Skip to content

Are your KYC defenses fit for purpose?

Malcolm Wright
Malcolm Wright
Chief Compliance Officer, Diginex

The fight against money laundering and terrorist financing will continue to be a primary area of focus for regulators in 2017. How can firms ensure their KYC compliance procedures meet the challenge?

The message from regulators is clear — the days of box-ticking are over when it comes to compliance with Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT).

Indeed, with a tidal wave of regulatory change heading towards the shores of compliance professionals, it requires a step-change in your Know Your Customer (KYC) approach to ensure the challenge can be met.

This will demand the participation of the entire organization rather than the chosen few in compliance.

Culture starts from the top with leadership engagement and works down through the organization with a properly controlled risk environment, and appropriate, regular training for employees.

In this respect, compliance professionals should take note that an inadequately-trained member of staff, even if they are not front-line compliance, may put the organization and Money Laundering Reporting Officer at financial, reputational, and regulatory risk.

Regulation and more regulation

The burden of regulation has grown significantly since 2008, when the world’s regulators issued approximately 24 alerts per day.

By 2015, the figure exceeded 200 and proved that as criminal and corrupt behavior adapts, so regulation has grown exponentially to keep up.

This year will bring a new raft of significant measures, many of which will have far-reaching effects beyond the borders of the issuing countries and regions.

  • The New York State Department of Financial Services’ final rule for transaction monitoring and filtering came into effect on 1 January
How to achieve a culture of compliance – the basics
How to achieve a culture of compliance – the basics

At a national level, regulation and regulatory oversight is also facing an overhaul.

  • In the UK for example, the Financial Conduct Authority’s Senior Managers Regime extends further to the Certification Regime
  • The UK’s Criminal Finances Bill, which aims to be law by March, will introduce a strict liability crime for failing to prevent tax evasion and a possible new amendment introducing a failure to prevent economic crime, a wider scope that would cover AML and fraud.

Importantly, these changes extend their reach beyond the borders of the UK, thus organizations outside the country should be aware.

Review your regtech

Technology may not yet hold the key to fully automated, low-cost compliance, but investment in the right regtech tools can ensure that exposure to AML/CFT and other risks are minimized or mitigated, and that compliance costs can be appropriately planned and managed.

Nascent technologies like blockchain and artificial intelligence offer promise but it is still too early to reliably call on them in the compliance arena.

In the meantime, ensuring that KYC screening system settings and transaction monitoring rules have been reviewed and optimally adjusted — and indeed that they are being used correctly by compliance staff — can increase the reliability and quality of the compliance effort.

Secure Your Customer

Mention should, of course, be made of the EU General Data Protection Regulation, which is due to come into force in 2018.

There is now an acute focus on protecting your customers’ data, or in other words Secure Your Customer.

Perhaps the three key takeaways from the legislation in this respect are:

  • Breaches must be reported within 72 hours
  • Systems must encompass ‘security by design’
  • Organizations should ensure all of their systems are adequately protected and monitored with evidence to this effect, including KYC and transaction monitoring compliance systems.

There have been numerous reports that 2017 will be the ‘year of cyber security’ and regulators will be taking a keen view to ensuring that organizations adhere to the principles of good data governance throughout their operations.

Now it’s personal

A further key theme this year — and one ignored at your own risk — is personal liability.

Each individual compliance professional must take ownership for their actions and fully assess his or her own personal regulatory risk management strategy to ensure compliance and avoid liability.

Recent enforcement action has shown that compliance officers at companies subject to the Bank Secrecy Act can be held personally responsible for AML failures.

It has also highlighted that regulators will not hesitate to impose the full force of the law and hold individuals to account.

The message is clear: personal liability is here to stay.

Make your voice heard

With new regulation often comes consultation.

Indeed, both the UK and Australian governments have issued several consultations in the past few months that have specific interest to compliance professionals.

Such consultations can and do shape policy, and regular engagement in this way or directly with regulators, can help ensure that legislation is clear, effective, and not unduly onerous.

Partner up

Finally, going it alone is very often not sufficient in this complex and rapidly-evolving world of compliance regulations.

Risk, compliance and internal audit functions should therefore include outsourcing in all their monitoring plans and consider engaging managed services from an external provider.

KYC, enhanced due diligence, and screening managed services offer a raft of benefits, including:

  • Reducing the pressure on often over-stretched internal compliance departments
  • Lowering ongoing compliance costs
  • Speeding up turn around times, both when onboarding new clients and when refreshing client records
  • Providing superior data privacy and protection

KYC as a Service offers end-to-end client identity, verification, screening and monitoring