What is KYC? – Overall context

KYC is a business process in which a company verifies the identity of its clients and assesses their suitability, along with the potential risks of illegal intentions towards the business relationship.

It has three legal bases in France:

• Financial Action Task Force (FATF – French GAFI) 2012 AML/CFT recommendations.
• Directive UE 2015/849 (AMLD 4) stemming from FATF Recommendations.
• Ordinance 2016-1635 of 2016/12/01 transposing the 4^th AML Directive in French law.

The AML KYC mandatory framework includes a KYC procedure formalizing the process of identification and verification of clients and partners (all documents stored and available), code of conduct, risk mapping, controls and assessment of the framework, financial controls, training sessions, internal alerts and sanctions.

KYC’s first aim is to validate the on-boarding of new third parties through a four steps process.

1/ Prospect identification, by:

• Acquiring customer, establishing transactional profile and customer segmentation
• Entering Customer Data
• Gathering customer documents[1][2]

2/ Customer identification program, which consists in:

• Identifying the Ultimate Beneficial Owners of Legal Entities
• Verifying the customer’s identity

3/ Client due diligence before the business relationship, which relies on:

• Screening names against global and company watch lists (Sanctions, embargoes, PEPs*, adverse media)
• Assigning a risk score (Low, Medium or High Risk) based on algorithm using the information retrieved

4/ Periodic Client due diligence during the business relationship, which consists in

• Performing additional screening
• Retrieving additional documents
• Re-performing Risk Assessment

Once the on-boarding is complete, the KYC file must be reviewed either periodically or on the occurrence of random events called Trigger Events (TE). The review means the re-performance of the complete KYC process. The events triggering a review of the KYC file must be clearly identified and continuously monitored by the Financial Institution.

KYC is used in the broader AML framework. It aims at preventing banks from being used intentionally or unintentionally, by criminal elements for money laundering or terrorism financing. By complying to AML regulations, banks protect their reputation, their finances against ever-bigger fines and contribute to mitigating the negative social and economic effects of financial crime.

KYC challenges are multiple & heterogeneous

1/ Optimizing the operating model

Over the last decade, costs involved in KYC have raised significantly and may potentially continue to rise. This is the consequence of KYC capabilities developed to meet regulatory obligations. As a result, KYC operations are fragmented and inefficient in terms of staff and cost. However, this rise in cost can be mitigated with 2 initiatives:

• The search for critical size and mutualisation;
• Automation of tasks, expanded by new technologies possibilities (artificial intelligence, etc.).

2/ Improving operational efficiency

From initial on-boarding to periodical review and remediation, KYC is never ending story. It is now time to free up relationship manager time by optimizing KYC processes and minimize unnecessary back and forth with clients. Material changes such as company mergers, or changes in an important Client level position, may also lead to dilution in the authenticity of a KYC statement. Process streamlining and cost efficiency through innovation and automation is not an option.

3/ Stand out by making KYC a way to improve client experience

KYC strongly damages client relationships and does not reflect a high level of professionalism. Reduction in delays, global client on-boarding across business lines (fewer contact points), proactive material changes… may lead to substantial advantage toward competitors and may reinforce brand image. KYC is to be built as a client knowledge backbone to “trigger” events and detect new business opportunities.

Financial institutions have to find their own way to rationalize KYC burden amongst the multiple available options

To face the multiple challenges with which financial institutions have to struggle, what are the alternative models that they can explore and/or industry initiatives they can join? Our conviction is that the time has come for banks to focus on one option rather than on a range of “proof of concept” initiatives.

1/ Mutualisation across entities & business lines

Within the bank, different business lines may require the same information from the same client. As a result, clients may receive several requests to provide the same KYC information, despite the fact that information is already available in the bank IT system, collected by another business line.

Facing major negative feedbacks, banks adjusted and launched One KYC initiatives to share their customer data across business lines, and attempting to create a unique client referential, with relevant data and documents.

2/ Nearshoring & Offshoring in centres of excellence

Despite major efforts to increase the workforce (multiplied by 4 from 2016 to 2017), a third of Financial Institutions report that a lack of resources remains the biggest challenge in conducting KYC and Client due diligence processes.

To control the rising costs in their compliance teams, financial institutions decided to offshore or nearshore KYC processes to specialized teams and to set up centres of excellence, dedicated to client information collection.

3/ Outsourcing

Outsourcing support functions has been a lucrative trend in financial services, and service providers positioned quite early on the KYC service market. Despite their critical regulatory role, banks may consider that the KYC process can be partly outsourced, to trust skilled teams with their client verifications.

Service providers set up comprehensive and rich offers. However, criticality of the process for the financial institutions (FI) must be appropriately and carefully assessed by the means of SLAs, since the FI retain the legal responsibility.

In order to mitigate outsourcing risks, the FI can choose to outsource several steps or the entire KYC/KYB process, e.g. they can outsource the first level of due diligence. Proposed procedures and offers are designed to include (or not) the existing FI services in the target process.

4/ Joining Private or Public Market / Industry Utility

A KYC utility is a central repository that stores client data & documents required to support FI’s KYC procedures. Once a client’s data has been captured into the utility, financial institutions members can access and leverage the information for their own KYC requirements.

For example, Nordic KYC Utility is a platform with standardized processes for Scandinavian banks. Clipeum is a centralized data base for French big companies. Other platforms are being developed.

However companies must stay vigilant to the cost of such initiatives, especially costs to keep data privacy, and to integrate the platform in internal systems. A Singaporean KYC Utility was shut because of too high costs.

5/ Leveraging technologies to optimize KYC process

Three types of technologies can be implemented to rationalize the KYC process:

• Biometric recognition, a key technology for KYC because it enables the optimization of the prospect identification process.
• Artificial Intelligence (machine learning, deep learning), notably in the client due diligence process. Burdensome tasks like risk scoring or screening against company watch list can benefit from this technology.
• Robot Process Automation, especially in the onboarding KYC/AML compliance programs.

[1] For Natural Persons, here are the documents required: ID, proof of address, Product(s) subscribed, nationality, address of residence, tax residence, screening findings

[2] For Legal Entities, here are the documents required: Articles of incorporation / association, Certificate of regulation, ID of CEO, Directors, UBOs, Board members, product(s) subscribed, sector of activity, address of incorporation and HQ, turnover / headcount, financials, date of creation