IPSA International, Inc :: Services :: Anti-Money Laundering

Anti-Money Laundering
Frequently Asked Questions - KYC/EDD Services

Note to Non-U.S. Institutions: Certain sections of this document refer to the prevailing laws and regulations of the United States as they pertain to institutions that are regulated by U.S. regulatory agencies, whether such institutions are registered in the U.S., or are foreign-domiciled institutions that, by conducting transactions with a U.S. institution, are subject to laws and regulations imposed upon them by the U.S. regulators. If your institution is subject to additional or different regulations and you would like to learn more about how IPSA International, Inc. (IPSA) can support your institution’s anti-money laundering program, please contact an IPSA Anti-Money Laundering Specialist at (800) 997-4772 (and ask to speak with an Anti-Money Laundering Specialist) or via email at info@ipsaintl.com.

INFORMATION ABOUT ANTI-MONEY LAUNDERING LAWS , REGULATIONS AND INDUSTRY PRACTICES

1. What is Know Your Customer (KYC) and Enhanced Due Diligence (EDD)?
2. What is the background of the current KYC regulations in the United States?
3. What guidance is available regarding a customer identification program (CIP)?
4. What is the background of the current enhanced due diligence (EDD) regulations in the United States?
5. Why is conducting enhanced due diligence (EDD) important for my institution?
6. How do I determine when to conduct enhanced due diligence on a client or prospective client and how much to do?
7. How much enhanced due diligence can I perform internally as a banking professional?
8. What is a watch list and how does it relate to KYC?
9. Does IPSA conduct a screening against a watch list when its conducts its KYC and EDD services?
10. What KYC and EDD services does IPSA International, Inc. provide to its clients?
11. What types of information does IPSA’s KYC and EDD standard reports contain?
12. Does IPSA perform customized KYC and EDD services?
13. How does IPSA obtain information in order to perform its KYC and EDD services?
14. What procedures does IPSA undertake in preparing its KYC and EDD reports?
15. What types of information is IPSA able to obtain when it conducts enhanced due diligence?
16. What role do technology applications and commercial databases have in KYC and EDD?
17. Are there any differences in the types of information available inside and outside of the United States?
18. Does IPSA violate any U.S. or foreign laws or regulations in undertaking any of its activities?
19. Does IPSA contact the institution’s clients or customers when it conducts due diligence?
20. What procedures does IPSA follow to ensure that it maintains strict confidentially on behalf of its clients?
21. How are IPSA’s services different from an on-line provider of KYC or EDD services and related compliance solutions?
22. In how many and which countries is IPSA able to conduct KYC and enhanced due diligence?
23. Is IPSA able to conduct enhanced due diligence on Politically-Exposed Persons (PEPs)?
24. Is IPSA a consumer reporting agency?
25. What restrictions or conditions are there on my institution’s ability to use of IPSA’s KYC and EDD services?
26. What records does IPSA maintain in its files regarding its due diligence activities?
27. What are IPSA’s prices to conduct its services?
28. List of countries for which IPSA provides KYC and EDD services

1. What is Know Your Customer (KYC) and Enhanced Due Diligence (EDD)?

Know Your Customer ("KYC") and Enhanced Due Diligence ("EDD") are terms that refer to procedural activities undertaken by financial institutions and their service providers throughout the world in order to mitigate their risk exposure and to comply with anti-money laundering ("AML") and counter-terrorism financing laws and regulations that are promulgated by the various financial regulatory agencies. KYC refers to provisions in current AML regulations as well as published guidance that stipulate specific practices that should be undertaken by financial institutions in connection with establishing the identity of a prospective or existing customer. EDD refers to customer due diligence procedures that are required to be taken in connection with private banking and correspondent banking accounts maintained for non-U.S. persons. The specific activities undertaken for both KYC and EDD effectively increase the amount of knowledge a financial institution has about its customers, account holders, correspondent banks and other relationships and are considered one of the most effective ways in which to mitigate the potential risk of money laundering and terrorist financing at the institution.

2. What is the background of the current KYC regulations in the United States?

Certain provisions contained in the USA PATRIOT Act (the "Patriot Act") address financial institutions’ obligations in regard to their policies and procedures undertaken to identify and conduct due diligence on new and existing customers. The Patriot Act – H.R. 3162, Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act – is broad legislation that was signed into law by President George W. Bush on October 26, 2001 in response to the events of September 11, 2001. The Patriot Act established new and enhanced measures to prevent, detect and prosecute money laundering and terrorism. One important measure for financial institutions was addressed in Section 326¹ — Verification of Identification — which is commonly referred to as "Know Your Customer," or "KYC."

