The questions put to me suggest that there is not enough of an understanding of how KYC checks are conducted now, against how they were conducted ten or fifteen years ago. What I’d like to do within this post is to clarify how KYC has evolved, particularly highlighting what KYC best practice looks like now.
I had compiled some notes and quotes that would have made for a different article, but on reflection considered that this is in fact ground that encompass has already covered. Those of you who have read our excellent whitepaper, Transforming Know Your Customer Operations written to assist banks and those working in the financial services sector with their KYC onboarding, may recognise some of what is about to come.
There are several points within this whitepaper I think worth focussing on, and giving a fuller explanation of.
It is important to recognise that Know Your Customer checks are separate from client onboarding. While the beneficiary of client onboarding is clearly the company that becomes a client at the end of the process, the beneficiary of a KYC process is the regulator and MLRO who gains confidence that KYC has been rigorously pursued and all relevant information obtained.
Clearly the needs of the customer and the MLRO / regulator are very distinct and separate. A customer is only concerned on whether an account has been opened or a product or service successfully purchased. For an MLRO or regulator the needs are very different. They need to know that a very specific set of controls have been adhered to with the necessary information obtained.
As we know account opening can only occur once Due Diligence has been completed. For this to happen, two things are required. The first of these is that an AML/CTF risk rating must be obtained for the customer, and secondly, proof is required that a risk based approach has been implemented.
KYC is required throughout the client lifecycle. I noted a recent statistic from Thomson Reuters which stated that only 12% of financial services organisations actively remediate current customers. This is potentially dangerous as remediation is a key plank of the 4th Money Laundering Directive. As such, KYC is not a one-off, but an ongoing process.
Know Your Customer checks are certainly not new. In one guise or another they have been around for at least the last couple of decades. That said, as the stipulations have become more exacting through the recent Money Laundering Directives, some financial services organisations are yet to to truly master the art. This is in spite of millions of pounds and dollars having been spent on compliance professionals to help them overcome KYC challenges.
Rewind to the 1990’s and KYC was certainly a beast that was easier to tame. At this time, there were only three steps required to fulfil KYC obligations. These steps were significantly simpler to execute, and looked as so.
Customer onboarding before KYC
KYC through time has become complex and grown with the requirements borne out of the regulations. Added to the mix now are the extra steps of validating customer identity and opening an account. This has changed the flow-chart to look as below.
KYC as a sub-process of customer onboarding
As we can see from the above chart, we have now added on top of requesting required documents and validating them, “Know Your Customer due diligence” and “Money Laundering Reporting Officer” before reaching the same end point. The MLRO box is important as it illustrates that, as well as the KYC checks taking place, the MLRO must also be satisfied with the quality of information garnered as a result of these checks.
A robust three step plan has been developed which is well documented in the whitepaper and I think highly effective for financial services.
The first step is to identify risk; that is to say, Assess
The Wolfsberg Group gave five specific dimensions that should be taken into consideration during this part of the process. These are, clients; products and services; channels; geographies, and; other qualitative factors.
The second step is to mitigate risk, that is to say, Plan
This middle point relates entirely to having the right policies and controls in place in order to mitigate the risk of being exposed to money laundering.
KYC and the series of steps it represents, offers the opportunity for banks to discard ineffective means of control and replace them with digitised, automated business processes. KYC regulation prescribes the data collection requirements as documented in the risk presented by a client. Banks therefore must define policies for different combinations of a product offering, customer channel and customer geography.
Firms must then identify trusted and reliable third party data sources to validate information, and the compliance function must be able to confirm to itself and the regulator that the client does exist and the UBO and those potentially with control or influence have been identified. A risk rating is then applied on the customer’s potential for money laundering and terrorism financing.
Those with a higher risk rating (ie, customers with a Politically Exposed Person as a director) are given a higher risk rating and require Enhanced Due Diligence (EDD). This involves investigating sources of wealth, reputation, and Ultimate Beneficial Owner. Customers subjected to EDD must be granted approval by senior managers and must be frequently remediated, sometimes as often as every three months.
The third step is to control the risk, that is to say, Do
The final step is to put into practice the two previous stages. This is completed by building a sustainable framework to control risk, from which KYC can be put into routine operation.
[bctt tweet=”incorporate in 3 steps of Plan, Do & Assess to simplify your #KYC customer onboarding #banking ” username=”EncompassCorp”]
The above seeks to illustrate that there have been substantial changes in the way that KYC operations are carried out. As the graphics show, it has become far more complex, time consuming and costly to do, particularly when undertaken manually.
The additional steps that have been put in place have been done so at the behest of regulators following the introduction of pan-European legislation such as the 4th Money Laundering Directive.
The three steps of best practice have been inserted here to show that while the additional steps have added another layer of complexity, by following the Assess, Plan and Do stages, KYC process can be simplified in a manner that will ensure successful onboarding and satisfy the regulator.
Suffice to say, the Transforming Know Your Customer Operations covers this and more on KYC onboarding in excellent detail. I would encourage all to keep a copy on your desk as it succinctly illustrates how banks can save on time, money and resource in their customer onboarding.
Encompass’ intelligent process automation conducts live document and data collection, analysis and integration from public and premium sources to bring transparency to complex corporate structures and ultimate beneficial ownership, delivering the most accurate and complete KYC on demand.
Over the past decade, Ed has led sales and served as a member of the Executive Management Teams at a number of organisations in the Know Your Customer and Governance Risk & Compliance space. Ed managed the New Business Sales and Account Management teams covering EMEA and Asia Pacific for these firms, delivering new business sales growth and increasing the brands’ footprints in new logos and new geographies, that helped take two of them to successful sale, one to a FTSE 100 company, the other to Private Equity.
Connect with Ed on LinkedIn.