This article is part of Kyckr’s new Future of KYC Compliance series, which interviews leading industry professionals and thought leaders to learn more about the trends that will shape the future of KYC compliance.
The following is an interview we recently had with Yana Afanasieva, Founder of Competitive Compliance.
What’s the current state of KYC compliance?
Broadley speaking the KYC compliance for individual customers is standardised and made easy, but for regulated firms it still takes sometimes 2-3-4 months and up to 50 - 100 document attachments to onboard, risk-rate and approve a corporate customer. Many of those who apply for a financial account, don't actually finish the process. This is one of the top challenges of many financial institutions.
How has KYC compliance evolved over the past 5 years?
- 5 years ago the main focus of tech innovation in FinTech was related to fraud and unauthorized access.
- Currently 2-Factor authentication is a norm in most countries and it's possible to onboard and approve an average customer in minutes using various automation tools and checks.
- We rely more and more on public information and databases and less on information provided directly by customers.
- Compliance teams got more resources and headcount, but unfortunately a number of organisational conflicts related to compliance have increased.
How has KYC compliance changed in the midst of COVID?
I don't think it has changed significantly within the FinTech space as this space has already been operating with the principle of using technology to carry out customer-focused compliance as most FinTechs don't expect to see their customers face to face. For banks or insurance players it could be different, but I don't serve this segment and prefer not to speculate.
What are the top trends shaping the future of KYC compliance?
Re-defining 2nd line of defence. Using technology to replace subjective and time-consuming manual reviews, especially with respect to reviewing false-positives and transaction monitoring alerts, and risk-rating of customers.
What’s the future of KYC compliance?
Compliance should shift from an information provider to become a function responsible for implementation. Information is everywhere and you can get it for free. More information does not empower anyone, but creates overwhelm.
Which is why, in my opinion, many functions and professions that used to view themselves as just information providers or “decision enablers” (think about traditional compliance, risk, internal control, many areas of finance, such as accounting or reporting) are having hard times.
Think about compliance and regulations: most founders and FinTech business leaders are curious people, they have access to LinkedIn and Twitter and they (more or less) know what the legal requirements are. If compliance’s only value and only role is to provide the requirements or review information and find deficiencies and not be a part of any implementations or solutions, you could give this job to a fairly junior person.
When I talk to my founders and CEO clients about “Travel Rule” – they already know what it is and what FATF concluded, and what Christine Lagarde said and what FinCen proposed and what Circle and Coinbase have published… They don’t need more education from me. They expect me to tell them something they don’t yet know – what are the options, pros and cons of various implementation strategies for their business and their clients.
Another problem with any function that sees themselves as “just an information provider” is the ever growing number of internal conflicts. Typical organizational conflicts that happen when compliance is not a part of implementation or project deployment:
- Compliance vs Product and Engineering
- Scrutinizing and Approving Customers or Compliance vs Customer Support and User Experience
- Compliance vs Marketing
- Compliance vs Business Development and Sales
It all happens when different functions have conflicting incentives and goals, which ultimately comes down to the same story of compliance reducing their roles to articulating requirements or granting permissions without being a part of coming up with solutions and testing strategies and calibrating the company's approach to risks and uncertainties.