The Role of a KYC Analyst in AML Compliance

Compliance is teamwork. Here is the blog discussing the role of a KYC analyst in AML compliance. It provides insights into what KYC analyst is, with whom the KYC analyst have to coordinate, and their roles, responsibilities, and skills necessary to conclude KYC obligations effectively in order to mitigate Money Laundering, Financing of Terrorism, and Proliferation Financing (ML/FT and PF) risks.

What is a KYC Analyst?

To understand a Know Your Customer (KYC) Analyst, it is important to have a clear idea about what KYC is in the first place. KYC is the most important component of the Customer Due Diligence (CDD) program. The KYC process helps a regulated entity to collect vital information about their customers, which helps in predicting or projecting the type of business relationship the potential customer will have with the regulated entity.

A KYC Analyst, therefore, is a natural person responsible for conducting the KYC process for the regulated entity for which they are working.

In simple words, KYC forms a part of the CDD process, which is one of the important elements of the AML obligations of a regulated entity, and a KYC Analyst is usually an employee of the regulated entity tasked specifically to conduct KYC process in alignment with the regulated entity’s customer onboarding parameters elaborately stated or forming a part of the regulated entity’s AML/CFT Policies and Procedures.

Skills and Qualifications of a KYC Analyst

Although there are no regulatory parameters prescribed for the qualification requirements of a KYC Analyst, regulated entities need to ensure that their KYC Analyst possesses the skills mentioned below so that they can execute their responsibilities adequately.

Analytical Skills: A KYC Analyst must have analytical skills. To understand this better, a regulated entity must consider what the KYC Analyst role would entail. A typical day for a KYC Analyst usually involves being assigned with customer files or cases (when using case management software) from the front desk or the customer-facing personnel. Once a case/customer is assigned, the KYC Analyst is required to analyse whether the information and documents provided by the prospective or existing customer are adequate and whether these documents are in alignment with the KYC questionnaire template or form that the regulated entity uses for onboarding customers be it natural persons or corporate entities.

This KYC questionnaire formulated and used by any regulated entity must culminate from in-depth research and analysis, which is derived from the combined outcomes of the Enterprise-Wide Risk Assessment (EWRA) and the individual customer risk that is posed to the regulated entity. The formulation of the KYC questionnaire must also entail background research and analysis of the regulated entity’s customer base. These requirements are based on the tenets of the Risk-Based Approach (RBA).

A regulated entity’s customer base could be homogenous, i.e., covering and serving only one type of customer attribute. For instance, a regulated entity could have a homogenous customer base in terms of the price range/income bracket of the customers. For example, a real estate consultant may have customers who are mostly government employees looking for value-for-money deals. Then, in such cases, the customer base of government employees forms a homogenous base and consideration of the same must be devised in the regulated entity’s (the real estate consultant in this instance) KYC Questionnaire.

With the analogy given above, it is quite straightforward to understand that to be able to do complete justice to the KYC formality to be carried out. The KYC analyst must possess analytical skills. The analytical ability of the KYC analyst will help him navigate the requirement of filling out the KYC form by taking into consideration the position and standing of the regulated entity in terms of ML/FT and PF risks it is exposed to and understanding why the KYC questionnaire has certain questions and requisites which are unique to the regulated entity. This analytical ability extends to being able to identify if a customer doesn’t belong to the said homogenous mix, then that particular customer must be dealt with enhanced scrutiny as such a customer is different from the usual sample type of customers the regulated entity deals with.

Further, the ability to analyse is required to interpret customer documents and information and to arrive at a decision whether KYC documents can be validated or not basis the authenticity and veracity of the customer documents. For instance, a KYC analyst must be able to analyse and understand the difference between the “Nationality” and the “Place of Birth” fields of the KYC template. The “Nationality” field refers to the country or countries (in case of dual nationality) whose passport the natural person [an individual customer or the Ultimate Beneficial Owner (UBO) of a corporate entity] holds. The nationality of a customer is a result of the customer fulfilling the citizenship eligibility requirements of a country, whereas the “Place of Birth” field is information generally contained in the passport, merely stating where the customer was born.

A KYC analyst must be able to distinguish the implications of nationality and/or place of birth details would have on a customer’s CDD process and risk rating, which may result in conducting Enhanced Due Diligence (EDD) measures if the customer belongs to a high-risk country.

