Compliances

The term compliance describes the ability to act according to an order, set of rules or request. Non-compliance of laws and regulations is a noted fact all over the world, emanating enterprise risks and threatening the position of companies from regulatory side. In the context of financial services businesses compliance operates at the level of compliance with the external rules that are imposed upon an organisation as a whole, as well as on the level of compliance with internal systems of control that are imposed to achieve compliance with the externally imposed rules. In the context of registration or certification of credit rating agencies, the regulation on credit rating agencies laying down technical standards for the assessment of compliance of credit rating methodologies is used to assess applicants’ compliance with regulation. At the end of the compliance assessment, the decision on whether the applicant is given registered status is made by the relevant authorities.

Arguments for a More Stable Outlook

Compliances, Outlooks

GRENKE AG, a global financing partner for small and medium-sized enterprises, generated net profit of EUR 20.5 million in the first quarter of 2022 (Q1 2021: EUR 14.0 million), corresponding to an increase of 46.8% compared to the first quarter of 2021. However, it is questionable whether this and the company’s results presented below are sufficient to change the negative outlook, which was determined by both rating agencies, to a stable outlook or even a positive outlook.

Standard & Poor’s BBB+ / A-2 negative, December 2021

GBB Rating A- / – negative July 2021

The compliance history, which had led to great uncertainty, still weighs heavily on the company. In particular, the confidence of the minority shareholders must be secured.

https://rating.repair/2021/02/26/grenke-informs-about-fruits-of-bafins-special-auditor/

Subscribe to get access

Read more of this content when you subscribe today.

Subscribe

Rating Agency Violates Disclosure of Transparency Reports and More

Agencies, Authorities, Compliances, Registrations, Regulations

CRA Transparency Reports 2021

“Transparency Reports” of credit rating agencies (CRAs) are published in accordance with Article 12 and Annex I, Section E.III of the EU Regulation on Credit Rating Agencies:

  • (EC) No 1060/2009 of the European Parliament and of the Council of 16 September 2009 on credit rating agencies, as amended by Regulation
  • (EU) No 513/2011 of the European Parliament and of the Council of 11 May 2011 and as amended by Regulation
  • (EU) No. 462/2013 of the European Parliament and of the Council of 21 May, 2013.

Rating agencies are therefore obliged to disclose their transparency reports in order to enable everyone to obtain certainty about the functioning of the rating agency. Unfortunately, the reports are not always easy to find. Therefore, the following lists can be found with all links to the current reports.

In one case, the report cannot be found by normal search engines, but it is stored in such a way that the supervisory authority, the European Securities and Markets Authority (ESMA) can be shown a link which, however, is normally not found by internet users. The link to the missing report can be found in the following lists.

Missing transparency report

With one of the registered credit rating agency, however, there is a clear violation of the CRA Regulation in the European Union:

Subscribe to get access

Read more of this content when you subscribe today.

Subscribe

There is a page that lists transparency reports, but all the links are broken and do not allow the alleged transparency reports to be downloaded. It makes no difference whether you search in German or in English. The mandatory reports are not available in neither German nor English. The violation relates not only to the most recent report, but also to previous years and other mandatory reports of the same credit rating agency. The reports, which are so important for investors and issuers, are permanently unavailable. The lack of reports is not due to temporary maintenance.

In this case it is again evident that the European supervisory authority is apparently working too slowly to punish such violations. The deficiency could be remedied by simply uploading the reports. It has been shown that it can sometimes take ESMA several years to punish a violation of the EU regulation on rating agencies. That is too late to allow market participants an up-to-date insight.

Incorrect file name

A leading American rating agency has its transparency reports ready with confusing labels. The “Transparency Report 2020” shows what is actually a transparency report for 2019. The right Transparency Report 2020 is also available, but in a different place and with a different link. This can lead to the erroneous use of this data in statistical evaluations. We have an example of this.

The following documentation proves the incorrect and misleading designations. Here is the wrong link first:

Subscribe to get access

Read more of this content when you subscribe today.

Subscribe

The following links led to the correct files – with the one exception mentioned above – on Friday, September 17th, 2021:

Sorted alphabetically

Subscribe to get access

Read more of this content when you subscribe today.

Subscribe

Sorted by country

Subscribe to get access

Read more of this content when you subscribe today.

Subscribe
fisheye shot of a person inside a building with columns and ornate ceiling

What About S&P’s Irannotice?

Compliances

S&P Global Inc. international business activities must comport with U.S. international trade restraints, including economic sanctions regulations administered by the U.S. Treasury Department’s Office of Foreign Assets Controls.

Pursuant to Section 13(r)(3) of the Securities Exchange Act of 1934, S&P Global Inc. (S&P) provides notice to the U.S. Securities and Exchange Commission that disclosure of activity described in Section 13(r)(1) of the Act has been included in the issuer’s Annual Report on Form 10-K for the year ended December 31, 2020, which was filed with the Securities and Exchange Commission on February 9, 2021. Hence the question of what this is all about.

As a global company headquartered in the U.S., S&P is subject to U.S. laws and regulations, including economic sanction laws. These laws include prohibitions or restrictions on the sale or supply of certain products and services to embargoed or sanctioned countries, regions, governments, persons and entities. Embargoes and sanctions laws are changing rapidly for certain geographies, including with respect to Iran, Russia, and Venezuela. These embargoes and sanctions laws may affect S&P’s ability to continue to market and/or sell products and services into these geographies and in turn adversely impact the revenue from such geographies.

Additional international trade restraints may be promulgated at any time and may require changes to S&P’s operations and increase their risk of noncompliance. Failure to comply with these laws and regulations can result in significant fines and penalties and related material adverse effects on S&P’s reputation, business, financial condition and results of operations.

Additionally, S&P is subject to complex U.S., European and other local laws and regulations that are applicable to our operations abroad, including trade sanctions laws, anti-corruption and anti-bribery laws such as the U.S. Foreign Corrupt Practices Act and the UK Bribery Act 2010, anti-money laundering laws, and other financial crimes laws. S&P’s internal controls, policies and procedures and employee training and compliance programs related to these topics may not be effective in preventing employees, contractors or agents from violating or circumventing such internal policies and violating applicable laws and regulations. A determination that S&P has violated such laws could have a material adverse effect on our reputation, business, financial condition or results of operations.

https://atomic-temporary-165172709.wpcomstaging.com/securities-exchange-organization-of-iran-registered-credit-rating-agencies/

Compliance with international and U.S. laws and regulations that apply to S&P’s international operations increases the cost of doing business in foreign jurisdictions.

Pursuant to Section 219 of the Iran Threat Reduction and Syria Human Rights Act of 2012, which amended the Exchange Act, an issuer is required to disclose in its annual or quarterly reports, as applicable, whether, during the reporting period, it or any of its affiliates knowingly engaged in certain activities, transactions or dealings relating to Iran or with individuals or entities designated pursuant to certain Executive Orders. Disclosure is generally required even where the activities, transactions or dealings were conducted in compliance with applicable laws and regulations.

The following details S&P’s business with companies controlled by the Government of Iran:

Subscribe to get access

Read more of this content when you subscribe today.

Subscribe
Log in

How to Run a Credit Reporting Agency in China

Agencies, Authorities, Bureaus, Compliances, Governance, Read, Registrations, Regulations

The People’s Bank of China issued a Draft for comments on “Measures for the Administration of Credit Investigation Services“. It is intended to regulate the credit investigation business and related activities, and promote the healthy development of the credit investigation industry. This is formulated in accordance with the “Civil Code of the People’s Republic of China”, “The People’s Bank of China Law of the People’s Republic of China”, “Regulations on the Administration of Credit Investigation Industry” and other laws and regulations.

