Top 5 common deficiencies around KYC and CDD measures

Customer Due Diligence and Know Your Customer measures are essential to counter money laundering and terrorist financing threats. The UAE AML Laws and Regulations require regulated entities, including FIs, DNFBPs, and VASPs, to take adequate measures for conducting CDD and KYC. Often, the KYC and CDD measures employed by the regulated entities fall short of the legal requirements. This infographic highlights common deficiencies around the CDD and KYC requirements.

The regulated entities must take adequate measures to comply with the requirements of the law and, more importantly, counter financial crimes by adopting adequate KYC and CDD measures.

Shortcomings around KYC and CDD measures

1. Absence of defined KYC and CDD procedures

It has been found that some of the regulated entities do not have defined procedures for carrying out Customer Due Diligence and Know Your Customer requirements. It is essential that clear roles and responsibilities and operating procedures are established to have a uniform practice around the performance of KYC and CDD measures. The entities not having formal established procedures often end up adopting unreliable measures for ID verification and customer address verification.

2. Inadequate Customer Due Diligence

Some regulated entities do not check the customer ID and sometimes do not even ensure that the photo on the ID documents is legible.

3. Inadequate EDD measures for High-Risk customers

High-risk customers must undergo Enhanced Due Diligence (EDD) requirements. At a minimum, the regulated entities are required to obtain their ID, address proof, source of funds, and source of wealth. Further, the entities must get senior management approval before onboarding such high-risk customers or entering into a transaction with them. The payment for the items sold or services provided must come from the bank account held in the High-Risk customer’s name. Some regulated entities do not ensure this and remain at risk of regulatory fines and penalties.

4. Incomplete Documentation

Some regulated entities lack in terms of collecting complete documents from the customers. Further, information as to the nature of the business, the purpose of the transaction, and monthly/yearly account activities are seldom obtained.

5. Missing Authorizations

The KYC and CDD documents must be duly verified and authorized in line with the KYC and CDD procedures adopted by the firm. For High-Risk customers, the top management approval must be obtained. Some of the regulated entities do not have proper controls in place to ensure compliance with these requirements.

The regulated entities must ensure that they remain compliant with the legal requirements and avoid taking inadequate and incomplete KYC and CDD measures. Check our eBook “A complete guide to Customer Due Diligence” to learn more about the CDD requirements and best practices around it.