownership, sources of wealth/funds, and record keeping and reporting. In this final part of our Ultimate Guide to Customer Onboarding, we tie everything together by exploring the pivotal and overarching role of compliance — and your compliance team — in the broader KYC onboarding universe. 

Compliance processes need to be implemented properly in order to be effective. Whether your compliance activities are carried by a single person or a large team, it’s important that they are properly trained in compliance rationales and protocols. 

This guide will explore how to: 

1. Educate your team
2. Evaluate your team and procedures
3. Define the distinct roles of team members.

Training

In practice, the onboarding team holds responsibility for safeguarding your business against the risks we've discussed in Part 1 and Part 2. 

For Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) efforts to yield long-term benefits, it’s essential to establish a training regimen that imparts knowledge of local and international regulations as well as a company’s internal protocols and controls.

In order for the compliance managers/team executing these measures to be successful, they will need to understand the intricacies of your business's specific vulnerabilities. 

It's worth noting that you'll also be required to demonstrate your training protocols to external regulatory bodies if your business comes under investigation; failure to comply may lead to regulatory penalties that can also adversely affect your business’ reputation. In the event of a regulatory audit, authorities will scrutinize how your onboarding training program aligns with your business's risk-based approach (RBA).

While the creation of the training program should usually be undertaken by AML and CTF experts in the AML and CTF domain, it should, at the very least, be reviewed and approved by senior management. This becomes particularly important when outsourcing the production of training materials to external providers, as not all providers may fully account for the unique nuances affecting your business.

As the regulatory landscape evolves or your business modifies its approach to jurisdictions, products, and clients, adjustments to the training program will be necessary. For instance, training personnel about money laundering threats posed by a product you no longer offer would be redundant.

The objective is to offer comprehensive training while remaining adaptable to changes in the broader context, even when training is conducted in international offices. Thus, it's essential to document your training programs and maintain records of attendees and covered topics for both internal and external audits.

Decisions will also need to be made regarding who should undergo training. While the onboarding team undoubtedly requires training, it could be beneficial to extend the scope to a wider group, including members of the engagement team who supply the onboarding team with customer due diligence (CDD) information. While a full training program might not be necessary for them, a foundational understanding of the processes and regulations underpinning your procedures can enhance their effectiveness.

Training Programs

Your training program should encompass not only specific jurisdictional, legal, and regulatory considerations but also address AML and CTF challenges linked to your business's clientele, products, and operational areas. It’s important to frame your approach within the broader legislative and regulatory framework of the jurisdiction(s) you operate in, potentially starting with a general overview before delving into more specific details later on.

Some of the key AML/CTF themes your training can include are:

1. The Extent and Range of Global Money Laundering: Highlight the magnitude of worldwide money laundering and how it impacts economies, institutions and societies. 

2. The differences between terrorist financing and criminal money laundering: Provide definitions and insights into the distinct features of terrorist financing in comparison to conventional criminal money laundering. It's crucial to cover the unique characteristics and patterns of terrorist financing and money laundering and the repercussions of failing to detect these red flags and threats.

3. Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) laws in your areas of operation: For instance, in the US, a compliance team should understand the Bank Secrecy Act, the Patriot Act, and associated legislations. In the EU, focus on how the money laundering directives (AMLDs) guide operations, while in the UK, emphasize the Proceeds of Crime Act and the Money Laundering Regulations. This section can also include a module understanding the types of penalties that are levied in instances where these laws are violated. It can also cover the role of international organizations such as the Financial Action Task Force (FATF) in informing local laws and regulations 

4. Recent Trends AML/CTF trends: Give an outline of current trends in global and jurisdiction-specific money laundering and terrorist financing activities. Onboarding analysts should grasp the evolving nature of threats faced by your jurisdiction and in order to be able to better identify those risks when they appear.

Business-specific training

Your training curriculum will also need to ensure that your compliance team grasps the intricacies of the risks and procedures that are related to your specific industry and unique business profile and operations. 

This business-specific training can include:

1. A comprehensive examination of the money laundering and terrorist financing threats confronting your business. Additionally, elucidate the business's product offerings, client demographics, and pertinent geographical areas. This equips the onboarding team to adeptly apply the risk-based approach across various scenarios.
2. A detailed overview of your institution's RBA and what it involves. This segment should delve into the structure of the RBA, focusing on threats, vulnerabilities, consequences, and risks specifically impacting the business.
3. An extensive review of internal onboarding protocols and required information for all client categories, including individuals, public companies, private enterprises, state-owned entities, etc. 
4. Red flag review: each client category can demonstrate unique red flags that signify potential money laundering, terrorist financing, and sanctions violations. An onboarding team should be well versed in identifying these specific threats and knowing how to process/escalate them.
5. A detailed breakdown of escalation procedures during the onboarding phase, coupled with the process of submitting suspicious transaction reports. Analysts need to be well-versed in appropriate actions to take when suspicions of money laundering or terrorist financing emerge.
6. A detailed overview of standard, simplified, and enhanced due diligence methodologies and how different triggers lead to transitions between each process.
7. Understanding how your business’ various product lines and clients pose different money laundering and terrorist financing risks. Analysts must be educated on the intricacies of business streams, encompassing products, clients, and geographical factors, including changes over time.
8. Comprehensive guidance on high-risk jurisdictions. Analysts require training on the distinct hazards associated with particular regions, the tools available for identification, and protocols to enact when encountering such risks.
9. A comprehensive overview of sanctions policies and procedures relevant to your specific business — and how to respond to sanctions-related red flags.
10. In-depth guidance on record-keeping obligations for onboarding materials. Onboarding personnel should possess a comprehensive understanding of which materials necessitate recording and preservation for both internal and external audits.
11. A clear explanation of the roles and responsibilities of each member of the onboarding team.
12. A clear breakdown on data privacy and confidentiality laws, considerations and protocols for gathering AML/KYC data — such as the EU’s GDPR regime.
13. An exploration of the implications of currency transactions and third-party payment complexities — and their implications for potential money laundering. Analysts should be familiarized with the risks linked to currency transactions and third party payments and how to respond when these risks are identified.
14. Detailed training on ongoing monitoring and what it involves, including frequencies and scope.
15. Comprehensive training on any automated KYC/AML onboarding technology being used as part of a client onboarding process, including a thorough instruction on the type of KYC data and documentation being gathered.
16. Guidance on identifying a client's source of wealth and source of funds during onboarding — and when this type of information is required.
17. Strategies for interactions with clients and engagement teams during onboarding. Effectively managing expectations and client relations is crucial, in order to ensure business relationships and client loyalty or maintained/improved through effective compliance — and not vice versa.

Throughout the training on business-specific compliance considerations, it will also be very helpful to use real-world onboarding case studies and examples. 

Sanctions training

Due to both their complexity and far-reaching impact, sanctions warrant distinct training. Your onboarding team should receive training on both local sanctions frameworks and those implemented by the United States. This entails familiarization with comprehensive and targeted sanctions, as well as the broader category of sector-specific sanctions.

It's essential to provide your team with an in-depth understanding of current sanctions frameworks, the legislations and rules associated with sanctions, as well as the consequences for violating sanctions regulations.

Your team will likely utilize sanctions screening technology solutions to cross-reference against sanctions, Politically Exposed Person (PEP) status, and adverse media lists. With that in mind, it will still be important for them to comprehend the underlying resources and datasets used by these screening solutions, such as the US Specially Designated Nationals (SDN) lists. 

Senior Compliance Roles

The success of a compliance-driven onboarding program will be determined by the expertise and clear delegation of specific responsibilities to various key positions and functions: compliance officers, money laundering reporting officers or nominated officers, and auditors. 

The Compliance Officer

The senior compliance officer is tasked with the pivotal role in supervising the development of and implementation of the onboarding program and ensuring that it aligns with the business' RBA. They hold ultimate accountability for the efficacy of this program, encompassing tasks from client risk assessment to due diligence processes during onboarding. 

Additionally, they are tasked with staying abreast of shifts in the broader legal and regulatory landscape — as well as periodically evaluating the compliance program — and suggesting changes to senior management should the need arise. 

The Senior Compliance Officer will hold numerous other responsibilities related to an onboarding program. These include: 

Supervising Training of the Onboarding Team — The senior compliance officer holds ultimate oversight over all training materials and programs. It is their responsibility to ensure the relevance and effectiveness of training initiatives.

Understanding Compliance Software — Senior officers must possess an in-depth understanding of the firm's existing compliance software packages, their strengths, weaknesses, and any procedural gaps. Furthermore, they are required to grasp the array of software options available in the market, along with any innovations that could prove beneficial.

Coordinating a Unified Approach — In extensive organizations with global offices operating in diverse jurisdictions, it falls upon the senior compliance officer to guarantee uniformity in how compliance protocols are implemented across the firm. This is pivotal, as criminals often exploit jurisdictional differences or weak implementation points.

Serving as an Escalation Point — Senior compliance officers serve as either the escalation point for issues or as intermediaries between the onboarding team and the MLRO (see below). Escalation decisions need to always be backed up by clear documentation and reasoning. 

Facilitating Communication with Key Stakeholders — Maintaining open lines of communication with both higher and lower echelons of the compliance function, as well as with external authorities, is imperative. 

