Last year we started publishing our Future of KYC Compliance Series which featured interviews with over 20 KYC and AML professionals and thought leaders to learn more about the trends that will shape the future of KYC compliance.
You likely don’t have time to read each and every interview, so we’ve gone through and pulled together some of our favorite answers to the various interview questions. Here’s what we learned:
How has KYC compliance evolved over the past 5 years?
Jehan Jeyaretnam, Head of Compliance Services, Acuity Knowledge Partners
In the past, KYC compliance functions and tasks were viewed as cost centers set within the compliance division and not as business-critical processes. The increase in the number of global regulations such as AML 3-6, together with the heavy penalties imposed across a wide range of industries, underscores the value of having robust KYC compliance programs to protect and increase shareholder value. The ownership of KYC compliance is, therefore, now divided between all three lines of defence in the most successful organisations. The emergence of quants-driven risk-assessment frameworks, technology platforms, data aggregators and KYC-as-a-service has altered the operating models for KYC compliance.
Regulators suggest better data solutions: New regulations such as the FinCEN CDD Rule and the 5th Anti-Money Laundering Directive (5AMLD) mandate the identification and verification of beneficial ownership as a top priority on the regulatory agenda. The emergence of better data sources would make ownership more transparent and eventually minimise the need to obtain documents from customers and detect anomalies where ownership may have been disclosed incorrectly.
Crypto exchanges and wallets: Cryptocurrencies have, in the past three to four years, redefined the way transactions are conducted by offering fast and cheap transaction. As cryptocurrencies increase their wallet share, the chances of them being used to launder money would also increase exponentially. The 5AMLD regulation and FinCEN’s Final Rule have, therefore, made it clear that virtual currencies and exchanges have to strictly abide by AML legislation. For example, exchanges and wallets must register with their respective regional regulators and demonstrate that they have appropriate KYC and AML compliance programs in place.
All this would lead to stringent compliance KYC practices and systems that are not only in line with regulatory expectations, but also help preserve the integrity of data.
Joel Lange, Managing Director, Risk & Compliance Division at Acuris Global
There has been a significant evolution of KYC techniques around Companies and People via both proprietary and vendor aggregation tools. For KYC on Companies, the ability to combine key risk triggers on Adverse Media, State Ownership, Financial Health and Registrar information has made the quick and initial assessment of firms easier and more rapid.
Additionally, for KYC on People, the combination of identification and verification solutions with traditional AML data and other high risk information allows for a very quick go and no go answer for firms doing rapid KYC.
Joe Ciccolo, Founder of BitAML
KYC compliance has changed dramatically over the course of the past five years. This is due in large part to innovative solutions catering to the growing number of digital-native consumers, which has necessarily compelled institutions to identify KYC solutions that can keep pace. Consumers who have come to expect instantaneous transactions and other banking activities with the simple click of a mouse or swipe of the mobile touchscreen are not inclined to tolerate a 2-5 business day hold so their customer information can be screened and verified.
KYC technology continues to meet the mandate of disruptive fintech and cryptocurrency applications through new and innovative solutions that less than five years ago were largely unthinkable within professional compliance circles.
Allison Spagnolo, Managing Director at Guidepost Solutions
In my experience, there have been two primary changes in KYC compliance over the past 5 years. First, there has been an increasing emphasis on internal support for a KYC compliance function such that it is now aligned with anti-money laundering and financial sanctions compliance measures in terms of significance, prioritisation, budget, and resources. Institutions have realised that robust KYC and customer due diligence efforts can be the first line of defence against financial crime.
Second, I have seen an expansion of KYC compliance measures to include Know Your Transaction (“KYT”) information, especially with respect to virtual currencies. KYT is separate and apart from anti-money laundering transaction monitoring that uses scenarios and thresholds to detect suspicious transactions. Instead, KYT leverages a robust KYC program and knowledge of a customer’s habits to identify transactions that may be suspicious as to that customer even if they do not rise to a specific level of suspicion under an AML scenario. KYT analysis allows for a more dynamic customer profile.
Rachel Woolley, Global Director of Financial Crime, Fenergo
Legislation has continued to evolve in response to industry challenges, rather than proactively addressing the need for a more effective regime.
