A firm shall review transactions in order to detect transactions and other activities that could be suspected to form an element of money laundering or terrorist financing.
A firm shall also regularly monitor ongoing business relationships. That means verifying and documenting to ensure that executed transactions are consistent with the information possessed by the firm about the customer, the customer's business and risk profile and – if necessary – the origin of the customer's funds.
Documents, information and disclosures related to the controls shall be kept up-to-date. The ongoing follow-up is part of the customer due diligence process and cannot be performed properly without sufficient and up-to-date documentation regarding the business relationship.
The ongoing follow-up shall be adapted to the customer's risk. A customer considered to pose a high risk requires more thorough follow-up than one considered to pose a low risk.
This ongoing follow-up consists of two parts. One part consists of continually analysing the customer due diligence data retrieved, assessing whether it is sufficient and up to date, and whether the customer's assessed risk has changed.
The other part consists of verifying the customer's transactions to see whether the customer's behaviour is in line with, or deviates from, expectations. In practice, the second part is often linked to the firm's transaction monitoring.
Documents and information about customer due diligence measures taken shall be kept by the firm for five years. The period shall be calculated from the date the measures were taken or, in the case of a business relationship having been established, from the date the business relationship ended.
If the documents or information present any indication of money laundering or terrorist financing, if a report of suspicions has been submitted to the Financial Intelligence Unit, and if an authority has informed the firm that they must be saved, documents or information shall be kept for ten years.
These documents and information shall be stored securely, electronically or on paper. The firm shall ensure that they are easy to access and identify.