Know Your Customer: Defining Your Policy And Monitoring Team
In my last article I introduced how Know Your Customer (KYC) policies are one part of how financial service companies are fighting money laundering and related crime. These anti-money laundering (AML) initiatives are usually defined by the compliance department or a financial crime advisory team.
These are some of the key pitfalls to avoid:
It’s important to be aware that the people who define these policies are usually not the people charged with doing the actual monitoring day-to-day. This can lead to a situation where the company has a robust policy that has been designed to meet all the regulatory requirements, but it doesn’t actually work in practice.
Another common issue is that policy creation is seen as a one-off task, but AML regulation is constantly changing so there is a serious danger of the policy becoming disconnected from the regulation.
It is important to ensure that KYC operational team members are engaged in the drafting of KYC policy and that this process is ongoing, so the policy can be refined as regulations change.
This is where modern technology can help. In the past, most KYC processes were manual and this led to errors and inefficiency. Now various technologies are evolving and can contribute enormously. Technology is now the backbone of a modern and successful KYC policy - specifically through the use of customer relationship management (CRM) systems and data analytics. The most common trigger for a KYC intervention will when the customer undertakes an unusual transaction. An automated ability to check if each transaction fits the ‘normal’ pattern is a useful early warning system.
In a standard operating model regional teams generally follow a common process, but a lack of communication across regional hubs can lead to a host of problems - processes are often duplicated and multiple requests are made to the same entity via different routes. This has a dramatically negative effect on the customer experience.
Many financial service companies are exploring an onshore model in an attempt to reduce KYC costs, but this also has implications for the required IT infrastructure. Companies frequently underinvest in the required IT and use a ‘just in time’ or ‘just good enough’ approach to what is actually critical infrastructure. Without good infrastructure you will always be catching up and patching the system together. This is one specific area where partnering with a customer service specialist can be an immediate and direct benefit because they will have already invested in the IT infrastructure required to deliver a robust KYC program. Several companies have had to invest millions into IT to pull their models back together after facing regulatory issues. This process involves revisiting all policies and procedures and trying to tie things together regionally. The net result of all of that is a painful project that costs a lot of money.
In my experience there are really four areas where you should focus when planning a system to deliver KYC processes:
Verify customer identity. Use independent and reliable sources, such as government identification. Shift gradually towards digital identification and use social media to crosscheck official ID. Financial institutions need to demonstrate to the regulatory authorities that they have identified, assessed, and mitigated all relevant risks before introducing any new innovative solutions.
Determine risk profile. Customers should be segmented depending on their perceived AML risk profile. A customer with a simple bank account and no international transfers is clearly a lower risk than a customer with several accounts in different currencies and frequent cross-border transfers. The risk category chosen determines due diligence effort and monitoring levels.
Monitor customer behavior. This is an ongoing process. All transactions should be checked against customer characteristics and deviation from normal activity should create alerts or other actions.
Action non compliance. Customers that appear to be undertaking suspicious transactions risk having their account suspended or cancelled and potentially being investigated by the legal authorities if crime is suspected.
Using these four steps as a basic guide and involving operational team members in planning is the best way to ensure that you have an efficient - and workable - KYC policy. Even better, find a partner you can work with. A partner that has experience, infrastructure, and understands how to guide you through these four steps.