The publication of the Panama Papers in 2016 triggered a wave of beneficial ownership reform, with many countries introducing measures to increase transparency in the ownership and control of legal entities. In many ways, this has led to an increased operational burden for financial institutions rather than a more robust KYC process. In the EU in particular, financial institutions are obliged to report beneficial ownership discrepancies to corporate registries, adding additional manual steps to an already cumbersome process.
Greg Pinn, Head of Strategy for Merlon.ai
A big change over the last 5 years has been an emergence of a new generation of RegTech providers, looking to answer the growing needs of compliance teams. These can be divided into two main categories -- emerging needs and legacy requirements.
Emerging Needs -- These companies are focused on helping FIs and other regulated businesses solve their emerging challenges, mainly around digital onboarding (ID Verification), UBO requirements, and cryptocurrency transaction analysis.
Legacy Requirements -- These firms are focused on improving existing and long-standing regulatory requirements around identifying and screening of sanctions, PEP, and adverse media, reducing the need for huge, ever-growing compliance teams. These companies leverage new innovations in artificial intelligence, machine learning, and natural language processing to increase the efficiency of compliance analysts.
Marc Buklis, Principal, Mark Buklis Associates
KYC remediation efforts at many institutions have improved overall compliance. While the focus of these programs has been on compliance, they have also seen the increasing application of new technologies for automation and decision-making. Automation technologies like Robotic Process Automation (RPA) have been combined with optical technologies, artificial intelligence and machine language have been increasingly applied to high volume processes and particularly to manual data collections and analysis that aid decision making for onboarding, rating, due diligence and enhanced due diligence for KYC. While there is still significant human intervention in these activities, organisations have been making real progress in deploying these new technologies, and in exploring ways to integrate the technology to ease the workload of analysts and to improve their accuracy. New technologies can automate and accelerate the capture and summary of large amounts of data, allowing analysts more time for review of critical information rather than data capture. The new technologies can enable users to find the salient information which convinces them to flag a new customer and update their rating upwards or downwards.
Together with this increasing application of technology, models and algorithms has been an increasing effort on model governance. Wherever such algorithms are applied to KYC, there is pressure to document the assumptions made, the modelling approach, the validation of the models and the regular review of the model – in order to improve transparency and governance.
An interesting development – still in progress – is the use of Blockchain in proofs of concept for identity validation. This offers the possibility of safe, secure and fully digitised validation of identities, which could dramatically transform KYC.
Chris Siddons, Senior Director of Financial Crime Compliance at LexisNexis Risk Solutions
Adoption of KYC processes exploded in the early 2000s in the wake of 9/11, the USA PATRIOT Act and the broader movement against terrorism globally. Initially KYC processes were done on paper by checking against external databases, but more recently we’ve seen significant adoption of automated methods for performing KYC checks. Purchasing KYC datasets has eliminated the need to pull unformatted data from various ever-changing sources to keep up to date with the regulatory environment. By employing automated KYC screening solutions, businesses can perform compliance checks at scale, in a regular fashion and in a manner that produces results that are demonstrable to regulators, auditors and internal executives alike.
Phillip Hamilton, Senior Compliance Investigative Analyst, Compliance Department, Sutton Bank
In some aspects, KYC has evolved in leaps and bounds; in others’ compliance still lags behind the curve when it comes to Know Your Customer best practices. Some companies leverage frontline employees' knowledge and expertise and empower them to apply what they've learned so that the industry can shape procedures and policies to maximise that talent. On the other side of the coin, you have agencies applying outdated practices that favor revenue generation over risk mitigation. These decisions impact the evolution of KYC as a whole. Beneficial Ownership has become an integral part of the conversation. However, there is still room to expand on the definition when it comes to business structures (legal entities) like Non-Operating Asset Holding Companies (NOAH's), Limited Liability Companies, and Partnerships (LLCs& LLPs) and Business Trusts with complex ownerships. These business types can mask the natural person who owns or substantially benefits from the business structure's financial operations. Once the risks affiliated with banking these types of entities are addressed, KYC compliance's evolution will mirror the financial industry's technological advancements that pose significant challenges to its implication.
Nishank Khanna, CFO of Clarify Capital
More rules and regulations have led to a need for advanced technology and software.
In order to remain compliant, companies have had to find and invest in workable solutions that aren’t especially labor intensive. This has meant turning to automation over manual processes.
