What does the future of KYC look like?
Martin Walker, a data management and financial services expert at PA Consulting, took part in an interview with Lars Lunde Birkeland on Strise's Laundry podcast which invites external guests to give their views on how Anti-Money Laundering (AML) work is being carried out today.
Click here to listen to the podcast episode. Full text is included below.
Lars Lunde Birkeland: The rising cost and complexity of AML is forcing banks to rethink their approach to Know Your Customer (KYC). There's a lot of talk about "Perpetual KYC" and "Risk-based approach." But what does it mean, and why is everyone talking about it? We invited Martin Walker from PA Consulting to discuss the background to this change in approach to KYC, the technologies that can enable it, the barriers to adoption, and the approaches that can be taken. Martin has extensive experience working with data, financial crime, and management from an impressive career spanning KPMG, Deloitte, Nordea, and the Nordic KYC utility Invidem AB.
Lars Lunde Birkeland: First off, what´s your focus these days?
Martin: It´s about helping clients solve their KYC challenges, typically through the use of technology including the tactical aspects around “How do we understand what the problem is?” and the strategic side “What do we do to fix it?”
Lars Lunde Birkeland: What is the most common problem in KYC?
Martin: I guess one of the major problems is to decide “What is good enough?” How do we create a smooth customer experience which reflects the commercial reality but which also meets the necessary compliance requirements.
Lars Lunde Birkeland: Is there a competitive advantage in getting KYC right?
Martin: Yes there is if you can provide smoother customer experiences. The increasing focus on social responsibility presents another point to consider in this area. As we have seen with the impact of the war in Ukraine, having the wrong kind of customers can do a lot of harm to your brand. Making sure you do business with the right kind of customers can definitely bring a competitive advantage.
Lars Lunde Birkeland: How did you end up working in KYC?
Martin: My first experience with KYC was back in 2007/2008 when I was working for an audit firm and was involved in a KYC audit for one of the global banks in UK Knowing your customer was something auditors did as a matter of course. More recently I was involved in establishing the Nordic KYC utility Invidem in the role of interim CIO and Head of data.
Lars Lunde Birkeland: How has the work with AML, KYC and compliance evolved over the last few years?
Martin: Cultural differences are important when you look at how the Nordics and the UK approach KYC. The British culture is very prescriptive with clear rules and that is reflected in the way the FSA sets out their guidelines on KYC and AML. The culture in Sweden and the Nordics is more open, embracing and trusting individuals and addressing the challenge of how you make people follow official rules and guidelines. In addition, the Nordic countries and banks have got sucked in to the issues in the Baltics when it comes to money laundering prevention which has created a need for a change of mindset among the Nordic banks who now have to consider what level of prescription they need.
Lars Lunde Birkeland: What are the trends you are now seeing in KYC?
Martin: The latest trend is the use of risk-based approaches. How do you go from a one size fits all process to an approach where you need to really understand the risks of particular clients? How do you use the data available in the analysis of the risks around that client? How do you pick the right customers and use the right data in a smart way?
Lars Lunde Birkeland: What does the future of KYC look like?
Martin: Banks need to move along the same path as social media companies when it comes to how they use data to really understand customers and get insights into customer behaviour. For a bank this is around how you identify which are potential criminal activities and which are normal business activities. One of the major challenges here is the quality of the data. How do you bring together external data with transaction data and how do you map data from different external sources with the internal transactional data? All this makes the quality of data the biggest single challenge for banks.
Lars Lunde Birkeland: What do you see as the biggest implementation challenges?
Martin: Firstly, the data challenge in the onboarding process. When corporate organisations start to offer services to global customers, they then need to deal with data integration across different countries. A zip code in one country is not the same in another country and has to be treated differently, which makes even recording a simple change of address more complex. Access to data also varies among countries. In the Nordics open data sources are very common which is not always the case elsewhere. Secondly, people and processes present very complex challenges. There is and will always be a conflict between different groups and stakeholders in an organisation. One example is the tension between first line support in a bank who want to handle as many clients as possible and those working in second line support who focus on quality and compliance.
Lars Lunde Birkeland: What are your top tips for companies in addressing these challenges?
Martin: To focus on the right things. That means understanding what the problem is that we are trying to solve. That includes working out what is the right data standard for you. You need to start with a good KYC standard that the business and compliance team buy into. The KYC standard then becomes the document against which we can verify the data we get from the client staring with onboarding and moving through the operational side and due diligence to the off boarding process.
Lars Lunde Birkeland: What are the inherent challenges of perpetual KYC, and how should companies work to overcome these?
Martin: Perpetual KYC should be a system that can receive proper alerts when there is a change in risk and make smart decisions about what it means to the business and what intervention is needed and how that response can be automated. That means identifying what the changes are that require an intervention. For example moving a business from one street to another would not require action. However, if the person moves to a building with a high number of corporate mail boxes it might be. An advanced risk model that can interpret changes in risk in a smart way is absolutely key. So is the choice of external data sources. Are they reliable enough? And all of that is complicated.
Lars Lunde Birkeland: What are the top three tips for regulated companies just getting starting with KYC?
Martin: Number one, to understand where you are and what your immediate challenge is today. Number two, get the data standard agreed for the KYC. Number three: come up with a realistic plan. How can you slice the elephant sized task into smaller pieces? What do the manageable chunks look like and how do we get the right stakeholders involved?
Lars Lunde Birkeland: What is your advice to companies that already have good KYC processes?
Martin: There are always opportunities for improvement. How do you use your data in a smart way to combine operational efficiency with operational effectiveness? Effectiveness here means “How well are you doing at identifying criminal activity?” and efficiency is “At what level of efficiency are you doing that?”