Supervised entities are expected to adopt a risk-based approach in setting up their own procedures and minimum criteria for customer due diligence in their customer relationships. Supervised entities must be able to demonstrate to the supervisor how they assess money laundering risks related to their customer relationships and operations, how they identify their customers, and how they know their customers and how they monitor transactions and use of services.
A customer may also be identified and his/her identity verified on behalf of a supervised entity by an agent who may be another person subject to the reporting obligation or another reliable cooperation partner. Customer due diligence data and documentation regarding a customer relationship must be delivered to the supervised entity or made available to the supervised entity without delay.
Customer due diligence requirements
- identifying the customer and verifying the customer's identity
- identifying the beneficial owner (clarification of the customer’s ownership and control structures in excess of 25%) and verifying his/her identity, whenever necessary
- identifying a person acting on behalf of the customer and verifying his/her identity, whenever necessary
- obtaining information on the nature and scope of the customer’s business
- storing the identification and due diligence data
- complying with the obligation to obtain information on, and the obligation to report, a suspected business transaction
- maintaining internal guidance, training of personnel, nominating a money laundering compliance officer (or contact person)
- developing methods for risk management and conducting ongoing monitoring of customer relationships and transactions