Final rules regarding the implementation of Section 326 were issued on April 30, 2003 by the Department of the Treasury (the "Treasury Department"), the Financial Crimes Enforcement Network ("FinCEN"), and the seven Federal financial regulatory agencies. These regulations require designated financial institutions to establish procedures to verify the identity of new accountholders.² Compliance with the regulations became mandatory as of October 1, 2003.³ The final rules were developed jointly by the Treasury Department, FinCEN, the Board of Governors of the Federal Reserve System (the "Fed"), the Commodity Futures Trading Commission (the "CFTC"), the Federal Deposit Insurance Corporation (the "FDIC"), the National Credit Union Administration (the "NCUA"), the Office of the Comptroller of the Currency (the "OCC"), the Office of Thrift Supervision (the "OTS"), and the Securities and Exchange Commission (the "SEC").

Section 326 requires each financial institution (as defined in the Patriot Act) to have a Customer Identification Program ("CIP") that describes processes the financial institution will follow to: (i) verify the identity of any person opening a new account; (ii) ensure that the institution has a reasonable belief that it knows each customer's identity; and, (iii) determine whether the name of the new customer appears on any government list of known or suspected terrorists or terrorist organizations. A CIP is an important component of a financial institution’s overall anti-money laundering and Bank Secrecy Act ("BSA") compliance program. In general, when a customer opens a new account, the CIP should require, at a minimum, the actions listed below:

Provide a disclosure statement to the prospective customer regarding the identification requirements for opening a new account;
Obtain certain identification information from the customer, including:
a) Full legal name
b) Residential and/or business physical address (not a P. O. Box)
c) Identification number issued by a governmental agency (i.e., Social Security Number or Taxpayer Identification Number)
d) Date of birth
Verify the identity of the prospective customer using documentary and/or non-documentary sources⁴.
Consult a government list to check the customer’s name against a list of known risk entities, which list should include the list published by the Office of Foreign Assets Control ("OFAC") in accordance with OFAC regulations; although not required by law, IPSA believes all institutions should consult either a single aggregated list or multiple lists of known or suspected terrorists or terrorist organizations, money launderers, fraudsters, and politically-exposed persons ("PEPs"); and,
Retain records of the process while the account is open and for a period of five (5) years after the account is closed.

The definition of an account for purposes of section 326 includes "... a formal banking relationship established to provide or engage in services, dealings, or other financial transactions including a deposit account, a transaction or asset account, a credit account, or other extension of credit. Account also includes a relationship established to provide a safety deposit box or other safekeeping services, or cash management, custodian, and trust services."⁵

The CIP regulation is not overly prescriptive and provides flexibility for each institution to customize a CIP appropriate for its specific operations. One area is which this flexibility is critical relates to the use by the institution of non-documentary resources. An institution’s CIP must contain procedures that describe the non-documentary processes that it will use to verify a customer’s identity. These procedures could include:

comparing information provided by the customer with information obtained from a consumer reporting agency, public database, or other source;
checking references with other financial institutions;
obtaining a financial statement or tax return;
personally visiting the customer's business;
a follow-up phone call after the account has been opened;
analyzing consistency between and among the identifying information provided; or
other means that the institution deems appropriate.

The institution’s CIP should also include procedures for responding to circumstances in which institution bank cannot form a reasonable belief that it knows the true identity of a customer. Among IPSA’s board range of AML services, IPSA is able to provide services to verify identification information, physical address and other pertinent information. Ultimately, however, each institution is required by law to implement the processes described in the regulations and to ensure the identity of each customer.

¹ 31 U.S.C. 5318(l).
² The press release is available at http://www.ustreas.gov/press/releases/js335.htm.
³ The press release and attached final rule are available on the Board of Governors’ web site at http://www.federalreserve.gov/boarddocs/press /bcreg/2003/200304302/default.htm
⁴ When it is not possible to obtain sufficient documentary identification, the bank must satisfy itself of the customer's identity using non-documentary means. This might occur when (i) an individual is unable to present an unexpired government-issued identification document that bears a photograph or similar safeguard; (ii) the bank is not familiar with the documents presented (e.g., an out-of-state driver’s license or a document issued by a foreign government); (iii) the customer opens the account without appearing in person at the bank; or (iv) other circumstances that increase the risk that the bank will be unable to verify the true identity of a customer through documents.
⁵ 31 C.F.R. §103.121(a)(1).

3. What guidance is available regarding a customer identification program (CIP)?

To assist banks in complying with the provisions of section 326, the Agencies issued Frequently Asked Questions Relating to Customer Identification Program Rules Issued Pursuant to the USA PATRIOT Act in January 2004⁶. This document includes guidance on the definitions of account, bank, and customer; information requirements; customer verification; required records; retention of records; the Section 326 list of terrorists; customer notices; and reliance on other financial institutions.

