Leveraging Automation to Improve Compliance – KYC
Automation transforms businesses. By targeting manual, repetitive, and routine processes, automation lowers cycle time, and reduces errors. At the same time, it decreases the amount of human effort. Reducing errors also lowers cost by removing the time/effort to remediate human errors in the process. There are many areas in an enterprise that can benefit from automation. In the Financial Services industry, compliance and risk management presents a key area of opportunity.
A Thomson Reuters annual Cost of Compliance survey reveals that the cost of compliance is increasing. Also, the complexities, as well as the rate of change, is one of the biggest challenges. Eighty-nine percent of corporate customers have not had a good KYC experience – so much so that 13 percent have switched to another Financial Institution (FI) as a result. Know your customer places a costly burden on businesses operating in the financial industry, especially smaller financial companies where compliance costs are disproportionately heavy.
Besides the poor customer experience, the actual cost of running a comprehensive KYC compliance program continues to rise. Amongst the 800 FIs in the 2019 survey, the average was $60 million annually while some firms were spending up to $500 million.
The Thomson Reuters 2020 report shows the top 2 biggest challenges facing the Board are:
- Balancing budgets and increasing compliance costs.
- The volume of regulatory change
From the Thomson Reuters Cost of Compliance Report
“For risk and compliance functions, much of the benefit [of technology] may come from the ability to automate rote processes with increasing accuracy and speed.”
“Indeed, when 900 respondents to the 10th annual cost of compliance survey report were asked to predict the biggest change for compliance in the next 10 years, the most popular response was automation.”
Indeed, the value of digital transformation is in solving a business problem. Process automation is well suited as there are multiple opportunities for greater accuracy (fewer errors), lower the cost of service, and faster cycle time.
Know Your Customer
The KYC processes are typically manual, and error–prone. This is the mandatory process of verifying the identity of the client when opening an account and periodically over time. In other words, banks must make sure that their clients are genuinely who they claim to be.
In 2018, the U.S. Financial Crimes Enforcement Network (FinCEN) added a new requirement for banks (Customer Due Diligence or CDD) to verify the identity of natural persons of legal entity customers who own, control, and profit from companies when those organizations open accounts. The CDD Rule has four core requirements.
- Identify and verify the identity of customers
- Identify and verify the identity of the beneficial owners of companies opening accounts
- Understand the nature and purpose of customer relationships to develop customer risk profiles
- Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to support and update customer information
Financial institutions also must keep records on transactions and Information obtained through the Customer Due Diligence measures. These requirements should apply to all new customers and existing customers based on materiality and risk.
The Power of Automation
These are often classic use cases for Robotic Process Automation (RPA). The KYC and CDD are repetitive, manual, and often routine processes that take up valuable time from staff. RPA is a general-purpose solution that can be adapted to almost any process. There are third-parties offering pieces of the solution, many focused on customer identity. This addresses part of the problem.
Automation using RPA is a general-purpose automation solution that can reproduce the actions of a digital worker on a local application or a web site. It can cross-check data, extract data from multiple systems, and create reports. This enables automation of parts of a process (tasks) to an entire process. This relieves staff from manual, mundane tasks to focus on issues or analytical activities. Automation lowers the processing time since it can process data faster than humans. Furthermore, it eliminates data entry errors since it can copy data from one system, and input it into another system. A common source of rework.
For more information on RPA, see the blog post “How Do I Get Started with Robotic Process Automation.”
One of the great benefits of RPA is the digital workers (the robots or ‘bots’) execute a repeatable script. This can address several compliance challenges.
- Repeatability and Consistency: The script documents the process or task and guarantees repeatability. Given that the script is rules-based, it is executed the same way each time.
- User Security: The bots executing the script run the process under a computer user account with restricted access based on the task, thus improving security.
- System Security: The bot running the process can run on a secure computer. Using a minimum privileged approach, no more access is supplied to the account is provided beyond what it must have to run the task.
- Audit Trail: The bots can create an audit trail of the tasks. This aids in an audit by keeping a record of the activities performed. The process script is versioned and kept in a repository. The repository becomes a history of process changes that support audit activities.
- Rapid Adaptability to Change: RPA uses a low/medium code approach and works on the existing user interface of the organization’s systems. This approach means implementation is faster than traditional development. One does not need to recreate business rules embedded in the systems. Quicker development also means faster response to regulatory changes.
