In 2020, USD 10.4 billion worth of fines related to anti-money laundering (AML) and know-your-client (KYC) were issued to financial institutions worldwide. This is also the first time since 2015 where the Asia-Pacific (APAC) region has overtaken North America in terms of total fines levied within the region, largely due to the 1MDB scandal1. Despite increasing compliance costs, banks located in APAC are well positioned to profit from the growing demand for wealth management services within the region.
Operational inefficiencies as a result of false positives, the growing complexity of KYC regulations, and limited resources remain critical roadblocks. These challenges call for an urgent need for banks to take deliberate steps in enhancing their current KYC programme.
In this article, we explore how banks can leverage both network analytics and continuous KYC to increase risk detection capabilities and boost operational efficiency in KYC reviews. Once adopted, these two drivers will form the foundation for banks to achieve a sustainable KYC programme.
A recent study2 showed the largest contributors of net new money (NNM) and asset under management (AUM) growth will come from APAC and Latin America by 2024, with China contributing the most.
To highlight the scale of growth in demand within Asia, China’s AUM and NNM growths are projected to exceed its North America counterparts by three and nine times respectively (Figure 1). This growth anticipates an increasing client base for banks in Asia, translating to greater resources required to conduct KYC reviews. The main processes impacted are client onboarding, periodic reviews, and transaction reviews. Over the next five years, the existing KYC review framework will most likely become unsustainable, as banks find it challenging to scale and strike a balance between increasing NNM and the appropriate due diligence (e.g., source of wealth corroboration).
Figure 1 Projected AUM and NNM growth rates for 2020 to 20242
Today, most client risk models depend on static data (i.e., data that is taken at a certain point of the client lifecycle, such as during client onboarding or periodic reviews) to risk rate their clients and determine the frequency of a periodic review. Examples of static risk factors include clients’ occupation, nationality and country of residence.
Usually, the static data would be refreshed during periodic reviews or if a trigger event, such as a material change in the account structure, occurs. However, a client’s overall risk should be determined holistically by factoring dynamic risk elements into the equation. Unlike static risk factors, dynamic risk factors are expected to change within a short period of time (e.g., within a week). Examples include clients’ transactional activities, associated relationships, and adverse news. By excluding these dynamic factors, stale static data are more likely to misclassify the risk of a client.
This risk misclassification could impact the bank in two ways (Figure 2):
I. Actual high-risk clients being misclassified as low risk
This may expose the bank to heightened regulatory risk as these high-risk clients’ activities could not be prioritised for review at a higher frequency. In the worst case scenario, large scale remediation exercise may be initiated, which are traditionally expensive and exposes the bank to other reputational risks and regulatory fines.
II. Actual low risk clients being misclassified as high-risk
False positives can negatively impact the overall client experience with the bank. An example would be a low-risk client with limited account activity being subjected to repeated KYC reviews just because they were associated with sensitive countries.
The opportunity cost will be high for the bank to spend an excessive amount of time conducting multiple reviews on low-risk clients. The time saved can be better utilised on other revenue-generating activities or urgent tasks.
The timeliness in how banks react to these dynamic risk factors also pose as a significant challenge. Once an entity or an individual is found to be associated with Money Laundering/Terrorist Financing (ML/TF) activities, banks are expected to assess the impact on their clients or connected parties in a timely manner.
In recent years, both Monetary Authority of Singapore (MAS) and Hong Kong Monetary Authority (HKMA) have supported cross-collaboration between RegTech solution providers and banks in using technology to strengthen ML/TF detection capabilities3. A recent publication by HKMA4 highlighted use cases of how network analytics has helped a bank to identify hidden suspicious relationships by leveraging non-traditional data elements.
Harnessing the data skillfully is crucial in addressing the KYC challenge sustainably. Figure 3 breaks down the building blocks and enablers structurally. By forming a single client view through connecting internal and external data, banks can considerably increase the efficiency and comprehensiveness of their KYC reviews which form the core activity of client onboarding, periodic reviews and transaction reviews.
Manual and lengthy processes is one of the key reasons why banks are often unable to achieve scalability in their KYC reviews. Network analytics is a technology enabler that promises:
By leveraging data analytics and entity resolution5 mechanisms, the entire network of relationships can be displayed across all known and unknown entities. This includes people, corporate directories, and geographical locations that are associated with the client.
Entity resolution mechanisms are fundamental differentiators from what banks have currently. Today, banks rely on mainstream databases that cover headline news on the entity or individual with a guaranteed match rate. Entity resolution, on the other hand, feeds on both structured and unstructured data and introduces a probabilistic approach to making high-conviction linkages. For example, several adverse new reports appear along with information such as name, address, and related parties. Through entity resolution, a probability will be assigned to each of these news reporters to ascertain if this news belongs to the entity in question.
