Accounting and audit practices are expected to maintain a clear, repeatable AML workflow that is defensible under review. This guide outlines a practical process you can adapt for firms of any size. Note: AML screening (PEP, sanctions, adverse media, enforcement) is distinct from identity verification; this article focuses on screening, not face/ID checks.
1) Define when screening is required
- At onboarding: new clients, beneficial owners, directors, key controllers, and connected parties.
- On trigger events: ownership changes, unusual transactions, new jurisdictions, negative press.
- Periodically: risk-based (e.g., at least annually for higher risk).
2) Scope who and what to screen
- Individuals: clients, UBOs, directors, signatories.
- Entities: client companies, SPVs, major suppliers when relevant.
- Data points: legal name variants, transliterations, DOB/country, company numbers.
3) Perform checks and reduce false positives
- PEP: identify roles (current/former), relatives/close associates; record the basis for your conclusion.
- Sanctions: cover UN, EU, US, UK and local lists; verify that matches align on multiple identifiers.
- Adverse media: focus on credible sources and recent material; prioritize themes (fraud, bribery, tax, trafficking).
- Regulatory/enforcement: look for fines, bans, exclusions relevant to the client’s sector.
4) Decide on standard vs. enhanced due diligence
Use a risk score (e.g., jurisdiction + occupation + exposure + match severity). If risk is elevated, escalate to enhanced due diligence (EDD): obtain more documentation, validate sources, and require senior review before onboarding or continuing the engagement.
5) Document, retain, and monitor
- Evidence: save reports, timestamps, analyst notes, and rationale for decisions.
- Retention: align with local rules; store in a way that is easy to retrieve during audits.
- Monitoring: set a cadence (e.g., quarterly or event-driven) for higher-risk clients; ensure alerts feed back into the file.
StartKYC provides AML screening to support this workflow with a pay-as-you-go model, Tier-1 data coverage, adoption by thousands of clients, optional 12-month monitoring at the same cost as a one-off search, responsive customer service, bulk import via CSV or API, and multi-user access with no additional fees.