Innovating know your customer (KYC) processes
September 2021 | TALKINGPOINT | RISK MANAGEMENT
Financier Worldwide Magazine
September 2021 Issue
FW discusses know your customer (KYC) process innovation with Don Johnson, Daniel Longcore, Monica Murcia, Lola Martins and Adam Meshell at EY.
FW: How essential are robust know your customer (KYC) programmes in today’s regulatory and business environment?
Johnson: Know your customer (KYC) programmes have been and will continue to be the cornerstone of an effective anti-money laundering (AML) programme and a primary means for finding the bad actors looking to take advantage of the financial services network to support their unlawful activities. Without truly knowing the customer, how is a financial institution (FI) supposed to know what is unusual or potentially suspicious transaction activity? The challenge that FIs have is striking the appropriate balance between regulatory compliance and the customer experience (CX). Technology has put the CX at the forefront of business and has given power to the consumer. Think of shopping, ride sharing and short-term rental applications. They have transformed how we live. Customers of FIs are expecting the same ease of doing business that they are experiencing in other aspects of their lives. The Anti-Money Laundering Act of 2020 (AML Act) that was passed in the US, similar regulation globally and new entrants into financial services, such as FinTechs, are leading to a massive evolution of how FIs perform KYC.
Meshell: KYC programme robustness and efficiency should be thought of as interdependent ideas: customers expect a frictionless experience, and an improved CX is a competitive advantage. FIs are digitally enabling KYC activities through an omnichannel framework that uses customer self-service portals to support initial information and document collection or re-attestation as part of a refresh. Mature self-service portals essentially mimic the bank’s KYC systems and requirements and are combined with adjacent digital capabilities. Additionally, FIs are leveraging third-party data or internal sourcing mechanisms to reduce the scope of information and documentation requested from customers. Ultimately, digital and data sourcing strategies fundamentally enable a frictionless CX by reducing the scope of customer engagement needed while creating an on-demand environment for the customer’s participation.
Longcore: The introduction of digital asset products and services will impact nearly all aspects of an FI’s AML and sanctions control framework, including material modifications to KYC practices designed prior to broad adoption of digital assets and the growth of customers engaged as digital asset businesses. KYC risk management practices should evolve to include sensitivity to the risks of the product and service, as well as customer and geographies served. Core to these updates is collecting data to inform an ongoing assessment of the customer’s nature and purpose of account, such as expected activity values, creating sensitivity within your customer risk rating methodology by updating existing attributes or including new attributes such as behaviour elements related to internet protocol (IP) address data or a customer engaging with high-risk wallets, and understanding how a customer’s AML programmes are tailored to address digital asset risks, such as sanctions screening or travel rule practices.
Martins: Globalisation within the financial services sector continues to accelerate and FIs need to scale their KYC programmes accordingly. Globalisation particularly challenges FIs by implicating a variety of regulatory regimes and expectations, which need to be maintained on an ongoing basis and precisely executed. FIs are improving requirements management, process quality and execution outcomes via KYC rules engines, which support consistent identification and completion of multivariable and jurisdictional KYC requirements based upon fundamental scoping data, such as customer booking locations, types or risk rating. When combined with proper global governance, change management structures and KYC process enablers – such as well-organised relationship manager-to-customer alignment and a parent-entity outreach strategy to resolve multiple customer outreaches at once – KYC institutions are beginning to resolve some of the fundamental challenges posed by globalisation.
“Technology is changing the entire landscape of how KYC is performed. It is improving the CX, reducing cost, and increasing efficiency and quality while improving risk management.”
FW: In what ways is technology improving the KYC function?
Meshell: Technology is changing the entire landscape of how KYC is performed. It is improving the CX, reducing cost, and increasing efficiency and quality while improving risk management. With regard to improving CX, the challenge stems from KYC processes, which often result in multiple, complicated outreaches to customers that are becoming increasingly burdened by requests for information from their FIs due to stringent KYC policies. With no relief in sight, many FIs have turned to technology as a means to reduce client outreach or, at a minimum, provide the customer with more digital methods of providing information. As customers’ relationships with their banks have evolved to a lighter touch, KYC technology has orchestrated requests to customers through existing omnichannel portals, allowing for customer self-service and a reduced need for phone calls, emails and in-person meetings. Going one step further, we are seeing digital channels being integrated with electronic signature capabilities and technology, such as optical character recognition, allowing customers to provide information digitally, at their convenience, right from their phones or tablets.
