KYC remediation: Don’t let outdated customer information expose you to risk

Ed Lloyd

Executive Vice President, Global Sales at encompass corporation

Views 820

KYC remediation: Don’t let outdated customer information expose you to risk

10.10.2018 09:45 am

Regulatory and reputational drivers for KYC and customer remediation

When we talk about remediation, in very basic terms we are talking about cleaning up old, inaccurate and incomplete client data – something that financial institutions inadvertently neglected for many years. After the crash in 2010, regulators started to get very concerned about financial crime, money laundering, and terrorist financing, and consequently a number of banks found themselves under the microscope. Suddenly, KYC, which had probably not been given due attention historically, became a hot topic and bringing measures up to scratch became a top priority for all financial institutions.

However, since 2010, numerous other regulations have been introduced into the industry, many of which have also required updates to client data in order to comprehensively evaluate a wider range of risk, such as tax evasion. This has therefore added to firms’ need to remediate and optimise their KYC files, which are no longer fit for purpose.

Remediation challenge number one: Over promising, under-delivering

A few years ago, there was a rush to satisfy regulatory needs by undertaking large-scale KYC remediation projects, and firms were making commitments to regulators that they couldn’t keep. However, as we have all seen, it's a complex problem that requires a lot of thought, preparation, planning, and resource to actually solve. Invariably, firms started off trying to solve it themselves, thinking that it was relatively straightforward: people put a plan together very quickly and made the commitments to regulators before realising the plan wasn't going to work. They then had to backtrack, reset, and start again - I’ve heard of firms that have reset the process five times. However, it’s understandable as it’s a complex problem to solve and firms really do need to take the time to think it through and plan it properly.

The solution?

You need to be realistic and not heroic. It is a lot of effort and will take a long time. You have to acknowledge you're not going to remediate 50,000 clients in 12 months, it simply isn’t possible. Most regulators understand that so when you’re putting your programmes together, be realistic and point out that everybody's learnt the hard way that this is a long slog. This needs to be communicated to important stakeholders outside the organization, as well as inside.

Remediation challenge number two: Outdated processes

For too long, many firms were happy to continue with their existing processes, technologies and solutions, not looking at what was out there to make life easier. While this has certainly improved in recent years, in the early days many companies were poorly informed and carried on with the same, often broken, process that they were using historically.

Similarly, the policies and underlying risk methodologies that people use to determine the level of due diligence required were often not given enough attention and it was assumed that the policies were adequate, when in fact they didn’t even meet current - let alone future - expectations from regulators. This has resulted in some firms carrying out multiple remediations because the policy gaps have had to subsequently be remediated themselves.

In many cases, staff were not sufficiently trained and didn’t actually know what they were doing, meaning that the same people were carrying out the same outdated processes, coming up with the same results. 

The solution?

It sounds very obvious but compliance departments need to make sure policies are up to date, along with the corresponding risk methodologies that determine the overall due diligence that's required for a particular client. If you're trading on a multi-jurisdictional basis, you need to ensure that you not only satisfy your home regulator but also those within each jurisdiction. With MLD4 and 5 coming down the tracks, you should make sure that any process you are implementing is updated accordingly so that any remediation being done now is in line with these new standards.

You've also got to take a long, hard look at your remediation process and ensure that it is efficient, has good tooling and data sources, and that it works end-to-end. If it doesn't, get out there and look at the new solutions that are available, but make sure you choose wisely: make sure the provider in question really does have the experience and the capability, don't just take their word for it. Test the product, see that it works, and that way you won't be disappointed.

Remediation challenge number three: Bad data

The process of cleaning up the data within a financial institution is absolutely huge, particularly in banks, where client data might not necessarily feed off one central system and could be held on tens, if not hundreds, of different systems. This means that multiple instances of the same client record would exist across an organisation, making the opportunity for duplication, error and inconsistency enormous. A number of firms have not deployed an active offboarding program, so clients which were brought on many years ago still exist in their records, even if there is no longer any business relationship there.

