Auditing KYC - where to start

Depending on what industry your internal audit function works in, AML / KYC audits will sit top of your agenda, or you might even have a dedicated team of financial crime specialists.

But what if AML / KYC auditing is performed by more generalist auditors? Have you just been asked to perform a KYC audit and are trying to work out where to start?

This article is designed to give you an initial pointer in terms of great online sources of information in relation to the myriad of KYC requirements that are in place globally. The compliance with KYC requirements, whilst one of the key risks, is only one facet of a great KYC audit – there are many other things to consider such as operational execution, data privacy, screening … the list could go on.

Below are our top 5 websites which provide useful information for that would be KYC internal auditor.

A few notes of caution – these are external resources and should help direct you to legitimate sources, such as regulator / governmental websites which should be your golden source. Check the validity of the information, as AML / KYC requirements are always changing, information could be out of date.

There is no one stop shop for free KYC requirements out there globally, so you do have your homework set out. Good luck!

1. FATF (Financial Action Task Force)

The godparent of AML when it comes to global information sources. FATF has pulled together data on over 200+ countries from its various regional FATF-styled bodies, so you shouldn’t be missing too many countries!

Pros

• As comprehensive as gets – plus from a globally recognised body

• Detailed mutual evaluation reports

• Downloadable PDF documents on a country by country basis

Cons

• Very technical for someone new to AML / KYC

• Many of the mutual evaluation reports weave between policy and practice and will need interpretation

• Some countries information is quite dated (i.e. pre 2020)

2. Know Your Country

This is, in our view, the hidden gem on the internet. Having stumbled across it many years ago, its now a firm bookmarked favourite when it comes to country by country analysis. Whilst there are elements which sit behind a paywall (there is a $40 fee for unlimited access which is worth it), there is sufficient information here available for free to keep any auditor busy researching.

Pros

• Combines FATF information and other sources such as sanctions and corruption indexes

• Easy to navigate countries and details which are standardised across, with a nifty traffic lights system to assess compliance

• Direct hyperlinks to in country regulators and other source – no need to go to Google!

Cons

• Full reports sit behind a paywall, but there is a one off $40 fee which is worth it

• Can be somewhat dated as some of its info sources are like FATF

• Still need to do some homework on the content

3. Joint Money Laundering Steering Group (JMLSG) Guidance

Whilst this is primarily set for the UK, this is probably one of the most comprehensive guides you will find on how to perform KYC on clients, from individuals to pension trusts, from charities to digital. This can act as a useful benchmark for assessment of other country / global policy frameworks.

Pros

• As detailed as it can get when it comes to KYC (and other AML policy requirements)

• Guidance documents are currently split across 3 parts, available for download

• Principles can be easily applied to other countries

Cons

• UK specific only, and guidance as well – so must be used by auditors accordingly

• Detailed beyond detailed, the volume of content requires a lot of assessment

4. Eversheds Sutherland – Global Anti-Money Laundering Guide

This is a very handy, point and click website to enable you to delve down into over 60+ countries, their regulatory environment and what the various implications are. This country-by-country guide is intended as a useful desktop tool which sets out the essential elements of AML legislation and regulation across key jurisdictions.

Pros

• Easy interface to enable you to drill down by region and by country

• Specifically outlines the individual country regulations, current as of 2023

• Each country has a standard format in terms of analysis, to enable you to cross compare

Cons

• No specific links to regulatory websites or sources – you have to perform further work if you want to be better informed

• Only 60 countries in which they operate in

• No specific details on KYC requirements

5. Persona – Global KYC – a breakdown by country

This is quite a detailed blog, pulling together many country’s requirements, with additional useful information

Pros

• Detailed listing of countries by regions

• References to legislation which the KYC requirements relate to

• Mainly KYC focused in terms of content

Cons

• It’s a long, long, blog – you have your reading cut out

• More focused on individual KYC requirements than company / entity requirements, so the full picture isn’t here

• Still have work to do to research elsewhere the full detailed requirements

There are many other sources out there, too many to include but if you do have a worthy submission, let us know by sending through details below!