Last year we started publishing our Future of KYC Compliance Series, which featured interviews with over 20 KYC and AML professionals and thought leaders to learn more about the trends that will shape the future of KYC compliance.
You likely don’t have time to read each and every interview, so we’ve gone through and pulled together some of our favorite answers to the various interview questions. Here’s what we have learnt:
What’s the State of KYC Compliance?
Joel Lange, Managing Director, Risk & Compliance Division, Acuris Global
“It depends very much on the industry, but that in itself is a part of the current state in that so many new industries are doing some form of KYC.
The state of KYC is always somewhat determined by the three-legged stool of Data, Technology, and People. With increased availability of data, developments in workflow, machine learning, and artificial intelligence as well as intense scrutiny on human resources opportunities for optimisation are significant.”
Joe Ciccolo, Founder, BitAML
“KYC compliance is going through a technological renaissance. Consumers expect to be able to open an account and send or receive funds as easily as ordering an instant pot on Amazon. Realistic or not, institutions are working harder than ever to remove as much friction from the onboarding and transaction process as possible. While rearranging buttons and redoing wireframes might aid in reducing this friction, it only goes so far. KYC, which has historically been high-touch or more manually intensive, has presented a much larger gap to be closed. Thankfully, we’ve seen some amazing advancements in KYC technology that continue to evolve, iterate, and improve to meet the challenges of consumer and marketplace expectations.”
Rachel Woolley, Global Director of Financial Crime, Fenergo
“A number of scandals and other issues brought to light in recent years have served as a reminder that “compliance”, in and of itself, is not an effective method to prevent financial crime. In particular, the publication of the FinCEN Files in September 2020 highlighted the need for a more effective, collaborative approach to financial crime prevention.
With many financial institutions still focussing on meeting minimum standards, coupled with disconnected stakeholders, our approach as an industry to financial crime prevention, including the fundamental process of KYC, needs a rethink and thankfully that is now underway.”
Greg Pinn, Head of Strategy, Merlon.ai
“The passage of UBO requirements in the EU and US (with the AML Act of 2020) has significantly increased the compliance workloads for financial institutions globally.
Rather than needing to screen the client, FIs that have a significant corporate customer base are now required to screen 5-10 additional names (executives and owners) than were previously required.
This has put additional strain on compliance organisations that were barely able to keep up with previous requirements.”
Chris Siddons, Senior Director of Financial Crime Compliance, LexisNexis Risk Solutions
“Know Your Customer (KYC) compliance is the practice of performing due diligence on your clients to determine whether engaging in a business relationship with them will create legal risk for your business.
Financial firms in particular and regulated firms in general are required to perform this type of due diligence activity on their clients. Although all corporations are required to comply with sanctions and other kinds of restrictions, not all companies use KYC methods to administer those internal controls.
The kind of regulatory information that clients screen against in the KYC process can vary widely. All companies are required to screen their clients against sanctions lists at a base level, as these present legal restrictions against whether a firm can transact with sanctioned parties. Beyond sanctions, regulated financial institutions will screen against politically exposed persons (PEP) lists and a range of other lists to comply with anti-money laundering (AML) requirements.”
Miriam Goldman Epstein, Operations Manager, SQOPE S.A
“KYC compliance is in a constant state of growth and evolution due to various factors. Some has to do with public awareness of corruption and poor oversight from financial institutions – much of which resulted from the exposure of major scandals through high profile leaks.
This has forced governments to act, including by imposing stricter regulations, clearer definitions, and greater transparency.
As a result, there is ever increasing demand for compliance solutions, such as enhanced due diligence, especially for individuals from complex and opaque jurisdictions.”
Hansi Latifi, Compliance Professional
“The KYC process has reached its most evolving state with the present market conditions. The combined regulatory guidance and supervision with service quality and suitability have pushed the process towards its present state, directing all the accumulated progress towards future continuation. Taking hold of system capabilities, KYC is currently aiming towards complete automation.
As a process focused at establishing customer identity, technology is further enhancing its balance and improving its efficiency through supporting structures and operational capabilities. The current state of KYC compliance has further upgraded and improved the general compliance framework through the presence of advanced technology in the process. Entities applying up to date KYC solutions are upgrading the compliance management framework by incorporating these features. The evolving KYC features, being reflected on each component of the process in the current state of the market and the current conditions of the industries demands, are assisting the build up of solid compliance management programs.”
Oonagh van den Berg, Founder and Managing Director, Virtual Risk Solutions
“The pandemic was a huge wake-up call for the compliance industry.
The main challenge was that we were not proactively prepared for the new money laundering and terrorism financing typologies that presented themselves through a pandemic.
We quickly realised that we are not where we need to be on skill sets, automation, and risk control systems. We need to be much more innovative and quick to adapt and acknowledge changes in the skill sets required to develop these controls.”
Brad Elbein, Partner & Government, Regulatory and Compliance Practice Co-Chair, Culhane Meadows
“Large, wealthy entities with a lot to lose—either in reputation or in fines and civil penalties—are actively complying. The smaller and more skeletally-resourced an entity is, the more they tend to do the bare minimum.
