When seeking investment, it’s important to know who your investors are. Not only does it make sound business sense, but more importantly, you need to make sure you’re not facilitating financial crime.  

That means all investors should go through some basic, but fundamental, due diligence and have their identity verified before they can invest. These checks are known as Know Your Customer (KYC) and Know Your Business (KYB) checks. 

What is Customer Due Diligence (CDD)? 

CDD is the process of making sure your investors are who they say they are. This is a necessary step of onboarding an investor, to comply with Anti-Money Laundering (AML) regulations which are in place to help prevent financial crime. 

Part of the AML regulations relate to the Know Your Customer (KYC) and Know Your business (KYB) process, and this covers a company’s obligations to verify an investor’s identity (for example, by checking signatures, photo ID and proof of address).  

But AML regulations are broader than just KYC and KYB, meaning your due diligence should include other checks and measures to make sure you’re not helping investors engage in financial crime. For example: 

  •  Is the investor a Politically Exposed Person (PEP) or from a higher risk country? 
  • Are there any legal barriers to prevent you dealing with them (such as government sanctions)? 
  • Are they acting on behalf of someone else? If so, who? 
  • What’s the source of the investor’s funds? 
  • What’s the expected level of activity you expect from the investor? 

What should be covered in the due diligence process? 

Your CDD must: 

  • Identify the customer, and verify their identity 
  • Identify any beneficial owners, and verify their identity 
  • Assess (and if needed, get information on) the purpose and nature of the business relationship or transaction 

You also need to make sure you document the checks you complete and keep these records for five years

For higher risk investors and transactions, more due diligence is needed (so called enhanced due diligence, or EDD). This is because there’s a greater risk of money laundering or other financial crimes in these situations. ‘High risk’ includes: 

  • Politically exposed persons (PEPs) 
  • Companies with unnecessarily complex structures 
  • Transactions that lack an obvious purpose or are outside of the investor’s usual trading activity 
  • Investors based in ‘high risk’ countries .  

And while the regulations aren’t prescriptive on what extra diligence is needed in these cases, companies are expected to gather more evidence and make sure it’s recorded in an appropriate way. More effort should be assigned to monitoring the business relationship and any information should be shared with the regulator immediately if requested. Basically, no risks should be taken and like with standard CDD, you must always report anything suspicious to authorities. 

When must a business complete due diligence on investors? 

Companies must complete due diligence before termsheets are signed. So it’s important to let potential investors know that certain information will be requested and they’ll be expected to provide it to proceed with an investment. 

The regulations state companies should monitor relationships on an ongoing basis, and make sure the information held is up-to-date. You might also conduct checks on occasional transactions, where you suspect money laundering or financial crime, or if you doubt the information you’ve been provided with is accurate. 

Is it the same everywhere? 

Frustratingly, no. Each country has its own regulatory requirements and there are different rules and processes depending on the country your business is registered in. For example, KYC requirements differ even within the European Union. It’s therefore crucial to understand the specific requirements in the jurisdictions you operate in and plan a KYC process that covers all regimes. 

If you want to know more about how regulations differ in various countries, here are a few helpful resources: 

UK:

EU:

US: 

What happens if a business fails to complete due diligence? 

Not doing due diligence checks isn’t really an option. Under Regulation 31 of the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017, you can’t establish a relationship with a customer unless checks are complete. 

And if you don’t complete the checks, you’ll be penalised. You not only risk a hefty fine but in certain jurisdictions, including the UK, you can even be sent to prison. 

What can be done to make the process easier? 

It’s a challenge to complete due diligence on investors, especially if your business is operating in different jurisdictions with different requirements. And completing the checks is just the first step – you also need to flag and report any suspicions in the right way to the right authorities. Otherwise, the penalties can be severe. Read our next piece in this thread to find out how you can add efficiency into the process.