⁶ The Federal Reserve issued Frequently Asked Questions Relating to Customer Identification Program Rules Issued Pursuant to the USA PATRIOT Act as SR 04-2, which is available on the Board of Governors' web site at http://www.federalreserve.gov/boarddocs/srletters/2004/sr0402.htm.

4. What is the background of the current enhanced due diligence (EDD) regulations in the United States?

Enhanced due diligence refers to requirements promulgated under Section 321 of the Patriot Act that require financial institutions to undertake in connection with correspondent and private banking accounts maintained for non-U.S. persons. Section 321 requires all U.S. financial institutions that maintain correspondent or private banking accounts for non-U.S. persons to establish appropriate, specific and, where necessary, enhanced due diligence policies, procedures and controls ("PP&C") that are designed to detect and report instances of money laundering through those accounts.

For private banking accounts, the regulations create minimum anti-money laundering due diligence standards. These standards apply to any private banking account that is requested or maintained by, or on behalf of, a non-U.S. person. The standards effectively require that the institution’s PP&C, at a minimum, ensure that the institution takes reasonable steps to:

ascertain the identity of the nominal and beneficial owners of the account;
ascertain the source of funds deposited into the account in order to guard against money laundering;
report any suspicious transactions; and,
conduct enhanced scrutiny of any account that is requested or maintained by, or on behalf of, a senior foreign political figure, or any immediate family member or close associate of a senior foreign political figure that is reasonably designed to detect and report transactions that may involve the proceeds of foreign corruption.

Enhanced due diligence procedures vary by institution and should be appropriate to the nature of the institution’s business.

5. Why is conducting enhanced due diligence (EDD) important for my institution?

In addition to ensuring compliance with anti-money laundering laws and regulations, enhanced due diligence is simply the most effective way to mitigate an institution’s overall risk exposure to money laundering, terrorist financing and fraud. While the problems presented by these illicit activities are acknowledged to be a significant worldwide phenomenon, their occurrence within a single institution is often less obvious and difficult to detect until a specific event has transpired – at which point the risk exposure for the institution has increased dramatically. For institutions that have encountered such an event, it is quickly understood that deliberate deception and misrepresentation are the primary methodologies used to victimize them.

Conducting enhanced due diligence is the critical practice by an institution of exercising care and prudence before entering into a new customer relationship or transaction or after it has raised concerns regarding the legitimacy of an account’s activity or a specific transaction. Therefore, beyond meeting an institution’s regulatory requirements and reducing its exposure to civil and criminal liabilities, enhanced due diligence protects all of the institution’s fundamental assets – its clients, balance sheet, employees, senior management, shareholders and, most importantly, reputation in the marketplace and integrity with the regulators.

6. How do I determine when to conduct enhanced due diligence on a client or prospective client and how much to do?

The determination of when a prospective or existing client or transaction merits enhanced due diligence should be determined by your institution’s specific KYC and due diligence policies and procedures and risk rating protocol as well as the regulations that govern your institution. In addition, in situations where you have some specific concerns about a new or existing client, when your customer files are incomplete or inadequate and when you suspect potentially illicit transactions, you should consider conducting enhanced due diligence.

The level of due diligence to be performed by your institution is a matter that can only be decided by the appropriate personnel within your organization. In general, IPSA recommends that clients perform a level of due diligence that: (i) complies with regulation; (ii) is consistent with the institution’s specific policies and procedures; (iii) satisfies the institution’s primary concerns regarding the client or prospective client (e.g., an institution wants to identify any contingent financial obligations for a commercial loan applicant); (iv) addresses any specific issues that may have been surfaced in the institution’s normal due diligence procedures (e.g., the institution was unable to verify a prospective client’s business affiliation) and (v) is consistent with the types of information that are available to you.

7. How much enhanced due diligence can I perform internally as a banking professional?

That depends on your institution’s access to a variety of informational resources and your particular experience in conducting investigative research. In general, many banks – through a combination of the account managers’ interaction with a client and the compliance officers’ informational resources – are able to perform a fair level of due diligence on a client or prospective client. However, there are many situations, especially outside of the United States, where the only effective way method by which to conduct enhanced due diligence requires using an investigative professional who can access the necessary information and undertake the proper activities in that jurisdiction.

8. What is a watch list and how does it relate to KYC?

Under Section 326 of the Patriot Act, financial institutions are now required, in connection with their CIP, to "...consult a government list to check the customer’s name against a list of known risk entities, which list should include the list published by the Office of Foreign Assets Control ("OFAC") in accordance with OFAC regulations; although not required by law, IPSA believes all institutions should consult an aggregated list of several individuals lists of known or suspected terrorists or terrorist organizations, money launderers, fraudsters, and politically-exposed persons..."