It seems to be generally believed in both civil and criminal law enforcement that it is these mid-range entities who are the most likely to be targeted by wrongdoers. They are well-positioned enough to have resources worth stealing and small enough that they are unlikely to have industry-leading security procedures. This means that the entities who are outside the “large, wealthy” category are likely to need KYC compliance attention most.”
Dimitar Kolchakov, Compliance Manager, Bulgarian American Credit Bank
“KYC is an especially important element of anti-money laundering and counter terrorist financing measures. 5AMLD was introduced in 2018 and businesses were required to comply by January 2020. 5AMLD mandated amendments for financial institutions, prepaid cards, credit institutions, the legal sector, virtual currencies etc. and required the reporting entities to practice enhanced due diligence. In 2019, 6AMLD was proposed, highlighting a stringent framework to combat money laundering and terrorist financing. It extends the scope of criminal liabilities and entities with an updated list of predicated offenses. 6AMLD came into effect on December 3, 2020 and with it came tougher penalties, widening the criminal liability to legal persons. The changes that happened in 2019 and 2020 made regulatory compliance inevitable for businesses. Many future-oriented businesses are using KYC/AML screening solutions to practice global compliance because there are just two ways out of the situation: compliance that leads to fraud-free growth, or non-compliance that leads to hefty non-compliance penalties and fraud losses.”
Sandra Ciaraite, AML Analyst, Danske Bank
“European Union states are going through a never-ending financial compliance revolution since the enforcement of the 4th AML Directive which brought major changes to beneficial ownership (UBO) requirements and due diligence of customers’ background in general. The tension financial institutions experience to be digitally advanced and yet compliant is greater than ever before. In order to save costs and optimise KYC processes, more and more financial institutions are moving towards full automation where human interaction is limited to decision making.
However, two-speed Europe is emerging with northern countries which totally rely on technology and the rest which follow the more traditional KYC approach, with some still requiring hardcopy forms to be signed by ink.
Another emerging trend is alternative banking, and FinTech companies. Customers are attracted by facilitated KYC procedures and full digitalisation. Such companies usually do not have physical presence in the region and offer greater flexibility when it comes to application of new technologies. Time will tell if such a route pays off or such service providers will drown in KYC deficiencies.”
Marc Buklis, Principal, Mark Buklis Associates
“KYC compliance for financial institutions has benefited from comprehensive programs to address KYC needs within onboarding and regular review, and to remediate gaps. Regulatory pressure and top-level executive leadership have led to the industry level of compliance improving drastically over the past decade. In terms of technology and operations, however, KYC continues for many organisations to be labor intensive. Advances continue in onboarding, standardising customer risk rating and capturing and storing documentation.
However, customer identification still often requires manual input and due diligence and enhanced due diligence activities by analysts involve minimal automation. For corporations and trusts, challenges continue globally in the identification of beneficial owners, as centralised registration of such information does not exist. Still, KYC for financial institutions, in terms of compliance and in terms of technology, is well advanced compared to other institutions covered by AML and Anti-Terrorism legislation. It is possible at this point that strict KYC efforts in financial services are driving AML activities to other, easier targets with less stringent enforcement and technology. Advances will need to follow to those organisations.”
Raj Tripathi, Senior AML/KYC Compliance Professional, Asia
“Most industries are growing and changing, rapidly. Companies are finding it difficult to keep up with the current trends and deliver a seamless service and experience.
In 2020, the customer was being put at the centre of any business module; it is all about the ultimate customer experience.
Keeping in mind the complex nature of the ever-evolving business atmosphere, the current state of KYC compliance is better than earlier.”
Phillip Hamilton, Senior Compliance Investigative Analyst, Compliance Department, Sutton Bank
“KYC compliance faces many challenges, especially in the age of COVID and the transition to digital payment platforms.
Most business models look to the automation of KYC functions or outsource these requirements to remain competitive and control costs.
This approach can be contradictory to the original intent if the systems (or Vendors providing the KYC (Know Your Customer) function are not structured in a way that protects the company’s reputational, operational, and financial risk exposure.”
Braden Perry, Partner, Kennyhertz Perry, LLC
“What CEOs want out of CISOs is the ability to see the forest through the trees. Information Security is increasingly complex.
Today, BSA/AML leadership not only must deal with their trained due diligence skills but use ever-evolving business skills, including financial management and leadership skills.
That leadership needs to understand the context of the organisation – and its risk strategy and deal with stakeholders in varying ways depending on the circumstances.”
Eyal Barsky, CEO, OCR Solutions
“In one sentence, it’s an organised train wreck. Never before has the world reached this level of advanced technology along with remote authentication of a user. If you had called a bank just 10 years ago and asked to withdraw a large sum of money but couldn’t come in to verify who you were in-person, the teller would have laughed at you. Today, remote verification is simply the norm. And if we didn’t have the capability to remotely verify already in place, the onset of the pandemic would have likely left our economy in shambles.
