What is pKYC?
Perpetual KYC (pKYC) is a relatively new method for safeguarding customers, improving the traditional Know Your Customer (KYC) process with continual checks. Rather than only assessing individuals or entities on sign up and then every few years, pKYC allows for ongoing checks that take place in near real-time. As a result, it lessens the risk associated with all customers and businesses. Organizations must confirm the identity of individual clients and companies (often referred to as KYB – Know Your Business), maintain accurate customer and company records, and ensure that they are not involved in anything illegal. It is part of the Customer Due Diligence (CDD) process.
Currently, an investigator will only investigate a customer or organization if an alert tells them to or if it is part of a schedule – perhaps checking every 1, 3, or 5 years. Rather than manual checks, pKYC uses rules-based triggers to continually assess customers and their data, which is most often held in the cloud. Though it doesn’t need AI or machine learning to work, it is enhanced by these technologies, especially in regards to anti-money laundering and behavior analysis. AI allows companies to go beyond the standard customer due diligence required by regulators, instead offering a much more in-depth, automated analysis.
As with current KYC processes, these real-time checks may trigger an alert. For example, suspicious behavior on the part of the customer or amendments to information such as a business address. Just like with traditional KYC, perpetual KYC risk tolerance can be changed depending on a financial institution’s tolerance levels.
What is the potential of pKYC?
The potential of pKYC is huge. Its modern, technologically advanced approach to the KYC and CDD process allows financial institutions to stay on top of risk and save money. In a report in 2022, PricewaterhouseCoopers found that a medium-sized bank ordinarily spends $24m on KYC for corporate customers and $22m on retail customers annually. They could save as much as $14.4m on corporate customers and $13.2m on retail customers, a saving of between 60-80%.
In the same report, PwC highlight that investigating a ‘typical’ retail customers takes 87.5 minutes (from as little as 70 minutes to as much as 105 minutes), while a ‘typical’ corporate customer takes 40.3 hours (18.5 hours for a simple case rising to 62 for a complex one). With financial institutions currently having to undertake this work at regular intervals, regardless of customer risk level, it represents a significant burden on resources and productivity. With pKYC, this isn’t the case with only those customers that trigger an alert likely to be investigated.
Not only does a pKYC process benefit a bank; by enacting such processes, the financial institution is less likely to fall foul of regulations, which improves trust, brand loyalty, and reputation amongst customers.
How do banks perform traditional KYC checks?
Banks and other financial institutions perform KYC checks by asking for information from prospective customers. Names and addresses are often asked for, as are social security or national insurance numbers. Alongside this, a proof of identification may be requested. These are then enhanced with publicly available information such as addresses or details on an electoral register.
More recently, a selfie or video can sometimes be requested, which is again used to verify the information being received.
At a company level, a financial institution will ask for the names of company directors and business addresses alongside information such as revenue reports.
The collected information is then cross-referenced against lists of names and companies already known to government or law enforcement agencies (such as sanctions lists). This can help identify many things including criminals, the country’s laws that they must abide by, whether they are or have been involved in money laundering, and whether they are a politically exposed person (PEP).
After signing up or registering with a bank, traditional KYC checks are then performed on a periodic basis, generally every one, three, or five years for low-risk customers, or perhaps within six months for an individual perceived as having a higher risk.
Benefits of pKYC over traditional KYC
There are many benefits of pKYC over the traditional KYC process. The main benefits are as follows:
- Ongoing, real-time checks on customers and businesses in contrast to traditional KYC checks, which occur on sign up and then periodically, every one, three, or five years.
- pKYC is a proactive approach to risk mitigation compared to the reactive process of traditional KYC
- Fully automated process in comparison to traditional KYC, which is a combination of manual and automated
- Events trigger a new pKYC update rather than occurring on a scheduled review date
- Customer information is perpetually up to date rather than updated every couple of years for a low risk customer
- Analysts prioritize customers that trigger an alert rather than checking every retail or business customer
- Significant productivity savings across financial institutions with only customers that have triggered an alert being manually investigated
- Huge financial savings of 60-80%, which is in the tens of millions of dollars for a medium-sized bank.
- Risk-based decisions are made with greater confidence as they are based on up-to-date, reliable data.
The challenges of implementing pKYC
It’s easy to see why financial institutions are talking a lot about pKYC (or its other names of ‘event-driven KYC’ or ‘continuous KYC’). It’s clear that implementing it is something that all financial institutions need to do as soon as possible. Right? The answer is more complicated.
Although pKYC offers many significant advantages, and many banks and other financial institutions do wish to have perpetual KYC in place sooner rather than later, such an implementation is difficult.
pKYC isn’t just a system update, a one-off integration that you can plug into your system, flick a switch, and consider the problem solved. It’s a huge infrastructure change. Integrating a pKYC solution doesn’t just affect one department either, but many different parts of an institution, which are often currently siloed. As such, this isn’t merely an engineering problem to solve but it represents a shift in the cultural mindset of a company as well.
Though this is the case, and achieving full pKYC may take many different steps in order to achieve a complete solution, there is no better time to start the process and put the building blocks in place.
The future of pKYC
pKYC is the next step in regulatory compliance, a huge advancement on current CDD processes. Financial institutions are excited about its prospects and potential but still need to consider how best to achieve a complete solution.
For example, if pKYC occurs every time there is a change in one piece of data, that might be adding complexity where it isn’t necessarily required. And how to decide how each data change affects the customer risk rating? A flag that occurs from name screening against sanctions lists make sense (and the risk score will invariably heighten), but a change in address might not. It may be taking assumptions too far.
In essence then, pKYC is important to get right and it makes sense that banks and other financial institutions are considering how best to implement a solution. By starting small, on a single use case, and by taking an agile approach with a focused roadmap, it will be clear to see the benefits as they occur.
SymphonyAI is already helping companies see the benefits of perpetual KYC and its transformational capabilities. Improving your customer due diligence processes has never been easier.
How SymphonyAI provides pKYC
Until now, it hasn’t been easy to start implementing pKYC due to a multitude of factors. These include having and maintaining the right data, bringing together information often held across disparate systems, a lack of trust in automation, an uncertainty in how best to integrate live updates into current procedures, and digitizing current compliance policy into the workflow.
All these reasons also conform into one central difficulty – achieving pKYC while also being confident and comfortable that it satisfies the regulator.
With advances in technology, pKYC is becoming more accessible than previously. Ongoing due diligence procedures can already be argued as being pKYC in some form, as far as much of the industry predominantly understands it.
This already occurs with SymphonyAI. Here are two such examples:
- An alert comes in via the anti-money laundering solution. This alert integrates with the SymphonyAI KYC/CDD solution, putting a flag against the person (or persons) involved. This impacts the risk score of the individual(s).
- An alert comes in via the watchlist management solution. The person matches with a sanctions list, which integrates with the SymphonyAI KYC/CDD solution. Again, this immediately impacts the risk score of the individual.
Both of these processes are already automatic within the SymphonyAI solution. It’s an example of pKYC in action in the most important areas for banks and financial institutions.
Get in touch to know more about SymphonyAI’s innovative KYC and CDD solutions.