Answer: KYC (Know Your Customer) is the process of identifying and verifying the identity of a customer before and during the relationship.

Why it matters:

• Prevents misuse of the financial system for money laundering, fraud, and terrorist financing.
• Supports regulatory compliance with AML/CFT frameworks and local rulebooks.
• Helps the institution understand customer risk and apply appropriate controls.

Answer: Typical KYC lifecycle stages include:

• Onboarding & identification – Collect customer data and documents.
• Verification – Validate identity, address, and ownership using reliable sources.
• Risk assessment – Assign customer risk rating based on defined criteria.
• Ongoing monitoring – Monitor activity, trigger reviews, and investigate alerts.
• Periodic review / refresh – Re-assess and update KYC based on risk.

Answer:

• Customer Due Diligence (CDD) – Standard KYC performed for most customers to understand who they are, what they do, and expected account activity.
• Enhanced Due Diligence (EDD) – Deeper investigation applied to higher-risk customers (e.g., PEPs, high-risk jurisdictions). Includes more documentation, deeper checks, and senior-level approval.

EDD is not a separate process but an intensified form of CDD based on risk.

Answer: A UBO is the natural person(s) who ultimately owns or controls a customer, or on whose behalf a transaction is conducted.

Common thresholds (depending on jurisdiction):

• Ownership of a certain percentage of shares or voting rights (e.g., 25%+).
• Control through other means – such as voting agreements, control of the board, or veto rights.
• For complex structures, the person who ultimately exercises effective control even if no individual meets the percentage test.

Answer: Typical corporate KYC documentation includes:

• Certificate of incorporation / registration.
• Memorandum & Articles of Association or equivalent constitutional documents.
• Register of shareholders and directors.
• Proof of business address (utility bill, lease agreement, etc.).
• ID and address proof of directors, authorized signatories, and UBOs.
• Ownership structure chart for complex or layered entities.

Answer: SOF explains where the money used in a specific transaction or relationship comes from.

Why it matters:

• To check that the funds are not derived from criminal activity.
• To assess whether the amounts are consistent with the customer’s profile.
• To support decisions on whether to proceed, request more evidence, or escalate.

Answer:

• SOF – The origin of the particular funds used in a given transaction or account (e.g., salary for this month, sale of a property, dividend payment).
• SOW – The overall origin of the customer’s total net worth over time (e.g., long-term employment, ownership of multiple businesses, inheritance, investments).

SOW is especially important for high-risk customers, PEPs, and HNWIs.

Answer: A PEP (Politically Exposed Person) is an individual who is or has been entrusted with a prominent public function, as well as their close associates and family members.

KYC handling:

• Identify PEP status using screening tools and declarations.
• Apply EDD – deeper SOF/SOW, more documentation, and senior management approval.
• Increase monitoring frequency and set lower thresholds for review and investigation.

Answer: Sanctions are restrictive measures imposed by governments or international bodies (e.g., asset freezes, transaction bans) against countries, entities, or individuals.

KYC analysts must:

• Ensure customers are screened against relevant sanctions lists at onboarding and on an ongoing basis.
• Identify links to sanctioned parties through ownership or control.
• Escalate potential matches promptly and ensure no business is done with prohibited parties.

Answer: Adverse media screening involves searching for negative news related to the customer in reputable sources.

Relevant sources:

• Reputable news outlets and financial journals.
• Regulatory and law enforcement press releases.
• Court records and official public notices where accessible.

The aim is to detect involvement in fraud, corruption, tax evasion, organized crime, or other serious offences.

Answer:

• Obtain an ownership chart or create one based on documents and registers.
• Identify all intermediate entities and their jurisdictions.
• Calculate cumulative ownership stakes to identify the UBO(s).
• Assess whether any entity or individual is in a high-risk jurisdiction or on a sanctions list.
• Apply EDD if the structure appears unnecessarily complex or opaque.

Answer: Common risk assessment factors include:

• Customer type (individual, corporate, trust, NPO, etc.).
• Industry / nature of business.
• Jurisdictions of residence, incorporation, and operations.
• PEP status and sanctions exposure.
• Product and channel usage (e.g., cross-border payments, cash intensity).
• Expected activity level and transaction size.

Answer:

• Registered address – The legal address recorded with the company registry.
• Principal place of business (PPOB) – The location where core operations and management are actually carried out.
• Nature of business (NOB) – A clear description of what the company does (e.g., “wholesale pharmaceutical distributor” rather than just “trading”).

All three help determine if the business model and locations make sense from a KYC/AML perspective.

Answer:

• Explain regulatory requirements and why the documents are necessary.
• Offer alternatives where policy allows (e.g., different forms of proof).
• If refusal continues, escalate internally to Compliance.
• In most frameworks, the relationship must not be opened or must be exited if KYC cannot be completed.

