Regulatory expectations surrounding Know Your Customer (KYC) due diligence, which banks must perform when onboarding a client and periodically throughout the client lifecycle, are increasing and becoming more complex.
Large banks and financial institutions already spend many millions of dollars annually completing KYC research across their client base. There is a huge opportunity to automate and improve much of the process, driving up operational efficiency at the same time as strengthening controls. Automation will also prove critical in the longer-term move towards pKYC, or perpetual KYC, under which a bank would build the capability to flag changes in customer risk immediately, rather than periodically, so that it could act quickly to defuse regulatory and reputational risks.
The KYC challenge
KYC due diligence typically entails building an up-to-date view of a client’s key defining attributes such as the nature of its business, ownership structure, directorships and key controllers. This in turn means researching public sources, government and regulatory registries, and premium third-party data providers, as well as reaching out to the client themselves.
At present, this research exercise is often entirely manual, with KYC analysts accessing hundreds of pre-approved websites and data sources to download relevant registry extracts or related documents. Through ‘copy and paste’ or manual re-keying, the analyst then populates the required data fields and stores the key supporting documents in bank reference systems.
As with other such manual processes, this takes time and leads to inaccuracies and errors which, in turn, drive the need for reconciliations in downstream processes.
Where is the industry moving?
Increased data availability, improved connectivity to trustworthy sources of data, and the maturing of third-party RegTech mean that is it now possible to automate a significant portion of the KYC process – particularly the aggregation of KYC data and documents.
Widespread API connectivity is now available for a majority of the jurisdiction-specific commercial and business registers that banks leverage for KYC research. This means that after implementing a data aggregator with automated file collation, banks can now gather the most up to date and reliable data points and documentation from hundreds of relevant approved sources in one go.
This gives them a single view of the publicly available data for each client that can be compared automatically to internally available data and then stored in internal reference systems without the need for human manipulation. KYC research that could take weeks to perform against client profiles, can now sometimes be completed within minutes.
Furthermore, by removing the need for the analyst to manually re-type data, automating the storage of data and documents significantly reduces the risk of ‘fat finger’ quality issues.
Not everything can yet be automated. Additional ‘top-up’ research may still be needed where API connectivity is not yet available for a given jurisdiction’s registry, and outreach to the client will still be required where privileged or private data or documents are not publicly available.
A consolidated view of the customer data can be presented to the analyst for review before the data is systematically stored into back end systems of record. Maintaining this analyst check means the current operational controls are preserved, simplifying the adoption path.
Augmenting the analyst review, once integrated via an API, the consolidated search results can also be evaluated using predetermined rules to determine what needs to be done with the data and documents for a given case. The materiality of any change in the facts surrounding a customer can be automatically checked by systematically comparing the search results against the bank’s existing view of the client.
For example, if a client has changed address within the same regulatory jurisdiction, this will have a much lower impact on the client’s risk profile than if the client moved to a new jurisdiction, which might bring the client into scope for additional KYC checks and potentially impact a client’s risk score.
Automatic assessments like this can be used to determine what level of research is needed for a given case: if the change is not material, there may be limited benefit in an analyst processing a full KYC file for the client.
Onboarding a data aggregator can help banks take advantage of a maturing KYC data landscape to improve both their operational efficiency and their operational controls. The return on the investment can be maximized by taking the extra step of integrating via API, which allows the results to be systematically assessed including automatically processing the data and storing documents.
Taken together, the improvements should significantly speed up a bank’s KYC processes and enable more frequent and better targeted KYC reviews. This would also represent a significant step towards pKYC.