What's the difference between a risk-based vs. a rules-based approach to digital identity verification and KYC? A know your customer process that enables better decisions, and one that avoid unconscious bias and financial exclusion.
According to Scott Brinker’s well-known Martech landscape graphic, there are now more than 8,000 marketing technologies. These technologies have been essential in helping marketers understand and respond to customer behavior, which has changed fundamentally in recent years and had a rocket put under it during the COVID-19 pandemic.
If you were sitting in the compliance or risk function, it was a different story.
For risk and compliance teams, the technology ecosystem was “on its way” and full digital transformation was potentially years away. Yes, things had changed, customer expectations were evolving, but there was a long way to go.
The first wave of RegTech or Regulatory Technology was designed to satisfy regulators, not compliance professionals and certainly not their customers. It was about digitizing access to datasets that governed the physical economy – relying on passports, business registers, government sanctions lists, etc.
The tech enabled compliance teams to onboard customers and manage their KYC and AML processes in a way that satisfied regulators.
Then BOOM, along came COVID….
When the pandemic hit, the world went from approx. 15% of the population working from home to more than 50% and this new way of working is set to continue. We have become internet citizens, online consumers, and remote workers. A digital world needs a digital identity. Global businesses need to establish trust online and ensure the person they’re interacting with is who they say they are.
Because, unfortunately, criminals have also exploited the disruption caused by the pandemic and are finding novel and sophisticated ways to commit fraud and launder money. Around one in five businesses have seen increased instances of fraud according to PWC.
The number of new regulations has risen accordingly – by August 2020, more than 1,330 COVID-19 related regulatory announcements had been made globally by different regulators. And a record $10.4bn worth of fines were issued in 2020.
Imagine sitting in the shoes of the compliance team – having to work with technology that was designed to be on-premises, in a specific physical setting, and built to satisfy regulators, not their profession.
And what about the customers of these compliance teams, internal and external? They have high expectations of fast, digital, seamless, and exceptional experiences. When, in fact, many companies end up letting their customers down at the onboarding stage, and that can be hard to recover from. According to Sales Cycle, 75% of applications for financial products are abandoned and 88% of consumers want more control over their data.
Although the digital economy is global, in recent times the trend has been toward national protectionism -
These local pressures and localized thinking have to be balanced or sit uncomfortably inside a global digital economy that doesn’t respect borders. There are new crypto currencies launching, booms in forex trading, and an upswing in trading in physical commodities.
So how do organizations and their compliance teams balance these competing forces? Perhaps it’s time for a new approach to customer due diligence; one based on risk rather than rules?
Firms need to be sure their approach to KYC compliance supports the balance between offering personalized experiences and corporate demands; between competing on a global stage and operating in accordance with local regulation. It’s a tricky balancing act because there can’t be any compromise between customer experience and compliance.
McKinsey estimates 3.4 billion people have some form of ID but have limited ability to use it in a digital world – and that includes the digital economy. A rules-based approach to KYC compliance could, unwittingly, take you down a path of compromise and unconscious bias.
Rules can be too rigid or restrictive when it comes to dealing with the complications of real people. Often rules fall short of accounting for complexities and all the variations associated with customers and what they do or how they behave – moving from place to place, getting married, taking new jobs.
Whereas a risk-based approach to KYC and verifying digital identities balances the need for compliance with local regs and customer expectations in a global economy.
While regulators haven’t been prescriptive around the risk models organizations need to implement to control compliance, there are key parameters or factors to consider, and these are dictated by law. These are the factors that will be important in ensuring firms onboard legitimate customers, while excluding criminals.
A risk model will be bespoke to each organization, depending on factors such as whether an individual or institution is being onboarded; what products are being sold; where they are being sold; the appetite for risk; the countries of operation…and the list goes on.
It’s vital to exclude financial crime and equally important to give genuine customers access to products. There are a lot of nuances to consider in making evaluations about whom to onboard, and a risk-based approach helps deal with that complexity.
Let’s give an example - You get an application from an individual who has a Syrian passport. With a rules-based approach, that individual is likely to be rejected, as Syria is a country that’s on your ‘no’ list. Wait a minute, though. The applicant has a Syrian passport, but they have lived in the UK for 10 years. Then you might be making a different decision.
A risk-based approach to compliance automation allows for greater flexibility and nuance. The risk-based approach to compliance allows for more subtlety. It concedes complexity in people and what may require a human eye for better decision making.
Going back to our earlier example, a machine might make the decision to say no to someone with a passport from a particular country, but it might be better to kick that over to an individual who can review the application, trigger additional tasks, and complete enhanced due diligence.
A risk-based approach to KYC helps make better, fairer decisions.
If the risk-based model enables better decisions, it also enables organizations to build a clearer picture of a customer and have a dynamic KYC process.
Taking a risk-based approach enables organizations to make the best use of their compliance resources. It means decisions can be justified to regulators – there are clear reasons and proof why certain decisions were made. And it helps prevent unconscious bias in a global, fast-paced, digital economy where people need access to products online.
All the while, organizations can form more trust with real customers and deliver improved customer experiences. If risk factors have been modelled correctly, based on a company’s risk policy, automation can remove friction from the process.
This is where RegTech, designed for the digital economy, comes into its own. Automation bears the load for compliance teams, helping them make risk-based decisions with no compromise between compliance and great customer experiences.
A risk-based approach to KYC compliance means counterparties can be onboarded at scale and across a global theatre. Compliance teams don’t have to waste time and resources checking high volumes of low-risk applicants – they can go through STP. But bringing compliance professionals into the process for medium or high-risk cases – or simply when judgement is needed – is possible.
The most important thing is to allow flexibility into the KYC process because the world is constantly changing. Organizations can’t “set & forget” a compliance process because things will always be different a year from now and skilled people will always be critical to success.
Certain tasks can and should be automated: For example:
The weight of compliance activity can then fall on technology, instead of on the compliance team or worse still, the customer.
Automating tasks enables compliance people to focus on critical thinking, building trust, and creating better experiences - using their skills, judgement, and expertise to add value.
For customers there is less waiting, fewer touch-points, less friction in the onboarding and due diligence process. Faster engagement with real customers can only be a good thing. They want to interact with a product, not a KYC process after all.
Be open to change and welcome technology that is designed for compliance teams, their customers, and the digital economy. And don’t let the computer say NO just because someone has the wrong passport.
Organizations don’t have to compromise when it comes to compliance and customer experience when they choose a modern risk and compliance management solution. It’s possible to have both regulatory compliance and fantastic customer experiences at the speed the digital economy moves.
Moody’s Analytics Know Your Customer (KYC) is transforming risk and compliance, creating a world where risk is understood so decisions can be made with confidence.
Our customers build their own compliance ecosystem using our workflow orchestration platform, leading datasets, analytical insights, and integrations with global providers to create flexible solutions.
Harnessing our innovative technology and industry expertise, Moody’s Analytics automates accurate screening and swift onboarding of customers and third-parties. We continue our support throughout the customer lifecycle by enabling perpetual monitoring of risk across global business networks in near real-time.
Get in touch to talk about your risk-based approach to KYC – we would love to hear from you.