KYC CDD Certificate Course Syllabus

Audience
ACAMS KYC CDD focuses on research skills—how to better assess, explore, organize, and present—in the
context of customer due diligence. The primary target is the frontline analyst, teaching skills that benefit new and
experienced employees, especially as regulator expectations increase regarding beneficial owners. This course
assumes the employer has already introduced that organization’s unique roles, processes, systems, and common
cases. It will use only generic forms or processes that won’t conflict with each organization’s own. To bring all
learners to a shared baseline of terminology, concepts, and processes, the course starts with the “KYC CDD:
Essentials” video and then builds from there.

The course is written and presented by due diligence experts working around the world. It pulls examples from
many countries, and is globally appropriate. The lessons and examples are relevant to any industry. A primary
focus is “financial institutions,” including banks, credit unions, insurance, MSB, securities broker-dealers, credit card
issuers, alternate payment systems, etc.

Course structure
ACAMS KYC CDD allows you 4 calendar weeks to complete 4 hours of coursework, including a final
assessment. You will be guided using a learning path on ACAMS’ learning management system (LMS). Follow
carefully all instructions. 4 weeks from the course start date your access expires.

Assignment Format Download from LMS

Week One 30 mins – VIDEO Video: Self-paced, available PDF quick reference
“KYC CDD: Essentials” anytime

Week Two 90 mins – VIRTUAL Live event: See LMS for PDF slides
CLASSROOM date/time. Afterward a
“Finding Answers” recording will be on the
LMS.
Week Three 90 mins – VIRTUAL Live event: See LMS for PDF slides
CLASSROOM date/time. Afterward a
“Making the Case” recording will be on the
LMS.
Week Four 15 mins – HOMEWORK Self-paced, available PDF assignment
anytime
15 mins – ONLINE Self-paced, available PDF ACAMS
ASSESSMENT anytime certificate

Live virtual classroom events are pre-scheduled before you purchase the course. Be sure to attend both. A
recording will be available to you a few days after each live event.

To earn the certificate you must pass the assessment within the 4 weeks. The assessment has 20 questions.
The minimum passing score is 80%. Multiple attempts are allowed. When you pass, your ACAMS Certificate will be
available in the learning path itself. Click to download a PDF. ACAMS will automatically add 4 CAMS Credits to
your profile.

Technical requirements
The course is compatible with most operating systems and browsers to make it easy to participate. The video,
homework, and final assessment are mobile-friendly. The virtual classroom uses Webex Event Center which
currently does not support mobile devices. The ACAMS Learning Management System (LMS) is
https://acams.exceedlms.com. Contact your organization’s IT department for assistance.

© ACAMS. All rights reserved. Course Syllabus v1.0 updated 15AUG2016 page 1
All information is subject to change.
30-minute self-paced video “KYC CDD: Essentials”
Purpose: To bring all learners to a shared baseline of terminology, concepts, and processes prior to the live virtual
classroom events.

Structure: Packed with examples, red flags, what-ifs, poll questions, and other activities to engage and motivate
the learner.

• Who is your customer?

o Examples (FI is focus but use broad list across industries)
 Account holders
 Signatories
 Other bank products (e.g., safety deposit boxes)
 Policy holders
 Etc
• Why do you need KYC/CDD?
• Primary driver is regulatory risk
o Primary audience is regulator
o What does regulator want to know?
• Do you understand the nature of the customer and their account activity
 Why does the regulator want to know that?
 To what level of detail?
• Secondary driver is business risk
o Secondary audience is internal
o What do internal partners want to know?
 Why does internal want to know that?
 To what level of detail?
• What is “risk”?
• What is risk in KYC/CDD context?
• How is risk measured?
o Risk Factors
 Corruption perception index
 Cash intensive
 Trade finance
 Correspondent banks
 Geographics
 Etc.
o Automatic High Risk Factors
 Negative news, PEPs, Sanctions, existing SAR
• How does a KYC analyst influence risk?
• KYC/CDD roles (very generic)
• KYC/CDD terminology (very generic)
• Establishing the terminology for the course (while acknowledging that you can use what you want)
o Customer information
o SDD (standard)
o EDD (enhanced)
o Beneficial ownership
• How do you know your customer?
• Research skills
o Assess (ask, plan, prepare, assess)
o Explore (investigate, search, interview)
o Organize (gather, align, collect, clarify, iterate with Explore step)
o Present (write, document, persuade, defend—internal and external audiences)
• Systems and tools commonly used in KYC
• Benefit statement: Personal, to employer, to society
• Call to action: Improve your personal commitment to KYC
© ACAMS. All rights reserved. Course Syllabus v1.0 updated 15AUG2016 page 2
All information is subject to change.
90-minute live virtual classroom “Finding Answers”
Purpose: Teach and motivate the first two research skills (“Assess” and “Explore”).