Who is affected?

These Measures shall apply to individuals, enterprises, institutions and other organizations that carry out credit investigation services and related activities within the territory of the People’s Republic of China, but these Measures are also applicable to the credit investigation business and related activities of residents of the People’s Republic of China (natural and legal persons) outside the People’s Republic of China.

The term “credit information” refers to various types of information used to determine the credit status of individuals and enterprises by providing services for financial and economic activities. Personal and corporate identity, address, transportation, communication, debt, property, payment, consumption, production and operation, fulfillment of legal obligations and other information, as well as analysis and evaluation of the credit status of individuals and companies based on the foregoing information information are all considered to be “credit information”.

When engaging in credit investigation business and related activities, the lawful rights and interests of information subjects shall be protected in accordance with the law, information security shall be protected, and the leakage and abuse of credit information shall be prevented. Engaging in credit investigation business and related activities shall follow the principles of independence, objectivity, and impartiality, and shall not make discriminatory arrangements that violate social public order and good customs, and shall not provide exclusive services with the help of an advantageous position.

The collection of credit information by credit reporting agencies in China shall follow the principle of “minimum and necessary” and shall not collect excessively.

Credit reporting agencies shall not collect credit information in the following ways:

Subscribe to get access

Read more of this content when you subscribe today.

Subscribe
Log in

When collecting credit information, credit reporting agencies shall review the business legitimacy, information sources, information quality, information security, and authorization of information subjects of the information providers to ensure the legality, accuracy and sustainability of the collection of credit information.

Credit reporting agencies in China shall clarify their respective rights and obligations with information providers in terms of data correction, objection handling, and information security. The People’s Bank of China expects credit reporting agencies operating personal credit reporting services to formulate plans for collecting personal credit information, and report to the People’s Bank of China on matters such as the collected data items, the correlation with credit, and the protection of information subjects’ rights and interests.

The collection of personal credit information by a credit reporting agency shall obtain the consent of the information subject, and clearly inform the information subject of the purpose, source and scope of the collection of credit information, as well as the possible adverse consequences of not agreeing to the collection of information. Where a credit reporting agency obtains personal consent through an information provider, the information provider shall clearly inform the information subject of the name of the credit reporting agency. When collecting non-public corporate credit information, credit reporting agencies shall adopt appropriate methods to obtain the consent of the enterprise. The collection of credit information related to the performance of duties by corporate directors, supervisors, and senior executives by credit reporting agencies shall not be regarded as personal credit information.

Credit reporting agencies shall follow the principle of objectivity in sorting, storing, and processing credit information and shall not tamper with the original data. If a credit reporting agency finds information errors in the process of sorting, storing, and processing credit information, if the information provider reports an error, it shall promptly notify the information provider to correct it; if it is an internal processing error, it shall promptly correct it, and improve the internal processing flow.

5 Years Retention Period

The retention period of bad personal information collected by credit reporting agencies in China shall be 5 years from the date of termination of bad behavior or incident. When bad credit information expires, the credit reporting agency should delete it. If it is used as sample data, it should be de-identified and moved to a non-production database for storage to ensure that personal credit information is not directly or indirectly identified. The People’s Bank of China encourages redit reporting agencies to separate personal identification information from other credit information, and implement physical isolation.

Credit reporting agencies shall take appropriate measures to conduct necessary review of the identity, business qualifications, and purpose of use of information users. They shall conduct necessary review of the network and system security and compliance management measures of information users who access the credit reporting system through the Internet, monitor the inquiries, discover violations, and stop services in a timely manner. Credit reporting agencies shall conduct necessary review of information users to ensure that information users obtain the consent of the information subject when inquiring about personal information and use it for the agreed purpose. The use of credit information provided by credit reporting agencies by information users shall be used for lawful and legitimate purposes and shall not be abused.

Information users shall use personal credit information for clear and specific purposes, and use them in accordance with the purposes agreed upon with the information subject. If they exceed the agreed purposes, they shall obtain separate consent. Information subjects can inquire about their own credit information from credit reporting agencies. If the credit reporting agencies have not collected the information subject’s information, they should clearly inform them that if they have collected the information subject’s information, they should provide the information subject with the collected information content.

Credit reporting agencies in China shall provide personal information subjects with free credit report inquiry services twice a year through various methods such as the Internet, business premises, and entrusting other institutions. If a credit reporting agency entrusts other agencies to provide free credit report query services to information subjects, it shall review the qualifications, service capabilities, safety protection facilities, and compliance requirements of the entrusted agency, and be responsible for the entrusted agency’s inquiries and leaks by joint and several liability.

The subject of personal information in China has the right to request a complete credit report from the credit bureau. The content of credit reports provided by credit reporting agencies to individuals shall not be less than the content of credit reports provided to information users. Credit reporting agencies in China shall not charge information subjects for the reason of deleting bad information or not collecting bad information.

Where credit reporting agencies provide credit information inquiry products and services such as credit reports, they shall objectively display the content of the inquired credit information, and explain the content of the inquired credit information and professional terms. If a credit reporting agency provides a credit report product, the content of the report shall include the information user’s inquiry records, objection marks, and information subject statement. Credit reporting agencies that provide evaluation products and services such as portraits, scoring, rating, etc., shall establish evaluation standards, and must not use elements that are not related to the credit of the information subject as evaluation standards. Where a credit reporting agency provides personal credit evaluation services, all data used for evaluation shall be displayed in the credit report provided to the information subject. Credit reporting agencies shall disclose the scoring methods and models used in personal credit evaluation products, and the degree of disclosure shall be limited to reflecting the credibility of the evaluation.

If credit reporting agencies provide corporate entities or debt credit rating services, they shall comply with relevant management regulations on credit rating businesses. Where credit reporting agencies provide anti-fraud products and services, they shall establish standards for identifying fraudulent credit information.

Credit reporting agencies providing credit information inquiry, credit evaluation, and anti-fraud services shall report the following matters to the People’s Bank of China or its branches above the provincial capital (capital) city center branch (hereinafter collectively referred to as the branch):

Subscribe to get access

Read more of this content when you subscribe today.

Subscribe
Log in

Credit reporting agencies shall not provide the following credit reporting services and products:

Subscribe to get access

Read more of this content when you subscribe today.

Subscribe
Log in

Credit reporting agencies shall formulate safety management systems involving all business activities and equipment and facilities, and adopt effective protective measures to ensure the security of credit information.

Individual credit reporting agencies and corporate credit reporting agencies that store or process the credit information of enterprises of more than 500,000 enterprises shall meet the following requirements:

Subscribe to get access

Read more of this content when you subscribe today.

Subscribe
Log in

Credit reporting agencies shall ensure the safety of the operating facilities and equipment of the credit reporting system, security control facilities and APPs and other mobile internet terminals, do a good job in daily operation and maintenance management of the credit reporting system, and ensure the physical security of the system, network security, and host security, application security, data security and client security, prevent data loss and destruction, and prevent illegal intrusion into the credit investigation system.

