Inaugural US Perpetual KYC (pKYC) roundtable
The traditional KYC approach can allow customers who move to high risk in a short period of time to remain unnoticed. There is also the possibility of increased reputational risk as well as it leading to a financial institution’s resources, operating costs, and internal controls being overwhelmed.
Industry standard has moved on from conducting KYC in a static, point in time, “nonintelligent” manner. With banks taking a more dynamic approach to customer refresh, perpetual know your customer (pKYC) continues to gain traction across the banking industry.
Encompass recently convened an inaugural US pKYC roundtable to discuss the pKYC roadmap. Co-hosted with Capgemini, the event brought together an expert group of senior executives from some of the industry’s largest banks for an insightful, peer-led discussion.
There was a definite willingness to discuss both the opportunities and challenges of pKYC adoption, particularly under the guise of Chatham House rules. Co-chaired by Dr Henry Balani (Global Head of Industry & Regulatory Affairs, Encompass) and Manish Chopra (Executive Vice President, Financial Services, Capgemini) we share the key takeaways below ….
Getting real about pKYC
Within the group there was a maturing knowledge and understanding of pKYC. No debate was required on what pKYC is or the value in why it is needed. Instead, all participants were aligned to the benefits of pKYC with early adopters already moving to the next phase of securing executive sponsorship and others already underway in their journey. This certainly corroborates the findings Encompass discovered during its series of pKYC advisory board sessions over the last 18 months where approaches to pKYC implementations continue to mature.
The advisory board had previously developed a standardized framework which led the discussions during this roundtable. The five components of Data, Policy, People, Process and Technology are all considered to be enablers for pKYC adoption.
Understanding perpetual KYC
Participants at the roundtable understood pKYC to be a dynamic process of continually monitoring customers with the ability to respond to ‘material’ changes in as near to real-time as possible. It was clear that pKYC is happening; it is a journey that banks will undertake but they are certainly at various stages of readiness. Obtaining executive sponsorship is vital but there are additional challenges to overcome.
There were two prominent topics of conversation during our session, specifically around the challenges:
- Data – being primary in terms of understanding what the requirements are and the materiality of data attributes.
- Understanding the role of the regulators to make pKYC a successful journey.
Materiality of data
Transparency facilitates trust between a bank, its clients, and the regulators. But it is the continuous monitoring of a combination of internal and external data that quickly identifies material changes in a customer’s behavior or risk profile. Any ‘material’ changes are brought to the attention of the analyst or risk manager for review during the periodic review process.
Automating the customer due diligence (CDD) processes simplifies the work of the analyst team as it brings consistency and increases throughput of cases. Being able to auto-update low-risk changes, while escalating changes that require further investigation or enhanced due diligence provides greater focus and value add for the analyst teams.
However, it is the materiality process that supports the bank in determining which data aspects are the most relevant. Not only to achieve due diligence to satisfy the regulators but also to meet the bank’s risk appetite.
The importance is understanding what is actually ‘material’ and relevant. The data can only be assessed based on the bank’s risk profile and its framework for the CDD operations. Everyone understands that there is a need to have complete and current customer data. But the challenge in the pKYC operation is the need to identify what is material about those updates and that can only be assessed in terms of materiality and the risk framework and profile that is applied to their operations.
Understanding materiality helps frame the operational requirements for data updates as part of a pKYC implementation. A challenge is there is not a strong enough risk ranking methodology and process to define materiality which could generate a large number of false positives.
Implementing pKYC has its challenges. Including the consolidation of data across internal systems and external sources, choosing the right pKYC technology, and ensuring that the new process will meet supervisory expectations. Participants felt that the acceptance of external data as a valid and reliable source was a big hurdle for internal policymakers to overcome. This viewpoint was expressed by the policy holding responsibility executives as well as operational leaders. Internal customer data consistency and data lineages are also challenges, especially when customer records have not been updated recently, given they were originally categorized as low risk (typical for a traditional periodic KYC approach).
It was important to be able to show where attributes come from whether that be sourced externally or internally. When using external data and comparing and contrasting different sources, making selections, and then retaining the lineage on the attribute selected and utilized was deemed important.
