The 5th AML European Directive in a nutshell

On the 20th of May 2015, the European Commission adopted the 4th Anti-Money Laundering Directive, known as 4AMLD, with the express goal of preventing money laundering, tax avoidance and the funding of criminal and terrorist activities. The directive came into effect on the 26th of June 2017, significantly increasing the compliance requirements facing financial institutions and other businesses — specifically in terms of Know Your Customer (KYC) and Client Lifecycle Management.

Since then, 4AMLD has defined the KYC and AML compliance landscape across Europe, mandating a risk-based approach to existing and prospective client relationships, including the identification of key beneficiaries. The directive also includes requirements for internal company policies, encouraging an organisational culture of responsibility and vigilance.

The international business climate, however, is always evolving, and it soon became clear that the existing 4th directive was insufficient to fully address the challenges of financial crime in the digital age. This led to a collection of amendments and additions known as the 5th directive, or 5AMLD. The 5AMLD was adopted by the European Commission on the 19th of April 2018, giving member states 18 months from that date to bring it into effect in their jurisdictions.

While the new directive is fairly extensive, here are three of its most impactful amendments:

Increased regulation of virtual currencies

Over the past few years, decentralised virtual currencies like Bitcoin and Ethereum have skyrocketed into the public eye. And while it may have taken some time for regulatory agencies to catch on, the potential of virtual currencies — cryptocurrencies in particular — for money laundering and other illegal purposes is widely recognised by criminals and terrorists.

To crack down on this potential, the 5AMLD requires all member states to implement its official legal definition of a virtual currency. The directive has also been expanded to include all virtual currency platforms and custody wallet providers as “obliged entities” who need to verify customer identities and monitor transactions.

Stricter limitations on prepaid cards

The 5AMLD also shines a light on the use of prepaid cards to send money overseas, requiring the customer to be identified for all remote payment transactions of 50 euros and up. All anonymous prepaid cards issued in countries without regulatory requirements similar to that of the EU have also been prohibited.

Transparency into beneficial ownership

Another key change in the 5th directive relates to the records of beneficial ownership that businesses are required to keep (as per the 4th directive). Not only will access to these records be extended to any EU citizen — significantly increasing the transparency of that organisation — but the threshold of ownership will also be lowered from 25% to 10%. Additionally, all transparency obligations will extend to trusts operating in the EU.

As the 5AMLD is rolled out across member states, it’s important for companies like yours to take initiative and ensure compliance before it’s too late.

For more information on how to do just that, read our quick guide to KYC and AML compliance. Or if you would like to learn how KYC3 can help your company use KYC intelligence for a competitive edge, get in touch with a member of our team or start your free trial now.

5 Parts Of A Compliance Program That Helps Reduce The Risk Of Fines From The Regulators

Regulatory fines are one of the biggest concerns for compliance teams.

It’s crucial to focus on the tools and processes you have in place. While these headlines may seem like they’re from the past year, they are just two to three weeks old. This is what’s happening daily in the compliance space today.

 

Massive fines when actual money laundering and criminal activity is happening, and smaller fines but still significant, simply because a business is deemed to have an inadequate or outdated AML program, that their tools haven’t kept up with the demands of the business, and that their financial crimes team is unable to support the business as it has grown. 

 

This is very important. You need to make sure that you’ve invested properly in your AML program. If you’re worried about the status of your compliance effectiveness, and you’re overwhelmed by manual processes and the bureaucratic overload that entails, and you need to get some breathing room and you want a solution that just works, you’ve come to the right place. 

 

 

How do you begin to reduce your fines?


You’ve got to look at these five different fundamentals. You’ve got to get the fundamentals right. That means your tools and your processes, figuring out your risk tolerance levels. Once you have that, you need a customer identification program. You need to identify them properly, both businesses and individuals. You need to do due diligence on your customers. Understanding who your customers are and what they intend to do in the business relationship that you will entertain with them.

 

You also need to monitor your customers because customers change over time, and their risk profile may change. Knowing if your customer is engaging in higher risk business elsewhere, and be aware of that so that you can manage your risk appropriately. 

And finally, you need comprehensive and effective audit and reporting tools to support your business when dealing with the regulator, your board, your auditors, your shareholders, and so on.

