What are the benefits and challenges of a perpetual KYC model in financial crime prevention?
With increasingly stringent know-your-customer (KYC) requirements, financial institutions must periodically refresh information held about their customers.
This financial crime prevention strategy goes beyond the initial customer due diligence (CDD) carried out within the initial onboarding phase as institutions must monitor clients on an ongoing basis and maintain their records.
Financial services firms have been looking for many years to improve efficiency in this space, using a data led approach and automation to reduce costs. For many, this has been a slow process, with other programs taking priority due to cost or resource limitations.
Despite the numerous challenges a large institution faces when attempting to overhaul its processes, the benefits can be huge.
The evolving face of Customer Due Diligence and pKYC
Ongoing monitoring often takes the form of periodic reviews – the frequency of which is determined by the initial customer risk rating (CRR) during onboarding. Periodic reviews can be cumbersome, a drain on resources, and not always a good experience for the customer.
With greater focus being placed on truly understanding a customer and their behaviors, especially in the light of recent data leaks, news headlines, and cross-border activity, even the likes of continuous KYC under CDD hasn’t provided enough to plug the gaps and meet heightened expectations.
Automation, data, and perpetual KYC are key in helping to accelerate the due diligence process and minimize the gaps, leading to faster onboarding, reduced exposure to risk, and increased resilience.
Improving financial crime prevention with sustainable pKYC
Perpetual KYC or pKYC is a process that responds to changes as soon as they are made, rather than a time-based review of information. It is proactive rather than reactive, which means its ongoing due diligence approach is dynamic and refreshed based on response to key triggering events.
Sustainable and successful perpetual KYC requires investment in data quality, KYC standards, and cultural buy-in from senior management.
Why pKYC is better than periodic reviews
Periodic reviews can be laborious to carry out. They also allow for windows of change, where criminal activity can stay under the radar for long periods of time. Even continuous CDD and KYC remediation – whereby firms frequently update customer data and profiles – can miss key changes in behavior and activity, masking the gaps.
The benefits of perpetual KYC over periodic review are in two key areas:
- Risk mitigation – Many institutions already have an element of pKYC around sanctions screening and politically exposed persons (PEPs) as they are usually checked daily against watch lists. However, it’s often overlooked that although daily checks are done, institutions may be regularly screening the wrong individuals if they have missed updates to their directors or beneficial owners. Perpetual KYC will flag these changes so institutions can begin screening the new individuals. Additionally, changes in beneficial ownership several layers away in other countries may not be realized or surfaced as part of traditional reviews. After all, there are huge differences between explicit sanctions, implicit sanctions, and sectoral sanctions. The right data and alerts can surface this kind of information more readily and automatically via perpetual methods, and in turn, help in understanding client risk impacts on the institution.
- Right-sizing effort – Periodic reviews can often be 12 months or more apart. Within a 12-month period, some entities will have seen change – whether that be new directors, watch list hits, new Ultimate Beneficial Owners (UBOs), a new address or contact information, but many will have had no changes at all. During the review, all aspects of all entities are re-checked, eliminating gaps and windows of change that impose risk.
With perpetual KYC, the initial KYC/CDD onboarding process is the same. The difference is that when changes happen in the data, they are picked up in real-time and trigger an event that is captured, then automatically assessed and actioned by the system. If there is concern, a CDD operative or analyst intervenes and decides whether to take further action. This allows institutions to ‘right size’ their approach and spend more time on entities where there are more changes and higher levels of risk.
Achieving pKYC effectively: utopia vs reality
There are some foundational elements that must be in place to achieve perpetual KYC and higher levels of automation in CDD. It is easy to overlook these, so being informed and prepared to address them before starting will help for a successful transition:
- Data strategy – often the most challenging and overlooked part of the puzzle, this is a necessary fundamental for pKYC. Certain types of data are hard to capture and maintain, so institutions need to consider how to do this, as well as how to bring together information held in disparate systems to be integrated with live feeds and generate triggers.
- Workflow – to aid high levels of automation, the compliance policy needs to be capable of being digitised into the workflow. An example of this is flow or decision-making rules for what is sent to simple vs. enhanced due diligence.
- Monitoring – often an existing element in the compliance process, institutions need to focus on how to integrate live updates into AML monitoring processes for increased levels of automation. This also includes data held in separate systems to screening systems, to enrich and maximize the monitoring process.
- Human Intelligence and review – the combined power of automation and human intelligence should not be underestimated in achieving sustainable pKYC. While it is impossible to automate 100% of cases, what can be automated and straight-through-processed, should, enabling analysts to their spend time on cases with the most risk, such as false positive reviews that require manually review and action closure.
How can institutions design an effective automated pKYC program?
Best practice when creating a perpetual KYC program with automation is to ensure updates and monitoring are included by design, rather than being an afterthought. Institutions should think about the data they capture while onboarding and how that can be monitored automatically and maintained. This may mean re-engineering parts that are too manual or not using structured data. If thought about as part of the foundational steps like data strategy, policy, or workflow, it will be much easier to move into monitoring and adjudication.
This post was a combined effort between SymphonyAI and Dun & Bradstreet.
