The Elements of a Good Compliance Program

This post is also available in: it fr es

After a first contact has been established, indemnification shall be provided as soon as possible, in absence, any professional relationship – including advising – shall not proceed.

This is the golden rule of the KYC process. People, oftentimes, are not who they claim to be.

After stating the obvious, I would like to explore the know your customer (KYC) and know your business (KYB) challenges that modern industries – particularly in the financial sphere – have to deal with.

We all know that the private sector is now fully responsible for not having properly identified its customers, henceforth, it’s crucial setting a real program which should go well beyond the ‘tick-boxes’ exercise.

Money laundering, according to Europol, is the final stage of every ill gained profits; for the time being organized crime and terrorism are the biggest threats posed to the financial sector, the what is at stake, mistakes cannot be tolerated.

Inadequate KYC procedures imply, for instance, the verification of the name of the client without the address. It’s worth reminding great failing to comply with KYC requirements is, per se, an autonomous offense.

Furthermore, sufficient KYC provisions may constitute grounds for recognising suspicious transactions. In order to avoid the mistakes, any and behavior should be treated as suspicious and, consequently, flagged to be nominated officer or to the compliance department.

Everything inconsistent with the client’s normal business transactions should be further investigated. Therefore, knowing a customer’s usual activities is essential to the proactively tackle possible issues.

In my experience, there is a practice widely used by organised crime, approaching people in need to make them doing a financial transactions on their behalf. In difficult times such as the one we are leaving, particular attention should be posed by other normal activities made by problematic clients.

Commercial awareness, is, moreover, requested to perform at the risk assessment of the following criteria :

  • Clients’ source of wealth,
  • Business activities performed,
  • Financial transactions and account openings made remotely

The answer of the aforementioned defines risk level of the client (inter alia, a politically exposed person or a client based in countries under sanctions). Consequently, ad hoc procedures might be needed to mitigate the risks. For instance, whenever the relationship is established remotely, a certified copy of identification should integrate with KYC Process.

The identification of legal persons, should be based upon the following:


  •  Company proof of registration (certificate of incorporation),
  •  Registered address and any other business addresses,
  • Information concerning the board, owners and shareholders, (beneficial ownership as well)
  • A deep assessment of the company core business,
  • Copy of the board’s ( or equivalent body) decision to set a professional relationship
compliance is a multifaceted field which requires an holistic approach

I think I successfully provided the idea that simple due diligence is now gone, businesses working in high-risk fields need to be ahead of the curve demonstrating competence and proactivity as they are the best ways to protect a firm from sanctions and reputation damages.  One last point seems to be the very important; there is no limit to wrongdoers’ ingenuity, therefore KYC cannot be a standard procedure. as pictured just above, adaptability is the key of a successful KYC process.

Published by

Michele La Neve

White Collar Crime Attorney at Whitecotton Law Dedicated to Helping Clients Overcome Unforeseen Business Risks.

Leave a Reply