Improving Business Resilience with Intelligent Compliance Automation

Apr 16, 2020 | iComply Insights, News & Events, Updates

How financial services providers can take advantage of the new contactless culture

With new measures in place that require remote work and social distancing, the broader finance industry is set to look very different going forward. For board executives, management teams, and compliance officers, now is the time to rethink the most basic aspects of how financial services work.

Distribution channels that previously relied on branches or face-to-face meetings are becoming increasingly redundant. Strains on personal and business finances means financial service providers have to act quickly and with conviction when disbursing new capital. With both channels, financial services providers will still have to maintain compliance requirements, even when these core business operations were not designed to work digitally. 

Financial services providers could use this time to fundamentally overhaul the relationship with their customers while maintaining business and operational resilience. Businesses that successfully implement digital services for a new contactless culture will be rewarded in the long-run.

So what does the future look like for financial service providers? And where are the opportunities to improve internal operations and the overall customer experience?

In this post, we answer the above questions focusing on retail and commercial banking verticals. This article can be used as a checklist for compliance teams, boards, and product managers who are looking for ways to reduce costs, risk, and complexity or to improve staff capacity, effectiveness, and customer experiences.

 

Comparing Today to the Future

Most people are familiar with the process of opening a personal and/or business bank account. Will that familiar process be used in the months and years ahead? Likely not. While much of the client experience in financial services today is digital, there are a few core business processes that remain manual or require face-to-face business. 

Here are some key processes that we see boards and management teams reevaluating as they compare the old landscape with the new.

 

Client Onboarding

This is the first step of the process where financial service providers gather information on their clients. 

 

Standard Operating Procedures

  • Client must attend branch or meet agent in person
  • Physical and operational security measures in place and abided by
  • Data protection, privacy, governance, and cybersecurity measures in place and abided by
  • Training for frontline staff to validate client eligibility
  • Internal procedures for enhanced due diligence when needed, usually by email or additional in-person meetings

Non Face-to-face

  • Client goes to secure website or mobile application 
  • Data protection, privacy, governance, and cybersecurity measures are in place to prevent manipulation from bad actors
  • Onboarding logic includes validation and segmentation for additional KYC requirementsin real-time while the client is still in the onboarding process
  • Enhanced due diligence requests can be automated, reducing onboarding time and costs

Identity Verification

Financial service providers, through their “Agents”, must verify and document the identity of the client for KYC and AML requirements.

Standard Operating Procedures

  • Agent views ID documents, signs attestation of authenticity, and visually confirms identity match
  • Documents need to be transported and stored securely
  • Client information is processed manually or via batch refresh
  • Agents require document authentication training and typically can only authenticate local documents
  • Document authentication processes include manually viewing templates or using document authentication software
  • Identities can be verified in 5 minutes, when a qualified agent is available

 Non Face-to-face

  • User documents are validated using machine vision
  • Address and identity are confirmed by qualified third-party data sources
  • Secure client-side verification enables user data to be processed without leaving the user’s device
  • Compliance managers configure controls in online identity verification services to support documents from over 200 jurisdictions
  • Automated document verification detects fraud, low image quality, and user errors before the document leaves the user’s device
  • Identities can be verified in under 20 seconds

Risk Screening

Once the client’s identity information is verified, financial service providers search for potential risks such as adverse media mentions, sanctions, watchlists, relations to politically exposed persons, and more.

Standard Operating Procedures

  • Compliance teams log in to back-office systems to conduct searches and manage cases. Searches must be thorough, as names such as “John” can have varied spelling and homonyms: “Johnathon, Jon, Johan, Juan, etc.”
  • Each search must be documented for future audit and reporting. Any search result must be analyzed according to the firm’s policies to determine whether it is a True or False positive
  • True Positives will be calculated against the firm’s risk assessment program in preparation for Risk Classification
  • Data sources are reviewed and updated periodically (typically every 1-3 years) by risk analysts

Non Face-to-face

  • Client information is passed directly through artificial intelligence (AI) processing systems to analyze the results of thousands of searches simultaneously; any potential results are escalated to the compliance teams for analysis 
  • False positives are reduced using fuzzy matching and Levenshtein distance algorithms, and escalated for analyst review
  • True Positives are used to update Risk Classification in real-time
  • Documentation of all functions are generated autonomously. Data sources and profiles are reviewed and updated every night via AI; potential matches are escalated to risk analysts for final review

Risk Classification

Clients are assigned a risk rating and risk score, and segmented based on “red flags” such as jurisdiction, industry, risk screening results, and internal data sets.

Standard Operating Procedures

  • Compliance teams review the client case, any risk identified, and classify the risk level of the client
  • Quality assurance is conducted after the fact, usually during annual or periodic reviews

 Non Face-to-face

  • Scoring systems and automation thresholds automatically update risk scores, rating, classification
  • Quality assurance triggers create escalations for compliance teams to review

Low-Risk Clients

The client profile is reviewed for completeness and red flags before final approval.

