Originally published on Finextra.
Compliance is costly. Know Your Customer (KYC) compliance in adherence with Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) regulations can account for anywhere between 3% and 30% of a bank’s total operational costs. In 2020 reports suggested that global spending on compliance topped $213 billion.
And that figure could be conservative. While taking into account staffing, training, system costs etc., estimates often exclude Lost Opportunity Costs (LOCs) such as customer drop off caused by KYC processes deemed too cumbersome and time consuming to complete.
Yet the alternative for banks and FSPs is far from attractive. Possible exposure to (and inadvertent support of) fraud and financial crime, increased reputational risk, and the virtual certainty of incurring substantial fines from regulatory bodies.
In 2021, the total value of AML fines issued in the UK (over half a billion) was more than double that of the previous year, and fines continue to be imposed at an extremely high rate by global regulators seeking to crack down on KYC compliance failure around the world.
Banks are sitting between a costly rock and a regulatory hard place.
Is Perpetual KYC the answer?
Perpetual KYC (pKYC) is a rapidly evolving approach to this challenge.
The idea is relatively simple. Instead of running periodic KYC customer reviews in set cycles based on perceived customer risk at the point of on-boarding, banks instead dynamically maintain digital KYC profiles that automatically adjust risk analysis ratings based on authoritative live reference data. Notable events such as transactions, account activity, or relevant external information sources dictate when a KYC re-review should take place.
In other words, major KYC reviews held periodically (that take significant time and effort to complete) are replaced by a continuous intelligence-led review process, with smaller reviews triggered and prioritised by specific events at the time they occur. As well as saving time and money, it’s an approach that enhances a bank’s responsiveness to customer risk. Win, win.
Additionally, the real-time, proactive nature of pKYC helps avoid potential exposure to regulatory non-compliance for inadequate customer due diligence checks and/or suspicious activity monitoring. How? By ensuring that banks are continuously working with, and monitoring for, fresh contextual and transactional data - rather than relying on information only obtained periodically with traditional review cycles.
Given that a recent review of the UK’s AML regulatory and supervisory framework suggests that ‘increasing consistency of compliance with the current requirements’ is a current priority - i.e. that change to existing legislation isn’t necessary, but stricter enforcement of it is - any approach geared towards helping banks achieve this outcome is certainly something to explore.
Making it happen
So far, so good. But while pKYC may be a more elegant approach - to work effectively there are a couple of important boxes that need to be ticked first.
1) Upfront checks
It doesn’t matter how good a pKYC solution is, if initial customer screening is inadequate the horse may already have bolted before anyone notices. Setting up on-boarding processes to automatically screen individuals and businesses (KYB) against syndicated data from multiple authoritative sources is advisable.
The word ‘multiple’ is important. When only a small number of corroborating sources are cross-referenced, the process is more suspectable to issues such as synthetic ID fraud, and to UBOs (Ultimate Beneficial Owners) being missed. An optimised on-boarding process also ensures that a pKYC approach can be immediately tested with new customers, while further scoping is carried out to gradually migrate the existing customer back-book.
2) Consolidating customer data
pKYC is optimised when any and all customer interaction points are monitored continually. More specifically, when the results of monitoring customer interactions are consolidated to generate a ‘single customer view’ as opposed to (which is far more common, especially in large, multifaceted financial institutions) multiple, siloed customer views.
Organisations keen to benefit from pKYC therefore need to adopt a centralised approach to data management, where internal systems are aligned and integrated to pKYC solutions adopted – a process pKYC solution providers should be able to help navigate.
It is important during this stage to begin considering how your compliance policies are set up, and how they may be tweaked to align to a PKYC model instead of a periodic review model. Engaging with third party consultancy here is key.
Context that delivers clarity
At this point, automated risk screening – including monitoring for fraud, PEPs and sanctions - can be applied to the consolidated customer information, with specific events/transaction types programmed to trigger alerts and reviews.
As well as unlocking the gamut of process automation benefits mentioned earlier, adopting this approach also delivers another incredibly powerful outcome. Context.
When any member of staff, from any department, goes to check a detail, authorise a process, or release any kind of funds based on a live customer request, they will have at their fingertips a complete customer portfolio – what other financial products they’ve recently taken out with other colleagues, when their last review was, up-to-date results of screening (of external source information) etc. All without having to traverse multiple disparate systems or needing to draw on resource from various different operational teams.
When it comes to enabling staff to make informed decisions, this degree of context is extremely beneficial.
KYA – know your algorithm
The final evolutionary stage of pKYC solutions could - and arguably should (for optimal benefits) - see AI and machine learning applied as part of automation processes. The considerations around which are neatly outlined by the Financial Action Task Force (FATF) in its paper ‘Opportunities and Challenges of New Technologies for AML/CFT’.
Consolidating customer data to create information-rich context is perfect for feeding machine learning algorithms; for training them to spot outlying or anomalous behaviours that warrant closer inspection.
The flipside of this is of course that low risk events and behaviours can also be recognised and categorised and effectively ‘machine managed’ – freeing review and investigative teams up to focus attention on high priority cases. It’s a more efficient deployment of resources and one which avoids low risk customers feeling the pain of cumbersome process.
In short, intelligent automation of KYC/KYB workflows becomes not only possible, but practical. A way to ease the time (and therefore ultimately the financial) burden of checks that are an essential component of regulatory compliance.
Taking all this into account, intelligently automating pKYC isn’t just a ‘different way of doing things’; it’s simply a more efficient, modern and robust way of working.
Orion network functionality integrates with SIRA database
Sunday, October 18, 2015Read more
Synectics solutions, Blog
Cyber Security Awareness Month
Wednesday, October 12, 2022Read more
Zego partners with Synectics Solutions to automate fight against motor insurance fraud
Thursday, October 20, 2022Read more
Let us prove how we can help you. Click the button below for more details.Find out more