Confessions of a compliance officer: Do you trust overseas colleagues’ KYC work? Guess what …
23 Apr 2018

Does the Compliance Department get it wrong sometimes, and what happens when an extremely important KYC report turns out to be flawed? A London-based compliance officer looks back at a tricky moment he faced, and the lessons to be learnt from it. He does not wish to disclose his name or other details.

From the onset, I would like to make it clear that although compliance officers based in the UK, Africa, Asia, US or indeed elsewhere, may face similar situations to what I experienced when dealing with colleagues based in another country, we cannot paint all externally-based compliance workers with the same bad brush.

There are lots of hard-working, diligent and professional compliance staff based overseas or elsewhere who produce excellent KYC work.

I guess this particular experience comes to mind with Anglo-Russian relations featuring prominently in the news at the moment.

My mind goes back to the time when I was working at an investment bank in London and was approached by one of my colleagues, whom I’ll refer to as Maria, a Russian speaker.

She had been approached by colleagues in the Moscow office.

One of their corporate clients wanted to raise about $50 million of capital in the London markets.

Maria wanted to know what Know Your Customer (KYC) documentation she would have to obtain before anyone in the London office could conduct business with the client.

I advised her that she had to understand and document, the name of the company, she had to verify the directors’ identities and she had to understand the nature of the company’s business and the size of its turnover.

Finally, I advised her she had to comprehend and record the shareholder structure, including any beneficial owners.

She said that she would forward these requirements to the Moscow office, but that she did not envisage any problems meeting London’s compliance obligations as her Moscow colleagues assured her that they already had full KYC documentation in their files.

Beneficial ownership blues

Within a few days, she had learned that the company was in the agricultural business with an annual turnover in the region of $600 million. The founder of the company was also it’s CEO.

A Liechtenstein anstalt (or foundation) controlled 70% of the voting equity, whilst a company domiciled in Cyprus controlled 15% of the voting equity, with the remaining 15% of the shares was controlled by another Cypriot company.

Once Maria had obtained the due diligence documentation for the anstalt, I requested that she contact the company’s founder and asked whether he was the ultimate beneficial owner of the anstalt.

As expected, the founder confirmed that he controlled the anstalt and it was established for his benefit.

Maria then focussed on the remaining 30% of the share capital. She soon learned that both of these Cypriot companies had one director with a sole individual as the shareholder of record. All these four individuals were in their mid-twenties. All the required due diligence documentation was obtained for both companies as well as their directors and shareholders.

I asked Maria to find out whether the Cypriots named in the shareholder registers were the ultimate beneficial owners of the respective 15% of the company’s shares.

The company soon confirmed that they would be happy to confirm, in writing, that the named shareholders were, indeed, the ultimate beneficial owners of each bloc of the company’s shares.

I now wondered what was the link between the company’s founder – a wealthy and older man – and the four Cypriots in their mid-twenties?

Where and how did they meet?

Did they meet on a beach in Cyprus or in a nightclub on the island? How did the company benefit from the links with the Cypriots?

For example, did the Cypriots have a degree in agricultural science and could the company benefit from the knowledge they acquired whilst studying for their degrees?

The Moscow office could not answer these questions, although they had previously confirmed they had full KYC documentation on file.

They reverted to the company who, once again, confirmed that the individuals named in the companies registers were each the ultimate beneficial owner of the two blocs of 15% of shares.

The questions I posed remained unresolved. However, there was soon an unexpected development.

Guess what …

One afternoon, the company’s founder called Maria and conversed in Russian. He explained that both the 15% bloc of shares were controlled by a “silent partner”.

This person had no active involvement in the management or operation of the company.

Maria asked the company’s founder “What is the name of the silent partner?”

The founder retorted “He is a senior Russian politician, whose name I will not disclose. I gave him 30% of the company’s shares because he helped me set the company up and he helped me acquire some factories and plant.”

After Maria thanked him for the information, the call soon ended. She immediately came to see me and reported details of the conversation.

News of the call soon reached Senior Management in London.

They suggested that there may have been a misunderstanding about the contents of the phone call between Maria and the company’s founder.

The tapes of the call was soon located.

Once Maria had listened to the tape, she advised me that the contents of the call were very clear and that she stood by her initial summary of the call.

Damage control

At this point, I decided to submit a suspicious activity report (SAR) to the Serious Organised Crime Agency (SOCA) and request Consent to proceed with the transaction.

I set out the background to the proposed transaction, what we had learned about the company, the anstalt, the Cypriot companies, their directors and their shareholders.

I also explained that we had learned that an unidentified senior Russian politician beneficially controlled 30% of the company.

Within a few days of submission of the SAR, SOCA called me to advise me that Consent to proceed with the transaction was being refused as we do not know the identity of the senior Russian politician linked to the company and that we must not proceed with the transaction until he is identified.

The SOCA officer said that he would meet my request to document and send me, on SOCA headed notepaper, a note of our conversation.

Panoptic automatically aggregates and analyses key risk data across all operating jurisdictions and enables rapid application of group standards to all offices >>Learn more about Panoptic<<

Once I received the letter from SOCA I gave copies to Maria and Senior Management in London.

At this point, Maria and London colleagues had no further involvement in the proposed capital raising exercise.

She reported the reasons for the London office withdrawing from the transaction to her Moscow colleagues.

What did I learn, what did I look out for?

Looking back on this case, what are the lessons I learnt? Firstly, at times one may need to be sceptical of other branches and companies in their corporate group who inform them that they have met their local KYC obligations.

Secondly, I learnt that it’s good to ask to have sight of whatever KYC documentation they claim to have.

Thirdly, it is important to consider whether this documentation meets the KYC standards of one’s office.

Fourthly, I learnt that it’s good to for one to stand back from the transaction and information received and ask oneself: “Does this all make sense? Does the structure, as outlined, seem reasonable?”

In this particular case, I could not understand why the founder of this fairly sizeable Russian company was linked to two Cypriot individuals, who may have been fresh out of university.

Finally, it was useful that I was persistent until my doubts were resolved.

Again, in this case, I was not prepared to accept the company’s offer to confirm in writing that two Cypriot nationals beneficially owned 30% of the company.

What ever happened in the end?

As a postscript to this saga, our Moscow office continued to do business with the Russian company, notwithstanding the link to the unidentified, senior Russian politician during the due diligence exercise conducted in London.

However, some two years later, the Moscow office approached their London colleagues to request their help on another transaction for the company, which by now had its shares listed on a stock exchange.

I advised that we in London could not participate in any transaction until we ascertained who the Russian politician was and how this matter had been dealt with during the company’s flotation.

I never heard anymore after that!


This article is expressing personal opinions and is meant for information purposes only. The article does not intend to replace professional or legal advice. It is recommended that readers seek independent professional or legal advice, or speak to authorised persons/organisations.

Read more:

Confessions of a Compliance Officer: Bewilderment in the corridors of power

Confessions of a compliance officer: How I handled dodgy demands

UK anti-money laundering (AML) – Hot topics for 2018

Advance your CPD minutes for this content, by signing up and using the CPD Wallet