Automating Compliance - the problem, the solution, the innovation
Wednesday, March 15, 2017
the enactment of ever more stringent regulations established by diverse
legislative acts, dictating the discovery of the origin of funds, not least the
EU’s 4th anti-money-laundering directive, the reality is that the
requirement to conduct complete due diligence of prospective clients, suppliers
and sources of business is an entirely inescapable one.
More than merely from a legislative and regulatory act, the need to “know your
customer” finds its roots in a solid, if not common-sense business approach,
that of being able to manage and limit commercial risk ensuring minimal
exposure and avoiding impacting the organisational bottom line.
To date, however, KYC compliance is often seen as being an imposed regulatory
hurdle, practiced by limited subsets of sectors, and rarely as a means to
ensure ongoing efficiency.This is
perhaps unsurprising given the complex, burdensome and frequently disjointed
landscape in which compliance specialists are required to operate.
The customer background discovery process has always been based on a mix of
self-disclosure, verified via limited and disparate, generally external
sources, collation of differing media and especially hampered by the
conflicting onus to acquire as much valid data as possible while churning out
the maximum number of verifications as possible.In turn, this translates to a
“best-practice”, check listing-by-numbers approach, with ever increasing
specialist resources being dedicated to a process that, when juxtaposed with
increasingly demanding laws, can only be hurried, incomplete and ultimately
The inadequacy of KYC practices are plain to see and evidenced by glaring
failures over the past decade – from the subprime mortgage crisis of the mid
noughties that snowballed to encompass most western economies and led to the
biggest financial crisis in 3 decades to the “omissions” by huge financial
operators, the likes of HSBC, CitiGroup, BNP Paribas and countless others,
fined in the billions by North American and European regulators for failure to
comply with what would otherwise be basic requirements for operators whose only
line of business is the identifications, limitation and management of risk.
Furthermore, the only apparent course of action, in response to the question of
how can compliance be improved appears to be that of increasing dedicated
resource spend and intentionally slowing the process down to ensure thorough
verification – in 2016 the average spend for major US banks was in excess of
$60,000,000 with some hitting the $500,000,000 mark and an increased vetting
time of 22% over 2015, with completion times ranging from two to four months,
and with 2017 earmarked to further slow the process down by another 18%.
This clearly unsustainable approach is further compounded by the fact that
customers are reporting to require up to 8 interactions in the course of being
on-boarded and that 9 out of 10 corporate customers are dissatisfied with their
institutions’ KYC processes.
The reality is that the same “solutions” being applied as a remedy to this
spiralling situation are not only further compounding the problem, but are
intrinsically at the heart of the failure of the system.
At its least convoluted, simplest form, customer due diligence is nothing but
the collation of data sources and the ongoing analysis, determining whether an
entity being assessed merits being transacted with.The volumes of data being analysed, the disparate
sources being queried and frequency of ongoing checks are a textbook case for
maximum automation and integrated intelligence rather than human interaction
and subjective analysis.Even more so
when one considers that the bulk of this data is already in possession, or at
the very least at the fingertips of the organisations measuring risk, but
fragmented across departments, business units and specialists who more often
than not “speak” different languages given the disparate nature of their business
This is the scenario which sparked the birth of an all-encompassing software
solution like KYC Portal.
To date, the compliance landscape is dotted with software solutions that only
partially address data management problems – from semi- to fully-automated
screening services that are anything but completely accurate or real-time, to
solutions that connect to existing ERPs and customer management databases.There is however no single solution that aims
to reduce (in the impossibility to entirely eliminate) human subjectivity to
the bare minimum.