Automation has benefited companies by increasing accuracy and saving time. Over the last five years, we’ve seen companies revamp entire processes in order to increase customer protection. Risk is increasingly being managed by the implementation of new and innovative digital products.
Nenad Jovicic, AML/FT Expert at Erste Banka Srbija
KYC has been part of the compliance universe of risks, where it evolved into a one separate AML & KYC risk, making it the youngest risk within the banking sector. The development itself was accelerated by the fact that the regulators of a large number of countries began diligently investigating KYC processes of financial institutions, where they began to penalise with large sums of money that attract the public attention. In addition, the complication at the global level on the questions of sanctions, money laundering and terrorism financing has pushed financial institutions and especially banks to the forefront, bearing the pressure of International organisations and countries administrations. These pressures are reflected in fact that the banks are labeled as the main carrier of the world’s financial system and the main facilitator of money laundering, sanctions evasion and terrorist financing.
In order to effectively battle with the above stated challenges, the development of IT technologies is indispensable and irreplaceable. The development is reflected in the automation of repetitive processes, checks, shortening of time and enabling new ways of doing business. These new ways are video identification, usage of artificial intelligence in identifying potentially suspicious transactions, smart internet search, etc.
Alejandro Leáñez Rieber, International Legal Counsel
The evolution of KYC compliance has greatly evolved over the past 5 years. Before, the compliance officer needed to search manually from a list of Politically Exposed Persons (PEP). Nowadays, software from companies dedicated to providing KYC compliance will deliver an instant result if an individual opening a bank account is a PEP.
Many companies did not know that KYC compliance was relevant until the U.S. Department of Justice started to prosecute major banks and companies on Foreign Corrupt Practices (FCPA) violations. With a strong KYC compliance system, many companies and financial institutions would have been free of these procedures.
Also, the regulators are constantly updating their information that should be applied toward KYC compliance. For instance, the Resource Guide to the U.S. Foreign Corrupt Practices Act, Second Edition, is a detailed compilation of information and analysis regarding the Foreign Corrupt Practices Act (FCPA) and related enforcement. It was created by input from the U.S. Department of Justice (DOJ), the U.S. Security and Exchange Commission (SEC), and the U.S. Departments of Commerce and State.
Brad Elbein, Partner & Government, Regulatory and Compliance Practice Co-Chair, Culhane Meadows
Remember that KYC, in its earliest stages, began as an anti-money laundering effort for financial institutions. But there were other streams of what we now recognise as “KYC” regulation arising: the Red Flags Rule administered by FTC, for example. These streams coalesced to some extent in the Customer Identification Program under the Patriot Act. KYC has continued to evolve since. The information required of customers and required to be reported by businesses has expanded. The kinds of entities tasked with inquiring and reporting have expanded well beyond financial institutions, and the number of regulatory procedures has expanded.
KYC has expanded beyond a law enforcement duty to become a business opportunity.
Miriam Goldman Epstein, Operations Manager, SQOPE S.A
For this, we can look at the trend with anti-money laundering directives in the EU. The first (1AMLD) was agreed upon in 1991, with three more over the next 14 years. Meanwhile, 4AMLD, 5AMLD, and 6AMLD were all created within the past 5 years. This really highlights an increased pace in regulation. It’s also important to note that the EU has actually been enforcing these regulations more stringently than in the past with heavy fines.
In addition, there has been growing recognition in the industry that standard watch-list and database checks are insufficient to protect the financial institutions and that financial professionals need to invest in strong compliance policies to protect their reputation and ensure proper due diligence.
Sukh Vairea, Compliance Manager
Driven by disruptive FinTechs, and innovation, the banking landscape intertwined with technology is evolving at an unprecedented pace. Quicker access to services, digitisation, and data-driven insights is changing the way to deliver services to consumers and businesses. Manual-based work can now be automated. Face-to-face business is being replaced with online remote verification. Identities can now be verified in minutes and users onboarded instantly. Mobile banking has revolutionised the way we send and receive money and access financial resources.
The regulatory landscape has also changed. The introduction of stricter data privacy laws and verification of beneficial owners means regulated institutions must adopt robust controls and risk- based processes to identify and mitigate financial crime risks. However, the law is playing catch-up to criminals who remain one-step ahead of the curve.