There are numerous watch lists available for screening and consultation that are published by both governmental agencies as well as a variety of private companies and organizations. Several private companies offer commercially a variety of aggregated watch lists which contain literally hundreds of thousands of names of known or suspected terrorists, money launderers, narcotics traffickers, fraudsters, arms dealers and other white-collar criminals, as well as politically-exposed persons ("PEPs"). These lists were designed so that a client institution can screen the name of a potential or existing client, whether an individual or entity, in order to identify potential accounts or relationships that may pose a higher level of risk to the institution. These databases are typically aggregated by the service provider based upon its independent research of lists of terrorists and terrorist suspects published by governmental agencies, government sanctions, regulatory warnings, civil litigation, criminal indictments and media sources as well as investigative research.

The use of a watch list to screen potential and existing clients is a highly effective risk mitigation tool and a critical component of an overall KYC program. Most of IPSA’s financial institution clients perform some form of watch list screening using a variety of systems and procedures and most of these institutions have found this step to represent a highly effective method of identifying risk exposure in the institution. Best practices in the industry involve initial screening of a prospective client (at account opening) as well as remedial screening of an institution’s account base on a regularly scheduled basis.

9. Does IPSA conduct a screening against a watch list when its conducts its KYC and EDD services?

Yes. If the scope of IPSA’s due diligence services includes researching criminal history, IPSA will, as part of it’s normal and customary KYC and enhanced due diligence procedures, conduct a screen against a variety of watch lists.

10. What KYC and EDD services does IPSA International, Inc. provide to its clients?

IPSA provides a comprehensive range of professional and consulting services to assist institution’s in complying with various anti-money laundering regulations and in mitigating the risks associated with conducting business with entities or customers who have not been identified satisfactorily to the institution or who are suspected of conducting illicit activities. IPSA’s services are offered to institutions that conduct business all over the world and IPSA is able to support due diligence activities in over 75 countries. IPSA provides the KYC and EDD services described below:

IPSA’S KYC/EDD SERVICES

Watch List Resolution – IPSA conducts investigative research in order to confirm or disconfirm whether or not a U.S. or international client or prospective client is the person whose name has been identified on a watch list. Because many watch lists do not contain adequate identification information, IPSA is able to support an institution’s screening process by verifying whether a client is that same entity identified on the watch list. IPSA’s WLR services are typically utilized when an institution is unable to confirm or disconfirm the client’s status in regard to an alert surfaced by a watch list. Because there are a wide variety of watch list screening services, IPSA’s services in this area are typically customized to ensure an efficient process for the institution. IPSA’s WLR services typically involve a multi-step process that includes:

a) Receiving certain information about the institution’s client or prospective client and the watch list screening alert that was surfaced in connection with the client or prospective client;

b) Conducting investigative research to compare a variety of "identifiers" for both the client and the alert subject;

c) Rendering a final decision as to whether the client or prospective client is the alert subject (a "confirmed hit" or "confirmed match") OR is NOT the alert subject (a "false positive"); and,

d) Preparing a report for the client that indicates the process and results of IPSA’s investigative research.
Know Your Customer (KYC) – IPSA offers two (2) standardized KYC reports:

a) ID Verification Report – This IPSA report allows an institution to verify a client’s identification and address information, including confirming that the client’s address is valid.

b) Criminal Check Report – This IPSA report allows institutions to both verify a client’s identification and address information as well as review any negative indicators that may be surfaced in any criminal inquiries or media searches.
Enhanced Due Diligence (EDD) – IPSA offers three (3) standardized EDD reports:

a) Negative Indicators Report – This IPSA report allows institutions to: (1) verify the identification and address information, (2) review negative indicators surfaced in any criminal inquiries or media searches, (3) review business interests, and (4) review litigation proceedings.

b) Full Detail Report – This IPSA report allows institutions to: (1) verify the identification and address information, (2) review negative indicators surfaced in any criminal inquiries or media searches, (3) review business interests, and (4) review litigation proceedings, and (5) review information sourced in connection with confidential inquiries regarding financial viability, reputation and business practices.

c) Custom Report – IPSA's Custom Report allows institutions to determine the scope and depth of their enhanced due diligence inquiries on an individual or entity and to have IPSA conduct these inquiries in multiple international jurisdictions. Level III Custom Reports are not subject to standardized pricing and report delivery timetables.

11. What types of information does IPSA’s KYC and EDD standard reports contain?

The table below presents a summary of the types of information that are contained in IPSA standardized KYC and EDD reports.

