Due diligence for startups: check that cheque
Not all investors are who they say they are. With Themis, we share our insights on financial crime in fundraising and du...
Know Your Customer (KYC) and Anti Money Laundering (AML) are frameworks for verifying your customers, investors and third parties. You should comply with KYC requirements and AML regulation whenever you take an investment, and run the checks when you go into business with anyone new.
In this post, we explain what UK startup founders need to know about KYC and AML and how to carry out checks to verify your investors and customers.
Contents
- What is Anti Money Laundering (AML)?
- What is Know Your Customer (KYC)?
- Are AML and KYC checks obligatory?
- Anti Money Laundering checklist for startups
– Investment from an individual
– Investment from an organisation - KYC checklist for startups
1. Ask for ID documents
2. Run checks
3. Assign the customer a KYC risk rating
4. Carry out ongoing KYC checks - Stay on top of KYC and AML with Themis
- Protect your startup
Â
As a startup founder, when you’re considering taking money from investors, you’ll need to be aware of the regulations and due diligence processes, including AML, KYC and KYI (Know Your Investor). These regulations and checks are in place to prevent financial crimes such as money laundering and terrorist financing and to make sure the funds being invested are legitimate.
Startups in certain sectors have more obligations, for example fintechs must run KYC checks to verify every new customer.
What is Anti Money Laundering (AML)?
The AML framework is designed to combat money laundering, terrorist financing and threats to the integrity of the financial system.
The group of AML laws, regulations and processes help prevent illegally-obtained money from entering the financial system and other financial crimes from occurring.
What is Know Your Customer (KYC)?
Whereas AML checks are designed to ensure that money you receive hasn’t come from criminal or terrorist activity, KYC checks specifically verify the identity of your customers and investors, and their financial activities and any risks they might pose to people transacting with them.
Are AML and KYC checks obligatory?
If your company operates in any of the sectors below, you have an obligation under UK law to carry out AML and KYC checks:
- financial institutions
For example, banks, building societies, payments providers - money service businesses
For example, remittance services and foreign currency exchanges - virtual currency service providers
- credit institutions
- auditors
- insolvency practitioners
- accountants
- tax advisers
- independent legal professionals
- estate agents and letting agents
- gaming and casinos
- trust or company service providers
For example, company formation agents, professional trustees, mail holding and forwarding services, accountants and solicitors - high value dealers
Any sole trader or business that accepts or makes cash payments of 10,000 euros or more (or the equivalent in any currency) in exchange for goods. - art market participants
Any sole trader or business, including intermediaries, that trade in buying and/or selling works of art, in deals worth 10,000 euros or more (or the equivalent in any currency)
If your business falls under one of these regulated categories, seek advice from the authority that regulates your sector.
For other companies, there’s no legal obligation to carry out AML and KYC checks, but you should carry out due diligence checks for money you receive to help protect your business from financial crime and other unethical business practices. We explain the risks of financial crime in more detail in our post about due diligence for startups.
Eliza ThompsonFinancial crime is a very real and evolving problem and the impact on businesses is immense. This is especially true for new startups that lack the financial and reputational safety nets often afforded to larger companies.
At Themis, we’ve seen first-hand how criminals try to exploit weaknesses in a company’s armour. KYC checks can provide a first line of defence against this exploitation to help keep new companies safe.
Research Specialist,
Anti Money Laundering checklist for startups
Investment from an individual
Before you receive an investment, ask the investor for:
- Proof of identity
For example, a passport or national ID card, showing photograph, name, date of birth and nationality (and if they’ve changed their name, the document confirming their name change) - Proof of address – residence and (if different) permanent address
For example, a copy of a utility bill or bank statement issued within the last three months and displays name as per registration. PO Box addresses aren’t acceptable - Proof of the source of the money
Information about the investor’s occupation and the source of the funds for the investment. For example, a signed High Net Worth Investor Certificate and/or their bank statement showing the funds.
What is a High Net Worth Investor?
A High Net Worth Investor is someone who has an annual income of more than £100,000 or net assets of more than £250,00 (not including their main home and pension).
A High Net Worth Investor is someone who has an annual income of more than £100,000 or net assets of more than £250,00 (not including their main home and pension).
When you have confirmed an individual’s identity and business activities, run checks for potential financial crime risks related to this person. This due diligence is an important element of managing your risks and protecting your business from bad actors. Screen all individuals and their network connections for financial crime exposure, including sanction exposure, PEPs status, adverse media and litigation history, and other factors that could increase an individual’s financial crime risks.
