KYC requirements are not just for onboarding – they are for life. Or at least for the lifecycle of a customer’s relationship with a financial institution. Firms have an obligation to continuously monitor customers to ensure their records are up to date and, more importantly, to enable the assessment of that customer’s compliance risk on an ongoing basis. Evidence shows, however, that the current approach of reviewing customers on a periodic basis according to their risk rating is costly, inefficient and can underestimate risk.
When financial firms deal with ongoing KYC by scheduling customer reviews on a periodic basis, the highest risk customers tend to be reviewed annually, medium risk customers every three years and the lowest risk customers usually have a five-year review cycle. On average, it can take up to 20 days per file to refresh a client’s details which rapidly adds up for a bank with tens of thousands of customers.
To complicate matters further, following interventions resulting from shortcomings in AML / CFT compliance, regulators are demanding that existing customer details are reviewed for accuracy and remediated as necessary. For financial institutions, this generally results in large-scale remediation projects, often using expensive external resources and working to deadlines and quality thresholds set by the regulators.
Despite periodic reviews being time-consuming and expensive, research from 2017 showed that nearly 90% of financial institutions were still performing ongoing KYC checks on a periodic basis. Whilst this figure may well have decreased over the last few years, it is clear that few organizations are embracing the alternative – a dynamic, event-based means of monitoring changes in customer details and circumstances.
Also known as Perpetual KYC, this approach allows customers to be managed on an exception-basis, with their details only needing to be refreshed when there is a change. Firms can determine through their KYC policies what these triggers and their thresholds might be – for example, a previously low-risk customer now appearing on a PEP list, a change in company share ownership above the 25% Person of Significant Control level or a change in domicile to a higher risk country.
How can firms achieve Perpetual KYC?
Enabling the move to a dynamic, risk-driven approach to ongoing KYC requires firms to think about KYC differently. Instead of processes which rely heavily on manual intervention and multiple touch-points with the same customer, firms need to employ a data-driven approach reusing information already held within the organization for other purposes and integrating external data sources that can provide real-time triggers for reviewing customers’ data.
Automation is obviously critical to achieving this, and many new and innovative RegTech solutions are available in the market to facilitate the orchestration of perpetual KYC. Some solutions aggregate data from multiple sources such as Kyckr’s Company Watch, while others use Robotic Process Automation and other workflow tools to create a seamless process for customer data updates. Human intervention is then only necessary when a material or high-risk change is flagged for review.
Why should financial institutions move to Perpetual KYC?
1. Reduce friction in the customer relationship
For periodic reviews, relationship managers play the role of go-between – requesting updates, paperwork and so on from customers and relaying this information back to the KYC analysts. Repeated requests for information and resulting delays to transactions can cause customers to be dissatisfied by the level of customer service and cause long-lasting damage to relationships. Neither are relationship managers incentivised to prioritise KYC requests over other revenue-making activities, which understandably leaves KYC at the bottom of their to-do lists.
Combined with the data-driven approach outlined above, moving to perpetual KYC can reduce this friction by minimising (or eliminating) requests for information from clients. Customer information will be updated by event-based triggers rather than a pre-determined period of time. Relationship managers can then focus on serving their customers and maximising profitability.
2. No more remediation
Industry estimates suggest that the remediation of customer files is an expensive business, costing anything from £1,500 to £6,000 per customer depending on the sophistication and efficiency of the systems and processes. By implementing perpetual KYC, firms will avoid the need for wholesale client remediation projects in the future, as customer data will be updated on an ongoing basis when necessary. Perpetual KYC is, therefore, a valuable tool in tightening AML compliance overall and avoiding regulatory sanctions associated with poor data quality and controls.
3. Risk Reduction
Imagine a situation where a bank has a longstanding low-risk customer whose KYC data is refreshed every five years as a result. One year into the next five-year review period, this customer is appointed as a director of a company with a shareholding of more than 25%, making her a Person of Significant Control (PSC). In addition, that company is a subsidiary of a holding company domiciled in a high-risk jurisdiction. Unless the client informs the bank of this change in her circumstances, it may not be identified for another four years, increasing the financial crime risk exposure of the bank.
Instead, if this same bank had moved to perpetual KYC, these changes would have been flagged – notably the appointment of this customer as a PSC and the Ultimate Beneficial Owner (UBO) of the company being in a high-risk third country. This would then trigger an immediate review and a refreshed risk assessment.
Perpetual KYC reduces financial crime risk exposure by ensuring potential changes to a customer’s risk are identified in a timely manner, and this can then also be fed into the transaction monitoring process to support more accurate results.
Perpetual KYC for Companies
With the increasing focus on UBOs under the EU’s 4th and 5th Anti-Money Laundering Directives, having accurate and up-to-date information on corporate customers has never been more important. This is also typically one of the most challenging areas for financial firms to quickly update and obtain all the necessary evidence as part of the ongoing KYC review or even client remediation. But, if firms adopt a data-driven approach and use products such as Kyckr Perpetual KYC, regulated firms can not only get access to data from over 180 corporate registries, they can choose to have their existing customer data cleansed and fixed to create a high-quality baseline for the ongoing real-time event-monitoring provided by Kyckr’s Company Watch.
Anyone who works in KYC knows that it is an expensive business, with global spending projected by Burton-Taylor to grow 17.5% in 2019 to USD905m. We are at a flexion point where firms need to decide whether this spending should be allocated to existing inefficient and potentially higher risk periodic reviews or invested in moving to a more dynamic process – lowering risk, reducing customer friction and avoiding the need for large-scale remediation programmes.