SUMMARY OF THE INFORMATIONAL CONTENT OF IPSA’S ONLINE KYC AND EDD REPORTS

	KNOW YOUR CUSTOMER (KYC)		ENHANCED DUE DILIGENCE (EDD)
	ID Verification Report	Criminal Check Report	Negative Indicators Report	Full Detail Report	Custom Report
Personal Data Verification					To be determined by the client
Personal identification documents	X	X	X	X
Address verification and validity	X	X	X	X
Criminal History
Criminal court proceedings		X	X	X
Criminal records		X		X
Media References
Newspaper/periodical search		X	X	X
Assets
Real estate and other holdings			X	X
Business Interests
Corporate affiliations			X	X
Corporate records			X	X
Litigation History
Civil litigation			X	X
Labor litigation			X	X
Confidential Inquiries
Confidential inquiries				X
*Report delivery timetable*	To discuss the availability of information in a specific country, pricing or delivery timetables, please contact an IPSA Anti-Money Laundering Specialist at (800) 997-4772 or via email at info@ipsaintl.com
*Cost*

All of IPSA’s KYC and EDD reports are prepared in a highly confidential manner; at no time does the institution’s client or customer become aware of IPSA’s involvement in the due diligence process or that any specific activity related to due diligence is being or has been performed by IPSA (unless disclosed by the client institution to its client). IPSA’s KYC and EDD services are provided in the context of the firm’s anti-money laundering group practice which provides financial institution clients and their legal counsel with a broad array of professional AML services. IPSA’s services are designed to represent a value-added service to the institution and to support sound institutional practices that make strong business sense. To learn more about IPSA International’s anti-money laundering services, please click here.

12. Does IPSA perform customized KYC and EDD services?

Yes. Many of the enhanced due diligence assignments as well as all of the professional AML consulting assignments performed by IPSA are tailored to address the client’s specific requirements and the circumstances of the assignment. For all customized assignments, IPSA will provide a quote for professional fees prior to the commencement of the assignment. IPSA’s services are designed to add value to a financial institution’s existing procedures and overall business; therefore, IPSA prefers to dedicate the appropriate amount of time initially, prior to commencing an assignment, in order to learn about an institution, its practices and about the specific issues it seeks to address. During an initial consultation, IPSA’s professionals will typically pose numerous questions and request certain information from the prospective client. Typically, in preparing for a customized due diligence assignment, IPSA will inquire with the client about the specific due diligence activities that are requested⁷ as well as about any specific circumstances of which IPSA should be aware. In general, the types of due diligence information that IPSA’s clients request are described further below. If you have any specific questions about customized due diligence service, please contact an IPSA Anti-Money Laundering Specialist at (800) 997-4772 or via email at info@ipsaintl.com.

⁷ Certain types of information that are available in the United States are not available in foreign countries. Please consult IPSA’s country profiles to determine the types of information that are available in each country.

13. How does IPSA obtain information in order to perform its KYC and EDD services?

IPSA’s primary objective for each and every client is to provide comprehensive, accurate and useful information to the level of detail required by the client to satisfy its specific objectives. IPSA’s services are designed to add significant value to the processes that are normally undertaken within the client institution pursuant to its KYC and EDD policies and procedures.

In order to provide KYC and EDD services, first IPSA researches, identifies, collects, analyzes and interprets information concerning a due diligence subject (whether such information is sourced online or at a physical location in or out of the United States). Critical to IPSA’s success and to the value-added that IPSA provides its clients in the due diligence process is its unparalleled access to its global information network that comprises over 500 associates located in over 75 countries. Through this network, IPSA is able to source and access a broad array of due diligence and intelligence information concerning individuals and entities in every state in the U.S. and in most countries around the world.

In the United States, IPSA is able to source publicly available information through a variety of online sources as well as through various public archives that are located at Federal, state and local governmental and municipal facilities across the U.S.

Outside of the U.S., much of the information that is available to IPSA from foreign jurisdictions is accessible only through in-country resources. For example, in certain countries, publicly available documents concerning such matters as criminal records or civil litigation are available only to a person who is both legally entitled to access such records and who is able to visit the physical location at which such documents are archived. In the normal course of its business, IPSA maintains contractual professional relationships with over 500 associates who are based in over 75 countries (to review a list of the countries serviced by IPSA, please click here). These associates facilitate the timely and efficient sourcing and delivery of sensitive, confidential information to IPSA’s professionals and form a highly valuable information and intelligence network available only to IPSA professionals. It is through this information and intelligence network that IPSA’s professionals are able to source confidential information, analyze it and prepare a thorough and accurate due diligence report concerning a prospective new account relationship or existing client of an institution.

