waves of change: process automation delivers effective and efficient KYC
Since 2001, during the ‘first wave’ of Anti-Money Laundering and Counter Terrorism Financing (AML/CTF) compliance, the approach taken by reporting entities is to assign the work of Know Your Customer (KYC) almost exclusively to human specialists.
In the early 2000s, it was entirely rational to assign manual labour to these activities as the process of KYC was novel and not fully understood, and also because humans are flexible and adapt as circumstances change.
In a workflow typical of ‘first wave’ KYC, analysts download documents from websites managed by trusted suppliers of information, read and analyze these, share understanding of material facts with colleagues as attachments to emails or as links to shared drives, and make and record risk assessment decisions.
Here, operating models can be characterised as human experts supported by electronic communications.
Problems with the ‘first wave’
From the volume of headlines generated on the subject of AML/CTF compliance, we know that this process can be problematic. Broadly, the adverse media coverage falls into three categories.
The first is accounts of compliance professionals ignored or sidelined when raising red flags. This failing of senior management is remedied by recruiting executives capable of changing an institution’s culture and setting tone from the top.
Second is news highlighting inefficient KYC and the high costs of operating large compliance teams. Manual KYC operations suffer from low productivity. When productivity is low an institution is using its capital inefficiently, and this incurs an opportunity cost, as capital is unavailable for investment in alternative initiatives that offer the potential for growth.
Backlog and remediation, terms common in the routine of KYC, are symptoms of weakness in the underlying operating model and its inability to satisfy peaks in demand.
The third category is news of ineffective KYC. While inefficient KYC is readily identified, errors caused by ineffective KYC can be highly damaging because they are less apparent. A mistake in due diligence, such as failure to identify a relationship between a company and a politically exposed person (PEP) who is also a beneficial owner, can result in an inaccurate risk assessment. Such ineffective KYC can lead to a reporting entity unknowingly supplying services to a high risk client. Ineffective KYC creates operational, regulatory and reputational risks.
Additionally, KYC is ineffective when analysts harvest only a subset of information available for due diligence resulting in constant outreach to treasury teams for information and delays in onboarding and the initiation of trusted business relationships.
While this level of reliance on human work was appropriate to KYC in its infancy two decades ago, the inefficiencies and ineffectiveness inherent in this process design give cause for fundamental re-evaluation.
Emergence of the ‘second wave’
Much has changed since this ‘first wave’ of KYC was conceived. The process of operating KYC is now well understood, and experts can agree on best practices. The information sources relied on in due diligence are now digitized and accessible via application programming interfaces (APIs).
Regtech based on cloud-native digital platforms and delivered as Software as a Service (SaaS) is a vibrant sector. These developments aligned with problems of ineffectiveness and inefficient process designs create the conditions for the emergence of the ‘second wave’ of KYC .
This is founded on best practices that are codified as instructions to computers. When repetitive tasks – such as calling APIs to stream digital data, analyzing digital assets to identify facts material to due diligence, presenting facts in an easily understood form – are automated as digital processing, firms capture an enormous cost advantage. Changes to regulations are simply and quickly assimilated at low cost, so the regulated adapt easily to reform.
Human experts at the center of this new digital operating model use their experience to solve problems and communicate complex situations to their peers in compliance, business units and audit.
By making efficient use of capital, this digital transformation frees up funds for companies to invest in their growth initiatives. This newfound productivity also means all clients are subjected to KYC, abolishing backlogs and the need for remediation projects.
Because this automation of KYC finds all information required in due diligence, it protects reporting entities against risks created when material facts are missed and it improves customer service by minimizing outreach to treasury teams.
The ‘first wave’ of KYC was a time of learning but at the price of inefficiencies and ineffectiveness. Automation delivered as RegTech enacts best practices with digital technologies to create consistent compliance, importantly, at sustainable cost.