Joining the FinCrime dots

For our fourth in our series of industry roundtables in collaboration with the FCA, we gathered financial crime practitioners, regulators and RegTech vendors in the Shard for a morning of lively and engaging discussion on all things KYC. Over 20 global banks, asset managers and FinTechs were represented and we also welcomed members of the FCA and the Monetary Authority of Singapore as active participants in the debate. The event was run in partnership with Evalueserve, Encompass and Tookitaki.

At a time when sophisticated criminals are also harnessing the power of technology in an attempt to stay one step ahead of law enforcement, it is more critical than ever that financial institutions create more connected and sustainable KYC frameworks to both prevent and detect illicit financial flows. This was the key focus of the roundtable, which addressed the following questions:

• Given the preponderance of RegTech solutions for fighting financial crime, how do financial firms select the products that solve their specific problems?
• What are some of the very real challenges associated with today’s KYC processes and systems?
• How can we address these challenges in a way that creates a more sustainable KYC framework?

Navigating the Fog of Innovation

We have seen an explosion of innovative solutions that aim to help financial institutions improve or augment their AML and CTF activities – we track over 160 Financial Crime products. However, breaking through this ‘fog of innovation’ can be a real challenge for financial firms, with limited time and capacity to conduct thorough market scanning exercises.

We heard from participants that in general, there is an appetite and a willingness to embrace innovative technology solutions but common barriers to adoption or exploration include:

• Herd mentality – where financial firms choose the same product, because it has a credible track record in the industry and is already deployed in peer organizations
• Risks of onboarding a small, relatively new vendor 
• Mismatch of expectations between what innovative solutions say they offer and what is actually delivered
• Lack of compelling business case – focus on cost efficiencies rather than increasing human capacity to address more complex tasks e.g. investigations 

One attendee said that it is very hard to find consistency and to distinguish between vendors who are all developing a similar product. He suggested that it would be more effective if those people came together and worked on one tool rather than seven doing a similar thing. 

Why is KYC difficult?

Given the diversity of financial firms around the table, there was a high degree of consensus about the difficulties associated with effective KYC activities:

• Current focus on remediation of legacy systems rather than being able to think strategically about improvements and innovation
• Inability to efficiently share data within an organization to create a “single view of the customer”, particularly where there are different jurisdictional requirements in place
• Lack of data sharing across organizations and the need to get to a point where there is the willingness and trust to do so
• Lack of consistency and connectedness to other elements of financial crime risk management such as customer risk assessment and transaction monitoring – particularly for sophisticated criminals who understand how customer risk rating works.
• Inconsistency in terms of interpretation and regulatory expectations of key financial crime requirements such as simplified due diligence can lead to de-risking and firms withdrawing from certain activities (e.g. correspondent banking) altogether
• Once on-boarded, the ability to keep customer data up to date through the process of periodic reviews is a Sisyphean task, and one that can cause friction in the customer relationship.

Building Sustainable KYC

Being able to accurately identify the problems and challenges is half the battle to solving them, and rather than discussing tactical solutions, the discussion was more ambitious and strategic.

Moving from data management to risk management

Several seasoned financial crime practitioners suggested that we need to think differently about how we tackle KYC. From a risk perspective, 99% of the customer population (or thereabouts) are unproblematic, law-abiding people and corporations. Current KYC methods and processes are arguably focused on data gathering, validation and ongoing monitoring of this high proportion of the customer base, but it is the1% that is evading detection, as the current methods may work for the 99% but not these sophisticated, highly-resourced criminals. 

Turning this around and automating the data management for the 99% would minimise the amount of effort and analyst time that goes into that data gathering and population in processes and systems, enabling resources to be refocused on dealing with the top 1%, and hopefully improving on the low level of global illicit financial flows being seized and frozen 

RegTech products that can automate the KYC process do exist in the market – for example, encompass enables firms to access the many different data sources required for customer onboarding, automates the regulatory risks assessment, required levels of due diligence and the ongoing monitoring of changes.  

Balance between human and machine intelligence

Whilst technology promises to be a critical part of the solution, there was agreement that it can only form part of a sustainable KYC approach. Innovative technologies such as artificial intelligence and machine learning can only be effective if there is an adequate foundational layer of high quality and comprehensive data on which they can rest. A combination of people plus technology can often be the smartest approach to achieving this foundation – one which has been very successfully adopted by several of evaluserve’s customers in tackling their customer data quality issues. 

As Anna Slodka-Turner, Global Head of Risk & Compliance Practice at Evaluserve commented “our clients come to us for help with their financial crime risk management. The problem is not often presented as being one of data – but that is usually where the root cause is”.

Freeing up resource capacity to focus on higher-value and more human-centred activities can also help in terms of customer relationships. Rather than Compliance Officers and MLROs focussing on the many and varied manual processes and data issues, automation can free these skilled people up to spend time working with the First Line of Defence more closely to educate and resolve issues with customers, thereby reducing friction in those relationships. 

Improving trust and collaboration

Collaboration is a theme that we repeatedly hear in the context of financial crime compliance because the problem is too big to be tackled by firms in isolation. Whilst it is still early days, some concrete steps have already been taken to explore how collaboration across the industry, the regulators, and technology vendors could work to improve KYC and financial crime prevention.

As the methods used by sophisticated criminals to launder their proceeds constantly evolve, this requires new methods of detection by financial firms and one way of doing this is sharing financial crime typologies across the industry. Jeeta Bandhopadhyay , co-founder ofTookitaki commented, sharing patterns (or typologies) of criminal activity with peer banks would not  involve any personally identifiable information (PII) so this could be a good starting point.

Another mechanism for collaboration on KYC is the idea of an industry utility within a specific jurisdiction for sharing customer verification and due diligence data. Several experiments have been or are being attempted, either as public/private sector collaborations (such as the KYC Utility project run by the Monetary Authority of Singapore) or industry led initiatives such as the ones in the Netherlands and the Nordics. 

Opening up the sharing of data to cross borders was explored by the FCA as part of the 2019 Global AML and Financial Crime TechSprint. Solutions using privacy enhancing technologies (PETs) were developed, demonstrating that data can be shared across firms and jurisdictions without  compromising data privacy regulations.

Conclusions

The roundtable closed with an agreement from all participants that we need to build on these fantastic examples of collaboration and create an environment where the open sharing of data becomes the norm. We also need to move from talk into action if we are going to create sustainable, effective KYC and AML approaches that address the riskiest 1%, the sophisticated criminals that cause real human suffering and harm.

---