How to Respond to a Reverse KYC Request

How to Respond to a Reverse KYC Request

A Step-by-Step Guide for Asset Managers

Receiving a reverse KYC request can be one of the more time-consuming interruptions in a fund's operations calendar. Whether it comes from a correspondent bank, a new limited partner, a trading counterparty, or a fund administrator, the underlying ask is the same: prove who you are, who owns you, and that your AML controls are in order.

This guide sets out a clear method for responding to any AML information request efficiently, without over-sharing, and in a way that leaves a proper audit trail.

Standard KYC refers to the checks a financial institution conducts on its clients. A reverse KYC request turns this around: a bank, investor, or counterparty asks the fund itself to submit documentation that satisfies its own due diligence obligations.

The term covers a wide spectrum of requests, from a brief email asking for a copy of your legal entity identifier to a forty-page questionnaire that maps every beneficial owner, principal, and internal AML policy in detail.

Who sends them?

Reverse KYC requests arrive from several directions:

  • Banks opening or maintaining accounts, including correspondent banks used by fund administrators or prime brokers.

  • Limited partners and investors conducting pre-investment or ongoing operational due diligence, particularly institutional LPs such as pension funds, insurers, or funds-of-funds.

  • Fund administrators onboarding a new fund structure or conducting periodic reviews of existing clients.

  • Trading counterparties including exchanges, clearing houses, and custodians.

  • Capital markets counterparties such as prime brokers, FX dealers, and repo desks.

The request rarely comes from one source alone. An active fund may receive several simultaneously, each with its own deadline, format, and scope.

What formats do they take?

Not all requests arrive in the same shape. You may receive:

  • A proprietary questionnaire specific to the requesting institution, covering anywhere from a handful of standard fields to several dozen detailed sections.

  • A standardised industry form: the Wolfsberg Group Correspondent Banking Due Diligence Questionnaire (CBDDQ) is the most widely used. It should not be assumed that all requesters use it; many LPs and administrators have their own formats.

  • A free-text email request listing specific documents by name.

  • A portal upload: some counterparties, particularly large prime brokers and administrators, use third-party due diligence platforms and require documents to be submitted through a specific portal.

Step 1: Triage before you respond

Before you open a single document, spend fifteen minutes on triage. Rushing to assemble materials without understanding what is actually being asked is the most common source of both delay and error.

Understand the scope: entity, UBO, or fund level

Requests can be scoped at different levels, and the same requester may ask for information at more than one:

  • Entity level: information about the legal entity that is the counterparty, such as the management company or general partner. This typically includes corporate registration documents, memoranda and articles of association, and regulatory status evidence.

  • UBO level: information about the individuals who ultimately own or control the entity. Ownership charts, UBO declarations, and underlying individual identification documents fall here.

  • Fund level: information about the fund vehicle itself, such as prospectus or offering memorandum extracts, subscription documentation, and the fund's own AML policies.

Requests frequently span all three levels. Confirm exactly which entities are in scope before you start pulling documents.

Identify the format and standard being used

Read the request in full before doing anything else:

  • Is there a questionnaire with numbered sections, or a free-text ask?

  • Does the requester reference a specific standard or template?

  • Are there required file formats for attachments (PDF only, certified copies, colour scans)?

  • Is there a portal login you need to create an account for?

Understanding the format shapes how you map your existing documents to the request.

Confirm the deadline and point of contact

Note the stated deadline and work backwards. KYC requests typically carry a two-to-four-week window, but banks onboarding a new fund relationship may move faster. Confirm who at the requesting institution will receive the response and who to contact if you have clarifying questions. A single clarification call at the start saves multiple back-and-forth cycles later.

Step 2: Map the request to your existing document pack

Once you have a clear picture of scope, format, and deadline, the next step is to map each section of the request to documents you already hold.

If your fund maintains a standard AML document pack, this mapping step is largely mechanical: you work through the request line by line and identify which documents in your pack satisfy each requirement. The time saving compared to starting from scratch is significant.

A clean mapping exercise produces two outputs:

  1. A list of documents you can provide immediately.

  2. A list of gaps: items the requester has asked for that you do not currently hold in usable form.

Keep the mapping document. It becomes part of your audit trail.

Step 3: Fill the gaps

Gap items fall into several categories.

Documents you may need to obtain fresh

  • Updated certified company extracts from the relevant registry

  • Individual identification documents for any beneficial owner whose passport or national ID has expired since the last submission.

  • A refreshed regulatory status letter or confirmation if more than twelve months have elapsed since the last one.

  • A current proof of address for any individual where the last submission is dated outside the requester's accepted window (often six months).

