Under Know-Your-Customer (KYC) regulatory requirements, banks and other financial institutions are expected to periodically review and refresh relevant information they hold on their customers. This goes beyond the initial Customer Due Diligence (CDD) carried out within the initial onboarding phase as institutions must monitor clients on an ongoing basis and maintain their records.
Financial services firms have been looking for many years to improve efficiency in this space, looking towards a data led approach and automation to reduce costs. For many, this has been a slow process, with many other programs taking priority due to cost or resource limitations.
Despite the numerous challenges a large institution faces when attempting to overhaul its processes, the benefits can be huge.
The evolving face of Customer Due Diligence
Ongoing monitoring often takes the form of periodic reviews - the frequency of which is determined by the initial view of risk during onboarding. Periodic reviews can be cumbersome, a drain on resources and not always a good experience for the customer.
With greater focus being placed on truly understanding a customer and their behaviours, especially in the light of recent data leaks, news headlines, and cross-border activity, even the likes of continuous KYC under CDD, hasn’t provided enough to plug the gaps and meet heightened expectations.
Automation, data and perpetual KYC are key in helping to accelerate the due diligence process and minimise the gaps, leading to faster onboarding, reduced exposure to risk, and increased resilience.
Perpetual KYC or pKYC is a process that responds to changes as soon as they are made, rather than a time-based review of information. It is proactive rather than reactive, which means its ongoing approach to due diligence is dynamic refreshed based in response to key triggering events.
Sustainable and successful perpetual KYC requires investment in data quality, KYC standards, and cultural buy-in from senior management.
Finance arguably owns more insight than any other group. You have a deep, familial intimacy with corporate controls, systems and technology, budgets, customer behavior, resource requirements, processes and organisational goals. Your first move is the data break. The balls will scatter, and your job is to pick stripes or solids and get them into the appropriate pockets. Your customer data will likely be just as disordered and overwhelming, but segmentation is the pool shark business leader's strategy to get there.
Why periodic reviews are no longer the best form of review
Periodic reviews can be laborious to carry out. They also allow for windows of change, where criminal activity can stay under the radar for long periods of time. Even continuous CDD and KYC remediation – whereby firms frequently update customer data and profiles – can miss key changes in behavior and activity, masking the gaps
The benefits of perpetual KYC over periodic review are in two key areas:
Risk mitigation – Many institutions already have an element of perpetual KYC around sanctions and PEPS as they are usually checked daily against watch lists. However, it’s often overlooked that although daily checks are done, institutions may be regularly screening the wrong individuals if they have missed updates to their directors or beneficial owners. Perpetual KYC will flag these changes so institutions can begin screening the new individuals. Additionally, changes in beneficial ownership several layers away in other countries may not be realised or surfaced as part of traditional reviews. The right data and alerts can surface this kind of information more readily and automatically via perpetual methods, and in turn, help in understanding client risk impacts on the institution.
Right-sizing effort - Often, periodic reviews can be 12 months or more apart. Within a 12-month period, some entities will have seen change – whether that be new directors, watch list hits, new Ultimate Beneficial Owners (UBOs), a new address or contact information, but many will have had no changes at all. During the review, all aspects of all entities are re-checked, eliminating gaps and windows of change that impose risk.
With perpetual KYC, the initial KYC/CDD onboarding process is the same. The difference is that when changes happen in the data, they are picked up in real-time and trigger an event that is captured, then automatically assessed and actioned by the system. If there is concern, a CDD operative or analyst intervenes and decides whether to take further action. This allows institutions to ‘right size’ their approach and spend more time on entities where there are more changes and higher levels of risk.
Utopia vs reality
There are some foundational elements that must be in place to achieve perpetual KYC and higher levels of automation in CDD. It is easy to overlook these, so being informed and prepared to address them before starting will help for a successful transition:
Data strategy – often the most challenging and overlooked part of the puzzle, this is a necessary fundamental for perpetual KYC. Certain types of data are hard to capture and maintain, so institutions need to consider how to do this, as well as how to bring together information held in disparate systems to be integrated with live feeds and generate triggers.
Workflow – to aid high levels of automation, the compliance policy needs to be capable of being digitised into the workflow. An example of this is flow or decision-making rules for what is sent to simple vs. enhanced due diligence.
Monitoring – often an existing element in the compliance process, institutions need to focus on how to integrate live updates into monitoring processes for increased levels of automation. This also includes data in held in separate systems to screening systems, to enrich and maximise the monitoring process.
Human Intelligence and review – the combined power of automation and human intelligence should not be underestimated in achieving sustainable pKYC. While it is impossible to automate 100% of cases, what can be automated and straight-through-processed, should, enabling analysts to their spend time on cases with the most risk, such as false positive reviews that require manually review and action closure.
A best practice when creating a perpetual KYC programme with automation is to consider updates and monitoring are included by design, rather than being an afterthought. Institutions should think about the data they capture while onboarding and how that can be monitored automatically and maintained. This may mean re-engineering parts that are too manual or not using structured data. If thought about as part of the foundational steps like data strategy, policy, or workflow, it will be much easier to move into monitoring and adjudication.
Want to hear more on this topic? Watch our on-demand webinar to learn:
Why perpetual KYC is a game changer and what firms might be missing with periodic reviews.
How to move to perpetual KYC.
The important role data and technology play in CDD and perpetual KYC.