Perpetual KYC, or pKYC, has the potential to revolutionise financial crime compliance. But practitioners and vendors need to be realistic about what can be achieved.
It is easy to see why financial institutions are enthusiastic about pKYC. A new report by PwC suggests banks can reduce their KYC costs by up to 80% across the entire customer book, by automating all but the most complex KYC review process steps, which necessarily require some degree of manual intervention. What’s more, this approach can support a shift towards additional, trigger-based reviews, further reducing risk by identifying early on, for example, that customers have been subject to adverse publicity.
But it’s also dawning on practitioners that current practices aren’t satisfying regulators, which are taking a more aggressive stance toward financial crime. To counter the threat of regulatory censure, many financial institutions are shifting the emphasis of their compliance activities by moving away from monitoring individual risks in different siloes and towards more holistic client surveillance, a phenomenon that will be discussed in more detail during A-Team Group’s upcoming webinar on pKYC on March 24th.There is growing recognition that refreshing a client record every five years is simply not good enough, says James Redfern, sales director at business intelligence and due diligence services provider Diligencia. Redfern points to heightened regulatory scrutiny and reputational risk protection, as well as the increasing availability (via APIs, for example) of primary and secondary source data, as key factors driving demand for more proactive KYC processes.
Cécile Monico, client lifecycle management solutions lead at digital strategy and software engineering firm Luxoft, agrees. “Banks cannot wait for a pre-determined date to check if a client presents an unknown new type or level of risk,” she explains. “Regulators are continually identifying failings within financial institutions and handing out significant fines. Automated data sources powered by artificial intelligence can not only save banks time, but also enable them to avoid fines and reputational damage.”
Proactive KYC processes present a compelling business case for financial institutions who service large global organisations observes Greg Watson, COO of Napier, a developer of financial crime compliance solutions. “All too often, financial institutions continue with ineffective traditional methods that give rise to poor client experience, operational inefficiencies, and hampered business growth,” he says. “By implementing a trigger-based approach, they can focus resources on the instances that present as high risk on an ongoing basis, and streamline their KYC, AML, and business processes.”
The key considerations in the implementation phase are people, process, and technology according to Henry Balani, head of regulatory and industry affairs at KYC automation platform provider Encompass. “There is a need for management acceptance of perpetual KYC as it can represent additional complexity and increased costs,” he says. “Ongoing continual reviews mean existing processes need to be updated to accommodate this new review regime. In terms of technology, new platforms may be required to handle the increased workloads and since perpetual KYC solutions are SaaS-based, users will require their legacy technology to accommodate APIs for integration or move to an entirely new platform.”
A healthy dose of realism is required, suggests Cengiz Kiamil, VP strategy at Fenergo, a provider of digital client lifecycle and regulatory compliance technologies. “Practitioners who are passionate about compliance and fighting financial crime want a utopia that requires a vast and long-term digital transformation programme,” he says. “The economies of scale to achieve that are not currently available.”
Kiamil specifically refers to the practical challenges around data. “Data quality needs to improve and financial institutions will have to revise their data source policy and how they consume that data,” says Kiamil. “As they start to build and implement change, they also need to manage policy change.”
One approach is to take a staggered approach. Financial institutions looking to address the challenges of implementing pKYC should consider breaking it into smaller – and more easily achievable – stages, suggests Claus Christensen, CEO at Know Your Customer, a provider of end-to-end compliance solutions. In this way, he says, they are able to demonstrate the impact of each step along the way, reassuring internal stakeholders and garnering broader internal support.
“This agile way of running projects is also more compatible with the way technology companies work,” he says. “By engaging with a trusted regtech partner and using their expertise in the field, it is possible to accelerate the journey to full perpetual KYC whilst staying in control of milestones and progress.”
One option is to first focus on centralising and digitising all back-end KYC compliance operations and introducing ongoing AML monitoring. “The second milestone might then focus on back-end and front-end seamless integrations,” Christensen says. “This would ensure a better customer experience while also supporting KYC teams by setting risk profiles and the level of due diligence required automatically based on the information provided by customers (digitally) during the onboarding process.”
According to Napier’s Watson, the main challenge lies in the synchronisation and integration of the various data streams into targeted solutions. “The data sources already exist within organisations,” he says. “What is required is a single solution which applies a policy-based ruleset to analysing and interpreting the data, detecting and acting upon those anomalies which require review intervention.”
Geographical factors also need to be considered. “In our main markets of the Middle East and Africa there are very few easily accessible sources of even the simplest information – such as a company’s corporate filings,” says Diligencia’s Redfern. “The (often manual) research required to perform an independent KYC check is laborious and costly and as such does not lend itself easily to perpetual KYC.”
Redfern notes that in the UAE alone there about 40 registries across the seven emirates including all the free trade zones and four offshore jurisdictions within a relatively small geographic coastal strip. “Access to information across all these registers is not standardised and varies widely in terms of content available,” he concludes. “As a result, financial institutions across the Middle East and Africa have made little progress towards implementing perpetual KYC.”
Case study: Transaction Monitoring at a Major Global Bank
Cécile Monico, client lifecycle management solutions lead at Luxoft, accepts that while some financial institutions have made significant progress towards implementing pKYC, there is still plenty of room for improvement. “Financial institutions are not yet making the required progress to protect themselves, their clients and their employees from failure they could anticipate,” she says.
Data quality and access (rather than availability of technology and vendor support) are the main implementation challenges, says an executive responsible for transaction monitoring at a major global bank.
“Many vendors build their systems with the expectation of perfect data, that all systems talk to each other and that when a customer onboards a client it is possible to immediately perpetuate their data to all the systems that needs it,” says this practitioner.
The reality is regionally disjointed systems that are further segregated by business or compliance function.
“In the past we would first identify who we were talking to and then find out where their money came from,” he adds. “Once that was done the customer was onboarded and monitoring happened only on the transactions. Our ambition goes beyond even perpetual KYC into perpetual customer risk monitoring where risk is recalibrated every time there is a change in the customer data.”
Like many financial institutions, this bank is working towards that objective by building a monitoring function, which represents a major shift in compliance by moving away from monitoring individual risks in different siloes towards holistic client surveillance. “Perpetual KYC is a component of this approach, but this is still aspirational,” says the bank practitioner. “In the meantime we are working on consolidating review teams, monitoring systems and case management systems.”
He is also realistic in his long-term expectations, noting that it is hard to envisage a single system or solution that could perform pKYC for every customer globally. “It might be possible to do it across multiple business lines within a single country or across a single market such as the EU, but aligning regulatory requirements across multiple jurisdictions is too complex.”
If you want to find out more about leveraging the benefits of pKYC, don’t forget to join us on 24 March when an expert panel of industry leaders will explore best practice approaches to implementation.
Subscribe to our newsletter