Ongoing
Transaction monitoring
The monitoring that measures activity against the baseline onboarding sets: alerts, clarification, and the MROS decision.
Transaction monitoringKYC & client
onboarding
KYC is the foundation the whole AML framework rests on: identify the client and the beneficial owner behind it, understand the purpose of the relationship, and classify its risk, documented before the relationship begins. We build an onboarding flow that captures all of this, satisfies both the SRO auditor and your bank, handles PEPs and enhanced due diligence, and feeds the ongoing monitoring, so flagged activity later means something.
At a glance
Know who the client really is — on the record.
Identity, beneficial owner, purpose and risk, captured and documented.
- Identify
- Contracting party + beneficial owner
- Understand
- Purpose of the relationship
- Classify
- Risk: standard or enhanced
- Screen
- PEP status
- Standard
- Auditor and bank both accept it
The essentials
What KYC and onboarding require
Under the Anti-Money Laundering Act, a financial intermediary must identify the contracting party, establish the beneficial owner behind it, understand the purpose of the relationship, and classify its risk, all documented at the outset. Higher-risk relationships and PEPs trigger enhanced due diligence. KYC is the baseline the entire framework depends on: monitoring and reporting only work if onboarding established who the client really is. We build the flow so it captures all of this and stands up to audit.
Who this is for
- financial intermediaries onboarding clients under the AML Act;
- firms whose onboarding is informal or fails at audit;
- online and cross-border businesses needing compliant remote onboarding;
- intermediaries whose bank is questioning their KYC.
Where it fits
Onboarding is the front door to the framework, sets the baseline for monitoring, and runs the first sanctions screen.
The four pillars
What the onboarding flow captures
Compliant onboarding establishes four things, every time, and documents each. Miss one and the file fails at audit.
| Element | What it establishes |
|---|---|
| Contracting party | Identity of the client, verified |
| Beneficial owner | The real person behind the structure |
| Purpose & nature | What the relationship is for |
| Risk classification | Standard or enhanced due diligence |
| PEP screen | Heightened scrutiny where flagged |
These are not boxes to tick but the baseline the rest of the framework reads from. Capture the beneficial owner and the purpose properly, classify the risk correctly, and monitoring becomes meaningful; skip them and the firm is blind to what should alarm it. We build the flow so all five are captured and documented by construction.
How it runs
From first contact to opened file
Onboarding is a designed sequence, not an ad-hoc collection of documents. We build it to produce a complete, audit-ready file.
- Step 1
Identify & verify
The contracting party identified and verified with reliable evidence, in person or through compliant remote identification.
- Step 2
Beneficial owner & PEP
Looking through to the beneficial owners and screening for PEP status, triggering enhanced procedures where needed.
- Step 3
Purpose & risk
Establishing the purpose and nature of the relationship and classifying its money-laundering risk.
- Step 4
Enhanced due diligence
Where flagged, establishing source of wealth and funds and obtaining senior approval.
- Step 5
File & baseline
Completing the documented file and setting the baseline that ongoing monitoring measures against.
Budget
What it costs
Designing the onboarding flow is scoped to the business: a simple client base is lighter than one with complex structures, PEPs, cross-border clients and remote onboarding. The design is a one-off; running it is part of the ongoing AML function.
We scope and quote against the client base and channels. Pricing is on request.
Discuss your onboarding
What you need
What onboarding requires
Audit-ready onboarding rests on:
- verified identification of the contracting party;
- look-through to the beneficial owners behind any structure;
- established purpose and nature of the relationship;
- risk classification and PEP screening with enhanced-DD triggers;
- a complete, retained file for each relationship.
Collecting documents is not the same as knowing the client
The common failure is treating onboarding as gathering a passport and a utility bill, then opening the account. KYC asks more: who ultimately owns and controls the client, what the relationship is genuinely for, and what risk it carries. A file thick with documents but silent on the beneficial owner or the purpose fails at audit and leaves the firm unable to monitor meaningfully. The point is to know the client, not to file paper about them. We design onboarding to establish understanding, evidenced, which is what the auditor, and the bank, actually test for.
Why Goldblum
Onboarding: the work behind it
KYC is where the AML framework succeeds or fails. Designing onboarding that knows the client, satisfies the auditor and the bank, and feeds the monitoring is core compliance work.
Real KYC
Knowing, not collecting
Onboarding that establishes the beneficial owner, the purpose and the risk — the understanding the law requires, not a folder of documents.
Two standards
Auditor and bank both accept it
A flow built to satisfy the SRO auditor and the firm’s own bank at once, so the firm is neither failed at audit nor de-banked.
Connected
Feeds the monitoring
The baseline set at onboarding so ongoing transaction monitoring flags what genuinely departs from it, rather than producing noise.
Related
What onboarding feeds
Risk
Sanctions screening
The SECO, EU, UN and OFAC screening run at onboarding and on periodic re-scan, with a clear escalation path.
