Last year we started publishing our Future of KYC Compliance Series which featured interviews with over 20 KYC and AML professionals and thought leaders to learn more about the trends that will shape the future of KYC compliance.
You likely don’t have time to read each and every interview so we’ve gone through and pulled together some of our favorite answers to the various interview questions. Here’s what we learned:
How has KYC compliance changed in the midst of COVID?
Joe Ciccolo, Founder of BitAML
There is no question that consumers are increasing transacting remotely, using online and mobile apps, and making use of contactless solutions. More and more users are turning to these products and services out of necessity, and in the process discovering their convenience and utility, beyond the obvious safety benefits in the current environment.
Unfortunately, the bad guys enjoy these same features. We’ve seen a rise in ransomware and data breaches with record numbers of people working from home, scams involving purported stimulus payments and medical devices, and money launderers advantageously hiding among the sharply increased volume of legitimate remote transactions.
Institutions must rise to meet these unique challenges and properly reallocate their KYC resources to reflect the changing habits of consumers, without compromising or neglecting higher touch products and services.
Jehan Jeyaretnam, Head of Compliance Services, Acuity Knowledge Partners
KYC reviews that were more paper-based and performed in-premise have to be conducted in virtual environments, using the cloud and secured servers. Financial institutions, customers and regulators were forced to accept the new normal of conducting KYC due diligence on virtual platforms, with resources dispersed geographically. We, therefore, see the pandemic as a driver of increased digitalisation in the KYC domain through necessity. We expect this trend and urgency to continue even in the post-pandemic world. Organisations also need to ensure they conduct more thorough validation, tests, model enhancements and security checks to adapt to the new normal of virtual work without compromising the integrity of their KYC programs.
Miriam Goldman Epstein, Operations Manager, SQOPE S.A
COVID-19 really impacted the onboarding process for the financial industry particularly given restrictions on in-person meetings.
Likewise, KYC and due diligence research faced challenges linked to the inability to visit physical locations to obtain records, alongside technical challenges connected to data protection and privacy that arose from increasing remote work. All the while, regulators continued to issue fines to those who were not compliant and leeway wasn’t granted. Such logistical challenges led to backlogs, delays, and other issues for compliance professionals. From there, we saw a growing demand for outsourcing of research to third-party providers.
Braden Perry, Partner, Kennyhertz Perry, LLC
Since the emergence of H5N1 in 1996, both industry leaders and government officials have known that an influenza pandemic will occur with a new subtype of influenza capable of efficient person-to-person spread and to which few of the world’s population are immune. Many have also known that it will be a global pandemic with all countries being affected within a matter of months. Many industry leaders and government officials have prepared for this and outlined detailed responses. It’s obvious that some industries and countries are more prepared than others. Those that didn’t prepare or prepare enough and are now caught in a disruptive corporate environment and at the mercy of outdated BSA/AML processes and procedures and other tech-related issues as most companies are working remotely. Proactivity will be the new standard, and companies that don’t look forward at risk potential will be massively behind when the next business disruptions arise.
Greg Pinn, Head of Strategy for Merlon.ai
Before COVID-19 compliance teams were predominantly office-based. This is due to the repetitive nature of many analyst tasks, looking through dozens or hundreds of screening results and evidence daily. This type of task requires focus and close supervision. COVID has completely changed this.
Compliance analysts must now work from home with all of the distractions that come with that. This is causing FIs to accelerate plans to upgrade technologies to focus analyst attention on less mundane tasks that can be managed by more modern technologies. With these new tools, analysts can focus their remediation efforts where human intelligence is required.
Allison Spagnolo, Managing Director at Guidepost Solutions
Since face-to-face interactions with customers have all but ceased during the COVID-19 pandemic, institutions have had to rely more heavily on automated tools. Given in-person limitations, KYC and customer identification are arguably even more important. Traditional financial institutions have had to use alternate methods to satisfy themselves that the due diligence conducted on customers is vigorous and complete.
