As new know your customer (KYC) rules are being implemented by countries around the world, banks and investment management companies are beginning to realize the scale of the challenge around managing their KYC data is about to become substantial. New best
practice is “dynamic” KYC – knowing where a particular client stands against increasing regulatory complexity, an evolving global environment, and as a result of their own material changes – at any given moment.
The pace of change in the development of KYC regulation has been so swift that it’s hardly surprising that most organizations fall far short of this new benchmark. At the moment, KYC data is updated periodically, when there is a refresh program going on,
or because of a trigger that the organization becomes aware of. Dynamic KYC may be about to become a regulatory requirement, but for many organizations it can look like Mission Impossible.
That’s because, as I discuss in a
new video, the challenge around managing KYC data is enormous. Financial services organizations need to have a process that complies with multiple types of KYC regulations, including anti-money laundering, terrorist financing, bribery & corruption, and
tax rules like FATCA. To make matters worse, they need to comply with all these different types of rules across all of the jurisdictions that they operate in – and in some jurisdictions there will be more than one regulator to take into consideration.
As if this weren’t enough, the rules are constantly evolving. For example, around the globe countries are now updating their anti-money laundering rules to bring them up to the standard set by the Financial Action Task Force’s (FATF) new guidance issued
in 2012. The FATF 2012 guidelines create a whole new framework of KYC obligation for financial services organizations – and it’s one that will revolutionize their approach to KYC data management.
Today’s financial services organizations now need to – as a first step – be sure they have all the correct client on-boarding data at the start, as required by regulators. They must understand that data in the context of the potential client’s wider operating
environment, and then take a decision as to whether they can do business with that client, or not.
Before that was the end – now it is only the beginning. Organizations then need to keep on top of material changes, because their clients may forget to tell them about those changes. Organizations must then understand this client information against a backdrop
of evolving contextual data – news, social media, regulatory filings and sanctions. They need to be able to do this continually – without ceasing – over the course of the entire client life-cycle to be compliant.
However, managing this data is just the first step. Both when clients are first being on-boarded, and then over this longer, continuously monitored lifecycle, organizations need to manage risk effectively. They need to be able to take the data and transform
it into risk intelligence, so that they are able to trigger the risk management actions that are needed to manage organizational risk and enhance their client relationships in ways that make sense.
The road ahead is mapped out – banks and investment managers need to raise their game significantly in order to implement a dynamic KYC data approach to their anti-money laundering, bribery & corruption and FATCA compliance programs. There are essentially
two options – to buy in the data and solutions to create an internal process, or to work with a managed service. Each organization and its compliance team will want to explore the pros and cons of either approach as they move forward towards dynamic KYC.