14. What procedures does IPSA undertake in preparing its KYC and EDD reports?

While the types and levels of information that a client may receive through IPSA’s services differ based upon the type of service requested and the geographic locations in which the due diligence is conducted, IPSA’s due diligence process is rigorous and based upon a highly disciplined process. Once IPSA receives the information required from the client regarding the due diligence subject, IPSA’s investigative professionals commence an information sourcing process that may include both online and offline information sources. Following an extensive research and collection process, IPSA’s professionals undertake an analysis of the information that has been sourced in order to interpret and, if necessary, corroborate any information. Once the analysis of the information has been completed, IPSA’s professionals prepare a final report that will be provided to the client. Critical to IPSA’s success and to the value-added that IPSA provides its clients in the due diligence process is its unparalleled access to its global information network. IPSA’s utilization of a highly standardized, rigorous procedure to conduct due diligence ensures the highest level of quality, accuracy, consistency and reliability in its reports.

15. What types of information is IPSA able to obtain when it conducts enhanced due diligence?

The specific types of information that IPSA can access through its information and intelligence network in the United States and internationally⁸ include (although not in every case) the following:

Personal Information and Verification (e.g., verification of government issued identification number, verification of address)
Criminal History (e.g., criminal records, prison records, most-wanted lists ,watch lists of terrorists, money launderers, fraudsters and sanctioned entities)
Litigation History (e.g., lawsuits and legal proceedings, bankruptcy filings, judgments and liens, tax liens)
Asset Holdings (e.g., real estate ownership/interests, mortgage deeds, vehicle/vessel/aircraft ownership/registrations)
Corporate Interests and Affiliations (e.g., officers and directors, shareholders, subsidiaries and affiliates, creditors and debtors, key customers and vendors, regulatory filings)
Financial Viability
Professional History Verification (e.g., licenses, certifications, regulatory actions, disputes with employers)
Education History Verification (e.g., degrees awarded, awards and educational activities, publications)
Media Search (e.g., newspapers, periodicals, libraries, archives)
Inquiries with Regulatory Agencies
Inquiries Regarding Corruption and Illicit Activities
Inquiries Regarding Reputation and Affiliations

⁸ Certain types of information that are available in the United States are not available in foreign countries. Please consult IPSA’s country profiles to determine the types of information that are available in each country.

16. What role do technology applications and commercial databases have in KYC and EDD?

Technological and commercial database applications play a significant role in most AML programs and generally render the KYC and EDD information collection and analysis processes vastly more efficient. In the current anti-money laundering compliance environment, numerous companies offer technology-based and automated solutions for customer due diligence, many of which market their technology solutions as a "complete solution for KYC compliance." Certainly many of these types of services offer invaluable information to their clients and represent a necessary and critical component of any AML program (such as, for example, a watch list database company that allows an institution to screen its accounts against, in some cases, more than one million names of entities that have been identified as 'risky'). As you consider various technological services to support your institutional due diligence requirements, beware of the marketing presentations that some service providers proffer. No automated technology application can possibly support a "complete due diligence solution" because of the fragmented nature of the information marketplace, the likelihood that information contained in one or more databases is partially or wholly inaccurate and requires an experienced analyst or investigator to corroborate and vet such, and that almost all of the information that is available publicly outside of the United States requires a person who is located in a specific country to access such information. IPSA’s KYC and EDD services rely upon a process of sourcing data from literally dozens of online and offline databases, some of which are only available to licensed private investigators, the use of associates who are based in over 75 countries to source information and the critical human intelligence factor to vet, analyze and interpret the information that is being collected.

17. Are there any differences in the types of information available inside and outside of the United States?

Yes. There are several fundamental differences in both the types of information available and the access to such information in the public domain. The United States is generally considered to be a very open society in terms of the types of information that are available and the ease with which such information is accessible. In general, a tremendous amount of detailed, personal information is available across most states including information concerning address history, driving history, marriage and divorce, criminal records and litigation as well as real estate, vehicle and vessel ownership. Much of this type of information is available online.

BEWARE OF COMPANIES THAT ADVERTISE "DETAILED BACKGROUND REPORTS" ON THE INTERNET. There are numerous websites that advertise "comprehensive national background checks" for less than $100 for an individual inquiry; often these sites only require that a name, address, social security number and/or approximate age or date of birth be entered online in order to conduct the inquiry as well as credit card information for billing purposes. The results from these online searches are often provided online within as little time as a few hours to a few days. Please beware: the results vary extensively in terms of the quality and accuracy of the information being provided, primarily because the information is being organized through an automated process that offers little to no human analysis. While the veracity and legality of many of these commercial websites are often unknown, in general, these types of background investigation services are available widely in the United States and several reputable commercial service providers offer such services to law enforcement and licensed private investigators as well as prospective employers and other businesses. IPSA always counsels its clients to conduct thorough due diligence on any service provider offering these types of services, especially because of the sensitive nature of the information being sought and reviewed. It is critical that your organization conduct proper due diligence on the licensing, backgrounds, business practices and collection methods of any service provider that offers these types of services.

