“The need to do KYC client reviews is indisputable. However, the current approaches used to complete these are most definitely questionable.”
Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations dictate that financial institutions must ensure that they know their clients and verify their identities with appropriate data and documentation that proves that their clients are who they say they are, are not involved or related to anyone involved in money laundering or terrorist financing and don’t represent an inordinate risk to the institution or financial system as a whole. Evidencing is important here.
KYC and risk assessment is a normal part of the initial client onboarding process, however, it doesn’t end there. Financial institutions are tasked with performing client due diligence on an ongoing basis throughout the lifetime of the client. The ultimate aim of this review process is to ensure continued compliance with existing AML and KYC compliance obligations, supported by updated and refreshed data and documentation. In addition to maintaining a risk-based approach to AML and KYC compliance, periodic client reviews have the potential to close many of the compliance process gaps that may exist, such as the absence or lack of data and documentation.
The need to do KYC client reviews is indisputable. However, the current approaches used to complete these are most definitely questionable.
The Challenges of Traditional KYC Client Reviews
The scope of periodic client and counterparty reviews can be overwhelming, involving thousands of clients and thousands-upon-thousands of data and documentation that needs to be reviewed. With clients being categorised by the size of risk they represent to the financial institution (high, medium or low risk), the objective is to ensure that sufficient resources are assigned to the higher risk clients, who require more frequent reviews and involve more complexity than their lower risk counterparts. The time and resources required to conduct a periodic review may be extensive, depending on the size of the institution, the number of clients and their risk classifications (i.e. how many high, medium and low risk clients the institution has).
The traditional response to client reviews has mainly constituted applying brute force to the problem, by throwing as many people and as much money at it to resolve it. However, this only ever succeeds in driving up the overall cost of compliance and is unsustainable given the sheer number of newly-introduced or impending regulations that require (or will require) periodic client reviews.
One financial institution with which we work estimated that they spent 24 hours of “interactive time” for every review for medium risk clients. This means that for their 2,500 medium risk clients, it would take 60,000 interactive (fully engaged) hours to complete the annual review process. This calculation does not take into account additional elapsed time for review (i.e. the time it takes for clients to respond to the financial institution’s request for additional or updated data and documentation).
A New Approach to KYC Client Reviews
Some financial institutions are moving away from the labour-intensive, outsourcing arrangement and reviewing the process as a whole in an effort to introduce greater and more tangible efficiencies that save time, effort and money.
The financial institution mentioned above tackled this by introducing greater levels of technology to support the client review process. They decided to maintain reviews of high risk clients as a manual process, providing the much needed expert four-eye process required. However, they automated as many of the medium and low risk clients as possible, prioritising the medium risk category. This involved:
- Mapping the client and counterparty data to specific fields. This produced a list of outstanding pieces of data that needed to be collected.
- Applying regulatory rules logic to determine if the current scope of regulations still pertained to the client or if any change during since the previous review brought newer regulations into scope.
- Identifying all data and documents required to comply with these regulations and checking the existence of these in various repositories (e.g. collected under a previous regulation e.g. AML or KYC) for re-use.
- Contacting clients for all outstanding or expired pieces of data and documentation.
- Recalculating the risk score based on new information.
The end result of this project culminated in the creation of more comprehensive client records, speedier client review process and shaved off 12,000 hours (20%) from the medium client risk category alone.
By automating as much of the KYC periodic client review process as possible, financial institutions can ensure a rigorous, risk-based approach to AML and KYC compliance through the client’s lifetime, close the compliance gaps in data and documentation, identify relationships that need to be terminated (or off-boarded) and reduce the number of staff it takes to conduct reviews.