Banks around the world are spending billions to improve their financial crime management. Yet the number of fines and sanctions being imposed on banks is still increasing. What will it take to achieve efficient and effective customer due diligence?
One would be hard-pressed to suggest that banks are ignoring the need for better customer due diligence. Indeed, according to a recent Forbes article, some banks spend up to US$500 million each year in an effort to improve and manage their Know-Your-Customer (KYC) and Anti-Money Laundering (AML) processes. The average bank spends around US$48 million per year. In the US alone, banks are spending more than US$25 billion a year on AML compliance.
With this much investment going into customer due diligence processes, one would think that the number of fines and sanctions imposed on banks would drop. But quite the opposite; our research suggests that the number of fines and sanctions has actually increased over the past 3 years. In the US, where regulators are among the world’s most aggressive in imposing fines and sanctions, banks have been hit with nearly US$24 billion in non-compliance fines since 20083.
It’s not just big fines and the possibility of sanctions that worry bank CEOs and boards; most also now recognise that inefficient AML and KYC processes also lead to lower productivity (due to significant re-work requirements), greater government scrutiny (in cases where problems persist) and the potential for decreased customer satisfaction.It’s not just big fines and the possibility of sanctions that worry bank CEOs and boards; most also now recognise that inefficient AML and KYC processes also lead to lower productivity (due to significant re-work requirements), greater government scrutiny (in cases where problems persist) and the potential for decreased customer satisfaction.
Our recent surveys and experience working with leading banks around the world suggests that many banks currently display a ‘fundamental’ level of maturity when it comes to customer due diligence: they have a defined policy that is aligned to regulation and is well communicated within the business. But the policy is often poorly executed operationally. Banks with a fundamental level of maturity often find themselves doing significant re-work and manual data entry.
Some of the more advanced banks have achieved an ‘evolving’ level of maturity. They also have a defined and aligned policy. But their policy is supported by effectively managed processes and procedures. Organisational structure is well established. Roles and responsibilities are clear and technology is being applied to improve KYC operational management.
However, our experience suggests that most banks are looking for ways to be ‘transformational’ in their approach to customer due diligence. They want to make their policies actionable and embed them in the culture by creating a set of business rules with traceability that allows them to easily identify the impact that any changes to the policy may have on operations. They want processes and procedures that are well defined across customer onboarding, client refresh and screening. They want self-service capabilities that allow customers to easily update their KYC and AML data through multiple channels.
When we work with financial institutions to help achieve this type of transformational maturity, we often start by helping decision-makers think about the four key components of customer due diligence.
Every good AML or KYC process is underpinned by relevant laws, regulations and company policies. The more mature organisations, however, are able to identify the linkage between AML and KYC policies, data requirements, underlying processes and technology. And that allows them to quickly identify how any changes in their policies will influence the wider AML and KYC ecosystem.
Most banks now continuously monitor their customers throughout the life cycle with event-driven reviews and specific actions triggered at specific times. The more mature organisations are also working to reduce unnecessary customer outreach by creating bespoke customer due diligence portals that allow customers to perform their own profile maintenance. Some are also now using ‘search before’ contact models that harvest publicly available data from third-party sources.
Relationship managers are too valuable to have their time soaked up collecting customer data and conducting manual reviews. That’s why the more mature organisations are now starting to create specialised delivery centers that allow 24/7 access to deep pools of talent at an optimised cost. This allows them to bridge existing gaps in the end-to-end process, centralise resources and focus employee skill sets.
Many banks are struggling with siloed, duplicative and inconsistent data, which means their ability to search and access sources is limited. The more mature organisations are creating data models and dictionaries that can serve as the master source of requirements and business rules. Some of the more advanced organisations are now exploring how they can leverage their AML and KYC data to unlock new customer insights that can help influence both product offerings and risk decisions.
The path to efficient and robust customer due diligence is never-ending. Banks will need to continue to invest into newer technologies and processes if they hope to remain ahead of regulator and customer expectations.
2. Enhance the customer experience for onboarding and refresh:
3. Improve risk management/financial crimes compliance by assessing and monitoring KYC client information for critical insights:
When a large global financial institution wanted to develop a solution to enable them to review tens of thousands of customer records against their financial crime policy standards and within a tight deadline, they knew they needed to move away from their existing approach and develop a holistic process that would not only have a minimal impact on customers but also provide a clear audit trail and deliver at the scale required.
Working with the institution and the local regulator, KPMG’s financial services and regulatory advisory teams designed and implemented an end-to-end solution comprising new technology tools, hosted in a secure cloud environment and an off-shore delivery center for customer outreach and case reviews. The solution improved the efficiency of customer data collection through a new customer portal; codified regulatory and policy rules into an operational workflow minimising manual effort and provided detailed management information on progress as well as insights into customer behaviour enabling continuous improvement throughout the project.
Not only can the institution now make more holistic decisions supported by a fully auditable process, they have also cut the compliance process time in half, unlocking significant operational efficiencies and savings.
©2021 KPMG, an Australian partnership and a member firm of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. The KPMG name and logo are trademarks used under license by the independent member firms of the KPMG global organisation.
Liability limited by a scheme approved under Professional Standards Legislation.
For more detail about the structure of the KPMG global organisation please visit https://home.kpmg/governance.