Investment from an organisation
Before you receive an investment, you should ask for copies of:
- Certificate of incorporation or equivalent
And if the company name has changed, the certificate about the change of name. - Memorandum and Articles of Association (or equivalent)
- List of company directors and proof of residence for two officers
- Confirmation that the investment is made by the company, not on behalf of any other party
or - Confirmation that the investment is made by a nominee company on behalf of others
- Confirmation about the source of funds for investment
When you’ve obtained this information from an organisation, run the same due diligence checks on the organisation and its senior leadership as you would on an individual investor. Screening for potential links to criminals and illicit activity helps you verify that an organisation has no hidden connections to financial crime.
Eliza ThompsonA legitimate investor will not only understand that due diligence is a necessary part of compliance but should also appreciate that it indicates a commitment to protecting the company from potential harm, protecting their investment as well.
Due diligence helps foster a sense of trust between all parties, a key building block for a successful startup. If a potential investor seems hesitant to provide the information you request, stop to consider why and, if you decide to go ahead, how it could impact your business relationship.
Research specialist,
KYC checklist for startups
1. Ask for ID documents
If your startup needs to run KYC checks on customers and investors, you’ll need to ask for:
- Proof of identity
For example, passport or national ID card, showing photograph, name, date of birth and nationality (and if they’ve changed their name, the document confirming their name change) - Proof of address – residence and (if different) permanent address
For example, a copy of a utility bill or bank statement issued within the last three months and displays name as per registration. PO Box addresses aren’t acceptable - Date of birth
- National Insurance number
- Company incorporation documents
(if the application is for a company)
2. Run checks
Check the customer’s identity against these lists and registers:
- global sanctions and watch lists
- high-risk jurisdictions
Running checks to see if an individual is from a country considered high-risk will help to decide whether enhanced due diligence (EDD) is necessary. EDD involves collecting additional information for higher-risk customers to provide a deeper understanding of customer activity to mitigate associated risks.
- PEP registers
Lists of ‘politically exposed persons’ - crime databases and registers
Including lists of people involved in bribery and corruption - adverse media and litigation history
3. Assign the customer a KYC risk rating
The calculation for this risk assessment is based on a range of factors, including how likely it is that the customer is involved in financial crime.
If the risk assessment determines the customer is high risk, you should carry out more intensive AML checks, including:
- enhanced due diligence
- investigate the source of the customer’s money
- check for adverse media
If the risk assessment determines the customer is low risk, the AML checks can be less intensive and you’ll be able to onboard the customer faster.
4. Carry out ongoing KYC checks
After onboarding, continually monitor your customer’s activity and review their risk rating.
- Screen payments
Check the customer’s transactions. Who are they sending money to? And in what regions? - Monitor transactions
Does the customer’s behaviour match what you’d expect based on their risk rating? - Check registers and databases
Run regular checks to verify the customer does not appear on PEP or sanctions lists etc.
Companies which need to carry out KYC checks automate the process, using specialist software such as Themis Search for KYC/AML.
Eliza ThompsonWe’ve found that companies often have to navigate between multiple systems to carry out proper due diligence and KYC checks, dealing with antiquated systems to monitor clients and manage financial crime risks.
Older systems require significantly more effort to use, and are often less accurate than tech-forward systems. In contrast, new systems open up whole new lines of discovery through smarter use of data, network mapping, and visualisation of hidden connections. With next generation tech, you can integrate due diligence into your work-streams with one click of a button.
Research specialist,
Stay on top of KYC and AML with Themis
To make it easier to protect your business, you can integrate KYC, AML and ongoing due diligence as a standard business process with a tool such as Themis Search & Monitoring.
The Themis platform makes it easy for startups to check all investors for red flags and potential criminal behaviour. The software is a simple way to carry out screening, KYC onboarding, risk mapping, enhanced due diligence and automated monitoring.
With Themis Search, you get access to:
💡 Find out more at the Themis website
- over 230 different jurisdictions covered
- over 250 million company records and 280 million individual directors in over 200 jurisdictions worldwide
- political exposure (PEP) status of over 1.5 millions PEPs
- comprehensive sanctions data from over 70 different countries and OFAC, UN and EU, lists updated every 6 hours
- over 25 million adverse media articles spanning 15 years in over 40 different languages
- unique proprietary special interest list data covering convictions of specific crimes, from fraud, bribery and corruption, sanctions evasion or enablement and terrorist financing, through to more hidden crimes such as modern slavery and human trafficking, the illegal wildlife trade and other forms of environmental crime
💡 Find out more at the Themis website
Protect your startup
No-one should have their hard work undone by criminals or illegal behaviour. That’s why we’ve partnered with Themis. With our legaltech services and the powerful Themis Search & Monitoring platform, you can speed up investment deals and protect your company. With experts taking care of your legals and due diligence, you can maintain your focus on growing your business and achieving your goals.
SeedLegals members: Get 15% off Themis Search for KYC/AML (T&Cs apply, new customers only). For more offers and discounts, visit our Perks page.