 

If you’re looking to manage your inherent risk, the clients, the products, the countries, the channels, the other factors that generate the risk in your business, and you’re looking to boost your control effectiveness and have better governance policies, procedures, risk management, and so forth, you are not alone.

 

KYC3 is working with many clients who are just like you and want to achieve the same thing, and we are laser-focused on delivering that to companies like yours. Let me show you a bit of what we do.

 

How do we reduce your regulatory fines?


We start out with a simple dashboard that allows you to see everything that’s going on.

What is the dossier completeness? What do you have in terms of things to review? What is the risk profile of your business, and what is the profile of your clients? 

 

You also have detailed access to every single bit of data that you collect on your clients, so you can look at every dossier, and every company, and you can see all the documents, and the structure chart, which will be automatically maintained and updated in real-time. 

 

The dashboard allows you to drill through to any other individual and see their file or any entity and you can also look at the various documents that you have, and use what we call Tinder for compliance.

There is an option to accept, escalate, or reject documents, potential matches, and risk events. 

 

All of this is handled in a very easy-to-use interface, and you have a detailed audit log of every decision that’s made. The KYC3 dashboard offers full capability to deliver reports, and you can get all the data you need in an easy-to-use format that can be sliced and diced and used elsewhere.

 

You have a tagging capability that allows you to tag all of the entities in your system so that you can see them by region, by fund, by investor type, or whatever your heart desires. 

And finally, you have a complete research function, which allows you to look into the data of all the risk entities and see exactly what is there. 

 

So, before even creating a dossier for a prospect, you can do the research to understand who they are and if they represent potential risk.If you’re interested in learning more and would like to have a conversation about how we might be able to help you, please reach out and book a time.Click here

 

How to overcome the Business vs. Compliance Risk Management Argument?

In this article, Jed Grant, the CEO of KYC3 shares a short thought about getting over the business versus compliance argument.

 

He also discusses managing business risk in a way that enhances the customer experience—after all, a business is nothing without its customers. By improving risk management, you can attract more business while maintaining or lowering the level of risk. Additionally, optimizing the risk assessment process leads to cost savings, which can directly benefit the bottom line.

 

Jed says,“If we look at the traditional view of risk management that we’re all familiar with, its inherent risk plus minus controls leaves you with a residual risk and that’s your risk appetite, ideally if your controls are designed properly.

 

If we look at how those things stack up according to the Wolfsberg Group and how they decide that you should or recommend that you should do this, you look at the inherent risk sources coming from clients, products, countries, channels, other aspects and you look at the controls that you can put in place in terms of governance policies, due diligence, reporting, record keeping, et cetera. 

 

And then you’re left with your residual risk which you can decide to take certain actions against or you can accept it as part of your risk appetite. But if we take a different view, the business view of risk which is the way I prefer to look at it, we have the products and services, times the markets and channels, times the customers and that equals our business.

 

If we go back, to this stack, inherent risk is the business. So when we look at that, if you look at what business is and what it is doing, business is risk for reward. And the business aims to increase these variables as much and as quickly as possible.

 

Unfortunately, if we increase these without restraint and any controls and without abandon, with total abandon, we’ll end up with too much risk potentially, which leads to accidents, unintended consequences, and possibly disaster.

 

I mean, regulatory agencies were created because businesses had taken too much risk. Initially, it was the case that customer assets held in custody would disappear because the business took too much risk.

 

And then later on in the late 80s, as we saw the Colombian drug lords move into the cocaine business and become a real problem for law enforcement, the anti-money laundering risk, and even after that, the counter-terrorist financing efforts became more and more important. So these are the types of risks that can impact the business. We’re not talking about stubbing a toe.”

 

Jed’s experience as the Former Global Head of Financial Crimes at Stripe and a senior civilian officer at NATO gives him a deep understanding of money laundering risks, ensuring that any company he works with approaches these challenges with the utmost seriousness.

 In his opinion, ”Dealing with organized crime and terrorists is something no business should want to do. So if you look at it from that perspective of the business, the products and services times the markets and channels times the customers, and the business is at risk, well, then you have this issue of how do we apply some risk management so that we can reduce the risk and keep the same amount of business? 