Structure: Packed with examples, red flags, what-ifs, poll questions, and other activities to engage and motivate
the learner. Learners should be able to recall the overall skills of Assess, Explore, Organize, Present.

• Review of “Essentials” video

• Research skills - Overview
o Assess – What do you need to know?
o Explore – Where can I find the answers?
o Organize – How do I make my customer information meaningful
o Present – How do I present my customer information in a manner to fulfill its purpose, i.e., aid in
the detection of suspicious activity?
• Assess
o Who is my target audience?
 The simple answer is regulators, but that misses the point. Your work will be relied on by
others within your firm throughout the lifecycle of the customer relationship.
 During transaction monitoring, others will rely on your work-product when determining
whether observed activity/red flags are suspicious
o What do they need to know?
 Identify the customer
 Understand the nature of the customer’s account
o Identifying the customer
 Goal: Form a reasonable belief that the customer is who it claims to be
 What do I need to know and what do I already have?
• Customer Identification – Natural Person
o Basic Identifying Information
 Name
 Address
 Date of Birth
 Identification Number
o Documentary Verification
 The best documents are those issued by a government and are
difficult to forge
 Examples
• Driver’s License
• Government Identification Card
• Passport
o Non-Documentary Identification
 Contacting the customer
 Use of proprietary databases
 Third party reports, like credit reports,
 Obtaining a financial statement
o Resolving Discrepancies
o Failure to Verify
• Customer Identification – Non-Natural Person
o Basic Identifying Information
 Name
 Address
 Identification Number
o Documentary Verification
o Non-Documentary Verification
o Resolving Discrepancies
o Failure to Verify
© ACAMS. All rights reserved. Course Syllabus v1.0 updated 15AUG2016 page 3
All information is subject to change.
 •
Nature and purpose of business for legal entities
•
Source of wealth/funds
•
Beneficial Ownership
o What is the appropriate threshold?
o Who is a beneficial owner?
o What sources can I use?
 Europe will have a registry that contains
• Name
• Month and year of birth
• Nationality
• Country of residence, and
• Nature and extent of beneficial ownership held
 United States
• Beneficial Ownership Prong
• Control Prong
• Verification Prong
o What else do I need to know?
 Do I know enough already? What is reasonable?
• While collecting the above information may meet the letter of the law, it may fail to
meet the intent of the law, i.e., forming a reasonable belief as to the identity of the
customer. Final intent is to be able to use the data in determining whether a
SAR/STR needs to be filed
 Are my efforts redundant to what others have done?
• Check your jurisdiction and your firm’s policy about reliance provisions
• Although reliance provisions make KYC easier, it does not necessarily absolve
your firm from being accountable if reliance was unreasonable
 Did I meet the needs of each audience (as discussed earlier)?
o What else do I need to know: Customer Due Diligence
 The purpose of customer due diligence is to understand the nature and purpose of the
account.
 Information collected will be organized in a meaningful way, i.e., creating a customer profile
 What is Customer Due Diligence?
• CDD is not only about identifying your customer, but also assessing the risks.
• It is in conducting customer due diligence that the term “risk based approach” is
often used
o A risk based approach means assessing and understanding the varied
applicable risks and then taking appropriate steps to mitigate those risk to
an acceptable level
 General categories of risk and risk factors
• Customer
o Line of business/occupation
o Entity type
o Length of incorporation, etc
• Geography
o Place of residence
o Place of incorporation
o Major place of business
o Nationality
o Destination of transactions/location of related account parties
• Products
o Are the products high risk that are to be used
o Will there be cross-border transactions
• Delivery Channels
o How was the account opened?
o How will the account be used?
• Expected Transaction Value & Volume
© ACAMS. All rights reserved. Course Syllabus v1.0 updated 15AUG2016 page 4
All information is subject to change.
  The information collected through the customer identification most likely will not be
sufficient for purposes of understanding the nature and purpose of the account
• Explore
o Which answers to the above questions are likely from what sources?
 Evaluating quality of sources : Primary Sources v. Secondary Sources
 Primary Sources - These are customer interviews, original (or verified duplicates)
documents, and other documents/evidence provided by the customer or otherwise
certified by an authoritative third party (e.g., government entity)
 Secondary Sources - These are sources other than first-hand sources/primary sources. Its
reliability and veracity is not as solid. Google, Wikipedia, Facebook page,
o Adverse Media (Negative News)
 Bad vs. Relevant
• The purpose of our career is more than just preventing “bad” people from
accessing the financial system
• Adverse Media has to be relevant to either a predicate money laundering offense
or controls related to anti-money laundering (including sanctions). This makes it
relevant (material).
• Negative News Search String
• In the next session, we will discuss how adverse media factors into the
organization and creation of a customer profile.
 Bad, but not relevant
• In the course of researching, you will come across individuals/corporations
connected with domestic violence, unpopular groups, businesses that are
traditionally considered immoral, and the whole gambit of possibilities
• Knowledge Check: John Doe wants to open an account. When conducting a
negative news search you find many different news events that give you pause. Of
the following news events found on John, which would be relevant to deciding
whether to open an account:
o (multiple examples of “bad” but not “relevant”)
• PEPs/Embassies
o Definition of a PEP
o Case Study – ABN AMRO
• Sanctions lists (brief, promote other course)
• Proprietary Sources
o There are numerous third party vendors
• Open Sources
o Google
o Yahoo
o Secretary of State
o EU Registry
o Central Bank Registries (e.g., MSBs)
o Additional useful internet sites
o Social media
o Deep web searches
o Corporate information from trade registry/corporate information databases
 Ownership details
 Management
 Nature and purpose of business
o How to do more effective searches
 Internet searches
• Word Strings
o In English including terms of (corruption, money laundering tax evasion,
litigation, bribery etc.)
o In local language of the country where the customer is based
• Boolean logic
• Key Words/Phrases
© ACAMS. All rights reserved. Course Syllabus v1.0 updated 15AUG2016 page 5
All information is subject to change.
 • Narrowing results
 Document searches
o How to do more effective interviews
 Interpersonal skills
 Quality/reliability of information gained
 Cross-verify with information from public sources
o Regulations around research methods and documentation
 Internal processes and procedures in line with data protection laws
 How to document my research as I go
 Develop document research steps
 Keep track of searches done including search strings and key words used
 Develop research notes
 Input information in report as I go along
 Positive results
 Negative results (absence of information)
• Knowledge checks throughout and final assessment practice questions
• Benefit statement: Personal, to employer, to society
• Call to action: Practice research skills. Congratulations! You are now swimming in data. But what do you do
with it? That is the next live virtual classroom.

