Automating Compliance - the problem, the solution, the innovation

The Problem

With the enactment of ever more stringent regulations established by diverse legislative acts, dictating the discovery of the origin of funds, not least the EU’s 4th anti-money-laundering directive, the reality is that the requirement to conduct complete due diligence of prospective clients, suppliers and sources of business is an entirely inescapable one.

More than merely from a legislative and regulatory act, the need to “know your customer” finds its roots in a solid, if not common-sense business approach, that of being able to manage and limit commercial risk ensuring minimal exposure and avoiding impacting the organisational bottom line.

To date, however, KYC compliance is often seen as being an imposed regulatory hurdle, practiced by limited subsets of sectors, and rarely as a means to ensure ongoing efficiency.This is perhaps unsurprising given the complex, burdensome and frequently disjointed landscape in which compliance specialists are required to operate.

The customer background discovery process has always been based on a mix of self-disclosure, verified via limited and disparate, generally external sources, collation of differing media and especially hampered by the conflicting onus to acquire as much valid data as possible while churning out the maximum number of verifications as possible.In turn, this translates to a “best-practice”, check listing-by-numbers approach, with ever increasing specialist resources being dedicated to a process that, when juxtaposed with increasingly demanding laws, can only be hurried, incomplete and ultimately fail.

The inadequacy of KYC practices are plain to see and evidenced by glaring failures over the past decade – from the subprime mortgage crisis of the mid noughties that snowballed to encompass most western economies and led to the biggest financial crisis in 3 decades to the “omissions” by huge financial operators, the likes of HSBC, CitiGroup, BNP Paribas and countless others, fined in the billions by North American and European regulators for failure to comply with what would otherwise be basic requirements for operators whose only line of business is the identifications, limitation and management of risk.

Furthermore, the only apparent course of action, in response to the question of how can compliance be improved appears to be that of increasing dedicated resource spend and intentionally slowing the process down to ensure thorough verification – in 2016 the average spend for major US banks was in excess of $60,000,000 with some hitting the $500,000,000 mark and an increased vetting time of 22% over 2015, with completion times ranging from two to four months, and with 2017 earmarked to further slow the process down by another 18%.

This clearly unsustainable approach is further compounded by the fact that customers are reporting to require up to 8 interactions in the course of being on-boarded and that 9 out of 10 corporate customers are dissatisfied with their institutions’ KYC processes.

The reality is that the same “solutions” being applied as a remedy to this spiralling situation are not only further compounding the problem, but are intrinsically at the heart of the failure of the system.

At its least convoluted, simplest form, customer due diligence is nothing but the collation of data sources and the ongoing analysis, determining whether an entity being assessed merits being transacted with.The volumes of data being analysed, the disparate sources being queried and frequency of ongoing checks are a textbook case for maximum automation and integrated intelligence rather than human interaction and subjective analysis.Even more so when one considers that the bulk of this data is already in possession, or at the very least at the fingertips of the organisations measuring risk, but fragmented across departments, business units and specialists who more often than not “speak” different languages given the disparate nature of their business focus.

The Solution

This is the scenario which sparked the birth of an all-encompassing software solution like KYC Portal.

To date, the compliance landscape is dotted with software solutions that only partially address data management problems – from semi- to fully-automated screening services that are anything but completely accurate or real-time, to solutions that connect to existing ERPs and customer management databases.There is however no single solution that aims to reduce (in the impossibility to entirely eliminate) human subjectivity to the bare minimum.

KYC Portal, first conceived as a compliance streamlining tool has evolved into a fully-fledged Big Data platform, one in which huge data sets from disparate sources are brought together, analysed and parameterised to reveal trends and patterns that would otherwise be indistinguishable and unrecognisable, effectively flagging suspicious behaviour and identifying an organisation’s risk exposure.

At on-boarding stage, KYC Portal is a fully bespoke tool, one which adopts the principles of a risk-based approach, allowing for individual parameterisation of an organisation’s diverse areas of operations and departmental requirements, from the basic identification of data fields, sequential questionnaire stringing and automated risk calculation based on individual, pre-determined risk appetites.

In doing so, KYCP already goes steps further and allows for dissemination of tasks and managed delegation, up to automating the procedure for customer-submitted responses and documentation, already impacting the cost and timeframes of initial data collection by shifting the onus away from the more expensive, higher-specialisation fraud and risk specialists.

Through the in-built tailored risk calculation, KYCP does away entirely with the need for individual subjectivity (and hence bias) and lays the ground for homogenous practices and assessments based on standard corporate principles.

The collection and collation of documentary evidence similarly can also be delegated and through the identification of mandated document types and bespoke alerts, ensures that all required identification is in place, correct and valid – automating a process that is commonly a main point of failure post initial customer acceptance, and as a result, a potentially costly risk centre.

The Innovation

Truly unique innovations like the embedded face-to-face video interview process and the live cross-verification of subjects via facial recognition with identity papers submitted not only reduce the cost and timeframes throughout the on-boarding process for both the assessing organisation and the applicant subjects alike, but further enable an expanded, non-geographically limited customer reach and the additional peace of mind inherent to live, in-person communication.

Despite the already unique feature sets available prior to customer acceptance, allowing for speedier, more accurate and far less subjective initial assessments, KYCP unleashes its full data crunching potential where no other single system operates.

At the heart of the ethos behind KYC Portal is full, unbridled data integration.Born of the knowledge that it is only through the automatic analysis of information that trends and patterns can be evinced and that flags can be pre-emptively raised, KYCP connects seamlessly via web services to any internal or 3rd party data sources – from external screening and verification systems, to document analysis services through to the myriad of data stored within an organisation’s operational records.

Given that the due diligence process is traditionally one carried out by select teams of fraud and risk specialists with little to no exposure to internal business and commercial data or indeed customer support interactions, it is of little surprise that post on-boarding the weighting of a customer’s performance is limited to a small set of KPIs and carried out with limited frequency, typically at set milestones.

KYC Portal counters established practice by continuously monitoring each assessed entity, regardless of status, business lifecycle or indeed subjective “importance”.At a top-level stage, this is carried out through the seamless integration with any number and type of external data verification services, wherein subjects are polled on a daily basis for changes in reported background and status.Similarly, by connecting with and speaking to existing internal data warehouses, KYCP centralises and analyses behavioural patterns, identifying trends and deviations thereof, raising alerts when extraordinary behaviour is flagged.

Based on the principle that not all suspicious behaviour is fraudulent and that not all fraudulent behaviour us suspicious, the various rules engines behind KYC Portal are programmed with individual parameters expected of each customer type and interaction and operators are only notified upon deviation from the expected norm, removing the majority of false positives, allowing for the exclusive investigative focus on the truly possibly risk-laden interactions.

In practice, KYC Portal brings together and assesses individual customer interactions – be they financial transactions and the variations from expected withdrawal and deposit patterns, to betting spreads and win/loss patterns, down through customer service request interactions and resolution patterns.Effectively, any transacted communication that is recorded and stored by an organisation’s systems can be analysed, compared and weighted against pre-established patterns , allowable leeway and ultimately the cost of doing business – in a nutshell, the commercial risk presentedby individual subjects throughout their lifespan as clients.