The solution?

Quite simply, you need to have a process in place to offboard those clients that either fail to meet the KYC standards or are not generating sufficient, if any, revenue, so that you’re not carrying the liability and the responsibility of having to refresh their KYC in the future.

Remediation challenge number four: Lack of firm-wide cohesion

Many firms have learnt the hard way that KYC is not just an operational or compliance problem to solve, it's firm-wide. Consequently, there hasn’t been enough capacity created within the sales and relationship manager (RM) functions on the front end of the business to support a large remediation effort. They are the people who hold responsibility for client outreach and client relationships so they have an important role to play, but this has not always been fully understood. I personally believe this has been a massive contributing factor as to why firms haven’t progressed at the pace they would have liked. 

Account ownership is also very important to the remediation process, as ultimately somebody in your firm will need to sign off that a client is good to do business with. However, it can often be a challenge to find somebody who is actually willing to take ownership of an account and of a client relationship – as I can attest to from past roles.

The solution?

It’s critical that firms have got senior and board level sponsorship because if the problem doesn't get fixed the consequences are significant, including losing the firm’s license to operate. But it is a long, tough and expensive journey so you need to make sure that you've got buy-in from the very top.

This is a front-to-back problem and the sales teams and RMs need to be organised: they need to be clear on what their roles and responsibilities are just as much as all the people working in operations, data and compliance. Everybody's got a role to play and they need to be clear on what that is and be suitably resourced to be able to do it.

We all acknowledge that client outreach is a lot of effort, generally falling to the sales force and the RMs, but there needs to be an organised process around it. The compliance team will also have to be able to cope with the onslaught of escalations and reviews that they will need to perform to support a large remediation program.

Finally, it’s crucial that account ownership is established and individuals are very clear on which clients they own and the consequences of that. This is what regulators expect, but it’s not easy to implement. That has to change, which once again means you need that board level support to get it mandated.

Latest blogs

Jerry Norton CGI

Extending the bank: Key drivers, technologies and steps

What does it mean to extend the bank? Traditionally, banks have manufactured, distributed and managed all of their own products and services. The concept of extend describes how this traditional model is changing as the value chain becomes unbundled Read more »

David Moss Avi Networks

Maintaining Trust While Navigating through a Multi-Cloud World

Financial services companies are extending data centres with private and public clouds to keep up with demand, but does a multi-cloud environment introduce too much complexity and risk? Read more »

Philippe Martineau OSTP Alliance

Travelers to consumers: Reflecting on this year’s Transport Ticketing Global

With the world’s largest public transport gathering, Transport Ticketing Global, over for another year and our feet firmly in 2019, it seems apt to reflect on the changing global vision set at this year’s event for the future of public transport. Or Read more »

Kyle Ferguson Fraedom

Why banks need to get personal for a piece of the SME pie

The SME market, for the majority of banks, is becoming a key target sector. In the UK, according to the Federation of Small Businesses (FSB), small businesses accounted for 99.3% of all private sector businesses at the start of 2017 and 99.9% were Read more »

David Worthington Rambus

Real-Time Payments and The Growing Obsolescence of Cash

According to the World Payments Report, compiled by Capgemini and BNP Paribas, the global volumes of non-cash transaction volumes grew by 10.1%, reaching 482.6 billion between 2015 and 2016. In addition, McKinsey’s recent Global Payments 2018 report Read more »

Related Blogs

Liudmyla Tatura ICOAdmin

What is KYC, and What Are Its Main Benefits and Pitfalls for ICO Token Sales

KYC is one of the most controversial subjects in today's crypto world. The number of ICOs requiring KYC verification is growing day by day. For this reason, it's essential to have a clear understanding of this procedure. In this article, we'll take Read more »

Claus Christensen KYC

The challenge of fulfilling Know Your Customer checks using blockchain

The advent of blockchain heralds the biggest change in banking for 400 years. Banks were originally established to lend and safely hold money and to act as a central point of authority with the banking ledger being the absolute record of truth held Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App