Why (Perpetual) KYC?
Simply put, it’s performing ongoing due diligence. Making sure that you Know Your Customer and keeping up with delta’s in the Customer Profile or Behaviour that can influence the client’s risk classification.
Before the rise of automation institutions had to use a very labour intense form of performing Customer Due Diligence. This would be performed at Customer Onboarding, however employees also had to review each client (if this was even done) after a certain period of time. This period of time was based upon the risk classification of the client and this risk classification was based on an earlier performed inventory of various risk indicators. Risk indicators like nature and purpose of the relation, source of funds, business activities, the UBO’s and much more. The risks that needed to be investigated were captured from supranational legilsation to the instution’s own risk appetite, captured in the (global) standards. There are a lot of steps going from (supra)national legislation to national legislation and internal policies and guides, let alone how to implement this in the models and process. Performing Customer Due Diligence was almost all done manually. Asking the customer to provide information and documents over and over again. This was combined with a basic transaction monitoring setup that looked at each and every transaction of the client via predefined thresholds. But how can you actually know your client if you don’t look at them or speak to them for five years or longer and have a basic transaction monitoring setup. It turned out that the financial institutions didn’t know their clients as well as that they had hoped. Investigations by regulators and the public procecutor’s office and in some cases (huge) fines (ING, ABN Amro, Rabobank, Credit Suisse, Danske Bank, Deutsche Bank and many more) followed. There were solutions that needed to be found and quickly!
Review them now…manually!
The initial response of most financial institutions was to perform remediations of entire clientportfolio’s and the hiring thousands of analysts to review the clientbase, combined with the implementation of many more risk triggers and thresholds. The result; an ever increasing backlog and a human resource pool that was hard to control. In The Netherlands the top three banks started employing over 10.000 people who became active in the KYC and Due Diligence space. On top of that there were no crystal clear policies due to difficulty of interpreting (supra)national law and a risk appetitie that was different per individual analyst (times 10.000). Clients were faced with a flood of questions. Each time they spoke to an analyst, a different proces was followed or the risk they posed changed. Chaos had entered the financial institutions and it was paralyzing entire departments and the client centric service model. Cost/income ratio’s were running through the roof and instead of fixing the problem, the problem seemed unfixable.
Know Your Customer’s Delta
Financial institution went back to basic and a new vision needed to be development to turn this chaos into order. Automation and data had developed at a steady pace during the years of decay of manual KYC and could pose an outcome. Often this would lead to simple automations with Robotics Proces Automation. Creating small increments of innovation of processes, mainly focused on less manual labor. Although this could decrease the pressure on the workforce, it would not fix the problem of not ongoingly knowing the client, having up-to-date client files and being able to automatically keep up with changes from both internal as external sources.
The beginning of Perpetual KYC or Ongoing Due diligence started with the questions: “Can the client profile be reconstructed into a structured data profiel?” and “Can a Transaction profile and set up of peers be established that would not only be monitored by hard thresholds but by deviations from those peers?”. If the clients profile did not change and its (transaction) behavior (TM, CF, TF) would not lead to any alerts would it then be possible to automatically verify the client’s risk classfication? The answer was YES. And so the market started a transformation of its KYC/AML framework from Periodic Review to Ongoing monitoring, which should lead to Perpectual KYC. Ongoingly knowing who your customer is (client profile) and knowing what your client is doing (client behaviour) can enable a Risk Based Approach. Via automation of policies and the instition’s risk appetite (instead of each employee having its own risk appetite), a transformation can emerge and recreate a uniform and client friendly process, putting the financial institutions n control again.
What elements to think of in devising your strategy?
How to set up Perpetual KYC?
When you want to start creating that uniform proces, you need to go back to the basics of your client base and use your SIRA procedure to identify specific risks related to that client base. When you have a good understanding of who you are servicing and what the risks are concerning these clients; you can start modeling to create the foundation for Perpetual KYC.
It’s a waste of time and money if you try to innovate blindly, you will not reach your goal that way. But when you know your client base you can then start to think what profile components are elementary and what risks are connected to these profiles and what the mitigants there are. How can I use the various controls, external profile data, CF, TM and TM to mitigate or detect specific client risks. Only when you know the inner workings of these risks you can start to build up your IT infrastructure . Ofcourse there are a lot of basics that you probably have covered already so you don’t have to start from scratch and you probably can build upon some legacy systems. However, the key is to unify these single components (data(lakes), TM, TF, CF, CM, model, outreach component, process(orchestration) and policy) in a Perpetual KYC ecosystem instead of an egosystem.
Not everyone is there yet and if you truly understand perpetual KYC and ML/TF you know we will never be there. It is, like Simon Sinek points out, an infinite game. Although financial institutions try to innovate their set-up and rules, criminals are looking for loops in the system on a daily bases to infiltrate and misuse the financial system. However the implemention of Perpetual KYC puts institutions and society back in the driverseat and enables a pro-active instead of reactive framework actually ready to battle ML/TF.
Would you like to know more about (how to implement) Perpetual KYC and transform your organization? Contact us through the options on this website or directlty through silven@coduce.nl
Need more time, browse our service like “KYC Automation“.