5 recommendations to help you avoid common pitfalls
Anti Money Laundering regulations have become a complex regulatory framework requiring financial institutions to conduct due diligence on customers and to seek out and report suspicious transactions. For banks and Insurances, compliance starts with verifying the identity of new clients, a process called Know Your Customer (KYC).
In addition to establishing the customer's identity, banks are required to understand the nature of a client's activity and verify deposited funds are from a legitimate source. Failure to comply can trigger severe penalties like in the SEB case where the Swedish bank was fined $170m for AML failures back in 2020.
Here is below a classical KYC process sequenced in 2 phases. The first one concerns the customer onboarding while the second part is dedicated to the ongoing business relationship.
We @ BearingPoint regularly identify many weaknesses and pain points in our customer AML projects relying on this type of KYC process:
- The long onboarding time and requirement leads to customer dissatisfaction
- The customer Risk Rating model activated in the 3rd step is usually not mature enough
- The quality of KYC relevant data collected during the Onboarding process is insufficient. This is due to decentralised databases and unstructured data formats
- This process requires high workloads due to the obligation to investigate every alert
- The increasing regulatory requirements constantly demand functional and technical evolutions
- The first phase involves a high training of the team which will reveal to be precious in the second phase as well
What we have also noticed is companies who want to speed up the process for faster onboarding are usually exposing themselves to a higher risk of error. In order to address all those above challenges banks and insurers need better practices.
It starts with an as-is analysis to identify gaps, inefficiencies and pain points in the current KYC process and to develop a Target Operating Model. As in every project management a clear RACI matrix needs to be set up and shared along with the thoroughly documented process. The risk policy has to be revised including the definition of low, medium and high-risk levels not only when it comes to country of origin but also depending on the customer's business line. For example cash-intensive businesses have a much greater propensity for facilitating placement of dirty cash into the financial system. From there a company must create a formal record of how the risk scoring model is designed, including the rationale behind the selection of each risk factor and any factor weighting.
This approach doesn’t require high investments and can quickly deliver tangible improvements. But managing a KYC process manually is still very tedious and a source of errors. In my next week's article I will demonstrate what part of the operations could be digitised and therefore automatised reducing both workload and flaws. Stay tuned!