How to address local KYC regulations within a continuous KYC framework

Background

The Wolfsberg Group has advised that financial institutions (“FIs”) should “transition from traditional periodic refresh cycles to a trigger-based approach to maintaining accurate customer data”1. Few FIs are yet to achieve this and receive the benefits of higher risk mitigation and improved operational efficiency. Conversely, FIs typically see local regulations as a barrier to achieving a continuous KYC (“cKYC”) model. In our work with clients, we have seen that local regulations can be satisfied in a cKYC model, whilst being within risk appetite.

Challenges with Local Regulations

Local AML regulations are complex and are subject to individual interpretation, making it challenging for FIs to accurately assess customers’ risk both at onboarding and at periodic reviews. In addition, as banks continue to increase their customer base and product offerings, it becomes more difficult to keep the customer due diligence up to date. A cKYC model offers great potential for FIs to strike a balance between sound risk management and ever-increasing operational costs.

However, local regulations/requirements can be seen to present a significant barrier to transition to cKYC, as they can be seen to pose an immediate challenge to retire the periodic refresh cycles.

These challenges are based on an amalgamation of factors:

1. A universal monitoring approach seems unfeasible where requirements vary across a large number of local regulations. As an example, various geographies may have the same UBO thresholds (i.e., 25% company ownership or voting rights), however, there are many “outliers” or those geographies with more stringent regulations (e.g., Colombia have a 5% UBO threshold).

2. At times, the regulation is subject to interpretation, and it is not explicitly clear as to what the exact requirement is. As an example, regulators note that data should be “accurate and up to date”. Various geographies may interpret this differently, for instance, with key executives and directors.

3. Regulation is not amenable/local FI policy is too stringent, leading to a requirement to check certain data attributes within a time-based period, resulting in a FI firm working under the assumption that they need to keep the full periodic review in place. As an example, a review of the issuance of bearer shares may be checked on a periodic basis, e.g., annual.

What have we found?

We conducted a detailed study of local regulations in over 10 markets, identifying challenges and developed treatment strategies for over 120 local requirements, to understand how these local regulations can be satisfied. This work has been used to inform how local requirements have been met within an FI’s KYC procedures as part of a KYC transformation.

We found that most local requirements (c.70%) could be satisfied via a single standard monitoring approach leveraging a standard data set (sourced internally and externally). The remaining local requirements can then be accommodated via adjustment methodologies that alter the monitoring thresholds to satisfy local regulations.

Secondly, we found that around a fifth of local requirements were subject to interpretation. This necessitated working with appropriate risk stewards within the FI to agree a risk-based approach. We reviewed each local requirement with a focus on the specific risk the bank is aiming to mitigate to challenge where a high-risk approach might be taken due to lack of clarity/understanding. This avoids the FI doing more than necessary to satisfy the requirement, impacting operational efficiency.

Lastly, around 10% of local requirements fitted into the bucket of the regulation not being amenable or the internal FIs’ policy being too stringent. These requirements were typically checked within a time-based period, e.g., a review of issuance of client bearer shares. These residual requirements can be satisfied with a decoupled time-based trigger or a bespoke treatment strategy outside a correlated monitoring approach. Instead of conducting a full periodic review, analysts only check these residual requirements periodically to satisfy local regulations.

We have developed a methodology and framework to assess local regulation for global financial institutions with a view to transitioning to cKYC. We found that it is feasible to move to a cKYC model, whilst satisfying local regulations and being within risk appetite.

My thanks to Archit Chamaria, Sagar Ruparel and Annie You for contributing to and/or reviewing this article. If you have any questions or require any support, please kindly reach out to either Heather Adams or Archit Chamaria.

Disclaimer: This document is intended for general informational purposes only and does not take into account the reader’s specific circumstances and may not reflect the most current developments. Accenture disclaims, to the fullest extent permitted by applicable law, any and all liability for the accuracy and completeness of the information in this presentation and for any acts or omissions made based on such information. Accenture does not provide legal, regulatory, audit, or tax advice. Readers are responsible for obtaining such advice from their own legal counsel or other licensed professionals.

Copyright ? 2023 Accenture. All rights reserved. Accenture and its logo are registered trademarks.