Skip to content
Thomson Reuters
Know Your Customer

Are your KYC defenses fit for purpose?

Malcolm Wright

06 Feb 2017

Photographer: Mohamad Torokman

The fight against money laundering and terrorist financing will continue to be a primary area of focus for regulators in 2017. How can firms ensure their KYC compliance procedures meet the challenge?

The message from regulators is clear — the days of box-ticking are over when it comes to compliance with Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT).

Find out how to accelerate your ability to excel in KYC due diligence with Thomson Reuters KYC as a Service

Indeed, with a tidal wave of regulatory change heading towards the shores of compliance professionals, it requires a step-change in your Know Your Customer (KYC) approach to ensure the challenge can be met.

This will demand the participation of the entire organization rather than the chosen few in compliance.

Culture starts from the top with leadership engagement and works down through the organization with a properly controlled risk environment, and appropriate, regular training for employees.

In this respect, compliance professionals should take note that an inadequately-trained member of staff, even if they are not front-line compliance, may put the organization and Money Laundering Reporting Officer at financial, reputational, and regulatory risk.

Regulation and more regulation

The burden of regulation has grown significantly since 2008, when the world’s regulators issued approximately 24 alerts per day.

Download infographic — Overcoming Know Your Customer (KYC) Compliance Challenges

By 2015, the figure exceeded 200 and proved that as criminal and corrupt behavior adapts, so regulation has grown exponentially to keep up.

This year will bring a new raft of significant measures, many of which will have far-reaching effects beyond the borders of the issuing countries and regions.

  • The New York State Department of Financial Services’ final rule for transaction monitoring and filtering came into effect on 1 January

Download full infographic — A Culture of Compliance

At a national level, regulation and regulatory oversight is also facing an overhaul.

  • In the UK for example, the Financial Conduct Authority’s Senior Managers Regime extends further to the Certification Regime
  • The UK’s Criminal Finances Bill, which aims to be law by March, will introduce a strict liability crime for failing to prevent tax evasion and a possible new amendment introducing a failure to prevent economic crime, a wider scope that would cover AML and fraud.

Importantly, these changes extend their reach beyond the borders of the UK, thus organizations outside the country should be aware.

Review your regtech

Technology may not yet hold the key to fully automated, low-cost compliance, but investment in the right regtech tools can ensure that exposure to AML/CFT and other risks are minimized or mitigated, and that compliance costs can be appropriately planned and managed.

Nascent technologies like blockchain and artificial intelligence offer promise but it is still too early to reliably call on them in the compliance arena.

In the meantime, ensuring that KYC screening system settings and transaction monitoring rules have been reviewed and optimally adjusted — and indeed that they are being used correctly by compliance staff — can increase the reliability and quality of the compliance effort.

Find out more about Thomson Reuters Know Your Customer (KYC)

Secure Your Customer

Mention should, of course, be made of the EU General Data Protection Regulation, which is due to come into force in 2018.

There is now an acute focus on protecting your customers’ data, or in other words Secure Your Customer.

Perhaps the three key takeaways from the legislation in this respect are:

  • Breaches must be reported within 72 hours
  • Systems must encompass ‘security by design’
  • Organizations should ensure all of their systems are adequately protected and monitored with evidence to this effect, including KYC and transaction monitoring compliance systems.

There have been numerous reports that 2017 will be the ‘year of cyber security’ and regulators will be taking a keen view to ensuring that organizations adhere to the principles of good data governance throughout their operations.

Download report — Cyber security and managing KYC data

Now it’s personal

A further key theme this year — and one ignored at your own risk — is personal liability.

Each individual compliance professional must take ownership for their actions and fully assess his or her own personal regulatory risk management strategy to ensure compliance and avoid liability.

Download full infographic — Personal Liability: Are You Prepared to be Held Personally Responsible?

Recent enforcement action has shown that compliance officers at companies subject to the Bank Secrecy Act can be held personally responsible for AML failures.

It has also highlighted that regulators will not hesitate to impose the full force of the law and hold individuals to account.

The message is clear: personal liability is here to stay.

Make your voice heard 

With new regulation often comes consultation.

Indeed, both the UK and Australian governments have issued several consultations in the past few months that have specific interest to compliance professionals.

Such consultations can and do shape policy, and regular engagement in this way or directly with regulators, can help ensure that legislation is clear, effective, and not unduly onerous.

Watch video – Thomson Reuters: Do You Really Know Your Customer?

Partner up

Finally, going it alone is very often not sufficient in this complex and rapidly-evolving world of compliance regulations.

Risk, compliance and internal audit functions should therefore include outsourcing in all their monitoring plans and consider engaging managed services from an external provider.

Find out how to accelerate your ability to excel in KYC due diligence with Thomson Reuters KYC as a Service

KYC, enhanced due diligence, and screening managed services offer a raft of benefits, including:

  • Reducing the pressure on often over-stretched internal compliance departments
  • Lowering ongoing compliance costs
  • Speeding up turn around times, both when onboarding new clients and when refreshing client records
  • Providing superior data privacy and protection
The value of Enhanced Due Diligence in 2018 Insights from our annual wealth conference Paradise Papers: What could be the impact on your firm? Innovative KYC compliance sculpted in Africa Regulatory reform is no barrier for Asia firms Paradise Papers: What new offshore leak reveals about UBO challenge Corporate KYC pain: can the pain be eased? Big Data and RegTech team up in the fight against financial crime The buy-side answer to shrinking balance sheets How to stop your KYC data going stale