KYC as risk management, rather than data management, remains elusive for financial services firms as well as for the high-value goods and other industries that are joining the ranks of the regulated for anti-money laundering (AML) purposes. FinTechs, with their sophisticated frontend, often struggle just as much with their backend as established banks with their historic and siloed ways of doing things.
So, what does it take to do KYC well? Shining examples are few and far between. We hear that those shining examples are sailing right through the distribution of COVID-19-related loans to businesses. Regulators are seeing these examples and are beginning to point to them. Expectations continue to rise.
There are multiple ways to break this down, but in essence, three steps are required to move from data management to risk management: (1) data management and cleansing; (2) process mapping, to clarify which parts of the process can be automated; and (3) automation of not only the main parts of the process but also automation of the process hand-offs.
Data Management and Cleansing
Whether or not you agree that data is a starting point, we see that many of our clients are taking a step back and investing in data management rather than just automating, say, client segment reporting for regulatory purposes. Connecting the multiplicity of data sources, standardizing data to enable analytics to be run over the entire set, cleansing it, and remediating may take longer, but it tends to be a good investment in the medium to long run. We see that such an investment tends to have a considerable impact on improving ‘upstream’ processes, and it sometimes enables unexpected benefits and savings, such as eliminating the need for periodic reviews where cleansed and indexed data has update alerts attached to it. In this way, you’re in fact managing risk while managing data, and possibly even jumping ahead by creating a trigger-based file review process, as we’ve seen with some of our clients.
Process Mapping and Existing Tool Assessment
This topic has fallen out of favor with the advent of automation, but it is arguably essential to knowing what and how to automate. Automation in financial crime has, to a degree, become synonymous with product rather than solution. At the same time, there’s increasing understanding in the industry that automation is less about a perfect product and more about a specific solution for a specific area of risk. This is often a problem for product firms that, after years and millions spent on development, see endless requests for customization as additional costs and something that their financial institution (FI) users often don’t appreciate while fully expecting high product sophistication.
Since each bank has a unique set of historic systems and processes, no single product can navigate easily through that labyrinth, let alone claim an end-to-end KYC process when the considerable complexity of KYC is taken into account. For example, areas such as adverse media, sanctions screening, other types of name screening, KYC workflow, and database management require highly sophisticated, industrial-strength products tested beyond doubt, even though all will have some limitations.
Process mapping should be looked at again because it yields answers not only to where things go wrong and what can be automated, but also to where the priorities are. Process mapping can reap further benefits by overcoming whatever annoying limitations an existing product has, as all products inevitably do. Process mapping can even eliminate the need to buy a new product when your unique setup may already have a few decent products, which with a little micro-automation can be as good as new or even better at a fraction of the cost.
Let’s say that you’ve sorted your data, mapped and prioritized your process, and understood the limitations of your existing systems. The lay of the land may look quite different than when your boss told you that you must have three AI initiatives. You may find that the upgrade you planned for your transaction monitoring system can be postponed because your rules-based system is satisfying the regulator. Meanwhile, you’ve begun testing a new pattern-recognition tool that you’re either buying or developing with experienced vendors to fit your specific client risk profile. Specific – because they behave differently to the clients of other typical wealth or retail clusters due to cultural differences in a specific geography, or because of a specific regulatory expectation, or for use in the Markets environment where rules-based AML transaction monitoring solutions have proven so ineffective. Of course, your reason for doing it may be simply because you actually want to prevent crime and we are happy help you with that too.
Bringing This All Together
By this point you’re well into the territory of beginning to use your resources for risk management rather than just data gathering and ticking regulatory boxes. This brings you closer to actual crime prevention, which is what you originally set out to do but felt like it wasn’t quite working. There’s another upside too: all of us are pressed to save resources, be it money, people, or both. So, investing in a strategic approach, with thoughtful planning before beginning, can have dramatically more successful outcomes.
While there may be few shining examples and even fewer that are going to reveal what they are really doing internally, who have achieved pretty good digital identity gathering, or automated name screening of every kind, cleansed data and perhaps achieved trigger instead of periodic reviews of KYC files, many areas of automation still remain aspirational. Feedback loops between KYC and TM, complex risk assessment decisions (not automated weightings!), enhanced due diligence, client exits and many other areas are still on the “to do” list. So, it is not too late to start for anyone.
Perhaps your late start may mean you can make a bigger impact at a lower cost now that automation is better understood and more easily available. KYC is not the same as it used to be: streamlined processing that saves money and makes customer experience better is increasingly a selling point – and beautifully – it also delivers risk management by better managing your KYC data and automation.