Almost 3,000 people lost their lives in the Twin Tower attacks of 2001 in New York, USA. Considered one of the greatest tragedies in the history of the country, and perhaps the world, the terrorist attack raised not only questions about the USA’s national security but also discussions on terrorist financing. Less than two months after the coordinated attacks, the landmark USA Patriot Act was signed into law. The law (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) aims to fight terrorist-backed attacks. Amongst its regulations is the identification and verification of account holders in financial institutions (Sec. 326) to track any suspicious financial activities related to the funding of terrorism. Under the section, financial institutions are required to practise minimum Know Your Customer or KYC policies and Customer Identification Procedures (CIP).

In general, KYC is the step of identifying and vetting the financial risks of a client before finalising the onboarding process. In carrying out KYC measures and CIP, banks and other financial corporations—trust companies, life insurance providers, etc.—must have a well-documented record of the client, which includes name, identification numbers and certification, address, businesses, other sources of wealth, transaction patterns and investment goals.

However, KYC policies differ between jurisdictions. Here at Bolder, we integrate anti-money laundering (AML) and KYC policies in our compliance services. To help you understand more about the importance of staying KYC compliant, we rounded up the major KYC policies and regulations in the locations that Bolder Group services. 

KYC legislations in the USA

The USA Patriot Act uses KYC policies and CIP as investigation tools to deter and combat financially-related terrorist activities and potential money laundering schemes. The Financial Crimes Enforcement Network (FinCEN) facilitates communications between them and financial institutions concerning alerts on suspicious clients.

• Financial institutions operating in the USA may be required to keep records for and file reports to the Secretary of the Treasury with regards to the identity of parties involved in transactions, their legal capacity as well as the identity of the ultimate beneficial owner of the funds, including those outside the country but has opened and maintained an account in the USA. The Secretary of the Treasury may, at any time, obtain the well-detailed record of parties involved in a transaction that may bring up money laundering concerns. (Sec. 311) 
• Governing authorities may impose regulations, conditions or prohibitions on domestic financial institutions transacting with or for payable-through accounts. This is in consideration of various jurisdictional factors, such as evidence of organised criminal activities in involved jurisdictions, anti-money laundering efforts in involved jurisdictions, the relationship between financial transaction volume and economy of involved jurisdictions, if a jurisdiction has high levels of corruption, if jurisdiction is considered a bank secrecy haven and if a jurisdiction has a mutual legal assistance treaty with the United States. (Sec. 311)
• Financial institutions with non-US citizen clients are required to practise enhanced due diligence procedures and report potential attempts of money laundering through US-maintained accounts, including private banking and correspondent accounts. Financial institutions are not allowed to maintain or manage shell banks unless declared as affiliates of a legitimate physical financial institution in the US or supervised by a banking authority. (Sec. 312)
• Financial institutions are required to verify the identity of a client seeking to open an account, through identification numbers and cards, address and the like. The institutions should also consult with government-provided lists of known or suspected terrorists and organised criminal groups to assess if the potential client’s verified name appears. (Sec. 326)
• Brokers and dealers that have registered with the Securities Exchange Commission are required to consult with and report to the commission and the Board of Governors of the Federal Reserve regarding suspicious financial activities under the Bank Secrecy Act (Sec. 356). The same rule applies to parties transacting using informal money transfer systems (Sec. 359).

KYC requirements in the Cayman Islands

In 2019, the Financial Action Task Force (FATF) evaluated the state of the Cayman Islands’ financial system, including its vulnerabilities to money laundering and terrorist financing due to its expansive financial landscape as an international marketplace. To address this, the British territory implements a ‘high level of commitment’ to ensure a robust AML and CFT framework, according to the FATF report. The territory has the Guidance Notes on the Prevention and Detection of Money Laundering, Terrorist Financing and Proliferation Financing in the Cayman Islands (amended in 2020), which provides for:

• An effective ‘compliance culture’ that seeks to strengthen the KYC regulations to protect the territory’s commercial standing, financial sector and reputation of entities and individuals. 
• Financial service providers (FSPs) in the Cayman Islands must have existing systems or approaches to AML/CFT compliance amongst their ranks. 
• FSPs with branches operating outside the Cayman Islands must have group-wide compliance programs aligned with the jurisdiction’s AML/CFT/KYC regulations. 

In addition, under the AML Regulations (AMLRs) of the Cayman Islands, FSPs are required to establish specific procedures for:

• Customer due diligence 
• Monitoring of parties’ financial activities 
• Record-keeping of transactions 
• Consultation and compliance with financial sanctions 
• Internal controls, such as staff screening and training on AML/CFT/KYC 
• Internal reporting of suspicious financial activities

KYC and AML compliance of FSPs are monitored and implemented by the Cayman Islands Monetary Authority.

KYC practices in the British Virgin Islands

In 2016, the global financial world suffered a massive blow, as 11.5 million leaked files revealed the truth behind the offshore business of high net worth individuals and politicians around the globe. Following this, governments around the world launched massive criminal investigations within the financial landscape and revisited their tax and financial regulations. The British Virgin Islands floated amongst the jurisdictions involved in this international financial scandal. According to reports analysed by the International Consortium of Investigative Journalists, the majority of shell companies unveiled from the Panama Papers investigation were registered in the BVI. 

