Know Your Customer remediation – your questions answered
Effective compliance and risk management programmes depend on accurate and up-to-date Know Your Customer (KYC) data. However, remediating KYC when the regulatory landscape and customer risk profiles are subject to constant change is time-consuming and expensive.
We answer some of your burning questions in this interview with David Deane, banking industry advisor to encompass and former Managing Director, Global Client Onboarding, KYC and Reference Data at Deutsche Bank.
Many firms have very limited resource for client onboarding. Would you say that onboarding new clients should take priority over these legacy remediation projects?
David: Absolutely not. I think you’ve got to look at it from a total value point of view. What revenue is this client going to generate for your organisation? It’s a commercial decision at the end of the day.
You should prioritise your highest revenue clients to make sure that they satisfy due diligence so that you can continue doing business with them. So if you’ve got a highly profitable customer but out of date KYC, I would suggest prioritising remediation over onboarding a new customer whose value may not be as great. In addition, if your KYC is out of date you may be forced by the regulator to terminate relationships, or at least stop transacting until remediation is complete – that’s potentially very damaging in terms of revenue loss.
At the end of the day, limited resources mean you need to prioritise what you do and I would suggest prioritising by revenue. And base this on actual revenue, not potential revenue. In my experience, for every ten clients that are onboarded, five of them never generate any revenue, and three of them will generate significantly less than the salesman said they would. So only two out of ten actually deliver on the promise. That’s an important statistic to remember.
If, as part of your KYC remediation, a long-standing customer no longer fits within your risk-based approach, can you continue doing business with them?
David: That’s a decision that needs to be taken by the senior risk committee within your organisation. At the end of the day, regulators put the onus on the bank to make the decision as to whether a client is fit to do business with or not.
Of course, if you do business with a company on a sanctions list, such as OFAC, you’ll face fines and possibly imprisonment, but if a customer no longer meets your new standards, that’s a decision for your risk committee. This is really important to stress. It’s not a decision to be taken by operations or even compliance – it’s one for senior business executives.
So it’s not clear cut. You will need to investigate all cases and ensure you have all the information needed to make an informed decision.
One of the challenges of many remediation projects is identifying the source of wealth of ultimate beneficial owners. How far should you go in terms of identifying and verifying this?
David: That’s a very pertinent question, and also a difficult one. Source of wealth is a difficult path to follow. Very often you’re reliant upon attestations from your clients as to how they generated their wealth. How far do you go? I think it depends on other factors or risk indicators, such as jurisdiction or type of entity, that perhaps flag the client up as being of some concern. In those instances you need to dig as far as you can ask your client to give you as much evidence as possible.
At the end of the day, it’s going to be a risk decision that the firm has to take. If it’s a higher risk client and you’re struggling to understand the true source of wealth, I think that needs to go back to the risk committee. But identifying ultimate beneficial owners is a really challenging area – I know that from first hand experience.
If your organisation acquires another company, is it necessary to conduct KYC remediation on their customers?
David: This will depend on a couple of factors. Firstly, are you satisfied that their anti-financial crime policies are adequate? This is something your due diligence should have established. Secondly, have you reviewed a sample of their KYC files to ensure they actually meet their policies and are up to date? If yes, then I would say it’s probably not necessary.
If, however, you feel their policies don’t meet your standards, or KYC is incomplete or out of date, then you will need to remediate these customers.
about David Deane
BANKING INDUSTRY ADVISOR
David Deane is the Managing Partner of financial technology consultancy Fimatix.
He has 30+ years in the Financial Services industry, where he has led and transformed Global businesses across Operations and Financing in Investment Banks and Wealth Managers. Most recently  he has been a Programme Director shaping and driving innovative mutualisation opportunities for Banks and Outsourcers. This follows leading global Client Onboarding / KYC and Ref Data as an MD for Deutsche Bank [2012 – 2016]. Before this he was a Programme Director at Lloyds Bank [2010 – 2012] building out a Capital Markets business infrastructure. Prior to this he has held Global Operations leadership roles at Barclays Wealth [2007 – 2009], ABN AMRO [1999 – 2006], Greenwich NatWest [1993-1999], Swiss Bank Corp and Salomon Brothers.
Connect with David on LinkedIn.
on demand webinar
KYC Remediation with David Deane
don’t let outdated customer information expose you to risk
Effective compliance and risk management programmes depend on accurate, up-to-date KYC data, but maintaining KYC profiles when the regulatory landscape and customer risk profiles are subject to constant change is time-consuming and expensive.
Gain an insiders perspective on tackling these issues in this 40 minute on demand webinar with David Deane, banking industry advisor to encompass.