In an increasingly digital and connected world, the need to stay alert to new challenges has never been clearer.
A key area in RegTech that takes precedence is Know Your Customer (KYC). The need to ensure the companies or individuals you are onboarding are legitimate and above board has always been an important part of conducting business. In the age of mass digital usage, it is becoming ever more so.
However, traditional KYC may be about to be uprooted by perpetual KYC. According to PwC, the PKYC approach enables automation across all end-to-end periodic KYC review process steps, leaving only a small subset of the more complex cases that require some degree of human intervention.
Will traditional KYC be replaced? In the eyes of Clark Frogley – financial crimes solution leader at Quantexa – one of the key restrictions of traditional KYC is that it is very manual and labour-intensive, which can increase the operational risks associated with data or documents being misplaced, misreported or siloed. Because of this, he believes there is an urgent need to make changes in current KYC and risk management practices towards a more continuous KYC approach.
He said, “Financial institutions must shift from reactive to event-driven regulatory reviews to ensure successful risk management processes – and PKYC provides a solution to managing risk more effectively throughout the customer lifecycle.
“A perpetual approach to KYC leverages AI to continuously monitor internal and external data in order to quickly provide context around an entity – such as a person, a company, or a supplier – throughout the customer lifecycle. By opting for pKYC, financial institutions can identify changes in an entity’s or risk profile in whatever frequency the institution wants to take, be it daily, weekly or monthly.
“New risky profiles will quickly be alerted to analysts/risk managers for review. The continuous nature of pKYC overcomes the challenge of outdated KYC information – which allows human investigators to make rapid decisions from the latest data with greater confidence. Equally as important, pKYC allows low risk or non material changes that normally require a large percentage of time by the operational teams to follow straight through processing (STP) guidelines to automatically update downstream systems to ensure KYC records are always up to date.”
However, Frogley believes there are a number myths that need to be dispelled regarding the uptake of pKYC. The first myth is that opting for a pKYC approach would be too expensive. He said ,”In shifting from a more reactive, traditional KYC approach, an incremental journey towards pKYC will enable organisations to maximize the value of each phase of risk monitoring. They can start small, implementing trigger-based KYC for a low complexity set of data to be monitored, and then expand the scope to new triggers, bringing business interactions and risk behavior as part of continuous monitoring. This could then lead to a final phase which provides full event-driven KYC across the entire customer data set, with all risk assessed dynamically.
“Done in this way, organizations can gain a more accurate and holistic understanding of their customer and the true risk associated with them.”
The second myth is that the uptake of pKYC will result in a more manual workload. On this matter, Frogley believes that a pKYC process will simplify the work of such teams, bringing much greater consistency to the process, auto-updating low-risk changes while escalating changes that need further analysis.
According to Gion-Andri Büsser – CEO of RegTech firm IMTF – pKYC means to them that clients KYC datapoints and the related actions need to be taken are monitored on a continuous basis and fed with real-time data, compared to traditional KYC where a snapshot is taken at a certain point in time.
What does Büsser see as some of the key benefits of using pKYC? “Banks can rest assured that compliance-relevant KYC changes will be surfaced immediately and that the bank can react according when the change happens. It also means that KYC reviews are no longer a significant effort that has to be done at the end of a period but that KYC processes are regular processes that can be planned across the entire year.”
This, with its more flexible and fluid nature, reduces significant variation in pending workloads and helps to reduce the team sizes in the area of KYC responsibilities.
Two areas that are receiving considerable attention right now are those of automation and AI. According to Büsser, these can also have a significant impact. He said, “A “smart” KYC system can anticipate upcoming KYC risks (e.g., related to certain client groups) as well as smartly prioritize workload for the team based on past learnings.”
Data is also an area of focus for many companies. Büsser – who described data as the ‘new gold’ and plays a key role in KYC processes – said, “If for example external real-time data sources can be tapped and integrated, KYC profiles become much more accurate and can better reflect the risk a certain client is posing; This ultimately allows banks to capitalize on business they would have previously walked away from.”
He concluded, “Implementing these new KYC systems require strong central management capabilities and solution expertise to facilitate the culture change and empower organisations to leverage the implemented solutions to their full potential.”
Out of all the potential benefits that could arise from the uptake of pKYC, the one that stands out far and beyond the others is that of efficiency. With less work needed on having to undertake yearly or bi-yearly KYC assessments as well as the increased automation, this offers an argument that pKYC is much more efficient that KYC.
iMeta sales director George Collier said, “Most firms carry out KYC on their client data on a periodic basis every 1, 3 or 5 years, depending on the risk rating of the client. But once the checks are done, the data is out of date. The majority of checks carried out will show that the details won’t have changed, so there is a lot of wasted manual effort, time and money. And the remaining 5-10% that do have a material change might not get picked up until 3-5 years after review exposing the firm to significant regulatory and trading risk.”
Collier remarked that data provision and the use of data registry information is making the process of obtaining and maintaining data easier. “By using a flexible CLM platform that can integrate via API’s with third party data providers, the process can be automated – data can be extracted, ID records updated and verified and PEPs and sanction checks on companies, directors and owners can be done.”
The iMeta director said that by automating the process and rapidly gathering up-to-date client information, not only can companies ensure compliance with regulatory and risk policies in real-time, but they can then concentrate more on their relationships to maximise profitability, so there’s no time and money wasted trying to manage out of date client relationships.
He continued, “In jurisdictions where data is easily acquired, there is an opportunity to leverage data feeds to update profiles in real time rather than waiting 1, 3, or 5 years, meaning you can always stay compliant. But for those countries where data isn’t so readily available, there will still be the requirement for more manual, human intervention at regular intervals.”
Collier said he believes KYC and AML for new customers ‘is already moving towards automation’, therefore it is logical that periodic reviews will follow suit – with seamlessly refreshed profiles freeing up time and energy for more in-depth investigations for higher risk clients.
“In the same vein as automated onboarding, low and medium risk clients could be moved to a model where they never have a formal review date. But what about high-risk clients, will the banks or the regulators really allow a process with no human intervention?
“We see that controls can be improved by taking the human variable out, for certain customer types and business lines but realistically, for more complex trading relationships, FIs will likely automate parts of the process but combine automation with human touch in the short term at least,” Collier concluded.
Copyright © 2022 RegTech Analyst
Copyright © 2018 RegTech Analyst