The burden of regulatory compliance for financial institutions continues to be onerous despite recent actions by the government to lighten the load. Notwithstanding the complexity of many regulatory requirements, stakeholders are increasingly demanding more from their compliance departments while also raising expectations for efficiency and cost-cutting.
The processes around anti-money laundering and combating the financing of terrorism (AML/CFT) are examples of complex requirements. Foundational to every effective AML compliance program are various “know your customer” (KYC) activities. These include several processes that necessitate the collection and verification of certain customer information during the customer onboarding process as well as require institutions to periodically review the customer information collected to demonstrate an understanding of their customers and the potential money laundering/terrorist financing risks that a customer may pose to the organization. Periodic review of the customer information includes a review of the transactions in the customer’s accounts using a risk-based approach.
Ongoing KYC obligations can be very challenging for organizations, for a number of reasons. Not knowing enough about customers or not requesting the right information up front can limit the ability to monitor customer activity effectively. Complicating matters further is the lack of a single repository for customer information at many institutions. Often, customer information is dispersed across multiple departments and systems, which hinders efforts to develop a singular view of the person, their activities and, ultimately, their risk profile.
Fortunately, RegTech solutions have been developed to assist financial institutions in their efforts to streamline their KYC activities. One such technology, robotic process automation, or RPA, has already been implemented successfully to streamline periodic reviews of KYC information, as well as to aid in the review of alerted transactions – processes that can be manually intensive. At Protiviti, we have developed use cases involving the automation of such rules-based and repetitive regulatory tasks, including the transaction alerts review process. The RPA steps included in this process can be similarly used in the periodic reviews of KYC information.
In addition to RPA, other capabilities in the RegTech ecosystem include artificial intelligence (AI) and machine learning (ML), data analytics and visualization, and blockchain. The outputs of these digital technologies can deliver enhanced regulatory reporting, in addition to their other benefits. Below is a brief look at each of these technologies and their KYC applications.
Artificial Intelligence. AI-powered platforms and software can be applied to periodic review activities to analyze and identify relationships that traditional KYC methods fail to uncover. These results can be combined with tailored ML algorithms to help financial institutions identify inconsistencies and potential criminal activity during periodic reviews of KYC information.
Data analytics and visualization tools leveraging ML, and digital biometrics, can be used to create enhanced customer profiles. These enhanced customer profiles utilize traditional onboarding data and combine it with data analysis of customer activities across business lines (e.g., deposits, lending) and geographies, and even unique biometric data, such as fingerprints and facial and retinal patterns, to provide an enhanced, singular customer view that offers valuable insight into potentially risky client behavior.
Blockchain is already being used to streamline customer onboarding by assigning unique and unalterable digital identities to parties in financial transactions. With the technology, a single customer profile can be maintained in several databases and be accessible by all but can only be altered through a consensus mechanism. This can substantially reduce redundant documentation requests and checks. Additionally, blockchain technologies can provide transaction audit trails, which is helpful for transactional analysis.
Finally, as often is the case with digital technologies, they combine to deliver synergistic results independent of their specific use. In this case, data analytics performed on outputs from AI, ML and RPA can be used to produce reporting that includes more information in its analysis, is more transparent and can be displayed using data visualizations.
Andrew Mueller, a Senior Manager with Protiviti’s Risk and Compliance practice, contributed to this content.