The credit reporting agency shall do a good job in personnel safety management in terms of personnel recruitment, personnel leaving, personnel assessment, safety awareness education and training, and external personnel visit management. Credit reporting agencies shall strictly limit the authority and scope of staff who inquire about and obtain credit information, and they shall establish operating records for staff inquiring and obtaining credit information, and clearly record the time, method, content and purpose of staff inquiring and obtaining credit information.

Credit reporting agencies shall establish an emergency response system. When major credit information leaks occur or are likely to occur, they shall immediately take necessary measures to reduce the harm and report to the People’s Bank of China and its local branches.

For credit reporting agencies to carry out credit reporting services and related activities in China, the production database and backup database shall be located in China. Credit reporting agencies that provide personal credit information abroad shall comply with the provisions of national laws and regulations. Credit reporting agencies providing corporate credit information inquiry services overseas should review the identity and purpose of information users, ensure that credit information is used for reasonable purposes such as cross-border trade and financing, and provide it in a single inquiry. Credit reporting agencies shall not transmit the credit information of batch enterprises in a certain region or industry to the same information user overseas. Credit reporting agencies that provide corporate credit information overseas should file with the People’s Bank of China. If a credit investigation agency cooperates with an overseas credit investigation agency, it shall file with the People’s Bank of China after the cooperation agreement is signed.

Credit reporting agencies shall disclose the following matters to the public and accept social supervision:

Subscribe to get access

Read more of this content when you subscribe today.

Subscribe
Log in
black chain

FATF and BaFin Ratings

Authorities, Compliances, Governance, Regulations

The European Union (EU) and Financial Action Task Force (FATF) lists countries with deficits in the fight against money laundering, terrorist financing and the financing of proliferation. The lists have far-reaching implications for country ratings and especially for ratings of financial service providers. FATF publishes a consolidated table of assessment ratings.

On the basis of Article 9 of the Fourth Money Laundering Directive (EU) 2015/849, the European Commission has defined third countries with high risk in the Delegated Regulation (EU). It includes the following countries: North Korea, Iran, Afghanistan, Bahamas, Barbados, Botswana, Ghana, Iraq, Jamaica, Yemen, Cambodia, Mauritius, Mongolia, Myanmar / Burma, Nicaragua, Pakistan, Panama, Zimbabwe, Syria, Trinidad and Tobago, Uganda and Vanuatu.

Legal consequences and measures of the German Federal Financial Supervisory Authority (BaFin) with regard to the listed countries with increased risk differ and follow this rating:

  1. North Korea,
  2. Iran,
  3. Afghanistan, Bahamas, Barbados, Botswana, Ghana, Iraq, Jamaica , Yemen, Cambodia, Mauritius, Mongolia, Myanmar / Burma, Nicaragua, Pakistan, Panama, Zimbabwe, Syria, Trinidad and Tobago, Uganda and Vanuatu and
  4. Albania.

As before, Albania, which is only listed in the FATF statement on “Jurisdictions under Increased Monitoring” and not in the Delegated Regulation, Albania has no immediate obligations to act and no additional due diligence or organizational obligations need to be fulfilled. Nonetheless, when assessing the country risk in the context of the prevention of money laundering and terrorist financing, the situation in Albania and / or people from Albania should be given due consideration, explains BaFin; otherwise, BaFin refers to the Deutsche Bundesbank and the national risk analysis.

people wearing diy masks

Groundbreaking Multifunctional Monitoring and Surveillance System for Compliance with Corona Hygiene Protection Measures

Compliances, Read

Artec technologies AG (ISIN DE0005209589) is now offering a multifunctional monitoring and monitoring system for compliance with corona hygiene protection measures called MULTIEYE OverCrowding Watch App. The software is based on existing artec products that have proven themselves in practice with the support of AI-based software components. The listed software company from Diepholz, Germany, has been developing software and system solutions for the security sector under the brand name MULTIEYE since 2000.

The MULTIEYE OverCrowding Watch App detects the non-wearing of masks, measures and controls compliance with the maximum number of people in shops, restaurants, bars, at events or in buses, trains, etc., has a person-direction detection at entrances and exits as well as others features. Several sensors can be connected to the system, so that larger objects such as shopping centers and event areas with many entrances and exits can be controlled.

The software signals acoustically and visually on information displays and on control monitors as soon as a customer approaches the access area without a mask or the maximum permissible number of people is exceeded. The OverCrowding Watch app also enables statistical evaluations to analyze the implementation of hygiene measures. The OverCrowding Watch app is operated in accordance with the provisions of the GDPR.

Artec technologies AG seems to continue its success story. In addition to the new developments, the company has concluded numerous maintenance and support contracts in the past few weeks. Customers are both security and broadcast customers. They include, for example, a media company and a sports academy from Qatar, a sports broadcaster from France and a security agency from Germany.

The terms are between 12 and 36 months. In total, the orders are worth € 250,000. In addition, artec expects further maintenance and support contracts in the amount of € 250,000 to € 300,000 in the fourth quarter of 2020. With incoming orders of more than € 0.5 million, artec will post a record in the service business this year. The service business is characterized by easily predictable sales and attractive margins.

In the case of smaller solutions in particular, customers rely on support contracts that include telephone support and email support. The maintenance contracts include the maintenance as well as the repair of the artec systems, depending on the customer. In particular in the cloud business and when using the MULTIEYE BOS Manager, a system for situation centers and control centers of authorities and organizations with security tasks (BOS), in the private cloud of the authorities, a regular visual inspection of the hardware as well as the automated and manual software-based error analysis takes place during operation . In this way, problems can be discovered at an early stage before they disrupt live operation. Maintenance contracts often also include the provision of minor updates and software upgrades.

ethnic woman doing stop gesture with palm at camera

Separation of Product Comparison, Brokerage and Insurance Services

Compliances, Governance, Read

Any rating company who does not limit itselve to the comparison of financial services, but also insures the customer against risks, must obtain approval for this. There is no free market for financial services in Germany.

The Federal Financial Supervisory Authority in Germany, Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin), ordered the CHECK24 comparison portal CHECK24 Vergleichsportal Finanzen GmbH, Munich, to discontinue its insurance business by decision of August 5, 2020. “The CHECK24 Vergleichsportal Finanzen GmbH promised credit customers, which it has referred to various credit institutions via its internet platform, that they would pay up to six loan installments in the event of unemployment, but doing this without the required permission from BaFin.”

The CHECK24 Vergleichsportal Finanzen GmbH is just one of the many subsidiaries of just one of the approximately 70 companies that in turn belong wholly or mostly to Check24 GmbH. The main shareholders of Check24 GmbH are Eckhard Juls and Heinrich Blase (both born in 1967). CHECK24 Vergleichsportal Finanzen GmbH is in turn mother company to Kredite 24 Service GmbH.

The company was entered in the commercial register in 2013 as ProCheck24 GmbH with the object of the company to provide insurance and financial services of all kinds (the latter only if they do not require approval) and evidence of the possibility of concluding contracts for insurance and financial services of all kinds, including the development and establishment of new sales channels therefore as well as the provision of IT services for the electronic processing of contracts in trade and financial advice. “Activities requiring approval are not part of the company”, it said at the time in the commercial register.

The CHECK24 comparison portal Finanz GmbH is about comparing and brokering financial services of all kinds and operating a media, advertising and marketing agency. The provision of financial services within the meaning of Section 1 (1a) KWG should not be the object of the company, nor should investment brokering within the meaning of Section 1 (1a) lit. a KWG.

