The post September 11th financial services environment has placed increased emphasis on regulation and customer due diligence. Regulations surrounding Anti-Money Laundering (AML), Counter Terrorist Financing (CTF) and Know Your Customer (KYC) require strategy, human resources and appropriate tooling to meet the demands placed on financial institutions to ensure that they stay in compliance with the law. Failure to abide by the regulations can be a very costly mistake, as evidenced by the $8.9 billion fine to BNP Paribas in 2014 for facilitating transactions involving sanctioned countries. The reputational damage can be just as impactful long term.
Financial institutions are looking for better ways to enforce the regulations while minimizing the overhead in time and resources required to be compliant. Technology and tools can bring standardization into the process, provide auditability and accountability and significantly reduce time frames for conducting customer due diligence and where appropriate, enhanced due diligence. The US PATRIOT act (Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act) even has “Tools” as part of its title.
- Identifying the customer/prospect
This is referred to as the Customer Identification Program (CIP). Regulations mandate that every customer be validated, and Section 326 of the PATRIOT act requires financial institutions to provide notification of such activity. Traditionally, this has involved document validation. A customer provides proof of identity by showing a driver’s license, Passport or another recognized document. This can create a delay in processing and in the case of account onboarding, delays often translate to lost revenue. In an omnichannel technology environment, these traditional forms of validation often create a burden on the customer. Financial Institutions should use more time-efficient and less document-centric ways to perform the CIP.
Electronic Identity Validation (eIDV) is a popular and efficient, automated alternative in which the user is presented with a series of personal questions, often referred to as “Out of wallet” questions. These questions test the user’s knowledge of private history and are difficult enough that they are considered an acceptable form of identifying a customer. eIDV also provides an audit trail and is not as subjective because a person is not required to review the answers provided. The prospect either passes or fails based on what they know.
Third party vendors such as Equifax and Experian offer eIDV verification as a service.
- Conducting Customer Due Diligence Process
Following the CIP, customers/prospects are screened and scored in what is referred to as a Customer Due Diligence process (CDD). This allows banks to make a quick judgement about whether the customer or prospect poses a high-enough risk that they should be more closely examined. This process does not typically involve very comprehensive research as the cost/benefit is considered low.
If technology can assist here, the scope of the investigation could be improved providing greater assurance that financial institutions are limiting their exposure to bad actors.
BPM technologies that help orchestrate the investigation such as Pega Systems, Alfresco Activiti and IBM BPM enforce best practices at this stage.
- Running Enhanced Due Diligence
If the outcome of the Customer Due Diligence is that the customer or prospect should be more closely scrutinized, they are routed for Enhanced Due Diligence (EDD). This is an intensive investigation into the individual or company to identify potentially negative information and score the individual on appropriateness for establishing the requested relationship with the financial institution. When performed manually EDD can be a very time consuming process, and the opportunity for errors, bias or fraud is high. A typical investigation of a corporation will require sifting through 5,000 to 10,000 websites and de-duping and flagging findings for relevance, as well as making notes for review.
Leveraging technology in this process can shrink the research time from months to minutes. The reports generated by the research can then be used to route information on customers to the appropriate resources based on risk uncovered. Tooling can also provide a full, auto-generated audit of sources checked, a system-generated risk score based on preconfigured business rules, and help guarantee data integrity by preserving all records and preventing users from deleting relevant information.
A product like DDIQ from OutsideIQ offers these capabilities.
- Performing continuous monitoring at intervals determined by customer risk
Once a customer is determined to be sufficiently credible to do business with, a relationship is established. However, the regulatory obligations of the financial institutions do not end with the establishment of this relationship. They are obligated to periodically vet their customers to ensure that nothing has changed to make them an untenable risk. Depending on how risky customers are deemed to be from the start, they will be flagged for review yearly, semi-annually, quarterly, or in extreme cases in real time.
Using tools that facilitate case management and business rules, firms can set up periodic monitoring by automating scheduling and prioritization of customer reviews based on a customer’s risk profile.
BPM technologies are a key player at this stage as they provide the case and business process management functions to facilitate automated monitoring.
A technology-rich KYC process can provide institutions with significant reputational and cost benefits. By shrinking the time to onboard customers, financial organizations can enhance customer satisfaction and accelerate revenue realization. By standardizing, automating and fully documenting the Know Your Customer process, financial firms can significantly reduce regulatory and compliance risk and the resource-intensive overhead associated with meeting these requirements.