Client Offboarding Best Practices to Strengthen AML Compliance

Client offboarding involves strategically terminating business relationships with a client. In the context of Anti-Money Laundering (AML), Countering the Financing of Terrorism (CFT) and Counter Proliferation Financing (CPF) compliance, client offboarding becomes necessary when the business relationship with the client is incompatible with the AML/CFT/CPF processes of the Regulated Entity. Timely offboarding helps the Regulated Entity in protecting itself against Money Laundering (ML), Terrorism Financing (TF), and Proliferation Financing (PF) risks.

This Blog discusses the importance of client offboarding in the context of AML/CFT/CPF compliance, the circumstances that necessitate it, the best practices of client offboarding and the step-by-step procedure to ensure smooth client offboarding as a part of the Regulated Entity’s AML/CFT/CPF Program.

What is Client Offboarding?

Client offboarding is the strategic termination of a business relationship with a client conducted with the objective of protecting the Regulated Entity from ML/TF or PF risks. The decision to offboard a client is taken in accordance with the Regulated Entity’s internal Client Acceptance and Exit Policies. These policies are made while keeping in view the AML/CFT/CPF law and regulations in Singapore, which facilitates the effective compliance of the Regulated Entity’s AML/CFT/CPF obligations.

Circumstances Necessitating Client Offboarding

The following circumstances necessitate Regulated Entities to make the decision to offboard a client:

Compliance with AML/CFT/CPF Regulations

Compliance with Targeted Financial Sanctions

Under Singapore’s sanctions regime, Regulated Entities are required to conduct Sanctions Screening on their customers to detect if a customer is a ‘Designated Person’ under the United Nations Act, 2001 and UN Regulations or a terrorist or terrorist entity under the Terrorism (Suppression of Financing) Act. 2002. If the Regulated Entity suspects that a client is sanctioned, it needs to undertake the following steps:

  • Decline to enter into or terminate any transactions with the customer
  • Freeze the customer’s funds and other financial or economic assets
  • File a Suspicious Transaction Report (STR) with the Suspicious Transaction Reporting Office (STRO) or inform the Monetary Authority of Singapore if the Regulated Entity is a Financial Institution

Therefore, AML/CFT/CPF laws require Regulated Entities to terminate business relationships and transactions with a customer suspected to be sanctioned.

Amendment in AML/CFT/CPF Regulatory Regime

When AML regulations in Singapore are amended, there may be a need to offboard certain categories of customers as required under the amendments. For example, if the Singapore authorities introduce an amendment in the law restricting the engagement with countries subject to the Financial Action Task Force (FATF) ‘Call for Action’, then Regulated Entities would be mandated to offboard the clients from these countries.

ML/TF and PF Risks Posed by Customer Exceed Risk Appetite of the Regulated Entity

Risk appetite is the amount of ML/TF and PF risks Regulated Entities can effectively manage through their internal risk management and control practices. When the ML/ TF or PF risks posed by customers exceed the risk appetite of a business, offboarding may become inevitable.

Derisking

Derisking is a process adopted by businesses to end or restrict business relationships with a client to avoid ML/TF and PF risks posed by them. When ML/TF and PF risks cannot be managed or mitigated, derisking becomes necessary. However, Regulated Entities should not adopt blanket derisking to avoid issues such as reputational damage, exclusion of legitimate customers, etc.

Client’s Failure in Know Your Customer (KYC) and Customer Due Diligence (CDD)

Another reason for client offboarding is if the client does not provide requested documentation or fails a background check at the time of KYC and CDD processes. These can raise suspicions, leading to a deeper investigation, requiring additional information or documents from the client or termination of a business relationship, depending on the Internal Policies, Procedures and Controls (IPPC), which are tailored to specific risks of every business.

For example, the client is assessed as high-risk, and the Regulated Entity has requested the necessary information and documents pertaining to the client’s source of funds and wealth. However, the client is hesitant to share these documents. In the absence of completion of the Enhanced Due Diligence process as part of the CDD process, the Regulated Entity must offboard the client, as required under the IPPC, to ensure compliance with AML regulations.

Increased Costs Associated with Know Your Customer (KYC) and Customer Due Diligence (CDD)

Client off-boarding also becomes necessary when the cost involved in adequately completing the KYC and CDD is higher than what Regulated Entities can effectively manage, given their available resources.

Why Is Client Offboarding Essential in Certain Circumstances?

Client offboarding is necessary in the above-discussed circumstances for the following reasons:
  • Preventing exposure to ML/TF and PF risks
  • Complying with AML/CFT/CPF regulatory requirements and reducing the cost of non-compliance
  • Building a positive reputation as a law-abiding and compliant business
  • Effective ML/TF and PF risk management
  • Maintenance of the Regulated Entity’s integrity, transparency, and financial health
After discussing the essential questions with respect to client offboarding, the blog now details the best practices to be adopted for a smooth and effective client offboarding process.

Best Practices of Client Offboarding Process under AML Compliance

Defining Risk Appetite

As a part of the Regulated Entity’s AML/CFT/CPF compliance, it is required to conduct an Enterprise-Wide Risk Assessment (EWRA). EWRA involves a thorough assessment of the ML/TF and PF risks a Regulated Entity is exposed to, as well as the likelihood and impact of such risks. This is the inherent risk or gross risk that the Regulated Entity faces. Based on the risks assessed, the Regulated Entity can adopt appropriate and proportionate risk control measures. This is the foundation of a risk-based approach.

