Back to Details

know-your-customer

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Know Your Customer

了解你的客户

Purpose

目的

Guide the implementation of customer identification, due diligence, and ongoing monitoring requirements under federal and FINRA rules. This skill covers CIP, CDD, beneficial ownership, enhanced due diligence, and profile maintenance — enabling a user or agent to design compliant onboarding and customer monitoring processes.
指导根据联邦及FINRA规则实施客户识别、尽职调查与持续监控要求。本Skill涵盖CIP、CDD、受益所有权、强化尽职调查及档案维护,助力用户或Agent设计合规的开户与客户监控流程。

Layer

层级

9 — Compliance & Regulatory Guidance
9 — 合规与监管指引

Direction

适用方向

prospective
前瞻性

When to Use

使用场景

  • Designing customer onboarding or account opening workflows
  • Implementing Customer Identification Programs (CIP)
  • Collecting beneficial ownership information for legal entity accounts
  • Determining when enhanced due diligence (EDD) is required
  • Building customer risk rating and profiling systems
  • Establishing triggers for KYC refresh and ongoing monitoring
  • Understanding what "essential facts" must be gathered under FINRA Rule 2090
  • Evaluating documentary vs non-documentary identity verification methods
  • Designing systems that feed KYC data into suitability and AML processes
  • 设计客户开户或账户开立流程
  • 实施客户识别计划(CIP)
  • 收集法人账户的受益所有权信息
  • 判断何时需开展强化尽职调查(EDD)
  • 构建客户风险评级与画像系统
  • 设定KYC更新与持续监控的触发条件
  • 理解FINRA Rule 2090要求的「必备信息」范畴
  • 评估文件式与非文件式身份验证方法
  • 设计将KYC数据纳入适当性与AML流程的系统

Core Concepts

核心概念

FINRA Rule 2090 — Know Your Customer

FINRA Rule 2090 — 了解你的客户

Every FINRA member must use reasonable diligence, with regard to the opening and maintenance of every account, to know and retain the essential facts concerning every customer and concerning the authority of each person acting on behalf of the customer. "Essential facts" are those required to: (a) effectively service the account, (b) act in accordance with any special handling instructions, (c) understand the authority of each person acting on behalf of the customer, and (d) comply with applicable laws, regulations, and rules.
每个FINRA成员在开立及维护账户时,必须尽合理勤勉义务,了解并留存每位客户的必备信息,以及每位代表客户行事人员的权限。「必备信息」指为达成以下目的所需的信息:(a) 有效服务账户;(b) 遵循任何特殊处理指示;(c) 理解代表客户行事人员的权限;(d) 遵守适用的法律、法规与规则。

Customer Identification Program (CIP)

客户识别计划(CIP)

Required under USA PATRIOT Act Section 326 and implementing regulations (31 CFR 1020.220 for banks; similar requirements apply to broker-dealers under SEC Rule 17a-8 and FINRA rules). The CIP must include:
  • Identity verification for each customer opening an account: name, date of birth (for individuals), address, and identification number (SSN for US persons; passport number/country or other government ID for non-US persons)
  • Verification procedures using documentary methods (government-issued ID), non-documentary methods (credit bureau checks, public database searches, financial statement review), or a combination
  • Recordkeeping — retain identifying information and verification methods for 5 years after account closure
  • Comparison with government lists — check customer names against OFAC and other government terrorist/sanctions lists
  • Customer notice — inform customers that information is being collected to verify identity
根据《美国爱国者法案》第326条及实施条例(银行适用31 CFR 1020.220;经纪交易商适用SEC Rule 17a-8及FINRA规则的类似要求),CIP必须包含:
  • 身份验证:每位开户客户需提供姓名、出生日期(针对个人)、地址及识别号码(美国居民提供社保号;非美国居民提供护照号码/国籍或其他政府签发的身份证件)
  • 验证程序:采用文件式方法(政府签发的身份证件)、非文件式方法(征信局核查、公共数据库搜索、财务报表审核)或两者结合
  • 记录留存:账户关闭后,需留存识别信息及验证方法记录5年
  • 与政府名单比对:将客户姓名与OFAC及其他政府恐怖主义/制裁名单进行比对
  • 客户告知:告知客户正在收集信息以验证其身份

