Perpetual KYC and the move away from periodic reviews
When financial services firms digitised their KYC processes many years ago, they were able to save time, improve accuracy and better secure files.
However, while the methods firms used for client onboarding and other KYC activities drastically changed – moving from the analogue to the digital world – the actual process remained much the same, with KYC completed and then reviewed on a periodic basis every one, three or five years, depending on client risk.
This has meant that many of the same challenges for firms have remained; most significantly that customer information can frequently be outdated, leading to exhaustive information gap analysis and inaccurate risk assessments.
At the same time, regulations are changing more rapidly than ever, leading to an increase in the cost of compliance for banks. Not being able to adhere to the regulations can lead to significant financial penalties, as well as subsequent reputational damage that can be hard to recover from.
The current state of affairs
Banks onboard new corporate customers every year, but their total number of customers can reach hundreds of thousands. If we take one such bank’s client base as an example, a small proportion (up to 5%) is considered high risk, a slightly larger proportion (25%) is considered medium risk and a significant proportion (70%) is low risk – with risk determining how often a refresh needs to take place. If for example, a bank has 200,000 customers, refreshing these files on a periodic basis means that the bank may need to onboard or refresh more than 50,000 customers a year.
The reality is that the KYC model needs disrupting; the implementation process is laborious and inefficient, taking hundreds or even thousands of hours to complete for large banks.
Siloed systems and segregation of self-reported data, external data and transaction data mean that firms have to continually engage with clients to confirm details or request further information, or have to carry out manual processes internally to assess these data sets. This results in a high volume of avoidable repeated effort.
The remediation process is fragmented with broad orchestration and legacy point solutions with limited unification and multiple manual workflows and processes. In addition, there is no feedback loop whereby ongoing customer due diligence can either confirm existing data inputs or trigger changes to improve efficiency and reduce false positive events.
This subsequently results in a higher cost of operations. The complexity of a client base spread across numerous jurisdictions also adds to this cost as firms require highly localised expertise.
In the past, technological limitations have meant that it has been difficult for organisations to future proof their KYC operating model and avoid many of these pitfalls. However, there have been huge advances in the way data is collected, gleaned for insights and acted upon, particularly with the introduction of artificial intelligence.
In fact, these advances have often been implemented in other areas of financial services firms as they digitally transform – and yet traditional KYC processes have often remained stagnant.
Transitioning to Perpetual KYC (pKYC)
Many of these challenges can be resolved using a holistic operating model based on Event Driven Remediation (EDR) capabilities. This means data is tracked automatically and continuously to check for triggers such as customer information changes, customer activity changes or risk profile changes.
Then, updates of a financial services company’s back book are made in near real time. Organisations who switch away from periodic KYC reviews in this way benefit from proactive risk assessment and a seismic reduction in the cost of remediation – as well as peace of mind that they’re ensuring compliance with regulatory and risk policies.
By gathering up-to-date information, firms can also detect out-of-date client relationships and focus their attention on existing relationships to maximise profitability.
For pKYC to work effectively, the input data for continuous monitoring must be processed as event flows, ensuring it is a natural extension of traditional KYC capabilities. In addition, organisations need to be able to aggregate and enrich their data using free and paid-for public sources, as well as any internal data.
The input data needs to be analysed to ensure it is of the highest quality, and discrepancies between internal and external sources should be checked using advanced entity matching and resolution so that any customer profile can be updated in real time.
Instead of increasing the number of personnel in compliance, pKYC enables firms to streamline the review process, ensuring customer information is up to date and risk assessments are accurate. Moving away from time-consuming and inefficient period reviews to continuous reviews results in a reduction in total labour costs and in the risk of fines.
A platform that integrates intelligent scanning with workflow orchestration and event detection and analytics capabilities is crucial for banks that want to ensure they’re adhering to increasingly stringent regulations.
About the author
Harinder Singh Sudan is senior vice president, financial intelligence unit at BlackSwan Technologies.
He has close to 20 years industry experience in banking and financial services and leads BlackSwan’s FIU practice globally.
Harinder has worked with a number of tier one banks and consultancies and managed service providers in the UK, Europe and Middle East. He has deep expertise in financial crime compliance; covering operations, technology architecture, program management and delivery of global remediation programs.