Kredite24 Privat is an online loan for free use that is granted for long periods. The personal loan is available exclusively via the CHECK24 loan comparison. For the loan with free use, Kredite24 relies on the cooperation with the DSL Bank. The Bonn-based credit institute is certified by TÜV Süd and belongs to Deutsche Postbank AG. The Kredite24 Service GmbH is a wholly owned subsidiary of the CHECK24 comparison portal Finanz GmbH, which operates the loan comparison of the internet portal.

man in blue suit

Professional and Personal Requirements for Persons Appointed as Management Board Members

Certifications, Compliances, Read, Registrations, Regulations

The Federal Financial Supervisory Authority of Germany (Bundesanstalt für Finanzdienstleistungsaufsicht – BaFin) provided a Guidance Notice on management board members pursuant to the German Banking Act (Kreditwesengesetz – KWG), the German Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz – ZAG) and the German Capital Investment Code (Kapitalanlagegesetzbuch – KAGB). The following introduces the approach how to check compliance with the law in the context of a forensic rating of financial institutions.

The methodology applies to all credit institutions and financial services institutions supervised by Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht- BaFin) under the Banking Act (Gesetz über das Kreditwesen – KWG) and all payment and electronic money institutions supervised by BaFin under the Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz – ZAG). It is also intended for undertakings supervised by BaFin under the Capital Investment Code (Kapitalanlagegesetzbuch – KAGB). The Banking Act, the Payment Services Supervision Act and the Capital Investment Code impose stringent requirements regarding the qualifications of a management board member. The major significance of these requirements is reflected in the fact that it is the claim of BaFin to issue a licence only when all conditions are met to conduct banking business and e-money business and to provide financial services and payment services.  The licences under the Investment Code, too, are only issued if the management board members fulfil the professional and personal requirements stipulated in the respective law. BaFin may withdraw this licence if these requirements are no longer fulfilled.

The European provisions were enshrined in the Banking Act through the ” Act on the Implementation of the Directive 2013/36/EU on Access to the Activity of Credit Institutions and the Prudential Supervision of Credit Institutions and Investment Firms and on the Regulatory Alignment to the Regulation (EU) No 575/2013 on Prudential Requirements for Credit Institutions and Investment Firms” (Gesetz zur Umsetzung der Richtlinie 2013/36/EU über den Zugang zur Tätigkeit von Kreditinstituten und die Beaufsichtigung von Kreditinstituten und Wertpapierfirmen und zur Anpassung des Aufsichtsrechts an die Verordnung (EU) Nr. 575/2013 über Aufsichtsanforderungen an Kreditinstitute und Wertpapierfirmen – CRD IVUmsetzungsgesetz) of 28 August 2013, Federal Law Gazette I p. 3395, and the ” Act Amending Laws Relating to the Financial Market” (Gesetz zur Anpassung von Gesetzen auf dem Gebiet des Finanzmarktes – FinMarktAnpG) of 15 July 2014, Federal Law Gazette I p. 934. Moreover, the recommendations of the European Banking Authority “EBA Guidelines on Internal Governance” (GL 44) of 27 September 2011 and the “EBA Guidelines on the Assessment of the Suitability of Members of the Management Body and Key Function Holders” of 22 November 2012 have been transposed into German law. The second edition of this Guidance Notice outlines the professional and personal requirements for persons appointed as management board members under the relevant supervisory legislation. It provides an overview of the associated notification obligations, including the documents which must be submitted. It considers in detail the expanded requirements for management board members resulting from the changes to the Banking Act.

The credit institutions which are members of a cooperative auditing association (genossenschaftlicher Prüfungsverband) or which are audited by the auditing body of a savings bank and giro association (Sparkassen- und Giroverband) are to send the notification and any documents to be appended via their association, together with an extra copy intended for that association. The role of the associations must be observed in Germany.

Since 4 November 2014, the European Central Bank (ECB) has served as the supervisory authority for significant German credit institutions within the scope of the Single Supervisory Mechanism (SSM). The ECB supervises these significant institutions on the basis of national supervisory legislation, except where European law is directly applicable. Significant institutions submit notifications concerning the appointment and resignation of management board members – including all of the documents to be appended – to BaFin and the Deutsche Bundesbank.

The European Central Bank is responsible for assessing the professional suitability, the reputation and the available time of a management board member and will notify the institution of the result of its assessment directly. This assessment is made on the basis of the provisions of the Banking Act. However, the ECB is not bound by an existing national interpretation or administrative practice.

The European Central Bank, BaFin and the Deutsche Bundesbank shall be notified of other activities of a management board member of a significant institution and of any direct participating interests. The notifications and all documents and declarations to be appended must be submitted in German. The following deviating provisions apply to significant institutions directly by the ECB. Where documents are not issued in German, a certified translation or a translation prepared by a publicly appointed or sworn interpreter or translator will be required in addition to the original version. The relevant BaFin division may waive the translation of English-language documents. Significant institutions directly supervised by the ECB may submit the notification as well as all documents to be appended in either German or in English. The notifications prescribed by the Banking Act, the Payment Services Supervision Act and the Capital Investment Code shall be submitted without delay. As a rule, BaFin will no longer assume that a notification has been submitted without delay if a period of four weeks has been exceeded following the decision made by the relevant body. BaFin may require further documents and information if this appears necessary in an individual case. BaFin will not assume the costs associated with the required documents.

On their websites, BaFin and the Deutsche Bundesbank provide the following forms which are to be used for the individual notifications and for the declarations to be made.

Banking Act

  • Personnel changes relating to management board members,
  • Details of reputation, available time and additional mandates,
    • Declaration concerning criminal proceedings and proceedings for administrative offences, decisions under trade law and insolvency or enforcement proceedings,
    • Declaration concerning familial relationships,
    • Declaration concerning business relationships,
    • Details of additional mandates as a management board member or as a member of administrative and supervisory bodies,
    • Details of available time,
  • Secondary activities of management board members,
  • Participating interests of management board members.

Capital Investment Code

  • Personnel changes relating to management board members,
  • Details of reputation,
    • Declaration concerning criminal proceedings and proceedings for administrative offences, decisions under trade law and insolvency or enforcement proceedings,
    • Declaration concerning familial relationships,
    • Declaration concerning business relationships,
  • Secondary activities of management board members,
  • Participating interests of management board members.

Payment Services Supervision Act

  • Details of reputation,
  • Secondary activities of management board members,
  • Participating interests of management board members,

An intention to make an appointment, its realisation, its withdrawal (Banking Act) or a change of this intention to appoint (Banking Act) a management board member shall be reported without delay. The institution or the KAGB undertaking must submit this notification. Management board members within the meaning of the Banking Act and the Payment Services Supervision Act are those natural persons who are appointed according to law, articles of association, articles of incorporation or a partnership agreement to manage the business of and represent an institution organized in the form of a legal person or a commercial partnership. Management board members within the meaning of the Capital Investment Code are those natural persons who are appointed according to law, articles of association, articles of incorporation or a partnership agreement to manage the business of and represent a capital management company as well as natural persons who actually manage the business of the capital management company without being formally appointed as management board members. This notification obligation also applies for the appointment of an acting management board member to fulfil the function of a management board member if the latter is unable to do so.

In its long-standing administrative practice, BaFin has refrained from forwarding appointment notifications submitted by the relevant association of auditors for credit cooperatives’ board members serving in an honorary capacity. However, notice must be provided of an intention to appoint a part-time management board member. Already the intention to appoint a management board member is subject to notification.