FinTech organisations, on the other hand, have not been as hindered by the pandemic’s restrictions. Their business model assumes no face-to-face contact and they have the capability to verify identity and perform customer due diligence using sophisticated KYC tools that contemplate a lack of in-person verification. Additionally, with many FinTechs moving into the banking world – such as Square Inc. announcing the commencement of banking operations under its Square Financial Services – we will likely see more FinTech efficiencies adopted by the larger, brick-and-mortar financial institutions.
Phillip Hamilton, Senior Compliance Investigative Analyst, Compliance Department, Sutton Bank
COVID identified many opportunities for growth in KYC programs. It caused many companies, agencies, and institutions to reevaluate the avenues for onboarding new business. It also pointed out gaps in household practices commonly used by local, state, and federal government agencies. The COVID crisis disbursed with the thought process of doing the legal minimum to book new business, for example; Some companies only collect two out of three or three out of four requirements identified in the CIP (Customer Identification Program) referenced by the FFIEC Manual. If they can show that the business collected enough information to reasonably demonstrate that it knows the customer's true identity. Unfortunately, COVID has proven otherwise. The escalation in cyber-attacks utilising BECS (Bank Email Compromises), Synthetic IDs, and Identity Theft will force a reset in the approach of KYC and CIP processes. COVID-19 will be the catalyst that propels Know Your Customer compliance to the forefront of risk models for all businesses concerned about protecting the gains they have achieved as they scramble to keep pace with the latest fraud schemes the criminal element employs daily.
Rachel Woolley, Global Director of Financial Crime, Fenergo
Perhaps for the first time, global regulators are on the same page in their response to the pandemic. Acknowledging the critical need for continuity in the financial services industry, many regulators published guidance for financial institutions to consider, particularly in light of social distancing measures. Encouraging the use of remote onboarding processes and the implementation of flexible measures to identify and verify customers were common themes, effectively endorsing the use of technology solutions.
Critically, technology can enhance our approach to financial crime risk management; this is particularly important as criminal organisations seek to capitalise on vulnerabilities and increased anxiety related to COVID.
Marc Buklis, Principal, Mark Buklis Associates
During COVID, KYC requirements have continued, and in-flight AML program work has continued as a critical effort. However, even critical work such as AML and KYC has seen some slowdown as the financial services industry has moved to work from home and has needed to focus on COVID-driven liquidity and credit challenges.
A key impact of COVID in banking has been to dramatically accelerate the trend, underway since the 1990s, towards online and phone banking. During the lockdown associated with COVID, the general population did not go out nearly as often, many retailers were closed and many others declined to take cash in order to limit COVID risk. The rapid move further away from cash, and to almost entirely online banking, has changed the profile of all customers and the nature of the risks to be considered in rating systems. It also changes the nature of mitigation and due diligence, as customers will not be in person for applications, nor for later transactions, for teller review and assessment. Suddenly, the way the customer looks, or behaves in the branch, will not be available to send signals to staff!
This development will certainly put further pressure on digital means of identification, including Blockchain and other approaches, in the very near future.
Chris Siddons, Senior Director of Financial Crime Compliance at LexisNexis Risk Solutions
COVID has accelerated the adoption of managed cloud (also known as ‘Software-as-a-Service’) and private cloud solutions to digitise compliance processes. Digital compliance processes are more scalable than locally hosted alternatives, as computational resources can be scaled up and down according to needs. Staff no longer need to be collocated to facilitate screening, opening up a wider labor pool. COVID has introduced the real possibility of interruptions to business continuity and digitisation of operational processes is seen as an important step towards eliminating that operational risk for clients. Additionally, KYC activities are strained, causing delays in customer onboarding. In fact, financial institutions in the U.S. reported a 7% increase in costs related to KYC activity in 2020*, largely due to the impact of the pandemic. (*True Cost of Financial Crime Compliance, U.S. and Canada, October 2020).
