Anti-Money Laundering Checks

Has the KYC been signed off by the engagement principal?? 


Principals do NOT need to sign/review annually.


Often there will be a scan of an old PDF with a partner signature on file - if this is the case then there is evidence of initial approval and the approving partner's initials can be added to the live version of the KYC. But in the absence of this, the current / 'new' engaging partner needs to sign to confirm they are happy with the risk assessment. If the process is followed properly, partner approval only takes place at the start - they do not need to then review annually.


Date of last KYC review?


This should be done at least every 12 months. If you initial the KYC review you are saying you've done a full review of the KYC information and it is accurate.


Detail sufficient? 


E.g. is the list of directors up to date, are we clear on which directors we need to verify and why, are we clear on how the PSCs are, does the source of capital / income give more detail than just 'bank'/'owners'/'directors' etc.


AML/KYC supporting documents filed in M-files correctly? 


All AML and KYC documents should be filed in the Anti-money laundering folder on M-files


Company search completed?


For the company search, we're not insisting that evidence of the search is saved (commonly the Experian search is saved or a Companies House snapshot), but if the evidence is not saved, then the KYC should comment on what was looked at. The flowcharts state for normal and enhanced risk 'obtain full company search from Companies House including latest confirmation statement and PSC register' so if there is a comment that these had been reviewed and confirmed the shareholdings / directors were consistent with information provided by client, that would be adequate. For a UK company, this demonstrates that the company actually exists on Companies House (even without looking up an incorporation certificate).


Risk assessment 


In most cases following the Excel flowcharts or by answering the ICAP questions will give a clear risk assessment. It is important that we are detailed enough in our CDD to be able to answer the questions correctly otherwise, this could lead to getting the risk assessment wrong, for example understanding if a client operates in a red light country. This comes back to the partner approval so that the partner is signing off on the risk assessment so this responsibility is not lying with business support. In terms of the subsequent review, potentially anyone in the team can carry out the review. Ultimate responsibility will sit with the partner (if say a previously normal risk client should have become high risk due to say, a change in country traffic light status, and this missed) but managers should be supporting partners - so if a 1st year assistant had reviewed the KYC, I'd expect the job manager to have a quick look at the KYC (lighter touch than full review). The manager should spot if anything looks off eg they know a director has resigned and the KYC hasn't been updated.


Has ID been verified/Smart Search carried out? 


All clients should have a Smart Search performed. Please refer to flowcharts for guidance on whether ID is required as well.


Date of Engagement Letter? 


Must be within the last 3 years


LOE covers services provided?


Ensure adhoc services included as well as specific services


LOE addressed correctly? 


Ensure the business address on the LOE is correct


LOE signed by client? 


Ensure the copy of the LOE held on m-files is signed