Don’t Get Lost in La La Land – Ensure Your KYC and AML Policies and Operations
A few weeks ago, at the 89th Academy Awards (better known as the Oscars), long-established but uncontrolled processes led to the wrong information being used for a critical decision.
This mistake caused a disaster; resulting in significant loss of reputation and embarrassment for certain senior individuals. It happened when, on live television, millions of people around the world watched as a confused Warren Beatty handed the wrong card to his co-presenter, Faye Dunaway who immediately announced that the winner of the best picture award went to ‘La La Land.’ La La Land’s producers were well into their acceptance speech before the truth came out; Beatty had been handed the wrong envelope before he took the stage. The movie Moonlight was in fact the real winner!
Charles Perrow, the author of a book on accidents writes, Accident reconstruction reveals the banality and triviality behind most catastrophes. Mr. Perrow goes on to explain that although it would be logical to think so, most terrible accidents are not the result of a single, calamitous error but are, rather, the end products of long strings of seemingly inconsequential decisions and conditions.
And so it is with the world of KYC and AML operations; the failing (or chain of failings) that will probably result in a huge fine from a regulator, damage to professional reputations, and at worse, loss of a banking license. This isn’t likely to be because of a great big one-off misdoing, but rather more inclined to be from lax interpretation of complex regulations, and a general lack of control in applying the relevant rules during fragmented and manual client onboarding processes.
Within the industry, it is acknowledged that intensified regulatory scrutiny, combined with increasing cost pressures, are relentlessly testing the Know Your Customer (KYC) and Anti-Money Laundering (AML) practices of banks and other financial institutions. Particularly, in late June 2017, the 4th EU AML Directive comes into force, bringing with it the threat of fines as high as 10% of a firm’s annual turnover for severe regulatory violations. Prevailing industry sentiment indicates that the operational cost of KYC checks is much too high, and much too risky, precisely because of continued reliance on inefficient and error-prone manual processes.
This state of affairs, in turn, runs the risk of getting it wrong; now incurring much higher fines for serious compliance failure. An outcome that will be both financially costly and damaging to reputations. Reflecting this perception, recent in-depth research in the market place has exposed the key challenges of KYC-AML operations.
When interpreting regulations, being able to identify what critical information is needed from clients. Invariably too little information will result in inadequate compliance, while asking too many questions (possibly multiple times) will adversely impact client experience.
Client data being stored in different places, in different formats and of varied quality in siloed, legacy systems.
Defining the KYC-AML policies according to constantly evolving regulatory requirements, and then implementing them operationally across global functions is exceedingly difficult.
When contemplating these challenges, it is increasingly obvious that there needs to be an audit trail of the interpretation and application of regulatory policy, specific to a multitude of jurisdictions and different regulation types. At iMeta, we believe that systems like our Client Lifecycle Management (CLM) platform can provide a single technological environment; where policy created from interpreted regulations can be deployed, and where the configurable rules engine will then enforce the application of the policy in an industrialised, standardized way.
In other words, with a CLM platform, data heavy onboarding processes will be executed and managed in an operational context that employs a rules based, policy driven workflow engine. This is because rules based process management engines can be configured to automatically prioritise and drive required onboarding activities based on relevant criteria such as; customer, product, geography and risk rating. Configurable onboarding workflow allows for the assured support of specialised policies and procedures across a matrix of both jurisdiction and product, while enforcing common operational best practices across multiple lines of business and geographies.
Establishing a CLM Process
When establishing the need for a CLM platform, especially in the context of AML and KYC compliance, the extent of capability need to be considered.
Onboarding and lifecycle management is about the collection, maintenance, support and control of both data and documentation. Previously document focussed, the processes are becoming more data driven. Links between the data and underlying documentation need to be captured and maintained for regulatory purposes. Audit trails are required to address the existing challenge of knowing where content was originally sourced from. This should be fully viewable and referable, with time-stamped audit history of manual and automated steps taken during onboarding, including related documentation. Additional to the data / documentation scope, is the need for an audit trail of all system changes, including policy rules and workflow changes.
Systems managing this level of complexity require a single shared data model spanning the database model itself, code and relevant interfaces. The data model needs to be flexible; allowing for entity types, reference data types and attributes to be added in extension to the platform components core data model. Model extensions need to be configured by means of flexible configuration files, while a centralised Data Management Engine is required to apply workflow processes and invoke the rules engine to apply business rules to entity data, regardless of the source of the data (inbound internal message, external data provider, or manual data input etc.)
Ability to report in real-time on key operational risk metrics; including timeliness, volumes and process trending, are required components of a strategic CLM system. This supports the complete drill-down in detail of each and every case. The system should also, within its rules, deploy configurable service-level agreements (SLAs) to ensure that processes are managed within regulatory and internal control time-frames.
By choosing a comprehensive CLM system you can ensure that you can manage your complex business relationships efficiently, so that your clients will enjoy a straightforward, professional and enjoyable experience. You will be able to demonstrate to the regulators that you have robust policies in place with auditable proof of your process and decisions. And your reputation in the marketplace will remain positive, as a recommended firm to do business with. In addition to this you will benefit from enhanced business agility, continuous improvement to your client onboarding process, and cost savings and operational efficiencies will be realised.
As in the case of so many catastrophes before it, the many causes for the Oscars envelope mix up were invisible to all the participants in the process beforehand, but they were actually quite easy to identify in retrospect, when things had already gone badly wrong! With iMeta CLM it is not necessary for this to be the case with your KYC and AML compliance when the regulator comes to call!