Know Your Customer or KYC, is a critical part of anti-money laundering protocols. In a bid to reduce the risk and incidence of financial crime, financial institutions and regulated businesses must undertake a comprehensive checking and verification process for the entities with which it does business. As part of this process, meeting, and continuing to adhere to, the latest regulatory requirements is critical. KYC remediation ensures that each customer’s anti-money laundering risk is assessed in a timely manner and assigned risk ratings are updated based on the changes in KYC regulations.
Importantly, KYC is not a one-stop shop. Rather, it is an ongoing process that must be revisited at defined intervals depending on the level of risk deemed applicable to each individual client once onboarded.
Entities and individuals are fluid in nature, and something can change in a matter of hours. From minor administrative changes such as a change of address to more significant updates such as new directors, adverse media or a Politically Exposed Person (PEP) becoming involved in a business active monitoring must take place on an ongoing basis to ensure continued compliance with anti-money laundering regulations throughout the entirety of the relationship with every designated organisation.
Due to this ever-changing and increasingly complex regulatory landscape, remediation is a critical part of KYC. This process involves cleaning and updating the information gathered during the initial client onboarding phase and ensures that businesses remain compliant with all the latest regulation throughout the entirety of the relationship.
A failure to spot suspicious activity, illicit beneficiaries, anomalous transactions, criminal stakeholders or terrorist financing can land a business in very hot water. Companies that don’t undertake sufficiently comprehensive KYC checks and monitoring not only open themselves up to fraud but hefty fines for failing to comply with legislation, and the subsequent reputational risk that fraud and fines can bring.
The KYC remediation process
The information gathered at the point a relationship is established can be outdated in a matter of days or weeks. Attributes about a customer that were considered low-risk may have changed their risk level significantly. Without comprehensive remediation process, these checks can go unnoticed, posing a serious risk to your business. Changes may include an individual becoming politically exposed, being subject to sanctions or having commercial or personal interests in nations on global watchlists.
In addition to using the vast amount of internal data for pre-population or validation, plenty of help is available for getting the data you need for remediation. RegTechs can provide lists of beneficial owners, politically-exposed persons (PEPs), or those who feature negatively in media coverage.
MCKINSEY & COMPANY, 2019
Following the collection of enough information about a client, a company can implement remediation measures. The remediation process also involves clearing up any contradictory data, organising the information acquired, and identifying any additional information that is required from the customer.
The primary guiding principle for executing a successful KYC remediation program is to focus on remediating the risk presented by the customers, rather than every data point in the file.
Remember that not all customer data files will need to be remediated. It is much more efficient and effective for the organisation to identify areas of highest risk first and allocate the necessary resources and experience to these more complex out of date records.
A company can then determine the risk the client poses after it has successfully completed KYC remediation and continue to add clients to its portfolio. It is crucial to take this step in order to determine if a company or financial institution needs to report a client to authorities for suspicious activity.
