ADLU Periodic Review Guideline

This document outlines the steps of the investor kyc review and GIAT update investor.

Keeping investor’s kyc information up to date and relevant through a periodic file review is
mandatory as per CSSF 12-02 art 35.

The frequency of the review depends on the level of risk adopted as per risk assessment of the
respective investors.

This process is applicable to the ADLU Regulatory dept – Periodic review team

File Review and GIAT update

a/ Start reviewing an investor from your file:

Create a new monitoring request in GIAT: search your client

Once found, click on the double blue sheets in the Action section:

This brings you into your new GIAT monitoring and this is when you start the Remediation / PR
process.

In Order to proceed in GIAT (Open a new request or continue the one still opened) NOTE if
opened before March they should be closed and restarted if no update done in order to apply
 new Risk Assessment
Scenario 1 Scenario 2 Scenario 3
Scope 1,2, GIAT ID Scope 1,2, GIAT ID Request Scope 1,2, GIAT ID Request Still
Request Completed Completed 2019,2020,2021 opened (Onboarding or Periodical
2017,2018 (Onboarding (Onboarding one) Review one)
one)
In this case you can In this case you can proceed to check:
proceed with a new with a new Review >Request can be Continued, amended
Review Immediately Immediately and finalized
>Request has to be Completed before
starting a new one (old one not
reaching standards, or docs missing).
This has to be finished or blocked
before starting a new one. Only after
that can be started other review in
GIAT (Can be started in the L/Drives)

b/ Static data updates / GIAT cleaning

 Update all tabs of the GIAT by adding all missing details and completing the GIAT card with
a maximum details. (You will note that most GIAT cards are missing addresses, bank details,
FATCA CRS details).

 All static data in the Summary must be completed and/or ticked (e.g. address, tax residence,
Is the investor Active, Type of investment, TPI, Subscription date, etc) and please ensure that
you save your input before moving to another Tab otherwise it might not be saved. The
same applies for the Bank details, PEP, FATCA/CRS ….;

Important: please cross check the address on the app form / sub doc with other documents (FATCA
CRS docs bring relevant details as well) and also confirm the current address with a recent trade
register extract. If a trade register extract shows a recent address change, you can update the
address based on this as trade registers have legal value.

NB: In order to avoid being blocked / not being able to edit the card, you need to avoid clicking
“validate” but rather click “save” for each GIAT section when you finished adding your details.
c/ Checklist completion / document management

 Create a sub folder “PR2021” into each investor file to store PR kyc docs

 Do not delete GIAT document but add new document items in addition to all other docs.

 Comment in GIAT: “OK” is not a comment. All comments shall be explanatory and
understandable and related to the document itself.

 Date of documents: all documents must be dated. Loading proof of regulation, extract from
Companies House, or any other documents directly from website might cause an issue on
the date of issuance as it does not always appear on the document itself. It was agreed with
Compliance that within these specific cases, the date of issuance/print out of these type of
documents must be stated in the comment box, this is mandatory;
e/ KYC DB

While reviewing your file, make sure that all “related parties” are properly showing into
“relationships” section of KYC DB.

If not showing, you will need to add the new names (intermediary entity or individuals like UBO or
CP) with relevant details

3.1 KYC Requirements

Periodic Review is refreshing existing information. We will make sure that we are requesting
documents that are necessary and avoid asking for docs we already have.

The Periodic review has a focused on Ownership details and make sure a CP is appointed
everywhere a UBO cannot be identified.

From a general standpoint, where it is not firmly required to collect an updated version (ASL,
Constitutive docs etc…), the PRQ will need to mention the document as “We confirm that there is no
updated version or amendment to the constitutive document / ASL / … since on-boarding” and
mention “please provide an updated version of the document, where applicable”.

NB: The list below is non exhaustive and every analysis are a case-by-case depending on the risk
level and investor type.

 Sub doc : check the signature and make sure the name of signing person and date is showing
in GIAT comment and KYC DB (refer to KYC DB section)

 PRQ: this document needs to be pre-filled to include all kyc confirmations to be covered.
 Id expiry date: collect updated original certified true copy if needed.
 Proof of regulation : create new item and upload a recent proof of regulation found online
 AML Letter / reliance letter: in case entity confirms that it is investing on behalf of
underlying investor, a reliance letter is required. An updated document needs to be
collected every 3 years.
 UBO / CP: where no UBO can be identified, a UBO CP confirmation needs to be collected and
CPs appointed need to be added to KYC DB.
 Renewed proof of address + In case of change of residence country, new facta crs self cert
 Latest prospectus or trust deed Trust Deed and any other equivalent document: when a
Trust Deed is provided, and its Amendment(s) where applicable, we must ensure that we do
have the Initial Trust Deed and that the Amendment(s) is(are) the latest document(s).
Therefore, confirmation must be received from the investor and stored in GIAT together
with the document (add a section to the PRQ for a trust where the investor confirms that
there is no amendment to initial trust deed)
 Share register / structure chart: PRQ has a section to confirm share register still valid since
on boarding.
 Proof of incorporation: most countries have trade register search website – we will not ask
investors to provide unless not available online. When you need to ask to investor, ask for
the “full” copy of trade register, a full copy will provide details such as list of directors etc
that will cover several kyc points. NB : you need to refresh proof of incorporation for all
entities involved (including intermediary entities where applicable)
 ASL : PRQ has a section where investor can confirm if ASL collected at on boarding is still
valid. No need to ask for a new one.
 UBO declaration : if not already on file, you might need to ask for a UBO / CP confirmation
(our template to be pre filled in the name of investor)
 Beneficial Owner Register: For Eu Pv Companies, we need to collect a copy of the local trade
register extract. Please refer to Karine email (will be circulated again) which provides an
 excel sheet showing the link to the RB Registers for the various countries. To be asked to
investors if not available online
 FATCA CRS: if the entity is “passive” CP need not be added in FATCA CRS section. For that
you also need a FATCA CRS self cert for CPs. To be collected if not on file.
 Source of Wealth: should be cross checked with information found on a trusted public
source even if the UBO Declaration is fully completed (for example, an investor mentioned
that his SoW is coming from salary and bonus as senior employee at ABC S.A. We need to
demonstrate that this individual is indeed an employee of ABC S.A. and that the amount of
assets invested is in accordance with the position for example). Therefore, please cross-
check the information with what can be found on a trusted public source and save the
earches together with the SoW in GIAT;

