SOLVING CHALLENGES IN THE KNOW-YOUR-CUSTOMER PROCESS

Take incremental steps to automate using modern technology

Know-Your-Customer (KYC) is arguably the most important part of the overall AML process, because it’s foundational to everything else, including effective transaction monitoring, SAR filings, and sanctions screening. KYC also is often the most expensive, time-consuming, error-prone, and difficult part of the AML regime for a financial institution, and gaps in the KYC process frequently are tagged by regulators as weak spots requiring remediation.

KYC traditionally has been conducted on a static, “nonintelligent” basis, with customers only periodically reviewed for financial crime risk based on risk rating (low, medium, high) and some isolated major trigger events (e.g., filing of a SAR). This practice potentially allows a high-risk situation to go unnoticed for months or even years until the next reverification comes around. Many global banks have gotten in trouble for continuing to work with certain clients despite the existence of red flags linked to potential money laundering or sanctions evasion.

“Those days are over. Industry standards have shifted, and regulatory expectations have risen. Regulators now expect, due to available technology, something akin to ‘perpetual KYC,’ a process that’s more risk-sensitive and real-time.”

Manish Chopra, Capgemini Executive Vice President and Global Risk and FCC Business Leader

How do financial institutions identify the modern, innovative tools that are right for them, and then acquire and implement that technology in a seamless manner that doesn’t create additional risk?

To help answer this difficult but critical question, Capgemini, in partnership with Encompass and Pegasystems, hosted an industry roundtable in London on 14 March that included senior representatives from leading banks in the UK.

“It was a remarkable and valuable exchange of information and views. I was so impressed by the thoughtfulness and frankness of these industry leaders in speaking about the journey they’re undertaking to modernize and automate their KYC processes.”

Samar Pratt, Capgemini Global FCC Advisory Solutions Practice Leader, roundtable moderator

Howard Wimpory, Encompass’ KYC Transformation Director, who provided subject matter expertise to the roundtable participants, observed, “It was a hugely insightful and transparent debate that continues to demonstrate the potential for improvements which will benefit banks’ risk detection whilst better balancing their clients’ experience throughout the KYC lifecycle. My key takeaway was that driving change in this process requires resilience and patience. Taking the first decisive step towards improvement is the hardest part.”

Yair Samban, Financial Crime Prevention Expert at Pegasystems, who also provided SME support, said, “It was fantastic to witness the impressive group of industry experts gathered at the event. I got the feeling that we are all united together against the threats of fraud and financial crime. As the industry evolves its response to those threats, a common theme that emerges is the need to incorporate advanced technologies, like Generative AI, into a robust policy and operational framework.”

In the initial portion of the roundtable, the focus of discussion centered on key challenges faced by banks in introducing technology innovation. One is outreach, which remains a problem that banks are focusing more on now as it creates friction with clients and adds significant time to the end-to-end KYC process both at onboarding and refresh. Many other challenges revolve around data management, including ensuring the accuracy and reliability of AI-generated data; maintaining data integrity; ensuring that the data provided by a vendor remains accurate and up to date; and satisfying data privacy requirements.

The conversation then turned to lessons learned as to how best to introduce and implement modern AI-based technology tools. Below are highlights from that discussion:

1. Take a risk-based approach:

This involves, among other things, focusing human oversight on high-risk, complex cases while leveraging automated processes for lower-risk clients, allowing for the most efficient use of skilled resources.

2. Ensure AI validation:

Validation of AI models is critical to ensure they learn and perform as expected, with mechanisms in place to flag discrepancies and incorrect behavior.

3. Regular testing:

Test AI/Gen AI capabilities in real-world scenarios to help identify areas of improvement and optimization. Align with established internal model governance processes within then bank to ensure sufficient oversight of AI models.

4. Clarify ownership and responsibility:

Institutions must clarify ownership and responsibility within the organization when adopting AI solutions, particularly when relying on external providers.

5. AI-driven knowledge management:

Implementing an AI-driven knowledge management system within the organization can facilitate access to policies and procedures and support analysts in navigating complex regulatory frameworks.

6. Client data and communication:

Implementing digital tools that enable customers to provide and periodically update their KYC information streamlines the outreach process. Non-compliance with updates can result in account freezing, within established escalation protocols.

7. Risk-based policy & procedure framework:

A clear, risk-based global policy framework is essential, avoiding over-engineering and aligning with regulatory requirements. Key to this is coordination between the 1^st Line business and 2^nd Line compliance teams to align policies to procedures without “boiling the ocean” and making them too complex to follow.

8. Regulatory engagement:

Maintaining positive relationships with regulators involves transparency, proactive communication, and demonstrating a commitment to compliance and risk management. Provide the regulator with a target state and then incremental progress updates and avoid over-promising on goals and timescales.

9. Strengthen the Line 1/Line 2 partnership:

Foster greater collaboration between business units and the compliance functions to ensure that policies and processes effectively mitigate risk while supporting business objectives.

10. Senior Management Buy-In:

Securing buy-in and active support from senior business management is crucial. Present a clear plan, highlighting business benefits of each incremental step to automating KYC processes, rather than a “big bang” approach.

11. Explore simple solutions:

While advanced AI capabilities hold promise, institutions should not overlook the potential benefits of simpler solutions. Assessing the adequacy of existing AI tools before investing in more sophisticated options is prudent.

The group also spoke about the integral link between Environmental, Social, and Governance (ESG) and KYC, noting that despite the importance of ESG considerations, integration of those factors into KYC processes still is in its infancy across many institutions.

The Capgemini FCC team looks forward to continuing its dialogue with financial industry leaders as they continue to enhance their KYC systems through technological innovation and other means.