Source of Funds KYC Regulations and Requirements

When dealing with source of funds (SOF) KYC regulations, it's essential to understand the requirements and regulations that govern this process.

The Financial Action Task Force (FATF) recommends that businesses verify the source of funds for all customers, with the goal of preventing money laundering and terrorist financing.

A customer's source of funds can be verified through documentation, such as bank statements, invoices, or other financial records.

In the European Union, the 5th Anti-Money Laundering Directive (AMLD5) requires businesses to verify the source of funds for all customers, with the aim of preventing money laundering and terrorist financing.

Businesses must also consider the risk level of their customers and tailor their SOF verification process accordingly, with higher-risk customers requiring more stringent verification.

In the United States, the Bank Secrecy Act (BSA) sets the stage for a regulatory framework that guides banks in their customer identification and verification processes.

The BSA requires national banks, federal savings associations, and federal branches and agencies of foreign banks to implement a customer identification program as part of their Bank Secrecy Act compliance program. This program aims to prevent and detect money laundering and terrorist financing.

The OCC's implementing regulations, found at 12 CFR 21.11 and 12 CFR 21.21, provide further guidance on the BSA's requirements.

The Bank Secrecy Act (BSA) sets out program, recordkeeping and reporting requirements for national banks, federal savings associations, federal branches and agencies of foreign banks. The OCC's implementing regulations are found at 12 CFR 21.11 and 12 CFR 21.21.

The BSA was amended to incorporate the provisions of the USA PATRIOT Act, which requires every bank to adopt a customer identification program as part of its BSA compliance program.

The OCC and the U.S. Department of Treasury periodically issue alerts and advisories concerning institutions or individuals who may be engaged in fraudulent activities or be deemed to be of high-risk for money laundering or terrorist financing activities.

U.S. banks play a key role in combating the financing of terrorism by identifying and reporting potentially suspicious activity as required under the BSA.

The AML compliance person is a crucial role in any financial institution, and understanding their designation is essential. Designation of an AML compliance person is a requirement for firms to comply with regulatory rules.

Under FINRA rules, a member's compliance personnel are required to be registered if they're performing a function that expressly requires registration. However, serving as an AML compliance person does not require registration solely as a result of that function.

Firms should review applicable FINRA rules to determine if the AML compliance person's other activities or functions require registration. Some firms may choose to register such individuals, but it's not mandatory.

Members are required to provide FINRA with the contact information for their AML compliance person, including name, title, mailing address, email address, telephone number, and facsimile number. This information must be provided through Contacts in FINRA Gateway.

Firms must review and update the contact information for their AML compliance person within 17 business days after the end of each calendar year. They must also update the contact information promptly, but no later than 30 days following any change.

Customer Due Diligence is a crucial step in verifying a customer's identity and assessing their risk profile. 91% of firms reviewed asked all customers about their Source of Wealth (SOW) and Source of Funds (SOF), which helped them better understand the overall risk profile of their customers.

To carry out customer due diligence, you must verify your client's identity based on a reliable independent source, such as a passport. You must also identify the beneficial owner of a legal person, trust, company, foundation, or similar legal arrangement and take reasonable measures to verify their identity and understand the ownership and control structure.

You must assess the purpose and intended nature of the business relationship or transaction, and in some cases, you may need to conduct Enhanced Due Diligence (EDD) measures. EDD measures include examining the background and purpose of the transaction, increasing monitoring of the business relationship, and seeking additional independent sources to verify information provided.

Here are some situations that trigger the need for EDD measures:

Remember, the presence of one or more of these factors does not automatically mean it's a higher risk situation. You must still consider the individual money laundering and terrorist financing risks posed by that client and matter.

The Wolfsberg Group's FAQ guidance, also known as the Guidance, is a valuable resource for banks and financial institutions. It provides a risk-based approach to deciding how much information to collect to corroborate a customer's Statement of Work (SOW) and Source of Funds (SOF).

The Guidance emphasizes that the type and source of information collected should depend on the customer's specific circumstances, risk rating, and the business's risk appetite. This approach helps ensure that the level of due diligence is proportionate to the risk posed by the customer.

The Guidance is specifically targeted at banks' private banking/wealth management customer segments. It aims to provide practical guidance on how to operationalize Know Your Customer (KYC) requirements effectively.

Customer Information is a crucial aspect of Customer Due Diligence. 91% of firms reviewed asked all customers about their Statement of Wealth (SOW) and Source of Funds (SOF), which is viewed as a sensible measure by the GFSC.

This helps firms better understand the overall risk profile of their customers. Understanding the source of a customer's wealth can be a challenge, but it's essential to ensure compliance with regulations.

To verify a customer's identity, you must use a reliable independent source, such as a passport. This is a requirement under regulation 27 of the MLR 2017.

You must also identify the beneficial owner of a corporate body, if different from the client, and take reasonable measures to verify their identity and understand the ownership and control structure.

Here are the key pieces of information you need to obtain and verify from a corporate body:

If the corporate body is not listed on a regulated market, you must also determine and verify:

Remember, corporate bodies are required to provide this information when you enter into a transaction or form a business relationship with them. This should assist you in carrying out your CDD checks.

Customer Due Diligence is a crucial aspect of conducting business, and it's essential to understand the requirements and best practices. Most firms reviewed by the GFSC asked all customers about their SOW and SOF, with 91% of firms doing so for total wealth and 85% for SOF.

To carry out customer due diligence, you must verify your client's identity based on a reliable independent source, such as a passport. This is a requirement under regulation 27 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017).

You must also identify where there's a beneficial owner who is not the client and take reasonable measures to verify their identity and understand the ownership and control structure of a legal person, trust, company, foundation, or similar legal arrangement. This is a critical step in understanding the overall risk profile of your customers.