Attention to Detail: With the examples discussed above, it can be understood that the KYC analyst is required to possess analytical skills. However, the ability to apply analytical skills originates from attention to detail. Ultimately, how can a KYC Analyst apply analytical skills if he doesn’t identify the details that need him to execute tasks accordingly? For instance, with the above-mentioned example of nationality and place of birth details, the KYC analyst will not be able to analyse information and apply adequate and appropriate CDD or EDD measures unless his keen eye is not able to identify if the passport itself is an original one or a fabricated forgery. Agreed that these days, fraudsters and criminals are coming up with counterfeit identity documents, but these are the exact situations where the skills, experience, and expertise of a KYC analyst get tested by whether he or she can successfully identify a real document from a fake one. It’s the ability to pay attention to detail that separates a mediocre KYC analyst from a specialist.

Research Skills: When it comes to the ability to research, a KYC analyst must be well equipped with research abilities that help him identify details required in KYC form. For instance, if a customer belongs to a country “X” and the customer is a corporate entity, then the KYC analyst must, as the customer is a corporate entity, strive to find out the UBOs or persons controlling the said corporate entity, to be able to do so, the KYC analyst must seek register of shareholders, share certificate, memorandum and articles of association to ascertain the UBO’s and in the meantime, the KYC analyst must be able to identify the country which has issued the commercial/trade/incorporation license or certificate to the corporate entity. After identifying the country issuing the business license to the corporate entity (Country named X in this case), the KYC analyst must research the following:

• The types of licenses the country X issues – Whether such licenses typically contain UBO details.
• Government websites and stock exchange websites of country X – Whether such websites provide UBO details.
• The status or classification of country X in the latest Financial Action Task Force (FATF) Blacklist and Grey List – Helping with suitable risk categorisation of the corporate entity, such as high, medium or low risk.
• Whether country X is a known tax haven or criminal haven with no or poor extradition policies, etc. – Helping with suitable risk categorisation and onboarding decisions.

By researching such factors, the KYC analyst will be able to successfully execute tasks such as:

• Fill out or check the accuracy of the pre-filled KYC form (in case of using a KYC automation software solution that fetches or auto-captures customer information into fields of the KYC questionnaire).
• In the event of a document or information pendency, be able to ascertain the details, such as UBO details in the case of listed companies, as such information is available on the stock exchange website or any other ministry website of such a country.

Legal Knowledge: A KYC Analyst is not required to be a legal expert. However, a KYC analyst must have fundamental and functional knowledge of CDD requirements and AML laws or KYC Regulatory Framework stating such CDD requirements of jurisdictions for which they are performing KYC. Having a basic knowledge of the AML laws would equip the KYC Analyst to navigate through their daily tasks by understanding the gravity or importance of the task they are doing. Legal knowledge will help a KYC analyst make independent decisions regarding KYC procedures and filling out or checking, verifying, and validating KYC details and documents without having to get into clarificatory correspondence with the AML Compliance Officer every now and then.

Another point where keen knowledge or expertise regarding the legal knowledge of a KYC Analyst can be judged is by identifying whether the KYC Analyst understands covered and non-covered activities under the applicable AML regime. In simple words, AML laws usually have different parameters for considering an activity, be it business of goods or service as those coming under AML regulation, for instance a regulated entity may deal with multiple products or services, out of which only a few products or services may attract AML compliance obligations and other range of product or services may not attract requirement of AML obligation, then in such cases where a regulated entity deals with both covered (goods or services governed under AML laws) and non-covered (goods and services not coming under the purview of AML obligation) then the KYC Analyst needs to be very cautious while conducting CDD as the regulated entity’s AML policies and procedures would set out for “exceptions to CDD” wherein clauses would specify the activities for which KYC measures or requirements might be nominal or non-existent.

Communication Skills: Communication is a skill without which proper execution of any professional’s tasks would be incomplete, and the same is the case with a KYC analyst. A KYC analyst needs to exhibit communication skills to fulfil communication requirements with these recipients, such as:

• Customer Facing Staff/ Front Desk: A KYC Analyst needs to coordinate with the front desk or customer-facing personnel regarding the assignment of customer documents and cases for conducting the KYC process. Also, in the event of suspicious documents or information, the KYC analyst can confer with the customer-facing personnel regarding any unusual or obvious behavioural red flags observed to develop a proper understanding of a customer while carrying out CDD formalities such as risk rating.
• Screening Analyst: A KYC Analyst needs to coordinate with the Screening Analyst to get screening formality done.
• Risk Analyst: A KYC Analyst needs to coordinate with the Risk Analyst to conduct a Customer Risk Assessment and assign a customer risk rating after considering the outcome of the screening exercise, which entails identifying if the customer is a sanctioned, politically exposed person (PEP) or has any materially important adverse media against their name that is from a valid and authentic news source. The risk analyst also takes into consideration other relevant risk factors while determining the risks associated with a customer.
• Customers: A KYC Analyst needs to be able to communicate efficiently with the customer in several situations, such as:
  • Seeking additional information
  • Seeking additional or clearer copies of identification documents
  • Communicating upcoming expiry of identification documents
  • Communicating, without tipping off, the delay while onboarding or offboarding a potentially suspicious customer indicating ML/FT or PF red flags or their name has appeared in a sanctions list.
• AML Compliance Officer: The KYC Analyst needs to coordinate with the AML Compliance on regular basis for:
  • Understanding any changes to legal and regulatory requirements impacting KYC process.
  • Investigating a customer relationship or sign off for seeking additional information from a customer for commencing EDD when any material anomalies are found that indicate deviation from previously assessed customer profile. In simple words, if any deviation found between customer’s conduct and pattern of during business in accordance with the customer profile created and risk rating assigned, then alerts are generated in a KYC software solution, notifying the KYC Analyst that anomaly is found during ongoing monitoring or transaction monitoring. Then KYC analyst is required to take steps to look into such alert and identify whether alert generated is materially important or not and in event of confusion, coordinate with the AML compliance officer for further decision and guidance.
  • Understanding the AML/CFT policy, customer onboarding and offboarding policy or standards followed by the regulated entity and get notified by the AML compliance officer regarding any changes or updates within the same.
  • Streamlining and coordinating record-keeping requirements, policies, and procedures of the regulated entity, such as how cases are to be numbered, dormancy parameters, customer data management, etc.

Customer Onboarding

A KYC Analyst is required to assist the regulated entity with the customer onboarding process once the front desk officer or customer facing personnel have proposed to establish a business relationship with a potential customer. The KYC analyst is responsible for document collection and validation of the customers for fulfilling CDD measures of the regulated entity. Additionally, a KYC Analyst must collect requisite customer information such as:

• Full name and aliases
• Identification Document Number
• Official Address Detail
• Date of Birth or Place of Incorporation
• Current Nationality
• Details as to persons associated (UBO’s in case of corporate entity)

Any other relevant information as included and considered vital according to the customised KYC form/ questionnaire/ template pertaining to the regulated entity.

Customer Due Diligence (CDD)

The collection of basic information by the KYC Analyst and assigning the same for sanctions, adverse media, and politically exposed person (PEP) screening to the Screening Analyst helps initiate the CDD process in the right direction.

CDD is an AML compliance requirement that requires regulated entities to develop customer profiles by collecting information which is verified and validated by their customers. By developing customer profiles, a regulated entity can identify the type of business relationship it shall have in future with the said potential customer and deploy adequate and suitable ML/FT and PF risk mitigation measures.

A KYC Analyst is also required to coordinate with the Screening Analyst, who takes care of the sanctions screening compliance requirements. Based on the findings and comments of the Screening Analyst, on the screening, adverse media and PEP checks, a Risk analyst can further the CDD process by assigning appropriate risk-rating as defined in the AML/CFT policies and procedures of the regulated entity.

The risk rating thus assigned gives much-required predictability with regard to the kind of ML/FT and PF risks posed by the customer to the regulated entity and takes suitable and adequate due diligence measures.

In order to undertake the CDD process perfectly, a KYC Analyst must be aware of the sub-categories of CDD, which are Simplified Due Diligence, Standard Due Diligence, and Enhanced Due Diligence, each having varying degrees of scrutiny involved based on the risk rating assigned, such as low, medium, or high risk.

Enhanced Due Diligence (EDD)

In situations where the risk rating assigned to a customer is high, the regulated entity is mandated by AML laws applicable in most jurisdictions to conduct EDD. EDD process requires the KYC Analyst to collect and validate additional information about the customer to justify the establishment of a business relationship by collecting information such as the source of funds and source of wealth and any other information deemed necessary to substantiate that the purpose of business relationship is legitimate along with the funds proposed to be utilised for the same. In simple words, KYC Analysts must strive to establish a business rationale for high-risk customers.

Record-Keeping

After conducting all the necessary CDD steps, a KYC Analyst needs to ensure that they have maintained and retained all the records of the entire CDD exercise. Right from the document collection stage, including correspondences with customers, findings of screening analyst, coordination with AML compliance officer, customer risk assessment, risk rating, further due diligence measures, onboarding decision and changes in customer circumstances, document expiries and renewals and so on until termination or cessation of the business relationship for a period notified by the relevant regulator. The KYC Analyst is also required to assist in the record-keeping of regulatory reporting.

The Role of KYC Analyst in AML Compliance

Key Takeaways on the Role of a KYC Analyst

The Role of a KYC Analyst is not an easy one and requires possession of skills such as an eye for detail, analytical skills, researching capabilities, and other complementary skills. The responsibilities and roles of a KYC Analyst in the context of AML compliance are vast and exhaustive, and carrying out the same can be made easy by relying on a range of automated solutions that a regulated entity must try, test, and validate prior to implementation to achieve KYC efficiency.