Investment KYC: Managing the need for Ongoing Monitoring

Compliance

Jul 8, 2024

Avantia Law Office
Avantia Law Office
Avantia Law Office
Avantia Law Office
Avantia Law Office

Regulated asset management firms in the UK and the EU are required to comply with applicable Anti-Money Laundering (AML) regulations to help prevent financial crime.

On the investment side, this means carrying out Know Your Customer (KYC) checks on deal counterparties both at the outset of the investment and also implementing appropriate ongoing KYC throughout the relationship.

Whilst KYC Guidelines are nothing new, recent revisions to EU AML regulations have seen audits on AML compliance rise. Increasingly this is focussing on how Customer Due Diligence (CDD) and KYC programmes satisfy the need for “refresh" KYC at regular intervals,  if ongoing monitoring of transactions and key counterparties is being carried out and, ensuing records are being maintained for up to five years after the investment ends.

In our experience these requirements are often missed or handled as an afterthought to the initial KYC work. Investment teams change and staff leave and these records can be lost or regular screening is deprioritised. There is also often sensitivity at play, balancing the need between regulatory compliance with being a supportive and pragmatic business partner (i.e. not bombarding your investment companies with constant KYC requests!).

Implementing an “ongoing monitoring” KYC framework

So, what do you need to do to ensure that you are compliant, without adding extra workloads to you team?

It may sound obvious, but the first step is to have a documented process, not just for investment KYC at the time of investment, but also for ongoing monitoring and periodic remediation.

Part of this process means establishing whether you manage these workstreams in-house or outsource these to a third-party provider.  The regulators' increased focus on AML means getting it right is crucial. This requires both in-depth understanding of applicable regulations and guidelines as well as substantial market experience to understand how the rules are applied in practice. In addition, access to the necessary databases and systems can be expensive and the screening searches resource heavy.

When considering outsourcing there are typically three options:

  1. Purchase an AML/KYC Tech solution – the key challenge faced here is that results tend to be binary and don’t take into account complexities or case-specific nuances. Existing solutions are also generic, usually focused on vendor/supplier management, and not specific to private equity or asset managers needs. Also, without an expert to review any results before a transaction is approved, nuances between markets, investment types and specific risk factors can be missed.

  2. Outsource to a big law firm or Big 4– these requests typically come with a large price tag given big law's tendency to charge hourly rates and, because of the nature of the work, AML diligence is handled by junior team members who don’t have the expertise or market experience to tackle the complexities of an effective investment KYC process. In our experience, to try and mitigate this, these types of firms often use an excessively rigid approach to risk-weighting, which again can result in inefficient processes. Depending on the provider, they may also only have access to their in-house databases, limiting the level of detail they have access to.

  3. Engage a specialist KYC provider – typically this approach will combine the best of both worlds; expert KYC specialists that have access to and are enabled by the latest technology, and have experience in working with private markets. However, it's important to understand who is delivering a KYC report and what the experience of the team is. Are they senior enough to have experience across the different jurisdictions or deal types?  What is their approach and how does this align with your risk profile?

Whilst the above list isn't exhaustive, there are several benefits of outsourcing to the right provider:

  1. You lower your risk level by outsourcing risk to an independent third party.

  2. You're able to access a much greater depth of market experience - making sure your program fits within your peer group

  3. Compliance teams are becoming increasingly busy -  by outsourcing you are able to free up your teams for higher value, more strategic projects.

Once you have decided on your chosen route, either in-house or an outsourced KYC solution, it’s then a case of ensuring that your ongoing compliance obligations are met.

Best Practices for Maintaining Ongoing Compliance

As mentioned, once the initial onboarding KYC is completed, busy in-house teams may find it challenging to stay on top of their obligation to carry out ongoing monitoring and refresher checks. With regulatory monitoring on the increase, firms need robust solutions to help ensure compliance without adding to their teams'  workloads. If working with a partner, it's important to ask how they approach each of these to help support your compliance needs.

  • Utilise tech solutions for reminders, alerts, and automatic monitoring: There are a number of technology solutions that can streamline your ongoing compliance efforts. These tools can send reminders for upcoming checks, generate alerts for suspicious activities, and automate the monitoring process.

  • Conduct regular checks and maintain a detailed audit trail: Consistency is key when it comes to ongoing compliance. Schedule regular checks to ensure that you’re meeting the regulatory requirements, plus you’re not exposing yourself to undue risk. It is also important to maintain a detailed audit trail of all compliance activities, documenting each step of the process and any decisions made. This not only helps demonstrate your commitment to compliance but also provides a comprehensive record for regulatory purposes.  The frequency of manual refresher checks are typically risk-based and it’s one of the most common questions we’re asked when discussing ongoing monitoring with clients.

  • Create efficiencies and implement automated workflows: Look for opportunities to create efficiencies within your compliance processes. Implement automated workflows wherever possible to reduce manual effort and minimise the risk of human error. By streamlining your workflows, you can improve the accuracy and effectiveness of your ongoing compliance efforts while freeing up valuable time for your team to focus on higher-value tasks.

  • Understand the importance of having a compliance or legal expert in the loop: While technology can enhance your compliance efforts, it's essential to recognise the value of having a compliance or legal expert involved in the process, whether by way of an escalation or sign-off mechanism as issues arise. Specialist knowledge of AML/KYC regulations can provide continuous expertise and guidance, helping your team interpret and dig into the results generated by these tools and, as importantly, know when something isn’t an issue worth spending time on.

By incorporating these best practices into your ongoing compliance strategy, you can strengthen your firm's ability to meet regulatory requirements effectively and mitigate the risk of financial crimes, as well as get a handle on counterparty reputational risks across the business.

About Avantia

At Avantia we have dedicated KYC teams that have delivered over 1000 AML/KYC checks across all jurisdictions. This enables us to quickly analyse and understand potential amber and red flags, working with you to weigh the risk factors.

Find our more about our AML/KYC solution for private equity.

Related posts