Basic documents

The following documents/declarations have to be appended to the notification:

  • Curriculum vitae,
  • Details of management board members’ reputation,
  • “Certificate of good conduct for presentation to a German authority”, “European certificate of good conduct for presentation to a German authority” or “equivalent documents” from another country,
  • Excerpt from the Central Trade and Industry Register,
  • Details of additional mandates as a management board member and in administrative and supervisory bodies,
  • Details of available time.


By submitting the information and declarations from the management board member which have to be appended to the notification, the notifying institution or the notifying KAGB undertaking confirms that the information submitted is accurate to the best of its knowledge. If the management board member who is to be appointed has been, or is already a management board member or a member of the administrative or supervisory body of an undertaking supervised by BaFin, all of the documents/declarations to be presented in connection with this notification have to be re-submitted. BaFin may waive this requirement in individual cases.

A curriculum vitae has to be appended to the notification of intent. This curriculum vitae must be complete and truthful and must be personally signed and dated. The curriculum vitae shall focus primarily on the positions held during the management board member’s professional career. For these individual positions, the CV has to indicate not only the year, but also the month in which this position began or ended. In the description of positions held, in particular details of this person’s powers of representation, his or her internal decision-making powers and the divisions within the undertaking overseen by him or her shall be provided. Job references for employment positions within the last three years prior to submission of the notification have to be appended to the curriculum vitae, if available. Within the scope of the Capital Investment Code and the Payment Services Supervision Act, job references must only be submitted as required by BaFin. The curriculum vitae has to include the following details:

  • surname, all first names,
  • birth namedate of birth,
  • place of birth,
  • place of residence,
  • nationality,
  • a detailed description of relevant education and training,
  • the names of all undertakings for which the management board member currently works or has previously worked,
  • details of the nature and duration of the relevant activity, including secondary
    activities.

If a management board member has resided outside Germany within the last ten years, the period and country in question must be indicated. If the principal place of residence of the management board member and his or her place of work did not lie within the same country, this also has to be indicated. This information is relevant for BaFin insofar as this affects the register excerpts which must be submitted.

The social credit rating is comprehensively checked: Details of the management board member’s reputation, a “Certificate of good conduct for presentation to a German authority”, “European certificate of good conduct for presentation to a German authority” or “equivalent documents” from another country, excerpt from the Central Trade and Industry Register, details of additional mandates as a management board member or in administrative or supervisory bodies (Banking Act), details of available time (Banking Act). Comprehensive additional regulations must be observed for these points.

U.S. SEC NRSRO

Agencies, Certifications, Compliances, Read, Registrations, Regulations

The Office of Credit Ratings (OCR) assists the U.S. Securities and Exchange Commission (US SEC) in executing its responsibility for protecting investors, promoting capital formation, and maintaining fair, orderly, and efficient markets through the oversight of Credit Rating Agencies registered with the Commission as Nationally Recognized Statistical Rating Organizations (NRSROs). In support of this mission, the Office of Credit Ratings monitors the activities and conducts examinations of registered Nationally Recognized Statistical Rating Organizations to assess and promote compliance with statutory and Commission requirements.

The Office of Credit Ratings is charged with administering the rules of the US SEC with respect to the practices of Nationally Recognized Statistical Rating Organizations in determining credit ratings for the protection of users of credit ratings and in the public interest; promoting accuracy in credit ratings issued by Nationally Recognized Statistical Rating Organizations; and working to ensure that credit ratings are not unduly influenced by conflicts of interest and that Nationally Recognized Statistical Rating Organizations provide greater transparency and disclosure to investors.

Klick on the names of the following Credit Rating Agencies currently registered as Nationally Recognized Statistical Rating Organizations to visit their websites:

Subscribe to get access

Read more of this content when you subscribe today.

Subscribe

KYC Risk Rating

Compliances, Methodologies, Procedures, Read, Regulations, Systems

Under strict Anti-Money Laundering (AML) regulations put in place by national governments, the European Union (EU), the Financial Action Task Force (FATF), and the United Nations (UN), all financial institutions and many types of companies are required to closely monitor their clients’ accounts and report any suspicious activity. These legal requirements often take the form of Know Your Customer (KYC) policies and KYC risk ratings, which are essential in preventing and reducing financial crime.

Excluded from the general test are “standard small customers” who do not wish to undertake particularly extensive or extraordinary business transactions and who have been classified by your rating system in advance in a correspondingly safe risk class. Nevertheless, the origin of funds and assets must generally be clarified. The details of the planned customer relationship such as scope and payment transactions must be rated and recorded.

KYC risk ratings are also important from the perspective of a variety of anti-terrorism and compliance laws and regulations. In particular, various national laws and regulations by international organizations prohibit doing business with certain persons and countries. For example, failure to comply with United States special regulations threatens financial penalties, from fines for executives to the removal of all business licenses in the United States. In addition, the reputational risk that can result from negative headlines in the absence of control is not to be underestimated.

In financial institutions characterized by limited resources and siloed solutions, the response to this has very often been to throw people at the effort. However, this has only added cost and complexity to the process and is not a long-term, sustainable solution. Therefore, there is a need in most organizations for a single, integrated technology platform that efficiently manages all KYC policies and regulatory compliance requirements from initial take-on right through the entire client lifecycle, including regular, ad-hoc and event-triggered reviews, as well as data and documentation refreshes.

All kinds of ratings can be affected, from credit ratings to sustainability ratings.

With a requirement to ensure lifecycle compliance to KYC regulations both on a local and global level, financial institutions and many other companies are necessitated to perform regular client reviews based on assigned risk ratings. KYC touches on the process you put customers through to engage with your business. KYC is considered as the future of the client onboarding process since an efficient identity verification solution helps institutions meet regulations, generate new revenue streams, and reduce risks and costs.

Global regulations highlight KYC as fundamental to a strong AML compliance program. With an appropriate KYC risk rating tool you are gathering the data you need to effectively structure your AML program and take a risk-based approach, comply with regulations and prevent financial crime. Ratings serve as the backbone of global anti-money laundering efforts.

Conducting KYC checks is a process that takes place at onboarding, i.e. identifying your customer and verifying that identity. KYC risk ratings help since KYC is an ongoing process to help you comply with requirements and continuously feed back into risk management and business strategy. You need to ensure that you know who your customer is, what activity you should expect from him, and the overall risk he presents to your organizaiton. KYC risk ratings enable you to monitor that risk and mitigate it.

In the case of legal persons, the type of company, activity, industry, sector code, number of employees, ownership and corporate structure, as well as the most important (expected) financial ratios must be recorded.

In the case of natural persons, in particular the nature of the profession and the purpose of the business relationship must be recorded. In the case of Politically Exposed Persons (PEP), the function and the place of exercise must also be recorded.

Take the System for Award Management (SAM) for an example. Both current and potential government vendors are required to register in SAM in order to be awarded contracts by the Government. In the United States of America, vendors are required to complete a one-time registration to provide basic information relevant to procurement and financial transactions. Vendors must update or renew their registration annually to maintain an active status. SAM allows Government agencies and contractors to search for your company based on your ability, size, location, experience, ownership, and more. In this way, fulfillment of KYC requirements becomes a marketing tool.

The exact meaning of KYC and related acronyms can change across geographies, with some regulators preferring one set of terminology over another.