With this, banks can intuitively view the money trail across parties and highlight if the originators are linked to any high-risk affiliates. These are shown as red or amber flags in the diagram, which requires the bank’s attention (Figure 4).
Banks can then spend lesser time on manual data consolidation and focus on actual risk analysis. This significant improvement in the efficiency of KYC reviews can help address the issue of scalability and results in shorter turnaround time.
The term “continuous KYC” comes in many forms, such as “perpetual KYC” and “dynamic KYC”. However, these different naming conventions point to the same underlying concept. The “continuous” aspect refers to the near real-time refresh of KYC data.
With continuous KYC, a bank is able to efficiently monitor all relevant client news, network activities, and events that are internal and external to the bank. A key enabler is a single client platform which has the capability to support both network analytics and houses the logic triggering periodic reviews. Instead of relying on static risk factors, periodic reviews can now be triggered based on a multi-factor risk assessment which comprises of both dynamic and static risk factors.
There are two underlying concepts that are critical to continuous KYC:
I. Dynamic client risk models
In today’s landscape, banks rely mainly on country, customer, products and services, and channel risks to determine a client’s risk level. Most of these risk factors are static and will only be updated during the periodic review, or if a trigger event such as a material change in the account structure occurs. With stale data, there is a high likelihood that the bank will misclassify the risk level of their clients.
This potential misclassification could be reduced by including dynamic risk factors in client risk models. Figure 5 presents an overview of the target state.
II. Continuous monitoring
A widely accepted standard of the periodic review process is to trigger the periodic review once every year or three years for high and low-risk clients, respectively. In between, transaction monitoring will be one of the major defences the bank would have against ML/TF activities. However, the nature of transaction monitoring investigations focuses mainly on rationalising transactions against existing clients’ KYC profiles and not validating if the KYC profile is accurate as of the date. Hence, banks would need a more holistic KYC review approach.
Instead of periodic checks, KYC reviews could be triggered based on a lookback period which feeds into the dynamic risk model. Figure 6 demonstrates that each refresh will generate a set of clients that requires KYC reviews with the higher-risk clients prioritised. The dynamic client risk model will generate a set of high-risk clients to undergo a KYC review. Additional features, such as suppression logic and sweeps, can be adopted based on the banks’ risk appetite.
The concept of continuous KYC may potentially be the solution to the issue of client risk misclassification as clients’ risk are reflected on a near real-time basis enabled by dynamic risk models. Banks would be able to prioritise actual high-risk clients for reviews and reduce the review frequency of lower-risk clients whilst fulfilling one’s regulatory obligation.
While this article is written in the context of the wealth management business, these ideas can be applied across the corporate and institutional clients segments too. Operational efficiency and better risk detection capabilities have a direct impact on a bank’s regulatory costs and its competitiveness against its peers. While it might not be easy to implement continuous KYC in private banking due to the lack of publicly available structured data, solving the problem with the skillful application of network analytics and data science will create a significant competitive advantage for the first mover.
The shift to continuous KYC and the adoption of network analytics will address both the scalability and client risk misclassification challenges. In the next five years, the Asia growth story will continue to unfold, and having a sustainable KYC programme will put the bank in a sweet spot that balances both risk and reward in the long run.
Our next article will highlight an essential complementary tool, the Risk Insights Dashboard, which strengthens the overall first line of defence (1LOD) supervisory regime of your bank.
Subject matter expertise
Synpulse is at the forefront of transformation topics and engaging leading financial institutions to deliver both compliant and commercially viable AML/KYC framework in response the evolving regulations and RegTech trends. Our expertise in regulatory compliance, technology integration and data management will support you in all aspects as continuous KYC and network analytics comes into focus, providing you with insights and implementation approaches.
Extensive industry experience in the APAC market
Since 2008, Synpulse has worked with many regional and global financial institutions on an array of successful projects across APAC. We understand the most pressing regulatory challenges faced by the industry based on our extensive experience.
Access to global ecosystem partners
Synpulse works closely with innovative ecosystem partners across a wide spectrum of topics. Our extensive network of partners coupled with deep experience and knowledge of the AML/KYC landscape provides us with insights to identify the most suitable technological solution to meet your needs.
1Regulation Asia. Overtook US in AML Penalties For 2020: Fenergo. 11 December 2020
2Morgan Stanley and Oliver Wyman. Wealth Management Report 2020: After the Storm. Accessed: 15 Jul 2021
3HMKA. Supporting the Use of New Technologies for AML/CFT: Suggested Actions for the Hong Kong Banking Sector. 11 Aug 2021
4HKMA. AML/CFT Regtech: Case Studies and Insights. January 2021.
5Entity resolution is the process of probabilistically identifying some real thing based upon a set of possibly ambiguous clues.
John R. Talburt. Entity Resolution and Information Quality. 2011. Science Direct. Accessed 15 July 2021.