KYC Questionnaire - Mid-Market Bank

What is the KYC Questionnaire - Mid-Market Bank?

Mid-market banks sit in a difficult spot. They're large enough to attract corporate clients with complex ownership structures, cross-border payment flows, and multiple layers of beneficial owners. But they rarely have the compliance infrastructure of a tier-1 institution. That gap shows up in KYC files: inconsistent data collection, missing beneficial ownership certifications, undocumented source-of-funds rationale, and periodic reviews that are copy-pastes of the original onboarding record.

This template is a structured Word document that walks compliance analysts through the full set of information a mid-market bank needs to establish a customer's identity, understand the purpose of the relationship, and assign a defensible risk rating at onboarding. It also serves as the baseline record for periodic reviews.

The regulatory obligation is specific. FATF Recommendation 10 requires financial institutions to identify and verify customers and beneficial owners, understand the purpose and intended nature of the business relationship, and conduct ongoing due diligence. In the US, FinCEN's Customer Due Diligence Final Rule (31 CFR § 1020.210) adds a specific requirement to identify beneficial owners of legal entity customers at the 25% ownership threshold, plus one control prong. Examiners look for completeness, not just the existence of a form. A questionnaire with blank fields is a liability.

The template operationalizes customer due diligence as a repeatable intake process. It keeps analysts on track, reduces variation across the team, and produces a file that survives examiner scrutiny. The FATF Recommendations provide the international framework; the FinCEN CDD Rule is the primary US-side reference.

Who needs the KYC Questionnaire - Mid-Market Bank?

The primary user is the compliance analyst or BSA officer responsible for business account onboarding. At mid-market banks, that role often covers the full CDD workflow: collecting documentation, assessing risk, and escalating to the MLRO or BSA/AML officer when something doesn't look right.

MLROs and BSA officers use a completed questionnaire as their sign-off artifact. They're reviewing it for red flags, not filling it in. But the quality of what lands on their desk depends entirely on the structure of the form.

Relationship managers (RMs) are often the first touchpoint with corporate clients. A defined questionnaire gives them an information-gathering checklist so they're not improvising KYC conversations. This matters at mid-market banks where RMs have revenue targets and compliance sometimes competes for their attention.

Compliance reviewers preparing for regulatory exams use this template as a gap-assessment tool. Compare an existing customer file against the questionnaire fields and you'll surface deficiencies before an examiner does. That's a much better discovery process.

The template fits these specific situations:

• New commercial account onboarding for operating companies, holding entities, and trusts
• Periodic KYC refresh (annual or risk-triggered) for existing business customers
• Regional banks entering correspondent banking relationships, where the specific obligations are covered under FATF Recommendation 13
• Credit unions with commercial membership programs
• FinTechs operating under a bank charter who need a documented CDD baseline

The trigger is usually new account opening, but risk-triggered reviews, ownership changes, and exam preparation all bring compliance teams back to the same document.

What's inside the KYC Questionnaire - Mid-Market Bank

The document has seven sections. Each maps to a specific regulatory requirement or documented examiner expectation.

Section 1: Legal Entity Identification

• Full legal name and any trade name or DBA
• Jurisdiction of incorporation and registration number
• Legal Entity Identifier (LEI), where applicable
• Registered address and principal place of business (if different)
• Entity type: corporation, LLC, partnership, trust, non-profit, or other

Section 2: Business Profile

• Primary business activity and NAICS or SIC code
• Products and services offered
• Customer base description (retail, B2B, institutional, government)
• Geographic footprint: domestic operations versus cross-border, with specific countries named
• Revenue range and cash intensity (estimated percentage of revenue received as cash or cash-equivalent)

Section 3: Beneficial Ownership This section operationalizes the FinCEN CDD Rule directly. It captures names, residential addresses, dates of birth, and ownership percentages for all natural persons at or above the 25% threshold. It also has a dedicated control-prong field for the one individual with significant managerial responsibility, regardless of equity ownership. A certification statement, signed by an authorized representative, attests that the information is accurate. For cases where the direct owner is itself a legal entity, a layered-ownership field prompts the analyst to trace the chain to the natural person.

Section 4: Source of Funds and Wealth

• Primary sources of operating revenue
• Source of funds to be deposited or transacted
• For private banking or high-net-worth clients: a source-of-wealth narrative field

Section 5: Expected Activity

• Anticipated monthly transaction volume (count) and value (range)
• Expected payment corridors: domestic only, or international with specific countries named
• Products to be used: wire transfer, ACH, trade finance, letters of credit, FX
• Cash deposit expectations and frequency

Section 6: PEP and Government Connections This section implements FATF Recommendation 12 on politically exposed persons. It asks whether any beneficial owner, director, or senior manager holds or has held a senior public function, and extends the question to immediate family members and known close associates. If any field is marked yes, the form directs the analyst to the EDD Checklist for High-Risk Customers before account approval proceeds.