Standard Operating Procedures

  • Compliance or account teams review the client profile.
  • Missing information may require additional client meetings or trigger enhanced due diligence procedures 
  • Account is opened manually or via API

 Non Face-to-face

  • Client profile has already been validated for completeness with onboarding controls 
  • Account is opened manually or via API

High-Risk Clients

Red flags may require enhanced due diligence, risk assessment, and potential reporting.

Standard Operating Procedures

  • Manual procedures include data management, additional risk screening, physical document processing, and reporting for SARs and filings
  • Account managers are notified of additional requirements from the client
  • Materials are typically submitted physically or via unsecure email
  • Fragmented or legacy technology solutions do not support remote staff or client operations
  • Total decision time per case: 48-72 hours
  • Account is opened or declined

 Non Face-to-face

  • Automated data processing and AI in risk screening enable unique search profiles to reduce errors due to manual procedures
  • Account managers and clients can be notified through push or email notification
  • Materials are submitted through secure and encrypted client portals
  • Intelligent AML solutions support remote operations, automate configurable workflows, and generate SARs and reports for filings
  • Account is opened or declined

Transaction Monitoring

Each transaction must be screened across multiple factors such as country, industry, beneficiary name, volume, and value of transactions.

Standard Operating Procedures

  • Threshold-specific procedures are maintained in company manuals and training sessions
  • Periodic reviews identify risk after the fact and increase remediation costs

 Non Face-to-face

  • Threshold-specific workflows trigger unique due diligence requirements, screening profiles, and generate reporting documents
  • Compliance teams can focus on exceptions, not data entry

Ongoing Monitoring

Risk screening data must be updated, not only to onboard new users but also to rescreen your existing clients for new risk.

Standard Operating Procedures

  • Risk data updates are done manually, often without re-screening of existing clients
  • Re-screening procedures face the same challenges as the initial risk screening

Non Face-to-face

  • Risk data is refreshed each night
  • Re-screening procedures identify net new risk for every client in your KYC software, reducing noise and improving productivity for compliance teams

KYC Data Refresh

Knowing your customer requires that you maintain accurate and current records. Clients may change their name, address, citizenship, or need to update KYC documents on file.

Standard Operating Procedures

  • KYC document templates require version control and physical document destruction for stale documents
  • Clients send sensitive personal information over mail, courier, or unsecured email
  • Expired data may require face-to-face meetings with licensed agents and transaction freezes, which increases client frustration

 Non Face-to-face

  • KYC document template versions are managed by system admins and pushed into client workflows in real-time
  • Clients submit personal information securely through an encrypted KYC portal in your website or mobile app
  • Data expiry dates trigger refresh requests to clients through email or push notifications in your website or mobile app

Ongoing Access Management

Verifying a user’s password only ensures the user has access to your client’s password.

Standard Operating Procedures

  • Online access security questions can be bypassed if hackers or thieves have enough of your client’s information
  • Face-to-face meetings with tellers or agents include manual identity verification
  • E-signature fraud creates risk, liability, and requires additional identity assurance in material agreements

 Non Face-to-face

  • Live face matching quickly enables the user to easily perform biometric authentication more securely than security questions
  • Identity verification processes can be witnessed during video meetings to enable contactless meetings
  • Biometric authentication enables “Smile to sign”, live face matching, and fraud monitoring to ensure strong client authentication at all times

In Closing

Most financial services providers spend over 10% of their gross annual revenues to complete their standard operating procedures. As we have seen, there is ample opportunity to apply new regulatory technologies to name screening, risk scoring, portfolio risk assessment, and AML reporting. Client data management enables financial services providers to reduce cost, risk, and complexity while improving staff capacity, effectiveness, and customer experience.

Migrating customer onboarding and compliance workflows to digital-first channels can be challenging. Costs have mushroomed and complexity increases with each additional jurisdiction you serve. Customer expectations on user experience, contactless availability, and KYC friction are changing rapidly. 

Compliance teams, boards, and product managers should regularly re-evaluate their KYC and AML systems to identify weaknesses, better manage risk, improve staff capacity, reduce vendors, cut costs, and improve their client’s KYC user experience. We hope this article can serve as a valuable resource for your business. 

 

Thanks for reading!

The iComply Team

About iComply

iComply Investor Services Inc. (“iComply”) is a regtech company that provides automated KYC and AML compliance solutions for non face-to-face financial and legal interactions. iComply enables financial services providers to reduce costs, risk, and complexity and improve staff capacity, effectiveness, and customer experience.

learn more

Is your AML compliance too expensive, time-consuming, or ineffective?

iComply enables financial services providers to reduce costs, risk, and complexity and improve staff capacity, effectiveness, and customer experience.

Request a demo today.

The Importance of KYC Compliance for Fintechs
The Importance of KYC Compliance for Fintechs

The Importance of KYC Compliance for Fintechs Know Your Customer (KYC) compliance is crucial for fintech companies to verify the identities of their customers, mitigate risks, and adhere to regulatory requirements. This article...