Customer Due Diligence (CDD) Rule

客户尽职调查(CDD)规则

FinCEN's CDD Rule (31 CFR 1010.230, effective May 2018) requires covered financial institutions to:
  1. Identify and verify the identity of customers (overlaps with CIP)
  2. Identify and verify the identity of beneficial owners of legal entity customers — any individual who owns 25% or more of the equity interests, plus one individual with significant responsibility for managing the entity (a control person)
  3. Understand the nature and purpose of customer relationships to develop a customer risk profile
  4. Conduct ongoing monitoring to identify suspicious transactions and, on a risk basis, maintain and update customer information
The 25% beneficial ownership threshold applies to legal entities (corporations, LLCs, partnerships). Certain entities are exempt: publicly traded companies, regulated financial institutions, government entities, and others listed in the rule.
FinCEN的CDD规则(31 CFR 1010.230,2018年5月生效)要求受监管金融机构:
  1. 识别并验证客户身份(与CIP内容重叠)
  2. 识别并验证法人客户的受益所有人身份——指持有25%及以上股权权益的个人,加上一名对实体拥有重大管理责任的个人(控制人)
  3. 理解客户关系的性质与目的,以构建客户风险画像
  4. 开展持续监控,识别可疑交易,并基于风险维护及更新客户信息
25%的受益所有权门槛适用于法人实体(公司、有限责任公司、合伙企业)。部分实体可豁免:上市公司、受监管金融机构、政府实体及规则中列出的其他实体。

Enhanced Due Diligence (EDD)

强化尽职调查(EDD)

Higher-risk customers require additional scrutiny beyond standard CDD:
  • Politically Exposed Persons (PEPs) — senior foreign political figures and their families/associates. No US regulatory definition mandates PEP screening for domestic customers, but FinCEN guidance and FATF standards expect it for foreign PEPs. Firms should understand the source of wealth and funds.
  • Foreign correspondent accounts — BSA Section 312 requires EDD for correspondent accounts maintained for foreign financial institutions, with heightened requirements for institutions in jurisdictions of concern
  • High-risk jurisdictions — countries identified by FATF, FinCEN advisories, or firm risk assessments as presenting elevated ML/TF risk
  • Complex ownership structures — multi-layered entities, trusts with opaque beneficiary structures, nominee arrangements
  • Unusual account activity — customers whose transaction patterns deviate significantly from expected activity based on their profile
EDD measures include: senior management approval for account opening, source of wealth/funds verification, more frequent account reviews, enhanced transaction monitoring, and ongoing negative media screening.
高风险客户需接受超出标准CDD的额外审查:
  • 政治公众人物(PEPs)——外国高级政治人物及其家属/关联人员。美国监管规定未强制要求对国内客户进行PEP筛查,但FinCEN指引及FATF标准要求对外国PEPs进行筛查。机构需了解其财富与资金来源。
  • 境外代理账户——《银行保密法案》第312条要求为境外金融机构维护的代理账户开展EDD,对高风险司法管辖区的机构需提高审查标准
  • 高风险司法管辖区——被FATF、FinCEN公告或机构风险评估认定为存在较高洗钱/恐怖融资风险的国家
  • 复杂所有权结构——多层实体、受益人结构不透明的信托、代持安排
  • 异常账户活动——交易模式与基于其画像的预期活动存在显著偏差的客户
EDD措施包括:账户开立需获得高级管理层批准、验证财富与资金来源、更频繁的账户审查、强化交易监控、持续负面媒体筛查。

Documentary vs Non-Documentary Verification

文件式与非文件式验证

Documentary methods: Unexpired government-issued photo ID (driver's license, passport, state ID), documents showing formation of a legal entity (articles of incorporation, partnership agreement, trust instrument).
Non-documentary methods: Credit bureau inquiries, public database verification (Lexis-Nexis, etc.), financial statement verification, references from other financial institutions. Required as a backup when documentary verification is unavailable, inconclusive, or the customer is not physically present (e.g., online account opening).
Firms must use non-documentary methods in at least the following situations: (1) the customer opens an account without appearing in person, (2) the firm is not familiar with the documents presented, (3) other circumstances that increase risk.
文件式方法:未过期的政府签发带照片身份证件(驾照、护照、州身份证)、证明法人实体成立的文件(公司章程、合伙协议、信托文书)。
非文件式方法:征信局查询、公共数据库验证(如Lexis-Nexis等)、财务报表验证、其他金融机构提供的证明。当文件式验证不可用、结论不确定或客户未亲自到场(如线上开户)时,需作为备用方法。
机构至少需在以下情况使用非文件式方法:(1) 客户未亲自到场开户;(2) 机构对提交的文件不熟悉;(3) 其他增加风险的情况。

