Cleaning up the mess: how to approach KYC remediation

Do you need to implement a Know Your Customer (KYC) remediation process to quickly bring your back book up to date? Are your existing processes slow, inadequate, or costly?

An effective KYC process is critical for businesses that might attract those with criminal intentions. KYC is often considered an onboarding activity, however, to be effective, it must be maintained and updated for the duration of a customer relationship.

Now that global banks have such tight control, financial criminals are looking for softer targets, including small and medium-sized financial services providers and FinTech firms. Businesses with limited resources for compliance programmes need a solution that speeds up their KYC processes without compromising the quality of due diligence. To minimize risk, you need control, visibility, and transparency.

KYC remediation drivers

Since the turn of the millennium, the pace of regulatory change has been staggering. Sanctions programmes are now increasingly used by governments to punish and motivate rogue nations to comply with commonly accepted international political norms. Sanctions programmes now also require the identification of majority owned subsidiaries, along with beneficial owners of sanctioned companies. This has left many firms with outdated customer files that no longer offer protection from compliance related risk. In some cases, this has led to wholesale de-risking of customer segments, simply because of the time and cost involved in remediating these files using current manual processes. In other cases, access to financial services has been interrupted while KYC files are remediated and brought back into line with regulatory requirements. 

The customer experience is impacted, resulting in greater pressure to complete the remediation process quickly and potentially impacting the quality of the due diligence process.

Regulations driving the need for KYC remediation vary by region but will typically fall under the following categories:

• anti-money laundering (AML)
• tax evasion
• anti-bribery
• data protection
• counter-terrorism financing
• anti-corruption

All regulated firms need a KYC remediation framework that keeps risks low, regulators satisfied, and the bottom line healthy. Let’s look at the main steps to a cleaner, less risky customer base.

KYC remediation policies and compliance

Your internal policies need to mirror the regulations that apply to you. These form the backbone of your KYC remediation process and must evolve in line with regulatory requirements. This means fully understanding regulations in your industry, and the regions within which you and your customers operate.

KYC remediation is not a one-off task. New regulations are formed and revised on an ongoing basis, so you need to be ready to review and revise your internal policies to match.

Ensuring our policies are updated is just the first step. Now, you are ready to tackle the remediation of your back book, which involves implementing processes that bring your data, reporting and compliance policies together.

Identify customer profiles for remediation

Once you have your policies defined, it is time to start acting on them. Your existing customer data must be brought in-line with new regulations that have come into effect. You need to identify which customers need to be remediated, have a consistent process in place for identifying and gathering missing and outdated information, ensuring your teams understand this process, and record your activity, so that it is auditable for both internal and external regulators.

Gather your KYC data

As regulations evolve and expand, the amount of information needed to ensure an adequate standard of KYC has dramatically increased. Gathering this data is a huge undertaking. You need to be able to gather disparate information from multiple sources to get a complete and accurate picture of each customer. The process can be time-consuming, labor intensive and costly.

The challenge comes in doing it thoroughly, and all within a budget and timeframe that does not leave you exposed to unknown risks or necessitate the interruption of service provision to valued customers. Automating the data gathering phase significantly reduces the time it takes to update old records and frees your high-value analysts for more strategic work.

KYC data analysis and identifying Ultimate Beneficial Owners

Requirements for identifying and verifying Ultimate Beneficial Owners (UBOs) have become more stringent since the Panama, Paradise and Pandora Papers revelations. This requirement is often a big component of current KYC remediation projects.

Without automation, you will need a team of analysts to crunch through swathes of data to manually piece together corporate ownership structures and work out where ownership and control lie. You can minimize the time and overheads associated with this by using a data visualization tool. This is especially useful when you are identifying UBOs, or re-examining them.

Complex company ownership structures can disguise the natural persons with controlling votes or shares in a company. Following a tangled thread that leads you back to that individual is made easier with diagrams and charts that decision-makers can interpret.

Set up adverse news alerts

While registries and data vendors can only provide you with so much, the news can also give you an extra level of assurance and provide triggers for KYC remediation, as fresh information comes to light across the globe online and in print every day. But, who has time to screen every news item — and how often can you do it? If one of your customers becomes politically exposed, you need to be in the know and must update their KYC accordingly. Technology that searches for adverse news items flags risks relating to your customers without eating into your operating costs.

KYC remediation is not a set-and-forget process. You will need to continually review your policies to ensure best practice and regulatory compliance. Your customer profiles are also living ‘documents, and you need to proactively maintain these for the lifetime of a relationship. Intelligent process automation can help you with ad hoc and continuous KYC remediation processes.
—

Editor’s note: This blog was first published on 26 September 2018, and has been updated to its current form for accuracy and comprehensiveness