Record-keeping of customer identity and transactions is an indispensable element of Anti-Money Laundering (AML) regulations that companies must comply with. The purpose of record-keeping is to document customer identity and transactions as evidence of compliance with legal and regulatory requirements related to identity verification and to prevent identity fraud. If a suspicious activity is identified, these records are submitted to law enforcement agencies, who may conduct an investigation based on the information provided. Companies may also use these records as evidence to defend themselves in the event of an investigation. To ensure compliance, companies must maintain appropriate and up-to-date records that are relevant to their business's complexity, scale, and nature. Effective communication with customers is critical to obtaining accurate information and preventing identity theft, and companies should manage this process carefully to ensure that records are complete and up-to-date.
What Records Should Companies Keep?
The types of records that companies should keep vary based on the regulations they are required to comply with and the jurisdiction they are operating in. However, the primary objective of maintaining these records is to ensure that the company can provide a comprehensive audit trail of identification to help prevent identity theft and tracking if one of its clients comes under investigation. The types of records that need to be collected can be summarized as follows:
- Customer Information: This includes records of customer identification such as name, address, date of birth, and other identifying information required by local regulations. Companies must verify customer identity before doing business with them and keep records of identity verification process.
- Transactions: Companies should keep records of all transactions with their customers, including the type and amount of the transaction, the date, and the parties involved.
- MLRO Annual Reports: The Money Laundering Reporting Officer (MLRO) is responsible for ensuring that the company is complying with local AML regulations. Companies should keep records of the MLRO's annual reports, which summarize the firm's AML activities.
- External and Internal Suspicion Reports: Companies are required to report any suspicious activities to local regulatory authorities. They should keep records of these reports and the actions taken in response to them, crucial for identifying potential identity fraud.
- Investigation Records: If an investigation is conducted into suspicious activities, companies should keep records of the investigation, including any evidence collected.
- Information that is not Processed: Companies should keep records of any information they receive that is not processed, such as customer requests for information or complaints.
- Actions taken as a result of Agency Requests: If a regulatory authority requests information from a company, the company should keep records of the information provided and any actions taken as a result.
- Training and Compliance Monitoring: Companies should keep records of employee training and compliance monitoring activities to ensure that employees are trained in AML regulations and are following company policies.
- Information about the Effectiveness of Training: Companies should keep records of the effectiveness of their training programs, such as employee test scores and feedback, to improve future training efforts.
How to Keep Customer Identity and Transactions Records?
When choosing the most appropriate method for keeping customer identity and transaction records, it's important to consider factors such as accessibility, security, and ease of retrieval to prevent issues like identity theft. Keeping the original documentation can be a reliable method for smaller companies with a lower volume of transactions, but it may not be practical for larger companies with higher transaction volumes. In this case, using computerized or electronic forms can be a more efficient way to store and retrieve information.
Photocopies of original documents can be helpful when dealing with physical documents, but it is important to ensure that the copies are clear and legible, especially for identity verification purposes. Scanned forms are another option for keeping records, especially when dealing with large volumes of documents. In this case, it is important to ensure that the scanned copies are of high quality and can be easily read and searched.
For some companies, microfiche can be a useful option for keeping records. Microfiche involves storing documents on a small, film-based format that can be easily stored and retrieved. However, this method may not be as accessible or user-friendly as other options, and it may require specialized equipment to access the information related to identity theft.
Regardless of the method chosen, it is important to ensure that the records are kept up-to-date and are accessible as required by local regulations. Companies should also have processes in place for regularly reviewing and updating customer information to ensure that the records remain accurate and relevant.
The rules for record keeping periods are generally not affected by the format in which records are kept. However, it is essential to ensure that records are easily accessible and retrievable, especially for firms involved in mergers and acquisitions or those subject to money laundering obligations. Although regulations do not specify where records should be kept, companies are responsible for ensuring that records held outside their home country meet the same record-keeping requirements.
Once law enforcement authorities request records for ongoing investigations, the records should be retained until the relevant authority informs the firm that the case has been closed. However, suppose a firm has not been notified of an ongoing investigation within five years of submitting the statement. In that case, the records can be destroyed in accordance with normal local jurisdiction record-keeping procedures while still adhering to identity fraud prevention measures.
Sanction Scanner offers comprehensive solutions to help companies comply with AML regulations which is critical for identity fraud. With Sanction Scanner's AML Name Screening solution, companies can easily create reports of their query results with structured data after scanning their customers on lists such as PEP, Sanction, and Watchlist. The report contains all up-to-date information about the scanned person and can be presented to regulators as evidence during the audit process, demonstrating robust identity verification.
Moreover, the Transaction Monitoring software sends an immediate alert to the compliance team for any suspicious transaction while scanning customer transactions, assisting in identifying potential cases of identity theft. After examining these alerts, the compliance team can report them and show them to the relevant institutions as evidence if a suspicious transaction is detected. Sanction Scanner's enhanced AML software can help companies streamline their compliance efforts and ensure that they meet all record-keeping requirements. Contact Sanction Scanner today to learn more about their solutions.