© ACAMS. All rights reserved. Course Syllabus v1.0 updated 15AUG2016 page 6
All information is subject to change.
90-minute live virtual classroom “Making the Case”
Purpose: Teach and motivate last two research skills (“Organize” and “Present”).

Structure: Packed with examples, red flags, what-ifs, poll questions, and other activities to engage and motivate
the learner. Learners should be able to recall the overall skills of Assess, Explore, Organize, Present.

• Continue the story arc

o Characters (with learner as frontline KYC analyst)
o Situation
o Cliffhangers at KYC analyst decision-points
• Review of “Finding Answers” session
• Research skills
• Organize
o Data does not become really meaningful until it is organized in a meaningful way (e.g., Bloomberg
relies on publicly available data for the most part, but it becomes valuable as it is organized in a
meaningful and accessible way)
o Develop report template and research topics
o Structure research notes into report format
o The Customer Risk Rating Model: Linking Questions to Answers
 Inputs
• The CRR Model is used to risk rate your customer into risk categories, generally
high, medium, or low (or some variation)
• For every risk factor, the analyst should be able to link information gathered during
the Explore step
• Every piece of information inputted into the CRR model should have a clearly
identifiable source
 Common Risk Factors
• Suppliers/Dealers
 Identifying Gaps in Research
• Common concern is that analysts don’t want to burden customers with inquiries or
otherwise cause a burden for account opening and scare the customer to
somewhere else
• Make a list of follow-up research steps to fill the gaps and answer unanswered
questions
 Minimum regulatory requirements
o Name
o Address
o DOB
o Blacklist searches (external: SDN, OFAC, EU Sanctions etc. and internal)
o Purpose and nature of business activities
o Legal entities – incorporated and date and activity
 Risk Based Approach
o Develop risk indicators and research questions – check list
o Develop system to assess the risks
o Generating a score and risk category
 Beneficial ownership (continuing the topic)
• Identify legal UBO of any legal entities – 25% threshold
• Is the legal UBO also the person who controls the legal entity - with high risk
• Enhanced Due Diligence
o Determined by risk category
o If enhanced due diligence is applied prescriptively, is it still enhanced due diligence
(negates the idea of a risk-based approach)
o EDD is an iteration of the previously mentioned Explore step
 Basic principles - Onsite visits/call reports
• Is there an actual physical store or place of operations
© ACAMS. All rights reserved. Course Syllabus v1.0 updated 15AUG2016 page 7
All information is subject to change.
 • Does the business actually do what it clams or appear to be legitimate
 Collecting Source of Wealth
• Definition of Source of Wealth
• Difference between Source of Wealth and Source of Funds
o Issues of focus
 Based on Risk Assessment undertake enhanced due diligence on high risk
clients
• Undertake in-depth research into customer, related entities and
individuals
• Research into any litigation or regulatory risks
• Research into any political risks
• Additional in-depth media research
• Assessment of overall reputation and integrity
• In-house function or outsourcing?
• What kind of a due diligence product do we need?
• Public records only or also source enquiries (also known as Business
Intelligence or Corporate Intelligence)
o Enhanced Due Diligence research tools
 Importance of indirect search
 Additional useful internet sites
 Social media
 Deep web searches
 Media sources in country
 Litigation sources
 In-country sources
 Build table - All the things already done in left-hand column – new points in
right column. Need to have your procedure – revert to procedure regarding the
topic of enhanced due diligence and outsourcing
o Other issues
 Any indirect links to PEPS or other high risk individuals/entities, sectors,
products etc.
o Periodic refreshes / monitoring requirements
o This “Organize” step iterates with Explore step until results are adequate
• Present