Five years after the Panama Papers exposed the secrets of offshore finances, how does the BVI, which remains to be a tax haven for investors, tackle KYC and AML? In 2021, the Cabinet of the Virgin Islands approved and adopted the National AML/CFT Policy. The highlights of the policy include: 

• The identification of risk levels amongst BVI’s financial subsectors: banking and insolvency are considered low; insurance, investment and trust and corporate are considered medium; while money services are considered high risks. In line with this, BVI makes sure companies operating in the territory are compliant with international standards, legal arrangements and AML laws.
• To achieve the territory’s goal of combating money laundering and other financial crimes in the Islands, the policy states it will focus on supervision, enforcement, promotion of cooperation and stakeholder awareness activities. In particular, governing authorities supervise through monitoring of ongoing activities of licensees. 
• The policy did not, however, mention any specific KYC strategies, but it focused on implementing stronger measures to minimise risks of potential money laundering and terrorist financing that happens within or from the BVI. 

Before this, the BVI had already been implementing the Anti-Money Laundering and Terrorist Financing Code of Practice (2008), which provides for:

• The practice of customer due diligence (CDD) measures, to which business applicants and clients in the BVI are subject
• The practice of identifying and verifying business applicants, their target customers, as well as the intention and nature of the business and its relationships
• The practice of analysing an applicant’s source of wealth, size of business and volume of transactions
• The practice of monitoring the applicant’s existing business relationships, transaction patterns and consistency of business dealings
• The practice of identifying politically exposed persons or PEPs, their family members and associates who seek to do business in the BVI. Identified PEPS will undergo enhanced CDD. 

KYC policies in St Kitts and Nevis

‘Countries recently offering high profile Citizenship by Investment (CBI) programmes include Caribbean players St Kitts and Nevis, and Dominica, which have used CBI revenues to successfully mitigate the effects of national disasters, and Mediterranean jurisdictions, Malta and Cyprus, where they have encountered major political issues’, reports the Public Wealth Management in its 2021 CBI Index

Recently, St Kitts and Nevis allowed applicants to acquire properties in the jurisdiction worth $400 thousand and invest in what is called ‘local approved projects’ to be considered citizens. CBI, which was started by the dual island nation St Kitts and Nevis in 1984, remains controversial. The Economist reports ‘selling citizenship’ may ‘attract criminals’, ‘commercialise rights’ and ‘make life easier for crooks and terrorists’. 

To minimise the risks of CBI, St Kitts and Nevis implements CDD in relation to its CBI programmes.

• According to the 2021 CBI Index, the nation emphasised looking into the families of investors, even expanding its definition of ‘dependents’ to include siblings.
• The nation ranks first in the Index’s CBI due diligence score, as it had since 2017.
• For its real estate projects available under certain St Kitts and Nevis’ CBI programmes, the nation requires submission of payment schedules to assess the way the project is funded. 

Apart from its integration of CDD in its CBI projects, the nation of 53,000 has other KYC policies to address the issues detailed in the 2021 National Risk Assessment, including the inconsistent maintenance of KYC records, insufficient staff training on AML/KYC, absence of compliance officer and inadequate record-keeping practices. 

KYC policies in Curaçao

The island country of Curaçao is being monitored by the Caribbean Financial Action Task Force regarding its AML and CFT policies. The country has two key legislations that provide for the prevention and minimisation of ML and TF. These are the following: 

• The National Ordinance Reporting Unusual Transactions (NORUT) provides for the creation of a confidential database with information on financial transactions. NORUT allows the Central Bank to carry out AML/CFT compliance tests amongst financial institutions and related parties. 
• The National Ordinance Identification when Rendering Services (NOIS), which provides for the proper practice of CDD. The service provider is required to verify the identity of its client and the ultimate beneficial owner (UBO) of the funds or property. This includes non-resident investors. The legislation also stipulates that financial service providers are bound to keep and maintain accessible information on their clients (name, address, type of account, businesses, source of wealth, etc.) up to five years after service termination. 
• The Central Bank of Curaçao and Sint Maarten has a compliance checklist for trust service providers in the country. The checklist includes, amongst others, a licence to establish a business, an internal organisational chart and group holding structure, shareholders’ register, proof of capitalisation (source of funds, results of the investigation on the source of funds), copy of the UBO’s valid passport, bank reference letters and annual accounts. 
• Financial institutions must conduct enhanced CDD when dealing with PEPs, their families and associates, to make sure the wealth of these high-risk customers do not come from illegal activities. 

As an AML and KYC compliance services provider … 

Bolder Group keeps up with the latest regulatory requirements that our clients need to know and apply. With locations all over the world, the Bolder team near you has the expertise and knowledge when it comes to your jurisdiction’s KYC policies, AML regulations and CDD procedures. We provide our clients with the appropriate information they need to know about regulations and offer them KYC and AML compliance solutions to protect their investments and businesses. 

To know more about your local KYC policies and our KYC and AML compliance services, get in touch with our Bolder team today. 

Bolder | At the base of business

RELATED: Why KYC is a crucial security layer for FIs and investors

RELATED: Money laundering in the art market