Every company is built on high-quality business information. Obtained through robust methods of broad and deep data collection, and analysed by experienced eyes to yield valuable and crucial insights, such information is essential in a company's decision making, and in understanding its market, audiences and partners in a wide variety of ways.
For example, business information can be used for market research, lead marketing, or credit risk management, but one very important application is in the crucial field of anti-money laundering (AML) and Combating the Financing of Terrorism (CFT) programmes, as well as in Know Your Customer (KYC) compliance.
In this article, we'll look at what AML/CFT and KYC are meant to do, why they're important, and how to obtain and apply business information to ensure their success.
On 11 October 2016, the Monetary Authority of Singapore (MAS) ordered the Singapore branch of Falcon Private Bank Ltd to close, due to its failure to carry out AML controls to regulatory standards, which were uncovered during investigations into banks through which embezzled 1MDB funds passed through.
AML and CFT programmes are sets of measures and best practices adopted globally to prevent such laundering incidents, as well as the financing of terrorist organisations, from happening
Set by international bodies such as the Financial Conduct Authority (FCA) and the Financial Action Task Force (FATF), they are implemented internationally by individual governments, including here in Singapore.
Due to the serious damage that could result from being used for financial crime, compliance with AML/CFT measures is mandated in more at-risk industries, such as the financial sector. It is enforced by heavy sanctions and penalties, such as business closure and criminal charges.
KYC compliance is a process that uses business information and insights to investigate, verify and monitor another party's credentials, standing, representations and activities before or while doing business.
KYC is used not only as a first line of defence in AML/CFT programmes, but also by companies even in unregulated industries, to screen and identify potential bad actors, and minimise risks of exposure to illegal activity which may lead to reputational and financial loss.
As mentioned above, KYC compliance is one of the first steps companies can use to protect themselves from inadvertently being caught in criminal or terrorist financial activity. However, beyond AML and CFT, KYC compliance also enables companies to avoid becoming victims of general fraud, misrepresentation and dishonesty.
Besides needing KYC for risk reduction, failure to carry out the required KYC compliance and other AML/CFT checks will also result in regulatory penalties, which can range from financial penalties to outright closure of the business.
Besides the closure of Falcon Bank, some other notable cases of AML/CFT breaches in Singapore include Bank J. Safra Sarasin Ltd, which was fined $1 million in April 2021, and Apical Asset Management Pte Ltd, whose licence was revoked in July 2020.
No company wants to be tarred as a supporter of terrorism, or an enabler of financial crime. On top of the financial loss from fines or closures, regulatory sanctions are also reported in the public domain, and often appear in the news. Being penalised for any AML/CFT breaches will also greatly damage the reputation of the affected company.
KYC compliance is therefore of crucial importance in avoiding these consequences.
The KYC process helps companies to satisfy themselves that their business counterparts are above board and are who they represent themselves to be, in order to create a basis for trust and collaboration.
The traditional KYC process gathers business information about companies, often as hardcopy submission and reports. This information would then be used to validate these companies' representations and discern any potential irregularities that may constitute risks. This process would sometimes also be accompanied by physical means of assurance, such as site visits and face to face meetings.
With the current COVID pandemic and its travel disruptions, traditional paper-based and face-to-face methods of verification have become very challenging, with businesses often not being able to physically inspect and verify the details of an overseas company's operations and premises. This has increased the risks arising from misrepresentation or omission over a long distance.
Amid such disruption, KYC processes have become increasingly important as the next surest way to ascertain and verify that a company is who it says it is, in order to mitigate risks as far as possible, and create a firm basis for trust and collaboration.
Whether utilised as the sole means of verification and precaution, or as part of a larger programme of compliance, such as AML/CFT requirements, a typical KYC process would comprise the following components:
This is the fundamental first step of KYC. In Singapore, business information is obtained through company searches, people profile searches, and ACRA Bizfile searches, as well as from the company itself.
The information is used to confirm its particulars and the nature of its operations, as well as to understand its corporate structure and the background of its key personnel and stakeholders. It is also used to ascertain the source of the company's capital and wealth, the nature and legitimacy of its business and transactions, and any ownership or involvement by Politically Exposed Persons (PEP) in order to assess the risk of exposure to improper, criminal or terrorist activity.
As exposure risks for a company may not arise directly from its partner, but indirectly from the organisations that the partner does business with, another important component of the KYC process is conduct checks on a counterpart's linkages with other companies and individuals, looking for riskier associations such as with, or with entities under international sanctions, through information that allows the tracing of corporate linkages.
This step of the process not only helps detect potential criminal risks, but also helps prevent potential conflicts of interest among clients during the course of normal business operations.
KYC compliance does not stop after onboarding, or with a single cycle of checks. An important part of KYC is continued monitoring of existing clients and partners, with periodic reviews utilising fresh and updated information to reassess counterparts on a periodic basis to ensure nothing has changed with regards to the company's standing.
At the same time, a good KYC process also conducts a new review whenever certain changes are detected in a company's business information.
In Singapore, the main industries required to maintain KYC compliance and observe AML/CFT regulations are the financial sector (including banks and financial institutions), the corporate services sector (including accountants and registered filing agents), as well as the legal services sector. However, many companies outside these sectors also practise KYC compliance to serve the needs of their own operations.
These KYC compliance regulations are enforced by MAS for the financial sector, ACRA for the corporate service provider sector, and the Council of the Law Society for the legal sector.
Under KYC regulations, companies in regulated industries are required to gather business information on every company they do business with, to validate facts such as the following:
Companies in these industries are also required to implement constant monitoring and regular review processes.
As organisations that handle the largest sums of money and have the highest risk of exposure to financial misconduct, the financial sector needs to use and enforce strong KYC compliance processes as part of its AML/CFT measures, not only for its own protection, but also because it is compulsory for their operation in Singapore.
These include regulated organisations such as accounting firms, law firms, and registered filing agents. Due to the roles they play, and the risk of being used to cover up fraud, money laundering, and other financial crimes, and also due to the potential for conflicts of interest, KYC checks are also important for this sector.
As another sector that manages and transacts relatively large sums of money, KYC provides an important screening process to prevent insurance fraud.
KYC compliance is used to help corporations assess and review their customers and vendors, as well as their connections, to insulate themselves against accidental complicity in money laundering or breaches of international sanctions during the course of their business.
KYC is a crucial process to minimise companies' exposure to risk and loss across a multitude of industries. Driven by accurate and timely company search information, the best business information today is offered by savvy providers like CRIF BizInsights here in Singapore, who know how to leverage on technology to enhance and automate the process, making it an ever more powerful, efficient and cost-effective tool that allows it to play a strong role in global due diligence and business risk mitigation.
Given the benefits, the importance of implementing and empowering your KYC compliance with the right business information simply cannot be overstated. Start empowering your KYC processes with data today!