Everyone wants to do a good job – yet regulatory sanction seems more frequent than ever. Why do firms drop their ML/TF guard? The first and most simple concept is that risk can only be managed if one has an idea of where it is likely to come from. Picking up on a completely unexpected risk is luck – not planning. So the top clue is to learn sufficient about your customer to give you an idea of what risks might be arising during your relationship. Commercial cost considerations need to be weighed in this balancing act. Knowing everything about lower risk customers might be considered a “waste” of money, yet its difficult to come safely to a standard risk rating without a fair volume of information against which to form the risk assessment. Institutions simply must establish the purpose and rationale for the arrangement (and structure); the size, type and frequency of transactions; its likely duration and the source of the funds, as well as the more obvious identification metrics of the customer – name, date and place of birth, nationality, residence, domicile and any other addresses. If these basics are gathered effectively for all clients, the institution will have strong benchmark information against which to evaluate the database search results. One lost opportunity arises from marking on boarding checks – or subsequent file reviews – with the phrase “no adverse info found”. Experience shows that the better practice is to look for corroborating information. Positive and consistent findings which can be used to corroborate the information a client has provided is a very strong indicator of a lower risk engagement. There are many sources of corroboration – social media, directories and speciality search engines/data aggregators. Fraudsters can tell a good tale, but creating a history, an audit trail, to support that “tale” is much harder. Where higher risk indicators are found, enhanced due diligence should be undertaken. Higher risk indicators include the presence of non corroborative information as well as items from the more typically recited list, such as non face to face business, cross border relationships, business via intermediaries or introducers, complex structures including those with trusts or holding vehicles, country risk, high risk jurisdictions, high risk industry sectors, offshore jurisdictions, PEP status or associations, etc. In our fiduciary and high net worth client world, many of these items seem the normal, every day features of the work we do, but one must bear in mind that the FATF Recommendations are written for home state jurisdictions where “standard” means a teacher or shop worker who lives, works and banks within a 10 mile radius. Our work, intrinsically carries an enhanced risk of money laundering. At the best end, we deal with wealthy people of impeccable integrity who can be highly vulnerable to legacy arrangements which now render them labelled tax offenders. Whilst this type of client provides a fee opportunity to remediate and restructure their affairs, the irregularities of the past have to be addressed. At the other end of the client spectrum, we deal with risk taking entrepreneurs who often operate in frontier industries or countries, and who by their very nature are likely to bend or disregard the rules – or leave you to keep their affairs in good order – which can be difficult if you don’t know everything they get up to! The customer due diligence agenda protects you and your business from the modern offences of aiding and abetting tax evasion and even, in the UK environment, for failing to prevent the commission of an offence. If this framework of knowledge is in place for all your customers, you will seldom need to generate formal enhanced due diligence, but when you do, a specialised enhanced due diligence report is well worth the investment. Kroll, Risk Control, Salamanca and my own favourite KYC Worldwide Ltd, all produce them, each has a different focus and flavour. I would advise that you test each one, not by asking for a demonstration but by asking for a free report on a real client. Pick an established client you know something about so that you can gauge how accurate the findings are and get four reports on that same client. Then ask – which is most useful? Which supports my regulatory defences position? Which offers best value? Which holds/handles my client data most securely? Which deals best with complex structures and explains financial instruments, sanctions, industry risk? Which is the easiest to subsequently leverage and use in a practical way? Then, dear readers, embed that choice in your corporate governance, in your budget and in your policies and procedures – and you will be able to demonstrate strong defences against money laundering and terrorist financing. A very sound investment for maintaining your reputation and ensuring a good night’s sleep. Helen Hatton Managing Director, BDO Sator Regulatory Consulting Limited, Jersey, Channel Islands.