Know Your Customer (KYC): from As-is to To-be and Beyond

Loes Bomans, Head of Product Development at CoorpID, shines a light on where Know Your Customer (KYC) stands now and what we can expect from the near as well as the, hopefully not too distant, future.

Interview by: Catherine Poventud

KYC As-Is

At present, at most banks, KYC is a very inefficient mostly manual process. This is the result of the way in which banks initially tackled their regulatory compliance problem. In an effort to comply with AMT and CTF regulations, avoid fines, and prevent reputational damage, the first step banks took was to hire loads of KYC analysts. In addition, many banks adopted a one-size-fits-all approach and now produce massive Customer Due Diligence files of up to 600 pages on their corporate customers irrespective of their risk profile. In a nutshell, you could say that the ‘as-is’ KYC process is based on the better safe than sorry principle. Which is fine for the short-term but clearly not sustainable in the long run.

It’s far too costly for one. In addition, there are simply not enough KYC analysts available and willing to do the job. KYC analysts are trained professionals and, given the way in which the KYC process is structured now, they’re doing dull and repetitive manual administrative tasks, such as gathering information, instead of focusing on analysing potentially high-risk customers. So not only is recruiting sufficient KYC analysts a problem, retaining them is turning out to be just as hard. Moreover, it’s practically impossible to comply with increasingly stringent regulations and respond adequately to the resourcefulness of those intent on committing financial crimes with such an inefficient manual KYC process.

Which brings us to:

KYC To-Be

Everyone is convinced that this is no longer tenable, and that banks have to rethink and restructure their approach to KYC. Perpetual KYC is the new buzz word for a risk-based and event-based KYC approach. A precondition for such an approach is further digitalisation of the whole KYC process. The idea is that most customers can be vetted and reviewed automatically to a large extent and KYC analysts can then focus on potentially high-risk customers. Event-based reviews (instead of periodic reviews) ensure a more targeted approach: a review is conducted when there is a ‘trigger’ such as a change in ownership or a change in the transaction pattern.

Technology is not the impediment here. The technology required to enable perpetual KYC exists. The obstacle lies mainly in adopting a new way of working and incorporating these digital KYC tools in existing workflows and the banks’ existing IT systems. However, technology will not replace all humans and human contact in the KYC process. Based on the current regulatory landscape, customers still have to provide certain documents that cannot be obtained via third-party data vendors. This client outreach process can be simplified and streamlined by making use of a client outreach tool such as CoorpID to store and exchange KYC-related documents. In addition, an interface will always be required so that customers can control access to their data.

And Beyond: Digital Identity and Verified Data Points

As far as making use of digital identities in the KYC process is concerned, the technology is available. Banks are already applying this technology by facilitating digital onboarding of retail customers and verifying a person’s identity by means of advanced biometrics such as live facial identification. From a technological point of view, it’s not a big step to also apply this technology to corporate customers by linking a person’s digital identity to their role and authorisations within the company that they are connected to in whatever capacity. In addition, voluminous and inaccessible Customer Due Diligence files could also be replaced by verified data points.

Unfortunately, at present, this is still a utopia as far as corporate customers are concerned as regulators do not accept this as evidence in the KYC and CDD process. Further digitalisation in the KYC process based on digital identities and verified data points will only be possible once regulators, supervisors, national governments and the EU agree to incorporate these technical possibilities in existing and new regulations. In order to take the next step in the digitalisation of KYC, this is an issue that has to be tackled at the EU level and subsequently implemented by the EU Member States without further delay.

After all, the perpetrators of financial crimes are increasingly making use of advanced technology to commit and conceal financial crimes. The only way that the financial sector will be able to combat financial crimes effectively is by integrating the most advanced technologies in their KYC and CDD processes.