  • US regulators refer to Customer Identification Program (CIP) when it comes to a check against relevant sanctions lists and gathering basic customer information (name, address, date of birth for an individual and an ID number) to form a „reasonable“ belief that the true identity of the customer is known.
  • Identity Verification (IDV) tools can be used to verify the identity of a customer, usually by using electronic and non-documentary means to do this.
  • A Customer Due Diligence (CDD) is said to provide more information regarding the individual or entity, the line of business they are in or more details about their management or corporate structure and whether there is an politically exposed person (PEP).
  • An Enhanced Due Diligence (EDD) is specifically designed for dealing with high-risk or high-net worth customers and large transactions. Because these customers and transactions pose greater risks to the financial sector, they are heavily regulated and monitored in order to ensure that everything is above board. Companies and financial institutions were first compelled to conduct EDD by the USA PATRIOT Act in 2001, a provision which is still in effect today. The Patriot Act also requires that offshore banking institutions, private banking organisations, and correspondent accounts abide by EDD regulations and laws. There are several characteristics that distinguish regular KYC policies from EDD policies. EDD policies are considered to be “rigorous and robust”, meaning that they require significantly more evidence and detailed information to be collected. The entire process of EDD must be documented in detail, and regulators should be able to have immediate access to the data. Professionals are often hired in order to analyse data that is collected regarding clients, and the reliability of information sources is of utmost importance.

By setting transaction monitoring scenarios accordingly, a rating helps to react to the expected activity from that client, for example, the volume, value, and frequency of payments across an account. Throughout the relationship, when those thresholds are breached, rating upgrades or downgrades alert you about

  • where this unusual behavior is coming from,
  • report it if suspicious, and
  • realign expectations if this is to be a new normal for that customer.

All persons involved in the creation of the KYC and subsequent changes to the KYC master document must also be logged.

Key to achieving a reasonable assurance in KYC discovery is acknowledging that, no matter the quality of information used or effort spent on research, it is impossible to be certain that any customer is entirely free from risk. It is always a matter of grades as expressed in ordinal rating scales.

Realising that 100% certainty is not attainable forces compliance officers to take realistic, risk-based approaches to KYC consideration. The prevention of financial crime is a matter of probabilities. By acknowledging that risk can never be eliminated entirely, you can craft anti-money laundering policies by using rating technologies that are both as effective and as unburdensome as possible.

Even when using rating technologies you must still periodically check up on low-risk clients and accounts to ensure that nothing is unusual or out of place. You need to be aware that the risk of criminal financial activity cannot be entirely eliminated.

Reasonable Assurance

A “reasonable” assurance varies depending on various factors, including different national anti-money laundering legislations and the type of financial institution involved, and pertains to how much information should be collected about a customer. Rating whether or not particular customers are high risk and which processes or investigations must be completed if they are, allows a financial institution a reasonable assurance. They must then decide how much is an appropriate amount of information to gather. A good rating allows the financial institution to determine how much time they should spend monitoring the customer’s account, if any.

KYC Remediation

The different ways to go about KYC remediation are pivotal for preventing your company from getting involved in corruption, the terrorist financing, and money laundering. A rating-based KYC remediation tactic could be to screen, verify, and identify customers according to its KYC risk rating. There are many rating products that a company can use to accomplish this efficiently, and it may also be done manually. The remediation process is where they clear up any contradictory data, organize the information they have acquired, and determine what else is left for them to find out about the client.

If a client might be able to launder money or partake in other corrupt activities without any red flags being raised by your rating system your company could get in serious legal trouble down the line, possibly leading to fines and even jail time for employees. Because of their central role in the financial sector, financial institutions are most strictly regulated in regards to appropriate rating systems. They have the responsibility of reporting suspicious activity and helping the government to ensure that money laundering does not occur. Being fully aware of what is going on with your clients’ ratings is the first step towards being protected against backlash from illegal transactions.

As soon as the KYC remediation has been successfully completed, the company can then determine the risk that the client poses and continue to add to their portfolio. This step helps to decide whether the company or financial institution must report the client to authorities for suspicious activity or potential corruption.

KYC Risk Rating

A KYC risk rating is simply a calculation of risk: either that posed by a specific customer or that which an institution faces based on its entire client portfolio. It makes sense to calculate both of these risk ratings as each of them is equally important.

KYC risk ratings might take the following data into account:

  • Global sanction lists
  • Narrative sanctions
  • Indirect bans
  • Politically Exposed Persons (PEP)
  • Family members and related persons
  • State-owned or publicly-owned enterprises
  • Global law enforcement lists
  • Negative reporting
  • Iranian economic interest
  • Ship information
  • System for Award Management (SAM)

Institutions gather as much data as they can about their customers, and they then compile this into a portfolio. Once the portfolio is completed, they closely analyse the information that they have obtained, and they determine the KYC risk rating of that specific client. If the risk rating is high, that client will be consistently and closely monitored. If the risk rating is low, the client will still be monitored, but not as diligently.

Millions of transactions occur every day throughout the world, meaning that institutions constantly receive vast amounts of data that need to be analyzed in rating systems. KYC risk ratings allow for institutions to quickly and efficiently sift through this information. Many of the KYC risk rating tools are technology-based and at least partly automatized, as manually organizing large quantities of data is ineffective and takes far too long.

A KYC risk rating is also essential for another important reason: it allows institutions to make a evidence-based prediction of what they believe a client’s account should look like in the future. A KYC risk rating is useful for determining whether something is unusual, out of place or suspicious. If a client’s transactions begin to diverge significantly from the institution’s predictions, you will be notified and will be able to further analyze the transactions for suspicious behavior.

If you wish to keep your company free from involvement with corruption and money laundering, it is vital that your KYC risk rating system consistently calculates the KYC risk rating of all your customers. Assigning rating symbols is the surest way to determine which clients present a higher risk to your company, thus allowing you to avoid liability and ensure that these clients are monitored appropriately.

Relevant Adverse Information

Relevant adverse information is simply any information that may cause officials to suspect an individual of being involved in a financial crime and can be acquired from any source. Although one source may appear to be more valid than another, all pieces of information may be looked at. Common sources include the Internet, the media, and other assorted databases. Specific individuals may even provide authorities with relevant adverse information such as proof of previous crimes, drug smuggling, fraud, scams, embezzlement, and theft, or evidence that a person is currently involved in tax evasion or even terrorist financing. Even if the information does not appear to be directly related to the scheme or suspect that is under evaluation, it can still certainly be relevant adverse information. Relevant adverse information does not need to necessarily be proven true, and it can include suspicions.

All relevant adverse information must be taken into consideration by financial institutions and governments when they are trying to track down financial crime and those who are responsible for it. While one piece of information may not seem as important as another, it can still wind up being the key for arresting money launderers and terrorist financers. Because of this fact, many financial institutions that are heavily regulated by KYC policies are required to constantly be on the look out for relevant adverse information in order to discover any hints or tip offs that may aid their investigations.

One of the most common types of relevant adverse information is the past criminal activity of an individual. If it is suspected that a person may be involved in financial crime, and authorities discover that that person has been previously caught for committing another crime, this gives authorities even more reason to suspect that individual to be involved. In contrast, if a person has no criminal history and is not known for associating with individuals who do, they are then at a much lower risk of being involved in something such as a money laundering scheme.

Another type of relevant adverse information that individuals oftentimes look at is if a person is on a sanction watch list. KYC risk ratings would go done since chances are that it is not for a good reason, and that authorities should be on the lookout for them being involved in any financial crime.

