Know Your Customer: Moving Beyond Regulatory Compliance
By Jenna Danko on Mar 10, 2016
Know Your Customer (KYC) and Enhanced Due Diligence (EDD) refer to operational tasks carried out by financial institutions in order to mitigate their risk exposure and to comply with anti-money laundering (AML) and counter-terrorism financing laws and regulations that are promulgated by the various financial regulatory agencies.
- Know your customer (KYC) is a continuous process and not limited to New/prospect customer who is seeking to open new account.
- The Customer identification process (CIP) is aimed at establishing customer’s identity.
- Based on the initial risk profile, product usage pattern (Disclosed), transaction pattern (Un Disclosed), customer is subjected to customer due diligence (CDD).
- Based on Dynamic risk computation/customer profile group, product usage pattern, transaction pattern (Based on value, volume, velocity, geography, channel etc.,.) of the customer required enhanced due diligence (EDD) procedures are validated as per the regulatory requirement/policy.
Due to frequent changes/updates in regulatory requirement/internal policy, financial institution are in great pressure to accommodate required due diligence to assess risk of a customer. As mergers and acquisitions are taking place within the financial industry, managing customers, especially those involved in differing risk profiles, need to be validated to understand the higher risk level than the previously independent entities, which results in major challenges. And the challenges are not unique to banks based on their size; Tier 1 banks such as HSBC and smaller organization such as Brickell Bank, based in Miami, Florida have both been hit with large fines over the last couple of years.
Despite these ideas of AML, KYC, and EDD being around for many years, there are still significant challenges banks are facing regarding these. I have outlined some of these below and have followed up with a suggested solution on banks can minimize the challenges.
- Financial institutions irrespective of Business lines including retails, wholesale, private, investments, securities and capital markets and insurance companies are trying to establish complex global KYC requirements that include geography, customer, product and transaction specific.
- Increased time to board and apply due diligence over customer and transactions, due to the manual and diluted KYC processes, which has resulted in non conformity to Global KYC standards.
- Diluted manual KYC processes have resulted repetition of documentation on both existing and prospect customers and the amount of time this process takes leads to non-compliance.
- The lack of financial institutions to derive / accommodate risk rating and KYC process by customer type, by geography, by product and by transactions has resulted in a significant increase of non compliance, and exposes financial institutions to regulatory, constituents and competition risk.
- Financial institutions are finding it difficult to review the severity of the risk associated (keeps changing based on demographic, geographic and transaction pattern) with the customer, which further results in non compliance.
- Few institutions have automated their KYC processes that are limited to customer, product and transactions; however the implemented system has a minimum capability to arrive /compute the severity of customer risk exposure at an enterprise level to apply enhanced due diligence.
Note: The term customer includes the notion of account holder, joint-account holder, power of attorney holder, beneficial owner, founder and occasional clients. These actors can be physical persons or legal persons.
Building Blocks – Moving KYC Beyond Regulatory Compliance
The G7 leading nations created the Financial Action Task Force (FATF) to fight against money laundering, however financials institutions are supported by contribution from various organization like International monetary fund (IMF), United Nations (UN), and the Basel committee on banking supervision for development and economic co-operations. Global KYC standards address its concerns for integrity, direct and indirect losses that may be incurred by financial institutions that do not adhere to the key KYC due diligence process.
The primary role of a financial institution is to make profit such that they can better serve the customer and retain them. In order to fulfill the same, the financial institution needs to know their customer better than before, but as a business objective, rather than a compliance regulatory requirement. Key drivers for building a profitable financial institution are to have a strong KYC process / policy / Guidelines.
Revision of Existing KYC Process
KYC processes within the bank need to be evaluated on a regular basis to ensure there are no defects; it is best to have the organization fix the process before the regulator catches the issue(s).
Listed below are the criteria which needs to be validated before reviewing the existing KYC process:
- Should the Revision effort be at Enterprise level vs. Business unit level?
- Source/existing systems where existing KYC data needs to be collected
- What different KYC data/information are required for completing KYC revision process?
- Missing KYC data/KYC information that needs to be collected under law vs. internal policy
- Gathering information from a specific group/category of customer vs. total customer
- Processing KYC data which were available in current system vs. Data which were captured from public sources
In most financial institutions, a high proportion of customer data are stored in electronic format, a gap analysis can be carried out to find out find the missing KYC data considering all the accounts held by the customer with in the financial institution, In case if the multiple account relation of customer are stored in multiple system, cleaning and interlinking the customer relationship with in the enterprise needs to be established.
The risk severity of the customer depends on type of customer, product usage, transaction pattern, geography in which the customer operates, it is very imperative to financial institution to prioritize the receipt of information from customer who is deemed to pose higher risk, however financial institution can gain a insight into customer risk severity based on the customer’s transaction patterns. Effective prioritization logic would help financial institution to maximize KYC compliance for high risk customers at an optimal cost.
While the financial institution is in process of reviewing KYC data, the customer should not be inconvenienced or find out the FI is seeking information to rectify an issue that should have been addressed during customer boarding. However, the financial institution needs to assess how to collect the missing information via own records, public records or through investigative / verification agencies. It is preferred that a relationship manger reach out to the high net worth customer to continue the personalized services and to gather the missing KYC information.
Financial institutions should also clearly define response management such that following listed activates are managed efficiently:
- Training – Various people who connect with customer needs to be trained on the script, how to assess the collected data and required further action.
- Scalability – All the required hardware, software and infrastructure needs to tested for performance, speed and capacity to hold huge volume of revised KYC data.
- Response Metrics – Metrics needs to be formulated at enterprise level such that Number of customer Whom all information has been received, Number of customers for whom information has been received in part, number of customer for whom no response has been received, however the above said parameters needs to consider other attributes like customer risk severity, medium used to reach customer, product usage, transaction patterns, geography, Branch etc.
Please join me next week as I continue to outline the best strategy on how to move beyond just checking the regulatory box and ensuring your KYC program is a sound business strategic initiative.
Gururaja Prasanna is Principal Sales Consulting at Oracle. He can be reached at gururaja.prasanna AT oracle.com.