KYC and AML Considerations in OTC Markets
intermediatePublished: 2026-01-01
KYC and AML Considerations in OTC Markets
Know Your Customer (KYC) and Anti-Money Laundering (AML) programs are essential controls for OTC derivatives markets. These requirements ensure that firms understand their counterparties, detect suspicious activity, and prevent the use of financial markets for illicit purposes. Regulatory expectations continue to increase, with significant penalties for non-compliance.
Definition and Key Concepts
KYC Components
| Component | Description |
|---|---|
| Customer identification (CIP) | Verify identity of customer |
| Customer due diligence (CDD) | Understand customer and risk profile |
| Enhanced due diligence (EDD) | Additional scrutiny for high-risk |
| Beneficial ownership | Identify controlling persons |
| Ongoing monitoring | Continuous risk assessment |
AML Program Requirements
| Element | Description |
|---|---|
| Written policies | Documented AML procedures |
| Compliance officer | Designated responsible person |
| Training | Staff education |
| Independent testing | Audit of AML program |
| Suspicious activity reporting | SAR filing |
Regulatory Framework
| Regulator | Requirement |
|---|---|
| FinCEN | Bank Secrecy Act, AML rules |
| CFTC | Customer identification, SAR filing |
| SEC | Customer verification, AML program |
| FATF | International standards |
| OFAC | Sanctions compliance |
How It Works in Practice
Customer Identification
Information required:
| Entity Type | Required Information |
|---|---|
| Corporation | Legal name, formation jurisdiction, LEI |
| Partnership | Partnership name, partners, structure |
| Trust | Trust name, trustees, beneficiaries |
| Individual | Name, DOB, address, ID number |
Verification methods:
| Method | Application |
|---|---|
| Documentary | Corporate registry, formation documents |
| Non-documentary | Database verification, credit reports |
| Third-party | KYC utilities, vendor services |
| Direct | Site visits, in-person meetings |
Beneficial Ownership
25% ownership rule:
| Requirement | Description |
|---|---|
| Threshold | Any individual owning 25%+ |
| Control prong | Individual with significant control |
| Verification | Government ID, address verification |
| Updates | Customer must report changes |
Complex structures:
| Structure | Approach |
|---|---|
| Multi-layer | Trace through each level |
| Offshore | Enhanced due diligence |
| Nominee | Identify actual owner |
| Trust | Identify trustees and beneficiaries |
Risk-Based Approach
Risk factors:
| Factor | Higher Risk Indicators |
|---|---|
| Customer type | Unregulated entity, PEP, shell company |
| Geography | High-risk jurisdiction, sanctions |
| Product | Complex, unusual for customer |
| Transaction pattern | Large, unusual, inconsistent |
| Delivery channel | Remote, intermediaries |
Risk rating:
| Rating | Description | Review Frequency |
|---|---|---|
| Low | Established, regulated, clear purpose | Triennial |
| Medium | Some risk factors present | Annual |
| High | Multiple risk factors, PEP, high-risk jurisdiction | Semi-annual |
| Prohibited | Sanctions, adverse information | No relationship |
Worked Example
Hedge Fund Customer Due Diligence
Customer profile:
- Name: Alpha Strategies LP
- Structure: Cayman Islands LP
- General Partner: Alpha GP Ltd (Cayman)
- Investment Manager: Alpha Management LLC (NY)
- Strategy: Global macro, including derivatives
CDD process:
Step 1: Customer Identification
| Document | Status |
|---|---|
| Certificate of formation (LP) | Obtained |
| Limited partnership agreement | Obtained |
| GP formation documents | Obtained |
| Investment management agreement | Obtained |
| LEI registration | Verified (549300XXXX) |
Step 2: Beneficial Ownership
| Owner | Ownership % | Role | Verified |
|---|---|---|---|
| John Smith | 40% | Managing Director GP | Yes |
| Jane Doe | 35% | CIO | Yes |
| Fund investors | 25%+ each | Limited partners | Identified |
Investor analysis:
| Investor | Type | Ownership | Risk |
|---|---|---|---|
