Client profiling applies to your client, as well as the beneficial owner(s) and effective controller(s). By applying a profile across your client base, you can more readily identify your higher risk clients.
To establish a client profile, you first need to determine those characteristics that, if present, would increase ML/FT risk. The greater the presence of that characteristic, the greater the risk.
WHY IS CLIENT PROFILING NEEDED?
A client presents the highest risk to a business unwittingly facilitating money laundering. In other words if a client has no intent to use the products and services of your business to facilitate a financial crime, then the overall risk to ML FT occurring is significantly reduced.
The Act provides a conditional exemption to undertaking identity verification on existing clients, but this is only relevant to those clients falling into the category of the ‘standard’ due diligence level. Should any clients fall into the category of ‘enhanced’ due diligence, identity verification must be performed.
Descriptions of clients who must have enhanced due diligence applied, and therefore identity verification, include those that are (i) a trust (or another vehicle for holding personal assets), (ii) a client from a country that has insufficient AML CFT measures in place, (iii) a company with nominee shareholders or shares in bearer form and (iv) when the level of client risk dictates that enhanced due diligence should apply.
In order to make determinations under the latter criteria, client risk profiling should have been carried out across all clients.
For clients that fall into the category of ‘standard’ due diligence, section 14(1)(c) provides a conditional exemption to carrying out identity verification on an existing client only after risk has been considered – “if, in relation to an existing customer, and according to the level of risk involved, ….”.
Therefore if a client has higher risk characteristics, your business will need to perform identity verification to the standard level or enhanced level. What level is applied is determined on a risk based approach.
IDENTITY VERIFICATION METHODOLOGY
When applying identity verification to a natural person, you are confirming the full name and date of birth of your client, as well as their residential address. Identity verification can be carried out on a face-to-face level where your client will present the original of a reliable and independent identity document, such as a passport or a combination of records such as a driver licence and a bank statement.
You should take a copy of those documents either by photocopy or photograph image, noting on your business records that the original was sighted, the date it was sighted and by whom.
If it is not practical for you or your client to meet face-to-face, the client may obtain a certified copy of their identity and address verification then post those original certifications to your business.
A third option is to use electronic identity verification. This method will be at a higher cost but is the most convenient to yourself and to your client.
POLICY, PROCEDURES AND CONTROLS
When setting out your methodology for identifying existing clients and the processes relied on for onboarding new clients, your programme must have regard to the Amended Identity Verification Code of Practice 2013 (the Code).
By complying with the Code, your business will be operating within the provisions of a ‘safe harbour’. If your business elects to opt out of the Code, you must inform your AML supervisor and you must adopt practices that are equally effective, otherwise you risk non-compliance.
Kerry Grass is an executive consultant for AML360 software. AML360 provides automated compliance solutions for small and medium sized businesses. Further information: aml360software.co.nz