Combining KYC Controls with Other Regulatory Requirements

May 3, 2017 Chris Doxey

I’ve discussed the risks of creating “compliance silos” for processes requiring regulations by focusing on single compliance programs instead of leveraging a total risk-based compliance solution. A comprehensive solution for corporations should encompass a broad range of your industry's federal regulations and compliance requirements.

Consider, then, establishing a standard for new customer or supplier relationships by combining your regulatory screening and compliance systems for the following:

  1. Anti-Money Laundering (AML)
  2. Know Your Customer (KYC)
  3. Foreign Corrupt Practices Act (FCPA)
  4. UK Bribery Act Regulations
  5. Office of Foreign Asset Control (OFAC)

desktop with phone and laptop for managing KYC controls and regulations

Compliance program overview

  1. Anti-Money Laundering (AML) - According to the International Monetary Fund (IMF), money laundering requires a primary, profit-making crime. These crimes include corruption, drug trafficking, market manipulation, fraud, and tax evasion. There must also be the intent to conceal the criminal activity by laundering the money.
  2. Know Your Customer (KYC) - According to the Harvard Law School Forum on Corporate Governance and Financial Regulation, the U.S.’s Financial Crimes Enforcement Network (FinCEN’s) Know Your Customer (KYC) requirements were proposed in 2014 as part of a broader regulation setting the requirements of a customer due diligence (CDD) program. These process and documentation requirements align with the Patriot Act to help financial institutions avoid accidental terrorist financing by gaining more visibility into their customers' identities and their business relationships. The purpose of KYC regulations is verifying the identity of customers to ensure the parties you are doing business with are operating in a compliant and lawful manner.
  3. Foreign Corruption Practices Act (FCPA) - The Foreign Corrupt Practices Act (FCPA) is a United States Federal Law that was enacted in 1977. The law was two main provisions. The first provision requires accounting transparency and record-keeping procedures as stated under the Securities Exchange Act of 1934. The FPCA is enforced by both the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC).
  4. UK Bribery Act Regulations - This is one of the most severe international legislations on bribery for companies and individuals and outlines four types of offenses:
  • Two general offenses covering the offering promising or giving of an advantage, and requesting, agreeing to receive, or accepting of an advantage;
  • A discrete offense of bribery of a foreign public official; and
  • A new offense of failure by a commercial organization to prevent a bribe being paid to obtain or retain business or a business advantage.
  • Office of Foreign Asset Control (OFAC) - OFAC provides resources to enable companies and organizations to protect themselves from doing business with such enemies of the United States to be used for compliance screening and due diligence purposes.

Combining your KYC controls with other programs

Below are five business compliance programs along with the process and master file impacts. Additionally, a sample of internal control tests that can be conducted in a combined program has been included.

This approach reflects the benefits that can be gained by taking a complete risk management approach to your company’s compliance requirements.

Compliance Program Process Impact Master File Impact
Anti-money Laundering (AML) AR, AP, T&E, and Payroll Customer
Supplier
Employee
Know Your Customer (KYC) AR Customer
Foreign Corrupt Practices Act (FCPA) AP, T&E Supplier
Employee
UK Bribery Act Regulations AP, T&E Supplier
Employee
Office of Foreign Asset Control (OFAC) AR, AP, T&E, and Payroll Customer
Supplier
Employee

 

Sample Internal Control Tests

  • Ensure all customer transactions can be traced back to a contract.
  • Ensure all supplier transactions can be traced back to the proper documents—a contract or a PO.
  • Screen all “off cycle” and manual T&E, AP, and payroll disbursements.
  • Ensure that all policies are followed for Customer, Supplier, and Employee master file set-up.
  • Ensure that all procedures and due diligence requirements are followed.
  • Review large international financial transactions and associated information for all wire transfers.
  • Review Delegation of Authority (DoA) and Segregation of Duties (SoD) Controls.
  • Compare Employee and Supplier Master Data Files on a quarterly basis.
  • Review Politically Exposed Persons (PEP) files.
  • Review transactions that may contain “slang” terminology for bribery payments.

About the Author

Chris Doxey

Chris Doxey, CAPP, CCSA, CICA is an independent management consultant providing Internal Controls and Business Process Best Practice Solutions. She has extensive experience in procurement, accounts payable, internal auditing, internal controls, Sarbanes-Oxley compliance, payroll, logistics, financial systems strategy, and financial integration at Digital, Compaq, Hewlett Packard, MCI, APEX Analytix, and Business Strategy, Inc. She was recruited to assist MCI (formally WorldCom) recover from their internal control challenges. She has a bachelor's degree in English, a bachelor's in accounting, a master's in business administration, and a graduate certificate in project management. Chris has written numerous articles and published two handbooks: AP Leadership Skills and Implementing a Controls Self Assessment Program for Your Accounts Payable Department.

Follow on Linkedin Visit Website More Content by Chris Doxey
Previous Article
How to Combine Your Compliance Screening Requirements
How to Combine Your Compliance Screening Requirements

Today's organizations are on the hook for compliance screening. Here’s a list of regulatory organizations a...

Next Article
When and Why Do I Apply KYC Controls to My Organization?
When and Why Do I Apply KYC Controls to My Organization?

When and why to apply the Know Your Customer (KYC) laws are complicated. Here are 4 ways to reduce the comp...