Illustration demonstrating how banks can get started with pKYC and event-driven reviews instead of relying on manual processes.

It's no secret that the traditional methods for Know Your Customer (KYC) and Customer Due Diligence (CDD) used by many banks and financial institutions are in need of an upgrade. In an age where information is rapidly shifting, KYC regulatory requirements need to move to a digital operating model. Perpetual KYC (pKYC) provides the blueprint financial institutions need to evolve. Better still, with pKYC banks can follow at their own pace.  

2022: A year of relentless change for financial institutions

Banks have a regulatory obligation to perform due diligence and assess their customers for Anti-Money Laundering (AML) risks. This assessment is based on the bank’s AML policy and risk rating vectors. Screening customers against government sanctions watchlists is a central component of the risk assessment process. These watchlists continually change, but 2022 could be a record for the number of sanction watchlist changes that banks had to deal with. 

This vast number of changes was due to Russia’s invasion of Ukraine. The international community responded to the invasion with a litany of sanctions. Targets included members of the Russian government, oligarchs, banks, and even Russian president Vladimir Putin’s alleged mistress

As the conflict rages on, the list of targets has only grown more expansive. New names and entities of sanctioned individuals, politically exposed persons (PEPs), and relatives and close associates (RCAs) are constantly added to watchlists. 

Image outlining 3 key questions banks should ask before getting started with pKYC, including: 1) Is the data relevant to banks’ unique KYC policy?; 2) Do you know where your data lives?; 3) Do you have all relevant data for ongoing risk assessment?
Image outlining 3 key questions banks should ask before getting started with pKYC, including: 1) Is the data relevant to banks’ unique KYC policy?; 2) Do you know where your data lives?; 3) Do you have all relevant data for ongoing risk assessment?

And as we know, a watchlist match directly impacts the KYC/CDD risk vector profile. Frankly, how do you keep up with these changes if KYC/CDD is still beholden to traditional methods?  

Clearly, banks need to embrace change. But the good news is these changes don’t have to happen all at once.

Embracing pKYC is a Journey, Not a Sprint for Banks

A dated KYC/CDD operational model leaves banks vulnerable to errors. For example, a customer who was considered low-risk at the time of onboarding could see their risk level change in between scheduled reviews. This change could result from transaction activities, opening a new account, or adding a risky signatory. 

Suppose a customer or business was identified on a government sanctions watchlist as a result of the conflict we mentioned above. How quickly would your bank be able to uncover the impact on your KYC/CDD risk? Additionally, with all of the sanction watchlist changes, if a scheduled, automated, event-driven update process is not in place, how will you keep up? 

Perpetual KYC for AML compliance allows banks to shift from a very manual periodic review process to an event-triggered review alternative. This automation frees up KYC/CDD analysts to focus more on due diligence instead of data collection. pKYC automatically reviews data from multiple sources, giving analysts more timely assessments of customer risk. This automation brings a potential financial crime event to the forefront giving it the proper attention it needs. This ensures banks are using the most updated information and accessing a holistic view of the customer risk based on multiple sources.

But how can banks that have relied on manual KYC/CDD review processes successfully shift to pKYC and automated reviews? The idea of changing long-standing manual practices and swapping disparate on-premise systems for automated ones can feel intimidating. After all, it’s only human to revert to old processes because they’re familiar.

The good news is the shift to pKYC doesn’t have to happen overnight. Instead, banks should view the shift as a journey, not a sprint. Banks that haven’t yet gotten started on pKYC can start their own journeys one step at a time.

3 Steps for Banks to Get Started with pKYC

So what can banks do to take their first forays into event-driven reviews? Here are three simple ways banks can get started with pKYC.

1. It’s all about the data

As you start the journey to event-driven reviews, it is critical that your organization identify the proper data needed for pKYC to be successful. Your bank has large amounts of customer data. This data most likely lives in different systems across the bank as well as with third-party providers. It needs to be consolidated and enriched to assess which data points are required. 

Asking the following questions will assist with this assessment:

  • Will the data points identified cover the bank-level policies and procedures for proper risk identification? 
  • Are there data points missing for an event-triggered risk assessment? 
  • Are there data points missing from the customer onboarding process?  

Documenting the data and process flow is critical when getting started with pKYC. The automated process could be flawed if the data is not available. A solid foundation is important and will directly impact the quality of the output.

Also, consider what your organization can do with the right technology in place. For example, if your data sources are cloud-supported, what will that mean for your team’s ability to consolidate data into a holistic interface? This step is essential to understanding how pKYC can improve and enhance your existing KYC processes.

2. Start with a single customer segment or line of business

Your bank includes many different customer types categorized into different lines of business. Trying to transform all of your customers at once doesn’t provide you with any quick wins toward your target pKYC goals. 

Instead, consider taking baby steps. For example, you can get started with pKYC by implementing reviews for one particular customer segment or line of business. After observing how pKYC behaves for these use cases, you will uncover additional optimization potentials that you may not have addressed during the initial planning process. This will allow you to align your target state optimization through an iterative process, instead of having to have several, multi-year large projects to achieve your ultimate target.

3. Adopt modern technology, including AI and ML 

For pKYC to be successful, scalable, and cost-effective, your bank needs to adopt a solution that is flexible and scalable. This is important to be ready for new regulatory requirements, a growing customer base, or a new target market entry. The solution should also be able to use flexible data integration technology to bring disparate data together.

Incorporating artificial intelligence and machine learning capabilities into the pKYC process offers the opportunity to reduce manual and repetitive tasks while providing intelligent automation. It also offers a clear audit trail of events that triggered a KYC review, an important and necessary detail for internal and regulatory examinations.

The unprecedented compliance landscape of 2022 shows no signs of slowing down. That means banks need to shift away from manual KYC reviews as quickly as possible to keep pace with this new reality. But change can be intimidating, especially when it comes to shifting from traditional, manual processes to automated event-driven processes using modern technology. Fortunately, the road to pKYC can be pursued one use case and customer segment at a time.

Illustration of Feedzai's AML report based on input from over 630 anti-money laundering compliance professionals prompting readers to download their free copy.