By Ian Henderson, CEO of Kyckr
Data is the lifeblood of modern financial institutions, and the Know Your Customer (KYC) and Anti-Money Laundering (AML) teams make critical decisions based on customer data. However, complying with KYC has been a difficult task in the past, littered with inefficiencies and gaps in the data. While there is a constant flow of information between banks and third parties, many banks still use and rely on stagnant, outdated data stored in risk identification and mitigation systems.
To comply with anti-money laundering and KYC regulations, financial institutions must collect, review, and validate customer data for customers on board, and perform customer due diligence. It does this through a risk-based approach that is commensurate with the extent of money laundering and the risk of terrorist financing.
We have all heard the phrase, “You only get what you put in it.” Compliance is no different. Better data quality means better results. Below, we evaluate the different types of data used for KYC and AML compliance – primary source information and stored data – and the risks involved.
Primary Source Data vs. Stored Data – What’s the Difference?
Primary source data is original, first-hand data collected directly from the source. For example, during the opening of a business account, information on the legal person at that particular point in time is obtained from the official business register. On the contrary, stored data is as suggested: stored or cached data in a system that is inherently out of date.
Even if information comes from the same source, it is only data from the primary source if a time and date stamp is present in the current moment. Time is the differentiator when comparing primary source data and stored data as it is a universal law and guiding principle. Everything changes over time and customer information is no different.
What are the risks of relying on stored data?
When we evaluate data in four contextual parameters – quality, time, quantity and cost – stored data can pose a serious risk to a company.
Saved data is out of date and therefore cannot be used effectively for time-sensitive KYC exams. In addition, stored data is lacking in quality as its information is often unreliable. While this can initially be seen as a savings, using stored data can cost your business more when making critical compliance decisions. Excessive use of stored data can be disastrous and debilitating for your business. The risks of using stored data significantly outweigh the benefits.
Regulatory and legal
Money laundering and other criminal activity are a pervasive threat to financial institutions. The United Nations Office on Drugs and Crime is only guessing 1% of illegal funds frozen or confiscated by the authorities. Fighting financial crime is a monumental task, and stale stored data creates unwanted barriers by putting one hand behind your back on criminals.
What are the effects of non-compliance due to poor quality data? Would it be an official or a legal measure? Or worse, could it be both? Fines, prison sentences or a banking license can be revoked for violations of laws or regulations. Is it worth the risk? Don’t let stored data be the reason regulators take penal action.
Money laundering and terrorist financing risk
A lack of red flags to ensure compliance provides money launderers and fraudsters with an undesirable opportunity to commit crimes. The risk-based approach means, “Banks should identify, assess and understand the money laundering and terrorist financing risk to which they are exposed.” Poor quality data fundamentally compromises the risk-based approach and makes it obsolete, so the greatest risk is always the unknown.
Risks related to the KYC customer due diligence
KYC reviews of customers are performed according to the risk categorization: high risk customers are reviewed annually; medium risk every three years; and low risk customers approximately every five years. From there, the risk increases over time. Out of date information is a ubiquitous risk in KYC reviews that impacts remediation efforts and the ability to effectively mitigate compliance risks. Customers change, so do the underlying data.
Change of ownership
There is no point in identifying and reviewing corporate ownership structures using stored data. Criminals hide behind a veil of corporate secrecy. Reliable and accurate data is of the utmost importance in identifying beneficial owners. Companies must therefore use primary source information to identify corporate ownership structures and the true owners of companies in order to understand who they are doing business with.
Financial institutions need to be more efficient without compromising quality or regulatory compliance. Improving KYC processes must first start with poor quality data. The sooner banks and financial institutions iron out data problems by not using stored data, the faster they can move on to a more robust compliance process – a win-win situation for banks, customers and regulators. The need for more complete and accurate data is greater than ever, but stored data is a ticking time bomb. It is time to incorporate primary source information into your compliance function to save costs and reduce compliance risks.
About the author: Most recently, Mr. Henderson was CEO of a leading UK private and commercial bank and during his two-year tenure drove the successful and profitable diversification of the banking business. He also served as CEO of Shawbrook Bank, one of the first UK Challenger banks, where he made the bank’s first profit. Previously, Henderson was Chief Operating Officer of Barclays Wealth Private Banking, where he was responsible for managing risk and overseeing Barclays’ core private banking business in the UK and parts of EMEA and Asia. From 2005 to 2010 he was CEO of RBS International. During his tenure, profitability doubled and the division was named the top performing general banking division in the RBS group. Mr. Henderson spent a total of 17 years with Royal Bank of Scotland, where he was responsible for the business and marketing strategy of the Royal Bank of Scotland and NatWest brands, which spanned 2,400 branches and 13 million customers.
The views and opinions expressed are those of the author and do not necessarily reflect those of Nasdaq, Inc.