 

So by adopting risk management, we lower the risk of the business, but we keep the same or more amounts of products, services, markets, channels, and customers giving us the same amount of business. So how much do we have to pay the denominator in order to do that, to deliver? Where is that balance that’s gonna work to deliver the right risk management for the business? So the aim is to maximize the denominator of the equation and do that as efficiently as possible.

 

So the internal controls and external controls times the automation is how I like to look at the denominator in this updated risk equation. And one that I think is easier for business to understand, because it’s very clear that the business is on top and the risk management is on bottom as a factor to minimize the total amount of risk. 

It’s not minimizing the business.

 

The goal is to minimize the risk for the business you get out. So your internal and external controls should be as efficient as possible. 

In this regard, throwing people at those and creating manual processes is about the least efficient thing you can do.

Digital automation is what’s known in the military as a force multiplier. So force multiplier means you get to multiply your forces using automation. 

So this is really where everybody needs to strive for.

 

If you look at it, risk managers doing manual risk controls and audits using checklists, procedures, excels, filing documents, manually writing reports, this is not where you wanna go. 

 

You wanna leverage digital automation. You wanna implement and supervise an automated risk management system.

You want risk managers who know their job, who understand technology, and who can deliver an automated risk management system that requires obvious supervision and testing to have empirical proof that it is working.

 

You can automate and multiply your forces to deliver much more efficient risk management so that the denominator becomes the most cost-efficient one you can get to reduce your risk and your business can grow as much as possible for a minimum amount of risk. 

 

So if you look at that, there has to be a better way to do this, and it is possible to do that, to have a great investor experience, avoid fines, and boost the bottom line. 

 

Most companies fail because the business on top fails to take that holistic approach of the whole equation and the relationship between the denominator and the denominator in there, and the compliance and risk teams are overwhelmed with complicated assessments, manual processes, and so forth.

 

They don’t have time, and oftentimes they also lack the know-how to do a digitization effort and to automate the processes.

 

As the CEO of KYC3, Jed says, “ So who are we, and are we a good fit? 

KYC3 is a specialist in digital compliance automation, and we’re focused on alternative finance that’s looking to digitize the entire compliance process but may be struggling with the complexity and technical challenges of integrating everything in a reasonable timeframe and within budget constraints.

 

 We’re focused on the specificities of alternative investment, private equity, wealth management, and virtual asset service providers.

 

If you want to learn more about the solutions KYC3 offers and how we can help you, take our assessment quiz to see if you’re a good fit and get a price or book a call with us.

 

We look forward to talking to you soon!

How to create a compelling compliance process in your business?

 

In this article, we’re  going to cover the summary of what you need to have an effective compliance program. You can read more about the five pillars Get the whitepaper: Setting Up a Robust and Automated Risk & Compliance Management Program.

 

Once you’ve understood these five pillars of your compliance program, your fundamentals, your customer identification, your due diligence, your monitoring, and your audit and reporting, you’ll figure out how to put them together.

 

How do you integrate the fundamentals of compliance?

All you need to do is integrate the fundamentals of risk acceptance and risk management configuration and tuning, a robust customer identification process, a standardized and comprehensive customer due diligence and risk assessment process, a continual customer monitoring process, and a structured and automated event capturing regulatory reporting and audit review process into a secure and automated digital platform. 

 

You can make your customers happier, boost your bottom line by at least 250K a year, and never face a compliance fine.

 

You also need continual improvement. Regulatory changes will occur, new requirements will come about, and new capabilities will be available. You need to deploy those, and you need to conduct your operations.

 

There's a better way than trying to put this together ad hoc

If you suspect there’s a better way than trying to put this together ad hoc, there is. You’re not alone. We focus on managing inherent risk and improving control effectiveness, and it is possible for asset managers, alternative investment funds, and transfer agents to massively improve their investor experience, avoid compliance fines, and boost their bottom line significantly.

 

Most people fail or struggle because their business does not take a holistic approach to compliance, and the teams are overwhelmed with complicated assessments and audits that involve lots of manual checking and double-checking. Also stuck with manual processes, they lack integration, and they’re overloaded with documents and different evaluation tools that rely heavily on emails, checklists, spot reviews, Excel, and integrating a diverse set of disparate tools to conclude. 

