Considerations and advice from a chief technology officer.
Given the importance and complexity of the compliance process, it is only natural to consider outsourcing the checks needed to perform for client onboarding versus managing them in-house.
The risk of not using the correct Know Your Business (KYB), Know Your Customer (KYC) and Anti-Money Laundering (AML) information to onboard a new customer is more than sufficient for firms to consider performing compliance onboarding in-house, particularly when the requirements are so complex and evolve year to year. This is compounded when you add on top concerns about security, reliability and scalability of the technology.
As a chief technology officer working within the compliance industry, I understand these concerns all too well and am only too pleased to share some advice on what firms should look for when considering a potential compliance technology partner for client onboarding.
Putting security first
When looking at security requirements, it is best to cultivate an air of healthy cynicism. I am very conscious of the fact that technology developments are pursued as assiduously by those who would exploit any weakness as they are by those providing the services, the dangers of becoming too blasé are all too clear. That is why I would recommend regular security penetration and vulnerability testing to be a minimum starting point for the security of the systems used.
Compliance with relevant ISO standards and the use of external vulnerabilities data to inform and structure these security processes are also essential, as these add the evidential element as well as accreditation on which customers can rely.
Today, ‘best in class’ external providers such as Amazon Web Service (AWS) can also help provide much needed confidence as it leverages the high standards of security on which its own business relies and reputation as a globally recognised brand. Security is, therefore, a team effort, drawing on industry-wide technical expertise to support the complex initial set-up and on-going management required to keep data secure today. All these considerations alone I would argue tips the balance against what can be achieved by a single firm operating in-house.
We often hear the term ‘always-on’ bandied about, but this too can take considerable investment, innovation and consistent management of the service to achieve the level of reliability that customers expect.
A system that can be depended upon (with its necessary on-going support) can be difficult to deliver, often demanding attention from a team for whom this is just a small part of their responsibilities. The difference of focus that a dedicated technology partner team can provide, really can ensure all users of the system are supported, leaving the internal resources to support other important in-house projects.
Scalability for growth
It is well documented that manual compliance and onboarding processes can delay and even limit your company's growth. This is particularly the case when the in-house technology is unable to keep pace with changing laws and regulations, leading many firms to scale up their resources and adopt manual processes to meet these needs.
Naturally, firms should look for a provider who can meet these requirements by offering configurable software that can be updated regularly too, however, this only covers one aspect of the scalability question. I believe that a focus on the end client is equally important, as their time and resources are finite and should be respected. Their onboarding experience will often be the first and most significant experience they will have when interacting with the firm. Making this easy and efficient for them as possible should be a key priority for firms.
While regtech isn’t always regarded as the most exciting arena by software developers, there are nevertheless very interesting improvements to be made. This includes the ability to remotely verify identity which can be initiated at the client’s convenience, or the longer-term opportunities in biometric identity checking. An element of ‘blue sky’ thinking and investment in continuous improvement is needed for these kinds of developments, which an outsourced provider is often better placed to provide.
All of these speak to the benefits of engaging with a technology provider that is a specialist in its field and that treats these processes as their core business, not as peripheral to the multitude of other demands on you and your team’s time and resources.
Mathew Law, CTO, NorthRow
Matt Law, NorthRow’s CTO, is responsible for the technical strategy, design and architecture of the NorthRow’s solution that can be used to digitally transform complex compliance for regulated firms.
The Article Originally Appeared in Bobsgulde: Compliance and client onboarding: Who should deliver it? Considerations and advice from a chief technology officer (25 July 2019)