Bank CIOs Grapple With Know Your Customer
CIOs at financial services institutions are critical to helping their organizations better understand customers and respond to regulatory scrutiny by strengthening customer data management platforms.
A renewed focus on satisfying heightened regulatory expectations is driving significant changes in financial services institutions’ anti-money laundering (AML) programs, with particular focus on critical “know your customer” (KYC) requirements.
KYC programs require institutions to understand their customers’ identities, their profiles, their expected activities, and the money-laundering risks they present. Increasingly, regulators are exerting pressure on institutions to practice more effective KYC data management, including improving data quality and aggregating customer data across accounts and businesses to create a firmwide view of customer relationships for risk management purposes.
While KYC program standards and requirements are typically designed within compliance and risk functions, CIOs have a critical role to play in taking steps toward KYC readiness. CIOs can assist their organizations by establishing consistent data standards across the organization, and putting in place the proper technology to manage the collection, storage, and analysis of changing customer profiles.
KYC programs are becoming increasingly daunting undertakings due to issues such as difficulty in identifying customers across multiple lines of business, and lack of a consistent view of customer product use and transaction activity. Further complicating these challenges is the advent of new risks such as digital currencies, new and unique payment methods, and continued variation in global data privacy regulation—all of which are resulting in enhanced regulatory scrutiny of banks’ readiness in this area.
“Regulators are pushing firms to get better at knowing their customers, and managing their data more comprehensively than they have in the past,” says Clint Stinger, a principal at Deloitte Transactions and Business Analytics LLP.
At the crux of banks’ data management challenges is the need to establish a consistent approach to gathering customer information at various engagement points, cleaning up inconsistencies in that data, and deciding whether data repositories should be centralized or decentralized, among other issues.
“How to solve the data conundrum is arguably the biggest KYC challenge for a bank CIO,” says Greg Pavlik, a principal at Deloitte Consulting LLP. While many large global banks are investing in big data analytics techniques to support a KYC agenda, these efforts are still fairly nascent, he says.
Creating a single, accurate, and aggregated view of the customer can be very difficult, even within individual lines of business, says Rakinder Sembhi, a principal at Deloitte Consulting. “There is no standard for KYC data. One bank is collecting XYZ, and others are collecting the whole alphabet of information,” he says.
Many financial institutions, for instance, lack unique customer identifiers—which are required to create aggregated, consistent, and holistic representations of what an organization knows about individual customers—that can be used across lines of business and geographies as part of KYC and AML strategies. Whereas KYC used to be largely tied to the customer onboarding process, regulators increasingly expect banks to calculate risk ratings for clients across business lines, combining profile and transactional data, and creating new controls to reassess risk when there may be a change in a customer’s profile.
For instance, a bank might assign a risk rating to a new customer upon onboarding based on expected behaviors. A few weeks later, the customer might suddenly start using international wire transfers, which changes the individual risk profile. “The expectation by regulators is that product usage will be constantly reassessed and factored into the customer risk rating,” Sembhi says.
In monitoring customer risk profiles, banks need to identify “trigger events” that may signal a customer’s risk categorization should be reassessed, Stinger says. “Banks need to be able to identify transactional activity that may indicate the need to reclassify customers from a risk perspective,” Stinger says, such as initiating transactions with high-risk geographies.
Technology for KYC
As KYC processes grow in numbers and complexity, technology can help provide the efficiencies needed to make aspects of KYC programs more consistent and sustainable.
Yet many big banks have multiple systems and processes for onboarding customers that lack sufficient integration with KYC systems, according to Sembhi. Implementing systems and software can help organizations efficiently capture, store, share, and analyze KYC data with limited disruption to business lines, putting organizations in a better position to identify and clean up inconsistent data in source systems.
There are a number of different approaches to building or upgrading KYC systems, depending on the size and complexity of data. Some banks build KYC capabilities on top of existing systems, others seek to build dedicated platforms for KYC, and some rely on packaged vendor products to provide capabilities.
One strategy some institutions are employing is building a comprehensive global KYC system, with the intention of enabling consistency across business lines and geographies. However, this strategy can be enormously costly, difficult for large banks to implement, and must properly account for differences in local regulations, especially regarding data protection and privacy, Stinger says.
Banks that have employed this strategy have often underestimated these challenges and found projects running significantly over budget and planned duration. Alternate strategies some large banks are following include relying more on data integration across a smaller number of strategic platforms. Many small- and medium-sized banks that do not have mature in-house development capabilities have achieved a level of success by relying on packaged vendor solutions.
When implementing these new or upgraded KYC systems, the project team should develop detailed mapping of data from the client onboarding system to the KYC system to ensure consistent entry and use of data. Business users should be involved early in the project to approve data transformation as information migrates to a new platform. Organizations can also develop a data governance program, and implement or align with enterprise master data management (MDM) efforts.