Know Your Business
Over the last few decades, geographical, political and professional borders have undergone drastic changes. Our society is experiencing a growing awareness of the need to address corruption and to spread it globally in order to overcome it.
As a matter of fact, corruption has become an issue with worldwide connections and high costs, leading to a rise of laws on corrupt practices to bring justice and to strengthen companies’ reliability.
The Sapin II Law (FR) but also the Bribery Act (UK) and the FCPA (USA), as well as other country-specific laws, have complicated the onboarding processes within companies. The current regulatory landscape is prompting businesses to be more vigilant and encourages them to focus more on their own interests before entering into negotiations with another party.
Today’s “Know Your Business” practices are an essential tool as they help not to overlook possible corruptive actions of its own staff, civil servants, but also help an entity to verify the legitimacy of its existing and/or prospective suppliers and customers. In addition, the concept encourages the collection of personal information on the senior managers who run the operations of these client companies.
Know your Business
Know Your Business (KYB) is the due diligence review of the business and industry against corruption, fraud and money laundering techniques.
Today, trade is no longer exclusively transactional and you consequently need to perfectly understand who your counterparties are.
The KYB practices allow company to develop policies and help assessing risks and verifying the integrity of parties, whether they are suppliers (KYS), customers (KYC), distributors, agents or joint-venture business partners or subcontractors.
To avoid harming their reputation and to protect themselves against sanctions and legal proceedings, it is essential for companies to investigate possible dishonest or illicit behavior of the actors with whom they collaborate.
For this reason, a major challenge is to establish who are the Ultimate Beneficial Owner(s) (UBO), i.e. the persons who own and control these stakeholders and who really profit from the dealings.
In fact, this challenge has become a requirement since the introduction of the Fifth Anti-Money Laundering Directive (AMLD5) which decrees businesses to both report and provide access to ultimate beneficial ownership information across the European Union in order to bring more transparency to business activities to fight money laundering and to mitigate risk of financial crime at an international level.
This directive, providing information on the UBOs of the companies we deal with, reduces the intrinsic risk of unknowingly collaborating with politically exposed individuals (PEP).
PEPs present a higher risk of corruption, money laundering or other economic crimes, as they can take advantage of their influence within a government or organization.
It is necessary to distinguish between national and international PEPs (e.g. government officials, eminent political figures or senior military leaders) and persons who hold or have held senior positions in an international organization (presidents, directors, etc.), as well as their direct subordinates. If a potential customer or business partner is identified as a PEP, you must implement effective risk management by applying an enhanced due diligence procedure.
Know Your Customer
In 1970, the Bank Secrecy Act (BSA) was the most important anti-money laundering regulation in place in the United States.
Banks and other financial institutions had to comply with its obligations and its aim was to know if the proceeds from the business was being directed into bank accounts of corrupt business owners/shareholders, money launders or even terrorism financiers.
Hence, it is BSA that introduced the concept of KYC and AML.
Know Your Customer is the name given to the process of verifying the identity of a company’s customers and assessing their suitability in addition to the possible risks of illegal intents towards the commercial partnerships.
The term is also used to refer to the banking and AML regulations that govern these activities. As a matter of fact, this law has developed and now constrains to take specific measures before entering into a relationship with a client, including the ultimate beneficiaries (i.e., who directly or indirectly benefits from these trades).
Note that, at the present time, a beneficial owner in the European Union is someone who owns more than 25% of the corporate entity, though recent proposal has been proposed to cut that number to 10% to further widen the beneficiaries’ scope.
Currently, the EU customer due diligence requirements are:
Identifying the business partner and confirming its identity and legi on the basis of data collection, documentary evidence and/or information obtained from reliable and independent source(s).
Identifying the corresponding UBOs and taking accurate measures to confirm their identity to ensure that the obliged company knows who its beneficial owners are. This stage also requires that reasonable measures are taken to clearly understand the structure of the control and of the ownership.
Assessing these identities and structures and obtaining additional information concerning the real purpose and nature of the business relationships.
Depending on the previous assessment results, conducting an appropriate ongoing monitoring of the business relationship, including the review of transactions carried out all the relationship long to guarantee that the transaction that have been conducted are coherent with the company’s knowledge of the customer, its business and risk profile, the sources of funds, etc. In addition, the second aim of this supervision is to ensure that data, documents and information are well kept up-to-date.
From checking customers, the need to verify businesses thereafter emerged. The centralization of beneficiary owner data required by the fifth AMLD brought ease to the table for KYC and KYB and now, companies must know the other business they are dealing with in order to prevent trading with any shell or blacklisted companies that could call trouble for your business.