 

Are we a good fit? KYC3 is for alternative finance looking to digitize their entire compliance process, but they’re struggling with the complexity and technical challenges of integrating everything within a reasonable time and budget.

We are focused on the specificities of alternative investment, private equity, wealth management, and virtual asset service providers.

 



What happens if you work with KYC3?

You will identify your clients quickly and securely. Your clients will be able to securely upload their data directly to you.

 

You will be able to see the status of your dossiers in real time with no surprises. You will manage complex risks and compliance without worry. You can easily evaluate client-provided documentation with confidence.

 

You can see exactly where the risks are in your portfolio of counterparties. You will be able to meet your reporting requirements on time. You will be able to manage complex and dynamic KYB structures and you will get instant risk assessment updates when structures change or merge.

 

You will be able to always get the latest UBO and control charts for each dossier in your system, and get documented records of your compliance activities including customer consent, for example, for GDPR and FATCA CRS. You will analyze risk with complete and reliable records.

 

You will respond to regulators and auditors quickly and accurately. You will enjoy the benefits of a fully digital process. You will no longer rely on checklists, emails, and files scattered across folders.

 

And you will finally get rid of tedious manual remediation audits and report preparation. You can forget about audit surprises and lost documents and you can feel confident, empowered, and have a clear overview of everything under your responsibility. You will never again face an audit or regulatory review with uncertainty or doubt and you will never again be fined for non-compliance due to disorganized information or opaque processes.

 

So if you’d like to learn more, head over to KYC3 where you can find a wealth of resources, more videos, and more documents. Check out our social media and book a call with us.

We’d love to have a conversation and see if we could help you out, see if we’re a good fit, and give you a price. Book a call with us

 

How to create a strong Customer Identification Program – CIP?

The CIP is the key to how you identify the entities that you interact with, whether they be physical persons or legal entities. A strong Customer Identification Program (CIP) is essential for ensuring compliance and mitigating risk. 

 

As the second pillar in the framework for establishing a Robust and Automated Risk & Compliance Management Program, a well-structured CIP not only helps businesses meet regulatory requirements but also strengthens their overall risk management efforts.

 

In this article, we’ll delve into the key elements of creating a strong CIP and explain its critical role within the larger compliance ecosystem. To explore the other four pillars of a comprehensive compliance strategy, be sure to download the full Whitepaper.

 

What do you need for a strong CIP?

 

What you need in this customer identification program, or counterparty identification program, if you prefer to call it that, is reliable entity identification

You need a reliable means to identify the entities that your business interacts with. 

 

This means the people as well as the companies that they represent.

That also means back to the UBO, the ultimate beneficial owner. You need to understand who the people are that are behind the companies you’re interacting with. 

 

You need accurate identity verification, so you need an efficient and accurate means of ascertaining that the identities provided are legitimate and truly representative of the businesses you’re dealing with.

 

You need the entity’s objectives and history, so you need to verify the nature of the relationship and the past activities of the entity to determine that the contemplated relationship has a clear business purpose and that the entity is legitimate and representing itself for what they are. 

Remote onboarding is difficult and the levels of fraud are on the rise today, so you need an automated customer identification program to manage this risk and scale.

 

First step

 

The first step in your customer identification program is to identify the customer, and the old way is to speak to them and have them provide you with documents. You review those documents and certify the ID of the customer. 

 

The new way is to let customers complete a digital identification process on a secure portal that they can do with their phone or their computer.

The new result is that customers can onboard 24-7 automatically from the convenience of their own home or office. 

 

There’s no more need to travel to onboard a customer. This does, however, involve new challenges, but using a digital customer identity portal will improve both the quantity and the quality of your customer’s experience and will reduce fraud and provide data protection for you. 

 

 

The second step

 

The second step is to gather additional information, and the old way is to ask the customer for more documents in what is typically a back and forth done with at best email and often with telephone or even more primitive means of communication, and the old result is that you would receive these documents by various channels bit by bit and manually check and review them. 

 

The new way is to allow the customers to digitally upload those documents via the same secure portal that they onboard themselves on.

