5 Essential Steps for KYC Onboarding and AML Compliance
According to Thomson Reuters research, 92% of firms estimated that current Know Your Customer (KYC) onboarding processes cost roughly $28.5m. On the flip side, the UN estimated that the cost of global money laundering annually is between $800 billion – $2 trillion which makes up 2-5% of global GDP.
With such disparity, and with reports that only 1% of money laundered can be detected and acted upon by the authorities, regulatory bodies are pushing businesses further by updating Anti-Money Laundering (AML) compliance requirements to increase detection rates.
In this blog, we highlight five essential steps a firm must take to deliver their Know Your Customer (KYC) onboarding and AML compliance requirements.
#1: Collect Data, Assess and Deliver Customer Verification
Before entering into any transactions with a new customer, regulated businesses must identify if they are bad actors at the point of KYC onboarding. As a minimum, a business must collect the relevant data to evidence the customer’s visual identity, as well as their name and address. With increasing cases of fraud, further enhanced due diligence can be applied depending on a business’s risk appetite. Additional information may include verification for date of birth, identity documents and third-party account verification.
For KYB onboarding, the verification process should include the business registration number, name and registered address, and date of incorporation, as well as information on the company officers, and Ultimate Beneficial Owners.
By using a digital onboarding solution with clever APIs, the information requested can be personalised using conditional logic (a set of rules) to mimic legal logic. Once the data has been uploaded, the system records the data and runs a check against the information sources held within the platform. The results are then shown using RAG scoring – Red indicates not to proceed, Amber shows further checks are required and Green is when there is a definite match in line with the appetite for risk. With digital solutions being hosted in the cloud, customers can upload their documents or conduct biometric facial recognition from anywhere at any time, meaning a result can be given for verification within seconds.
#2. Information Sources
To provide the verification required above, regulated businesses should align themselves to a provider that can supply reliable data from a variety of sources – quickly and within GDPR requirements. Using manual processes and manual look-ups can be very time consuming and costly, whilst a slow onboarding process is likely to cause a negative experience for the customer. If the process is fragmented and there are too many hurdles to overcome the customer will abandon and the business will be left with a leaky sales funnel. According to research, 63% of European consumers surveyed have abandoned a digital banking app during onboarding in 2020.
By partnering with a software provider that enables a single source for verification, and that integrates with an existing CRM, onboarding times can be reduced from days to minutes. Automation not only shortens timelines for client AML/KYC onboarding, but also delivers perpetual KYC for consistent, transparent and robust output, for audit trail purposes.
#3. Ongoing Client Due Diligence
KYC compliance does not always have to be retrospective after onboarding – it can be a proactive process that can be used as a competitive advantage. Effective ongoing Client Due Diligence (CDD) lessens risk, increases knowledge of the customer, and promotes opportunity. A thorough CDD process will also identify instances where Enhanced Due Diligence (EDD) is required.
The last few years have shown us that effective ongoing monitoring is crucial to achieve compliance. Basic customer due diligence is important on an ongoing basis to ascertain if a customer moves into a higher risk status.
Once a client has been onboarded, businesses must be able to implement enhanced due diligence where indicated, such as identifying any politically exposed persons (PEPs) or identifying any connected entities and Ultimate Beneficial Owners (UBOs).
An effective automated KYC onboarding process will enable regular CDD/EDD checks to be run very simply, either by regulation triggers, or by flags that are raised from breaches in the risk rules that have been predetermined for that business.
#4. Remediate KYC Data
An effective system for KYC/KYB onboarding will prove invaluable when it comes to ongoing monitoring and remediation. A business will benefit from using an automated platform as the single source of truth for holding its compliance data. When required, it is far simpler to instigate remediation by using a series of ‘rules’ to implement remediation projects.
KYC onboarding/remediation campaigns can be delivered in bulk via an automated platform. Customers can receive personalised communications directly connected to their record, far quicker than any manual process.
Remediation can be managed effectively – if due to a key event or periodic review, and made seamless and GDPR compliant.
#5. Regulatory Audit
Regulators do not expect businesses to stop all fraud. They do however expect to see that a risk assessment has been undertaken and that processes are in place to achieve due diligence. Having a secure audit trail, of all changes and modifications to the customer record and the ongoing interactions, is vital for CDD.
The digital audit trail provides a backbone of creating a resilient compliance program for the entire lifecycle of the customer. As businesses look to grow, they will need an effective KYC onboarding program that can not only scale with the business, but also delivers an audit trail that can be easily managed and used to protect the business.
Regulators and businesses can be confident that the automated single source of truth meets all the latest regulations, such as the 5th Money Laundering directive. With high levels of automation and matching of data, the right customer or entity can easily be identified, and false positives avoided.
With different jurisdictions requiring different KYC identity authentication and due diligence, one size certainly doesn’t fit all. The expectation is that AML fines will increase over the coming years, so businesses need to get their ducks in a row when thinking about their KYC onboarding and AML requirements.