Several interconnected global trends have heightened the risk banks face when combating financial crime. First, regulators are continually revising rules as they expand their focus from organised crime to global terrorist networks, many of which have grown more sophisticated in recent years. Second, integrated networks and an increase in cross-border transactions have left gaps in banks’ infrastructure, increasing their vulnerability. Finally, the increased use of economic sanctions on targeted individuals and even specific individuals due to foreign policy.
Regulators have typically played catch-up in response to these global trends. The UK Money Laundering Regulations 2017 (“MLR17”), and the EU 4th Money Laundering Directive (“4MLD”) are far more prescriptive and granular with regards to their regulatory obligations, requiring firms to carry out constant review and monitoring of their clients and counterparties.
The financial services industry has typically managed this level of institutional change by investing heavily in AML compliance programmes which look more like “factories,” and less like the independent oversight functions that banks first envisioned. By employing huge teams, implementing manual controls, and utilising point-in-time systems, many financial institutions continue to face wide challenges:
- A lack of standardisation, especially with regards to the implementation of a risk-based approach to AML
- Data quality and data integrity issues (significant investment in ‘traditional rules’ based, transaction filtering/monitoring technology to identify “false positives”)
- Reliance on paper-based verification and manual processing
- Disparities between sources of KYC verification sources and data to validate KYC obtained from customers
- Significant overlap with other policy areas (GDPR, bribery & corruption, data security etc)
The result, as with most regulatory change and compliance programmes, has been an increase in costs.
Those in the regulated financial services industry have long groused the costs related to KYC and client-due diligence. Just last week, US Bancorp was hit with a $613 million fine for failing to monitor suspicious transaction and other anti-money laundering (AML) activities. More costly still is the $60 million annual remedial expense of improving operational processes and adding personnel to cope with regulatory change and preventing such action in the future. However, rather than lament about these costs, why not join the debate on how the latest RegTech developments can start to free up your balance sheet and ensure compliance to the regulations?
The new frontier in KYC/AML
Many of the challenges of KYC/AML implementation are on the global agenda, with several collaborative efforts currently working on developing a standardised approach to manage regulatory change and thus, facilitate the adoption of new KYC/AML technologies. In this regard, financial institutions have started to adopt a forward-looking, client centric, and disgitised approach to reduce the financial and non-financial costs of KYC/AML compliance, with regulators worldwide also having issued statements of encouragement on the adoption of new technology to improve KYC/AML processes and experience. These have the potential to benefit a number of processes related to:
Significant investment and effort has been historically committed to backward looking ‘traditional rules-based’ transaction filtering/monitoring technology in an effort to reduce ‘false positives’. With new technology and innovation in areas such as entity/network resolution and anomaly detection tools, is it time that the industry started to be more driven toward adopting/investing in a more AI centric AML/Sanctions system non-rules-based approach?
New technology can improve speed and efficiency by automating previously manual processes. Data-driven, AI software could be used to monitor the regulatory scene worldwide for updates in regulations, sanctions list and adverse media. More importantly, it could be used to compartmentalise and prioritise clients – speeding up compliance checks, on-boarding and most importantly, make it possible to carry out ongoing monitoring post-onboarding process.
Alternative KYC identity verification methods
There has been a gradual shift towards ‘digital identification’, whereby society and business has become increasingly paperless and more online. This has been evidenced on a small scale for verification purposes, with social media checks becoming more mainstream in validating individuals. Is there remit for social media to replace the utility bill as a form of verification, provided the data is ‘public or consent is given’?
Aligning KYC Document Management with other regulation
As of 25 May 2018, the GDPR regulations come in to force in the EU, enshrining more privacy for individuals and notably the right to be forgotten. In light of these new regulations, what factors to organisations need to consider when continuing to execute processes and controls for KYC/AML purposes, and if so, where can technology help?
Vital points to consider
Many in the industry have acknowledged the benefits of innovative technologies such as biometrics/video KYC, data analytics, machine learning, NLP and blockchain/distributed ledger technology (DLT). However, when considering their business application and answers to some of the questions raised above, firms must be sure to balance enhanced capabilities with adequate controls and appropriate responsibilities. On this point, the European Supervisory Authorities, in their ‘Opinion on the use of Innovative Solutions by Credit and Financial Institutions in the CDD Process’, conclude that firms should be able demonstrate to their regulatory authorities that they have identified, assessed and mitigated all relevant risks before introducing innovative solutions to their CDD process.
With this context in mind, leading institutions and collaborative efforts, such as the RegTech Council, are focusing their efforts on initiatives which will look to define a common understanding of how to undertake KYC/AML by developing standardised workflows which are granular enough to take into account semantic requirements, jurisdictional differences, and size and risk of business. This end-to-end, optimised, and technology enabled view of KYC/AML will be critical in setting new standards for customer-data intake to customer identification to risk-based due diligence to monitoring. Currently, no third-party provider supports this entire process; raising the bar for regulatory technology start-ups wishing to fill this gap.
The industry is at a turning point. Banks, regulators, and solution providers are reconsidering their approach to KYC and AML, but many questions still remain. The benefits and risks associated with the use of innovative technology will be the central focus of the KYC/AML – the future of ‘compliant’ AML technology debate at JWG’s RegTech Capital Markets Conference on 7 March 2018.
Registrations have topped 375 attendees from over 70 investment firms, regulators and standards bodies. If you would like to attend the conference, then please register via this link. Better still, if you are employed as a senior manager at an investment firm you get in for free.