Answer: Initial onboarding KYC collects and verifies customer information at the start of the relationship.

Ongoing KYC includes:

• Periodic reviews based on risk (e.g., annually for high-risk customers).
• Event-driven reviews (change of ownership, adverse media hit, unusual activity).
• Updating documents that have expired or become outdated.

Answer: Examples include:

• PEPs and their close associates.
• Customers in high-risk jurisdictions or subject to sanctions.
• Cash-intensive businesses and certain MSBs.
• Shell companies with no clear economic purpose.
• Trusts or structures with opaque or nominee ownership.

Answer: An RBA means applying different levels of due diligence, documentation, and monitoring depending on the customer’s risk level.

Instead of treating all customers the same, the institution:

• Allocates more resources to higher-risk customers.
• Simplifies processes for lower-risk customers where allowed.
• Uses risk scoring models and defined criteria to support consistent decisions.

Answer: Typical steps:

• Collect personal details – full name, date of birth, nationality, address, occupation.
• Obtain and verify ID document and proof of address.
• Screen the customer against PEP, sanctions, and adverse media lists.
• Capture information on SOF/SOW where required by risk.
• Assign risk rating and document rationale in the KYC file.

Answer:

• Products or services offered and key revenue drivers.
• Customer segments (retail, corporate, government, etc.).
• Geographic reach – domestic vs cross-border operations.
• Use of cash, high-value goods, or vulnerable sectors.
• Any negative regulatory, sanctions, or ESG concerns linked to the sector.

Answer: Examples:

• Unclear or inconsistent description of business activities.
• Complex ownership structures involving multiple secrecy jurisdictions.
• UBOs reluctant to share ID or SOW documentation.
• Front companies where operations do not match the sector description.
• Negative media on fraud, tax evasion, corruption, or regulatory breaches.

Answer:

• Regulators and auditors want to see how you reached your decision, not just what you collected.
• Clear rationale supports consistency across analysts and teams.
• Proper notes allow others to quickly understand past decisions during reviews or investigations.

Answer: KYC helps prevent:

• Fraud and identity theft.
• Tax evasion and regulatory arbitrage.
• Sanctions evasion through hidden ownership.
• Bribery and corruption linked to PEPs and public contracts.

Strong KYC is a foundation for broader Financial Crime Compliance (FCC).

Answer:

• Compare multiple identifiers – full name, date of birth, nationality, address, and other data points.
• Check spelling variations and transliteration but avoid over-matching.
• Review the sanctions entry (reason, role, location) to see if it reasonably aligns with the customer.
• Escalate borderline cases for second-level review rather than clearing alone if unsure.

Answer: SDD is a reduced level of due diligence applied to low-risk customers where regulations and internal policy allow.

Examples (depending on framework):

• Government bodies with transparent ownership and low ML risk.
• Certain regulated financial institutions in equivalent jurisdictions.

Even under SDD, you still must identify the customer and monitor for unusual activity.

Answer (simple explanation):

• KYC is about making sure we know who our customers really are, how they earn their money, and whether they are safe to do business with.
• It protects the bank from fines, reputational damage, and being used for crime.
• Good KYC also protects genuine customers by keeping criminals out of the system.

Answer: Event-driven review is a KYC refresh triggered by a specific change or risk signal instead of the usual periodic schedule.

Trigger events:

• Change in ownership, directors, or UBOs.
• Significant change in business model or geographic footprint.
• Major negative news or regulatory action involving the customer.
• Unusual or high-risk transactional patterns identified by monitoring.

Answer:

• Ask detailed questions and obtain a written explanation from the customer.
• Cross-check explanations using independent sources (company filings, salary ranges, property records, etc.).
• Use indirect indicators such as long-term employment, business profitability, or past transactions with the bank.
• If still not comfortable, escalate and consider restricting or exiting the relationship.

Answer:

• Understand purpose, programs, and main sources of funding.
• Identify controllers – board members, signatories, and any UBO-equivalent individuals.
• Assess jurisdictions and sectors the NPO works in, especially conflict zones or high-risk geographies.
• Review governance, transparency, and independent oversight (e.g., audited accounts where available).

Answer: The analyst’s responsibility is to protect the institution, not to approve every deal.

• Apply policy consistently and document risks clearly.
• Highlight specific regulatory and sanctions exposure and potential impact.
• Recommend mitigation or EDD where possible, but if risk remains too high, support a decision not to onboard.

Answer:

• Check the credibility and date of each source.
• Prioritize official and reputable publications over informal or anonymous content.
• Look for outcomes (e.g., charges dropped, acquittal, settlements) not just allegations.
• Summarize findings factually and escalate where the risk remains unclear.

Answer: Expected activity helps define what is “normal” for that customer.

