Know Your Customer (KYC) Checklist

Capture the registration the client wants — individual, joint, IRA, or an entity/trust. Entity and trust accounts trigger beneficial ownership collection later in the workflow, so getting this right at the outset saves a re-paper.

Reg BI requires Form CRS delivery at the first recommendation, account opening, or new service — whichever comes first. File the timestamped delivery in the client's compliance folder; missed delivery is a routine SEC exam citation.

CIP requires a physical residential address — PO boxes alone are not acceptable under 31 CFR 1023.220. For military or APO/FPO clients, document the alternate address rule applied.

SSN for individuals, EIN for entities, ITIN for non-resident aliens. Confirm against the W-9 (or W-8BEN for foreign persons) — TIN mismatches generate IRS B-notices later.

Driver's license, state ID, US passport, or passport card. For non-US persons, passport plus a second document. Reject anything expired — the file copy must show a valid expiration date as of the open date.

Screen the primary, joint owner, trustee, beneficiary, and any 25%+ beneficial owner against the OFAC SDN list and the consolidated sanctions lists. A common gap is screening the primary on day one and forgetting to screen a beneficiary added a week later.

Use World-Check, ComplyAdvantage, or LexisNexis Bridger to flag politically exposed persons, family members, and close associates. PEP status alone doesn't disqualify but it raises the customer to enhanced due diligence and triggers senior management approval.

Per FinCEN's CDD Rule, collect name, DOB, address, and TIN for every individual owning 25% or more of the legal entity. Use the FinCEN certification form or the firm's equivalent. Each beneficial owner must also be CIP-verified and OFAC-screened.

One named individual with significant managerial control — CEO, CFO, managing member, general partner, or trustee. Required even when no single owner hits the 25% threshold.

Capture intended use (long-term investment, retirement income, operating cash, trust distribution), expected funding source, and anticipated transaction volume and frequency. This is the baseline that transaction monitoring rules compare against.

Score the customer using the firm's AML risk matrix — geography (FATF-listed jurisdictions, OFAC comprehensive sanctions countries), product (cash-intensive, alternatives, foreign correspondent), customer type (PEP, NRA, MSB, cash-intensive business), and channel (in-person vs. non-face-to-face). The rating drives review cadence and EDD scope.

EDD requires senior management or BSA-officer approval before funding. Collect documentary corroboration of source of wealth (tax returns, business sale agreement, trust instrument), expand adverse-media review, and shorten the periodic-review cycle to annual or semi-annual.

Final packet: signed agreement, ADV/CRS/Reg S-P delivery receipts, photo ID, identity verification report, sanctions and PEP screens, beneficial ownership certification, risk rating worksheet, and recommendation rationale. Books-and-records retention is five years under the Advisers Act and BSA.

Tune Verafin, NICE Actimize, or the custodian's built-in rules against the expected activity captured during CDD — wire size, structuring patterns, cross-border activity, and rapid in-and-out flows. Without a baseline, every alert is a false positive.

Standard cadence: low-risk every three years, medium-risk every two years, high-risk annually. Add a CRM task with the refresh date so the periodic review actually happens — calendar gaps are the most common AML exam finding for advisory firms.