Will Event Driven Reviews and Perpetual KYC be the 'New Normal' for Financial institutions?

Over the last 15 years the KYC due diligence process has evolved significantly. But as the bar has been raised on compliance globally, the  costs and resources needed in the onboarding process and regular KYC reviews have grown exponentially.

Financial institutions don’t have much choice in their approach. They either must make upfront investments in their processes and technologies as the regulatory landscape changes or incur reputational and financial harm in the form of regulatory fines. Institutions may even be forced to cease trading in certain geographies or  segments.

But those  upfront investments are more than a monetary challenge. Competing internal priorities and a lack of technological understanding across the organization also impede any necessary changes to internal operations. It is commonplace for financial institutions to rush into ‘reactive mode’ after regulatory audits expose risks that  must be fixed.  This can generate huge internal stress, tension, and pressure  as the key stakeholders rush to stop the bleeding and build an action plan to reassure the regulators. This often means  throwing budget restrictions out of the window until the problem has been resolved.

To minimize the financial impact of having to constantly invest in updating their KYC processes some organizations are smoothing out the process of regular reviews to optimize resource capacity month-on-month, while others have implemented solutions to increase straight through processing (STP) numbers, especially in the retail space. Even more have leveraged automation  to cut down on manual processes and drive value through reducing high labor cost in doing KYC reviews. 

While these approaches have their benefits, event driven reviews and perpetual KYC, also known as ongoing due diligence, could be the sector’s  silver bullets. 

The main benefits are numerous: cost savings, resource optimization, effective compliance risk management, and reaching out to customers only when necessary, not just to tick a box in a regular review cycle or an approach that throws up too many false positives (most regular reviews don’t highlight any material changes anyway – so what’s the point?). 

However, moving towards a truly event-driven program requires several ducks to be lined up. :

• A strong, clearly defined framework of material events  like negative news needs to be established that can trigger reviews across KYC and transaction monitoring. Unlike the current situation, for this to be effective, all systems and processes need to be connected and speaking to one another with minimum human intervention and intelligent automation. All reviews regardless of source of input, must be documented and processed in one case management system to provide an overall view of the client – and the line of sight needs to cover the client regardless of geography, business line, and product. 
• If you are changing how you do KYC reviews buy-in from the regulators is also required. For those of us who have gone through regulatory audits, we all understand the hoops we have to jump through – just when we think it’s all over, another risk that we haven’t thought of is identified – oh boy – and that’s for processes we have been following for years. The best way to approach this is to have a robust transparent methodology, audit capabilities, and sound metrics and reporting. 
• Along with these pre-requisites come the need for an effective control and approval structure, as well as an auditable exception tracking process. 

The industry is moving to an event-driven or perpetual review process because it makes logical sense Transaction monitoring teams and KYC operational teams are sharing information now more than ever before when carrying out client AML risk reviews.  To build the comprehensive case management systems necessary for this evolution, financial institutions are developing and deploying more automation like NLP, OCR, and AI, throughout their technology solutions. Many are also opting for low code, enterprise solutions that provide that critical line of sight across everything.

Regulators seem to be warming up to the idea of event driven reviews and perpetual KYC. Whether this becomes the new status quo will happen once the next wave of audits take place and the regulators find the risks still to be uncovered.  That should not be a barrier to moving forward.  The benefits of this approach, along with the optimization of AML risk management, and the cost and resource savings are too great to delay