Today, we not only have KYC in online banking, but it’s also available in trading platforms and especially within the new, unchartered territory of cryptocurrency. Investment platforms are especially going through the most exciting and toughest times to-date. Imagine having the burden of authenticating millions of users who invest billions of dollars daily. There is zero room for error, and one bad actor can wreak havoc on these platforms.”
Nishank Khanna, CFO, Clarify Capital
“KYC Compliance is undergoing a transformation.
Online security measures are smarter than they were a year ago, but still relatively rudimentary, compared to where most companies would like to be.
There’s a huge industry push for better protection and risk management for online transactions. Since COVID and the digital boom, the industry has shifted to prioritise KYC compliance more than ever before. Many companies are in the process of integrating new tech and software to improve outcomes.”
Sukh Vairea, Compliance Manager
“KYC Compliance is in a state of flux – a mix of organisations embracing technology to improve risk identification to those burdened by legacy technology.
Complex operating procedures in larger financial institutions is contributing to the high cost of KYC compliance. Some businesses perform better at KYC but others need to improve.
The output of efficiency, and low-cost KYC remediation is directly proportional to the investment in staff, systems, controls, and processes.”
Nenad Jovicic, AML/FT Expert, Erste Banka Srbija
“As a consequence of the rapid and sudden introduction of high standards in KYC processes, various problems occur, such as poor user experience, slow administration and complex on-boarding system – which is especially evident in legal entities with international and/or complex ownership structure. Large financial institutions have responded with layered and expensive operating systems to cope with increasing incoming demands, while smaller financial institutions that cannot ‘afford’ expensive KYC systems use labor force to reduce the risk.
As above stated, all these activities have led to a situation where AML & KYC risks are being recognised by top management and by regulators, as one of the most sensitive points of financial institutions.”
Andreea Rainer, Founder Attorney at Law of Andreea Rainer Law Office
“From my position as a business attorney at law dealing with clients/ prospective clients from various industries and different scales, I have the opportunity to notice that KYC compliance tends to become more flexible.
By virtue of the 5AML Directive (i.e. Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing), the path to digitisation in the legal field is the preferred one in the era of speed. Concretely, both at the beginning of a business relationship and during the monitoring thereof, we are delighted to be able to comply with KYC regulations by means of electronic identification and electronic signature solutions.”
Alejandro Leáñez Rieber, International Legal Counsel
“KYC compliance software needs to be constantly updated to be aware of new OFAC sanctions that are always being issued by the U.S. Department of the Treasury.
Amazon reached a settlement recently with OFAC regarding a sanctions violations case. According to OFAC, Amazon was involved in breaching U.S. regulations for almost seven years, OFAC’s List of Specially Designated Nationals and Blocked Persons (the “SDN List) orders were accepted by Amazon for consumer and retail goods and services. The extent of the violation reached transactions with individuals in Iran, Syria, and Crimea, and people working for the sanctioned embassies of Iran, Sudan Cuba, North Korea, and Syria. Afterward, Amazon enhanced its KYC compliance system, with an updated sanctions screening system.”
Jehan Jeyaretnam, Head of Compliance Services, Acuity Knowledge Partners
“KYC compliance regulations implemented in the past decade have improved the breadth and depth of KYC review in both new client onboarding and periodic reviews. While the KYC compliance function overall remains a labor-intensive process, there has been a concerted push to gain efficiencies through new tech platforms and tools. Key technological advancements in individual (retail) KYC review such as biometrics, liveness detection and physical ID authentication are examples of technology adoption to increase efficiency. That said, challenges remain around information quality and asymmetry and timeliness of updates in areas such as UBO identification and updating changes in information on individuals and entities.”
Michael Ronickher, Partner at Constantine Cannon LLP
“KYC compliance has moved more into the spotlight than ever with the passage of the Anti-Money Laundering Act within the recent defense authorisation.
The many changes in the AMLA herald a new world for compliance, with increased penalties and greater scrutiny by regulators. Moreover, the addition of the new AML whistleblower program within FinCEN will mean that repeated failures to meet compliance requirements are more likely than ever to make it to regulators.”
Allison Spagnolo, Managing Director at Guidepost Solutions
“While the overall objective of KYC compliance remains the same, the landscape is evolving through both the increased use of digitisation and automation, and the introduction of tools like artificial intelligence. These improvements can decrease risks of manual or human errors and increase the likelihood of consistent, standardised approaches to collecting information and performing due diligence. Notwithstanding the benefits of automated tools, though, institutions must thoughtfully incorporate them into their processes, especially when deploying any type of machine learning – such as artificial intelligence aimed at verifying beneficial owners. That artificial intelligence can supplement the work of trained specialists but will never be able to replace it. KYC compliance analysts must continue to oversee and validate machine outputs.”
Yana Afanasieva, Founder, Competitive Compliance
“Broadley speaking the KYC compliance for individual customers is standardised and made easy, but for corporate customers it still takes sometimes 2-3-4 months and up to 50 – 100 document attachments to onboard, risk-rate and approve a corporate customer.
Many of those who apply for a financial account, don’t actually finish the process. This is one of the top challenges of many financial institutions.”