Compliance and regulatory reforms are always at the center stage in the financial domain. Banks, brokerage houses, regulatory bodies across the world are key stakeholders in terms of complying them. The role of technology is by no means a small factor in the ecosystem. For example FATCA initiative, AML regulatory norms are critical initiatives which are to be mandatorily implemented. They heavily impact the IT Landscape and workflow architecture of the existing core banking systems.
This paper aims to identify current gaps in existing KYC systems and the need for a new system which is built on "Risk based Approach" by adhering to Global regulatory norms. Also the implementation challenges which majority of Core banking platforms face are discussed with alternatives.
Overview of existing KYC systems
KYC (Know Your Customer) policies are made mandatory to any financial institution across the world by regulatory bodies. Various laws like US Patriot Act, Bank Secrecy Act, and Prevention of Money laundering Act help define the processes and scope for IT systems to meet the requirements. Below are the few gaps in existing KYC system
- Current systems segment customer at a very high level based on few fixed variables. This is a necessary but not sufficient methodology as it lacks in anticipating customer transactions and dynamic categorization of customers into coherent groups.
- In majority of Banks and nonbanks, onboarding KYC systems and AML data bases are not integrated as there is no end to end feedback mechanism established
- Factors like managing the material changes for the existing customers and the process of screening or periodic review to analyze the relationship with the customer which are not up to the mark
Future KYC – Risk Based Approach
A Future KYC is standard one stop solution for all the due diligence and money laundering requirements which is scalable and consistent. It supports varying risk weights parameterized for several factors across all the customer types- Individual, corporate, government, banks across the world. This approach feed AML systems with predictive data and helps them set variables and parameters on this basis. Based on which the outliers will be identified. It helps to know customer better and reduce false positives at a later stage
Functional Implementation Approach
- Core Identification Program
- Basic Customer Data– National ID, SSN , Passport
- Documentary collection and verification
- Identify Customer type and segmentation
- Customer Due diligence
- Demographic data management
- Third party data – beneficiary, trustee, POA
- KYC data – employment type, source of funds, Tax status
- Risk calculation
- Enhanced Due diligence
- Screening with OFAC, Local and other blacklists
- Client location visit based on customer type, asset under management
- Risk assignment , approval management
The solution systems screen based on fuzzy logic, help preliminary auto screening for a customer before creation. Risk Decision engines are rule based logics built on variables which have parameterized weights on the basis of country and institution level regulations. Several variables for example- legal address country, source of wealth, job industry type, product transaction type and estimated transactions, etc., are assigned risk scores based on several parameters. The sum weighted average score helps the system identify the customer and segregate into Low or Medium or High risk. Also the approval workflows algorithms are based on risk level of the customer.
The data from different vendors is fed to KYC platform. KYC system maintains each customer data in the form of records at Customer level, Account level or a universal dataset which enables to extract and create flat files based on the focus type. Post this several stakeholders with various roles are involved in approving the record on the basis of risk rating. An Alert Generation process actively sends reminders to corresponding stakeholders for timely approvals and review of the records. KYC continuously engages with Document repository for customer data storage. Also it periodically sends and receives data to Data Ware House for monitoring, Case management for compliance and Business reposting data bases.
A successful roll over of such a critical and complex requirement needs in depth Requirement analysis, to support development and testing for an appropriate deployment model. Accordingly below are the challenges to be addressed
- Majority of Global banks' core banking systems are built on tightly coupled Service Oriented Architecture. Building the architecture to meet the enhanced Risk Management Approach touching upon existing systems without affecting the original work flows is a challenge
- Data Migration and integrity – Uplifting existing KYC records to the new standards without affecting the day to day activities of business by meticulous planning and addressing the data quality issues from several platforms.
- Mapping of data elements from several sources to the solution system variables to carry equal sanctity and properties
- Data Privacy issues adding complexities to an Onsite-Offshore model of operation.
- Training – Compliance, Operations and Business Users will need to be trained on standard policies, procedures and operating model before enabling new platform
The core implementation approach can be in 2 phases
- For New To Bank customers- Any Consumer, Corporate, correspondent bank or Government Institution etc opening an account with the bank for the first time needs to undergo the process mentioned above. Only then the Account will be created and a Relationship will be assigned based on Risk level
- Existing Customer – A default risk is assigned on the basis of few parameters like Negative news check, sanction country flag, occupation and industry code. At a later stage a consistent periodic review will be performed in a phased manner and manual uplifting will be done. Also the true beneficial owner details are collected in this phase
Since majority of banks and financial institutions across the globe are looking out to comply with Global AML policies, they have to work for an enhanced risk management approach. This is in the interest of protecting the institutions from regulatory, fraud, legal, monetary risks. As discussed the solution developed and rolled over must be scalable for any future regulatory and functional enhancements.
About the Author
Sravan is an Associate Consultant working with Maveric Systems. In the past 2 years he predominantly worked in Regulatory and Compliance domain (KYC AML FATCA) for global retail banking clients.
He has over 58 months of experience in Waterfall and Agile SDLC models across Requirement analysis and gathering, User story building, Use Case modeling, Business process mapping and the development of test scenarios.
Prior to joining Maveric Systems he pursued his Masters in Business Administration from Narsee Monjee Institute of Management Studies, Mumbai.
ABOUT MAVERIC SYSTEMS
Maveric Systems is a leading provider of IT Lifecycle Assurance services across the technology adoption lifecycle. Maveric partners clients from requirements to release with innovative IP-led solutions. The company's Requirements Assurance, Application Assurance and Program Assurance services are aimed at delivering successful outcomes on transformation programs for leading corporates in BFSI and telecom verticals. Maveric's services are highly domain-led and this expertise is reflected in its superior solutions.
Over the last decade and more, Maveric has supported a large number of clients through their transformation programs involving implementation of core business systems, CRM systems, payment systems, billing systems and other sub-systems. Maveric delivers successful outcomes on transformation programs for leading corporates through its immense domain expertise, superior knowledge of industry-standard solutions, innovative testing productivity accelerators and relentless passion.
With its background of bringing innovative solutions to solve client problems Maveric has developed a first- of-its- kind automated specification generating platform, AssureHawkTM. This solution uses readily available skills, doing away with the need for specialized product expertise, business knowledge and specification writing skills.
Recognizing the need for building passionate Testing and Assurance professionals to cater the growing resource need, Maveric partnered with the Loyola Institute of Business Administration (LIBA), in 2004, to start a custom designed 2-year postgraduate program in Testing and Assurance. This program has been very successful in bringing fully rounded Assurance specialists into the system.
Headquartered in Chennai, Maveric has a dedicated global offshore delivery centre and R&D lab in the city. With a headcount of 1200, the company has offices in London, New Jersey, Dubai, Riyadh, Kuala Lumpur, Singapore, Mumbai and Bangalore.