KYC Workflow Guide

Step-by-step workflow for FICA-compliant KYC procedures. Visual process diagram with detailed explanations for each stage of customer onboarding.

7 Steps

Complete workflow

About This Workflow

This workflow covers the complete KYC process from initial application through ongoing monitoring. It aligns with FICA Section 21 requirements and incorporates best practices for risk-based due diligence. Use this as a template and customize it for your specific business needs.

Client Application

Receive initial application from prospective client.

Tasks:

Receive completed application form
Perform initial screening for completeness
Assign unique client reference number
Begin CDD file creation

Outcomes:

Application complete → Proceed to Step 2

Application incomplete → Request missing information

Identity Collection

Collect all required identification documents and information.

Tasks:

Collect valid ID document (SA ID, passport)
Collect proof of residential address
For entities: Collect registration documents, MOI
For entities: Collect beneficial owner information
Obtain signed consent for verification

Outcomes:

All documents collected → Proceed to Step 3

Documents missing → Follow up with client

Identity Verification

Verify client identity against reliable independent sources.

Tasks:

Verify ID number with Home Affairs
Match biometric photo (if applicable)
Verify address with proof of residence
For entities: Verify with CIPC
Document all verification results

Outcomes:

Verification passed → Proceed to Step 4

Verification failed → Reject application

Discrepancies found → Request clarification

PEP & Sanctions Screening

Screen client against PEP databases and global sanctions lists.

Tasks:

Screen against PEP databases
Screen against UN sanctions list
Screen against OFAC SDN list
Screen against domestic sanctions
Screen beneficial owners (for entities)
Document screening results

Outcomes:

No matches → Proceed to Step 5

PEP identified → Apply EDD (Step 5)

Sanctions match confirmed → Reject and report

Risk Assessment

Assess overall client risk level and determine appropriate measures.

Tasks:

Evaluate client risk factors
Consider geographic risks
Assess product/service risks
Assign risk rating (Low/Medium/High)
Determine if EDD is required
If EDD: Obtain source of funds/wealth
If EDD: Obtain senior management approval

Outcomes:

Low/Medium risk → Proceed to Step 6

High risk → Complete EDD before Step 6

Unacceptable risk → Reject application

Approval Decision

Make final decision to onboard or reject the client.

Tasks:

Review all collected information
Verify all CDD requirements met
For high-risk: Confirm senior management approval
Document decision and rationale
If approved: Create client account
If rejected: Send rejection notification

Outcomes:

Approved → Proceed to Step 7

Rejected → Close file, retain records

Ongoing Monitoring

Implement continuous monitoring throughout the relationship.

Tasks:

Set up transaction monitoring
Schedule periodic reviews (based on risk)
Set up re-screening triggers
Monitor for unusual activity
Update client information as needed
Document all monitoring activities

Outcomes:

Normal activity → Continue monitoring

Unusual activity → Investigate and escalate

Suspicious activity confirmed → File STR

Key Points

• Risk-based approach: Apply more rigorous measures for higher-risk clients
• Documentation: Document every step and decision made
• Escalation: Have clear procedures for escalating issues
• Timing: Complete CDD before establishing the business relationship
• Record retention: Keep all records for minimum 5 years after relationship ends

Related Resources

CDD Training

CDD Checklist

EDD Training

Automate Your KYC Workflow

VerifyNow streamlines your entire KYC process with automated ID verification, PEP screening, and workflow management.

Get Started Free