The challenges of KYC and client onboarding in the post-COVID digital age

 
People holding question banners
 

The way organisations operate has changed drastically since the beginning of the Coronavirus pandemic, with remote working becoming the new normal. A process that was expected to take years to implement was adopted in a matter of days. But this unprecedented and quick transformation didn’t come without a price and its own problems.

A key operational process that has been deeply affected by the crisis, especially in the financial sector, is undoubtedly customer due diligence and onboarding. As most business operations and transactions have now moved online, organisations face increasing risks of cyber-crime, identity theft and financial fraud, and pressure to strengthen and adapt their existing customer onboarding and KYC (Know Your Customer) verification policies and practices accordingly.

So, how can organisations successfully adapt their KYC and onboarding procedures to respond to the changing market environment and regulatory requirements in the post-COVID digital age? Below, we review some of the key issues that organisations have to consider during the adaptation process along with some best practices.

But, before we look at the challenges, let’s see what KYC actually means.

What is Know Your Customer (KYC)?

Know Your Customer, or KYC for short refers to the process of verifying a client’s true identity either before or during the onboarding stage. In banking, KYC was introduced as a formal policy and regulatory requirement after the global financial crisis in 2008 and a series of major fraud, money laundering and tax evasion cases.

Hence, KYC’s ultimate goal is to fight and prevent illegal transactions in international trade and finance by ensuring companies are operating legally and only engaging with legitimate parties and entities.

While KYC policies vary across different jurisdictions and types of organisations, they usually involve collecting the following pieces of basic customer information:

  • Names,

  • Social security numbers,

  • Passport numbers

  • Birthdays, and

  • Addresses.

In addition to verifying key customer identity data, most KYC procedures also usually involve monitoring and tracking clients’ transactions history and account activity for early detection and fraud prevention.

The challenges of KYC in the post-COVID digital age

As mentioned earlier, the COVID-19 pandemic has significantly accelerated businesses’ digital transformation and adoption of new technologies. With the number of permanent remote workers expected to double in 2021 and consumers’ increasing demand for digital experiences, the effects of the pandemic on the global economy will most likely be long-term. So, to survive in the new digital-first economy, organisations will have no other choice but to revolutionise and adapt their business operating models to the new normal.

While digitalisation enables resilience and business continuity, it also exposes organisations to a greater risk of financial crime, including market abuse and fraud. Risk management and KYC controls are, therefore, becoming critical, especially for those operating in heavily regulated industries like finance and banking. As change is never easy, digitalisation is also imposing a number of implementation challenges, such as delayed or failed business processes and transactions.



Higher risk of fraud

Looking through the lens of history and at the crises of the past 90 years, cases of fraud tend to increase during recessions. A number of national and international government organisations have warned about the higher risks of criminal activity and fraud during the pandemic, with particular emphasis on cyber-crime, money laundering and financial crime.

“Criminals and terrorists may seek to exploit gaps and weaknesses in national Anti-Money Laundering (AML) / Counter Financing of Terrorism (CFT) systems while they assume resources are focused elsewhere,” Financial Action Task Force (FATF)

One way to manage this risk is to strengthen KYC and client due diligence (CDD). But this is easier said than done. A key aspect of KYC and CDD is face-to-face interaction and in-person verification. However, with social distancing in place due to COVID, meeting a customer is currently impossible. So, many organisations may end up actually altering and relaxing their onboarding requirements to expedite customer conversion and revenue generation, which further opens up opportunities for fraudsters to attack and exploit the system.  

Changes in regulatory requirements

To prevent an economic collapse and ensure business continuity, governments across the world have been busy imposing a series of changes to key regulatory policies like KYC, AML and CDD. 

According to the World Bank and CCAF’s recent regulatory survey, nearly 50% of regulators have undertaken measures to facilitate digitalization in financial services which had prompted a greater regulatory focus on KYC. Measures include facilitating or permitting electronic KYC (eKYC), or simplifying KYC processes and practices, allowing the use of digital identities, digital/electronic signatures, simplified and/ or digital customer due diligence (CDD) checks (such as through the use of facial recognition), and permitting the digital onboarding of customers by providers.

