Data is the lifeblood of modern financial institutions, and Know Your Customer (KYC) and Anti-Money Laundering (AML) teams make critical decisions based on customer data. But KYC compliance has historically been an onerous task littered with inefficiencies and gaping holes in data. While there is a constant flow of information between banks and third parties, numerous banks still use and rely on stagnant, outdated data stored in systems for risk identification and mitigation purposes.
To be compliant with anti-money laundering and KYC regulations, financial institutions must collect, verify, and validate client data to onboard customers and perform the required level of customer due diligence. This is done by applying a risk-based approach proportionate to the level of money laundering and terrorist financing risk.
We have all heard the phrase: “You only get out what you put in.” Compliance is no different. Better quality data means better results. Below, we assess the different types of data used in KYC and AML compliance — primary-source intelligence and stored data — and the risks associated with the latter.
Primary-Source Data vs. Stored Data — What’s the Difference?
Primary-source data is original, first-hand data collected directly from the source. For example, during the process of opening a business account, information regarding the legal entity is obtained from the official company registry at that specific point in time. On the contrary, stored data is as it suggests: stored or cached data in a system that is outdated by nature.
Even if information comes from the same source, it is only primary-source data if there is a time and date stamp in the present moment. Time is the differentiator when comparing primary-source data and stored data, as it is a universal law and guiding principle. Everything changes over time and customer information is no different.
What Are the Risks of Relying on Stored Data?
If we assess data in four contextual parameters — quality, time, quantity, and cost — stored data can pose serious risks to an organisation.
Stored data is outdated, thus cannot be effectively used in time-sensitive KYC investigations. Furthermore, stored data lacks quality as its information is often unreliable. Although it may initially be perceived as savings, using stored data may end up costing your business more if used to make important compliance decisions. Leveraging stored data in vast quantities can be catastrophic and debilitating to your business. The risks of using stored data seriously outweigh the benefits.
Regulatory and Legal
Money laundering and other criminal activities are an ever-present threat to financial institutions. The United Nations Office on Drugs and Crime estimates only 1% of illegal funds are frozen or seized by the authorities. Fighting financial crime is a monumental task, and outdated stored data creates unwanted obstacles by taking on criminals with one hand tied behind your back.
What are the implications of non-compliance due to poor quality data? Would it be regulatory or legal action? Or worse, could it be both? There may be fines, imprisonment, or a banking license revoked in the event laws or regulations are breached. Is it worth the risk? Do not let stored data be the reason why regulators take punitive action.
Money Laundering and Terrorist Financing Risk
Missing compliance red flags creates an unwanted opportunity for money launders and fraudsters to commit crime. The risk-based approach means “banks should identify, assess, and understand the money laundering and terrorist financing risk to which they are exposed.” Poor-quality data fundamentally compromises the risk-based approach, rendering it obsolete, which is why the biggest risk is always the unknown.
Risks associated to KYC Customer Due Diligence
KYC reviews of customers are undertaken according to risk categorisation: high-risk customers are reviewed annually; medium-risk every three years; and low-risk customers approximately every five years. From there, risk exposure increases over time. Outdated information is an ever-present risk in KYC reviews, impacting remediation efforts and the ability to mitigate compliance risks effectively. Customers change, which means so does the underlying data.
Changes in Ownership
Identifying and verifying corporate ownership structures using stored data is pointless. Criminals hide behind a veil of corporate secrecy. Reliable and accurate data is paramount for identifying beneficial owners. Organisations must therefore use primary source intelligence to identify corporate shareholding structures and the true owners of entities to understand with whom they are doing business.
Conclusion
Financial institutions need to be more efficient without compromising quality or compliance with regulations. Improving KYC processes must start by addressing poor-quality data. The sooner banks and financial institutions iron out data issues by eliminating the use of stored data, the faster they can transition to a more robust compliance operation — a win-win for banks, customers, and regulators. The need for more complete and accurate data is greater than ever before, but stored data is a ticking time bomb. The time has come to integrate primary source intelligence into your compliance function to save costs and reduce compliance risks.