Communication and coordination with auditors — The compliance officer must ensure the compliance function responds effectively to requests from internal and external auditors, providing full access to required information. They will also need to demonstrate strategies for the implementation of auditors’ findings and recommendations. 

Managing Recruitment — The Compliance Officer should have the final say on who is hired to join the compliance team. While direct involvement in each hiring decision may not be feasible, the senior compliance officer will hold ultimate responsibility for the performance of individual compliance team members — so they should practice oversight over hires. 

Supervising Ongoing/Transaction Monitoring — Ultimate responsibility for continuous monitoring of clients and transactions beyond the initial onboarding stage lies with the senior compliance officer. They ensure the effectiveness of transaction monitoring software and establish procedures for ongoing client and transaction reviews, including escalation protocols. This will need to be aligned with prevailing regulatory responsibilities and legal considerations. 

Conducting Investigations — The compliance officer will need to ensure that alerts generated by the compliance team, other employees in the business or compliance software are investigated and resolved. In instances requiring broader investigations into irregularities within the onboarding system, the senior compliance officer holds the responsibility for communicating these issues with senior management and developing and implementing remedial actions. 

Cultivating a Compliance Culture — The Senior Compliance Officer will bear the ultimate responsibility for fostering an effective culture of compliance throughout the onboarding and broader compliance teams, as well as the organization as a whole. Achieving this goal hinges on effective training and communication, coupled with a thorough understanding of the AML/CTF risks confronting the business.

The Role of the Money Laundering Reporting Officer (MLRO)

Regulated businesses usually need to designate a nominated officer — or potentially multiple officers — to supervise and contribute to the broader compliance framework within the onboarding function. For sole trader businesses, this function will need to be assumed by the owners. 

This designated individual will bear the responsibility of overseeing the comprehensive AML/CTF/KYC compliance within the institution, ensuring the effectiveness of all onboarding endeavors. Often referred to as the Money Laundering Reporting Officer (MLRO), their role may deviate from that of a senior compliance officer, as it could be governed by specific legal and regulatory prerequisites.

In certain jurisdictions, authorities lean towards prosecuting designated individuals for any compliance lapses within the firm, be it due to omission or commission. Consequently, there are civil and criminal accountabilities to consider, necessitating that the MLRO hold at least a director-level position.

While the scope of these senior officers extends beyond onboarding, they play a pivotal role as a central nexus in the onboarding process. They serve as the bridge connecting the onboarding team with senior management, providing the latter with a direct and consistent view into the functioning of their business’ compliance team and program. 

Due to their heightened, often legally-bound responsibilities, the MLRO will be tasked with receiving SARs and determining whether they require action/escalation and/or referral to senior management.  

Evaluating and Auditing the Onboarding Process

The efficacy and coherence of your AML/KYC program and processes can only be truly evaluated by a robust and independent audit program. The goal of a compliance program audit will be to probe and evaluate the defensive layers of your onboarding process, with independent auditors then sharing their findings and suggesting enhancements and tweaks with senior management.

Two Fundamental Aspects of an Onboarding Audit Program

To ensure the effectiveness and integrity of an onboarding audit program, two essential components must be established.

1. Independence: First and foremost, the audit function must maintain a distinct and autonomous identity separate from individuals engaged in conducting the onboarding process and any associated anti-money laundering activities. It is imperative that audit personnel differ from those fulfilling onboarding and customer due diligence roles. Furthermore, the onboarding team should be precluded from self-auditing its own activities. The auditor/audit team should also have a direct and unobstructed channel of communication to senior management, in order to be able to effectively communicate their findings.
2. Expertise: The audit team will need to be equipped with suitable training and expertise. It will need to comprise individuals who possess independence from the onboarding function, coupled with substantial training and practical experience in AML/CTF/KYC compliance, including with regards to your specific business and jurisdiction. 

The audit team will be responsible for developing comprehensive written reports for senior management, that:

• Evaluate both the strong and weak facets of the onboarding process.
• Offer clear recommendations, complete with target dates for implementation and a roster of individuals delineating responsibilities.
• Propose any supplementary research or training recommended for both senior management of the compliance team.  

Conclusion

Congratulations, you made it to the end of our Ultimate Guide to Customer Onboarding for Compliance Teams! 

As you will have gathered, compliance is no simple task for any regulated business, and the challenge is only becoming more complex as regulations evolve to meet the growing threats of money laundering, terrorist financing and other financial crimes. 

The good news is that compliance is also becoming more attainable for smaller businesses through automated KYC/AML software that is lowering the demand on compliance teams while equipping them with robust tools for consistent and secure realization of compliance goals and responsibilities. 

If you would like to hear more about how KYC-Chain’s technology suite can help your organization reach its compliance targets, get in touch and we’ll be happy to arrange a demo.