Ongoing Monitoring and Profile Updates

持续监控与档案更新

KYC is not a one-time event. Customer profiles must be updated when:
  • Material life events occur (retirement, marriage/divorce, inheritance, job loss, significant health changes)
  • Account review triggers fire (periodic reviews, risk-based reviews, transaction-triggered reviews)
  • Transaction patterns deviate significantly from the established profile
  • The customer provides new information that changes their investment profile
  • Regulatory changes require additional information (e.g., new beneficial ownership requirements)
FINRA does not mandate a specific refresh cycle, but firms typically establish risk-based review schedules (e.g., annual review for high-risk accounts, every 3 years for standard risk).
KYC并非一次性事件。当出现以下情况时,必须更新客户档案:
  • 重大人生事件发生(退休、结婚/离婚、继承、失业、重大健康变化)
  • 账户审查触发条件生效(定期审查、基于风险的审查、交易触发的审查)
  • 交易模式与既定画像存在显著偏差
  • 客户提供新信息改变其投资画像
  • 监管变化要求收集额外信息(如新增受益所有权要求)
FINRA未强制规定具体的更新周期,但机构通常会基于风险设定审查时间表(如高风险账户每年审查一次,标准风险账户每3年审查一次)。

SEC Requirements for Investment Advisers

投资顾问的SEC要求

Investment advisers have a fiduciary duty to understand their clients, which creates KYC-like obligations independent of FINRA rules. Form ADV Part 2A describes the adviser's services and client relationships. The SEC expects advisers to gather sufficient information to fulfill their fiduciary duty of care — including financial situation, investment objectives, risk tolerance, and any constraints. FinCEN's 2024 final rule (31 CFR Part 1032, effective January 1, 2026) extends BSA/AML requirements — including CIP and CDD — to SEC-registered investment advisers.
投资顾问负有了解客户的信托义务,这产生了独立于FINRA规则的类KYC义务。Form ADV Part 2A描述了顾问的服务与客户关系。SEC要求顾问收集足够信息以履行其谨慎信托义务——包括财务状况、投资目标、风险承受能力及任何限制条件。FinCEN 2024年最终规则(31 CFR Part 1032,2026年1月1日生效)将BSA/AML要求——包括CIP与CDD——扩展至SEC注册的投资顾问。

Recordkeeping Requirements

记录留存要求

  • CIP records: Identifying information, verification documents/methods, and resolution of discrepancies must be retained for 5 years after account closure
  • CDD/beneficial ownership: Copies of beneficial ownership certification forms and verification records retained for 5 years after account closure
  • Account records: FINRA Rule 4512 requires maintenance of customer name, tax ID, address, date of birth, employment status, associated person relationship, trusted contact person, and other information specified in the rule
  • Reliance on other institutions: Under Section 326 reliance provisions, a firm may rely on another financial institution's CIP if: (a) the relying firm's CIP incorporates this reliance, (b) the other institution is subject to an AML program rule, and (c) the other institution enters into a written contract for this purpose
  • CIP记录:识别信息、验证文件/方法及差异解决记录需在账户关闭后留存5年
  • CDD/受益所有权:受益所有权认证表格副本及验证记录需在账户关闭后留存5年
  • 账户记录:FINRA Rule 4512要求留存客户姓名、税号、地址、出生日期、就业状态、关联人员关系、可信联系人及规则中规定的其他信息
  • 依赖其他机构:根据第326条依赖条款,若满足以下条件,机构可依赖其他金融机构的CIP:(a) 依赖方的CIP纳入该依赖安排;(b) 其他机构受AML计划规则约束;(c) 其他机构为此签订书面合同