  • An updated AML policy if your internal document has been revised.

Allow several days for certified company extracts and individual document refreshes, particularly where signatories are based in different jurisdictions.

Certification, notarisation, and apostille

Different requesters have different certification thresholds. A bank onboarding a new fund may require:

  • Certified copies: a solicitor, notary, or bank officer certifies that the copy is a true copy of the original.

  • Notarised copies: a notary public affixes their seal, typically required by US counterparties or for jurisdictions that follow a civil-law model.

  • Apostille: an official authentication recognised under the Hague Convention (1961), required when documents are to be used in a foreign jurisdiction that is a signatory to the convention.

Always confirm the certification standard before ordering copies. Apostilles in particular carry lead time and cost; requesting a standard certified copy when an apostille was required means the process starts again.

Step 4: Verify document currency

Before you package your response, run a currency check on every document you plan to include. Ask three questions of each:

  1. Is the document dated within the requester's accepted window? (Often six to twelve months for proof-of-address items; longer for constitutional documents but with a caveat that they must reflect the current state.)

  2. Has the underlying information changed since the document was issued? A certificate of good standing that was accurate a year ago may no longer be if the entity has since changed its registered address, officer list, or share structure.

  3. Is the certification still valid? Certified copies often carry a date that requesters treat as an expiry reference.

Flag any document that fails any of these checks and obtain a current replacement before submission. Sending a stale document is one of the most common reasons a KYC response is rejected or triggers a follow-up round.

Step 5: Package and deliver securely

How you deliver the response matters as much as what you include.

  • Use a secure file-sharing method. Password-protected encrypted links are preferable to email attachments containing sensitive personal data. Many fund administrators and larger counterparties operate their own secure portals; use them.

  • Organise the package logically. Structure the files to match the sections of the request, using clear file names. If the requester has a questionnaire with sections A through G, label the corresponding files to match. This reduces back-and-forth and demonstrates operational quality.

  • Include a covering note. A brief cover sheet listing the documents included, the entities to which each relates, and the version dates of key items makes the reviewer's job easier and reduces the chance of a document being missed.

  • Confirm receipt. Send a short follow-up email noting the date of submission and asking the counterparty to confirm they have received the package and that it is complete.

Step 6: Log what you sent, to whom, and when

Maintain an internal log of every KYC submission. At minimum, record:

  • The name of the requesting institution and the relevant contact.

  • The date of the request.

  • The date of your response.

  • The entities and documents included in the response.

  • Any version dates or certification dates for time-sensitive items.

  • Whether a follow-up was received and, if so, how it was resolved.

This log serves three purposes: it supports your AML audit trail, it allows you to give consistent answers across multiple requesters, and it tells you which documents are approaching expiry across your entire counterparty base.

Common mistakes when responding to a KYC request

Compliance teams that handle many requests tend to converge on the same errors. The most costly include:

Sending stale documents. A passport that expired last year, a company extract from three years ago, or an AML policy that predates your last regulatory review will all trigger rejection or a follow-up. Check currency before submission, not after.

Over-disclosing. Sharing more than the request requires, particularly on UBO details or internal financial information, creates an information governance problem. Provide what is asked; do not volunteer additional material.

Giving inconsistent answers across requesters. If your entity description in one submission says the management company was incorporated in 2018 and another submission says 2017, the discrepancy will be noticed. Maintain a single authoritative source for entity data and draw from it every time.

No audit trail. If you cannot show, for any given response, what you sent, to whom, when, and in what version, you have no audit trail. This creates a problem both for your own AML governance and in the event of a regulatory query.

Treating every request as a new task. The more a fund treats each incoming request as something to be handled ad hoc, the slower and less consistent the responses become. A documented, repeatable process and a maintained document pack change the economics of responding entirely.

The case for a maintained AML pack

The step-by-step process above assumes you are assembling a response partly from scratch. That is the reality for many funds that handle requests reactively.

The alternative is a maintained, always-current document pack that you update on a rolling basis rather than in response to a specific request. When a new KYC request arrives, the mapping and gap-filling steps collapse dramatically because most of the pack is already ready. The delivery step shortens from days to hours.

The further evolution of this approach is a single reusable profile that can be granted selectively to each requesting institution, avoiding repeated document transmission entirely. This concept is explored in depth in our article on the live AML passport model for asset managers.

For funds receiving a high volume of due diligence requests, or those approaching a capital raise where LP onboarding will generate several simultaneous requests, a maintained pack is not a luxury: it is the operationally sensible baseline.

Book a demo to see how Steward replaces your KYC folder with a live, maintained profile.