# KYC/AML Standard Operating Procedures (SOP) **Version:** 1.0 **Date:** November 10, 2025 **Status:** Draft --- ## Overview This document defines the Standard Operating Procedures (SOPs) for Know Your Customer (KYC), Anti-Money Laundering (AML), and sanctions screening for eResidency and eCitizenship applications. ## Screening Lists ### Sanctions Lists **Primary Sources:** * UN Security Council Sanctions * EU Sanctions * OFAC (US Treasury) * UK HM Treasury * Other relevant jurisdictions **Update Frequency:** * Daily automated updates * Manual review for high-priority updates * Real-time screening for new applications ### PEP Lists **Sources:** * World-Check * Dow Jones Risk & Compliance * ComplyAdvantage * Other commercial providers **Categories:** * Heads of State * Senior government officials * Senior political party officials * Senior judicial officials * Senior military officials * State-owned enterprise executives * Close associates and family members ## Risk Scoring ### Risk Factors **Low Risk:** * Clear identity verification * No sanctions matches * No PEP matches * Low-risk geography * Established history **Medium Risk:** * Partial identity verification * Potential PEP match (distant) * Medium-risk geography * Limited history **High Risk:** * Failed identity verification * Sanctions match * Direct PEP match * High-risk geography * Suspicious patterns ### Risk Score Calculation **Formula:** ``` Risk Score = (KYC Risk × 0.4) + (Sanctions Risk × 0.4) + (Geographic Risk × 0.2) ``` **Thresholds:** * Auto-approve: < 0.3 * Manual review: 0.3 - 0.8 * Auto-reject: > 0.8 ## Enhanced Due Diligence (EDD) ### Triggers **Automatic EDD:** * PEP match * High-risk geography * Risk score > 0.7 * Suspicious patterns * Large transactions (if applicable) ### EDD Requirements **Additional Checks:** * Source of funds verification * Additional identity documents * References or attestations * Background checks * Enhanced monitoring ### EDD Process 1. Identify EDD trigger 2. Request additional information 3. Verify sources 4. Conduct enhanced screening 5. Risk assessment 6. Decision ## PEP Handling ### PEP Classification **Direct PEP:** * Current or former PEP * Immediate family member * Close associate **Indirect PEP:** * Distant relative * Former associate * Historical connection ### PEP Process **Direct PEP:** 1. Automatic EDD 2. Enhanced screening 3. Manual review required 4. Risk assessment 5. Decision with justification **Indirect PEP:** 1. Standard EDD 2. Risk assessment 3. Decision based on risk ## Source of Funds ### Requirements **If Applicable:** * Fee payments * Donations * Service contributions * Other financial transactions ### Verification **Methods:** * Bank statements * Payment receipts * Transaction history * Attestations * Third-party verification ## Audit Trail ### Requirements **Documentation:** * All screening results * Risk assessments * Decisions and justifications * EDD materials * Audit logs ### Retention **Periods:** * KYC artifacts: 365 days (regulatory) * Application metadata: 6 years * Audit logs: 7 years * Credential status: Indefinite ### Access **Controls:** * Role-based access * Audit logging * Data minimization * Encryption at rest * Secure transmission ## Compliance ### Regulatory Requirements **Jurisdictions:** * GDPR (EU) * CCPA (California) * Other applicable laws ### Reporting **Obligations:** * Suspicious activity reports (if applicable) * Regulatory reporting * Internal reporting * Audit reporting ## Testing ### Mock Audit **Scope:** * End-to-end process testing * Risk assessment validation * EDD trigger testing * Audit trail verification * Compliance checks ### Success Criteria **Requirements:** * All processes documented * All decisions justified * All audit trails complete * All compliance checks passed * No critical findings --- ## Revision History | Version | Date | Author | Changes | |---------|------|--------|---------| | 1.0 | 2025-11-10 | CISO | Initial draft | --- ## Approval **CISO:** _________________ Date: _________ **Chancellor:** _________________ Date: _________ **External Counsel:** _________________ Date: _________