KYC Policy Overview

Compliance & Regulatory Know Your Customer Last reviewed: 2025-08-15 Owner: Compliance Department

1. Purpose

This policy (Ref: COMP-KYC-001) establishes the Bank's Know Your Customer (KYC) framework, which underpins the Bank's ability to identify, verify, and understand its customers throughout the lifecycle of the business relationship. KYC is a fundamental regulatory obligation and a critical component of the Bank's broader AML and counter-terrorist financing programme.

2. Regulatory Context

The KYC framework is aligned with:

  • EU Sixth Anti-Money Laundering Directive (AMLD6) and associated delegated regulations.
  • FATF Recommendations 10–12 (Customer Due Diligence).
  • FCA Financial Crime Guide (FCG) and Senior Managers and Certification Regime (SM&CR) requirements.
  • Applicable national transpositions in all jurisdictions where the Bank operates.

3. Scope

This policy applies to all business lines, subsidiaries, and branches of the Bank globally. It covers all categories of customers including individuals, corporates, financial institutions, trusts, foundations, government entities, and non-profit organisations.

4. Core Principles

4.1 Risk-Based Approach

The Bank applies a risk-based approach to KYC. The depth and intensity of due diligence measures must be commensurate with the assessed risk of the customer, the product, the delivery channel, and the geographic exposure. Risk ratings are assigned using the Bank's standardised Customer Risk Assessment Model.

4.2 Customer Identification and Verification

Before establishing a business relationship or executing an occasional transaction above applicable thresholds, the Bank must:

  1. Identify the customer and, where applicable, the beneficial owner(s).
  2. Verify the identity using reliable, independent sources (documents, data, or electronic verification).
  3. Understand the purpose and intended nature of the business relationship.

4.3 Beneficial Ownership

For all legal entities and arrangements, the Bank must identify and verify the ultimate beneficial owner(s) — defined as any natural person who directly or indirectly holds or controls 25% or more of the shares, voting rights, or ownership interest. Where no natural person meets this threshold, the Bank must identify the natural person(s) exercising control through other means (e.g., senior managing officials).

4.4 Ongoing Due Diligence

KYC is not a static exercise. The Bank is required to conduct ongoing monitoring of the business relationship, including:

  • Scrutiny of transactions to ensure consistency with the customer's known profile.
  • Keeping CDD documentation and data up to date, particularly for higher-risk customers.
  • Periodic reviews at intervals determined by the customer risk rating (see table below).
Risk RatingReview CycleApprover
LowEvery 5 yearsRelationship Manager
MediumEvery 3 yearsRelationship Manager + Compliance sign-off
HighAnnuallySenior Management + Compliance sign-off

5. Governance

The KYC programme is governed by the following structure:

  • Group Chief Compliance Officer — Policy owner with authority to approve amendments and exceptions.
  • KYC Operations Team — Responsible for the processing, quality assurance, and remediation of KYC records.
  • First Line of Defence (Business Units) — Accountable for initiating and maintaining KYC records for their client portfolios.
  • Second Line of Defence (Compliance) — Oversight, monitoring, and independent testing of KYC controls.
  • Third Line of Defence (Internal Audit) — Periodic independent assurance over the effectiveness of the KYC framework.

6. Non-Compliance

Failure to comply with KYC requirements may result in regulatory sanctions, financial penalties, reputational damage, and disciplinary action against responsible individuals. Incomplete KYC records must be remediated within thirty (30) calendar days of identification, or the account must be restricted pending completion.

7. Related Policies

  • COMP-KYC-002 — Individual Client Verification Requirements
  • COMP-KYC-003 — Corporate Client Verification Requirements
  • COMP-KYC-004 — Periodic KYC Review Process
  • COMP-KYC-005 — PEP Screening

8. Review

This policy is reviewed annually. Next review: Q1 2027.

Related Articles

Corporate Client Verification Requirements

Defines the identification and verification standards for corporate and legal entity clients, including beneficial ownership determination, complex structures, and documentary requirements.

Updated 2025-08-30

Individual Client Verification Requirements

Specifies the identification and verification requirements for individual (natural person) clients, including acceptable documentation, electronic verification standards, and special cases.

Updated 2025-07-22

PEP (Politically Exposed Persons) Screening

Defines the Bank's approach to identifying, screening, and managing relationships with Politically Exposed Persons, their family members, and known close associates.

Updated 2026-02-01