Five Insights for Developing CDD/KYC Strategies
It doesn’t really matter what part of the world you are in – from Europe to Asia Pacific or the U.S., financial institutions are facing increased scrutiny around anti-money laundering policies and procedures. One of the fastest growing areas of concern for regulators and banks is focused on Customer Due Dilgence/Know Your Customer regulations. Whether you are strategizing around making changes in response to the Fourth Anti-Money Laundering Directive (AMLD) in the EU, or responding to FinCen and its particular take guidance on CDD and Beneficial Owners in the U.S., or the Hong Kong Monetary Authority’s warnings, financial institutions have a lot of work to do with respect to its resources and priorities in both technology and personnel.
There are a lot of good developments included in these rules changes. For example, the AMLD will for the first time oblige EU member states to develop a framework which allows FIs to more easily identify beneficial owners. (A “beneficial” owner actually owns or controls a company and its activities and ultimately authorizes transactions, whether such ownership is exercised directly or by a proxy). One such way is to maintain central registers of information on the ultimate “beneficial” owners of corporate and other legal entities, as well as trusts.
These KYC/CDD professionals also provided other insights — more than one-third noted that data quality and availability was one of their top operational challenges relating to their current CDD/KYC program, followed closely by quality control issues and other difficulties associated with outdated manual processes and maintaining their existing IT infrastructure. Other challenges mentioned in the survey included addressing new risk scenarios, lack of clarity from regulators, and difficult to enforce risk policies. Process automation and investments in new technologies along with operational priorities such as the consolidation of existing KYC/CDD programs and streamlining end-to-end processes were also highlighted as concerns.
So where should financial institutions start when it comes to prioritizing its options? Here are five steps to consider for instituting a plan of attack:
Explore – options to maximize existing manual processes with new technology and guided workflows.
Implement – a risk assessment framework that allows for proactive and timely re-evaluations of risk triggers from both internal and external sources.
Prepare – for upcoming beneficial ownership regulatory updates through data, programs, analytics, and monitoring aspects.
Leverage – third-party data to enrich, enhance and validate your existing data.
- Work – with technology vendors whose systems are robust, flexible and able to evolve with the morphing regulatory environment.