Digitization is changing the business landscape by introducing new products and channels, which create new opportunities for businesses, consumers, and, surprisingly, criminals. Since the COVID-19 pandemic outbreak in 2019, there has been rapid adoption of new technology that uses the internet or digital identity verification, such as biometrics, at the point of onboarding. However, while identity verification at onboarding remains the first step in KYC, many more safeguards must be implemented. Over time, sophisticated money launderers and fraudsters have devised strategies to circumvent and circumvent these initial KYC checks. Some common tactics include using “money mules” to access verified bank accounts or purchasing old or distressed companies with verified banking. The dilemma is enormous for companies as they are daily challenged with their business’s and customers’ online security.
In response to increased criminal activity, the Financial Action Task Force (FATF), an intergovernmental body responsible for establishing international AML/CTF standards, has revised and updated its recommendations, including mutual evaluations of each country’s system. Financial institutions and designated non-financial businesses and professions, including “gatekeepers,” trust and company service providers (TCSP), must know and understand their customers, according to one of FATF’s recommendations. This is critical for every online business today because failing to know a customer due to poor customer due diligence (CDD) practices will result in reputational, operational, legal, and concentration risks. Our business world’s structure, status, and dynamism today require a proactive approach to KYC review and should be prioritized for companies to thrive online securely. This article summarizes why you should implement proactive KYC rather than reactive KYC.
What Is a Proactive KYC Approach?
KYC procedures are the first defense against money laundering and terrorist financing. Institutions must do more than define and implement a CDD program that determines a risk profile during onboarding. Otherwise, the continuous review of customer information is based on their initial risk level or trigger events, resulting in incomplete customer data and inaccurate risk-based decisions. Following onboarding, the emphasis must shift to ongoing due diligence.
This is accomplished through perpetual KYC, in which customers are constantly monitored rather than reviewed regularly.
With perpetual KYC, reviews are only triggered when anomalous customer behavior patterns are detected in real-time. Even though some financial institutions (primarily larger institutions) conduct KYC reviews annually, that time frame may be too late because legal entities are dynamic, and a legal entity may be struck off the register and shares transferred in less than a year. To ‘truly’ know legal entity customers, online businesses should conduct KYC reviews regularly to update their status (active or struck off) and beneficial ownership information. Proactively using an automated third-party data source and a reactive event-driven approach to KYC review of legal entity customers is even more effective in combating financial crime. It will achieve the goal of data precision and, as a result, accurate risk-based decisions.
How to Implement a KYC Proactive Approach
Businesses can take a proactive approach to KYC reviews by implementing digital KYC with the cooperation of national and international company registries; businesses can create regional data warehouses where data from all company registries are centralized. The information would include legal entities and beneficial ownership information. The company registries update data in real-time as legal entity information changes. These independent third-party data sources are more reliable than information obtained directly from legal entities. The data is then mined or processed to identify patterns and correlations to make decisions and predictions and generate alerts using artificial intelligence.
In general, machine learning is used to make the system more adaptable to new trends and data, ensuring the accuracy of decisions. The essential operation would be that businesses would automatically check each of their legal entity’s information generated by the central system at predetermined times, which could be based on the anniversary of the date of incorporation of the legal entity. Furthermore, proactive checks of the central system will be initiated based on the legal entity’s risk level, such as every three months if the entity is considered high risk. Internal alerts or triggers within a company will continue to be processed reactively. Such an automated system, which is accessible to digital businesses and other specified authorities, is typically fast and efficient, with the potential to reduce the currently exorbitant costs of conducting KYC reviews and, eventually, eliminate the challenges posed by legal entity customers failing to notify businesses of material changes in their KYC information.
Businesses can therefore implement a proactive CDD program that reviews customer information on predetermined dates based on the anniversary of onboarding (for example, every six months) and their risk level (such as every three months for high-risk entities). Furthermore, you can perform reactive trigger or event-driven ECDD checks as needed by frequently checking and updating customer information, configuring multiple risk profiles and alternate matching rules, and implementing customer reverification.
FATF makes a case for several instances when customer due diligence is necessary, such as when establishing a new relationship or when there is a suspicion of money laundering or terrorist financing.
FATF sets out the customer due diligence measures as follows:
- Identifying and verifying the customer’s identity using reliable, independent source documents, data, or information
- Identifying and verifying the beneficial owner. This should include understanding legal persons’ ownership and control structure and arrangements.
- Understanding the purpose and intended nature of the business relationship
- Conducting ongoing due diligence on the business relationship, including scrutiny of transactions undertaken throughout the relationship to ensure transactions are consistent with the expected
The first 3 points above are usually covered at onboarding; number 4, however, needs to be part of the ongoing customer review. FATF stipulates a risk-based and proactive approach to ensure measures to prevent or mitigate money laundering and terrorist financing before they occur.
In A Nutshell
In today’s world, to understand your customers’ risk profile throughout their relationship or lifecycle, it is critical to use a continuous and proactive KYC (KYC) approach rather than inefficient, costly periodic client reviews and remediation projects.
KYC plays a significant role in the effectiveness of other compliance functions such as sanctions screening, payment filtering, transaction monitoring for AML, fraud control, and so on from the time a prospect approaches an organization to be onboarded as a customer throughout the customer’s life cycle. Continuous monitoring and consistent customer due diligence are critical to managing financial crime risks, so adopting a perpetual proactive KYC (pKYC) approach is a pressing issue.
With Identitypass, KYC is about getting to know your customer and ensuring that their behavior matches what they declared and agreed to as part of their relationship with a company. Periodic reviews allow you to reset customer information and anticipate future activity. Implementing a dynamic KYC infrastructure, such as Identitypass, enables you to manage all KYC aspects, workflows, processes, reviews, and alerts, which can alleviate some current challenges businesses face. It further provides some added benefits and peace of mind that data, both for newly onboarded and previously approved customers, is perfectly in line with internal risk procedures, completely compliant with regulatory requirements, and always up to date.
Leave a Reply
You must be logged in to post a comment.