This article features commentary by Piotr Jastrzebski, Director of Technology Product Management, Wolters Kluwer. It was written by Aaron Nicodemus and published in Compliance Week Magazine on July 9, 2020.
So, your company has decided to embark on an update of its legacy Know Your Customer (KYC) system. You’ve completed your internal diligence and collected the various internal signoffs and approvals. Now, it’s time to present your new KYC technology solution to your regulator.
No regulator will “approve” or endorse a vendor solution—instead it will review the new system to ensure it is commensurate with the risk profile of the institution and that it complies with regulatory requirements as well as the institution’s internal policies and procedures.
Using artificial intelligence (AI) and robotic process automation, the new technology can often achieve higher auto-approvals and reduce false positives compared to a legacy system. In addition, KYC technology can mine billions of publicly available data points to provide a complete applicant profile and use facial recognition software to compare an applicant’s submitted mobile phone selfie to an identification photo.
Financial institutions have been among the most eager first adopters of ever-evolving KYC technology, applying tools that improve their ability to screen and verify loan applicants. But new tech can serve other industries as well: Casinos and online gaming platforms can use KYC tech to screen customers who might appear on sanctions or other watchlists, while online marketplaces and social networks use tech to weed out fraudulent vendors and scam artists. Really, any business seeking to verify the identity of a customer might find some value in applying KYC technology to screen low-risk applications so its investigations team can focus its attention on the smaller, high-risk slice of the pie.
Begin at the beginning
According to Jason Somrak, chief of product for AML & Advanced Analytics at Oracle Financial Crime and Compliance Management, the process of onboarding your KYC tech with regulators will take between 18 months and two years. Somrak’s division works with banks to use advanced technology to fight financial crime and modernize risk and compliance operations.
“People won’t be penalized for trying new things,” he says. “But I think regulators will expect that firms won’t throw everything away and start fresh.” There will be a transition, where regulators will want to see that the new KYC technology provides better results than the firm’s legacy system.
“Regulators want to see your work; they want to see the long division and know that the bank understands how the system technology works—why it flags or alerts, why/how are the decisions being made,” says Kimberly Hebb, who spent 20 years as a commissioned bank examiner with the Office of the Comptroller of the Currency (OCC) and is now chief risk officer of BillGO, a bill payment provider. “Many FinTech companies think that their technology is special and needs to be in a ‘black box’ system and don’t want to discuss their processes.”
Regulators want to hear from the financial institution that is planning to utilize new KYC technology—not the vendor, she says.
They also want to understand the impetus driving the move to a new KYC solution. Is the proposal to use new KYC technology part of a planned strategy for growth or a reaction to a deficiency, violation, or past pattern or practice?
Whichever KYC program your institution uses, it “should be commensurate with the risk profile of that institution,” Hebb notes. “It’s not that regulators don’t appreciate the need; there is still the expectation that the bank knows its customer base and provides internal controls.” They also want to know that the new tool has been customized for the financial institution in question, that the results are being actively monitored, and that the processes are being updated as needed.
Regulators ‘leaning in’
With KYC technology becoming a focus of many industries, several regulators, including the OCC and the Commodities Futures Trading Commission (CFTC), are having to adapt regulations.
