The introduction of the EU’s Fourth Directive on money laundering, in place since mid-2015, but requiring full compliance by June 26, 2017, aims at further tightening the noose around suspect and illicit financial activity, broadening the regulatory powers and increasing the onus on commercial operators’ discovery of their clients and source of funding.
While the complexity and cost of compliance has, over the years, faced a steady increase due to extensive operational impacts imposed by stringent regulations, overlapping (and oft incomplete) sources of information and the dependence on manual management of workflows and dedicated resources, the new set of rules, further ups the ante and risks heavily influencing the bottom line and customer retention/acquisition efforts of operators across the spectrum.
Chief amongst the changes imposed is the requirement to undertake a risk-based approach to compliance, identifying the areas of highest risk across the board and building a monitoring program to minimise exposure. This approach also actively repositions compliance and due diligence efforts from being a stand-alone task to one that provides tangible value, an all-encompassing function supported by qualified analysis, understanding and documentation.
The extent of the data management required for such an approach however precludes the execution of compliance programs still being performed manually or heavily dependent on human input (and hence individual bias or assessment) still in place in a significantly large percentage of operators across varying industries.
The current approach has shown to be both costly as well as incomplete. The fines, running in the tens of billions of dollars, levied by regulators both in Europe and in the US against banking giants for failure to provide fail safes in their due diligence structures prove that if financial institutions struggle to meet requirements and if individual resources can undermine a corporate-wide set of structures, smaller operators are likely facing an uphill struggle before the mandatory cut-off date for full compliance this summer. This is especially true of those operations being newly impacted by lower transaction thresholds or by the broadening of activities obliged to carry out full client due diligence, as may be gaming operators, both online and on-site.
Over the past few years, the impact of extended due diligence requirements on customers has increased to such an extent that it cannot be ignored any longer. Factoring in the duration in finalising KYC assessments, often reported to take anything from two to four months, and the increased number of customer touch points, has led to a general dissatisfaction by client bases and is directly contributing to switching of service providers, across industries as evinced by the 2016 Thomson Reuters KYC survey.
It is becoming ever more apparent that the only effective manner in which a risk based approach to compliance can be feasibly sustained is through a centralised, mostly automated set of processes, tailored to meet each operator’s unique needs, specific to the industry and areas of operations.
In implementing a risk-based management framework within any organisation, dedicated risk-based software solutions like KYC PORTAL provide a three-pronged approach to ensure full compliance, namely:
Prioritisation of risk
Utilising a personalised risk evaluation methodology, the platform returns a risk exposure scoring, quantifying the potential vulnerability and business impact of non-compliance, allowing for prioritising of business activities. Based on this approach, the software can determine, using a predefined risk registry, tailored across all areas of operation and resources, whereby workflow is streamlined and assessment are executed automatically across a consolidated assessment framework.
This approach in turn pre-empts eventual exposure to risk and non-compliance, both from a corporate standpoint as well as legislative and regulatory perspective. Furthermore, the automated documentation archives allow for on-the-fly report generation and audit trails as may be required at law.
Currently, dedicated compliance staff are quite literally inundated with a myriad of ever changing regulatory documents, frameworks and internal policies that, as shown in countless shortcomings in the aforementioned cases of non-compliant financial institutions, can only lead to failure in execution.
The inbuilt KYC PORTAL notification management area provides a workflow solution in the event of alerts resulting from predefined triggers based on regulatory requirements or internal policy structures. From calendarised date notifications, alerting to document expiry or reassessment of an application through missing data fields, forms requiring updates and escalation of assessments in the event of changes in status, the automated interpretation of the requirements for fool proof due diligence removes, in its entirety, the dependence on individual intervention and allows for full interaction, monitoring and response streamlining, reducing the burden on the compliance resources.
Integration across the entire organisation
KYC Compliance cannot exist in a vacuum, and is wholly dependent on internal structures, policies and more often than not a myriad of connected systems and processes. Additionally, the variety of external sources of information require collation, indexing and archiving.
Organisations, of any size, cannot be limited any longer by having fragmented channels of communication, across roles and departments, depending on manual interaction to complete the workflow for complete assessment of risk.
KYC PORTAL allows for the full integration of external data sources as well as connecting to existing or future internal systems of any kind. Consolidating the flow of data in turn goes beyond the mere requirements imposed by a risk-based approach, but in turn leads to heightened internal efficiencies, synergies across departments and workflow structures.