The U.S. Bank Secrecy Act (BSA) of 1970 was one of the first Anti-Money Laundering (AML) and Know Your Customer (KYC) laws. It required companies and financial institutions to establish and report on internal controls and other measures put in place to prevent the facilitation of financial crimes. Other similar laws exist in countries around the world, creating a complex web of potential compliance issues for financial services companies.
The projected total cost of compliance with financial crime regulations is expected to reach $214 billion in 2021, surpassing the $181 billion recorded in 2020, according to LexisNexis Risk Solutions. The results were derived from the firm’s global survey of 1,015 financial crime compliance decision-makers at financial institutions including banks and investment, asset management and insurance firms. The cost of compliance increases, however, when you consider that financial institutions worldwide have paid an estimated $26 billion in fines and penalties in the last decade for AML/KYC non-compliance. That’s an average of $2.6 billion per year and the trend continues in 2021.
It is increasingly clear that compliance with these regulations is critical to the sustainability of every financial institution. Unfortunately, the traditional means of transforming your BSA/AML processes are woefully inadequate. But there are new technologies helping accelerate and increase the success of BSA/AML transformation.
Does Your AML/KYC Process Add Risk?
While it is the responsibility of all employees, partners, and suppliers to prevent an organization from facilitating financial crimes, Client Lifecycle Management (CLM) and Compliance are the two departments playing key roles in defining and implementing the required internal controls. CLM is the first line of defense within any organization. Compliance acts as the second line of defense, responsible for policy making, escalation, and resolution, as well as performing independent risk management. Auditors, the third line of defense, ensure any risk governance framework complies with regulatory guidance.
Before taking on a new client, a due diligence process is generally conducted to evaluate the client’s risk rating. It begins with a basic understanding of the client’s identity, the risk involved, and an understanding of their financial habits. Onboarding high-risk customers and politically-exposed persons requires enhanced due diligence with additional assessments of the client’s geographic location, source of funds, and purpose of the transaction, and may require ongoing monitoring.
This is an important task that typically happens as follows:
- Pre-onboarding checks are conducted by working with Sales, Risk Management, Legal, Compliance, and others to collect and review relevant client data, product information, and documents as mandated by the regulatory authorities.
- Teams then update multiple systems of record to ensure a client’s readiness to transact.
- Post-onboarding processes then include on-going client reviews and continuous monitoring, managing client and counterparty data and records, and potentially, client off-boarding.
This process can quickly become complex, especially at global organizations spanning multiple geographies with various policy interpretations, competing rules and regulations, and related data housed in multiple and disconnected software applications. That last point adds risk, especially when data is not integrated, thereby forcing considerable amounts of manual, repetitive, error-prone work. The result is increased operational, reputational, and financial risk.
Additional risks arise from policy interpretations and potentially incorrect execution of processes, which both depend on the experience of KYC analysts. It is indeed demanding for analysts to make critical decisions that require focused thinking while concurrently performing important yet mundane manual data-entry tasks.
Add it all up and your AML/KYC process is exposing you to more risk, which is exactly the opposite of what it is supposed to do!
Transforming BSA/AML with Success
Transforming any enterprise process can be daunting, for good reason. A study by McKinsey & Company indicates that a staggering 70% of large transformation projects fail to deliver expected results. Reasons may include unclear objectives, lack of leadership, and lack of commitment. But looking deeper, transformation projects are frequently derailed when teams underestimate process complexity. It’s a huge undertaking to identify the appropriate processes, perform detailed current state assessments, develop business requirements, and keep an eye on budgets. Then, for any transformed process, adequate training is required, and even minimal employee turnover can add to the challenges.
When focused on AML/KYC processes, the need for a successful transformation can be critical to your organization’s survival.
But help is available from point solutions such as Microsoft Power Automate, which uses robotic process automation (RPA) and artificial intelligence (AI) to help organizations streamline, standardize, and automate routine tasks. Many financial institutions are also leveraging cognitive natural language processing (NLP) to accelerate processes such as transaction monitoring and adverse media and sanctions screenings.
AML/KYC platform providers can help streamline end-to-end processes. But successful implementation of these types of platforms largely depends on the quality of the business requirements and clearly defined compliance policies. It’s also dependent on the prevailing regulatory rules, final user acceptance testing, and training. In reality, it takes many months for organizations to fully understand and effectively leverage these platforms, which adds further delays to already complex transformation projects.
Effectively managing your AML/KYC risk is critical to the success and reputation of your organization. Process intelligence and emerging technologies can help mitigate these risks, speed up the transformation journey, and enhance the customer and employee experience. It could also prevent a AML/KYC violation, which is becoming an increasingly expensive prospect.