The following article discusses session two in the IR Global Virtual Series on 'Know Your Customer – Ensuring legitimacy in business transactions’;

China – NC In our decades of experience, no amount of
good lawyering or professional services saves a company from a bad partner
selection decision. We constantly see parties who do not have the tools or
common sense to undertake market-specific due diligence when selecting a
partner, co-operator, supplier, distributor, key service provider or key
employee or outside contractor. Anyone who plays a key role in the business
should be considered for onboarding and/or ongoing periodic checks. In an
increasingly corrupt jurisdiction, it is naïve to assume that the business is
not subject to compromise or erosion. Protecting one’s business is increasingly
challenging and extends to all aspects to the company’s ‘assets’ including
physical, personnel, intellectual property, trade secrets/knowhow and all
aspects of the value of the business.

One of the most common and biggest mistakes we have seen is
for foreign parties to conduct an English Google search and believe that this
is a due diligence check. First, there are no official records in English for
Taiwan or China. Google is banned in China so this naïve approach is a search
for nothing. All official records are done in Chinese. Media reports are in
Chinese. Different information is kept in different databases. Few databases
will have a statement that says ‘we will not steal from you in the future.’ Due
diligence is not about checking a document or a database; it is about verifying
information in the context of a changing society. If one doesn’t understand
that society, how can one exercise proper scrutiny and understand what to look
for and what one is observing.

Proper market specific due diligence in partner selection
applies in the context of acquisitions or sales, supply chains when selling or
procuring and also when hiring key managerial and technical staff and service
providers. Relying on foreign databases when critical information is not
publicly available in English is naive.

Generally, in partner selection, one needs to focus on two

Is this person clean?

Is this person's money clean?

If the answer to either of these questions is not a clear
affirmative, it means there is exposure and risk as a direct party, or a
service provider, representing a client.

The responsible professional must position to protect the
client as well as themselves. The need for a seasoned local co-counsel to
conduct the local KYC/AML due diligence is a prudent choice.

California – JS We often encounter clients who are
surprised at the variance between records availability between countries, and
the time that needs to be invested in order to accurately conduct searches. For
example, we may need individuals’ information in native script or a national ID
number to conduct searches properly.

One of the things we encounter with American clients is
their surprise at limitations on what information is available abroad. The US
makes public more information about its citizens than any other country in the
world, so we work to “translate” the closest equivalent to match their risk
requirements with what can be obtained.

Some clients are also surprised by the requirement for a
signed authorisation and disclosure form when we're looking at partners and
doing diligence on individuals in other countries. It's getting less common
that businesses want to do a background check without authorisation, but some
still do.

It is standard for our US lending and investing clients to
do a background on the management team and the company for any acquisition
partnership or investment. It's not as common for our clients elsewhere in the
world, and perhaps that is because there's so much information available in the

What we're generally finding is that European countries are
a little more hesitant to have us go really deep and ask the target questions
and go from there. We spend a certain amount of time advising all of our clients
on what is standard practice among their peers, and what is available in the
jurisdiction where they're doing business.

Cyprus – TK Customer due diligence and the
implementation of a risk-based approach are definitely ways of mitigating any
AML risk when engaging in new business dealings.

The financial sector makes up a major part of Cyprus’
economy, and so it is generally acceptable that the need to implement effective
KYC procedures is quite high for local enterprises. It is also important to
note that, during the last decade, a significant part of the local financial
institutions’ dealings related to foreign investors, making the investigation
procedures even more crucial.

Following the approach of the local regulatory authorities
to make Cyprus as one of the safest investment destinations in Europe, the
implementation of an appropriate risk-based approach is definitely required by
all regulated and non-regulated enterprises.

Whether an entity or a transaction is defined as high or low
risk, the risk-based approach of local enterprises takes into consideration –
amongst other things – the assessment of each entity involved in any business
dealing. This includes the countries and industries involved, identification of
the beneficial owner and source of funds or source of wealth, the nature and
purpose of each transaction, as well as the involvement of any
politically-exposed persons or state-owned entities.

Dutch Caribbean – LS Service providers must take
reasonable measures to monitor clients and their transactions on a continuous and/or
regular basis by means of an established risk profile and risk classification
of that specific client.

The preliminary client vetting is done through an initial
KYC check whereby clients must present the following information:

  • Certified copies of valid passport of UBOs
  • Certified proof of residence/address (i.e. utility bill –
    not older than 3 months)
  • Original bank reference letter (not older than 3 months)
  • Source of funds/wealth declaration

Furthermore, InfoCapital applies some of the best solutions
in the field of anti-fraud and KYC/AML solutions in Europe, Asia & US. The
system uses AI/HI technology to perform fast, accurate and compliant customer
due diligence online, facilitating online services to clients and customers all
over the world with legal and regulatory requirements. This enables InfoCapital
to help clients increase conversion, prevent fraud and ensure client trust.

These policies and procedures enable reliable customer
onboarding by verifying clients. The ID verification platform supports multiple
document formats making it easier to onboard potential customers.

InfoCapital provides these KYC/AML services to third parties
as an all-in-one solution that helps businesses to manage and report all money
transactions in a compliant manner and in accordance with government
regulations. This complete compliance solution helps companies meet KYC/AML
requirements, as well as data protection laws (GDPR, local Asian, Eastern
European requirements and others).

Technology is helping the process and making it a bit easier
to identify people and make sure they're a good partner. Regulators have
accepted some of these new technologies as trusted sources to conduct KYC
checks, meaning they're working quite efficiently and effectively.

Malta – DM Definitely this would be the creation of a
business risk assessment for the professional firm and/or service provider.
This helps to draw up the risk appetite of the firm which effectively helps to
understand and identify which types of clients the firm or service provider
wants to work with.

Once the business risk assessment is in place, then a
customer risk assessment should follow.

Whether you are trying to on board the strategic partner, or
help clients make business with other companies or third-party entities, these
two elements have to be taken into account.

AML legislation hovers around the concept of the risk-based
approach. Consequently, it is of paramount importance to understand all the
risks involved when dealing with particular clients or transactions. Thus, both
the business risk assessment and the client risk assessment should complement
the risk-based approach advocated by various legislations around the world.

One should opt to carry out enhanced due diligence where
things get a bit complex or are not so clear. If the business structure of a
client is an intricate one, comprising of ‘unnecessary’ layers of corporate
structures the rationale behind certain business behaviours should surely be

You should also need to ask whether the client is giving you
all the information required and whether that information is in conflict with
other information obtained from independent sources. All these things have to
be put at the forefront when it comes to which KYC procedures and measures are
to be adopted.

It is common to place reliance on other service providers
because this is less cumbersome for the client or the company or potential business
partner. If this route is chosen, it is worth checking whether the service
provider upon whom reliance is being placed is in line with your procedures and
processes, and this to avoid any mismatch in procedures and methodologies. If
there is a mismatch and you cannot provide information regarding a particular
transaction or a particular beneficial owner to the authorities, you are faced
with massive problems, because effectively it would be difficult to comply with
the law within established timeframes.


Jessica Staheli (JS) Scherzer International – U.S –

Luis Santine Jr. (LS) InfoCapital Advisory & Management
– Dutch Caribbean

Nicholas V. Chen (NC) Pamir Law Group – China

Theodoros Kringou (TK) Infocredit Group Ltd – Cyprus

Dunstan Magro (DM) WDM International – Malta

More from IR Global