An added challenge here is the ownership of the decision to accept the risk associated with relying on external data. This was not clear in the bank as, in particular, solution providers and their functionality did roll up to clear roles and responsibilities within the bank. A case in point is where CDD workflow systems were held by the operations leader while transaction monitoring is held by the financial crime leader. This would add to the complexity of deploying a pKYC solution that encompassed both models especially when KYC data is leveraged for downstream systems.
The benefits of pKYC for an enhanced process
pKYC creates an opportunity to review existing processes and rethink the data attributes that are most relevant. Banks do not have to replace like for like. Instead, they should review data, policy, people and technology in unison. At the point of refresh, it is worth understanding those changes that are worthy of update and those that are not. It is a combination of all the components that drives a better journey to pKYC adoption.
Between the participants there was a call for the banks to share their prioritization of what to update and what not to. Many had been struggling with the idea of materiality of data and were reticent about the challenge of maintaining a pKYC process without addressing the challenge.
Recognition was also given to the fact there is often data held across functional silos within the bank. Rather than a cost management exercise, banks should move to a revenue generating model for pKYC. In deploying this approach, pKYC can be measured from a return on investment (ROI) stance.
As an example: pKYC generates a single digital customer profile in real-time which is then shared across the institution. Banks can then use the data across the functional teams to create insight led decisions such as purchasing trends. Being able to sell more products based on the shared information creates the opportunity for increased revenue that can be easily monetized.
Another hot topic of the session was regulators. Regulators increasingly expect improvements in the KYC process to allow for the ability to respond to customer behavior and status changes in real time. The challenge is the innovation of pKYC and how regulators, across different jurisdictions, understand how it plays into the pKYC journey. Regulators traditionally understand periodic reviews but now need to understand how pKYC identifies customer risk and subsequently addresses it. With the number of different U.S. regulators and their individual requirements, pKYC technology initiatives have been received differently to their European and UK counterparts.
The issue, therefore, is how to present pKYC to the regulators? What is needed to position pKYC with them in terms of demonstrating transparency, explainability and how do you produce validation and demonstrate the right metrics in terms of the initiative?
Participants informed that they could explain their own internal methodology but could not account for the methodology provided by the data providers. As far as transparency is concerned for explainability model validation with a repeatable and reliable process is key, however more collaboration is required to put the case forward to the regulators.
Proving pKYC to the regulators
Regulatory expectations for a pKYC program include explainability; transparency; preserving human judgment, proper data governance, provenance, and management; sufficient model risk management; and metrics to demonstrate effectiveness. Once a unified and transparent approach can be articulated by the pKYC stakeholders’, global banks then need to prove to the regulators that pKYC works. A task easier said than done with multiple US. regulators (e.g. The Federal Reserve, FDIC, OCC, NYDFS) and inconsistencies of their requirements and priorities. There is an education process to be followed to influence the regulators’ adoption.
There is, however, some resistance and reluctance to invest time, as well as a reticence around that being the bank’s responsibility. The additional complexity includes different perspectives, priorities, resources for regulators, making education across regulators challenging. To win regulatory buy-in, in addition to explainability, banks need to provide transparency, model validation with a repeatable and reliable process.
The roundtable session also discussed that the regulators need to be clearer in their messaging before banks fully adopt the road to pKYC in the US.
In wrapping up the session it was recognized that pKYC was a complex multi-year journey. The monetary return in value can often be pushed back to year three. This is especially true if customer records are out of date and incomplete. pKYC processes would immediately raise these records requiring updates or risk unanticipated volumes of records requiring remediation. As a result, a pKYC implementation that does not plan for this spike risks failure as it is deemed to have exceed cost and expected benefits.
The early years require investment in data, process, people, and technology. However, once these components have been addressed and the foundations are in place the investment comes to fruition. One solution is to focus on shorter term KPIs – for example data quality, narrow definition of attributes to populate, false positive rates. Participants were particularly interested in ‘what good looks like’ when deploying a pKYC initiative and identifying the relevant success metrics within their banks is crucial to its success.
The roundtable was a wonderful opportunity for collaboration and was a frank, thoughtful, and perceptive discussion of the pKYC process. The bottom line was agreement that shifting to pKYC, and use of modern technologies, now is a must for financial institutions. All participants agreed that being aware that vendors, (Encompass and Capgemini), can support with knowledge share and tools such as the Encompass pKYC maturity model was invaluable.