Know Your Customer (KYC) Checklist

Capture the registration the client wants — individual, joint, IRA, or an entity/trust. Entity and trust accounts trigger beneficial ownership collection later in the workflow, so getting this right at the outset saves a re-paper.

Reg BI requires Form CRS delivery at the first recommendation, account opening, or new service — whichever comes first. File the timestamped delivery in the client's compliance folder; missed delivery is a routine SEC exam citation.

Send the firm brochure (ADV Part 2A), the advisor brochure supplement (2B), and the Reg S-P privacy notice. Capture signed acknowledgments through DocuSign or RightSignature so the delivery date is in the audit trail.

CIP requires a physical residential address — PO boxes alone are not acceptable under 31 CFR 1023.220. For military or APO/FPO clients, document the alternate address rule applied.

SSN for individuals, EIN for entities, ITIN for non-resident aliens. Confirm against the W-9 (or W-8BEN for foreign persons) — TIN mismatches generate IRS B-notices later.

Driver's license, state ID, US passport, or passport card. For non-US persons, passport plus a second document. Reject anything expired — the file copy must show a valid expiration date as of the open date.

Run non-documentary verification (KBA, address-history match, SSN-trace) through LexisNexis Bridger, IDology, or the custodian's built-in tooling. Save the verification report ID — this is what the AML examiner will ask for.

Screen the primary, joint owner, trustee, beneficiary, and any 25%+ beneficial owner against the OFAC SDN list and the consolidated sanctions lists. A common gap is screening the primary on day one and forgetting to screen a beneficiary added a week later.

Use World-Check, ComplyAdvantage, or LexisNexis Bridger to flag politically exposed persons, family members, and close associates. PEP status alone doesn't disqualify but it raises the customer to enhanced due diligence and triggers senior management approval.

Possible matches need adjudication before the account is funded. Document the disposition rationale (false positive, true match cleared with additional info, or escalated to OFAC blocking) and retain the screenshot of the screening hit alongside the resolution memo.

Per FinCEN's CDD Rule, collect name, DOB, address, and TIN for every individual owning 25% or more of the legal entity. Use the FinCEN certification form or the firm's equivalent. Each beneficial owner must also be CIP-verified and OFAC-screened.

One named individual with significant managerial control — CEO, CFO, managing member, general partner, or trustee. Required even when no single owner hits the 25% threshold.

Capture intended use (long-term investment, retirement income, operating cash, trust distribution), expected funding source, and anticipated transaction volume and frequency. This is the baseline that transaction monitoring rules compare against.

Source of funds is what's funding this account today (employment income, ACATS from prior advisor, business sale proceeds, inheritance). Source of wealth is the broader narrative (career earnings, family wealth, business equity). High-risk and PEP customers require corroborating documentation, not just a self-attestation.

Score the customer using the firm's AML risk matrix — geography (FATF-listed jurisdictions, OFAC comprehensive sanctions countries), product (cash-intensive, alternatives, foreign correspondent), customer type (PEP, NRA, MSB, cash-intensive business), and channel (in-person vs. non-face-to-face). The rating drives review cadence and EDD scope.

EDD requires senior management or BSA-officer approval before funding. Collect documentary corroboration of source of wealth (tax returns, business sale agreement, trust instrument), expand adverse-media review, and shorten the periodic-review cycle to annual or semi-annual.

For BD reps, write a brief best-interest memo: account type considered, alternatives, why this recommendation fits the client's profile and stated goals. Reg BI exams pull files looking for the why — checkbox-only suitability forms are a known weakness.

Final packet: signed agreement, ADV/CRS/Reg S-P delivery receipts, photo ID, identity verification report, sanctions and PEP screens, beneficial ownership certification, risk rating worksheet, and recommendation rationale. Books-and-records retention is five years under the Advisers Act and BSA.

Tune Verafin, NICE Actimize, or the custodian's built-in rules against the expected activity captured during CDD — wire size, structuring patterns, cross-border activity, and rapid in-and-out flows. Without a baseline, every alert is a false positive.

Standard cadence: low-risk every three years, medium-risk every two years, high-risk annually. Add a CRM task with the refresh date so the periodic review actually happens — calendar gaps are the most common AML exam finding for advisory firms.

The CCO or BSA officer reviews the complete file and signs off before the account is funded. For high-risk and PEP customers, sign-off must be senior-management level and documented in the meeting minutes.