KYC remediation, the process of rectifying or updating customer client due diligence (CDD) information, is a process which most financial institutions go through. Despite KYC remediation being a common issue, and a big [and expensive] headache – it is avoidable.
KYC remediation is normally driven by a number of internal and external factors:
Internal drivers for initiating a remediation programme may include audit findings/points, changes (i.e. uplifts) to CDD standard or changes to a firm’s risk appetite (which may in turn be driven by external market and/or regulatory factors).
External drivers include regulatory intervention and changes in money laundering regulation (two of which will come into force in 2020 within the EU and the UK (regardless of BREXIT)).
KYC remediation is often seen as a cycle which comes about circa every 5 years if suitable controls are not in place. The cycle beings with a need to remediate customer CDD information. Whether this is driven by internal or external factors, the programme will almost certainly be high on the agenda of executive management and funding will be ringfenced to fund the programme. Year 1 will see a lot of investment and increase in personnel to carry out the remediation - this usually extends into year 2. By year 3 the remediation is generally complete, and focus has shifted away from the initial issue.
Year 4 may see the on-going refresh programme not being met and not being a key focus – this often results in a backlog of high risk customer refresh reviews. Year 4 may also see the higher volume low risk customer KYC coming up for refresh resulting the volume of customer requiring refresh, or with expired CDD, reaching a critical point.
At the end of this typical cycle the regulator may also be undertaking their regular visits which adds the pressure resulting in a full-scale remediation programme being instigated by the financial institution once again.
What can be done to break the remediation cycle?
Cost is always a driver when undertaking a KYC remediation programme. By understanding the realistic cost of remediation will help to ensure that the correct level of investment is provided which will result in a successful and realistic outcome.
Based on our research in delivering successful remediation programmes over the past 10 years, the average cost to remediate each customer will range from c.£1500 for a mature processes with appropriate systems and controls, to upwards of c.£6000+ for an institution with complex and inefficient processes.
2. Firm-wide buy-in:
A remediation programme is likely to touch upon every function within an organisation. Having firm-wide buy-in and acknowledgement of the programme will help understand and identify the complexities as well assisting with the successful completion of the remediation process.
Having a realistic and well defined roadmap for the entire project will assist in the successful delivery of the remediation programme. A well-defined plan should include stakeholder management involvement and accountability but should also have the flexibility of adjusting to issues and risks as they arise.
4. Be realistic:
Many firms set unrealistic goals in relation to the length of time and the amount of effort which is required to successfully deliver a remediation programme. Being driven by internal budgetary calendar constraints and unrealistic stakeholder expectations will increase the likelihood of failure of the programme.
5. Rely on the experts:
Many FI’s underestimate the effort involved in KYC remediation and look to manage the programme internally. A remediation project requires fulltime leadership, management and oversight. Utilising a firm that has a track record of successfully delivering remediation programmes will reduce the burden for the FI and increase the efficiency of the project.
6. Maintain focus after the initial programme:
Failing to accept that on-going KYC/CDD refresh is a primary requirement in relation to AML compliance, and failing to maintain the refresh programme will result in the pain of a remediation project being required time and time again – this will result in increased cost over time as well as a greater chance of regulatory intervention. By maintaining focus, resource and budget to the on-going refresh programme will reduce the risk of a remediation project being initiated in future.
How we can help:
Lysis Operations is an innovative AML and KYC service company which operates globally, serving major investment banks, financial services institutions and other regulated industries. We deliver efficient and cost-effective KYC and AML processing, remediation and client on-boarding from our Operations Centres or in-house.
For more information please contact firstname.lastname@example.org
By Tom Griffiths, Associate Director at Lysis Group