3.2 FINSCAN

Prepare PR screening for all names involved (investing entity, intermediary entities, UBOs)

 Create a new Finscan item and attach the Finscan that you previously saved on investor
folder
 Where you can rule out the hits, make sure you add a comment saying “mismatch on +
detail that allowed you to mitigate / clear the hit” (date of birth, name, country)

 Where you have several screening to perform, make sure you merge all the reports into on
sole pdf and name it “name of investor – full screening 05.2021” and save it into investor
folder / PR2021 sub folder, along with other docs sourced online and docs received from
investor
Save it as “PR2021 – No Hit”

 Google searches are not required anymore as the tool does include the searches on Adverse
Media. Of course, if there is ground to perform additional extensive searches (e.g. Hit, EDD;
etc) then Google searches are still applicable; (cf. email from Karine dated 04/12/2020)

3.3 For Lux entites

Considering Luxembourg provides a lot of information on companies online, it can be interesting to

sort your file with investors located in lux. Once isolated, you can document your entities with :

Copy Trade Reg extract :

https://www.lbr.lu/mjrcs-lbr/jsp/IndexActionNotSecured.action?time=1621504041866&loop=2

Copy of RBE extract :

https://www.lbr.lu/mjrcs-rbe/jsp/webapp/static/mjrcs/fr/mjrcs-rbe/asbl_fondation.html

You will need to login as “anonymous” and it will allow you to collect your RBE showing UBO for your
entity and RCSL also provides the constitutive document that you can get if not received at on
boarding.

3.4 High Risk investors

No need to escalate any High Risk case that was escalated and approved during on boarding.

Investors identified thanks during periodic review:

If during the periodic review an investor is classified as HR (previously Low or medium), enhanced
due diligence will be performed in line with the requirements in the AML Handbook. A HR memo will
also be edited and signed by the Off/SOff and the manager, after their review.

 The Manager will send Compliance an escalation workflow via GIAT.

Downgrading from High to Medium or Low Risk:

If during the periodical review and analysis of a relationship originally classified as High Risk there
are justified reasons to downgrade the risk of the relevant investor to Medium or Low, an email with
all supporting information, including the result of our analysis is sent to the Head of Regulatory for
him to review and sign off the decision as suggested by the Off/SOff. This decision requires to be
documented and all supporting information/documents stored in the KYC file of the investor in GIAT.
  The scoring of the investor will be modified in GIAT and Compliance informed of this change
via email.

4. contact the client

A/ Notify the team manager

 Once a client is fully reviewed; prepare an excel file listing at least name, fund risk level, and
missing kyc docs (you can use “Remediation client file template” saved in team folder as an
example)
 Share the file with a PR senior maker that will review the list of kyc requirements.
 Once approved, notify the manager of the team in charge of this client via outlook that the
review is complete and ready to reach out. Further instructions for next step will be shared
by the manager.

Note: we have email templates in our folder for that purpose

L:\AAFA-Regulatory-KYC\Restricted\0. Regulatory team general folder\Monitoring

Team\Remediation\Miguel\Process

B/ preparation of annexes and contact investor

 All relevant annexes for the PR are saved in: L:\AAFA-Regulatory-KYC\Restricted\0.

Regulatory team general folder\Monitoring Team\Remediation\Miguel\Process\Annexes
 Annexes will need to be pre-filled (PRQ, UBO CP etc) before sending out
 PRQ: it is critical that the PRQ is pre-filled with a maximum details and adapted case by
case. You will need to remove sections that do not apply to your case and add sections
where missing (i.e. add a section to request for confirmation that addresses remain valid
etc…) The PRQ will also include a list of the KYC requirements listed during the review.

 E-mail (Lotus Notes) to be sent to the investor / Client informing about the need for a
periodical review, including all requirements

 Email addresses can be found in the sub docs and need to be confirmed by the client
 1st reminder : D+ 7
 2nd reminder : D+ 14
 3rd reminder / formal notice: D+ 21

In the 3rd and last reminder, The Off / SOff will copy AD Relationship Manager, the Regulatory
Manager AND the client if the latter was not included in the previous e-mails sent.

In this e-mail the investor will be informed and warned that if we do not receive the required
documents and information within 8 working days, the account will be blocked for payments out
which ultimately means e.g. that any proceeds in relation to the execution of a potential distribution
will not be released until we obtain the missing documents/information.

 At the end of the process, a complete file should be:

GIAT completed / Finscans done / KYC DB complete / kyc docs (PRQ etc) received, saved and
attached to GIAT / GIAT checklist completed and double checked / Remediation file updated with
relevant status (“Completed, GIAT accepted”)