One would be hard-pressed to suggest that banks are ignoring the need for better customer due diligence. Indeed, according to a recent Forbes article, some banks spend up to US$500 million each year in an effort to improve and manage their Know-Your-Customer (KYC) and Anti- Money Laundering (AML) processes. The average bank spends around US$48 million per year. In the US alone, banks are spending more than US$25 billion a year on AML compliance.

With this much investment going into customer due diligence processes, one would think that the number of fines and sanctions imposed on banks would drop. But quite the opposite; our research suggests that the number of fines and sanctions has actually increased over the past 3 years. In the US, where regulators are among the world’s most aggressive in imposing fines and sanctions, banks have been hit with nearly US$24 billion in non-compliance fines since 2008.

It’s not just big fines and the possibility of sanctions that worry bank CEOs and boards; most also now recognize that inefficient AML and KYC processes also lead to lower productivity (due to significant re-work requirements), greater government scrutiny (in cases where problems persist) and the potential for decreased customer satisfaction.It’s not just big fines and the possibility of sanctions that worry bank CEOs and boards; most also now recognize that inefficient AML and KYC processes also lead to lower productivity (due to significant re-work requirements), greater government scrutiny (in cases where problems persist) and the potential for decreased customer satisfaction.

Our recent surveys and experience working with leading banks around the world suggests that many banks currently display a ‘fundamental’ level of maturity when it comes to customer due diligence: they have a defined policy that is aligned to regulation and is well communicated within the business. But the policy is often poorly executed operationally. Banks with a fundamental level of maturity often find themselves doing significant re-work and manual data entry.

Some of the more advanced banks have achieved an ‘evolving’ level of maturity. They also have a defined and aligned policy. But their policy is supported by effectively managed processes and procedures. Organizational structure is well established. Roles and responsibilities are clear and technology is being applied to improve KYC operational management.

However, our experience suggests that most banks are looking for ways to be ‘transformational’ in their approach to customer due diligence. They want to make their policies actionable and embed them in the culture by creating a set of business rules with traceability that allows them to easily identify the impact that any changes to the policy may have on operations. They want processes and procedures that are well defined across customer onboarding, client refresh and screening. They want self-service capabilities that allow customers to easily update their KYC and AML data through multiple channels.

When we work with financial institutions to help achieve this type of transformational maturity, we often start by helping decision-makers think about the four key components of customer due diligence.

1. Policy and risk management: Every good AML or KYC process is underpinned by relevant laws, regulations and company policies. The more mature organizations, however, are able to identify the linkage between AML and KYC policies, data requirements, underlying processes and technology. And that allows them to quickly identify how any changes in their policies will influence the wider AML and KYC ecosystem. 
2. Processes and services: Most banks now continuously monitor their customers throughout the life cycle with event-driven reviews and specific actions triggered at specific times. The more mature organizations are also working to reduce unnecessary customer outreach by creating bespoke customer due diligence portals that allow customers to perform their own profile maintenance. Some are also now using ‘search before’ contact models that harvest publicly available data from third-party sources.
3. People and organization: Relationship managers are too valuable to have their time soaked up collecting customer data and conducting manual reviews. That’s why the more mature organizations are now starting to create specialized delivery centers that allow 24/7 access to deep pools of talent at an optimized cost. This allows them to bridge existing gaps in the end-to-end process, centralize resources and focus employee skill sets.
4. Data, technology and analytics: Many banks are struggling with siloed, duplicative and inconsistent data, which means their ability to search and access sources is limited. The more mature organizations are creating data models and dictionaries that can serve as the master source of requirements and business rules. Some of the more advanced organizations are now exploring how they can leverage their AML and KYC data to unlock new customer insights that can help influence both product offerings and risk decisions.

The path to efficient and robust customer due diligence is never-ending. Banks will need to continue to invest into newer technologies and processes if they hope to remain ahead of regulator and customer expectations.

1. Optimize KYC business operations to reduce the total cost of KYC compliance 
   1. Implement a data model/data dictionary to capture all required data elements, requirements and business rules based on entity type.
   2. Define data lineage between policy, business rules and technology to ensure alignment with policy and to easily understand the impacts of policy changes.
   3. Leverage technology solutions (e.g. workflow/case management) and client channels to automate the processing of KYC cases, thereby reducing time and improving operations efficiencies.
   4. Ensure the right skilled people are undertaking the right activities in the right way (e.g. sourcing options).
   5. Know your customer better through relevant data collection
       
2.  Enhance the customer experience for onboarding and refresh
   1. Improve the customer experience and enhancing the KYC data collection processes by leveraging clearly defined data requirements and business rules.
   2. Minimize customer outreach by aggregating publicly available customer data.
   3. Provide a true omni-channel experience by enabling self-service capabilities (e.g. portal, mobile).
       
3. Improve risk management/financial crimes compliance by assessing and monitoring KYC client information for critical insights
   1. Use evidence-based, robust and auditable processes.
   2. Conduct early risk-based assessment through customer segmentation.
   3. Achieve quality financial crime judgement rather than simply conducting a data collection exercise.

When a large global financial institution wanted to develop a solution to enable them to review tens of thousands of customer records against their financial crime policy standards and within a tight deadline, they knew they needed to move away from their existing approach and develop a holistic process that would not only have a minimal impact on customers but also provide a clear audit trail and deliver at the scale required.

Working with the institution and the local regulator, KPMG’s financial services and regulatory advisory teams designed and implemented an end-to-end solution comprising new technology tools, hosted in a secure cloud environment and an off-shore delivery center for customer outreach and case reviews. The solution improved the efficiency of customer data collection through a new customer portal; codified regulatory and policy rules into an operational workflow minimizing manual effort and provided detailed management information on progress as well as insights into customer behavior enabling continuous improvement throughout the project.

Not only can the institution now make more holistic decisions supported by a fully auditable process, they have also cut the compliance process time in half, unlocking significant operational efficiencies and savings.