Johnson: Further along the spectrum, large, global FIs have been impacted by customers that have highly complex KYC requirements based on the multijurisdictional, multiproduct nature of their relationships. Banks are solving for this complexity through the deployment of well-integrated workflow systems that contain rules engines that dynamically determine bespoke requirements for a given customer relationship and guide the KYC analyst step by step in order to limit unnecessary documentation requests, increase the speed of processing and improve the ability to meet the demand for high quality set forth by quality assurance programmes. These workflow systems are also increasingly being appended with automation capabilities to perform tasks like gathering information from publicly available sources, integrating directly with paid data providers, generating automated narratives for risk summaries and applying artificial intelligence to cognitive tasks such as negative news research. Workflow and rules engines, combined with automation capabilities, have resulted in efficiency gains of 30 to 40 percent across the end-to-end KYC process, which can amount to an enormous cost saving as some institutions spend over $100m a year on KYC.
“Globalisation within the financial services sector continues to accelerate and FIs need to scale their KYC programmes accordingly.”
FW: What kind of changes have you seen organisations make to their technology infrastructure and operating model to enhance their KYC programmes?
Meshell: We are entering a period of unprecedented change, and that is being driven by a desire to increase efficiency and have more effective programmes. The challenge is to make sure firms are anticipating where they need to be given the changing risk landscape and the emergence of new, innovative technologies. As we are observing across the broad digital transformation that FIs are investing in, KYC technology ecosystems are becoming more modular in their architecture to promote maximum flexibility of services. The technology supporting KYC continues to be a major focus of innovation as it is viewed as a funnel to improve CX. KYC has become a focal point for innovation around digital customer communication, automated workflow, multivariable rules engines, electronic document apps, chatbots, automation and analytics. Decoupling these distinct components provides organisations the ability to rapidly adapt their processes to consume innovation through application programming interfaces (APIs) via microservices architecture. In addition to modular architecture, the adoption of low-code and no-code platforms to manage global KYC policies and workflows also puts changes into the hands of business and operations leaders, rather than relying on lengthy technology processes, which have historically slowed the pace of change.
Longcore: Ultimately, banks are using technology to empower client-facing personnel and clients themselves to manage KYC proactively and digitally, reducing the burden on operations staff and improving the ability to actively gain insights on customers through natural touch points as opposed to waiting on lengthy periodic reviews. Many FIs are moving toward an ongoing due diligence approach that essentially is replacing scheduled, periodic KYC reviews, which have not always resulted in meaningful outcomes in terms of how they are managing the customer’s risk. Ongoing due diligence will reduce the significant operational burden periodic reviews place on an institution, but will require technology investment to get to a mature framework. Future KYC ecosystems will pull data from internal and external sources, monitor that data for critical changes in profiles, and kick off bespoke process flows that will focus the institution’s energy on only the highest-priority and highest-risk activities, thereby improving operational efficiency and the overall CX.
“It will not happen overnight, but the future of KYC will be smarter, less costly and more effective.”
FW: Have there been any recent changes to the regulatory environment or expectations? How has this impacted KYC programmes?
Johnson: Across the globe, including the US, it is a very exciting time for FIs to revisit the old way of performing KYC. There has been a flurry of changes communicated from various regulatory agencies, and these changes should guide FIs’ focus on the effectiveness of their programmes. The government-wide AML priorities of the Financial Crimes Enforcement Network (FinCEN) and countering the financing of terrorism pursuant to the AML Act are a continuation of a busy 2020 for FinCEN, which issued multiple advisories to support FI’s continued progress to designing risk-based programmes. The Wolfsberg Group’s June 2021 paper on demonstrating effectiveness within AML programmes echoes the AML Act’s broad recognition that FIs should deploy controls that are reasonably designed and effective at mitigating risk and supporting government authorities. KYC programmes are evolving into a purpose-driven exercise designed to collect information and documentation relevant to assessing customer risk and understanding the customer’s nature and purpose of account. FIs are incorporating advanced data analysis into KYC programmes by assessing customers to better understand expected activity and identify outliers and applying enhanced KYC controls, such as mandated enhanced due diligence, customer exit or escalation.
