KYC Checklist

Capture an unexpired passport, driver's license, or state-issued ID. CIP rule (31 CFR 1023.220) requires name, DOB, address, and ID number for every individual customer. Reject expired documents — a common NIGO reason.

Record legal name, date of birth, residential address (no PO box for individuals), and SSN or other taxpayer ID. These four data points are the CIP minimum and must match the photo ID exactly.

Entity accounts (LLC, corporation, partnership, trust) trigger CDD beneficial-owner collection for any 25%+ owner plus one control person. Individual and joint accounts skip that step. Get this right early — entity onboarding takes longer.

Articles of incorporation or organization, operating agreement or bylaws, EIN letter (CP 575 or 147C), and certificate of good standing. For trusts, collect the trust agreement and trustee certification.

Per FinCEN CDD rule, capture name, DOB, address, and SSN/passport for every individual owning 25% or more of the entity, plus one control person (CEO, managing member, etc.). FinCEN's certification form is the standard intake. Skipping ownership tiers in layered entities is a common AML exam citation.

Accept a utility bill, bank statement, lease, or government tax notice dated within the last 90 days. Cell phone bills and credit card statements are typically rejected. Address must match the CIP record.

Three-way match: photo ID address, proof-of-address document, and account application. Mismatches require either a written explanation from the customer or a second proof document. Note any discrepancy in the file.

Record annual income, liquid net worth, and total net worth using the customer-attested figures from the new account form. These drive Reg BI suitability and accredited investor determination for any private offerings.

How did the customer accumulate their wealth: salary and savings, business sale, inheritance, investment returns, real estate? A narrative answer is required; vague answers like "savings" on a $5M account warrant follow-up.

Bank ACH transfer, wire from another financial institution, ACATS in-kind transfer, rollover from a qualified plan, or check. Each funding type has different documentation expectations.

Last 60 days of bank statements for ACH, wire confirmations and originating bank info for wires, prior-firm statements for ACATS, plan administrator letter for rollovers. Document any large unexplained inflows in the prior 90 days.

EDD triggers: PEP status, high-risk jurisdiction, third-party funding, cash-intensive business, structured deposits, or initial deposit above the firm's high-value threshold (commonly $1M+). Document the EDD determination in the file regardless of outcome.

Screen the primary customer, all beneficial owners, all signatories, and any beneficiaries against OFAC SDN, consolidated sanctions, and the FinCEN 314(a) list. Save the screening report with timestamp; an OFAC hit halts onboarding pending Compliance review.

Use Refinitiv World-Check, ComplyAdvantage, or Bridger for politically exposed person and adverse media searches. PEP status doesn't reject a customer but does require EDD and senior management approval.

Combine customer type, geography, product, and source-of-funds risk into a low/medium/high rating per the firm's AML risk methodology. The rating drives review cadence — high risk every 12 months, medium every 24, low every 36.

Compile CIP documents, beneficial owner certifications, address proof, economic profile, source-of-funds review, OFAC and PEP results, and risk rating into a single client file in NetDocuments or Laserfiche. Books-and-records retention is 5 years post-account-closure under SEC Rule 17a-4.

The CCO or designated principal reviews the complete file, confirms all required elements are present, and signs off. High-risk customers also require senior management approval per the firm's AML program.