Know your customer (KYC) processes have been the lifeblood for compliance teams fighting fraud. However, are they still enough? Kristoff Zammit Ciantar – founder and CEO of KYC Portal, believes its days could be numbered.
KYC is a vital part in how companies handle anti-money laundering (AML) efforts, as well as other anti-fraud workflows. Testament to its importance, research from Burton-Taylor International Consulting claims the global spend on AML and KYC data and services totalled $1.35bn in 2021, which represented a 26% rise on the previous year.
While spend is increasing, traditional KYC methods are no longer the best method for understanding customer risk. Zammit Ciantar said, “KYC is often coined as being the task of verifying your customer however it actually refers to knowing your customer – knowing the risks that you are being exposed to due to having an individual or a corporate relationship with a third party.”
The only way to really know your customer is to continually assess them and their behaviour. This is where perpetual KYC comes in. This is a method of ongoing customer monitoring, ensuring the business has an updated view of the customer risk.
Zammit Ciantar believes perpetual KYC will be a major advancement in the battle against fraud and money laundering. However, the biggest effects will be felt from the AML perspective, significantly reducing the costs and processes.
He explained that the current AML framework revolves around reviews, which are required for all subjects. An organisation must ensure it knows of any update to a customer’s profile, both individual and corporate levels, since their onboarding or last review. The aim is to give the company an up-to-date view for their risk analysis. Obviously, these reviews require a lot of work and effort, and can often be overwhelming for firms.
“Perpetual KYC practically makes the review process redundant as it’s focused on having processes and systems in place to be able to be notified when something that can lead to risk changes,” Zammit Ciantar added. “This in turn, notifies the teams to act or work on the necessary actions to remediate such risk within a relatively real time aspect. This leads to very small gaps in which fraud can happen, disturbing the market quite drastically, in a very positive way.”
Why should firms implement perpetual KYC?
The cost saving isn’t the main reason why firms should transition towards perpetual KYC. Its biggest boon is its reduction in risk exposure. It is estimated that between 2% to 5% of global GDP (around $800bn to $2trn) is lost to money laundering each year, according to data from the United Nations. Banks are fined millions of dollars each year for failings in AML. More needs to be done to stop successful incidents of fraud.
Perpetual KYC helps firms reduce their risk landscape. Zammit Ciantar explained that the current review process leaves firms exposed to elements of risk beyond their control.
He said, “Review processes are based on risk brackets and a period in time. For example, a subject who is MEDIUM risk we will conduct the review on a 6-month basis however, a subject that is LOW risk the review will be conducted on an 8-month basis. The problem is that the second you finished the review, the data points can change within the next day or week.” These changes could lead to the risk of a subject increasing and the firm will be unaware for several months.
Instead, a perpetual KYC process will lead to a minimal risk exposure, he added, as they will detect and alert the firm of any actions needed to be taken within minutes of them being exposed to new risks. “This way, the review process will become a formality as you would have already acted on any elements that exposed the firm to risk.”
The crisis in Ukraine has highlighted how quickly sanctions lists can change, relying on a periodic review is too long to wait for a bank to act. When a firm has implemented perpetual KYC, it will allow for automation on the screening of third-parties for adverse media, political exposure, sanctions and more. Zammit Ciantar stated that while it is impossible to select false positives without the involvement of a human, there are many other benefits these automations can have within workflows.
For example, KYC Portal has a rules engine that allows a client to automate processes when no results were found on a subject following a screening, removing a manual step. Furthermore, these solutions allow for the automation of actions based on the decisions taken by the team on matches and no matches.
Is there room for traditional KYC processes?
While there are a lot of benefits to be had from implementing perpetual KYC, it might not be for every business. There is a huge cost to implement this new technology that some firms will not be able to afford or justify. Many would have spent a lot of time and money implementing their current KYC workflows and would not be willing to simply replace it and spend more money on maintaining a whole new system.
A reason it is so expensive is because perpetual KYC is more of an orchestration layer. It collates all required information from all the tools that are in operation and can calculate the risk and drive workflow accordingly, he stated. Implementing a system of this scale is going to be costly. The data needed for this system would need to be centralised and include data from core systems in place, CRM, ERP, as well as onboarding data on customers and third-parties, adverse media, political exposure, transactional analysis, corporate data and so much more.
“I personally believe that the cost of adopting perpetual KYC outweighs the actual cost of doing it manually,” Zammit Ciantar said. “We have seen this in practice and albeit the initial cost to implement such a solution, the ongoing savings will instantly make up for the overall project cost. However, it will take some time for such an approach of perpetual KYC to become the norm. “
Adoption of Perpetual KYC
This is still a relatively new technology stack and demand is slowly increasing across many markets and industries. However, the most receptive industry so far has been the gaming sector, Zammit Ciantar said. “This is inevitable due to the sheer number of subjects that they must conduct due diligence on, on an ongoing basis. Just as an example, one of our clients has over five million players in their database. It is humanly impossible to conduct reviews manually on such a number of subjects so perpetual due diligence with automated triggers becomes inevitable.”
A key boost to the adoption of any regulatory technology is from the regulators. Zammit Ciantar believes regulators will encourage the use of this type of system. “We see it from regulators who audit clients of ours and see the level of detail that a product such as KYC Portal equips the client with. Regulators like the fact that all actions are triggered on the real time risk element. The fact that there is no need to wait for the review to happen. The fact that they are instantly working on any risk exposure within minutes.”
These systems also give regulators the necessary information to investigate decisions made in the past based on the full audit of historical risk movements, he added.
The future of KYC?
With the threat of money laundering continuing to rise, perpetual KYC could become an important tool in preventing this.
Zammit Ciantar concluded, “KYC used to be perceived as the step where you need to identify or verify an individual. KYC however is more than that. KYC is the ability to know your customer, be it an individual or a corporate. KYC is the ability to know who they are, what they are doing and how they might be able to expose you and your brand to risk. KYC is the entire lifetime of a subject; from the day you onboard them all throughout the ongoing reviews.
“The new concept of perpetual KYC is not changing any of this. It’s just making the whole lifecycle of this process more secure and regular. “
Copyright © 2022 FinTech Global
Copyright © 2018 RegTech Analyst