Longcore: US regulators have emphasised that there is not an expectation of a scheduled refresh of KYC files to make sure they are current and accurate, and that ongoing due diligence can be an effective risk management model. In August 2020, FinCEN, in consultation with the federal functional regulators, issued a ‘Customer Due Diligence Rule FAQ’, which stated: there is no categorical requirement that FIs update customer information on a continuous or periodic schedule. The requirement to update customer information is risk based and occurs as a result of normal monitoring”. For lower-risk customers, scheduled periodic reviews are not a meaningful risk management exercise; the vast majority of scheduled periodic reviews do not identify a need to adjust risk management of the customer such as elevated risk rating and enhanced due diligence, unusual activity report filing or customer exit. FIs are receiving regulatory approval to move to ongoing due diligence strategies replacing scheduled reviews for lower-risk customers, with trigger events identifying when a periodic review should be performed. Fundamentally, this has been a game changer for early adopters which are experiencing a reduction upward of 30 percent in scheduled periodic review volumes.
Meshell: The regulatory guidance and expectation for digital assets can be best described as maturing, just as the industry use of these new products is evolving. Within the US, states such as New York, Wyoming and South Dakota are the primary laboratories of digital asset regulation. The Financial Action Task Force’s draft updated ‘Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers’, FinCEN advisories and the Office of the Comptroller of the Currency Interpretative Letters trust bank operating agreements provide the remaining fundamental regulatory framework as a starting point for FIs building or maturing KYC programmes to support digital asset products and services. Regulatory guidance and industry participant practices do not fundamentally alter how KYC is conceptualised. First, identify your customers and understand the nature and purpose of accounts. Second, risk rate your customers. Third, maintain sensitivity to how the customers’ use of their accounts may demonstrate the need to update KYC records or reassess customer risk. To advance their KYC programmes for digital assets, FIs should create KYC programme connectivity to enhanced controls, including blockchain analytics, travel rule solutions and IP address collection.
“KYC risk management practices should evolve to include sensitivity to the risks of the product and service, as well as customer and geographies served.”
FW: What does the future look like regarding KYC processes? What should organisations be doing today to prepare?
Murcia: It will not happen overnight, but the future of KYC will be smarter, less costly and more effective. KYC onboarding processes are costly, time-consuming and often hinder the client experience. As FIs are thinking about the future, they should consider adopting additional technology solutions and integrating ongoing due diligence, meaning performing due diligence when there is cause, into their KYC programmes. I anticipate a more frictionless client experience as well. This will likely include self-service portals and more significant reliance on additional data sources. While these strategies are transformative, the underlying concepts are not new and will create opportunities to advance risk management, enhance CX and allow for appropriate operating costs. Onboarding corporate clients can take weeks of manual processes and documentation gathering. This experience leaves customers frustrated and, in some cases, drives them to close accounts and change institutions. The future of onboarding is driven by technology through which customer identification is digitalised and due diligence can be achieved by leveraging multiple data sources and adopting centralised financial data repositories instead of continuous customer outreach.
Johnson: Limiting unnecessary customer outreach and enhancing CX throughout the KYC lifecycle should be top of mind for institutions in order to remain competitive in today’s high-tech, customer-centric environment. A way to enhance CX is to implement ongoing due diligence, sometimes referred to as event-driven refresh, for most customers and scheduled refresh strategies for certain customers that reflect the institution’s risk appetite. The future of KYC will be, in my opinion, a complete deviation from the current environment of time-consuming manual processes and scheduled refresh programmes, which are often check-the-box exercises that are trying to meet arbitrary deadlines. Institutions should continue to adopt technology and, as importantly, monitor employee adoption of technology enhancements. I have seen too often where technology, such as robotics, is rolled out, but employees do not want or are hesitant to use it. Providing employees with proper training and helping them understand the future state vision can result in a more seamless integration and an overall successful programme.