Find Help

Meet the legal requirements and make informed decisions to prevent financial crime and corruption in your company:

  • Rate the size of risk presented to your institution from a financial, regulatory and reputational perspective
  • Achieve top compliance ratings with evolving legislation and ensure a timely and efficient client onboarding
  • Implement a rules-driven, evidence-based rating approach to KYC compliance that efficiently focuses resources on higher risk clients
  • Automate risk-scoring processes throughout the lifetime of the client, minimizing overall risk to your institution
  • Understand the true nature and purpose of the account being set up, investigate sources of wealth and define ultimate beneficial ownership
  • Lower the cost of ownership with a flexible solution that can be adapted to respond to a changing regulatory environment
  • Make use of a standalone module or a fully integrated one with your client lifecycle management solution
  • Have access to a sophisticated rules engines which automatically puts your clients into low, medium or high risk rating categories to gain a clear view of the size of risk presented to your institution from a financial, regulatory and reputational perspective

There is a world-check risk intelligence database which provides accurate and reliable information for substantiated decision-making. Hundreds of specialist analysts around the world gather information from trusted sources such as watchlists, government sources and trusted media. Strict research guidelines are followed.

With our possible partners we are glad to help you find an out-of-the-box, rules-driven solution for all Know Your Customer policy requirements to support regulatory needs across multiple jurisdictions and business lines.

Simplify your business partner screening process with state-of-the-art technology combined with expert knowledge. The world check data is completely structured, aggregated and deduplicated. With flexible deployment methods, you can easily integrate data into a wide variety of in-house screening platforms, cloud-based, or other third-party solutions.

Let us help you with our relevant partners determine all of the client and counterparty data and documentation that is required to support the KYC and regulatory compliance obligations. Make use of dynamic decision tree intelligence to determine the regulatory journey of the client including all the regulations, KYC questionnaires, classifications and risk assessments that need to be adhered to and performed.

KYC Risk Rating

Compliances, Methodologies, Procedures, Regulations, Systems

Under strict Anti-Money Laundering (AML) regulations put in place by national governments, the European Union (EU), the Financial Action Task Force (FATF), and the United Nations (UN), all financial institutions and many types of companies are required to closely monitor their clients’ accounts and report any suspicious activity. These legal requirements often take the form of Know Your Cutomer (KYC) policies and KYC risk ratings, which are essential in preventing and reducing financial crime.

Excluded from the general test are “standard small customers” who do not wish to undertake particularly extensive or extraordinary business transactions and who have been classified by your rating system in advance in a correspondingly safe risk class. Nevertheless, the origin of funds and assets must generally be clarified. The details of the planned customer relationship such as scope and payment transactions must be rated and recorded.

KYC risk ratings are also important from the perspective of a variety of anti-terrorism and compliance laws and regulations. In particular, various national laws and regulations by international organizations prohibit doing business with certain persons and countries. For example, failure to comply with United States special regulations threatens financial penalties, from fines for executives to the removal of all business licenses in the United States. In addition, the reputational risk that can result from negative headlines in the absence of control is not to be underestimated.

In financial institutions characterized by limited resources and siloed solutions, the response to this has very often been to throw people at the effort. However, this has only added cost and complexity to the process and is not a long-term, sustainable solution. Therefore, there is a need in most organizations for a single, integrated technology platform that efficiently manages all KYC policies and regulatory compliance requirements from initial take-on right through the entire client lifecycle, including regular, ad-hoc and event-triggered reviews, as well as data and documentation refreshes.

All kinds of ratings can be affected, from credit ratings to sustainability ratings.

With a requirement to ensure lifecycle compliance to KYC regulations both on a local and global level, financial institutions and many other companies are necessitated to perform regular client reviews based on assigned risk ratings. KYC touches on the process you put customers through to engage with your business. KYC is considered as the future of the client onboarding process since an efficient identity verification solution helps institutions meet regulations, generate new revenue streams, and reduce risks and costs.

Global regulations highlight KYC as fundamental to a strong AML compliance program. With an appropriate KYC risk rating tool you are gathering the data you need to effectively structure your AML program and take a risk-based approach, comply with regulations and prevent financial crime. Ratings serve as the backbone of global anti-money laundering efforts.

Conducting KYC checks is a process that takes place at onboarding, i.e. identifying your customer and verifying that identity. KYC risk ratings help since KYC is an ongoing process to help you comply with requirements and continuously feed back into risk management and business strategy. You need to ensure that you know who your customer is, what activity you should expect from him, and the overall risk he presents to your organizaiton. KYC risk ratings enable you to monitor that risk and mitigate it.

In the case of legal persons, the type of company, activity, industry, sector code, number of employees, ownership and corporate structure, as well as the most important (expected) financial ratios must be recorded.

In the case of natural persons, in particular the nature of the profession and the purpose of the business relationship must be recorded. In the case of Politically Exposed Persons (PEP), the function and the place of exercise must also be recorded.

Take the System for Award Management (SAM) for an example. Both current and potential government vendors are required to register in SAM in order to be awarded contracts by the Government. In the United States of America, vendors are required to complete a one-time registration to provide basic information relevant to procurement and financial transactions. Vendors must update or renew their registration annually to maintain an active status. SAM allows Government agencies and contractors to search for your company based on your ability, size, location, experience, ownership, and more. In this way, fulfillment of KYC requirements becomes a marketing tool.

The exact meaning of KYC and related acronyms can change across geographies, with some regulators preferring one set of terminology over another.

  • US regulators refer to Customer Identification Program (CIP) when it comes to a check against relevant sanctions lists and gathering basic customer information (name, address, date of birth for an individual and an ID number) to form a „reasonable“ belief that the true identity of the customer is known.
  • Identity Verification (IDV) tools can be used to verify the identity of a customer, usually by using electronic and non-documentary means to do this.
  • A Customer Due Diligence (CDD) is said to provide more information regarding the individual or entity, the line of business they are in or more details about their management or corporate structure and whether there is an politically exposed person (PEP).
  • An Enhanced Due Diligence (EDD) is specifically designed for dealing with high-risk or high-net worth customers and large transactions. Because these customers and transactions pose greater risks to the financial sector, they are heavily regulated and monitored in order to ensure that everything is above board. Companies and financial institutions were first compelled to conduct EDD by the USA PATRIOT Act in 2001, a provision which is still in effect today. The Patriot Act also requires that offshore banking institutions, private banking organisations, and correspondent accounts abide by EDD regulations and laws. There are several characteristics that distinguish regular KYC policies from EDD policies. EDD policies are considered to be “rigorous and robust”, meaning that they require significantly more evidence and detailed information to be collected. The entire process of EDD must be documented in detail, and regulators should be able to have immediate access to the data. Professionals are often hired in order to analyse data that is collected regarding clients, and the reliability of information sources is of utmost importance.

By setting transaction monitoring scenarios accordingly, a rating helps to react to the expected activity from that client, for example, the volume, value, and frequency of payments across an account. Throughout the relationship, when those thresholds are breached, rating upgrades or downgrades alert you about

  • where this unusual behavior is coming from,
  • report it if suspicious, and
  • realign expectations if this is to be a new normal for that customer.

All persons involved in the creation of the KYC and subsequent changes to the KYC master document must also be logged.

Key to achieving a reasonable assurance in KYC discovery is acknowledging that, no matter the quality of information used or effort spent on research, it is impossible to be certain that any customer is entirely free from risk. It is always a matter of grades as expressed in ordinal rating scales.

