Making the case for ongoing KYC: Why the time for change is now

By John O’Neill

If you work in financial services then you’re already aware that knowing your customer (KYC) is not just an essential process, it is also a legal requirement. It’s part of the essential tasks banks perform to tackle anti-money laundering (AML) and other financial crimes.

Back in June 2017, the European Commission’s Fourth AML Directive set out new rules to help combat money laundering. This was supplemented in January 2020 with the Fifth AML Directive, which aimed to increase transparency about who really owns companies and other financial entities.

Similarly, in May 2018, the US Financial Crimes Enforcement Network (FinCEN) required banks to verify the identity of customers who own, control and profit from companies when they open accounts.

In spite of these efforts, the introduction of KYC policies within banks and financial institutions has not always been rigorous or wholly successful. Since 2008, global fines for non-compliance with AML, Know Your Customer (KYC), and sanctions regulations have exceeded $36 billion, with $10B in 2019 alone. Last year, 12 of the world’s top 50 banks were fined for non-compliance. And based on sanctions activity so far this year, that number will increase in 2020.

FinCEN recently reported that it is modernizing its AML requirements, which is likely to include updated guidelines for KYC. What will this mean for those working in compliance, and how does this affect the status quo?

First, let’s examine the three components that comprise an effective KYC program:

  • Customer Identification Program (CIP)
  • Customer Due Diligence (CDD)
  • Ongoing monitoring

When it comes to CIP and CDD, financial institutions put measures in place during the client onboarding to screen who they do business with. This means new customers are screened according to the bank’s policies and against watchlists before being allowed to conduct business. Where this KYC process can falter, however, is with the ongoing monitoring (or lack thereof) of customers, especially those who present as high-risk. Because customer profiles can change over time, financial institutions may fail to prevent money laundering or terrorist financing if they do not maintain a process that allows for ongoing, or periodic, review.

A recent report by the Financial Conduct Authority,  “Financial Crimes Thematic Review” found: “Around three-quarters of banks in its sample, including the majority of major banks, were not always managing high-risk customers and Politically Exposed Persons (PEPs) relationships effectively and had to do more to ensure they were not used for money laundering purposes. The FSA identified serious weaknesses in banks’ systems and controls.”

In addition to CIP and CDD checks at onboarding, many traditional KYC models review customers at other periods within the relationship. For example, it is not uncommon for many institutions to screen at one, three and five-year intervals. But this approach still leaves large swaths of time in which the bank has no insight into or oversight of changes to customer profiles.

Given these pitfalls, why haven’t banks and other FIs made strides to improve their KYC programs? One reason is that many institutions rely on processes that are heavily manual, and thus both time-consuming and inefficient. Humans sifting through heavy volumes of paperwork or data searching for inconsistencies or suspicious transactions not only requires huge amounts of time but is also susceptible to human error.

Moving to a more automated and AI-based model allows for continuous or dynamic monitoring. Any changes to customer profiles can be highlighted, and alerts can be triggered at any time. If the AI uses machine learning algorithms, it can not only scan huge amounts of structured and unstructured data 24-hours a day, it can also learn and adapt to become more accurate, reducing the number of false positives that require investigation. By learning and mapping new patterns of suspicious behaviour,  an explainable AI system can help an institution take preventative action and reduce its risk of non-compliance.

As McKinsey’s Transforming approaches to AML and financial crime report noted: “AI can also ensure that learnings from transaction monitoring or false positives are used to refine initial KYC questions, optimizing not just the KYC process but the full AML value chain.”

With an AI solution, an institution will gain continuous monitoring, and the quality of the monitoring will improve over time. Further, issues can be addressed as they happen and with the security of 100% compliance.  The result is an improved, endlessly learning process that is automated, yet controllable, and with increasing effectiveness.

About John O’Neill: 

John O’Neill received a Ph.D. in Chemical Engineering from the University of Illinois, modeling big data sets on supercomputers. He’s worked in the tech industry in Chicago for the last 25 years, primarily in the field of machine learning and Artificial Intelligence. His first novel, The Robots of Gotham, was released in 2017 by Houghton Mifflin under the name Todd McAulty.