Section 7: Declarations and Certification

• Sanctions self-declaration: no current or historical designations
• Adverse media self-declaration
• Confirmation that all information is accurate, with an authorized signatory block and date

FATF Recommendation 11 and the Bank Secrecy Act both require retaining KYC records for at least five years after the end of the relationship. The document structure makes that retention straightforward: one file, one customer, version-dated at each review.

How to use the KYC Questionnaire - Mid-Market Bank

Step 1: Pre-populate what you already know. Before sending it to the customer or their RM, pull data from your CRM, company registry databases, or prior account records. Jurisdiction of incorporation and LEI are often publicly available. Pre-filling known fields reduces incomplete returns and saves the customer's time.

Step 2: Distribute and set a clear deadline. For new business clients, the RM typically collects the questionnaire alongside account opening documents. For periodic review, send it directly to the corporate client's compliance contact. Ten business days is a standard turnaround. Build a chase process for non-responses: one reminder at day 5, escalation at day 10.

Step 3: Validate responses against independent sources. Cross-check the ownership structure against company registry filings: Companies House for UK entities, SEC EDGAR or state filing databases for US entities. Run sanctions screening on all named beneficial owners and control persons. Flag any discrepancy between the declared ownership and what the registry shows. Discrepancies are not automatically disqualifying, but they require a documented explanation in the file.

Step 4: Assess risk and determine the due diligence level. Use the completed questionnaire to assign an initial risk rating. High-risk indicators: PEP connections, cash-intensive business model, cross-border payment flows to high-risk jurisdictions, layered or opaque ownership structures. Any combination of these should route the account to enhanced due diligence before approval.

Step 5: Route for approval and file together. The approved questionnaire, supporting identity documents, risk rating, and screening results belong in the same file. For exam purposes, the file needs to tell a coherent story without gaps. If your goal is staying continuously exam-ready, periodic reviews should update the file in place, with prior versions retained. Keep version history.

Step 6: Set the next review date before closing the file. Based on the assigned risk rating: annual for medium risk, every six months for high risk, every 18-24 months for low risk. Add the date to the file before closing it. Don't rely on calendar memory.

Common mistakes to avoid

1. Treating the 25% threshold as the only threshold. FinCEN's CDD Rule sets 25% as the minimum. For higher-risk customers, your risk appetite should require disclosure at 10% or lower. Banks that apply the statutory minimum mechanically find gaps when examiners apply a more conservative standard during examination.

2. Accepting vague expected-activity answers. "Wire transfers as needed" is not an acceptable answer. Analysts sometimes accept it to keep the onboarding moving. Don't. If a customer can't give a reasonable estimate, document that fact explicitly and flag it in the risk assessment. Specific numbers give you a defensible baseline for transaction monitoring later.

3. Not running checks on all named individuals. The questionnaire captures names. That's only useful if someone actually runs those names through sanctions screening and PEP lookups. We've seen files where the PEP section is checked "No" with no evidence of a search anywhere in the file. Run the checks, document the result, and date it.

4. Missing the control prong of beneficial ownership. Analysts focus on the 25% ownership test and skip the control prong entirely. FinCEN requires identifying one individual with significant managerial responsibility, regardless of ownership percentage. That person might own no equity at all. The form has a dedicated field; use it every time.

5. Filing the form without supporting documents. The questionnaire is not a standalone record. It needs incorporation documents and government-issued ID for named beneficial owners alongside it. A completed form with no corroborating documents won't satisfy examiners.

6. Treating periodic review as a rubber stamp. Changes in business model, new beneficial owners, or a shift to cash-intensive activity should trigger a full reassessment. Periodic review produces a new document. Copying the prior file with a new date is not a review.

How FluxForce automates this

The information this questionnaire captures manually, FluxForce's AI agents monitor continuously. Sanctions screening and PEP screening run in real time against named individuals as designations change, without a queue. Expected-activity baselines flow directly into transaction monitoring rules. When customer behavior departs from declared activity, the system flags it automatically. Adverse media screening runs continuously across all named parties. The questionnaire becomes your onboarding foundation; FluxForce keeps the file current from there. Book a demo to see it working.