Many firms have taken the trouble to digitally transform their onboarding, but are wasting eye-watering sums of money and man-hours on inefficient processes when it comes to ongoing monitoring. And yet KYC monitoring is vital to ensure compliance with Money Laundering directives so where does it all go wrong and what can firms do to implement change?

Read on to see if our pain points resonate with your business.

1) Money and time wasted on false positives

A false positive occurs when a genuine customer is flagged for enhanced due diligence because their name matches with a name on the Political Exposed Persons (PEPs) or Sanctions list.

False positives are a significant burden to regulated firms, as time and money is spent investigating a false positive that is often unwarranted. However, if firms do not perform the correct screening for PEPs and sanctions (even if it is a false positive) they can face serious fines from the regulator.

For a typical financial institution monitoring KYC, typically 75%-85% of the alerts are false positives, with up to 25% reviewed by level-two senior analysts (source). Working through each alert is time-consuming and complex at an average cost of £20 each time, cumulatively creating a hefty bill when a Financial Services has millions of customers to screen (source).

Whilst false positives cannot be completely prevented, an automated process will reduce the challenge and deliver reduced operational costs.

2) Undetected risks due to poor data

In contrast, a false negative occurs when a client who is associated with a sanctioned entity, is not flagged for enhanced due diligence. Failure to identify a sanctioned entity can be serious; also leading to fines, regulatory enforcement and reputational damage.

Your risk radar can be exposed without quality data sources to identify PEPs and Sanctioned individuals. Inaccurate data entry, human error as well as poor data quality is at the core of compliance screening issues that anti-money laundering (AML) professionals face daily.

With a 35% yearly increase in the PEPs register alone (source), 33,000 sanctioned individuals and more than 11,500 sanctioned businesses globally it is important to screen new and existing clients to remain compliant. 

Is your business using quality data sources that are automatically updated and consolidated? If not you should be reviewing your processes.

3) Lack of detail of alerts lead to inefficiencies

If a corporate customer appoints a new director or has a change in ownership an alert is often generated. From our experience, a key problem is that the alerts do not include enough detail to allow a compliance officer to make a real-time risk-based decision. For example, some monitoring solutions will alert you to a change in company directorships, however, will not clarify who the new directors are, meaning a compliance officer will need to go back into the system and investigate.

A simple way to overcome this challenge is to ensure you are working with a platform that delivers the level of detail as well as actionable information that supports your business and reduces your risk exposure.

4) Poor record keeping

Disparate systems and in some cases manual record has proven to be a major challenge when the regulator comes knocking.

It’s not enough to just monitor your customers on an ongoing basis, you need to demonstrate to the regulator your activity and provide a clear audit trail as evidence.It is important your monitoring solution shows clearly when you were alerted and the action is taken. By automating these tasks you can be confident of your processes rather than relying on paper-based, or disparate systems that record your activity in a haphazard form.

5) Lack of configurability 

Many ongoing monitoring solutions offer limited configurability on what should be alerted meaning flagging issues your organisation doesn’t care about. Ensuring your compliance partner has a highly configurable regulatory rules engine;will allow you to easily adjust your ‘rules’ in real-time, maintaining compliance with changing regulations, reducing irrelevant alerts and maximising efficiency.

6) Holistic approach to compliance better than a data-driven model  

With data volumes continuing their growth trajectory some businesses have aligned themselves to a ‘data provider’ for their compliance solutions. Many of these relationships involve data bolt-ons rather than the holistic approach required to solve compliance challenges and achieve the necessary level of due diligence required to satisfy the regulators.

A holistic approach should be taken from the point of onboarding through the customer lifecycle to ensure the relationship a business holds with its customers is as it should be. Whilst data-driven solutions embed the data into a process it does not look at the bigger picture and nuances that are required when transitioning from onboarding to ongoing monitoring. With a data-driven approach, there is limited configurability on what should be alerted, which results in wasted time as inconsequential issues may be flagged. Other nuances may include changes in legislation or a business' appetite to risk.

7) Amber Management monitoring

Regulated businesses find it challenging to recognise, monitor and report on the number of Ambers within their compliance systems. The ‘ambers’ are the ambiguous results, that cost the business in both financial penalties, as well as reputational damage. It is the Ambers that create friction and act as a drain on operational efficiencies.Your business needs to be able to quantify the ambers, track their progress and provide insight into the cases that require further investigation.

Your compliance partner should provide this insight, along with comprehensive reporting allowing your business to equip the compliance team with the necessary resources to achieve the required compliance. Without the amber management approach, a business leaves itself exposed to unnecessary risk.

In Summary 

Compliance teams are often competing for tech resources with customer-facing projects and instead find themselves recruiting more people to deliver the requirements to achieve compliance. They often find that they are having to do more with less and have a reactive rather than a proactive approach to compliance.
2020 saw digital transformation projects being brought forward to combat the barriers that Covid19 delivered. Now, more than ever is the time to face the challenges of ongoing client monitoring and continue the digital transformation through the whole lifecycle of your customers. By deploying a software solution you can overcome the challenges highlighted above and achieve regulatory compliance as well as operational efficiencies.