Your policies can describe immaculate due diligence and your files can still tell a different story. Identity evidence is missing or stale, enhanced due diligence is triggered but never deepened, beneficial ownership is recorded but not verified, source of funds is asserted but not corroborated, and customer risk ratings drift away from the facts. A KYC and CDD file review pulls a structured sample of real customer files and tests, file by file, whether the work meets the standard your procedures promise and your regulator expects.

Alsina Advisory delivers this CDD quality assurance review as a focused, senior-led boutique. We are independent of any onboarding platform, screening vendor or remediation provider, so our findings are objective and carry weight with your board, your second line and your national competent authority. We work across the EU, rooted in the Netherlands, and frame every finding against the regulatory framework that supervises you, from the Wwft and DNB expectations to the incoming AMLR.

What a KYC and CDD file review covers

We test the file against the obligation, not the checklist against itself, sampling across customer types and risk bands so the picture reflects your real book. A typical engagement covers six areas.

Identity and CDD basics

Whether identity is verified to standard, documents are current and consistent, and the core customer due diligence is complete, evidenced and not merely ticked off.

Enhanced due diligence

Whether EDD triggers are correctly recognised for high-risk customers, high-risk countries and complex structures, and whether the additional work actually goes deeper rather than repeating standard checks.

Ownership and source of funds

Whether beneficial ownership is identified and verified through to the ultimate natural persons, and whether source of funds and source of wealth are corroborated with evidence, not just recorded as a customer statement.

PEP handling

Whether politically exposed persons, their family members and known close associates are identified, escalated, approved at the right level of seniority and subject to the enhanced ongoing scrutiny the rules require.

Customer risk rating

Whether the assigned risk rating reflects the evidence in the file and your own methodology, and whether the level of due diligence applied genuinely matches the rating given.

Periodic and trigger reviews

Whether periodic refreshes and event-driven reviews happen on time and with real substance, and whether remediated files reach the standard rather than simply closing the case.

How the review works

Scoping and sampling

We agree the population, the customer segments and risk bands in scope, and a defensible sample size and selection method, then fix the timeline and a fixed fee or day rate in writing up front.

File testing

We assess each sampled file against a structured testing template covering identity, CDD, EDD, ownership, source of funds, PEP status, risk rating and review history, recording specific evidence for every result.

Assessment and root cause

We benchmark findings against the AMLR, the Wwft and your own procedures, quantify error and exception rates, and separate isolated slips from systemic process or control weaknesses.

Reporting

You receive a clear, prioritised report with sampled error rates, themed findings, root causes and pragmatic recommendations that your first and second lines can act on.

Independent re-testing

Where you need it, we re-sample remediated files and confirm independently that the quality issues have actually been resolved.

What you get

A board-ready file review report with an executive summary, headline error and exception rates and a clear view of file quality across segments.

A file-by-file results log showing what was tested, what passed, what failed and the specific evidence behind each conclusion.

Themed findings with root-cause analysis distinguishing isolated errors from systemic CDD weaknesses, each mapped to the relevant AMLR, Wwft or internal-policy requirement.

A prioritised remediation roadmap sequenced by risk, covering both individual file fixes and the underlying process changes.

Independent re-testing and sign-off on a remediated sample once the work is complete, where required.

Why an independent file review

Independence is the point of a CDD QA review. A file sample only reassures a board or a supervisor if the people reading the files have nothing to sell you afterwards and no interest in grading their own homework. We are not an onboarding platform, a managed-service provider or a remediation shop, so our results are unbiased and our sampling is genuinely independent of your first and second lines.

As a senior-led boutique, your due diligence file testing is performed by an experienced financial crime auditor who has read these files at Tier-1 banks, global payments businesses and fintechs, not handed to a bench of juniors working a template. That means sharper judgement on what a file truly evidences, fewer people in your environment, and a report you can put in front of DNB or AMLA with confidence.

Whether you need a one-off KYC file review, pre-examination readiness, assurance over a remediation programme, or a recurring quality-assurance cycle, we can usually scope and start within weeks.