“There has been a flurry of changes communicated from various regulatory agencies, and these changes should guide FIs’ focus on the effectiveness of their programmes.”
FW: To what extent has the coronavirus (COVID-19) pandemic introduced risk to organisations or driven change to KYC programmes?
Murcia: The COVID-19 pandemic presented unique challenges for FIs, making them rethink their KYC due diligence procedures. Successfully completing customer due diligence while customers had little to no access to in-person resources was one of the main challenges that institutions faced. Onboarding a customer to multiple jurisdictions saw its challenges as various country due diligence requirements mandated in-person touch points, and notarised, wet-ink signed documents were nearly impossible to attain. As a result, institutions put in temporary measures that adjusted due diligence requirements and allowed for extensions to KYC refresh schedules, resulting in remediation efforts. KYC teams were left with backlogs of partially completed customer profiles that ultimately needed to be remediated, as well as a lack of comprehensive reporting to track remediation efforts and a reduced number of KYC resources to address the backlogs as these resources were realigned to the federal stimulus programmes to originate loans. This situation further perpetuated the backlogs.
Martins: Although underway prior to the pandemic, COVID-19 accelerated the usage of online banking, mobile apps and contactless solutions. FIs will need to continue to be proactive and innovative with their banking solutions. With FIs now conducting KYC due diligence processes through virtual platforms, the use of customer identification and verification has become more important now than ever. Digitalisation continues to be top of mind as institutions look to make onboarding processes smoother and less time-consuming for customers while maintaining a watchful eye on cyber security breaches and fraudulent activity. Fraudsters took advantage of the rush to get stimulus payments to millions of individuals and businesses. The synthetic ID challenge has also become increasingly important as regulators continue to scrutinise banks’ response to pandemic stimulus fraud. As a result, institutions’ cyber security and fraud risk management programmes are increasingly facing scrutiny.
Don Johnson has 20-plus years of experience assisting financial institutions with developing, remediating, implementing and running financial crimes compliance programmes. His recent focus has been on KYC transformation. His approach focuses on regulatory requirements, leading industry practices and risk appetites specific to each institution, with a goal to increase efficiency, leverage technology assets to enhance processes, improve quality, manage overall cost and improve the customer experience. He can be contacted on +1 (703) 747 0562 or by email: donald.johnson@ey.com.
Daniel Longcore has 10-plus years of experience providing BSA/AML and OFAC strategic and regulatory compliance advice to financial institutions. His focus is on developing and implementing operating models to transform KYC programmes at scale globally, including programmatic enhancements to support digital asset products and services. He can be contacted on +1 (202) 327 7379 or by email: daniel.longcore@ey.com.
Monica Murcia has 10-plus years of experience in the AML and KYC domain. Her focus is performing KYC operations on behalf of the largest, most complex financial institutions. Her teams either support clients with surge capacity or on a permanent basis for both KYC refresh and client onboarding. She has deep experience with multijurisdictional KYC requirements and helps clients rationalise and streamline those requirements and processes. She can be contacted on +1 (212) 773 7162 or by email: monica.murcia@ey.com.
Lola Martins has 15-plus years of experience transforming complex, enterprise-wide BSA/AML and OFAC programmes for global financial institutions. She directs multidisciplinary teams at the industry’s largest global clients to achieve operational excellence across their KYC programmes. She deploys solutions tailored to client’s needs leveraging a variety of delivery models (onshore, nearshore and offshore) and innovative technologies across the KYC process to improve customer experiences, minimise risk and drive business growth. She can be contacted on +1 (212) 773 4172 or by email: lola.martins@ey.com.
Adam Meshell has 13-plus years of experience in the BSA/AML space, beginning his career at a mid-size foreign bank and spending the last 10 years at EY. He currently serves as EY’s KYC technology leader, focused on delivering innovative technology solutions and consulting services to a wide array of banking, wealth, asset management and FinTech customers. He always seeks to support clients with operational efficiency, digital transformation and overall effectiveness of their KYC programmes. He can be contacted on +1 (212) 773 5275 or by email: adam.meshell@ey.com.
© Financier Worldwide