• wblogo
  • wblogo
  • wblogo

KYC report uncovers compliance problems at banks and investment firms

Chris Hamblin, Editor, London, 12 July 2018

articleimage

Know-your-customer compliance is becoming ever-more onerous. To gauge the needs of the financial sector in this area, LexisNexis Risk Solutions conducted some research last year with the aim of forming an aggregated view of the problems that institutions in the United Kingdom face when dealing with alerts. The result is a report that the software giant has just publicised.

The report - which is slightly old but still relevant - is based on testimony from decision-makers at financial institutions in the UK who are responsible for "KYC and sanctions alert remediation" (the LexisNexis term for dealing with alerts). In the early part of last year, the software firm conducted 151 interviews with a mixture of banks, investment firms, wealth management companies and building societies of varying sizes (small, medium and large).

More than half of these people (inhabiting 63% of small/medium-sized firms and 54% of large firms) said that their KYC and sanctions remediation processes were "less than very efficient," with the rest of them - quite a high proportion - expressing great confidence in their systems. The report goes into further detail: "A typical KYC remediation case, taken as an average across the 151 responses, was 18 hours and 3.7 staff members to complete (22 hours for less-than-very efficient firms; 14 hours for very efficient firms); a similar average time was mentioned for completing a typical sanctions remediation case, with slightly less staff. However, when the firm asked people how long it should take if processes were fully efficient, there was a marked difference; decision makers gave estimates that would amount to a saving of 4 to 5 hours and one less staff member per case."

When looking at factors that had a bad effect on the efficiency of KYC and sanctions remediation, the researchers found that the following factors were having a "moderate-to-significant" effect.

  • Disparate/siloed data systems               60%
  • No single risk view of customers           59%
  • Maintaining search audit                        59%
  • Too many alerts/cannot prioritise         56%
  • Lack of real-time monitoring                  56%
  • Volume of false positives                         54%
  • Absence of up-to-date information about customers    53%
  • No central repository of all information needed             51%
  • 'Unfriendly' workflow IT                          45%

Another category, which scored 49%, went by the unlikely name of "obtaining info on underbanked/'thin file' persons."

Needless to say, the inefficiency that these factors causes can lead to lost business, or at the very least friction between the financial institution in question and its customers. More than two-thirds of people at firms with less-than-efficient processes said that they had lost business because false positives had caused heavy delays in the on-boarding process. This sometimes (LexisNexis does not say how often) led the firms to pay a further penalty because they had to invest in added "systems and solutions."

The researchers' figures for the effect on "less than very efficient" firms are stark. The percentages here related to bad occurrences that were "moderate to significant" in their importance.

  • Business lost because of false positives            70%
  • Delays in the onboarding of new customers    69%
  • Costly external software etc.                               67%
  • Cost of maintaining various systems                 65%
  • A drop in productivity                                          63%
  • Business lost because of inefficiency                 61%
  • Cost of resources/labour                                      57%

People who said that they could not form a single 'risk view' of every customer were also very likely to mention the cost of labour, delays in on-boarding and business lost because of false positives.

KYC and sanctions remediation inefficiency is greatest among banks that stretch their resources too thinly. The level of inefficiency among processes tends to differ according to type/size of organisation and the structure of remediation teams. People at banks reported significantly longer remediation processing times than people at investment firms. On average, processing times for both KYC and sanctions remediation at banks (24 hours) are nearly double those at investment firms (13 hours), but with almost the same number of resources in play. Not surprisingly, the bankers thought that they would save significantly more time (6–7 hours or nearly one business day) if their remediation processes were fully efficient.

In a typical KYC remediation case, bankers reported 23 hours as the average time, expended by 3.8 staff. They thought that if they were fully efficient, this would go down to 17 hours and 2.3 staff. In a typical case at an investment firm, the current figures are 13 hours expended by 3.7 staff and a 'fully efficient' figure of 10 hours expended by 2.2 staff. This last represents a saving of three hours and 1½ members of staff, which on its own is a worthwhile saving.

In a typical sanctions remediation case at a bank, the figure was 25 hours expended by 3.2 people. If they were 'fully efficient,' this would be 18 hours expended by 2.1 people. In a typical case of this kind at an investment firm, the figure was 13 hours expended by 3.1 people. If they were 'fully efficient' this would be 10 hours expended by only 2 people.

All firms' KYC efforts suffer from false positives, disparate data systems and difficulty in prioritising alerts because of volumes. LexisNexis investigated further and found that banks and investment firms suffered differently. The figures below come from institutions that said that their firms had "less than very efficient processes," with banks' figures for moderate-to-significant problems going first and investment firms' figures going second.

  • Volume of false positives                       61%, 41%
  • Disparate/siloed data systems              69%, 41%
  • Too many alerts/cannot prioritise       63%, 41%
  • No single risk view of customer            59%, 55%
  • Maintenance of search audit trail         53%, 62%
  • Lack of up-to-date info on customers  59%, 52%
  • Absence of real-time monitoring          57%, 59%
  • No central repository of all info            57%, 48%
  • Obtaining info on 'thin file' people       53%, 41%

The bad effects that inefficiency in the KYC and sanctions remediation process can have on a firm were also the subject of the survey. The percentages of firms with "less than very efficient" systems that were having "moderate to significant" trouble from various factors are listed below, with banks' figures going first and investment firms' figures second.

  • Delays in the onboarding of new customers     74%, 62%
  • Loss of business (general inefficiency)              67%, 50%
  • Loss of business (false positives)                        71%, 71%
  • Cost of buying external software                        64%, 72%
  • Cost of maintaining various systems                 67%, 64%
  • Drops in productivity                                            69%, 59%
  • Cost of resources/labour                                      57%, 59%

These figures are related to palpable losses, but there are also opportunity costs (such as resources that could have been deployed better elsewhere) to consider. Banks take longer to complete their tasks when they use the same resources to complete both (KYC and sanctions) types of remediation. LexisNexis found three ways in which banks structure their remediation resources: the use of different teams for both; the use of the same team for both; or the use of a mixture of dedicated and shared resources. A bank's choice of structure depends on various factors, its size being one of them. A small or medium-sized bank is far more likely to use the same team for both than is a larger one with 1,000 employees or more.

At the average bank that dedicates a team solely to KYC, the average time and resource taken to complete a typical KYC remediation case (from alert to resolution) is 22 hours, with 3.7 members of staff doing it. The comparable set-up at an investment firm takes 13 hours, with 3.8 staff doing it. The average bank that dedicates a team solely to sanctions takes 22 hours with 3 people; the average investment firm that does the same takes 12 hours with 3.2 people. When a bank uses the same team for both endeavours, the average time is 28 hours with 4.2 people; when an investment firm does the same, it is 14 hours with 3.2 people.

Banks that use the same resources for both tasks are also bothered more often by false positives and alert volumes. LexisNexis reports, in its own inimitable way: "For these shared teams, an issue that slows effective remediation resolution for KYC will delay team member attention towards sanctions cases and vice versa; with separate teams, a delay by one team should have less impact on work conducted by the other team."

Onboarding is a particularly vexed area. The survey only has figures for shared teams at banks; 84% of these banks reported delays in the onboarding of new customers as "moderate to significant." The figure for both banks and investment firms was 74%. Only 64% of banks and investment firms that had separate, dedicated teams registered such problems.

Latest Comment and Analysis

Latest News

Award Winners

Most Read

More Stories

Latest Poll