o Document, document. document
o Creating a customer profile
 Drafting
• How to structure a KYC summary?
o Identify key issues of concern
o By Risk Category
o By highest risk factors to lowest risk factors
o Some other means
• How to write succinctly
• What to escalate?
• Appealing to an internal auditor and/or external audiences
 Content of Customer Profile
• Official company registry
• Passports
• Value and Volume of transaction
• Geographic profile
• Product profile
o Cross-border transactions
o Cash products
• Line of business
• Nature/purpose of account
• Exceptions or irregularities in the onboarding process
© ACAMS. All rights reserved. Course Syllabus v1.0 updated 15AUG2016 page 8
All information is subject to change.
 •
Any red flags
•
Source all information using hyperlinks or reference to where the information was
retrieved (e.g. NYT, 3. April 2016)
o Structure the information
• State which information was found and where it was retrieved from
• State which information could not be retrieved and why not (e.g. litigation records
in Germany are not publicly available and could therefore not be searched)
• Summarize key findings
• Outline recommendations and risk mitigation measures
 How to structure a compelling case
• Structure the information
• State which information was found and where it was retrieved from
• State which information could not be retrieved and why not (e.g. litigation records
in Germany are not publicly available and could therefore not be searched)
• Summarize key findings
• Outline recommendations and risk mitigation measures
 How to write succinctly
• Short sentences
• Check out style guides
 Use visualization tools for ownership structures if appropriate
 What to escalate
 Appealing to internal and/or external audiences
• Summary includes everything relevant for senior management
• PowerPoint presentations if necessary for workshop/discussion
 Remember why we are doing this and come back to the former topics. Touch on who the
audiences are - we talked about the regulator what do we have to tell them – think of how
you might want to talk to the regulator but because my audience is this I also need to say
the following – they should feel confident that their approach will work for all audiences
o Maintaining the Customer Profile
 Periodic (1,2,3)
 Event Triggered
• Filing of SAR
• New signatories
• New line of business
• New use of product
o Terminating the customer relationship/off-boarding
 When you terminate someone you need to document that you did it for an AML purpose –
otherwise the regulator will not credit you – have to present a strong case - the issue in
order to solve discrepancy. De-risking - Work with your organization legal department on
how to do that – only little time on this.
• Red flags (worked in throughout the entire course)
o Typical red flags per customer, country, sector, product
o Can red flags be mitigated or can the risk be managed
o Develop excel table to build red flag typologies based on results and new red flags identified in own
research
• Case examples, practices, and polls throughout – especially beneficial ownership
o Case studies highlighting research question, research approach, red flags identified, risk
assessment
o Regions/Topics for case studies
 Western Europe (ongoing litigation identified in deep web and critical comments on social
media)
 Eastern Europe (corruption / issues of PEPS and not transparent UBO)
 Middle East (CFT allegations / PEP issues, political situation (e.g. Arab Spring)
 Africa (Angola or DRC – correspondent banking, transparency source of wealth)
• Knowledge checks throughout and final assessment practice questions
• Benefit statement: Personal, to employer, to society
© ACAMS. All rights reserved. Course Syllabus v1.0 updated 15AUG2016 page 9
All information is subject to change.
 • Call to action: Prepare for final assessment

15-minute homework assignment

Purpose: To encourage engagement with other diligence professionals

• Discussion forum registration and post/comment on relevant topic

© ACAMS. All rights reserved. Course Syllabus v1.0 updated 15AUG2016 page 10
All information is subject to change.