In talking with clients about their strategy around perpetual or event based know your customer (“KYC”) risk approaches there are two different groups: firms that have started implementing an event based KYC approach and those that have not but understand
that they will need to in the future.
Change and transformation is hard. Firms need to stay in compliance and also manage the customer experience. Moving from the typical periodic review cycle of 1,3, and 5 years to event driven does not have to be all or nothing.
Risk Based Approach Using Targeted Due Diligence
There are a number of approaches firms can take to move their due diligence reviews from periodic to event driven. The most common approach is to identify a set of key data points that derive the most risk. For example that could be change of address,
change of ownership structure, etc. By using this targeted diligence approach firms can apply these changes to trigger a new due diligence. Firms can go one step further and add rules onto these data changes. For example, if the client has an address in
one particular country only trigger a new due diligence if they change to another country that is outside of the current risk band of the previous country.
In addition, it has been observed that firms are starting their KYC transformation from periodic to event driven within certain lines of businesses. For example, clients have started event based KYC program in their commercial banking line with further
rollouts to other business units to follow.
One concern about moving from periodic to event driven KYC is the potential volumes of customer risks to conduct. A majority of the customer base will have non-material events that can be resolved through a combination of rules and straight through processing.
Given how in recent events global sanctions have been used in a larger way, the firms that move to an event driven KYC process will have a better handle on the current risk of the customer base and be better equipped to management reputational risk.
Regulatory bodies have started to weigh in ongoing KYC due diligence. In Spain there has been an amendment to the Royal-Decree Law stating that due diligence should be conducted at the time as the client’s circumstances change.
A common misconception is that event based or perpetual KYC has to be all or nothing. Yes in a few years the regulators may require as such but in the time being firms have the ability to start planning for the near future. As compliance professionals
know it is better to have a plan when the regulators are asking questions rather than having a plan dictated to the firm.