 This results in faster onboarding, document requirements are clear, and the customers are happy because it’s easier for them to complete the process and much, much more efficient.

 

By using a digital customer identity portal, customers upload all the documents they need using direct upload of PDFs, and JPEGs, take pictures as needed, use a clear and automated to-do list showing everything that they need, and you get your deals done faster and more securely. 

 

The third step

The next step is the initial verification. Once you’ve received all of these documents, you do a visual inspection in the presence of the representative in the old way, and the results depend on the experience of the particular individual and the subject, they’re subject to bias and weaknesses that may be apparent in the individual doing the job. 

 

For example, the person reviewing the documents may simply be tired and miss something that they should see. 

 

The new way of doing this is to maximize our leverage of artificial intelligence and computer vision to assist and speed up the inspection and analysis of documents remotely collected.

 

We also use programmatic means to do things such as verify phone numbers provided and obtain risk assessments from telecom companies

 

The new result is that you get better risk management, faster onboarding, and happier counterparties. So using computer-assisted verification, leveraging AI, the initial check of an identity can be programmatically advanced so that the final decision is faster, more objective, and more reliable.

 

If you’d like to learn more check out our social media, and book a call with us. We’d love to have a conversation and see if we could help you out, see if we’re a good fit, and give you a price. Looking forward to meeting you.

What is the first step in your compliance process?

To establish a successful counterparty risk management program, it is essential to focus on the five key pillars: Fundamentals, Counterparty Identification, Counterparty Due Diligence, Counterparty Monitoring, and Compliance Risk Reporting. 

By clearly defining these steps, organizations can effectively manage costs and achieve scalability through automation, resulting in transparent processes and a robust audit trail. 

In this article we are going to talk about the fundamentals, the first pillar of your compliance program. If you want to read about the other four key pillars, Get the Whitepaper: Setting Up a Robust and Automated Risk & Compliance Management Program

 

 

How do you define your risk appetite?

 

You have a risk appetite statement. This is a board-approved statement that delimits the nature, quality, and levels of risk that the business expects to manage. 

This is based on what you anticipate your risk management capacity to be and what you anticipate the risks to be within your business.

 

 

This is critical and the cornerstone of your compliance program. You have your policies. You will have AML policies, sanctions policies, bribery and corruption policies, and all the other policies necessary to establish a baseline of roles and responsibilities, scopes, service levels, and standards and expectations within your compliance program.

 

You have your procedures, your detailed procedures that ensure a standardized, objective, reliable and measurable approach to your anti-money laundering compliance program. 

And the most important, you have your people and your technology. They will determine the capabilities that you can bring to bear.

 

How to set yourself up for success? Recruit the best talent you can find. Give them the best tools for the job.

If you look at your risk appetite statement, the old way of doing this is to review the business capabilities and expected market. 

 

You estimate the risks and define an RAS, which is put forward to the board and approved. 

The new way of doing this is to define your RAS based on an empirical review of clients and products using automated capabilities and real-time processing that you can get from a system like KYC3.

 

Automate and fully digitalize your risk assessment system

Why should you develop an RAS that is based on measurable parameters from your clients, products, and markets? By using an automated and fully digital risk assessment system, you can validate the accuracy and adherence to your risk appetite

 

Step two, defining your compliance process.

The old way of doing this was to develop procedures and checklists that enable the RAS to be implemented in your organization. This would result in an operating manual detailing a system of elaborate procedures, and checklists, usually managed with tools such as Excel, Word, and email. 

 

The new way of doing this is to configure your compliance process based on the limits of a dynamic and integrated digital system to digitize the entire process.

The digitalization delivers a standardized compliance process that is leaner, more agile, and much more efficient. 

When we use automated and fully digital risk assessment systems, we can do more with less and we can adapt to regulatory changes quickly and inexpensively 

 

Step three, ensuring that your risk assessment process is reliable.

The old way of doing this is to review the risk assessments to ensure that they are consistent and the risks are properly accounted for. This would result in the manual review of tests and testing of real cases to determine if the risk assessment process was correctly categorizing and assessing the risk. 