Let us explore various tasks in KYC that could be addressed by RPA automation.
- Customer Setup
This task often involves reviewing uploaded/scanned customer identification documents and entered into a system (e.g. CRM). Customer identification documents usually include government-issued ID proofs. RPA can automate this process.
When matched with a document processing artificial intelligence/machine learning (AI/ML), the data can be extracted from the forms and inserted into the target system. The automation can also attach or copy documents to the proper location as needed. Exceptions can be routed to humans for correction or validation.
- Validating Customer Information
Once the customer information is acquired, RPA can be used to confirm information, lookup data in third-party websites, cross-check against other systems, extracting information from documents, merging data from other sources, forms, etc.
- Customer Information Gathering
Regulations required institutions to gather information at onboarding, and regularly. This can include customer information, creditworthiness, business/other activities, identity information, suspicious activity reports (SARs), etc. This is labor-intensive and error-prone. A regularly scheduled automation could perform these tasks 24/7, alerting staff when an issue arises.
- Compiling Customer Information
Information is often spread across multiple data stores. RPA can be used to collect and merge this information for automatic emails, SMS, promotional campaigns reducing marketing costs.
- Customer Screening
This typically involved OFAC (Office of Foreign Assets Control) screening, politically exposed petitions (PEP) checks, and negative news screening. Part of the KYC process is to continually screen customers against government, internal, and external watch lists against these risks. RPA can automate data screening and verify it against customer databases.
- Customer Servicing
Intelligent Automation can be used to improve customer experience via chatbots (self-service), product recommendations, call-center support (knowledge base, cross/up-sell).
- Regulatory Monitoring and Data Collection
According to industry experts, human intervention accounts for 2-5% of total errors per task. RPA can automate checks and reporting, saving time, and improving accuracy.
- Account Closure Processing
Activities related to contacting the customer, receiving required documents, and alerts for pending documents can be automated and completed promptly with fewer errors.
When embarking on an automation project, the question of Return-on-Investment comes into question. It is best to understand these metrics before starting a project, and the metrics vary by organization. Here are some ideas on metrics to evaluate success.
- Record completion time: Minimizing the time it takes to complete a record as part of the customer onboarding process is important. The faster this process can be executed, the shorter the time is to generate revenue. For renewals, the metric is also critical, because an out-of-date KYC record can pose a regulatory issue.
- Team productivity: The number of KYC records completed per week per analyst is a critical metric to find ways in which to improve organization-wide productivity, and the productivity of individuals, teams, and locations.
- Customer touchpoints: The more times an analyst needs to go back to the customer to get the information necessary to complete the KYC process, the worse the customer experience is likely to be.
- Error rate: The number of KYC records that fail quality control and the number of material errors per completed KYC record supplies a strong sign of the skill of the organization as a whole and the individual analysts.
- Average effort per record: Measuring the total amount of effort (as opposed to completion time) supplies insight into the productivity of the organization and can support analysis aimed at increasing overall effectiveness.
- Audit performance: The number of audit findings across the KYC record landscape will also point to potential failure points in the end-to-end process, as well as deficiencies in the procedures, quality processes, or training.
Digital transformation using automation, especially Robotic Process Automation, can reduce risk, improve quality, and increase efficiency. It also helps manage the escalating cost of compliance. RPA helps by
- Documented processes that are consistent and repeatable.
- Activity audit trail to verify activities and access.
- Versioned process scripts to document process changes.
- Role-Based Access Control limits access to systems and data.
- Data encrypted in motion and at rest (storage) to protect information.
- Accurately capturing data, and removing the need for touchpoints with automation improves customer sentiment.
- Elimination of human data entry errors removes rework.
- Reduces human effort to lower cycle time and the amount of staff required to scale (throughput).
- Reduction in cost by using a single, adaptable solution that can be used with a variety of processes/tasks.
- Aids in auditing activities with a documented, repeatable process and audit trail.
- Leverages a low/medium-code solution that is quickly implemented.
- Easy to adapt or update to changing regulatory requirements.
- Creates a version history of processes and their changes.
A well-considered strategy of automation can be extended to many areas of the organization. Start small, and build momentum. Then one can realize a greater Return-on-Investment by extended to other potential processes.