The evolution of KYC

By Renitha Singh, Group Financial Crime Compliance Officer, Liberty Holdings Ltd

When the concept of ‘Know your customer’ was first introduced in South Africa round the turn of the 21st century and many other parts of the world, it was very restrictive in its interpretation. While the idea of collecting client information was known, there was not much else to do with the information but tick the box. Some organisations maintained the information electronically, while most used up excess storage space to keep the records in boxes, with little idea of how to proceed or even effectively process. We often see that data is on paper but never captured on client systems – resulting in a data remediation effort for legacy clients.

Even then, with the understanding of KYC, there was uncertainty of what client information and document to collect. We all knew that we needed the identity document and proof of residential address, but that alone was not sufficient to create an adequate risk profile of the client. There was also the concept of politically exposed individuals that could be considered to assess the overall risk of the client, but where could this information be obtained?

Sure, we could add products that the clients had in their portfolio, but even then, there was no risk assessments on the products or the product families.

With limited information, organisations categorized their client population into low, medium and high risk. This was not necessarily accurate, but it was all they had to work with. So, the advent of KYC did not do much to advance the case for accurate client profiling and risk assessment.

Fast forward to 2 decades later, and immense changes in legislation globally, the process of gathering client information has morphed exponentially, with the science behind the collection of said information playing an intrinsic role in the determination of risk within an organisation. There is also increasing global pressures to have effective ML / TF legislation, otherwise countries face the risk of being placed on the grey list by the Financial Action Task Force.

The Financial Intelligence Centre, custodian of the Financial Intelligence Centre Act in South Africa, continues to publish compliance guidance and amends to the legislation for accountable institutions. This includes guidance to accountable institutions to ensure that client risk was correctly and adequately assessed in accordance with global best practice.

Previous legislation was very rules based, prescriptive and mostly restrictive. Accountable institutions had to obtain identity documents, proof of residential address and myriad of other documents that was supposed to assist in identifying the client with little focus on assessing the client risk. While it was well-intended, it had the opposite effect with the very people that we were supposed to collect the information from – the ordinary customer did not fully understand why they asked to provide all this information, financial institutions themselves could barely plausible explanations, which only served to frustrate the entire process. . Couple that with the fact that many accountable institutions were ill-equipped to manage the end-to-end process. It meant painstaking hours and laborious processes of collating the documents and marking it against the client portfolios thereby making the client ‘compliant’.

The rapid pace at which the world was changing, in addition to the evolving technology necessitated changes to legislation. Money laundering was no longer confined to just cash, neither was terrorist financing. The ordinary citizen started to use cash less, placing greater reliance on digital platforms – the smart crook found new ways to scam, steal and defraud. The typologies started to change and it heralded more changes for the betterment of all stakeholders in the value chain. Further the identification of PEPs and the increased risk they, and their relatives and close associate posed led to the improvement of watch lists and automated matching process.

Legislation too has evolved. The risk-based approach now places the responsibility on accountable institutions to understand, assess and mitigate their clients’ risks based on a wider range of factors, including industry, occupation and business activity. The introduction of the risk-based approach sounded the arrival of the new dawn in determining KYC requirements. It created opportunities for financial institutions to direct resources to review clients that pose the highest risk, whist exploring options outside the traditional hard copies of documents to prove identity or place of residence.

Customer centricity and customer user experience with engaging an institution has become the norm, with customers no longer subjected to the submission of endless papers to prove their existence, nor lengthy onboarding processes.

Data service providers has become that important port of call to verify the identity of customers, providing real-time information that extend to employment status, field of work and even corporate interests, which greatly assists in the enhanced due diligence process.

The significance of being able to onboard clients in a non-face-to-face manner became that much more relevant during the global pandemic and demonstrated the expeditiousness with which some financial institutions adapted to a growing need to amend their existing processes. Non-face-to-face engagement with clients remains a challenge for many organisations due to the fact that many are still struggling to meet the demands of an everchanging client base, however much improvement has been noted globally. It has also led to considerable cost-saving for financial institution who started to invest more in a digital strategy and led to the phasing out of many dated branch type environments.

With the move from manual to automated and digital collation and verification of client information, institutions are able to derive a greater degree of data analytics and insights, which can assist in streamlining existing processes as well as assist in client behavior and transaction monitoring. The rampant increase in use of artificial intelligence, robotics and machine learning can be used to accurately categorise clients into the appropriate risk segments, as well as reducing reliance on any manual intervention as required in the risk mitigation strategies.

The ability to use technology in the KYC process cannot be underestimated and will go a long way in being an attractive feature to not only existing customers, but to also the tech-savvy new generation of individuals who would use an app for just about anything, what to speak of making their engagements with financial institutions an easy experience.

Hot Topics

Related Articles