An important and time consuming part of the work against money laundering is to collect and analyze customer information, enough to estimate the risk with the customer relationship. This is a work the firm has to do before they establish a business relationship. The firm has to have enough information to handle the risk connected to the customer and enough information to be able to monitor and assess the customers activities and transactions. This is an ongoing process that continues throughout the customer relationship.

Examples of information to collect are: name, address, personal identification number, company registration number, board members, beneficial owners, if there is a PEP or RCA, if the customer is subject to international sanctions, got connection to high-risk third countries or if there is some legal information such as verdicts from different courts of law.

It is also important to find out how the customer will use the offered services, if the customer will get money or send money abroad and also the source of the money. Information collected from the ongoing monitoring shall be a part of the ongoing KYC-process.

The extent of the KYC-process is subject to what risk you got in your own firm’s risk assessment regarding among other things the risk with the products and services you are offering, the geographical risk factors, what kind of customer and distribution channels you got. It is also important to monitor how the customers have been using your products.

The KYC shall be regularly updated with regards to the risk associated with the customer relationship. For a high risk customer that should be at least once a year, but for a low risk customer the KYC can be carried out with longer intervals.