KYC Portal, first conceived as a compliance streamlining tool has evolved into
a fully-fledged Big Data platform, one in which huge data sets from disparate
sources are brought together, analysed and parameterised to reveal trends and
patterns that would otherwise be indistinguishable and unrecognisable,
effectively flagging suspicious behaviour and identifying an organisation’s
At on-boarding stage, KYC Portal is a fully bespoke tool, one which adopts the
principles of a risk-based approach, allowing for individual parameterisation
of an organisation’s diverse areas of operations and departmental requirements,
from the basic identification of data fields, sequential questionnaire
stringing and automated risk calculation based on individual, pre-determined
In doing so, KYCP already goes steps further and allows for dissemination of
tasks and managed delegation, up to automating the procedure for
customer-submitted responses and documentation, already impacting the cost and
timeframes of initial data collection by shifting the onus away from the more
expensive, higher-specialisation fraud and risk specialists.
Through the in-built tailored risk calculation, KYCP does away entirely with
the need for individual subjectivity (and hence bias) and lays the ground for
homogenous practices and assessments based on standard corporate principles.
The collection and collation of documentary evidence similarly can also be delegated
and through the identification of mandated document types and bespoke alerts,
ensures that all required identification is in place, correct and valid –
automating a process that is commonly a main point of failure post initial
customer acceptance, and as a result, a potentially costly risk centre.
unique innovations like the embedded face-to-face video interview process and
the live cross-verification of subjects via facial recognition with identity
papers submitted not only reduce the cost and timeframes throughout the
on-boarding process for both the assessing organisation and the applicant
subjects alike, but further enable an expanded, non-geographically limited
customer reach and the additional peace of mind inherent to live, in-person
Despite the already unique feature sets available prior to customer acceptance,
allowing for speedier, more accurate and far less subjective initial
assessments, KYCP unleashes its full data crunching potential where no other
single system operates.
At the heart of the ethos behind KYC Portal is full, unbridled data
integration.Born of the knowledge that
it is only through the automatic analysis of information that trends and
patterns can be evinced and that flags can be pre-emptively raised, KYCP
connects seamlessly via web services to any internal or 3rd party
data sources – from external screening and verification systems, to document
analysis services through to the myriad of data stored within an organisation’s
Given that the due diligence process is traditionally one carried out by select
teams of fraud and risk specialists with little to no exposure to internal
business and commercial data or indeed customer support interactions, it is of
little surprise that post on-boarding the weighting of a customer’s performance
is limited to a small set of KPIs and carried out with limited frequency,
typically at set milestones.
KYC Portal counters established practice by continuously monitoring each assessed
entity, regardless of status, business lifecycle or indeed subjective
“importance”.At a top-level stage, this
is carried out through the seamless integration with any number and type of
external data verification services, wherein subjects are polled on a daily
basis for changes in reported background and status.Similarly, by connecting with and speaking to
existing internal data warehouses, KYCP centralises and analyses behavioural
patterns, identifying trends and deviations thereof, raising alerts when
extraordinary behaviour is flagged.
Based on the principle that not all suspicious behaviour is fraudulent and that
not all fraudulent behaviour us suspicious, the various rules engines behind
KYC Portal are programmed with individual parameters expected of each customer
type and interaction and operators are only notified upon deviation from the
expected norm, removing the majority of false positives, allowing for the
exclusive investigative focus on the truly possibly risk-laden interactions.
In practice, KYC Portal brings together and assesses individual customer
interactions – be they financial transactions and the variations from expected
withdrawal and deposit patterns, to betting spreads and win/loss patterns, down
through customer service request interactions and resolution patterns.Effectively, any transacted communication
that is recorded and stored by an organisation’s systems can be analysed,
compared and weighted against pre-established patterns , allowable leeway and
ultimately the cost of doing business – in a nutshell, the commercial risk
presentedby individual subjects
throughout their lifespan as clients.
It is this holistic approach to risk management that deviates from the mere
fulfilment of on-boarding requirements as laid out at law that sets KYCP apart
– one in which due diligence is understood as being a vital component in
determining the cost of servicing a subject, thus determining a complete,
ongoing competitive assessment that directly safeguards the commercial bottom line,
rather than viewing KYC practices as being a necessary evil, a cost of doing