• Supports configuration of alerts and monitoring scenarios.
• Helps differentiate legitimate growth from suspicious spikes in volume.
• Provides context when investigating unusual transactions later.

Answer:

• Identify all key operating jurisdictions and their risk levels.
• Check for local registration, licenses, or regulatory oversight in those countries.
• Assess cross-border flows, correspondent relationships, and exposure to sanctioned regions.
• Apply EDD where jurisdictions are high-risk or have weak AML controls.

Answer:

• Legal owner – The person or entity whose name appears on official records (e.g., share register).
• Beneficial owner – The person who ultimately enjoys the benefits (income, control, voting power) even if someone else is the legal owner.

In KYC, both are important, but beneficial ownership is key for ML/TF risk.

Answer:

• They are the individuals who can operate the account and initiate transactions.
• They may not be UBOs, but their identity and background still influence operational risk.
• Regulations often require identification and verification of those acting on behalf of the customer.

Answer:

• Missing ownership structure or unclear explanation of UBOs.
• Expired documents with no follow-up.
• Generic risk rationale (“standard risk”) without specifics.
• Inconsistent data between systems and documents (addresses, names).

Answer:

• Record known aliases and spellings in the KYC profile.
• Use fuzzy matching or variant search functions in screening tools.
• Compare against official documents in original language if available.
• Be careful not to clear potential matches solely due to spelling differences.

Answer: In correspondent banking, KYC is done on the respondent bank, not on each underlying customer.

• Assess the respondent’s AML program, governance, and regulatory record.
• Understand the types of customers and transactions that will flow through the account.
• Pay particular attention to nested relationships and high-risk jurisdictions.

Answer:

• Trigger an event-driven KYC review immediately.
• Collect SOF/SOW evidence appropriate for PEPs.
• Re-assess risk rating and apply EDD controls.
• Obtain senior management approval to continue the relationship, or exit if risk is unacceptable.

Answer:

• Use standardized KYC templates, checklists, and risk scoring models.
• Apply clear policies and examples of acceptable documentation.
• Conduct regular calibration sessions and quality assurance reviews.
• Provide feedback and training based on QA findings.

Answer: Independence ensures that:

• KYC decisions are not driven purely by revenue or business pressure.
• Compliance can challenge or decline high-risk customers where necessary.
• The institution can demonstrate robust governance to regulators.

Answer:

• Understand why the business is cash-intensive (sector norms, location, customer base).
• Request financial statements and supporting documentation to evidence genuine turnover.
• Assign higher risk ratings if cash usage increases ML exposure.
• Recommend stronger monitoring and lower thresholds for alerts.

Answer:

• Record all key facts, risk factors, and reasons for concern.
• Reference the specific policy or regulatory requirement that drives the decision.
• Capture any challenge or disagreement from business and how it was resolved.
• Ensure the decision is approved at the appropriate governance level.

Answer:

• Identify whether nominees are acting on behalf of another person.
• Look through nominees to identify the true beneficial owner.
• Apply EDD if nominees are used in high-risk jurisdictions or structures with no clear economic rationale.

Answer:

• Confirm whether this is common for that jurisdiction and company type.
• Request additional evidence of PPOB where real operations take place (leases, utility bills, local registrations).
• Consider higher risk rating if little evidence of substantive operations exists.

Answer (balanced explanation):

• PEP status means there is higher inherent risk, so the bank must apply stricter checks.
• With full transparency, strong SOF/SOW, and clean history, many PEP relationships can be managed.
• Our role is not to judge the customer but to comply with regulations and protect the bank.

Answer:

• Outdated or low-quality scans – request better copies or certified versions.
• Language barriers – use translated documents or language support where feasible.
• Unavailable public records – rely on alternative independent sources or declarations plus EDD.

Answer:

• Previous account closures or sudden exits may signal risk concerns.
• Transfers from other banks can help evidence SOF/SOW.
• External relationships provide context on the size and maturity of the customer’s activities.

Answer (interview positioning):

• Follow regulatory updates, industry publications, and enforcement actions.
• Participate in internal and external training and certifications.
• Review lessons learned from internal audit and QA findings.

Answer: KYC provides the baseline understanding of who the customer is and what is expected.

• Without good KYC, it is harder to identify what is suspicious.
• Accurate KYC files support strong SAR/STR narratives when red flags appear.
• Ongoing KYC refresh ensures monitoring remains relevant as the customer changes.

Answer (model answer structure):

• Technical: Solid understanding of KYC lifecycle, UBO identification, PEP/sanctions screening, and documentation standards.
• Analytical: Ability to connect data points, challenge inconsistencies, and articulate risk clearly.
• Stakeholder management: Can explain KYC requirements to front office and customers in practical, non-technical language.