International regulators have increased enforcement actions and penalties for reporting entities that fail to meet their national and international anti-money laundering (AML) and counter-terrorist financing (CTF) obligations. The evolving global regulatory environment is in response to authorities addressing ongoing systemic issues within banking, gaming, remittance, retirement funds and other financial services. Recently, we have seen numerous institutions receiving record-breaking fines and irreparable reputation damage from their lack of priority and investment toward compliance.
“Negative publicity regarding an institution’s business practices, whether true or not, will cause a decline in the customer base, costly litigation or revenue reductions,” Federal Reserve Bank of Philadelphia.
Digitisation is transforming the financial landscape by introducing new products and channels that open up opportunities for businesses, consumers and criminals. In response to the increased criminal activity, the Financial Action Task Force (FATF), an inter-governmental body that sets international AML/CTF standards, have revised and updated their recommendations, including conducting mutual evaluations for each country’s system.
In consideration of the new FATF standards, global regulators have begun implementing stricter legislation. Record-breaking enforcement penalties across the United States, Europe and Oceania have resulted from the new regulations to improve financial transparency and ownership. In line with regulators tightening their AML/CTF obligations, the annual international AML penalty figures have been steadily increasing over recent years; we saw $2.1b in 2017, $3.2b in 2018, $8.14b in 2019 and $13.74b in 2020.
Doing the bare minimum is no longer acceptable when it comes to AML/CTF compliance. Institutions should be implementing a Customer Due Diligence (CDD) program that covers every stage of the customer relationship. To minimise risk beyond onboarding, institutions can implement a Know Your Customer (KYC) remediation solution.
What is KYC remediation?
KYC remediation is a risk-based process that identifies and addresses the risks associated with inaccurate and incomplete customer data. After onboarding a customer, it is essential that institutions undertake ongoing remediation checks aligned with the level of customer due diligence required and other necessary risk mitigants. This continual review ensures that institutions maintain up-to-date customer data and make accurate risk-based decisions aligned with their AML/CTF obligations.
The importance of a proactive program
Financial institutions expose themselves to reputational, operational, legal and concentration risks if they do not prioritise a proactive approach to KYC remediation. It is not enough for institutions to only define and implement a CDD program that determines a risk profile during onboarding. Otherwise, the continual review of the customer information is then reliant on their initial assessed risk level or trigger events, leading to potential incomplete customer data and inaccurate risk-based decisions.
The diversity of worldwide regulations challenge entities to adopt a flexible and conditional approach to their KYC remediation frequency. The FATF recommends that remediation be performed based on “materiality and risk and at appropriate times, taking into account whether and when CDD measures have previously been undertaken and the adequacy of data obtained”. Further customer identification and ongoing customer due diligence processes require that “data or information collected under the CDD process is kept up-to-date and relevant”.
Financial institutions reliant on trigger events to conduct Enhanced Customer Due diligence (ECDD) are susceptible to risks, such as a legal entity not addressing any changes to their identifiable information. A multi-layered approach reliant on both trigger events and periodic remediation would ensure data precision and accurate risk-based decisions. Financial institutions can implement a proactive CDD program that periodically reviews customer information on specified dates conditional to the anniversary of onboarding (such as every six months) and their risk level (such as every three months for high-risk entities). Additionally, financial institutions can conduct reactive trigger or event-driven ECDD checks when necessary.
What should a remediation process involve?
Enhance your data
63% of compliance professionals lack confidence in their data quality. Inaccurate and incomplete customer data can lead to a high rate of false positives and unnecessary ECDD checks. Frequently updating your customer information through remediation is imperative for a robust CDD program. Financial institutions should look for solutions that can update incorrect or missing customer details, enhance name and address formats, and identify errors with provided document details.
Customer screening
There is no “one-size-fits-all” approach for combating ML/TF. Financial institutions need to be vigilant and apply the defined measures proportionate to the level of risk. Setting up multiple risk profiles and alternate matching rules for your remediation process will help manage and update customer risks. These controls ensure the effective use of resources and identify the need for further ECDD checks.
Re-verify your customers
If further ECDD checks are required, customer information may need to be updated, verified and/or re-verified in accordance with the defined customer identification procedures.