7 Decision Process

The decision process to onboard or recertify a business relationship is governed by the segregation of duties principles which ensure the integrity of information and the impartiality of the decision, and determined by:

  • The client segment.
  • The client risk level and other factors.
  • Specific rules applicable to clients that have relationships with several Businesses or locations.

In the regular due diligence framework, the decision is taken by the BU Management, upon proposal from the RM, or by the RM itself for lower risk files. In enhanced vigilance situations, Compliance or the CAC intervene in the decision making.

The RM Assessment, when required, helps in structuring the RM’s opinion on a client file and presenting it to the decision maker.

Depending on the business model §3.3, the client’s segment and risk level, the client may be onboarded or recertified without Management intervention, once all necessary controls have been performed, either by the information system or the KYC Operations team – except when Compliance intervention or a CAC is required, or in case of triggering event.

The decision-making rules and the RM Assessment template are included in the COMPENDIUM.

The names and positions of the decision makers and the decision terms must be recorded in the client’s KYC file.

7.1 Client Acceptance Committee (CAC)

7.1.1 Overview

The CAC is an enhanced due diligence measure. Its purpose is to submit to the senior management of a BU together with Compliance the new and existing business relationships posing higher risks of money laundering, terrorism financing, corruption, sanctions breach and reputation.

Each BU must issue a local CAC Policy, in compliance with the principles set forth below. Any deviation from these principles must be approved by the OP or Business Line Compliance Head concerned.

7.1.2 Membership

Permanent CAC members are:

  • The Head of the BU or delegate*, chairperson of the Committee.
  • The RM Manager or delegate, accompanied by the Relationship Manager in charge of the client file when applicable.
  • The Head of Compliance at the BU level or delegate in charge of Financial Security, accompanied by the Compliance Officer in charge of the file review if a different person**.
  • The Secretary of the CAC.
* The BU Head’s delegate may be the Head of Coverage or Business Line in the BU.
** The level of Compliance representation may be adapted to the organization of the OP concerned.

Permanent members may invite other participants such as:

  • The Head of Risk or delegate.
  • The Head of Legal or delegate.
  • The CSR representative.
  • Any other participant as requested by a permanent member.

When the BNPP affiliate or branch comprises several BUs, its Manager designates each CAC Chairperson from among senior management members.

7.1.3 CAC meetings

In order to facilitate an efficient and robust discussion, a meeting is preferred, either physical or via audio- or video -conferencing.

Alternatively, an electronic CAC (“eCAC”) can be organized via email and/or electronic workflow tool.

Compliance may require a CAC meeting, on a case by case basis.

Supporting documents must be circulated in advance of the CAC process.

7.1.4 CAC Secretary

The Secretary of the CAC is the KYC Operations Manager or delegate and is responsible for:

  • setting meeting times and locations, ensuring member participation, defining the agenda, and providing appropriate documents in advance of meetings;
  • notating the attendance and outcomes, and taking meeting minutes;
  • tracking the conditions set by the CAC and informing the CAC when they are met, or if they are not met within the specified timeframe;
  • preparing the file routing to the appropriate level when required.

7.2 Decision types

The decision taker may either approve or reject the file. He/she may also decide to adjust the client risk level. In cases where Compliance is involved in the decision process, Compliance has an ultimate veto right.

7.2.1 Approval

The business relationship may be approved without any conditions or restrictions.

7.2.2 Approval, with conditions

On an exceptional basis, the business relationship may be approved, subject to certain conditions such as obtaining additional information or documentation, or restricting the products or services to be offered. In such a case, the file must be re-presented to the decision taker at a specified date, in order to check that these conditions are satisfied. Alternatively, a report can be presented to the decision taker by the person responsible for satisfying the condition.

7.2.3 Objection from Compliance

In cases where Compliance is involved in the decision process, if Compliance objects, the decision taker may either accept the objection and reject the file, or escalate it along his/her reporting line. Depending on the business organization, escalation may involve a region, the Business Line Head Office, the Affiliate Head Office, or the Activity.

When required, a CAC is organized with Business and Compliance representatives from that level, together with the local CAC members.

Compliance has an ultimate veto right (CG0240).

7.2.4 Rejection

The decision taker may reject a new business relationship, or decide to terminate an existing relationship.

The decision to decline a new business relationship or to terminate an existing relationship for compliance reasons must be communicated to the OP and GFS.

7.2.5 Deferral

The decision taker may decide to defer the decision until further information is made available. In such a case, the file must be re-presented to the decision taker at a specified date.

7.3 Multi-site clients

Each Site is responsible for the client’s local onboarding or recertification decision. Secondary Sites must hold a CAC when applicable.

In case of simultaneous onboarding in two Sites or more, a joint CAC is recommended, with Business and Compliance representatives from all the Sites involved.

The analysis done in the Primary Site client (including but not limited to the process to approve a PEP as an SMO and/or UBO) should be relied upon by a Secondary Site.

The decision made by one Site to decline a new business relationship or to terminate an existing relationship for compliance reasons must be communicated to all other Sites.