Governance & Program Info

KYC / Customer Due Diligence (Agentic) — Governance

Cross-builder institution context and per-item ownership, due dates, status, and next actions for the governance-relevant checklist items in this builder.

← Back to checklist
Institution context
Program info
Applies across every builder in the app. Stored locally; nothing leaves the browser.
Checklist governance
Items (0 of 13 marked complete)
Annotate ownership, due date, status, and next action. Items on the left come from the builder's governance / compliance phases.
05 · Governance & Compliance
BSA CIP compliance (31 CFR 1020.220)
requiredaml
Customer Identification Program — name, DOB, address, TIN — verified within a reasonable time.
05 · Governance & Compliance
FinCEN CDD Rule compliance (31 CFR 1010.230 + 1020.230)
requiredaml
Four-pillar CDD: customer identification, BO identification, nature/purpose of relationship, ongoing monitoring.
05 · Governance & Compliance
AML Act 2020 / Corporate Transparency Act alignment
requiredaml
Beneficial ownership information reporting to FinCEN and interaction with BSA UBO requirements.
05 · Governance & Compliance
FATF Recommendations 10, 11, 12, 19 compliance
requiredaml
R.10 CDD measures, R.11 record-keeping (5-year retention), R.12 PEPs, R.19 higher-risk countries.
05 · Governance & Compliance
EU AMLD6 and EU AMLA (2025) alignment
requiredaml
Sixth Anti-Money Laundering Directive and the new EU AML Authority (AMLA) supervisory regime.
05 · Governance & Compliance
GDPR Article 9 (biometric data)
required
Biometric data used for unique identification is special-category — near-default prohibition unless lawful basis documented.
05 · Governance & Compliance
MAS Notice 626 / jurisdictional AML rules
recommendedaml
Map Singapore, Hong Kong, UK, and other applicable jurisdictional AML notices to agent behavior.
05 · Governance & Compliance
SR 11-7 model documentation for every agent component
required
Risk-tiering model, screening FP disposer, face-match matcher, entity-resolution model — each requires full SR 11-7 documentation.
05 · Governance & Compliance
Independent validation of agent components
required
Second-line or external validation of risk-scoring, entity-resolution, and disposition models — independent of development.
05 · Governance & Compliance
EU AI Act high-risk classification and Article 12 logging
required
AML/KYC AI is high-risk under EU AI Act Annex III; Art. 12 event-logging obligations apply with 6-month minimum retention.
05 · Governance & Compliance
Fair-lending / disparate-impact assessment on risk tiering
required
Risk tiering and EDD triggers can create disparate impact on protected classes via geography and MCC proxies.
05 · Governance & Compliance
Explainability / reason-codes per decision
required
Every agent decision carries a grounded, human-readable explanation with cited evidence — required for customer adverse-action, disputes, and examination.
05 · Governance & Compliance
Change management and model versioning
requiredtrinidy
Agent prompts, tools, guardrails, and models all version-controlled; changes go through model-risk approval.