Sukh Vairea, Compliance Manager
COVID has changed a lot in life and business. Digitisation and remote working is an opportunity but faces greater risks from fraudsters, cyber-criminals and money launderers abusing the system for financial gain. Account takeover, spoofing, and other nefarious activities are on the rise. COVID has accelerated the transitions to online digitisation but at the same time attracted unwanted criminals. Where there is opportunity - there is risk.
KYC compliance is the first line of defense. Businesses must keep up their guard. KYC checks should not be compromised or treated as a tick-box exercise. The controls to authenticate documents and verify users should be tested regularly to ensure you are fully protected and fighting off threats of an evolving landscape.
The global recession due to COVID-19 means there is less money for governments and businesses to invest in compliance. This may compromise KYC and regulatory endeavours, but for businesses this may result in financial losses and becoming the victim of crime per se.
Raj Tripathi, Senior AML/KYC Compliance Professional, Asia
The year 2020 and the pandemic has changed the way industries earlier perceived KYC Compliance and associated risk.
To enhance the scope of KYC compliance, new regulations were brought into force throughout the current and last year. In this demanding regulatory atmosphere, financial institutes are expected to adapt to the needs of evolving and competitive financial ecosystems.
The key concept of 2020 for KYC compliance was the investment in the collaboration of credible data, human intelligence, and advanced technology ( video KYC, 5th and proposed 6th AMLD ). So far many achievements in this regard proved to be just the tip of the iceberg.
Michael Ronickher, Partner at Constantine Cannon LLP
Like everything, KYC compliance had to adapt in the face of the pandemic. Every step has become harder, but just as necessary—if not more so. Early on, regulators were quick to say that they knew some changes to routine were going to be necessary, but equally quick to make clear that the pandemic was not an excuse for slacking off.
On the contrary, FinCEN, FINRA, and the OCC asserted that, while they were willing to accept delays in reporting, financial institutions should be more on guard than ever against those who might be exploiting the confusion of the pandemic.
Alejandro Leáñez Rieber, International Legal Counsel
Many financial institutions and companies have reduced their KYC compliance team due to the economic downturn. Effective transaction monitoring requires large teams and costly software that needs to be constantly updated. A large number of alerts when personnel are missing due to the economic downturn can generate missing targets, deadlines, or to overlook critical issues.
Training of KYC compliance departments remains critical during the COVID era. Remote training of the KYC compliance officer was greatly enhanced during COVID. All KYC compliance officers need to know that an effective Sanctions Compliance Program encompasses these essential components: management commitment, risk assessment, internal controls, testing, and auditing and training.
Sandra Ciaraite, AML Analyst, Danske Bank
In the wake of Zoom and Skype calls, digitalisation of European banks is the main goal, where both the employees and the customers remain at home. Most Scandinavia based banks have already been moving towards automation driven organisations rather than labour, and transferring their operational centres to lower cost countries such as the Baltic states, Poland or Middle-East. Yet, currently major financial institutions are experiencing a slowdown in such technology development – in order to save costs and survive the pandemic redundancies programs that have been announced.
As for customers, online verification of identity became a new norm, due diligence processes were adapted to expect the delays of documentation if some forms still must be signed by ink. Deviations in financial data, given the financial downfall, became rather expected causing adjustments to KYC procedures and risk expectations.
FSAs and law enforcement agencies have been known to be operating in their own course, yet, even such organisations introduced encrypted documentation share solutions instead of physical inspections.
COVID has identified resistance continuation among different areas. KYC compliance solid continuation has been demonstrated because of the existence of already established structures. The changing patterns in which customers have approached activities have been supported by the existing compliance framework. In that regard, the increasing trend of transactions performed through electronic channels has been sustained by the automated KYC solutions. The need for remote activity throughout different sectors of the economy has pushed forward an increasing amount of new customer registrations and an increasing amount of performed transactions across electronic channels. KYC compliance in the midst of COVID has backed up entities to welcome all these changes. The possibility that COVID continuing state might impact further remote customer activity is expected, which in turn will demand KYC solutions to process an increasing amount of information. The operational stability of each entity processing KYC requirements will depend on how compact each implemented solution is.
