Some reporting entities have bought template risk assessments and programmes which are unnecessarily burdensome on the client, don’t increase AML compliance and frankly just get clients annoyed.

Below are the three most common ‘overkill’ actions we’re seeing:

1. Requiring customer due diligence (CDD) documents to be in colour

   This is a nice to have but not a legal requirement. Many clients will have a black and white photocopy of their passport or proof of address and provided the client is certified, or verified face-to-face, then this is acceptable. The law states copies need to be readable - they don’t have to be pretty.

2. Enhanced CDD for every client

   Some AML/CFT programme templates state every client needs to undergo enhanced CDD.  But by its nature, enhanced CDD is a time-consuming process for both the business and the client. Section 22 of the AML/CFT Act 2009 outlines the circumstances where enhanced CDD applies and it’s not for everyone. Only undertake this when it’s required by law and when you assess a client as being of higher risk.

3. Requesting proof of address documents dated within three months

   The AML/CFT Act does not specify how up to-date a document needs to be to verify a customer’s address. The ideal situation is to obtain the most recent proof of address document, but when this is not possible, then a degree of common sense needs to apply. We see many reporting entities accepting proof of address documents up to 12 months old and that’s acceptable in some situations. If the client is highly mobile, then three months might be necessary. However, if the client is static and has lived in their home for decades, then requesting proof newer than three months may be a bit pedantic.