How to get to know your customer, perpetually

We know that the more information gathered throughout a customer relationship lifecycle, the deeper the understanding of the client. In turn, this understanding leads to better monitoring and risk management.

Typically, a KYC review occurs during periodic reviews – whether after one, three, or five years. However, these reviews often become a tick-box exercise. They frequently rely on siloed data sets, failing to provide a holistic view of the customer. Additionally, there are key nuances in KYC, such as triggers and thresholds, that prompt an in-depth review to either increase or downgrade a customer's risk profile.

So how do you stay on top of KYC to deeply understand your clients while monitoring and managing risk? Enter Perpetual KYC.

The core of Perpetual Know Your Customer (pKYC) is to enable automatic ongoing monitoring of customers. This happens by integrating and using information from internal and external data sources, such as corporate registries, adverse media searches, transaction monitoring, and customer due diligence, to provide a holistic view of the customer. Rather than having a one-time, isolated risk assessment – which may quickly become outdated – pKYC means banks and other financial institutions can receive alerts whenever a significant change occurs. This allows them to adapt their risk management processes in real time. The challenges, however, range from data quality and operational issues to finding the balance between compliance and commercial business goals. Here’s how to overcome them:

Setting the standards

To continuously know your customer, outlining policies, instructions, and standards is a foundational step to implementing technology to enhance efficiency and automation. Clearly defined standards specify what data must be collected, stored, and monitored, providing an automation blueprint.

Standards play a crucial role in setting acceptable risk thresholds, outlining escalation and trigger protocols, and defining control measures that guide operational and compliance practices. For larger organisations, standards ensure the uniform application of risk assessment processes across departments, regions, and teams, reducing the likelihood of errors or inconsistencies. This consistency simplifies employee training and the adoption of new technologies, fostering better collaboration, and enabling more effective decision-making.

Additionally, the standards play a pivotal role in enabling all banks and financial institutions to scale their risk management processes efficiently while maintaining accuracy and compliance. They act as a blueprint for tailoring risk assessments to meet regional, regulatory, and market-specific requirements, all while adhering to a unified organisational strategy. Standards need to balance meeting compliance obligations and achieving commercial goals by providing clear guidance on acceptable risk levels and due diligence thresholds. Moreover, they help risk owners understand their risk and risk appetite.

In a nutshell, by defining standards at the outset, you provide the structure upon which automation and new technologies can be effectively and compliantly built. A strong standard is indispensable. Without it, no level of technology can effectively address compliance and operational or efficiency needs. To ensure your bank's compliance and operational needs are effectively captured within your standards, it is essential to evaluate what compliance looks like in your industry. This includes thoroughly understanding your existing policies, processes, and procedures for KYC while aligning them with the standards your institution follows.

Let’s talk about data

Organisations must plan how data is captured, analysed, and stored, ensuring scalability, and future usability. Key considerations include:

1. Data collection methods and sources: Identifying how you will collect data for pKYC. Will it come from transaction monitoring systems, adverse media, name screening, or public sources? Will APIs or batch extraction be used?
2. Data types: Identity, transactional, and behavioural data are vital for monitoring but add complexity, especially when analysing structured and unstructured data.
3. Data quality: Accurate, up-to-date, and consistently formatted data is crucial. Legacy systems and un-remediated files often hinder this.
4. Data integration: Seamless system integration enables a 360-degree customer view, a cornerstone of pKYC.

To implement pKYC effectively, firms must adopt a data-led strategy. This requires significant changes, including to the target operating model, supported by:

1. Data governance and ownership: Clear ownership ensures consistency in data formats and sources. Robust governance structures define roles, responsibilities, and accountabilities.
2. Regulatory compliance: Policies must ensure compliance with AML regulations and GDPR in data collection, processing, and analysis.
3. Capabilities and tooling: Beyond data collection, firms need advanced analytics to identify changes in customer behaviour and generate alerts. This depends on technological maturity and skilled teams.

With strong governance, integration, and privacy controls, firms can achieve continuous monitoring, real-time updates, and regular quality checks, allowing them to identify emerging risks. Scalability is equally important. Systems must manage increasing data volumes and adapt to evolving regulations.

Without a solid foundation encompassing governance, integration, and capabilities, pKYC cannot reliably deliver customer risk management or meet compliance standards. Inefficiencies and regulatory breaches then become inevitable.

Challenges and opportunities in your operating model

We know pKYC can bring substantial efficiencies through leveraging technology, automating processes, and deploying an upskilled workforce. For firms looking to move towards a pKYC operating model, there are three considerations to keep front of mind:

1. Assess your technology: Evaluate your systems and platforms to determine if they are fit for purpose. Consider factors such as systems integration, calibration of current screening systems, upgrade requirements, and data cleanliness. This assessment is crucial for deciding whether to adopt a partial or full pKYC solution and to automate certain processes.
2. Employ intelligent automation: Identify pain points to determine areas that would benefit most from automation, such as pre-filling customer forms or identification checks to speed up onboarding, or prioritising customers based on risk levels.
3. Upskilling the workforce: First-line operations staff often work in silos, making the transition to a pKYC model challenging. Demonstrate the benefits of the new model can provide, such as improved quality of work, and upskilled roles. Also, consider developing a strategy to engage employees from the start, with senior leadership demonstrating buy-in and leading by example.

Regardless of where you are in the journey towards automation, considering these elements, along with data and procedural factors, will prepare you for the next steps in pKYC. Remember, there is always room for improvement, whether you aim to move towards pKYC or partial automation. Use your data intelligently to enhance both operational efficiency and effectiveness.

Transitioning to a pKYC model offers significant opportunities for enhancing risk management through continuous monitoring, intelligent automation, and workforce upskilling. By setting robust standards, adopting a data-led strategy, and ensuring strong governance, organisations can achieve greater operational efficiency and effectiveness, ultimately balancing compliance with commercial goals.