According to the Wolfsberg Group's FAQ guidance, a risk-based approach should be taken in deciding how much information should be obtained to corroborate a customer's SOW and SOF. The nature of information collected and source from which to obtain it should be determined depending on the type of customers, their specific circumstances, and risk rating.

Here are some key risk indicators that firms have adopted to signal when additional SOW or SOF corroboration is warranted:

These risk indicators can help you determine when to refer to open source or specialist third-party sourced information to corroborate a customer's SOW or SOF.

Translation and Certification is a crucial step in the Customer Due Diligence process. Documents must be translated into English for international use.

Many international financial institutions will only accept a certified translation from a properly licensed translation company. This ensures the accuracy of the translation and meets their requirements.

A professional translation company will review the document and certify the English translation, producing a bilingual version.

Compliance and Reporting is a critical aspect of Source of Funds KYC. Financial institutions must use the Bank Secrecy Act BSA E-Filing System to submit Suspicious Activity Reports.

A financial institution is required to file a suspicious activity report no later than 30 calendar days after the date of initial detection of facts that may constitute a basis for filing a suspicious activity report. If no suspect was identified on the date of detection of the incident requiring the filing, a financial institution may delay filing a suspicious activity report for an additional 30 calendar days to identify a suspect.

Financial institutions are required to keep records of cash purchases of negotiable instruments, file reports of cash transactions exceeding $10,000 (daily aggregate amount), and report suspicious activity that might signal criminal activity. These requirements are part of the Bank Secrecy Act (BSA), which aims to detect and prevent money laundering and tax evasion.

Suspicious activity reports are a crucial part of financial institution compliance, and they must be filed within a certain timeframe. As of April 1, 2013, financial institutions must use the Bank Secrecy Act BSA E-Filing System to submit these reports.

A financial institution has 30 calendar days to file a suspicious activity report after the initial detection of facts that may constitute a basis for filing. If no suspect is identified, an additional 30 days may be added to identify a suspect, but no more than 60 days after the initial detection.

Financial institutions are required to keep records of cash purchases of negotiable instruments, file reports of cash transactions exceeding $10,000, and report suspicious activity that might signal criminal activity, such as money laundering or tax evasion.

Here are the key deadlines for suspicious activity reporting:

Under the Bank Secrecy Act, financial institutions are required to assist U.S. government agencies in detecting and preventing money laundering by reporting suspicious activity. This includes reporting transactions that might signal money laundering or other criminal activity.

Reports (Sofr) play a crucial role in compliance and reporting, particularly when making international payments. Proper documentation is key to avoiding delays or rejections by banks.

If you're transferring funds internationally, it's essential to properly document the nature of the transaction and the origin of the funds. This includes routine payments, which may still be delayed or rejected if proper documentation isn't available.

Transaction-related transfers, such as equipment or machinery purchases, are subject to additional scrutiny, especially if the Ultimate Beneficial Owners (UBOs) of the involved parties are Politically Exposed Persons (PEPs). This can lead to more extensive due diligence.

The Source of Funds Report (SOFR) prepared by an independent accounting firm is a baseline process to address these requirements. It's a best practice to avoid being flagged for extended due diligence when opening an account in a foreign financial institution or completing a transaction.

Even if you're not dealing with complex transactions, it's still important to have a SOFR in place to ensure smooth international payments.

High-risk customers require a more robust approach to source of funds (SOF) and source of wealth (SOW) corroboration. The GFSC advises against a "boil the ocean" approach, which can be ineffective and resource-intensive.

Firms are encouraged to use a risk-basis to determine the combination of information sources required to corroborate SOW and SOF. This includes considering factors such as the customer's profession or activities.

Some high-risk indicators that may warrant additional corroboration include:

Corroboration of information for high-risk customers is a crucial aspect of managing their relationships. The GFSC's feedback to firms is to stop boiling the ocean, as this approach is not effective.

This means that firms should not apply the same level of corroboration to all high-risk customers. The unintended consequence of this approach is that it either risks setting the bar too low or too high, both of which are undesirable outcomes.

Firms should determine the combination of information sources required on a risk-basis. The Report found that sources used by firms are evenly split between client-sourced, third-party-sourced, and open-source information.

Some risk indicators that firms have adopted to signal when additional SOW or SOF corroboration is warranted include:

Firms should make it clear in their procedures what sorts of high-risk factors require that staff refer to open-source or specialist third-party-sourced information to corroborate a customer's SOW or SOF.

High-Risk Third Countries pose significant threats to the UK's financial system due to strategic deficiencies in their national Anti-Money Laundering (AML) and counter-financing of terrorism regimes.

The UK's high-risk third countries are identified by the Financial Action Task Force's (FATF) lists on 'jurisdictions under increased monitoring' and 'high-risk jurisdictions subject to a call for action'.

These countries have deficient AML legislation, high levels of acquisitive crime or corruption, are often offshore financial centres or tax havens, and allow nominee shareholders to appear on the share certificate or register of owners.

To manage money laundering risks effectively, you should be aware of which jurisdictions are on the list and the Office for Financial Sanctions Implementation sanctions list.

You should also be alert to unexpected instructions to undertake transactions relating to one of those jurisdictions which is outside of your normal practice, and be alert to unexpected increases in instructions to undertake transactions relating to one of those jurisdictions or where the instructions are unusual given your understanding of normal practice in those jurisdictions.

Large asset transfers out of those jurisdictions are also a red flag, and you should consider undertaking further due diligence checks if you are not sure who you’re dealing with and ask more questions about the source of funds and purpose of the transaction.

Here are some key factors to consider when evaluating geographic risk factors: