Compliance remains one of the biggest challenges in the financial industry for firms of all sizes across the globe. With rules and regulations constantly changing, many banks and other financial institutions are falling victim to not keeping up.
The regulatory minefield can be too much to contend with, particularly for new firms entering the space for the first time. However, their youth could be an advantage in embracing anti-crime tech, suggests Gabriella Bussien, CEO of Trapets, the tech-first financial crime prevention organisation.
As the world’s largest bank, the Industrial and Commercial Bank of China (ICBC), gets slapped with $32million in fines for alleged deficiencies in its anti-money laundering and other programs, we’re reminded that even the biggest names in the industry routinely fail to meet the minimum safeguards.
If the most notorious banks in the world can’t satisfy regulators, what hope do newer entrants in the complex finance sector have? At least established banks have the time and resources to fix breaches in compliance and pay off sanctions. Emerging banks don’t have that luxury. One wrong step could quickly mean incurring impossible debts – and losing customers, trust and reputation. They need to be as close to faultless as possible from the start.
Younger banks are by far more innovative and tech-forward by nature. But they still make some age-old mistakes. They underestimate the investment they need to make in customer due diligence: Know-Your-Customer (KYC), monitoring transactions for foul play, and meeting regulations. They overlook the harder aspects of due diligence that aren’t easily automated.
Well, today there are plenty of accessible tech solutions that mitigate those risks for banks. This is how younger financial institutions can leverage tech to make their KYC airtight from day one.
Digitalise your onboarding
An all too common issue among financial institutions is that they do much of their onboarding manually. Of course, it’s impossible to run a proper KYC system this way.
Say a new bank sets up manual processes – or even paper forms – for new customers to fill out their personal data. It’s then far harder to leverage that information effectively, and cross-reference it with useful datasets, and it’s a huge drain on your overhead. This is also a part of the funnel where you might have people drop off because the process is too manual, hindering your business growth. Many also don’t have a structured process in place to funnel new clients through a proper due diligence process, or group new clients according to risk.
What all new banks should be doing is removing all fully manual processes from onboarding. They need to buy or develop integrated tech platforms that collect and store data on each customer that will be used to improve transaction monitoring and behaviour analysis during the customer’s lifecycle.
This platform needs to have the ability to create, send and manage KYC and Know Your Business (KYB) questionnaires for you. The bank has to set up the questionnaire’s initial framework and rules, and make it capable of tailoring questions for different customers and products.
Because these tools can centralise all your KYC information, it’s also easier to cross-reference the data with other sources of digital information that can help prevent illegal activity from going unnoticed.
The easiest step of all? Having a fully automatic screening system to check new customers against sanctions and Politically Exposed Persons (PEP) lists, as well as Relatives and Close Associates (RCA) and Ultimate Beneficial Owner (UBO) data. Because this takes no digging and analysis, it’s fast and simple to do – yet only one in five financial institutions consistently check new customers against these lists. Automated screening tools take care of this for you in the background.
Ask the right questions
Of course, if any bad actor is trying to get past a bank’s safeguards, they will give you as little useful information as possible in detecting their true activities. Unfortunately, many bank due diligence systems enable this by not digging beyond the surface level. Young entrants to the space may mistakenly believe that it’s enough for KYC questionnaires to simply ask the basic questions required by regulations.
But to avoid being exploited by bad actors who take advantage of lax screening processes, you need to tailor the questions being asked depending on specific factors, for example, the industry your customer works in, and the product they’re requesting.
Banks need to create digital pathways within their KYC process that automatically modify the questions depending on the customer’s industry and the specific product requested. Certain financial products can be more easily abused for nefarious activities such as money laundering. In some regions or countries, for example, construction businesses may more frequently be used as fronts for criminal activities.
When a customer requests a car loan, that should trigger a different set of questions than if they’re simply requesting a savings account. A car loan form might ask: “What funds will you be using to repay the loan?” to cross-reference the answer with other KYC data (for example, if they say they will pay off the loan with their salary, but their registered job pays far lower than the amount requested, which could be a sign of money laundering).
Your tech platform can then group customers into separate categories depending on the risk their situation poses for your financial institution. A flexible risk model configuration can assign precise risk scores to customers. That model will need to be continually updated in response to any changes in the sector, industry or geopolitical context that impact their inherent risk. News aggregators and other digital programs can help your analysts keep abreast of current conditions.
Update your data
Knowing someone today doesn’t mean knowing them a year from now. A lot can change over time, but it’s all too common for banks to not update their clients’ information for years or even decades.
This process is simple – it usually just requires the customer to confirm or update their existing data. But it needs to be automatic, fast and as simple as possible, or customers will simply ignore your update requests. Start by having tools that track when each customer became a customer.
Then implement a workflow that will automatically send electronic forms every year to medium-risk customers (or every three years for low-risk customers). You’d be surprised how many existing banks don’t do any of this and end up needing urgent remediation of customer data.
You need to ensure you’re using configurable technology that can adapt to changing regulations and business scenarios. Take this one step further by continually enriching your customer’s risk profile with data on their transactions and behaviour analysis. You can do this using readily available transaction monitoring tools.
Don’t be fooled into thinking that protecting your financial institution – and the integrity of the financial system – will be a light load. But also don’t expect any mistakes to be forgiven by regulators or your customers. Leverage the available tech to take simple steps that can save you from a world of pain down the line.