Whilst many regulators have taken a soft approach to implementing the above measures by issuing and providing formal guidance, others have decided to enact fully formed regulations in the area. In the UK, for example, the national regulator FCA released a guidance document on how retail financial organisation can perform digital authentication to accept scanned documents and selfie match photos to verify identities. In Malaysia, on the other hand, the Central Bank of Malaysia (BNM) issued a formal eKYC policy document in order to support and encourage the use of eKYC technologies and virtual onboarding.  

All these regulatory changes present yet another challenge for organisations that are not only required to keep track of the latest updates, but also to dedicate valuable time and resources to comply with any new requirements.

Process delays and failed business opportunities due to operational disruptions

The shift to remote working due to the strict social distancing measures imposed during the COVID crisis has caused some major challenges for organisations that still heavily rely on manual or paper-based KYC processes. This also applies to those that use automated AML and KYC solutions to perform their clients checks, but then process any false positive risk alerts manually.

One of the issues is system security and access. Some screening systems, for example, only permit access to the platform in a secure environment, or if a user is logged in at the company’s office premises.

Another KYC-related challenge for organisations is document verification and authorisation. Traditionally, authorising and authenticating key identity documentation (e.g. passport, driving licenses, addresses, etc) used to be a predominantly manual and paper-based process. With social distancing in place, organisations are no longer able to collect any hard copies of required documentation. Moreover, prospective clients may also face challenges with obtaining relevant document authorisation and certification by any third parties (e.g. a lawyer or an accountant), which is often required by banks and other financial organisations.  

These challenges can significantly delay a company’s overall client onboarding process that may further result in failed business opportunities and have a direct impact on the bottom line of the organisation.

Data risks

With more employees working from home, organisations are facing an increasing risk of data breaches. In most cases, employees use their personal devices to perform their jobs at home that usually don’t have the same level of protection and monitoring capabilities as work devices. The same risk applies to handling hard copies of documents that contain confidential and sensitive information. Since not all employees have shredders or other secure means of destroying such copies, organisations may be exposed to a higher risk of information leakage.


 
Report-ipad-image.jpg

What is Authorised Signatory Management?

Find out in our latest special report where we discuss the fundamentals of Authorised Signatory Management. Download

 

Best practice KYC compliance in the post-COVID digital age

To overcome the KYC-related challenges and mitigate any conduct risks that have arisen due to the COVID pandemic, organisations should ensure they maintain a sufficient level KYC compliance. Below are some best practices:

1.     Assess any emerging risks – Before making any actual changes to their existing processes, organisations need to assess and understand the new emerging risks and the potential impact on the business.

2.     Strengthen KYC and onboarding processes - Many organisations might be tempted to relax and amend their onboarding verification requirements to expedite customer conversion during the crisis, but as discussed earlier this might also open up opportunities for fraud. A possible solution to this problem is adopting and integrating more secure and sophisticated digital compliance products that use the latest biometric, artificial intelligence, machine learning, and blockchain technologies.

3.     Develop and issue an effective internal continuity policy and guidance – Senior management along with key compliance and legal personnel should prepare and implement a formal guidance / policy for employees on how they can effectively and securely perform their duties remotely.

How Cygnetise can help you strengthen your KYC process

The prevention of identity theft or identification errors is fundamental to any organisation’s KYC process. Cygnetise provides a digital solution, as an alternative to the paper-based management and distribution of Authorised Signature Lists (ASLs). It allows you to manage all your authorised signatory data in a secure, cost-efficient and sustainable way, from anywhere in the world.

Without having a clear view of who your authorised signatories are and who has access to your signatory data, your signatory lists might be incorrect, out-of-date or fall into the wrong hands and thus expose you to a higher risk of security breach and fraud.  

With Cygnetise, flying paper pages of sensitive signatory data and time-consuming manual processes will become a thing of the past. Operational resilience, enhanced efficiency and a contribution to your ESG goals, could become the new norm.

Want to learn more about Cygnetise? Request a free demo below and one of our team will get in touch with you right away!


Stephen Pomfret