What is perpetual KYC?
The aim of perpetual KYC is to be aware of KYC-relevant changes as they happen rather than rely on KYC refresh cycles conducted periodically—in effect, to be ever risk-vigilant. One way of thinking about it is that potential risks regarding a client are pushed to the compliance function rather than the compliance function having to go look for potential risks at defined intervals. But what might those risks be? There are several events that might be considered risk triggers that ought to be pushed to compliance for review; they could be derived from internal systems (e.g., a name change in the master data, out-of-date documentation, a new suspicious activity report), or third-party sources (e.g., a new watchlist hit, a material change at a registry/exchange, new adverse media). This post focuses mainly on third-party sources.
What’s wrong with periodic refresh?
Many financial crime professionals suggest that periodic refresh and perpetual KYC are mutually exclusive and that the former will be abandoned in favour of the latter. Setting aside my cynicism as to whether vendors are peddling this agenda as much as professionals, it suggests that either perpetual KYC is both a) superior and b) achievable, and/or that refresh is broken.
Clearly a manual approach to refresh has drawbacks. Such exercises are notoriously labour intensive, and not always accurate. But arguably it’s ‘the risk of missing a risk’ between intervals that is the key constraint. One, three and five-year refresh cycles are typical, yet a lot can happen in five days, let alone in five years. But I suspect banks know this and that such a cadence reflects resource constraints, not aspiration.
Also, the idea of segmenting clients into low, medium and high risk to fit this model, based on profiling factors like country of domicile, business line or customer value has always struck me as rather arbitrary and something I’m sure a statistician would take issue with. However, as with many things in financial crime compliance, herd behaviour is completely understandable – ‘I can’t be seen to be doing any less than my peers’ mentality.
Perpetual KYC challenges
Notwithstanding the cultural and operational adjustments that need to be made to transition to a perpetual KYC model, there are several technological ones—robust federated search, source harmonisation, process orchestration, audit and management information and processing efficiency are just a few. And what of watching the external environment, for new watchlist risks or emerging adverse media on a continuous basis? Watchlist monitoring is pretty straightforward as it is essentially about receiving new hits and material changes to existing client-relevant profiles.
The same can’t be said for watching the world’s news for adverse media. We have written at length elsewhere about these challenges but in summary:
- High precision: significantly reduce false positives and support auto-dispositioning
- Removal of repetition: News isn’t necessarily ‘new’. Media reporting is innately repetitive, in terms of both déjà vu (referring to things that happened in the past that you probably already knew) and echo chamber (current reporting by multiple outlets that regurgitate the same story, just with different words)
- Multilingual: able to watch the world’s media, not just the English-speaking world’s
- Cost-effectiveness: ensure that watching large client volumes on a continuing basis doesn’t become prohibitively expensive either from a content or processing perspective
- Preservation of client identities: reduce unnecessary exposure of client names to third parties
Our soon-to-be launched new perpetual KYC solution complements our core onboarding and refresh modules and will be the world’s first truly real-time and global adverse media monitoring solution. It addresses all the above challenges and will empower our clients to watch their high-risk clients with confidence.
So why are our clients continuing to implement our refresh module?
I have said elsewhere, there are only two reasons why you need to do refresh; either because it is time to (periodic) or you need to (event driven). While some clients will choose to dispense with refresh altogether, others will think of it as a necessary backstop. After all, if your perpetual KYC process had not flagged any trigger events for one of your higher risk clients in two years, would you be entirely comfortable?
There are a few reasons why demand for our refresh modules remains strong:
- Given that we address the challenges of adverse media monitoring described above, banks can truly automate all aspects of refresh due diligence, not just some
- As smartKYC operates in the background and only flags up genuine deltas between cycles, they no longer fear being crushed by workload and see the opportunity to perform refresh much more frequently
- Manual refresh is so onerous and absent mature perpetual KYC models, automated periodic refresh makes perfect sense
It is also worth saying that the definition of KYC is important here. For some, perpetual KYC is about client data maintenance, plus watching registry changes, plus screening watchlists (PEP and sanctions). Not adverse media. Most of the customers we serve given the nature of their clientele care about adverse media to the same degree and therefore our ability to address the above monitoring challenges makes automating refresh and performing it more frequently a no-brainer. Our upcoming KYC media monitoring solution will simply extend this capability to a real time, perpetual KYC model.
So given our expertise in natural language processing and its affinity with unstructured data like web pages and news articles, of course I am going to stress the value of media. But it isn’t only for that reason. What, after all, is the primary source for PEP databases? How are special interest persons researched? Where do stories regarding misdemeanours break first?
In conversations I have had with banks over the last year or so, there is at least a three-speed transition to a perpetual KYC modeI, transition being the key word. All banks face their own cultural, operational, and technical challenges in reaching those sunlit uplands. Right now, I don’t believe this needs to be a choice between refresh and perpetual KYC as technology can bring a high degree of automation to both. Banks will evolve at their own pace, some will be early adopters, and some will be more cautious. Intelligent automation, through AI, can support both.
To learn more about smartKYC’s perpetual KYC offering, please contact us here.
smartKYC’s adverse media screening software is the world’s most advanced multilingual semantic search engine to machine read all online media content for potential negative news about your clients, improving KYC processes and reducing risks. If you’re interested in learning more about smartKYC’s industry-leading multilingual NLP and how it can transform the efficiency and effectiveness of your KYC operations, book your demo today.