| US Pension Fund | Institutional | 30% | Low |
| European Bank | Regulated | 25% | Low |
| Family Office (Cayman) | Unregulated | 20% | Medium |
| High Net Worth (US) | Individual | 15% | Medium |
| Other investors | Various | 10% | Various |
Step 3: Enhanced Due Diligence
| Factor | Finding | Risk Impact |
|---|---|---|
| Cayman structure | Common for hedge funds | Neutral |
| PEP check (owners) | No PEPs identified | Low |
| Sanctions screening | All clear | Low |
| Adverse media | None found | Low |
| Investment manager (US) | SEC registered | Low |
Step 4: Risk Rating Assignment
| Factor | Assessment |
|---|---|
| Customer type | Medium (hedge fund, offshore) |
| Geographic risk | Medium (Cayman, but IM in US) |
| Product risk | Medium (derivatives) |
| Volume | High ($500M+ notional) |
| Overall Rating | Medium |
Monitoring requirements:
| Activity | Frequency |
|---|---|
| KYC refresh | Annual |
| Transaction monitoring | Ongoing |
| Sanctions screening | Continuous |
| Ownership verification | Annual |
Risks, Limitations, and Tradeoffs
AML Risks
| Risk | Description | Impact |
|---|---|---|
| Sanctions violation | Trading with sanctioned party | Criminal liability |
| Money laundering facilitation | Processing illicit funds | Regulatory action |
| SAR filing failure | Missing suspicious activity | Penalty |
| Inadequate due diligence | Incomplete KYC | Regulatory finding |
Regulatory Penalties
| Violation | Typical Penalty |
|---|---|
| AML program deficiency | $1M - $50M |
| SAR filing failure | $50K - $1M per violation |
| CIP violation | $100K - $500K |
| Sanctions violation | $250K - millions |
| Willful violation | Criminal prosecution |
Common Pitfalls
| Pitfall | Description | Prevention |
|---|---|---|
| Stale KYC | Outdated customer information | Periodic refresh |
| Incomplete ownership | Missing beneficial owners | Enhanced procedures |
| Insufficient EDD | Inadequate for high-risk | Risk-based approach |
| Alert backlog | Unreviewed transactions | Adequate staffing |
| Documentation gaps | Missing records | Retention policy |
Suspicious Activity Monitoring
Transaction Monitoring
| Alert Type | Trigger |
|---|---|
| Large transaction | Above threshold |
| Unusual pattern | Deviation from expected |
| High-risk jurisdiction | Sanctioned or high-risk country |
| Structuring | Apparent threshold avoidance |
| Layering | Complex, rapid movements |
SAR Filing
| Requirement | Standard |
|---|---|
| Filing threshold | $5,000+ suspicious activity |
| Filing deadline | 30 days from detection |
| Retention | 5 years |
| Confidentiality | No disclosure to customer |
Investigation Process
| Step | Action |
|---|---|
| 1 | Review alert details |
| 2 | Gather additional information |
| 3 | Analyze transaction context |
| 4 | Document investigation |
| 5 | Determine if SAR required |
| 6 | File SAR if warranted |
| 7 | Consider relationship action |
Checklist and Next Steps
Customer identification checklist:
- Collect required documentation
- Verify legal existence
- Confirm LEI (if applicable)
- Screen sanctions lists
- Verify authorized signers
- Document verification steps
Beneficial ownership checklist:
- Identify 25%+ owners
- Identify control person(s)
- Collect identification for each
- Verify identities
- Screen each individual
- Document ownership structure
Risk assessment checklist:
- Evaluate customer type risk
- Assess geographic risk
- Consider product risk
- Review transaction patterns
- Determine overall risk rating
- Assign review frequency
Ongoing monitoring checklist:
- Monitor transactions
- Review alerts promptly
- Investigate suspicious activity
- File SARs when required
- Refresh KYC per schedule
- Update risk ratings as needed
Training checklist:
- Annual AML training
- Role-specific training
- Sanctions awareness
- SAR filing procedures
- Document completion
- Track certifications
Related articles:
- For counterparty onboarding, see Onboarding New Counterparties
- For internal audit, see Internal Audit Checklists for Derivative Programs