Reputational risks relating to non-compliance with regulatory requirements are extremely damaging and costly for regulated firms. Regular scrutiny from supervisors and enforcement agencies increases the likelihood of errors being found, it’s not only the fines that can hurt but wider commercial consequences including losing customers and employee advocacy.
Data quality in KYC
Central to success is the quality of data that is consumed within a firm’s systems. However, good quality data alone isn’t sufficient, it’s the maintenance, accessibility, and intelligent use of it that is a critical factor in achieving regulatory compliance and mitigating the reputational and financial risks associated with non-compliance.
For regulatory purposes, information often needs to be collected from customers and, from a commercial perspective, it’s imperative that the customer experience is not compromised through inefficient and unreliable processes. Once consumed, this data may need to be validated and processed in accordance with several regulatory requirements.
Key to efficiency is understanding how that data will be used, for a variety of purposes, in achieving regulatory compliance. For example, firms have well-established Know Your Customer (KYC) risk and control frameworks that ‘reflect the degree of risk associated with the business and its customers’[i] of money laundering and terrorist financing activity (ML/TF). It is due to these frameworks and the effectiveness of their implementation that facilitates the prevention, within the UK alone, of billions of pounds worth of financial crime activity per year.
The data collected for these purposes is also used to validate the tax residency information collected from customers and to meet with other anti-tax evasion initiatives. Transaction monitoring can reveal not only risks relating to ML/TF but also potentially anti-bribery and corruption. KYC failures can therefore have a knock-on effect to the standard of compliance with other regulatory regimes that must be met.
In the face of regulatory scrutiny, empirical evidence to date suggests it’s no defence if data held on disparate systems reveals weaknesses in compliance with the relevant regulations.
So, what can a firm do to achieve synergies across the regulatory compliance landscape? Finding the solution and, importantly, budget to support it can often feel like finding the Holy Grail for firms grappling with competing priorities, complex regulations, and systems architecture. There’s no simple answer, but understanding where, how and when data is stored, validated, monitored, and used across the firm’s estate is a critical first step. The optimum outcome is finding the right combination of technology and people to achieve this.
You also need to ask the following questions:
Are your KYC policies and procedures in line with recent recommendations?
Are there gaps in your remediation processes that might allow criminal actors to slip through?
Do you have sufficient controls that would stop these instances from occurring at source, or at a further advanced stage of your AML process?
Are you deploying a means of continually monitoring activity of your PEP and non-PEP accounts?
If you are outsourcing your PEP function, are these tools being sufficiently updated on a daily, weekly or monthly basis? If this function is built in-house, are your adverse media checks scanning search engines and regional media outlets for possible risk-enhancing data on your customers?
There are other important steps that can be taken based on recent FCA findings in thematic reviews:
Tone from the top and risks appropriately prioritised
Senior management conduct and risk culture
Reputational risk assessment of client relationships
Remediation of customer accounts and up to date risk profiles
Effective monitoring of changes in circumstances and account usage, spending habits and income changing
Regulatory fines are initially both expensive and embarrassing, but the resulting reputational fallout often deals more damage. Criminals are more likely to target banks with publicity around weaknesses in the ML/TF frameworks, and customers are far less likely to trust FIs with their money if they are found guilty of failing to prevent money laundering. Firms do not want to attract any adverse attention when it comes to their application of the law, especially if their competitors are staying out of the spotlight.
EFI understands the obstacles when operationalising AML controls and how to support you with this challenge, we have designed a dedicated AML Knowledge Hub where you can learn more about the regulatory and reputational risks discussed in this blog: https://info.efilimited.com/access-aml-knowledge-hub.
[i] JMLSG