Outside of the United States, the informational landscape changes drastically. Most of the societies outside of the United States maintain very closed or limited access to detailed personal information. For corporations, there are numerous jurisdictions that maintain strict secrecy laws that prohibit the disclosure of most information concerning entities that are registered in the jurisdiction. Much of the information that is available outside of the U.S. is disorganized and no single information clearinghouse exists. Information gathering in most international jurisdictions relies upon a combination of online and offline research, information requests made through resources that are located in the subject country (persons who are able to obtain because of their physical presence in the local marketplace certain documents from public registries) and highly confidential inquiries made with very reliable intelligence sources that are contracted to conduct such inquiries. Much of what may be learned about an individual or entity based in a foreign jurisdiction is accomplished through the "soft information" that comprises most intelligence, such as a person’s professional reputation and social affiliations. Often, this type of information, if it has been sourced in a reliable, ethical manner by a highly experienced investigative professional, is relatively more useful in a decision making process for an institution. Typical issues include potential corruption by politically-exposed persons, narco-trafficking, and other illicit activities.

18. Does IPSA violate any U.S. or foreign laws or regulations in undertaking any of its activities?

No. Under no circumstances do any of IPSA’s full- and part-time professionals violate any laws or regulations in the United States or in any foreign country while conducting their activities on behalf of the firm or any of its clients. IPSA’s business activities and operations are licensed and regulated in the United States by various Federal, state and local government agencies. IPSA maintains various licenses in numerous states to, among other things, function as a private investigative agency in a specific jurisdiction and to employ and manage licensed private investigators that perform services in such capacities. Most of the professionals who are employed by IPSA maintain individual private investigator licenses as well as other industry and specialist designations and certifications, have undergone specialized training and have had thorough background checks performed on them. Certain information regarding IPSA’s private investigation agency and related registrations can be located on websites hosted by various state regulatory and licensing agencies. If you would like to discuss or review information concerning IPSA’s professional licenses and registrations, please contact an IPSA Anti-Money Laundering Specialist at (800) 997-4772 or via email at info@ipsaintl.com.

19. Does IPSA contact the institution’s clients or customers when it conducts due diligence?

No. Unless specifically requested to contact the institution’s client, IPSA does not contact the subject of its due diligence inquiries. In addition, to the extent IPSA has been requested by the institution to conduct highly confidential inquiries regarding a subject’s reputation, IPSA ensures that its inquiries are conducted with third parties and in such a manner that the subject remains unaware that the inquiries have taken place. If you have specific needs or requests, it is best to discuss these with us prior to beginning any due diligence assignment.

20. What procedures does IPSA follow to ensure that it maintains strict confidentially on behalf of its clients?

As a matter of course, IPSA’s professionals, agents and independent subcontractors respect the confidential nature of our clients’ business activities. In the course of entering into a new business relationship, IPSA enters into a confidentiality agreement with its clients prior to receiving any sensitive information in connection with its assignments and requires its representatives, agents and independent sub-contractors to adhere to the terms of those agreements. To the extent that IPSA’s professionals need to source any of the required due diligence information using an independent subcontractor, IPSA works only subcontractors that are, through IPSA’s experience, highly reliable and trustworthy, and with which IPSA has entered into a contractual legal relationship that governs the confidentiality with which the contractor conducts its business practices.

21. How are IPSA’s services different from an on-line provider of KYC or EDD services and related compliance solutions?

The primary difference in IPSA’s services and an on-line provider of information services is that IPSA’s KYC and EDD services are performed by highly experienced professionals and NOT with an automated computer program. IPSA’s services DO NOT generate a generic report through an automated computer program, DO NOT rely solely upon online information sources and DO NOT rely solely upon one source of due diligence information. Essentially, all of IPSA’s clients benefit from the experience and expertise of a staff of highly trained professionals – the human intelligence factor necessary to prepare meaningful and reliable due diligence reports – and NOT an automated information process. IPSA believes that the only method by which to conduct effective due diligence on an individual or entity is to utilize a broad variety of information sources, many of which will likely exist only in a subject’s country of domicile, and to have an experienced professional analyze and interpret such information.

