KYC controls: how can firms deliver more with less?
With the increasing threat of criminal activity impacting core operations Know Your Customer (KYC) processes and controls continue to remain an integral part of financial crime risk management adopted by firms within the Financial Services industry. These firms must ensure robust mechanisms are in place to identify and prevent customers seeking to conduct illicit behaviour. Recent trends in this calendar year reinforce the importance of continuing to improve the efficiency and effectiveness of financial crime risk control environments.
The Covid-19 pandemic has driven more remote contact between financial institutions and their existing or potential customers. The early phases of the pandemic placed significant pressure on firms to focus their efforts on crisis management. This meant there were cases of accelerated but less thorough due diligence as part of the rapid roll out of coronavirus support schemes; the UK government face up to £4.9 billion in fraudulent or erroneous claims out of the £47 billion loans issued as part of The Bounce Back Loan Scheme1.
The wider growth of digital banking relationships creates a need to adapt the ways in which firms understand the customer profile and associated risks. Last year mobile banking registrations increased significantly. According to a European digital investments platform 12% of UK consumers switched to digital banking as a result of the pandemic2. In the UK, the FCA have identified several weaknesses in KYC/CDD operations because of the growth in digital processes for KYC and customer identification. A review carried out by the FCA through 2021 found that challenger banks were generating higher numbers of Suspicious Activity Reports. A significant proportion of the higher volumes were because lower quality reports. In some cases, the banks did not have risk and control assessments in place for verifying new customers3. Longer established players in the industry have also been reprimanded by the FCA this year because of concerns around risk identification and control management4.
This year has also seen a particular acceleration in the velocity of sanctions being issued5. This increases the importance of KYC activities to ensure the customer information sanctions controls rely on is up to date so that cross-jurisdictional requirements can be met.
The need to strengthen controls is occurring in the context of rising inflation in the UK and globally which is increasing the cost pressures financial institutions are facing. At the forefront of these pressures are those on wage and salary expectations, which are principal drivers of the cost of KYC activities6.
How can firms simultaneously improve the efficiency and effectiveness of KYC controls?
To improve both effectiveness and efficiency of KYC controls financial institutions should consider making better use of external data, move towards a trigger-based approach, and address skillset deficits within their teams.
First, financial institutions can better leverage external sources to plug gaps in data for customers. Many firms hold out-of-date or multiple records for single customer profiles however there are several data sources such as Companies House and commercial suppliers that provide reliable data on existing customers. Making better use of these sources can equip firms to detect and remediate gaps and inaccuracies in client records more efficiently and lead to greater confidence in data held about customers. If the data sources are deemed sufficiently reliable, there is the added benefit of not requiring costly customer outreach to verify proposed data updates.
Secondly, firms should look beyond periodic reviews and towards a more trigger-based approach. Implementing a trigger-based approach uses analytics from various data points (considering both internal and external sources) to form a judgement on the accuracy of a customer’s data and associated risk profile, and the specific KYC actions this warrants. Although there are requirements placed on firms by regulators to refresh their high-risk relationships annually, a trigger-based approach can be more effective for other customers. A trigger-based approach can enable updates to client information to be identified and made sooner (if analytics to detect these occur more frequently than periodic reviews) and at a lower cost (if such analytics mitigate the need for some customers to undergo a full periodic review that is unlikely to identify changes).
This is in line with guidance recently published by the Wolfsberg Group which encourages firms to adopt a dynamic event-based approach for KYC/CDD processes and controls7. This guidance further considers digitally enabled engagement between financial institutions and customers, encouraging firms to use their digital capabilities to improve the quality of customer verification process. Keeping up with possibilities that are afforded from gathering and analysing multiple customer data points through digitally enabled solutions removes inefficient human effort in performing KYC controls8.
Third, firms should also consider the skills gap in their teams to successfully implement a trigger-based approach. There is increasing demand for individuals with coding and analytics experience to help build programmes particularly around screening alerts. Utilising team members with analytical capabilities can help firms identify opportunities to better focus KYC activities on customer data changes that are more likely to indicate financial crime risk. For example, a change in residency in general provides little indication of an increased risk profile, however using risk-driven analytic techniques can help identify what other key variables require investigation in the case of other changes to determine an accurate risk profile. Similarly, upon detection of unusual activity advanced analytic tools can help firms define guidance to investigate, reason and action an outcome based on learned behaviour resulting in more effective KYC procedures.
In an era defined by digitisation financial institutions will need to remain innovative in their approach towards analytics and data to develop solutions that allow them to remain competitive and better detect breaches in their KYC procedures.
- The Bounce Back Loan Scheme: an update – National Audit Office (NAO) report
- Digital Banking: Six Million Or 12% Of UK Consumers Have Switched To Virtual Banking Services Following COVID-19 Outbreak – Crowdfund Insider
- FCA review finds weaknesses in some challenger banks’ financial crime controls | FCA
- Credit Suisse lands on UK watchlist for stricter supervision, Financial Times reports | Reuters
- NCA and OFSI issue red alert with private sector on financial sanctions evasion typologies by Russian elites and enablers – National Crime Agency
- Monetary Policy Report – May 2022 | Bank of England
- Wolfsberg Guidance on Digital Customer Lifecycle Management (2022).pdf (wolfsberg-principles.com)
- Financial crime risk technology – Don’t get left behind – BCS Consulting, part of Accenture