 

The new way of doing this is to configure the risk assessment engine directly in the system and begin using it. Dynamically adjust the parameters so that the risk results filter into the correct risk levels automatically and risks are updated in real-time. 

 

The new result means that once tuned, there’s no need to review the risk assessment process as a standardized digital process is delivering provably consistent results. 

By using an automated and fully digital risk assessment system, you get a standardized, automated, and fully auditable risk assessment process.

 

If you’d like to learn more, check out our social media and book a call with us. 

We’d love to have a conversation and see if we could help you out, see if we’re a good fit and give you a price.

 

How to fully automate your audit trails?

When it comes to business achieving compliance isn’t just about meeting regulatory requirements—it’s about building a robust framework that ensures long-term success.

 

At KYC3 company, we’ve empowered numerous organizations to reach new heights by leveraging our cutting-edge technology. In this article, we delve into a crucial aspect of any successful compliance program: auditing. 

 

Specifically, we’ll explore the fifth pillar of compliance, shedding light on how a well-structured auditing process can safeguard your operations and drive outstanding results. If you would like to know which are the other four pillars of compliance, Get the Whitepaper: Setting Up a Robust and Automated Risk & Compliance Management Program.

There are several considerations for your audit and reporting capabilities.

 

Why do you need a full audit trail?

 

You need to show a full trail across all your systems and processes. 

Gaps between systems and error-prone manual steps make this difficult to do.

You need reliable audit records. These are records that are captured systematically and accurately. Manual capturing of such records is error-prone, and it’s also hard to do.

 

And you need accurate and detailed data. You need accurate and detailed data so that you can quickly answer management, audit, and regulatory questions about business activities. 

 

If you have to trawl through old data and assemble spreadsheets to answer questions, the auditing process and reporting process are slowed down tremendously.

Whereas, if that data is on tap, ready to go, you can simply pull it, process it, and answer the question. 

 

The bottom line is that audits are costly and time-consuming, and you need to have all the answers automatically collected and then available on tap if you want to scale reliably.

 

 

The first step in your audit and reporting process

So the first step in your audit and reporting process is checking your internal dossiers, your dossiers for internal compliance.

 So occasionally a specific dossier will require a full review, such as a trigger event or a transaction or an activity change, and you’ll need to review that dossier in detail and conduct an internal audit on it. 

 The dossier is then reviewed. Documents and assessments are taken into account and checked to confirm the potential change in risk level.

The better way to do this, the new way, is to have smart dossiers that basically tell you when they need to be reviewed because they know that a document has changed or that there’s new external data that has an impact upon the dossier. 

 

The new result is that the client risk levels can be quickly reviewed and confirmed whenever a trigger event occurs, and digitalization means the trigger events may even be signalled using automated API calls.

You don’t even need to manually enter any data into your system, by using an integrated digital compliance platform with smart dossiers, you can fulfil the client request 10 times faster while maintaining the proper risk and compliance controls.

The second step in your audit and reporting process

The second step in your audit and reporting process is reporting to your board. 

The board of directors requires risk updates and needs concise information to approve any exceptional cases. 

The compliance team must prepare these reports using data from various systems and processes.

 

Periodically the client’s team will review and update their overview statistics and then generate reports and details with a time-consuming process that can be included in a board pack. 

The new way to do this is to keep all your data in an integrated system with full audit trails and detailed statistics that are available on tap. 

 

Reports are available in real-time all the time, and the new result is that reports can be generated in minutes rather than hours with standardised formats and consistent data directly from the system.

 Data is also accessible by API to automatically feed complex business intelligence and decision support systems should you have those. 

 

By using an integrated digital compliance platform, you can get a 360-degree view of reports that are standardised and available all the time. This saves many man-days of work per year provides professional assurance and consists of consistent and unbiased reporting.

 

The third step in your audit and reporting process


The third step is conducting your external audits. 

Each year the auditors will want to review the process procedures and results of your risk management program. 

 

The auditors will come in, they will review the printed documents, and the procedures, confirm that the risk management program is performing as expected, note deficiencies that may exist due to regulatory or best practice changes since the last audit, and then provide recommendations on changes and updates to procedures.

 

The new way of doing this is the auditors can be given read-only access directly to the system and they can review the configuration rules and results in place, directly on the system along with the audit log, showing exactly how the system was used. 

