Know-your-customer (KYC) and anti-money laundering (AML) checks are obligatory in nearly every jurisdiction in the world for those applying for financial services either online or in real life. Companies offering financial services have to run checks on potential clients before they can provide those clients with services. The screening process of possible new clients has traditionally been long-winded and onerous, and also prone to errors caused by humans. The technological challenge has been to try and automate as much as possible these two forms of check.
The most common problems with KYC and AML are:
- High onboarding costs
- Low conversion rates
- Lengthy onboarding processes
- Poor record keeping
- An inability to spot a change in circumstances
- Wasting time and money on false positives
I will go through each of these issues quickly to clarify what is meant. Firstly, there is a team of specialists working in KYC and AML that apply tests to all new potential clients. This takes up staff hours, creates queues and increases costs for ‘onboarding’.
Secondly, because of the numerous checks that have to be done to clear a potential client for financial services, the process is time consuming. This means the number of people that can be processed in a day is relatively low. This is what is meant by low conversion rates.
Thirdly, running all these compliance tests, as mandated by the law, can be slow. The longer it takes for new customers to be cleared, the longer it takes for them to pay for financial services and thus generate income for the company or bank doing KYC and AML checks.
The fourth issue is that companies keep only minimal records of what they unearthed (or didn’t unearth) on someone scrutinised under KYC and AML systems. Normally, it is the binary response of pass or fail. Having some way to review the granular detail of KYC and AML checks done previously can help analysts to spot any irregularities.
The fifth issue is related to the previous point about keeping records. A person’s profile can change over time. While they might have been cleared through credit checks 5 years ago, they could have since accumulated debt or even have gone into bankruptcy. More effective KYC and AML would continue to monitor clients for any changes in their situation that might infringe company policy about which clients to accept and which to reject.
And finally, ‘false positives’ refers to when a process flags a customer as being suspicious. Quite often these flags are false – these false positives each have to be manually checked. This is time consuming and costly.
The Challenge of Fintech
Several fintech companies are looking at how these issues can be addressed by using automation, AI and fuzzy logic.
The first stage of KYC is to complete a questionnaire on a person. These questionnaires typically contain 100 or more questions. Rather than a person ticking off each question one at a time, a program can run searches pertinent to each question simultaneously. Once identity has been provided by an identity document such as a passport, and the address has been verified, many checks can be done through automated computer processes.
When dealing with the issue of who owns a business entity, there is the need to keep digging deeper (often through multiple layers of shell companies) to discover who is the ultimate beneficial owner (UBO). Once a logical infrastructure has been put in place to unearth this information, AI can be applied to speed up the process.
Similarly, once a profile of a client has been established, the pertinent reference points can be recorded and used as the basis of a technology to automatically check if a profile has changed and flag these changes for review by an analyst. This saves time and money.
Customer Identification Program (CIP)
KYC and AML starts with recording evidence of full name, permanent address and date of birth. This involves the new potential client holding up their identity card so that their computer or smartphone camera can take a photo. This picture can be used to check that the photo on a passport looks the same as the person holding up the identity document.
As this is the starting point of know-your-customer and anti-money-laundering procedures it is usually checked manually. However, facial recognition technology provides a route for potential automation.
Customer Due Diligence Process (CDD)
After identity has been established then the risk the customer poses to a business has to be decided too. This risk is partly determined by what services the client seeks to use. For those posing less risk there is the quicker simplified due diligence (SDD), greater risk needs customer due diligence (CDD). And for those posing the highest risk (perhaps a politician) there is enhanced due diligence (EDD). A major part of this due diligence is checking the verified name and address against sanctions lists and lists of ‘people of interest’ involved in illicit activities.
AI can help an analyst sift through information to complete these due diligence tests. Computer automation can also store the results of these tests and set reference points for future tests to ascertain if there have been any changes in the client’s profile.
Checking Staff and Checking Transactions
It is not just clients wanting to access financial services that need to undergo KYC and AML clearance. Firms often determine that it is good practice to run screening on staff and business partners. Members of staff have access to records that could be altered. Business partners have to be screened to make sure they are not involved in criminal activity, that they can be trusted to do business (for example not default on a loan and leave no forwarding contact details), and that they don’t have any connections to criminal gangs or sanctioned countries.
Part of this screening for a bank or financial institution involves looking at transactions. Computer technology is effective in this area, as it can automatically flag transactions that are unusually large or that break with previous patterns of transactions.
Dealing with False Positives
One solution to reducing the frequency with which an analyst or computer program wrongly flags a person or transaction is to use sophisticated algorithms. Once the level of risk has been ascertained the algorithms raise or lower the bar for compliance so that the number of false positives is reduced. Fuzzy logic can be used to control the sensitivity of the algorithms so that a client with a low risk profile is less likely to trigger false positives.
Traditionally, background checks were done manually by analysts. They focus on one transaction or person at a time and check their name against various watchlists. The problem with this system is twofold. First humans are prone to error; they get fatigued; they miss things. Second the process has a slow workflow – it is one at a time. Technology has vastly improved on this traditional approach as many cases can be handled at the same time. Large data sets can be automatically checked against a number of watchlists. Moreover, the searches a computer undertakes can be stored and reproduced, and used for further comparisons in the future.
In business, and especially in banking, it is essential to know your customer, and to be sure that your customer is not engaged in illegal activities. Ignorance is not a defence in law. Facilitating financial services unwittingly for criminals is a serious crime. It can lead at the very least to reputational damage, and at the very worst to a custodial sentence.
The challenge is to scale up KYC and AML processes while at the same time improving on accuracy. Computer automation, AI, algorithms and fuzzy logic can all be used to achieve these goals.
Fintech that facilitates automated searches, automated profile building and algorithmic analysis of transactions not only helps a company stay within the law, but it also speeds up onboarding for new customers. It is good for everyone except criminals and sanctioned organisations.