The goals of the business intelligence function can be short-term or more strategic but in either case they divide into two main objectives: ways to minimize risk and ways to obtain a competitive advantage. As the title of this blog indicates, we’re focused here on minimizing the short-term risk of a legitimate business being used in a money-laundering scheme.
Practitioners sometimes use the term KYC to refer to the anti-money laundering rules that prescribe the steps a financial institution must take to establish the identity of a customer and the source of customer funds. However, the procedures can be adapted for use by any type of business regarding any entity with which it transacts business, including customers, agents, partners, vendors, service providers, etc.
Confirming a person’s identity starts by obtaining the person’s name, date of birth, address(es) and identification number. If the person is an entity (company, trust, partnership, etc.), it may well be advisable to verify the identity of individuals with authority or control over the entity, depending upon the risks associated with that person. A first step in determining the risks associated with a person is a check against lists maintained by government agencies of persons such as suspected terrorists or terrorist organizations, drug traffickers, denied persons, etc. A good place to start would be the consolidated screening list of the Departments of State, Treasury and Commerce and the specially designated nationals list of the Office of Foreign Assets Control, but other lists may require examination as well.
If a check against screening lists turns up nothing, however, that doesn’t necessarily mean that no further investigation is merited. Some level of enhanced due diligence or investigation may well be required. A start is asking the person to respond to a questionnaire concerning its background and business and to supply documents, such as financial statements, annual reports, organization charts, lists of officers, directors, and key shareholders, brochures, credit reports, etc. Interviews of the person or the individual(s) in control, searching public databases, interviewing references, and conducting or engaging a third party to conduct an investigation of the person are further steps in the intelligence gathering process, again depending upon an assessment of the risks presented.
How does one assess risk? The truth is that risk assessment must be tailored to each industry sector and situation. Some typical “red flags” include the involvement of: “politically exposed persons” (an individual who is or has been entrusted with a prominent public function), tax haven or secrecy jurisdiction entities, private banks, persons in jurisdictions with high levels of corruption or trafficking of drugs, humans or arms, offshore bank accounts, transactions with no business purpose or a structure inconsistent with their business purpose, improper accounting or documentation, etc., etc.
I’ll post a blog later about the other side of business intelligence, methods, both legal and illegal, businesses seek to obtain competitive advantage (and ways to defend them).