Skip to Content

Key challenges in the KYC space and how to address them

Manish Chopra
5 July 2022

The KYC process is perhaps the most critical aspect of AML compliance, as it enables all other facets of AML including transaction monitoring, SAR filings, and sanctions screening. Indeed, FinCEN has deemed KYC’s alter ego, customer due diligence, the “5th Pillar” of AML Compliance and fundamental to a satisfactory AML program. 

The challenges to implementing an effective KYC program, always high, have escalated since the pandemic, which accelerated the trend of opening new accounts completely online. With the increasing competition of Fintechs, traditional financial institutions are pressed, in order to stay competitive, to offer speed-to-market solutions and a positive online customer experience, difficult tasks when balanced against KYC demands. Moreover, various new and significant regulatory requirements and expectation have arisen.

In response to this, various needs in the KYC space have emerged, including the following half dozen key ones:

1. Integrate KYC with the new AML National Priorities

Last year, FinCEN for the first time announced the following national AML priorities: (1) corruption; (2) cybercrime, including relevant cybersecurity and virtual currency considerations; (3) foreign and domestic terrorist financing; (4) fraud; (5) transnational criminal organization activity; (6) drug trafficking organization activity; (7) human trafficking and human smuggling; and (8) proliferation financing. Expectations for assimilating these priorities into AML programs will be high. This includes typologies and red flags provided by FinCEN. For example, on the KYC front, red flags that may indicate EDD is warranted include location of the business, presence of a PEP, and identification of beneficial owners who may be bad actors. 

para In response, financial institutions need to identify how each of the priorities applies to them and then consider how policies, procedures, and their overall AML risk assessment should be amended. They also should perform a thorough threat and vulnerability assessment for each priority to identify an institution’s true risk, then examine their AML/KYC processes to determine how well they detect and report the criminal activity related to the priorities.

2. Focus on upcoming Ultimate Beneficial Ownership (UBO) requirements

TherLed by FATF, most countries are stressing the importance of UBO requirements and registries to identify bad actors hiding behind legal vehicles. Recent factors spurring emphasis on UBO include the Pandora Papers (a comprehensive exposé that revealed the shell accounts of over 100 world leaders, billionaires, and celebrities), new EU criminal liability for non-compliance with UBO requirements, and the Russia-Ukraine conflict, given that Russia is noted for its establishment and abuse of complex networks of shell and front companies and non-resident bank accounts. 

In the U.S., which is behind the EU and other countries in imposing a UBO regime, the Treasury Department recently released a National Risk Assessment that highlighted the abuse of legal entities. FinCEN has noted that its highest priority is establishing the national UBO registry and completing implementation of the beneficial ownership information reporting and collection regime.

Financial institutions can benefit from digital tools such as graph analytics to correctly identify complex beneficial ownership structures and calculate ownership percentages. They also should take advantage of enhanced data sources to keep track of new or changed legal entities globally. Internal policies and procedures need to be enhanced to include varying definitional criteria, ownership thresholds, and recordkeeping requirements. Ultimately, the entire KYC process will need to be geared to performing checks against UBO registries for a range of customers, employees, and third parties. Financial institutions will use digital tools to help verify registry information against other accessible sources to help ensure the accuracy of information and to cross-reference new information with existing data to potentially uncover suspicious activities.

3. Move to eKYC and touchless due diligence

It’s vital that automated KYC solutions be in place to allow machines perform repetitive tasks such as routine data entry and collection, spreadsheet formatting and analysis, querying, and simple verifications, as well as make straightforward rules-based decisions. This enables skilled KYC analysts to spend their time on work that adds the most value and makes best use of their knowledge and expertise. 

Cutting-edge techniques now allow, for example, for the touchless processing of identity documents by extracting their data, checking security features, and comparing them against templates. Algorithms that draw together the results of these checks can indicate whether the document is authentic. Incorporating automation into the KYC operation reduces error-prone, manual methods and decreases costs. Integrating KYC solutions also reduces friction during onboarding, creating a better overall user experience.             

Choosing the right technology involves several considerations. For example, the solution must support document types from diverse countries, allow for different languages, and be compliant with the regulatory requirements of the business’s jurisdictions. Financial institutions should be able to create customizable verification flows for different products and customers. Also, the solution should have short processing times and high verification speed, so users won’t need to wait long. 

4. End the siloed approach

As with all associated operations, one hand should know what the other hand is doing. Many large financial institutions are now working on consolidating various related areas that are subsets of the overall KYC effort, such as the Customer Identification Program, risk ranking and ratings, PEP and adverse media screening, and UBO. This is because managing the complex KYC process in discreet operations that don’t coordinate with each other, or use multiple IT platforms, is costly, inefficient, and error-prone, and complicates the effort to launch new products. A single unified solution that handles all KYC/AML requirements renders the entire compliance endeavor more effective and prevents information from being either not sufficiently communicated or inefficiently replicated across redundant storage types and locations.

In addition, given that CDD must be ongoing through the life of the relationship, “lifestyle management” is also a trend. In other words, the onboarding process is no longer divorced from managing the ongoing customer relationship. The key is to form and maintain a holistic view of a customer with data gleaned from disparate sources held in a unified database.

5. Proper data management and governance

Financial institutions’ underlying KYC data architectures are strained by the growing flood of structured and unstructured data volumes, their complexity and rate of change, and more advanced analytic demands. Thus, a critical need for every institution is maintaining an efficient method for capturing, storing, analyzing, and managing data and ensuring its quality, one that ideally also provides a competitive edge. For this reason, financial organizations continue to implement significant changes in data management, driven by supporting and exploiting big data technologies that blend new sources of data, such as social media, into the business decision-making process. 

KYC is hampered when repositories store multiple copies of data sets in an inconsistent manner, resulting in overly complex mapping efforts. Data feeds into account opening systems frequently are designed only for specific functions. For example, customer risk scoring can be made difficult because integrating unstructured data sets, such as those related to adverse news media, is manually intensive and inefficient. Key data sets such as the one for beneficial ownership may not be appropriately mapped to the overall KYC and AML systems. All of which means that institutions are left without a comprehensive, “golden” record source of integrated data with which to comprehensively understand and perform due diligence on its customers. 

Proper data governance requires reaching into all the places where enterprise data hides (e.g., servers, desktops, tablets, smartphones, cloud apps), identifying all data categories, deriving ownership for common data environments, and establishing appropriate roles for data stewardship and other decision-making groups. Another key task is data enrichment, which in the KYC environment includes elements such as identifying UBOs within complex legal structures, integrating unstructured datasets derived from adverse news searches, utilizing parsing technology platforms such as NLP for keywords, and recognizing all possible PEPs and their kinships. Other necessary measures include establishing an exhaustive suite of data quality rules, ensuring proper data lineage across multiple systems, and the creation of useful MIS. 

6. Strive to ensure a positive customer experience

KYC requirements for data collection and analysis (such as UBO) can be cumbersome and add time, frustration, and friction to new account opening and onboarding. Financial institutions increasingly are leveraging data already obtained and otherwise transforming the old-fashioned, manual process of filling out paperwork, which can be tedious, set a poor tone for the customer relationship, results in high rejection rates, and be a heavy lift on resources to input and manually correct information.

For example, if customer information already exists in a CRM solution, the customer can simply verify that the information is correct and update as necessary. Customers can be empowered to start and stop a digital interview on different devices as needed and allow for the capture of information simultaneously from a spouse or other joint investor. The bottom line is to use all available means to ensure that customers spend less time on data collection for KYC.