By Rhodri James, Chief Revenue Officer at NorthRow
For regulated firms, Know Your Customer (KYC) verification is a critical requirement, but at the present time, their processes are flawed. With the cost of compliance escalating; the time it takes to onboard and monitor clients increasing, and periodic KYC reviews increasingly resource intensive and highly manual, it’s time for a change.
Firms need to adopt a continuous KYC model to improve customer experience, mitigate financial crime risk and increase their operational efficiency. This shift is about moving beyond simply knowing your customer and towards truly understanding your customer.
What is continuous KYC?
Continuous KYC (cKYC) is a term coined to reflect the transition from conducting inefficient costly periodic client reviews and remediation projects, to understanding the customers’ risk profile throughout the relationship or lifecycle. With the relevant insight, compliance teams can prioritise their focus to ensure compliance is no longer a tick box exercise.
Traditional KYC focuses on knowing your customers’ risk status in a snapshot of time at the point of onboarding. However, as we know, a client’s risk is never static.
In contrast, cKYC takes a proactive approach to managing risk at all times.
By applying Software as a Service (SaaS) monitoring tools and processes, compliance officers can understand their clients changing risk profiles in real-time and make data-driven decisions on how to reduce the overall burden of KYC. Compliance efforts can then be focussed where appropriate, depending on the firm’s appetite to risk.
We recently conducted a poll of compliance professionals, which found that more than 80 percent of organisations are actively monitoring their client portfolio. Almost half of these respondents (45 percent) told us that monitoring is important for client retention, while a quarter (24 percent) said that it aids cross-selling. So, the advantages are clearly recognised.
However, when asked how well client monitoring is integrated into their organisation’s risk processes, only 29 percent said that monitoring is fully integrated into their CRM. Some 40 percent said that they use a standalone or point solution for client monitoring, or that they it is not integrated into overall risk processes at all.
This should raise alarm bells and needs to be addressed.
The problem with traditional KYC and client reviews
Traditional KYC focuses on the element of onboarding a customer and fulfilling the necessary due diligence. After this the client account is often left untouched until the organisation schedules its next periodic review or remediation project, typically in one, three or five-year intervals.
Regulated firms typically manage to scrape through their one-year review cycles for their high-risk customers but rarely complete their three and five-year cycles for medium and low-risk customers respectively.
The time, and staff resource, required to conduct a periodic review are extensive. The traditional response to tackle the problem of client reviews has been to throw more people and money at the problem to resolve it.
This is the way it’s always been done for years. So why change?
The reality is that tomorrow’s world will be very different from that of today, and even further away from the one in which current processes were first conceived.
As we transition into a post-pandemic world, the economy is going to be volatile, clients’ risk status is going to be constantly changing and compliance budgets may even have been reduced.
However, sales teams are demanding better processes so they can onboard as many customers as quickly as possible. Often without a thought to the ongoing risk that customers may have to the business.
All this means is that the current approach to KYC and scheduled client review is now unsustainable.
Increasing risk of periodic client reviews
In a digital era, where new financial crime threats are emerging on a regular basis, KYC periodic reviews are now outdated. A true risk-based approach is knowing your customers on an ongoing basis, understanding when something has changed in real-time, and evaluating the associated risk appropriately.
Not understanding a change in your client risk-profile when it actually happens – is simply inadequate in the modern world of immediacy.
However, there are challenges with implementing a more robust and suitable compliance process.
Poor customer experience
Causing friction with your customers is not conducive to increased sales or maintaining low attrition rates. Customers don’t appreciate having their transactions blocked or being contacted to provide further documents and evidence to verify their status after the event.
Chances are if they have changed their status, they will not be contacting you – you should have the insight at your fingertips and have the ability to take remedial action immediately.
As regulation evolves, compliance teams will be required to obtain more information and data on a client at the point of KYC client review. If the periodic review is the point at which to address this, it is often outdated and onerous for the customer to source and supply.
On average it takes 45 man-hours to review medium risk corporate clients.
As an example; if you have a database of 2,000 medium risk clients that are scheduled for a periodic review, it would take 90,000 man-hours to complete the annual review process. However, even this does not take into account additional elapsed time for review, and the time it takes for clients to respond to a request for additional or updated data and documentation. Added to this, the average cost of a medium risk client review can be a minimum of £20 each time, so you can see how costs can quickly spiral.
According to the compliance consultancy firm Protiviti, “financial institutions currently spend approximately 80 percent of the time required for the periodic review process on data collection and consolidation, and only 20 percent analysing the data gathered”.
So how do we overcome these challenges and start shifting to a model where we really understand customers and the risks they might pose to businesses.
Automated alert threat monitoring
One relatively straightforward change can be entirely automated – thus not adding to the man-hour backlog.
Automated threat monitoring allows low risk changes to be flagged and added to customer risk profiles with relative ease. This enables customer review for both investigative purposes as well as control purposes.
Ensuring you have the most up-to-date information is critical for ongoing compliance and preventing risk and true threats, such as change of ownership to a high-risk country, for example, that would absolutely require further investigation or action
A slightly more complex change, but one that can pay huge dividends is dynamic risk scoring.
The typical model of customer risk assessment today is very static. Although we have largely moved away from spreadsheets and paper-based processes there is some way to go before achieving the nirvana of perpetual KYC.
Constant dynamic risk scoring that takes a data-driven and risk-based approach, across all KYC and CDD activities, can be achieved with continuous monitoring.
Today’s customer risk assessment needs to be dynamic to bring into account the customers transactions or their behaviour and the expressed risk of the customer relationship, instead of just the inherent risk.
Single Dynamic CRM
In order to satisfy the demands from the sales teams for better and crucially manage compliance and risk, better technology is needed.
With a single data point or CRM repository that has the ability to dynamically update internal and external data changes there are huge operational efficiencies to be had, both in terms of time and money.
Continuous KYC can also deliver simplified enhanced due diligence by monitoring the entirety of your customer network, automatically flagging any potential risk only and perform enhanced due diligence based on exceptions.
Deliver customer-centric continuous KYC compliance
One other big shift in the market is rethinking what the KYC process is and should be.
Currently KYC is viewed as solely a compliance activity, being carried out for the purpose of complying with regulations and knowing your customer from a control point of view, but not really from a competitive advantage or customer focussed approach.
However, if you look at new entrants within the fintech and technology space, these companies are really innovating how they use KYC to set their customer experience apart.
Take Monzo, Starling or Revolut who treat KYC onboarding and continued monitoring as a way to retain and interact with customers, rather than something that is onerous and difficult for that customer.
In today’s digital and demand-driven world compliance goes beyond a set of processes and instead should be insight-driven to provide new opportunities to drive customer focussed decisions. With the clever use of API driven technologies, machine learning and rules engines it means that cKYC is now achievable for all.
Move towards a better approach with continuous KYC
The time for maintaining the status quo or taking incremental steps in the face of industry disruption has passed and should be replaced by a dynamic approach to cKYC, focused on truly understanding customers.
The past 12 months has highlighted that businesses can adapt and deploy digital processes far quicker than their roadmap had originally scoped. The need to reduce unnecessary and repeated labour-intensive processes has never been more important.
By taking a transformational approach to continuous customer due diligence in your business you can deliver a better relationship with your customer and avoid costly manual processes for monitoring and remediation.