By John O’Neill
If you work in financial services then you’re already aware that knowing your customer (KYC) is not just an essential process, it is also a legal requirement. It’s part of the essential tasks banks perform to tackle anti-money laundering (AML) and other financial crimes.
Back in June 2017, the European Commission’s Fourth AML Directive set out new rules to help combat money laundering. This was supplemented in January 2020 with the Fifth AML directive, which aimed to increase transparency about who really owns companies and other financial entities.
Similarly, in May 2018, the US Financial Crimes Enforcement Network (FinCEN) required banks to verify the identity of customers who own, control and profit from companies when they open accounts.
In spite of these efforts, the introduction of KYC policies within banks and financial institutions has not always been rigorous or wholly successful. Since 2008, global fines for non-compliance with AML, KYC and sanctions regulations have exceeded $36 billion, with $10 billion in 2019 alone. Last year, twelve of the world’s top fifty banks were fined for non-compliance. And based on sanctions activity so far this year, that number will increase in 2020.
FinCEN recently reported that it is modernizing its AML requirements, which is likely to include updated guidelines for KYC. What will this mean for those working in compliance and how does this affect the status quo? First, let’s examine the three components that comprise an effective KYC programme:
- Customer Identification Programme (CIP)
- Customer Due Diligence (CDD)
- Ongoing monitoring
When it comes to CIP and CDD, financial institutions put measures in place during the client onboarding to screen who they do business with. This means new customers are screened according to the bank’s policies and against watch lists before being allowed to conduct business. Where this KYC process can falter, however, is with the ongoing monitoring (or lack thereof) of customers, especially those who present as high-risk. Because customer profiles can change over time, financial institutions may fail to prevent money laundering or terrorist financing if they do not maintain a process that allows for ongoing, or periodic, review.
A recent report by the Financial Conduct Authority, “Financial Crimes Thematic Review” established that : “Around three-quarters of banks in its sample, including the majority of major banks, were not always managing high-risk customers and Politically Exposed Persons (PEPs) relationships effectively and had to do more to ensure they were not used for money laundering purposes. The FSA identified serious weaknesses in banks’ systems and controls.”
In addition to CIP and CDD checks at onboarding, many traditional KYC models review customers at other periods within the relationship. For example, it is not uncommon for many institutions to screen at one, three and five year intervals. But this approach still leaves large swaths of time in which the bank has no insight into or oversight of changes to customer profiles.
Given these pitfalls, why haven’t banks and other financial institutions made strides to improve their KYC programmes? One reason is that many institutions rely on processes that are heavily manual, and thus both time-consuming and inefficient. Humans sifting through heavy volumes of paperwork or data searching for inconsistencies or suspicious transactions not only requires huge amounts of time, but is also susceptible to human error.
Moving to a more automated and artificial intelligence ( AI) -based model allows for continuous or dynamic monitoring. Any changes to customer profiles can be highlighted, and alerts can be triggered at any time. If the AI uses machine learning algorithms, it can not only scan huge amounts of structured and unstructured data 24-hours a day, it can also learn and adapt to become more accurate, reducing the number of false positives that require investigation. By learning and mapping new patterns of suspicious behaviour, an explainable AI system can help an institution take preventative action and reduce its risk of non-compliance.
As McKinsey’s Transforming approaches to AML and financial crime report noted: “AI can also ensure that learning from transaction monitoring or false positives are used to refine initial KYC questions, optimizing not just the KYC process but the full AML value chain.” With an AI solution, an institution will gain continuous monitoring, and the quality of the monitoring will improve over time. Further, issues can be addressed as they happen and with the security of one hundred per cent compliance. The result is an improved, endlessly learning process that is automated, yet controllable and with increasing effectiveness.