The New Standard of KYC Compliance

According to a Deloitte report on “Digital transformation for the risk and compliance functions”, one of the constant obstacles to compliance innovation has been the continued view of compliance and internal audit organisations as “cost centres” rather than “strategic business partners”. However, as financial institutions and regulated organisations review their internal structures with the objective to equip their businesses for the challenges of the future, it is essential that they avoid falling into this trap.

In fact, the world of KYC compliance is changing beyond recognition. The traditional paper-based, manual, and sporadic process is bound to be replaced by a new KYC standard that is:

1. Digital-first
2. Customer-centric
3. Powered by scalable automation
4. On-going and on-demand
5. Driven by the principle of “compliance by design”

 

1. Digital-First

Before the COVID-19 pandemic, only around 5% of the UK workforce and around 7% of the US workforce used to regularly work form home. Then, in a matter of weeks, government-imposed lockdowns forced businesses in all sectors to embrace remote working.

Everywhere from New York to Seoul, corporate IT teams had to let go of their traditional mistrust of BYOD (bring your own device) practices and implement procedures enabling staff members to continue their work from home on their personal computers, tablets or mobile phones. Almost overnight, the office-based paradigm was replaced by the remote access standard.

Due to the predominantly intangible nature of their products, financial institutions are among the sectors that are most likely to embrace remote working long-term. In this context, strategic digitisation of the compliance function is essential for businesses looking to enable their compliance officers to work from home. More specifically, migrating all compliance’s internal systems to cloud-based solutions  enables financial institutions to easily introduce remote access to all their relevant workforce, without the need to massively increase on-premises server capabilities or allocate extended budgets.

Even traditional organisations whose internal policies do not allow for a cloud-first approach are beginning to experience the benefits of a hybrid approach to data security. In this model, core software functionalities live in the cloud (where they can be continuously upgraded and improved) while sensitive customer data is kept on-premises.

 

2. Customer-centric

Moving back-office functions to the cloud and enabling compliance teams to work remotely are key steps towards the new standard of KYC compliance. However, digitisation should not be intended as a purely “behind the scenes” exercise.

Financial institutions and regulated organisations also need to accelerate the digital transformation of their front end interactions with prospective and existing customers. This is not only a matter of internal efficiency, but it is increasingly becoming a business development argument as well.

In fact, today’s customers expect 100% mobile solutions and effortless client service delivered digitally and via their device of choice from the very beginning of their business relationship, including in financial services. In this space, traditional financial institutions may have a lot to learn from up-and-coming Fintechs.

A lack of resources has often pushed new players in the financial services space to experiment with new and more efficient ways of interacting with customers. Some of these techniques are now becoming the industry standard and customers have begun to expect them from their traditional banks as well.

 

3. Powered by scalable automation

Automation’s strength is its ability to quickly and consistently scale the efforts needed to enforce compliance procedures across an organisation and multiple geographies in a way that limits friction in the user journey. This is a fundamental ingredient for commercial and operational success in the era of growing financial regulations and more demanding customer expectations.

However, a general uncertainty regarding the ability of automated processes to catch nuances and identify red flags – maybe based on past experiences with early automated processes – is still present in the industry. The last decade has seen incredible progress in the application of artificial intelligence and machine learning to better understand – and learn from – available sets of data.

Additionally, the secret to successfully embracing compliance automation lies in what can be called intelligent automation. The intrinsic value of automation is extremely visible when it replaces manual and repetitive tasks, freeing up time for compliance teams to review limit or suspicious cases that automation on its own would not be able to work through.

The areas where an automation-driven approach to compliance is particularly beneficial include:

1. Security and customisation during document collection, only requesting necessary documents and removing the need to send back and forth emails with attachments (all documents are automatically and securely uploaded to the relevant case);
2. Ability to scale volumes of activity through cloud technology or commercially expand into new markets by easily adapting customer workflows to reflect current requirements across jurisdictions;
3. Reliable AI-powered checks for authentication of international ID documents;
4. Extraction via Optical Character Recognition and Natural Language Processing of key information from incorporation documents for corporate clients, as well as automated transliteration from multiple character sets and languages your team might not be familiar with;
5. Automated audit trails to record all actions and checks performed on any given customers;
6. Tiered access to documents and functionalities based on team members’ roles and responsibilities.

 

4. On-going and on-demand

Most AML regulations around the world require financial institutions and regulated organisations to know their customers’ position at all times.

However, implementing real on-going checks using a traditional and manual approach is not only hard, but also extremely inefficient. To have a truly satisfactory coverage, compliance teams would have to manually perform all their checks multiple times per month, heightening the risk of human error.

However, by implementing technology that runs AML checks automatically in the background and instantly flags any changes in customers’ circumstances in real time, compliance teams can meet the regulators’ requests for on-going compliance without having to allocate additional human resources to the task.

Platforms that also include a Live Monitoring feature for all Proof of Identity documents can identify upcoming expiry dates and alert customers to upload updated documentation well in advance of the deadline through a system of automated reminders.

The ability to promptly perform additional recertification or AML checks on demand or generate customised internal and external reports when the compliance team needs them is another one of the many advantages of a technology-first approach to KYC compliance.

 

5. Driven by the principle of “compliance by design”

To this day, many compliance teams at financial institutions are still working with a variety of disconnected technologies and complex manual processes that make true collaboration and innovation extremely difficult.

Rather than embarking on digital transformation journeys in unchartered waters, risk-averse businesses might prefer to outsource some or most of their compliance workload to large teams of external consultants.

However, the solution that seems prudent at the time may reveal itself as short-sighted in the long run.

On-going regulatory evolution is a key requirement to effectively combat money laundering and financing of terrorism on a global scale. To keep up with new and stricter requirements as they are introduced, technology is of the essence.

By implementing flexible technologies that can be seamlessly adapted to reflect new requirements and workflows as they are introduced, financial institutions can embrace the concept of “compliance by design” and limit their exposure to AML-related fines. The strategic use of technology empowers compliance teams to embed governance and control into business practices in a way that no compliance training – however well planned and executed – could ever achieve.

After the implementation phase, efficiency gains can be substantial.

According to a research report by Globalscape and Ponemon Institute, companies that enabled compliance technology save an average of $1.45 million per year in compliance costs.

Interestingly, regulators have an important role to play in driving this change of perspective. The existing trends towards stricter and more frequently updated anti-money laundering regulation will continue to develop in the coming years. By encouraging RegTech adoption among their regulated entities, regulators are better positioned to accelerate the introduction of more stringent KYC/AML requirements, which can only be met through an intelligent use of automation.