Worked Examples

实操案例

Example 1: Opening a trust account without identifying beneficial owners

案例1:未识别受益所有人即开立信托账户

Scenario: A wealth management firm opens a revocable living trust account for a family trust. The account opening team collects the trust agreement and identifies the grantor/trustee but does not collect beneficial ownership information on the trust beneficiaries. The trust holds $2M in investable assets. Compliance Issues: Potential CDD Rule violation. While revocable living trusts are generally exempt from the beneficial ownership requirement (since the grantor maintains control), irrevocable trusts and other legal entity structures require beneficial ownership identification. The team must correctly classify the trust type. Additionally, FINRA Rule 4512 requires identification of all persons authorized to transact in the account. Analysis: The firm should have a clear trust classification workflow that determines: (1) whether beneficial ownership requirements apply based on the trust type, (2) who has authority to act on the account, and (3) what documentation is required. For revocable trusts, identifying the grantor/trustee as the beneficial owner and control person is typically sufficient, but the firm should verify the trust is truly revocable and document the determination. The trust agreement must be reviewed — not just collected.
场景:一家财富管理公司为家族信托开立可撤销生前信托账户。账户开立团队收集了信托协议并识别了设立人/受托人,但未收集信托受益人的受益所有权信息。该信托持有200万美元可投资资产。 合规问题:可能违反CDD规则。虽然可撤销生前信托通常豁免受益所有权要求(因为设立人保留控制权),但不可撤销信托及其他法人结构需识别受益所有权。团队必须正确分类信托类型。此外,FINRA Rule 4512要求识别所有有权进行账户交易的人员。 分析:机构应制定清晰的信托分类流程,确定:(1) 根据信托类型是否适用受益所有权要求;(2) 谁有权代表账户行事;(3) 需要哪些文件。对于可撤销信托,通常将设立人/受托人认定为受益所有人及控制人即可,但机构需验证信托确实为可撤销,并记录该判定结果。必须审查信托协议——而非仅收集。

Example 2: Failing to update KYC after a client retires

案例2:客户退休后未更新KYC信息

Scenario: A long-standing client retires at age 65 after 20 years at the firm. Her account profile still lists her investment objective as "aggressive growth," risk tolerance as "high," and annual income at $250,000. Post-retirement, her income drops to $80,000 (Social Security and pension) and she begins taking regular distributions from the account. No profile update is triggered. Compliance Issues: Stale KYC data leading to potential suitability violations. The client's investment profile has materially changed — time horizon has shifted, income has declined, liquidity needs have increased (regular distributions), and risk capacity has decreased. Continued aggressive growth recommendations based on outdated profile data would likely violate suitability obligations. Analysis: The firm should have systems that flag material life events (age milestones, distribution patterns, income changes) as triggers for KYC refresh. A representative who knows a client has retired but does not update the profile is failing the "reasonable diligence" standard of Rule 2090. Best practice: establish automated triggers (client turns 65, regular withdrawals begin, account balance drops significantly) and require profile confirmation at each periodic review.
场景:一位合作20年的老客户在65岁时退休。其账户档案仍显示投资目标为「激进增长」,风险承受能力为「高」,年收入为25万美元。退休后,其收入降至8万美元(社保及养老金),并开始定期从账户提取资金。未触发档案更新。 合规问题:过时的KYC数据可能导致适当性违规。客户的投资画像已发生重大变化——投资期限改变、收入下降、流动性需求增加(定期提取)、风险承受能力降低。基于过时档案数据继续推荐激进增长型产品可能违反适当性义务。 分析:机构应建立系统,将重大人生事件(年龄里程碑、提取模式、收入变化)标记为KYC更新的触发条件。知晓客户已退休但未更新档案的代表违反了Rule 2090的「合理勤勉」标准。最佳实践:设置自动触发条件(客户年满65岁、开始定期提取、账户余额大幅下降),并要求在每次定期审查时确认档案信息。