 

They can make quick empirical observations of the entire process and result in a single system. As a result, the analyst can address deficiencies on the spot and get auditors to sign off for the configuration changes very quickly.

Having a digitally integrated compliance platform, audits and their remediation become much faster, much cheaper, and 10 times more efficient



The fourth step in your audit and reporting process


The fourth step is reporting to the regulator. 

Periodically regulatory authorities will want to review your process procedures and results of your risk management program and they’ll review the documents provided.

 

Sometimes they’ll provide a template or a questionnaire that needs to be filled out and then this information needs to be collected and provided in the format that the regulator has asked for. 

 

The new way is that the analysts using an integrated digital system can produce detailed records including the documents, assessments, and audit notes all in a single zip file for the regulator in standard formats with the push of a button. 

 

The regulators can verify that the risk management program is effective and working without having doubts as to the manual process steps and any undocumented decisions.

 

Furthermore, when they do provide templates that need to be filled out, the data can be quickly exported from the system and transformed into the answers in the template that the regulatory authority would like to see. 

 

With the integrated digital platform, the compliance process becomes holistic, transparent, and simplified so that fines for deficiencies or errors should never happen. 

 

If you’d like to learn more, check out our social media and book a call with us

 

We’d love to have a conversation and see if we could help you out, see if we’re a good fit, and give you a price. 

 

Looking forward to meeting you.

What Are The 5 Pillars Of A Robust Compliance Program 

It is possible to automate compliance that’s easy to use, but building the tools is technically very challenging and requires specific skills. KYC3 is the only team dedicated to solving this for AIFM, private equity, transfer agents, and wealth management. We’ve got more than 15 years of experience in the regtech space, and 30 years of experience in technology overall.

 

Jed Grant, the founder of KYC3 has been developing software since the 1990s, and he knows how to build systems that just work. 

So let’s get down to it. In this article, we want to run through the five major functions of your compliance program, and then we’ll share with you detailed articles on each of these pillars,coming soon.

So let's talk about the first one, getting the fundamentals right.

 

So when you work on your compliance program, you really need to understand your Risk Tolerance. You need to get your risk acceptance, get your processes, and make sure that they are well governed and reliable.

The second pillar is your Customer Identification Program.

You need a strong way to identify the entities that you interact with, and that means both individuals and corporate entities, all the way back to the UBOs and controlling individuals of those corporate entities. So you need to have the procedures, tools, and policies in place to ensure that you’re identifying your customers reliably, correctly, and with accurate determination of who they really are and who they represent.

 

 

The third pillar of your compliance program is your Customer Due Diligence.

You need to review the documentation, you need to conduct due diligence checks, you need to understand the risks, and you need to remediate those risks. 

This means that the information provided by your customers needs to be corroborated by third parties.

 

The counterparties you interact with should have proof of existence, they should be documented, and you should be able to find that they are legitimate business entities and individuals acting in the manner and for the purpose that they disclose to you. 

The fourth pillar of your compliance program is your Customer Monitoring,

and this is the ongoing monitoring of all the counterparties that you interact with, and understanding the risks involved there. 

You need to control for PEP and sanction involvement, you need to understand adverse media, and you need to understand the dossiers and reassess periodically the risk that they represent.

This means you need a deep understanding of not only your counterparties, but the products, the channels, and the geographies in which you operate with those customers. 

 

This is very important on an ongoing basis, and it means daily. 

And the fifth pillar of your compliance program is your Audit and Reporting.

You need to have reliable, accurate, and consistent reporting. 

You need data to drive your decisions, you need data to provide to your auditors, you need accurate records of who decided what, when, and who accepted which risk at what time, and you need all of these decisions well documented, well chronicled, and auditable. 

You need to be able to easily provide this information to your internal auditor, your external auditor, and your regulator.

 

If you can get all five of those fundamentals correct through your whole compliance program, you will have an efficient and effective program that will run cost-effectively in the background without causing friction for your customers, and without costing an arm and a leg. 

 

So if you’d like to learn more, book a call with us. We’d love to have a conversation and see if we could help you out, see if we’re a good fit, and give you a price.