Based on the EWRA, Regulated Entities can define their risk appetite. Risk appetite is the amount of ML/TF and PF risks Regulated Entities can effectively manage through their AML/CFT/CPF IPPC. It differs for each business and varies as the business of the Regulated Entity changes and grows.

Client Offboarding Best Practices to Strengthen AML Compliance
With a defined risk appetite, Regulated entities can take informed decisions regarding client’s offboarding in a timely manner.

Since risk appetite keeps changing, it also helps Regulated Entities decide to offboard a client if customer’s risk profile changes, or risks emanating from them become unacceptable after some time.

Defining and Implementing Robust Client Acceptance and Exit Policy

As a part of their IPPC, Regulated Entities should form and implement robust Client Acceptance and Exit Policy. These policies must specify the procedures for client acceptance and onboarding, including Customer Due Diligence (CDD) and Know Your Customer (KYC) procedures. Regulated Entity should also define the circumstances that would warrant a review of the relationship with the customer and the procedure to offboard a customer when required. The Client Acceptance and Exit Policies must align with the overall AML obligations and risk appetite of the Regulated Entity.

Reviewing the Decision to Offboard a Client

Whenever a Regulated Entity comes across a circumstance that would necessitate client offboarding, it should investigate the business relationship with the client and make an informed decision as to whether client offboarding is necessary. Client offboarding without due consideration of customers’ risk profiles, can be an excessive measure indicating ineffective ML/TF and PF risk management.

Record-Keeping of Client Offboarding Process

When the Regulated Entity decides to offboard a client, it should maintain records pertaining to the business relationship with the customer for at least five years from the end of the business relationship. The documents that need to be maintained include the following:
  • Suspicious transactions related to the client reported to Suspicions Transaction Reporting Office (STRO)
  • KYC and CDD records collected
  • Documents capturing the reason for offboarding the customer
  • Client communication related to the offboarding
  • Offboarding procedure followed
  • Any other document that seems necessary

Ensuring Privacy and Confidentiality of Customer Data

While offboarding a client, the Regulated Entity must ensure that customer data remains secure. The regulated Entity needs to ensure that there is no risk to the privacy and confidentiality of any information related to the customer. It must not be made accessible to any unauthorised person.

Employee Training Regarding Client Offboarding Process

Client offboarding is a significant part of the AML/CFT/CPF IPPC of a Regulated Entity. Employees of the Regulated Entity need to be trained to carry out the client offboarding process to ensure that it is conducted in a smooth manner. The employees need to be trained in the following aspects:
  • Knowledge of the Regulated Entity’s business’s risk appetite
  • Awareness of AML/CFT/CPF regulations in Singapore related to client onboarding and offboarding and associated compliance requirements
  • The AML/CFT/CPF EWRA of the business
  • Transaction monitoring procedures
  • Red flags indicating ML/TF and PF risks
  • Customer Risk Assessment and risk profiling
  • Soft skills pertaining to effective communication with clients
  • Client Acceptance and Exit Policies, including templates for documenting the decision to offboard, communication with the client, etc

Step-by-Step Client Offboarding Process

The blog now provides a step-by-step procedure that can be followed to ensure a smooth and professional client offboarding process. These steps are as follows:

Detect Circumstances that Warrant Client Offboarding:

Circumstances such as matches found during sanctions screening or ML/TF and PF risks beyond the risk appetite of the Regulated Entity. Regulated Entities should be vigilant in detecting these circumstances in a timely manner. However, the Regulated Entity needs to be mindful of not offboarding a customer right away if doing so would result in “tipping-off” such a customer

Review the Business Relationship with the Client by Conducting a Customer Risk Assessment:

If the customer’s name does not appear in the sanctions list, not requiring immediate offboarding, then the next step is to conduct a proper analysis of the business relationship to assess the ML/ TF and PF risks posed by the client by conducting a Customer Risk Assessment. Customer Risk Assessment is the process through which Regulated Entities assess the ML/TF and PF risks posed by a customer and categorise them into low, medium, or high-risk categories based on the degree of ML/TF and PF risks they pose to the Regulated Entity.

Compare the ML/TF/PF Customer Risk Assessment with the Risk Appetite of the Regulated Entity:

The Regulated Entity should compare the risks posed by the client assessed through the Customer Risk Assessment with the risk appetite of the business, to assess whether the risks can be managed by the Regulated Entity effectively.

Take the Decision Regarding Client Offboarding:

After conducting risk assessment and comparing it with risk appetite, the Regulated Entity will be able to take informed decision regarding offboarding.

Seek Senior Management Approval if Necessary:

There may be situations where senior management approval is necessary for offboarding. For example, if the client is an important customer or regulatory reporting and offboarding are necessary. Such approval should be sought promptly.

Record-Keeping of all Documents Related to Client Offboarding:

Records should be kept for all documents related to the business relationship with the client and the decision to offboard the client, including the rationale that necessitated offboarding for at least five years as required under AML/CFT/CPF regulations of Singapore.

File Suspicious Transaction Report When Necessary:

When a match is found during sanctions screening, or the Regulated Entity detects suspicious activity or transactions, a Suspicious Transaction Report (STR) should be filed.

Communicate to the Client Regarding Offboarding Without “Tipping Off”:

The client should be informed regarding offboarding in a professional and timely manner, without tipping them off regarding filing of the STR, so that the investigation process is not impeded.

Conclusion

Imbibing the above best practices and step-by-step procedures while terminating business relations with a client offboarding ensures a professional and smooth client offboarding process.

About the Author

Linkedin

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 7+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.