Customer acceptance is the first step. Due to statutory requirements (e.g. FATF (Financial Action Task Force) and the FATF Regional Partners, United Nations Sanctions, U.S. Patriot Act, Bank Secrecy Act, EU money laundering directive, Individual Country-Specific Compliance Rules & Regulations)
Banks are obliged to gather audit-proof information for natural and legal persons along with their beneficial owners and use this data for risk classification. If the risk incurred through the customer relation is too high the bank must reject the customer.