Better KYC Processes for Banks in 3 Steps
- noviembre 29, 2018
Since the USA Patriot Act was introduced in 2001, financial services firms have been building the infrastructure and processes to comply with its Know Your Customer (KYC) mandates. However, for many firms, these databases of customer information were built within their business lines, and the processes they designed to authenticate and validate customer information are highly manual and siloed.
While many banks are doing a good job meeting minimum standards, and thus avoiding hefty fines for non-compliance, they are paying a price. Their highly manual KYC processes and fragmented systems are costly to maintain, inefficient and inflexible, making the task of gaining an enterprise-level or 360-degree view of the bank customer — and the streamlined processes and customer experience, lower costs and enhanced security that comes with it — feel out of reach.
Posing a challenge to employees and customers alike are platforms and applications that are hard to integrate and manual and labor-intensive KYC processes. STP rates are down and the average customer onboarding time is 24 days, according to Thomson Reuters. KYC processes often result in 75% – 85% false positive alerts that need to be investigated. Moreover, the inflexibility of these platforms is preventing firms from taking advantage of the external data sources that would help them speed the validation and authentication of customers.
Standardizing KYC across the enterprise
Financial institutions need to leverage new technologies to automate KYC processes across the enterprise. Sound Herculean? It doesn’t have to be. In my work with financial services firms both at home and abroad to identify, assess, monitor and mitigate risk, I recommend taking a three-pronged approach to enhance and improve the KYC foundation: (1) improve data quality, (2) leverage advanced analytics to reduce false positives and (3) automate manual, “swivel chair” functions.
Make sure your data is complete, reliable, accurate and accessible. The first step toward enhancing your KYC and AML efforts is to assess the completeness and quality of the data you are using to evaluate customers. If that previous sentence made you groan, you are not alone. NTT DATA research recently found that for “44% of the FSIs we surveyed, data quality is a tremendous challenge.”
Begin by asking “is the data about my customers stable? Is it reliable? Is it accessible and can it be converted to predictive attributes for analytics?” Your goal should be to survive a forensic review that identifies from where you captured data, when you captured it and how you use it in decisions.
Perform an audit of customer information files to identify corrupt data and the missing elements that impact your ability to risk rank customers. You must also determine how you will remediate those data fields and ensure that the data is accessible to the internal and external platforms to perform the analysis.
This exercise should take place across each line of business in order to establish basic customer data necessary for execution of due diligence (CDD) functions across the enterprise (or enhanced due diligence [EDD] for customers ranked at a heightened risk level.
Use advanced analytics to reduce false positives: False positives contribute the most to the high operational costs of alert investigation. Firms that employ advanced analytics can reduce the volume of false positives. Artificial intelligence, machine learning and other advanced analytics models take in information about what kinds of products your customers are using, what kinds of transactions they are conducting and when they are conducting them. This allows you to build a profile of your customer based on past behavior so that your systems can generate alerts based on suspicious activities and policy violations and reduce the occurrence of false positives that require investigation. If you are a global card issuer generating 100 million transactions a day, for example, reducing the number of false positive results could be a huge cost savings. And by the way, you’ll also reduce your risk of receiving a consent order, as one of the areas that regulators are concerned with is the aging of uninvestigated alerts.
Automate manual, “swivel chair” activities. As firms started looking at how they could improve the efficiency and processing time of onboarding new customers, robotic process automation (RPA) gained more appeal. RPA can automate highly manual, repetitive tasks, with a high degree of accuracy at a low cost, enabling banks to redirect their resources to higher value functions. For banks looking to take advantage of RPA, I recommend they start by conducting a business process mapping exercise. Map out each step in the workflow of an entire function to identify the places where RPA is best suited. A bot can transfer data from one platform source to another for risk ranking or through screen scaping. RPA can also be used to gather data from sources, such as LEI, Lexis and the Department of Treasury and determine which records that should be selected to attach to a customer profile and can populate those profiles to authenticate, identify and risk rank customers.
The most important reason for shoring up KYC processes is to accurately identify, rank order and manage risk. No one wants to see their firm on the front page of the newspaper because it was hit with $300 million consent order for indirectly being a participant in activities identified as funding a terrorist organization. Enhancing your KYC processes will reduce the risk of security breaches, help you meet regulatory and compliance expectations and enable you to defend against reputational risk. Also, banks that enhance their KYC processes reap other rewards:
- Improved STP rates by as much as 99%
- Reduced operational costs of 50%
- Enhanced customer experience—regardless of the line of business a customer deals with
In my next blog post, I’ll share how we helped a large European bank enhance its KYC processes, lower costs and improve STP rates using the three steps I’ve outlined above.