Bank executives share their perspectives on KYC transformation
Encompass Corporation and Ernst & Young LLP (EY US) hosted an executive roundtable to discuss Know Your Customer (KYC) transformation.
Held in New York City, senior executives from the largest banks were invited to share their perspectives on KYC transformation, their challenges, and opportunities for automation. The session was held under the Chatham House Rule where participants are free to use the information received, but neither the identities nor the affiliations of the participants are revealed. What follows is a summary of the discussion held that day.
Around the table
The roundtable was moderated by Dr. Henry Balani (Global Head of Industry & Regulatory Affairs, Encompass) and Don Johnson (Principal, Financial Crimes Compliance Consulting, EY). Senior leaders from 10 global banks with corporate and institutional banking operations in North America took part in the discussion. KYC operations, compliance and technology functions were represented.
What is KYC transformation?
In the last decade, KYC has evolved from a set of basic requirements to complex data collection and screening. This complexity has no doubt been driven by geopolitical events, with the Russian invasion of Ukraine in February 2022 driving an unprecedented number of coordinated sanctions programs imposed by many Western nations against individuals, corporations and financial institutions, all designed to choke off finances to fund the war. In terms of context, the number of sanctions imposed on Russia since February 2022 far outstrip the total number of sanctions since the inception of the Russian sanction regime in 2014. In addition, we are seeing the growing rise of sanctions programs as an alternative to armed conflict as a policy tool to address rogue nation behavior. 2024 looks to see expansion of sanctions regimes as this tool is used on other rogue nations and entities.
Without a global body to coordinate regulation, nor even local guidelines to dictate clear standards, financial institutions have struggled to keep pace. The result is typically a patchwork of KYC processes and technology that is fragmented, inefficient and siloed. This has resulted in the less-than-efficient deployment of KYC policies and subsequently transformative technology solutions to address these regulatory requirements.
These inefficiencies also result in lengthy and painful processes that can be slow, complex and unnecessarily duplicative when onboarding new corporate clients. According to research from McKinsey & Co, the average onboarding process for a new corporate client can take up to 100 days, varying significantly depending on the banking products and jurisdictions involved. As such, time to revenue can be impacted, where the longer the onboarding process takes, the slower the process of booking revenue. Global transaction banking services already represent US$12 trillion — almost half of total global wholesale banking revenue according to the same research.
Over the years, financial institutions have recognized the importance of staying compliant with regulatory requirements or facing stiff penalties and public embarrassment. Senior bank executives and board members recognize these issues and look to address these challenges, albeit in less-than-ideal circumstances. The disparity across different anti-money laundering (AML) regimes, along with a risk-based approach to KYC, means there are opportunities to leverage technology for automation and transformation of processes designed to enable standardization and consistency across the bank’s compliance operations. Certainly, there is a need to identify the processes that are “automatable” vs. those that are subject to interpretation. Additional effort is required to understand which areas open to interpretation can be standardized. Addressing these areas means an opportunity for effective KYC transformation.
There are three distinct business groups actively involved with KYC transformation: operations, compliance and technology. Each group has distinct responsibilities and the ability to deliver, resulting in potential misalignment in priorities. One example is the allocation of budget and resources toward meeting current priorities. These conflicting priorities lead to challenges to successful KYC transformation projects. Clarity coming from the board and C-suite executives will drive consistent business processes essential for KYC transformation.
As is well known, executive support is always essential for transformation projects, especially those related to KYC transformation. At the highest level of most financial institutions, there is general support for technology automation, which drives cost efficiency overall while improving the customer experience and helping to drive top-line revenue performance. The key here is to confirm alignment of KYC policies, processes and implementation across the bank or risk suboptimal transformation projects. The challenge is with mid-level management and day-to-day owners, where we see a lean-to conservative approach to KYC processes, especially when considering transformative implementation projects.
For change initiatives such as automation, there must be a reasonable level of risk-based approaches with agreements to supply both budget and support from leadership willing to accept risks. If practitioners are encouraged to make decisions to adopt automation, we can ultimately save a lot of time and bring controls and repeatability because of standardization. Senior management also needs to be able to articulate the vision and potential of automation while being realistic about what can be achieved on day one vs. what can be unlocked through digitization in the medium and long term.
We also need to recognize the business functions that are accountable or have ownership. Operations, including the front office and second line, have interests in ensuring KYC policies are met. Some banks even have internal “hotlines” to address potential onboarding KYC issues or address any policy issues that front office relationship managers may have. Such an approach means active intervention in the first stages of an onboarding cycle, potentially alleviating any misunderstandings to quickly identify risk issues that can be addressed early. One can debate whether such a hotline is needed given that front office staffs are extensively trained on KYC procedures; however, there needs to be recognition of the dynamic nature of KYC policies in today’s complex environment. The benefit may not be 100%, but we should expect significant improvement over the current manual, non-standardized KYC processes.