Realising that 100% certainty is not attainable forces compliance officers to take realistic, risk-based approaches to KYC consideration. The prevention of financial crime is a matter of probabilities. By acknowledging that risk can never be eliminated entirely, you can craft anti-money laundering policies by using rating technologies that are both as effective and as unburdensome as possible.

Even when using rating technologies you must still periodically check up on low-risk clients and accounts to ensure that nothing is unusual or out of place. You need to be aware that the risk of criminal financial activity cannot be entirely eliminated.

Reasonable Assurance

A “reasonable” assurance varies depending on various factors, including different national anti-money laundering legislations and the type of financial institution involved, and pertains to how much information should be collected about a customer. Rating whether or not particular customers are high risk and which processes or investigations must be completed if they are, allows a financial institution a reasonable assurance. They must then decide how much is an appropriate amount of information to gather. A good rating allows the financial institution to determine how much time they should spend monitoring the customer’s account, if any.

KYC Remediation

The different ways to go about KYC remediation are pivotal for preventing your company from getting involved in corruption, the terrorist financing, and money laundering. A rating-based KYC remediation tactic could be to screen, verify, and identify customers according to its KYC risk rating. There are many rating products that a company can use to accomplish this efficiently, and it may also be done manually. The remediation process is where they clear up any contradictory data, organize the information they have acquired, and determine what else is left for them to find out about the client.

If a client might be able to launder money or partake in other corrupt activities without any red flags being raised by your rating system your company could get in serious legal trouble down the line, possibly leading to fines and even jail time for employees. Because of their central role in the financial sector, financial institutions are most strictly regulated in regards to appropriate rating systems. They have the responsibility of reporting suspicious activity and helping the government to ensure that money laundering does not occur. Being fully aware of what is going on with your clients’ ratings is the first step towards being protected against backlash from illegal transactions.

As soon as the KYC remediation has been successfully completed, the company can then determine the risk that the client poses and continue to add to their portfolio. This step helps to decide whether the company or financial institution must report the client to authorities for suspicious activity or potential corruption.

KYC Risk Rating

A KYC risk rating is simply a calculation of risk: either that posed by a specific customer or that which an institution faces based on its entire client portfolio. It makes sense to calculate both of these risk ratings as each of them is equally important.

KYC risk ratings might take the following data into account:

  • Global sanction lists
  • Narrative sanctions
  • Indirect bans
  • Politically Exposed Persons (PEP)
  • Family members and related persons
  • State-owned or publicly-owned enterprises
  • Global law enforcement lists
  • Negative reporting
  • Iranian economic interest
  • Ship information
  • System for Award Management (SAM)

Institutions gather as much data as they can about their customers, and they then compile this into a portfolio. Once the portfolio is completed, they closely analyse the information that they have obtained, and they determine the KYC risk rating of that specific client. If the risk rating is high, that client will be consistently and closely monitored. If the risk rating is low, the client will still be monitored, but not as diligently.

Millions of transactions occur every day throughout the world, meaning that institutions constantly receive vast amounts of data that need to be analyzed in rating systems. KYC risk ratings allow for institutions to quickly and efficiently sift through this information. Many of the KYC risk rating tools are technology-based and at least partly automatized, as manually organizing large quantities of data is ineffective and takes far too long.

A KYC risk rating is also essential for another important reason: it allows institutions to make a evidence-based prediction of what they believe a client’s account should look like in the future. A KYC risk rating is useful for determining whether something is unusual, out of place or suspicious. If a client’s transactions begin to diverge significantly from the institution’s predictions, you will be notified and will be able to further analyze the transactions for suspicious behavior.

If you wish to keep your company free from involvement with corruption and money laundering, it is vital that your KYC risk rating system consistently calculates the KYC risk rating of all your customers. Assigning rating symbols is the surest way to determine which clients present a higher risk to your company, thus allowing you to avoid liability and ensure that these clients are monitored appropriately.

Relevant Adverse Information

Relevant adverse information is simply any information that may cause officials to suspect an individual of being involved in a financial crime and can be acquired from any source. Although one source may appear to be more valid than another, all pieces of information may be looked at. Common sources include the Internet, the media, and other assorted databases. Specific individuals may even provide authorities with relevant adverse information such as proof of previous crimes, drug smuggling, fraud, scams, embezzlement, and theft, or evidence that a person is currently involved in tax evasion or even terrorist financing. Even if the information does not appear to be directly related to the scheme or suspect that is under evaluation, it can still certainly be relevant adverse information. Relevant adverse information does not need to necessarily be proven true, and it can include suspicions.

All relevant adverse information must be taken into consideration by financial institutions and governments when they are trying to track down financial crime and those who are responsible for it. While one piece of information may not seem as important as another, it can still wind up being the key for arresting money launderers and terrorist financers. Because of this fact, many financial institutions that are heavily regulated by KYC policies are required to constantly be on the look out for relevant adverse information in order to discover any hints or tip offs that may aid their investigations.

One of the most common types of relevant adverse information is the past criminal activity of an individual. If it is suspected that a person may be involved in financial crime, and authorities discover that that person has been previously caught for committing another crime, this gives authorities even more reason to suspect that individual to be involved. In contrast, if a person has no criminal history and is not known for associating with individuals who do, they are then at a much lower risk of being involved in something such as a money laundering scheme.

Another type of relevant adverse information that individuals oftentimes look at is if a person is on a sanction watch list. KYC risk ratings would go done since chances are that it is not for a good reason, and that authorities should be on the lookout for them being involved in any financial crime.

Find Help

Meet the legal requirements and make informed decisions to prevent financial crime and corruption in your company:

  • Rate the size of risk presented to your institution from a financial, regulatory and reputational perspective
  • Achieve top compliance ratings with evolving legislation and ensure a timely and efficient client onboarding
  • Implement a rules-driven, evidence-based rating approach to KYC compliance that efficiently focuses resources on higher risk clients
  • Automate risk-scoring processes throughout the lifetime of the client, minimizing overall risk to your institution
  • Understand the true nature and purpose of the account being set up, investigate sources of wealth and define ultimate beneficial ownership
  • Lower the cost of ownership with a flexible solution that can be adapted to respond to a changing regulatory environment
  • Make use of a standalone module or a fully integrated one with your client lifecycle management solution
  • Have access to a sophisticated rules engines which automatically puts your clients into low, medium or high risk rating categories to gain a clear view of the size of risk presented to your institution from a financial, regulatory and reputational perspective

There is a world-check risk intelligence database which provides accurate and reliable information for substantiated decision-making. Hundreds of specialist analysts around the world gather information from trusted sources such as watchlists, government sources and trusted media. Strict research guidelines are followed.

With our possible partners we are glad to help you find an out-of-the-box, rules-driven solution for all Know Your Customer policy requirements to support regulatory needs across multiple jurisdictions and business lines.

Simplify your business partner screening process with state-of-the-art technology combined with expert knowledge. The world check data is completely structured, aggregated and deduplicated. With flexible deployment methods, you can easily integrate data into a wide variety of in-house screening platforms, cloud-based, or other third-party solutions.

Let us help you with our relevant partners determine all of the client and counterparty data and documentation that is required to support the KYC and regulatory compliance obligations. Make use of dynamic decision tree intelligence to determine the regulatory journey of the client including all the regulations, KYC questionnaires, classifications and risk assessments that need to be adhered to and performed.