Financial services have been at the forefront of digital transformation but the industry is still largely held back by legacy systems. Due to the pandemic, banks and fintech companies will need to respond quickly to growing consumer demands for new solutions.
The world will not be the same after Covid-19, and thus the banking industry is faced with unprecedented challenges. The closure of physical branches, remote working of staff, overworked customer help desks and broken back-office processes are some of the challenges banks are grappling with.
Andreea Rainer, Founder Attorney at Law of Andreea Rainer Law Office
The pandemic provided a boost to the clients’ digital onboarding. Non-face-to-face relationships entail high risks by themselves, and on the downside, the pandemic sharpened cybercrime. However, social distancing requirements forced the digital approach, where the lawyer requires their clients/ prospective clients identity documents in electronic form, followed by identity confirmation via video conference and discussions upon client’s business intentions, and securing digital onboarding process with client’s qualified electronic signature issued by a trust service provider duly authorised. In a nutshell, against the background of increased awareness, the effects of the COVID19 pandemic on KYC compliance turns out to have a silver lining: clients are enjoying the facilitation to legal services whilst the lawyer saves their time and decreases (if not removing) paper-based operations.
Joel Lange, Managing Director, Risk & Compliance Division, Acuris Global
As I’m sure other contributors will point out, the COVID crisis has accelerated trends already ongoing namely the digitisation of compliance workflows and the elimination or optimisations of archaic business processes.
Even up until recently I am always surprised to learn about an organisation’s process and the amount of paper, PDF’s and unstructured data that is part of building a KYC portfolio.
All of this is getting optimised for the better.
Oonagh van den Berg, Founder and Managing Director of Virtual Risk Solutions
The pandemic was a huge wake-up call for the compliance industry. The main challenge was that we were not proactively prepared for the new money laundering and terrorism financing typologies that presented themselves through a pandemic. We quickly realised that we are not where we need to be on skill sets, automation, and risk control systems. We need to be much more innovative and quick to adapt and acknowledge changes in the skill sets required to develop these controls. The need for optimal automation, reduced resourcing model, and having key skill sets at critical thinking junctures is more apparent than ever.
Nishank Khanna, CFO, Clarify Capital
During COVID19, we’ve seen a surge in online and remote customer transactions. To reflect the change in consumer behavior, companies are faced with the challenge of implementing digital KYC checks to remain compliant. There’s a heightened level of importance surrounding secure payment and consumer protection. Companies not only need to have measures in place that increase customer security, but they need to be able to do so efficiently. Prior to COVID, a reliance on manual, or partially-manual KYC checks was fairly commonplace. Even now, many companies still process red flags manually.
COVID has made adopting tech, including cloud-based solutions, much more imminent, given the need for more up-to-date and efficient KYC compliance. The demand for improving online security and revamping how security checks are done to account for the digital disruption has been especially crucial for banks and financial institutions.
Nenad Jovicic, AML/FT Expert, Erste Banka Srbija
The Covid pandemic, in my opinion, had a dual impact on KYC Compliance. The negative impact is that the pandemic has revealed weak points of the KYC process itself in terms of onboarding, in situations where movement of the customer is restricted (or completely forbidden). The importance and significance of online/video identification has not been developed adequately and the lack of management vision to make this option for the organization more effective and more competitive.
Financial institutions that have adequately addressed this have prospered in the pandemic, while the vast majority of financial institutions have failed in this field and now are in a crash course of digitalisation and introduction of those new services. Another aspect of this problem is regulators’ realisation that they need to ‘liberalise’ the laws in the AML area and to ease the implementation of video and online identification. This section applies in particular to third world countries, which have been late in implementing the latest AML rules.
The positive impact of the Covid pandemic on the KYC Compliance refers to the monitoring of transactions of customers, because in a way, the consequences of the pandemic are a perfect set-up for financial institutions. The limited mobility of customers reduces the cash transactions in real time and increases non cash transactions, which makes it easier for employees of financial institutions to identify money laundering and/or terrorist financing.