Processes and lines of business
Processes continue to remain manual, given the uncertainty and complexity associated with automating KYC processes. However, there is recognition that automation is necessary to stay compliant with regulatory requirements because the regulators are looking for consistency in KYC processes. Onboarding is more than a checkbox exercise as regulators are looking beyond just processes followed and instead are looking to understand how KYC policy is updated and relevant.
It was noted that some banks have established a global policy for business lines common across all jurisdictions, used with regional policies that provide or require an uplift per region. Some banks have traditionally relied on manual integration to move client data from one division to another, which can lead to “swivel chair” approaches to entering this data into multiple bank platforms, inadvertently resulting in “fat finger” mistakes from manual input. Other challenges include navigating privacy and consent issues regarding client data and sharing, especially for global banks that cross multiple regional and international jurisdictions. The complexity of changes and the frequency of regional regulatory changes and policy reviews can increase exponentially, requiring operational changes that can be costly and difficult to automate.
Identifying “what” is automatable as part of a transformation project becomes a challenge here as priorities continue to change. However, it is important to identify the components that naturally can be automated, including data ingestion and KYC workflow. Regarding data ingestion, the need is to identify relevant customer reference data (including name, address and business line). A centralized data reference hub allows for easier ingestion and, therefore, automation. KYC workflows are typically well defined in terms of the high-level steps to customer onboarding. As a result, while the data elements may change, the KYC process is automatable and presents greater opportunity for transformation. Automation also means the ability to incorporate additional business processes, including legal onboarding and credit applications.
Interestingly, some banks continue to use traditional tools, such as spreadsheets with overarching workflow steps, hosted on SharePoint or other collaborative sites and continue to maintain this approach given the relative flexibility to adapt their KYC processes. Banks also have built in-house KYC workflow systems, representing a step forward in automation and helping to provide consistency across their regional and international operations. While not as flexible as spreadsheets, all felt it important that workflow systems be changed within a 30- to 60-day window to be responsive to regulatory changes.
One area that represents challenges to automation is the implementation of policies. This references legal KYC requirements as defined in relevant regulations. Policies are typically transformed into rules, which can be subject to interpretation. This means hard coding rules, and therefore automating rules, can be a challenge. Policies also need to be aligned with requirements, which could present automation challenges.
Another difficult area is in the refresh process; 120 days (about four months) between refresh cycles is considered the norm. A frequent practice here is to place accounts on hold during this process, which can lead to customer satisfaction issues hurting existing revenue streams.
Challenges continue to exist around entity resolution and data governance. While banks recognize the importance of accurate and comprehensive customer data (including external reference data), the ability to keep this data relevant continues to be a significant issue.
Legacy issues can also present transformation challenges because of the complexity of these systems. Technology budgets need to be aligned with business priorities to maintain consistency across business requirements, given the complexity of KYC processes. While artificial intelligence (AI) — particularly generative AI — is a hot button issue and shows great promise, especially in the application of interpreting policies and producing insights based on historic cases, the role these tools play is still early for KYC, and more analysis is needed before extensive deployment.
While banks can actively work with their technology partners on KYC automation, regulators can play a part as well by reviewing external partner solutions. Certainly, endorsement by regulators is not possible, but greater levels of comprehension and education are crucial to help them understand the value of transformative technology. At the very least, regulators should be familiar with the technology provider’s products from other implementations and understand what it does to help pave the way for KYC transformation.
As recent KYC utility initiatives have struggled due to competitive issues, can KYC be considered a competitive advantage? We believe it is possible if documents are easily accessible, the bank has processes in place to consume the data, and the corporate customer is provided with a user-friendly tool to upload their documents that is accessible by both the corporate customer and the internal bank team.
The discussion wrapped up with concluding thoughts on which KYC automation processes have worked well in the past. Having a qualified, effective first line (internal help desk) has proven effective in standardizing internal processes. Allocating a dedicated budget to an uplift effort is certainly key as well.
Along with the budget, producing robust metrics on volumes and targets to manage workload is essential. Having a global platform in place and iterating from there helps to ensure clear understanding of milestones, with policy staff deeply involved with the day-to-day operations function on both existing and future transformation projects.
Developing a clear strategy and obtaining business buy-in, along with executive support for a longer-term plan (at least a five-year plan) are essential steps. Senior leadership needs to realize that KYC is a cross-functional mid- to long-term challenge instead of expecting return on investment (ROI) results within a fiscal year.
The three distinct business groups actively involved with KYC transformation — operations, compliance and technology — have a greater understanding of cross-business priorities and are willing to come together and accept joint responsibility for transformation success. Active cross-functional discussions help to drive positive outcomes. Finally, improved front office processes at the point of customer onboarding are essential to improve downstream KYC processes.