Sanctions screeningThe foundation
AML risk assessment
The institution-wide risk assessment the onboarding risk classification is built on.
AML risk assessment
FAQ
KYC & onboarding: FAQ
01What does Swiss KYC actually require?
A financial intermediary must identify the contracting party, establish the beneficial owner behind it, understand the purpose and intended nature of the relationship, and classify the risk it presents, all documented before or at the start of the relationship. Identity is verified with reliable evidence, and higher-risk relationships trigger enhanced due diligence. KYC is not a form to collect; it is the basis on which the whole AML framework rests, because everything downstream (monitoring, reporting) depends on knowing who the client really is.
02Who is the beneficial owner and why does it matter?
The beneficial owner is the natural person who ultimately owns or controls the client, typically anyone holding 25 percent or more, or otherwise exercising control, behind a company or structure. Swiss AML law requires the intermediary to look through entities to the real people, because money laundering hides behind layered ownership. Establishing the beneficial owner, not just the account holder, is one of the core KYC duties, and getting it wrong is one of the most common audit findings. We build the look-through into onboarding so it is captured properly.
03What is a PEP and how is it handled?
A politically exposed person holds, or is close to someone who holds, a prominent public function. Because that status carries higher corruption and money-laundering risk, a relationship with a PEP triggers enhanced due diligence and senior-management approval. The onboarding flow must screen for PEP status, establish source of wealth and funds, and apply heightened ongoing monitoring. PEPs are not prohibited clients, but they must be handled with the extra scrutiny the law requires. We build PEP screening and the enhanced procedures into the onboarding.
04What is risk classification at onboarding?
Every relationship is classified by the money-laundering risk it presents (based on the client, the beneficial owners, the products, the geographies and the transaction profile) into standard or higher-risk categories. The classification drives the depth of due diligence at onboarding and the intensity of ongoing monitoring. A relationship classified as higher-risk gets enhanced due diligence and closer watching. Getting the classification right at the start is what makes the monitoring proportionate later. We build a risk-classification model into onboarding tied to the firm's risk assessment.
05Why does the onboarding flow need to satisfy the bank too?
Because a financial intermediary's own bank scrutinises how it onboards clients, and weak KYC can cost the firm its banking relationship, an existential risk. The onboarding flow therefore has to meet not only the SRO auditor's standard but the expectations of the bank that holds the firm's accounts. Designing onboarding that satisfies both at once avoids the firm being compliant on paper yet de-banked in practice. We build the flow to the standard both the auditor and the bank apply.
06When can enhanced due diligence be required?
When the relationship or transaction presents higher risk: a PEP, a complex or opaque structure, high-risk jurisdictions, unusual transaction patterns, or any factor the firm's risk model flags. Enhanced due diligence means going deeper: establishing source of wealth and funds, obtaining additional documentation, and often senior-management sign-off. The trigger points must be built into onboarding so the extra scrutiny happens automatically where it is due, not missed. We define the triggers and the enhanced procedures as part of the flow.
07Can onboarding be done remotely?
Yes, within the rules. Swiss AML regulation permits remote and digital onboarding subject to specific identification requirements designed to verify identity reliably without a face-to-face meeting. This matters for online and cross-border financial businesses. The remote flow still has to capture identification, beneficial ownership, purpose and risk classification to the same standard. We design compliant remote onboarding where the business needs it, so digital clients are onboarded properly rather than informally.
08What records must onboarding produce?
A documented file for each relationship: the identification of the contracting party and beneficial owner with the verifying evidence, the purpose of the relationship, the risk classification, any PEP and enhanced-due-diligence findings, and the approvals. These records must be retained and be available to the SRO auditor and, where relevant, to MROS. Poor or missing documentation is itself a compliance failure, even where the right checks were done. We build onboarding so the file is complete and audit-ready by construction.
09How does onboarding connect to ongoing monitoring?
Onboarding sets the baseline (who the client is, what the relationship is for, and what risk it carries) against which ongoing transaction monitoring measures activity. Monitoring can only flag what departs from an expected profile if onboarding established that profile in the first place. Weak onboarding produces weak monitoring, because there is no reliable baseline. The two are one system: we design onboarding to feed the monitoring, so flagged activity is meaningful rather than noise.
10What does Goldblum do on KYC and onboarding?
We design the onboarding flow and KYC procedures (contracting-party and beneficial-owner identification, purpose checks, PEP screening, risk classification and the enhanced-due-diligence triggers) built to satisfy both the SRO auditor and the firm's bank, and to feed ongoing monitoring. We make it work for face-to-face and compliant remote onboarding, and ensure the file is complete and retained. The aim is onboarding that establishes who the client really is, documented to withstand audit.
Building your onboarding?
Tell us who your clients are and how they reach you. A partner designs a KYC and onboarding flow that satisfies your auditor and your bank, and feeds your monitoring.