22. In how many and which countries is IPSA able to conduct KYC and enhanced due diligence?

In over 75 countries, IPSA maintains professional relationships with over 500 associates who are based in-country. IPSA’s associates serve in an information or intelligence gathering capacity on behalf of IPSA and its clients. To review a list of counties in which IPSA can conduct due diligence, please click here.

23. Is IPSA able to conduct enhanced due diligence on Politically-Exposed Persons (PEPs)?

Yes. IPSA is able to conduce due diligence on an individual or an entity in most parts of the world, regardless of the person’s professional standing or position within a government or governmental agency and regardless of the person’s country of residence or residential history.

24. Is IPSA a consumer reporting agency?

No. IPSA is not a consumer reporting agency and information obtained through IPSA’s KYC and EDD services must not be used to determine a consumer’s eligibility for: credit or insurance for personal, family or household purposes; employment; or a government license or benefit; or any other purpose regulated by the Fair Credit Reporting Act⁹ ("FCRA").

In addition, clients should be aware that, to the extent you desire information concerning an individual’s credit profile in the U.S., pursuant to the regulations promulgated by the FCRA, authorization and consent are required from the due diligence subject in order to obtain legally any credit information.

⁹ 15 U.S.C. §1681 et seq.

25. What restrictions or conditions are there on my institution’s ability to use of IPSA’s KYC and EDD services?

IPSA’s KYC and EDD services are offered only to established financial institutions and businesses that agree to use IPSA’s services and the information obtained through IPSA for a lawful business purpose. Any party that engages IPSA to provide services will expressly agree in a definitive legal contract that it shall not request, and IPSA shall not perform, any service that involves any unlawful, immoral, or unethical activity. IPSA reserves the right in its sole discretion to terminate any service immediately upon notification of any such activity and IPSA shall not be liable for consequences in connection therewith. IPSA reserves the right in its sole discretion to decline to provide its services to any party.

26. What records does IPSA maintain in its files regarding its due diligence activities?

By law, because IPSA is registered in various states as a private investigative agency, IPSA is required to maintain case files that include certain documents and information about any case matters that are undertaken by IPSA in the normal course of its business. While various state regulations governing these document retention policies varies, in general IPSA is required to maintain all pertinent records that pertain to assignments conducted by the agency for a period of five (5) years.

27. What are IPSA’s prices to conduct its services?

If you are interested in reviewing IPSA’s fee schedule for its services, we request that you contact an IPSA professional. IPSA encourages all prospective clients to consult with an IPSA representative to discuss the appropriate services for your institution.

28. List of countries for which IPSA provides KYC and EDD services.

North America (IPSA offices)

United States (Atlanta, Chicago, Dallas, Los Angeles, Miami, New York, Phoenix, San Francisco, Seattle)
Canada (Toronto, Vancouver)
Mexico (Mexico City)

Central America

Belize
Guatemala
Costa Rica
El Salvador
Honduras
Nicaragua
Panama

South America

Argentina
Bolivia
Brazil
Chile
Colombia
Ecuador
Paraguay
Peru
Uruguay
Venezuela

Caribbean

Bahamas
Bermuda
British Virgin Islands
Cayman Islands
Dominican Republic
Haiti
Jamaica
Puerto Rico
U.S. Virgin Islands

Europe

Bahamas
Austria
Belgium
Cyprus (Nicosia)
Czech Republic
Denmark
France (Lyon, Paris, St. Raphael)
Germany (Berlin, Cologne, Dortmund, Hanover, Munich)
Gibraltar
Greece
Guernsey
Ireland (Dublin, Eire)
Isle of Man

Italy (Milan, Rome, Perugia)
Jersey
Lichtenstein
Malta
Netherlands (Amsterdam, Bavel)
Romania (Bucharest)
Russia (Moscow)
Scotland (Glasgow)
Slovenia
Spain (Barcelona, Madrid)
Sweden (Goteburg)
Switzerland
Turkey (Ankara, Istanbul)
Northern Ireland
United Kingdom (England, Wales)

Middle East and Asia

India (Bombay, Delhi)
Israel (Tel Aviv)
Morocco
Oman
United Arab Emirates (Dubai)

Pacific

Australia
China/Hong Kong
Malaysia (Kuala Lumpur)
New Zealand
Philippines (Manila)
Singapore
Thailand

Africa

Burundi
Eastern Congo
Kenya
Morocco
Nigeria (Lagos)
Rwanda
South Africa (Cape Town, Durban, Johannesburg)
Tanzania
The Seychelles
Uganda
Zambia

Anti-Money LaunderingFrequently Asked Questions - KYC/EDD Services

Anti-Money Laundering
Frequently Asked Questions - KYC/EDD Services