Know-your-customer framework
Question
Who is the counterparty, is the source of funds clean, and does the relationship pass the firm's risk tolerance?
Inputs
| Input | Source |
|---|---|
| Identity documents | Passport, government identifier, certificate of incorporation |
| Beneficial ownership | Cap table, register of beneficial owners, ownership declarations |
| Source of funds | Bank statements, sale documents, tax records, on-chain proof of ownership |
| Source of wealth | Compensation history, business sale records, inheritance documentation |
| Sanctions screens | Sanctions lists (multiple jurisdictions), politically exposed person lists |
| Adverse media | Public databases, dedicated screening providers |
| Risk classification | Geography, business type, transaction profile, expected activity |
The framework applies to legal entities and natural persons. Crypto counterparties add wallet-level diligence on top.
Procedure
- Collect identity. For a natural person — government identifier and a recent address proof. For an entity — formation documents, ownership chart, board resolution authorizing the relationship. For a wallet — proof of control (signed message) and provenance.
- Determine beneficial ownership. Identify every person who owns more than the threshold (commonly twenty-five percent). For each beneficial owner, run the natural-person flow.
- Document source of funds. Where did the money for the transaction come from. Three months of statements is the minimum; for large transactions, the documentation goes back further.
- Document source of wealth. Where did the broader wealth come from. Income, business sale, inheritance, investment proceeds. Source of funds and source of wealth are not the same — funds is for this transaction, wealth is for the relationship.
- Screen against sanctions and politically exposed person lists. Every named party, every beneficial owner, every authorized signatory. Re-screen on a schedule — monthly or quarterly — not just at onboarding.
- Screen adverse media. Negative news, criminal records, regulatory findings. Note every hit. Resolve every hit before approval.
- Classify the risk. Geography (high-risk jurisdiction or not), business type (high-risk sector or not), expected transaction profile (frequency, size, counterparty types). The classification drives the monitoring intensity.
- Run the rules engine. Each documented input feeds a rule. The rule passes, fails, or escalates. Failures block onboarding. Escalations route to a senior reviewer.
- Stage for approval. The compiled file goes to the compliance or onboarding reviewer. The reviewer approves, declines, or requests more information. Approval triggers monitoring.
- Monitor. Transaction monitoring against the expected profile. Periodic re-verification. Trigger events (sanctions list updates, adverse media, transaction anomalies) re-open the file.
Gates
- Beneficial owner threshold not met (every owner above the threshold needs natural-person diligence)
- A sanctions hit is unresolved
- Source of funds documentation does not cover the planned transaction size
- Risk classification is missing or stale
- The file is approved without a named reviewer
- Periodic re-verification is overdue
- Crypto wallet provenance cannot be established beyond the most recent transfer
Output
A reviewed file that either approves the relationship (with monitoring parameters) or declines it (with a recorded reason). Every step is auditable. The reviewer's signature binds the firm's risk tolerance.
Common Mistakes
- Collecting documents but never reading them — onboarding becomes a checklist instead of a judgment
- Re-screening only at onboarding (sanctions and adverse media move continuously)
- Treating source of funds and source of wealth as the same evidence
- Skipping the beneficial owner chain at the first layer (look through, not just at)
- For crypto — accepting wallet provenance from a single hop instead of tracing the full path
- Declining a relationship without recording the reason (denied parties can re-apply, the record matters)
Adjacent Methods
- Investment committee memo — counterparty diligence feeds the deal memo
- Earnings analysis — periodic re-evaluation as the counterparty's profile changes
Questions
Have I looked through the beneficial owner chain, not just at the first layer?
- Is the source of funds distinct from the source of wealth?
- Are sanctions and adverse media screens scheduled to re-run, not just at onboarding?