Example 3: Onboarding a high-risk foreign entity

案例3:高风险境外实体开户

Scenario: A broker-dealer receives an account application from a newly formed LLC registered in Delaware with a single listed owner who is a citizen of a jurisdiction flagged in a FinCEN advisory. The stated purpose is "general investing." The LLC provides articles of organization but limited information about the source of funds. Compliance Issues: Multiple red flags requiring enhanced due diligence: newly formed entity, high-risk jurisdiction connection, limited transparency on source of funds, Delaware LLC (common in layering structures). Standard CDD is insufficient. Analysis: The firm must: (1) complete standard CDD including beneficial ownership (25% owners and one control person), (2) escalate to enhanced due diligence given the risk factors, (3) verify source of funds and source of wealth, (4) conduct OFAC screening on all identified individuals, (5) obtain senior management approval before opening, (6) establish enhanced ongoing monitoring. The firm should also consider whether the limited information provided is itself a red flag warranting a SAR filing or account refusal. Simply accepting "general investing" as a purpose statement for a high-risk entity is insufficient.
场景:一家经纪交易商收到一份来自特拉华州新成立LLC的账户申请,该LLC仅有一名列名所有人,其国籍属于FinCEN公告中标记的高风险司法管辖区。账户目的标注为「一般投资」。该LLC提供了组织章程,但未提供足够的资金来源信息。 合规问题:存在多个需强化尽职调查的警示信号:新成立实体、关联高风险司法管辖区、资金来源透明度低、特拉华州LLC(常见于分层结构)。标准CDD不足以覆盖风险。 分析:机构必须:(1) 完成标准CDD,包括受益所有权(25%所有人及一名控制人);(2) 鉴于风险因素升级至强化尽职调查;(3) 验证资金来源与财富来源;(4) 对所有识别出的个人进行OFAC筛查;(5) 开户前获得高级管理层批准;(6) 建立强化的持续监控机制。机构还应考虑提供的有限信息本身是否为需提交可疑活动报告(SAR)或拒绝开户的警示信号。仅接受高风险实体的「一般投资」作为目的说明是不够的。

Common Pitfalls

常见误区

  • Treating KYC as a one-time account-opening exercise rather than an ongoing obligation
  • Collecting but not verifying beneficial ownership information — the CDD Rule requires both identification and verification
  • Applying the same due diligence to all customers regardless of risk — risk-based approach is required
  • Not documenting when a customer declines to provide information and failing to narrow the recommendation universe accordingly
  • Relying solely on documentary verification for online/remote account opening without implementing non-documentary backup methods
  • Failing to establish automated triggers for profile refresh (life events, transaction anomalies, age milestones)
  • Not screening beneficial owners and control persons against OFAC and other sanctions lists
  • Confusing the CDD Rule's beneficial ownership requirements with FINRA Rule 4512's account record requirements — they overlap but are distinct
  • Incomplete trust classification leading to incorrect application of beneficial ownership requirements
  • Not training frontline staff to recognize when a customer's circumstances have changed, triggering a profile update obligation
  • 将KYC视为一次性开户流程,而非持续义务
  • 仅收集但未验证受益所有权信息——CDD规则要求同时识别与验证
  • 对所有客户采用相同的尽职调查标准——需采用基于风险的方法
  • 未记录客户拒绝提供信息的情况,也未相应缩小推荐范围
  • 线上/远程开户仅依赖文件式验证,未实施非文件式备用方法
  • 未设置档案更新的自动触发条件(人生事件、交易异常、年龄里程碑)
  • 未对受益所有人及控制人进行OFAC及其他制裁名单筛查
  • 将CDD规则的受益所有权要求与FINRA Rule 4512的账户记录要求混淆——两者存在重叠但并不相同
  • 信托分类不完整,导致受益所有权要求应用错误
  • 未培训一线员工识别客户情况变化,从而触发档案更新义务

Cross-References

交叉引用

  • anti-money-laundering (Layer 9): KYC/CDD data feeds directly into AML monitoring and suspicious activity detection
  • investment-suitability (Layer 9): Customer profile gathered through KYC is the foundation for suitability analysis
  • reg-bi (Layer 9): Reg BI's Care Obligation requires understanding the customer's investment profile — sourced from KYC
  • investment-policy (Layer 5): IPS constraints (time horizon, risk tolerance, liquidity) derive from KYC profiling
  • anti-money-laundering(层级9):KYC/CDD数据直接为AML监控与可疑活动检测提供支持
  • investment-suitability(层级9):通过KYC收集的客户画像是适当性分析的基础
  • reg-bi(层级9):Reg BI的谨慎义务要求了解客户的投资画像——信息来源于KYC
  • investment-policy(层级5):投资政策声明(IPS)的约束条件(投资期限、风险承受能力、流动性)源自KYC画像