The urgency for Know Your Customer’s Customer (KYCC) in business
With more and more rules and regulations being imposed by the global regulatory authorities, it has now become important to take a look at our customers’ customers.
This concept, complementary to KYC’s, has been announced in order to better respond to the compliance process on money laundering and other frauds.
It is designed to further protect ourselves by investigating possible illicit acts carried out by one of our clients’ clients, in which we would be indirectly involved but that could have serious adverse consequences for our business.
KYCC enables businesses to achieve a higher level of security. Mainly related to the banking sector, it enables institutions to assess whether their customers’ customers are legitimate and whether each stakeholder is involved in genuine activities.
It allows companies to better manage external risks and thus build a solid protection against one of the major challenges of our time: the fight against fraud.
Know Your Transaction
Over the past decade, we have seen a tremendous interest in an innovative means of payment: cryptocurrency.
Currently, there are thousands (known and unknown) of cryptocurrencies and with their development, it has been necessary to update or develop new regulations around them to be capable of better tracking related payments in order to strengthen control on their potential use in terrorist fundraising and money laundering.
Aligned with the 5th Anti-Money Laundering Directive that marks a key development in virtual currency regulation, a concept has gained more importance as a result of the enhanced difficulty of detecting a fraudulent transaction: Know Your Transaction.
While past transactions contained mass information with them such as clearances, invoices, regulatory documents, etc., current various methods of payment lack of transparency and result in intense complexities for financial institutions.
They face weak measures around due diligence, rising complications in data recovery and they currently lack processes for transactions monitoring.
Considering these matters, experts have introduced the concept of Know Your Transaction (KYT) that mainly focuses financial businesses handling more complete, precise and granular transaction-specific data.
The aim of KYT is to check and monitor the deals made by the customers and obviously any bank or financial institution would want to master all details of these transactions, especially in the cases where a third party would be involved in the process.
These details represent a huge amount of information and would provide an understanding of the purpose and nature of the transaction in order to detect suspicious behavior and fraudulent transactions to conduct further analysis.
To achieve this goal, many institutes have already created data models deriving from several parameters such as country of origin, customer’s name, transaction patterns and type, originating bank, etc.
Of course, this analysis is conducted internally and the resulting insights from the process serve as solid evidence, hence helping institutes to hedge themselves from regulatory penalties and fraud.
Know Your Supplier
The duty to establish an internal anti-corruption and due diligence framework also extends to suppliers with whom a company does business.
For instance, since France has strengthened its anti-corruption legal arsenal with the law of 9 December 2016 on transparency, fight against corruption and modernisation of economic life (known as Sapin II), a necessity to screen its suppliers has appeared and affects all legal persons established on the territory.
As with customers, before entering into a business relationship with a supplier, the company must carry out due diligence adapted to the partner’s particular situation.
The impact of this obligation is among others significant for the Purchasing and Finance departments, with the implementation of KYS bases that will be used to analyse the compliance of our vendors.
In addition, these due diligences must be documented and archived. This archiving is essential, as it is the only way for a company to demonstrate that it has complied with its legal obligation, in order to avoid any sanctions related to an unpredictable illegal act by the counterparty.
Therefore, to make informed decisions for sourcing and procurement, KYS process is structured in key steps:
Supplier registration: in this process, that can be either carried out manually by asking suppliers to complete forms or through an online, we gather complete company, employees and top management information, supply ability in terms of financial and services/manufacturing, and others.
In addition, some other details are relevant to obtain concerning the prospective supplier, such as the credit ratings quality certifications, patents and its overall risk profile.
Once registration is complete, the supplier’s various departments will be evaluated and certain information will be independently verified and validated to determine if the relationship can move forward without risk for the business.
To ensure long-term business continuity of the relationship, a strong risk assessment is conducted to make sure suppliers have a Business Continuity Plan that would mitigate the negative impact of unforeseen events.
As mentioned, KYS due diligence should be adapted to the partner, hence the above is just a high-level overview and there could be some additional steps involved depending on the nature of the supplier’s core business as well as that of the company evaluating them.
A further step is also to apply these key steps on our vendor’s vendors to even more reduce exposure to fraud, corporate social responsibility issues and adverse media.
However, businesses generally conduct KYC and KYS screening only at the time of partners onboarding and stick to this first survey for the rest of the collaborator journey.
For both customers and suppliers, it is important to include in your risk management an incremental effort either half yearly or yearly where, regarding the same steps to follow, information provided is re-verified, updated and re-validated.