An effective KYC function is critical to every bank’s financial crimes compliance program. However, legacy processes and controls have resulted in fragmented capabilities whose inefficiencies require a high cost to sustain. Reference data quality continues to present issues for most large banks. As a result, managing KYC operations can be painful for customers, relationship managers, and compliance personnel. Taking a step back to identify opportunities to increase KYC effectiveness, and then making the right investments, can pay significant dividends.

The law requires banks by the ‘CDD Rule’ to (i) obtain and analyze sufficient customer information to understand the nature and purpose of customer relationships to develop a customer risk profile; (ii) conduct ongoing monitoring to identify and report suspicious transactions; and (iii) on a risk basis, to maintain and update customer information, including information regarding the beneficial owner(s) of specific customers.

Typically, banks address this requirement by using a periodic and staggered KYC ‘refresh’ process. In the absence of a triggering event – such as a regulatory finding, or customer-driven update, accurate KYC data is at the mercy of a review calendar, and the largely manual processes that support the review and refresh process. Institutions are exposed to significant risks when a customer’s information is no longer accurate, and more periodic and efficient methods of regulatory risk management are required.

Reference: Department of the Treasury, Financial Crimes Enforcement Network (2016), “Customer Due Diligence Requirements for Financial Institutions,” final rules (RIN 1506-AB25), Federal Register, vol. 81 (May 11).