KYC Compliance now involves analysing and assessing demographics, risk factors, reputation, derogatory risks, and other risk factors. KYC has been perceived as a tick-box exercise – and many organisations still adopt this approach. However, the art of KYC has evolved – the mindset and efforts to change compliance from a cost-centre to a profit generating business by entrepreneurial leadership has converted KYC from a burden to a business enabler.
Raj Tripathi, Senior AML/KYC Compliance Professional, Asia
Money laundering and fraud cost UK businesses, citizens and the government more than £100 billion a year, according to the National Crime Agency. The effects can have a devastating impact on ordinary people as well as businesses and the government. Last 5-10 years shows the huge sums of money that are involved plus the massive fines that have been given to firms who are in breach of anti-money laundering rules. Just to cite a few examples, The FinCEN Files is the most recent big leak of secret files, detailing the failure of major global banks to stop money laundering and financial crime. They also exposed how the UK is often the weak link in the financial system and how London is awash with Russian cash. A few major leaks and frauds of the past decade include: Paradise Papers 2017, Panama Papers 2016, Swiss leaks 2015, and Luxembourg leaks 2014, UK’s largest ever visa fraud, Standard Chartered Bank fined £102.2 million etc.
Amidst all these negative news, and keeping in mind the above fines, penalty, throughout the last 5 years, new regulations were brought into force to enhance the scope of the AML compliance and strengthen the control mechanism. In this ever-changing and demanding regulatory atmosphere, financial institutions, which are expected to adapt themselves and their systems to the needs of the evolving and competitive financial ecosystem, they have now realised the importance of robust compliance framework and are now, in mood, to spend billions of dollars on AML System and related processes and even ready to increase the compliance budget of their organisation to adapt/comply with more and more complex and ever evolving regulatory regime.
Oonagh van den Berg, Founder and Managing Director of Virtual Risk Solutions
Automation and skill sets have changed the most.
Unfortunately, in terms of automation we are learning everything we have done wrong - one size does not fit all and we have not been holistic in creating interwoven automation across the risk functions.
On skill sets, this is evolving quickly - gone are the old requirements of "accountant" and "legal" backgrounds, now we also need data analytics and investigative skill sets.
Sandra Ciaraite, AML Analyst, Danske Bank
The recent five years have brought dramatic changes to the European market. Firstly, the previously barely known Baltic market became popular as a loophole for money laundering for capital originated from the East. The Deutsche bank case which brought to light poor KYC compliance culture even among top tier banks and this was followed by similar concerns related to major Scandinavian banks. This was all accompanied by a number of laundromat cases taking place nearby. This was a wake-up call to European banking and resulted in massive internal and external audits of the banks.
Secondly, 4 and 5 AML Directives came into force bringing major improvements to due diligence procedures. Most importantly, beneficial ownership and political exposure of individuals came under scrutiny, inevitability creating the need to set unified beneficial ownership registers. By now, EU member states should already have local BO registers set up and running and be ready for the next step – unification of such local register into one pan-European data base. It was realised, money laundering respects no borders and globalisation and cross-border cooperation in KYC compliance is a must.
Hansi Latifi, Compliance Professional
Built around compliance regulations and guidance, over the past five years, the KYC established structure has reflected the principal requirements, while its operating logic has followed the technological developments. The trend over the course of this period has consisted in aligning KYC compliance with effective operating models and innovative technologies. Advances in AI technology, big Data and analytics have led to a rapid development of KYC solutions. Fine-tuning technology with compliance frameworks has resulted in the creation of advanced solutions in tailored ways. Solutions have united artificial intelligence and machine learning with process resources and system capabilities, significantly evolving KYC compliance over the past five years. In addition, over the last five years it has been observed a significant transition from minimal KYC solutions towards complete solutions. This has been achieved mostly through technology capabilities integrated into each process phase. The attached technological component has evolved each process through increased capacities.
Braden Perry, Partner, Kennyhertz Perry, LLC
FinCEN put into effect the most stringent KYC regulations to date in 2018, requiring financial institutions to comply with new Customer Due Diligence (CDD) standards on beneficial ownership. Although guidance has been provided, many financial institutions see the rule as confusing and are finding that the collection and processing of beneficial ownership information is costly.
