The Global KYC Policy is applicable to all BNPP Business Units (BU)*, subject to compliance with local regulation.
- Where local regulation is less stringent than the Global KYC Policy, the BUs concerned must still comply with the Global KYC Policy.
- Where local regulation prohibits some of the Global KYC Policy’s provisions, or is more stringent than the Global KYC Policy, the BUs concerned must obtain an exception (CCC0016) or the acknowledgment of a local requirement.
Exceptions and local requirements must be submitted to Compliance’s KYC Domain for approval and publication.
Unless specifically authorized, Businesses or BUs must not develop their own policies. They must however develop standard operating procedures in order to facilitate the implementation of the Group policies into their operational processes (CCC0016).
The various thresholds in euros defined in the Group policies must be converted into local currencies and may be rounded up. Such conversions may be updated as and when the Businesses’ standard operating procedures are revised.
The Businesses are responsible for implementing the Group policies and managing the KYC process.
Compliance*, as an independent function:
- Designs and maintains the Group policies.
- Validates the local regulatory requirements.
- Is involved in the decision process for the riskiest files.
- Ensures the 2nd-level control.
1.3 Transitional provisions
Considering the changes that may be required in the BUs’ organization and information systems, the implementation of the Global KYC Policy is progressive, within a timeframe that may vary from one BU to another. Businesses communicate their BUs’ implementation plans to the OP’s Compliance teams and to the KYC Domain, and submit them to Group Management. The implementation plans’ progress is monitored and periodically reported to Group Management.
Adequate training programs are essential to ensure a good understanding of the KYC process and a proper implementation of the KYC policies.
In addition to generic e-learnings provided by Compliance at Group level, Businesses must develop specific training material and programs that are adapted to their client base risk profile, their products and services, their operational processes and the actors involved in the KYC process.
Wherever training programs are not automatically monitored in the HR systems, Business Units must set up a reporting process on the actual training performance.