Case Study 6.2: KYC in Emerging Markets — Priya's Caribbean Engagement

The Situation

Client: Caribbean National Money Transfer (CNMT, fictional) — a licensed money service business operating in three Caribbean islands Priya's mandate: Help CNMT design a KYC program that satisfies both local regulatory requirements and the requirements of its US correspondent bank Challenge: CNMT's customers are predominantly unbanked or underbanked, with limited formal identity documentation

The Correspondent Banking Problem

CNMT is not a regulated bank — it is a money service business (MSB) that facilitates remittances between Caribbean residents and recipients primarily in the US, UK, and Canada. To process these remittances, CNMT maintains correspondent banking relationships with banks in the receiving countries.

In 2022, CNMT's US correspondent bank sent a letter: CNMT needed to demonstrate a KYC program that met US AML standards within 90 days or its correspondent account would be terminated. The letter was polite but unambiguous. Without the US correspondent, CNMT could not process remittances to US recipients — its largest business segment.

Priya was engaged three days after the letter arrived.

The Documentation Challenge

CNMT's customers presented Priya with a KYC challenge that would not have been solved by any of the automated solutions she had deployed for her UK and EU clients.

In the islands where CNMT operated, significant proportions of the adult population had: - No government-issued photo ID (national IDs were issued inconsistently in smaller islands) - No bank account or credit history - Utility bills in a landlord's name rather than their own - Birth certificates that did not include photographs - No digital footprint whatsoever

This is the "last mile" KYC problem: verifying identity in contexts where the data infrastructure that makes eIDV and digital document verification work simply does not exist.

The Risk-Based Solution

Priya's approach was explicitly risk-based — taking seriously the FATF risk-based approach's directive that KYC measures should be proportionate to the money laundering risk presented, not mechanically uniform.

Tier 1 — Low risk, low value (< $200 per transaction, < $1,000 per month): CNMT could accept: community attestation (a known community member vouching for the customer's identity), combined with a photograph and a form of address documentation (even a letter from a local church or school confirming the person's address).

Priya's analysis: the regulatory basis for this was FATF Recommendation 10's explicit acknowledgment that CDD requirements may be simplified for lower-risk situations. The US correspondent bank's requirements were technically more stringent than FATF minimum, but Priya was able to negotiate a risk-based threshold that the correspondent accepted.

Tier 2 — Medium risk, medium value ($200–$2,000): Required: any government-issued identification where available (drivers license, voter registration card, passport), or two forms of non-photo identification (birth certificate + bank statement or utility bill).

Tier 3 — High value (> $2,000): Required: passport or national ID card. If neither was available, the transaction could not be processed — CNMT would not accept community attestation at this value level.

Business registration verification: For business customers, Priya developed a simplified verification protocol: certificate of incorporation (where available), plus a site visit by a CNMT compliance officer for businesses above a monthly volume threshold.

The Technology Choices

Given the constraints — limited internet connectivity, no digital ID infrastructure, limited credit bureau coverage — Priya recommended a deliberately low-tech solution:

What they could automate: - Sanctions screening: a simple desktop-installed screening tool that worked offline and synced to updated lists when connectivity was available - Record management: a structured database (initially Excel, migrating to a simple CRM) to maintain customer KYC records digitally - Transaction monitoring: a rules-based monitoring tool that flagged transactions exceeding thresholds and high-velocity patterns

What they could not automate: - Document verification: physical document review by trained staff - Identity confirmation: in-person requirements for higher-value customers - Community attestation: by definition, not automatable

Priya's principle: "Appropriate technology is not the most advanced technology. It's the technology that solves the compliance problem given the actual constraints of the environment."

The Correspondent Bank Negotiation

The US correspondent bank's initial position was that CNMT needed to implement "industry-standard" KYC — which, interpreted by the bank's compliance team, meant the same documentation standards applicable to US retail banking.

Priya's negotiation strategy had three components: 1. FATF risk-based approach: Reference to the FATF Recommendation 10 explicit allowance for simplified CDD in lower-risk situations, and argue that CNMT's Tier 1 customers (low-value remittances, community-attested identity) fell within this framework 2. Transaction monitoring: Demonstrate that CNMT's transaction monitoring would compensate for lower-fidelity identity verification at the lower tiers — if the monitoring was calibrated to catch structuring or unusual patterns, the residual risk was manageable 3. De-risking consequences: The correspondent bank's decision to terminate would not eliminate the remittance flows — it would drive them underground, into informal channels not subject to any AML oversight. This argument, while not strictly legal, resonated with compliance officers who were aware of de-risking criticism from FATF.

The outcome: the correspondent bank accepted CNMT's tiered approach, subject to a quarterly review and a commitment to implement formal government ID requirements for Tier 2 as national ID coverage expanded.

Discussion Questions

1. The FATF risk-based approach allows simplified CDD for lower-risk situations. What are the limits of this flexibility? At what point does "simplified" CDD become inadequate CDD?

2. Community attestation — accepting a trusted community member's vouching for a customer's identity — has deep roots in informal financial systems but is not standard in the formal financial system. What are the risks and benefits of accepting community attestation as an identity verification mechanism?

3. Priya used the "de-risking consequences" argument in the correspondent bank negotiation. Is this an appropriate compliance argument? Does it risk allowing AML standards to be diluted by the threat that stricter standards will drive activity underground?

4. CNMT's solution relies heavily on staff judgment for identity verification at Tier 2 and above. What training and quality assurance processes would you implement to ensure consistent standards across CNMT's three-island operation?

5. As Caribbean governments expand national ID coverage and as digital identity infrastructure develops, CNMT's tiered approach will become less necessary. Design a migration plan from the current tiered approach to a more standardized digital verification approach, specifying what triggers would prompt migration.