How to Leverage Effective Management Information (MI) within KYC/AML Operations

Within a bank or large financial services organisation, a massive amount of data is produced and analysed every day as part of the day-to-day business; for example, over the past 25 years, banks have diversified their product portfolios to such an extent that the textbook model of lending money to customers at a higher rate than they borrow it, is often not a bank’s primary source of income. This diversification has created varied business units and internal functions, each having their own specific risks and performance measures, further fragmenting how information is processed and understood.

This fragmentation makes it very difficult to look at how a bank, including its business and functional units, are performing when considered at a strategic level. Effective MI within a banking organisation will allow for different areas of a bank to be viewed through one lens allowing for interpretation and informed decisions to be made by the various management levels within the organisational structure.

In practice, MI should be used for both upstream and downstream communication and controls. For a function within banking operations, these could track a wide variety of things, such as:

  • Events – tracking of events due to failing of controls

  • People – individual and/or team performance and/or measuring communication of issues requiring management attention

  • Systems – efficiency of software and tracking of “downtime”

  • Processes – identifying bottlenecks, touchpoints or aging

By tracking these criteria against predefined targets and tolerances, an understanding of how a function is performing can be made, as well as identifying any areas that require attention.

There are questions specific to KYC which can be answered with effective MI, showcasing why it is an integral part of any KYC program, these include :

  • Are your CLM policies and procedures fit for purpose?

  • Can KYC reviews be completed to agreed run rates and tolerances?

  • Where can efficiency gains be made to spend less on resources?

  • What areas within the KYC end-2-end workflow require attention?

  • Do the resources spent per file align with a risk-based approach? i.e. is there proportionate spending when looking at client risk;

  • How can KYC/AML data requirements be leveraged from, and integrate into other areas of the organisation? For example, Operations and Compliance/Financial Crime;

  • What strategic decisions can be made when considering if it is worth keeping certain clients due to the (increasing) cost of ongoing KYC (especially for high-risk clients) and other related maintence requirements?

Once the information is produced and understood, it is important to ensure there are actions associated to pre-defined tolerances. For example, if a KYC analyst within a bank’s new client onboarding function had received outstanding documentation allowing for the completion of a KYC review, but after 2 days (“the agreed tolerance”) the client file had not moved forward within the process, a sub-process of notifications and escalations should be kicked off to ensure corrective measures are taken. The implementation of this type of downstream process is extremely important within banking operations, where controls play such an important factor in managing risk.

The upstream objective of any effective MI program is to give senior management the ability to successfully articulate the firm's major risks and performance criteria to key stakeholders, such as regulators or shareholders. This, in turn, can help secure further funding for change projects and BAU resources within the department.