An alternative to manual & digital internal management of KYC
We all know: Managing a KYC process manually is incredibly tedious and a huge source of errors. But on the other hand digitising the whole management requires heavy initial investments plus serious maintenance as regulations keep evolving.
A third alternative is to outsource some of the KYC tasks to an external factory-like service provider. This approach is completely legal if of course the third party is an obliged entity according to the AMLD IV or to any national money laundering act. To go further it’s even possible to hire a company or a person with whom a contractual outsourcing agreement exists.
This solution offers many advantages:
- Integration of profound functional and technical Anti Fiscal Crime (AFC) know-how and industry-like production
- Providers comply with the most recent regulations and advise customers on evolutions
- Concentration of industry-like production and mapping of the AFC process chain by merging service offerings
- Promotion of communication through an established collaboration model
- The entire workforce can finally focus 100% on their core business and therefore move away from repetitive, low-value tasks
But, because there is always a but, only certain parts of the process can be outsourced.
If we take a look at a classical KYC process we can see it sequenced in 2 phases. The first one concerns the customer onboarding while the second part is dedicated to the ongoing business relationship.
So far only the second block of the first phase can be outsourced:
- Identifying the customer and verifying the customer's identity
- Identifying and verifying the beneficial owner
- Assessing and obtaining information on the purpose and intended nature of the business relationship
- In some countries like Germany for example the assessment of the PEPs can also be outsourced.
You may think this outsource approach is somewhat limited, but … it is possible to obtain external helping hands from an obliged provider to support the second phase of the KYC process:
- Ongoing monitoring activities (e.g., processing of backlog, Adverse Media checks)
- Ongoing enhanced due diligence activities (e.g., support in screening customers against sanctions and PEP watchlists)
- Periodic and event-based KYC updating (e.g., support with KYC data collection)
The regulatory limits of outsourcing do not apply to this form of support. Therefore, when defining your KYC management strategy you need to make a distinction between outsourcing and support services.
Finally those who are considering outsourcing part of their KYC need to also check the data protection requirements to put in place for the sharing of customer data with a third party.
Should you need any guidance in managing your KYC process, do get in touch with me. For more than two decades, we at BearingPoint, have been supporting Insurance companies to overcome their challenges providing a holistic approach and pragmatic recommendations.