By Stella Clarke, Chief Strategy Officer, Fenergo
Since the US government enacted the Bank Secrecy Act of 1970, global laws to fight money laundering have become more and more complex. While understanding the identity of customers has been an essential compliance requirement for more than 50 years, subsequent waves of regulation have added cost and complexity to the process of acquiring and retaining customers.
Financial institutions deploy large workforces to perform Know Your Customer (KYC) and Anti-Money Laundering (AML) tasks, with lots of time spent working across legacy IT systems and carrying out basic data capture and analysis. Many firms understandably see this labour-intensive process getting in the way of their fundamental business operations.
However, change is on the horizon. The industry can no longer sustain the investment in growing KYC operations teams year-on-year, and is turning to technology to create efficiencies, lower costs, shorten time to revenue, enhance decision-making and manage risk.
Data from our survey of over 1,000 c-level executives across 150 corporate and institutional banks paints an encouraging picture of changing attitudes. Financial crime risk is a top three investment priority for 45% of respondents, after cyber risk (49%) and operational risk (42%), reflecting the new business-as-usual for banks seeking to enhance controls for financial crime and protect IT infrastructure.
Impact of financial crime and cyber risk
When it comes to financial crime, banks face increasing risk of enforcement actions from the regulators for not having adequate KYC and AML processes and procedures in place. In 2021, AmBank in Malaysia was fined $700 million for failing to conduct effective due diligence of the former Malaysian prime minister who transferred millions of dollars from the 1 Malaysia Development Berhad (1MDB) fund into his AmBank account. While fines grab the headlines, the larger impact is the cost of remediation and the lasting damage to the reputation of the firm.
As for cyber risk, for several years now, this has been the number one issue as more and more financial institutions have pivoted to the cloud. It is clear that cyber risk is almost becoming business as usual.
The operational risk factors
KYC reviews are incredibly time-consuming for firms that serve corporate customers. The survey shows that a KYC review for a single corporate client takes from 31 to 60 days (Figure 5) for 40% of banks to complete. While there is clearly room for improvement in the majority of financial institutions, a minority have much further to go in expediting the KYC review process. One fifth say it takes up to 150 days and 8% take up to 210 days to complete a single review. In today’s technology-first era, that is clearly an unnecessary drain on operating costs.
KYC is not just an operational pain point. 90% (Figure 6) of the surveyed banks said that their existing process, with its potential for human error, impacts their risk decision-making. However, the biggest problem around current KYC practices is the cost.
Two thirds of survey respondents said a review costs between $1,501 and $3,500. For banks that may be onboarding tens of thousands of clients every year, KYC costs alone can run into millions of dollars (up to $35 million for a bank onboarding 10,000 new clients per annum).
However, KYC reaches far beyond initial onboarding. There is also the ongoing burden of managing periodic KYC reviews. As evidenced by our survey, this process is expensive and time-consuming for many firms. The research describes an environment which is heavily manual, siloed and requires significant human intervention, with 31-50% of review tasks being conducted manually for 41% of respondents.
In the case of ongoing reviews of client profiles, the number of trigger events that have a material effect on risk relationships – such as the arrival of a new CEO, a change in jurisdiction, or a senior executive becoming a politically exposed person (PEP) – that banks are required to assess is already high. Just under three-quarters of respondents (Figure 8) receive between 2,001 and 4,000 trigger events per month.
For a large corporate and institutional bank with anything from 70,000 to 100,000 clients, the scale of the book of work is eyewatering. Another key component of ongoing KYC reviews is understanding transactional activity and proactively reacting to unexpected patterns. Yet 56% (Figure 9) of respondents haven’t fully integrated KYC with their transaction monitoring systems, making the ongoing monitoring of client behaviour for risk assessment extremely difficult.
So, with these operational, financial crime and cyber risks all in mind what is the alternative to managing ongoing KYC compliance with static client profiles that have to be updated manually?
The technology opportunity
With technology and automation, firms can ensure client profiles are updated automatically and in real-time, allowing for the continuous monitoring of risk. Through API integrations with third party providers for entity data, screening and AML transaction monitoring systems, FIs can automate and streamline KYC events and detect and react to changes in client data as they arise, while capturing new sanctions, PEP and adverse media hits.
An automated system can decipher and triage the materiality of trigger events to straight through process low-to-medium risk cases, requiring analysts to just focus on higher risk cases that require human intervention. Firms are clearly overly reliant on manual processes to satisfy regulatory requirements. As innovation reaches into KYC operations, the survey shows that investment in headcount is beginning to plateau, while investment in technology ramps up.
The business case for technology is clear. A KYC process comprises a set of discrete tasks: asking KYC questions, collecting data and documents, validating information, unwrapping ownership structures, performing AML checks and much more. Just 2% (Figure 7) of firms have reached a point where less than 10% of their KYC review tasks are completed manually. Others have a long way to go, with 28% of firms still completing 41-60% of tasks manually.
This pivot towards automation to improve the accuracy and quality of KYC reviews reflects concerns about the sustainability of adding human resources to carry out manual tasks in a high-volume environment. Increasing payroll without investing in the appropriate tools is not a viable route to effective compliance. For these goals to be achieved, a greater degree of integration and standardization is needed. The ideal solution is a unifying Client Lifecycle Management (CLM) platform connected to an ecosystem of internal systems, data providers, vendor solutions and customer channels.
The KYC road ahead to 2023
As regulation evolves unabated and scrutiny from the regulators increases worldwide, financial institutions will always be required to know who their customers are and to periodically review and refresh information they hold on their customers throughout their lifecycle. Our research shows that despite advancements in technology, financial institutions are faced with huge challenges with regards to automating processes and procedures for the onboarding and maintenance of clients for KYC compliance.
Adopting technology to install automation into the entire KYC process end-to-end will streamline and accelerate time to onboard, while ensuring client risk profiles are automatically kept up-to-date and in real-time. For periodic reviews, automation can straight through process low risk clients, so that KYC analysts can adopt a risk-based approach and focus effort on higher-risk cases. On a business level, an automated KYC process will reduce operational and regulatory risk, significantly increase efficiency gains, while enhancing the customer and employee experience.