Best practice in KYC means knowing the process is never done. When you have established your KYC policy it’s important to keep the document and process alive. Here are some reasons why you need review your KYC policy and how to do it most effectively.
Best practice in KYC means knowing the process is never done. When you have established your KYC policy it’s important to keep the document and process alive. You may need to refresh it because your legal obligations have changed, or it might be that there are further efficiencies you could make when completing a KYC procedure.
Ensuring you have a plan for review and remediation of a KYC process is vital to ensuring ongoing compliance. In this article we share 6 areas to consider when carrying out and managing KYC reviews.
Keep your policy in daylight
In the world of compliance and risk management things change often. Fraudsters and criminals are constantly looking for weak spots and new ways to circumvent existing policies. Regulation and guidelines also change frequently, for example the risk profile associated with a regional jurisdictions may shift due to political or social issues outside your control. That’s why KYC should never be considered and forgotten. It needs to be an integral part of your company culture, and that culture needs to place high value on ensuring policies are maintained as living documents.
Set regular review cycles for your KYC policy to checks it’s accurate and up to date. Building relationships with regulators is a good idea too as this keeps lines of communication open. You might also consider having a member of the team responsible for scanning news stories about financial crime activities that could impact your business. And there’s always the option of working with a consultancy like The Edmund Group or FinTrail.
Know your reporting obligations
First and foremost, financial services businesses, like yours, have a legal obligation to report to regulators. These obligations vary according to which region you operate in. Having an external audit is helpful to ensure KYC processes are appropriate to the regulation you need to abide by and that you are complying with all legal obligations. How you carry out an audit is dependent on your needs and the size of your company. Traditionally, external audits can be carried out by another team in your company or by a recognised and established external auditing firm such as Deloitte, KPMG or EY.
The audit team can review a specific area of KYC, or do a general review based on your general risk assessment. You could ask them to look specifically at the customer due diligence (CDD) aspect of KYC. This would examine the information you collect, how that is verified, the ways you are doing that and how the process might differ from person to person in the business. Whichever path you choose audit can help with reporting.
Use reviews to improve
You’re required to have appropriate reporting and review processes in place, but how you carry those out is up to you. They are there to give the regulator information, but you can also use the information from these processes to get actionable insight that can build value for your business.
Depending on the size of your company, you might want to have internal reporting at board level and a level below that, i.e., management reporting. This can help cover how certain individuals and teams are performing when it comes to KYC; the overall degree of automation in your KYC process; the approval percentages on applications and checks; and identified risk factors. All these data points are useful for day-to-day management of KYC in your business and can improve the efficiency of your process.
Encourage expertise inside and out
Sometimes it’s easy to know where change is happening when it comes to compliance, for example a regulatory change might be well publicised and you will have time to prepare for it. But the world of financial crime can be fast-moving and smaller firms may not have specialised compliance resource to keep up to date with non-regulatory issues such as new fraud typologies. That’s when it makes sense to collaborate with industry peers or external consultants to understand what’s coming next as well as the latest best practice in KYC.
In your firm, you can also utilise people who understand KYC and have an interest in the real-world implications of what they do around compliance management. These folks are great for sourcing information and sharing knowledge across the business. This feeds positive change to KYC in practice and in company cultures.
Data is a competitive advantage
Data is all important in KYC. Accurate, comprehensive data is at the heart of the process, both at set up and review. Getting a single view of KYC data can be facilitated by a RegTech solution and it can ease a lot of headaches when it comes to reviewing performance and reporting on it. A single source of data can help solve customer pain points or identify where you can make time and money savings by tweaking the process.
All businesses handle data differently, but when you’re looking at how you source and present it, go for a system that creates easy-to-understand reports. If you have great data about your compliance and financial crime processes, you can understand whether you’re overspending or underinvesting in RegTech; if you can reduce human intervention or whether you should increase it: the level of risk in your customer base; the amount of money lost through poor financial crime systems and controls; and how well you’re performing overall when it comes to KYC.
Make KYC agile
It’s easy to get too focused on the initial customer or corporate onboarding exercise, but a huge amount of the value - and risk - comes through the lifecycle of a customer. With the right RegTech you can have flexibility to perform ongoing or perpetual KYC. You can also discover changes to your approach that will improve the process overall. For example, with a SaaS solution you can model changes to a digital KYC process before they go live. You can see how many of your decisions would have been flagged or altered in the KYC process if you had pushed the change to production. And when changes to the process are live, you can then remediate your historic decisions with a tool that automatically flags those accounts that need altering.
When change is the only constant in KYC compliance, you need to be supported by solutions that are agile enough to keep up.
Flexible RegTech for a changing world
PassFort’s SaaS solutions are flexible by nature, so when you need or want to update your KYC process, it’s not a big or expensive engineering job. In fact, our customers request an average of 8 changes to their configuration each quarter.
Dedicated customer success managers are here to help you understand the performance of your automated processes and where operational efficiencies could be made. It’s a partnership that ensures ongoing improvement to your KYC activities.
We’d love to talk to you about your KYC processes. Perhaps you are going through set up or a review cycle? Whatever position you’re in, get in touch with us any time to discuss how PassFort can help improve the way you do KYC today and manage continual improvement in the future.