Blog

Enabling ongoing due diligence as part of KYC with intelligent automation

Sabu Samarnath
Sabu Samarnath
7 min read

This article explains how to run due diligence checks as part of a real-time, continuous monitoring programme that uses intelligent decision automation software. It highlights essential requirements and explains what ‘ongoing’ means in practice.


Know your customer” (KYC) has become a key battleground in the war against financial crime, with fraudsters using new weapons to break the financial system’s frontlines more frequently following the COVID-19 pandemic.   

The financial system needs to be one step ahead of the financial criminal. This means it’s critical that your compliance function can properly implement protocols that follow new regulatory guidance—which calls for KYC monitoring to be ongoing.

This blog post covers:

  1. What’s required in initial onboarding due diligence checks 
  2. What you need to do for follow-up onboarding due diligence checks on onboarded customers 
  3. How to run ongoing due diligence as a continuous, dynamic KYC process 
  4. Essential considerations you’ll need to make in order to keep regulators happy and key features you should ensure your intelligent automation tech stack offers 

The checks you need to run will differ depending on the type of customer you are onboarding. Both (individual customer and corporate client onboarding) are covered in this blog post.

1. What’s required in initial onboarding due diligence checks

A) Onboarding individual customers

When you onboard any new individual customer, you should run customer due diligence (CDD) checks. For example, when onboarding a retail banking customer, you should determine the individual’s: 

  • Identity & verification: Does the name, date of birth and address info provided match up with info on external data sources? Is the applicant indeed who they say they are?
  • PEP status: Is the individual a politically exposed person? 
  • Home country: In particular, is the individual from a sanctioned country?
  • (UK) residency info: Has the individual lived in the UK for under two years?
  • Credit score: What is the individual’s credit score? And is there any evidence of CCJs or insolvency?

B) Onboarding corporate clients

When you onboard a new corporate client, you should run client due diligence (CDD) checks. For example, if a business is setting up a new bank account with you, you should determine the business’s: 

  • Corporate structure: For instance, is it a PLC, LTD, or LLP? Can this be confirmed with external data sources, such as Companies House? Does the corporate structure make sense?
  • Geographical location: Where is it headquartered? If operating in multiple jurisdictions, where are its offices? In particular, are any of its offices located in any sanctioned countries?
  • Subsidiaries: What are the business’s subsidiaries, if any? Does it have any shell companies? For what reason(s) is it associated with any shell companies?
  • Ultimate beneficial owners (UBOs): Who owns the company? Who are the shareholders? On each UBO, you should also run individual due diligence checks:
    • Identity & verification: Does the name, date of birth and address info provided match up with info on external data sources? Is the applicant indeed who they say they are?
    • PEP status: Is the individual a politically exposed person? 
    • Home country: In particular, is the individual from a sanctioned country?
    • (UK) residency info: Has the individual lived in the UK for under two years?
    • Credit score: What is the individual’s credit score? And is there any evidence of CCJs or insolvency?

For both (A) individual customers and (B) corporate clients

The outcome of the above checks should yield the following:

  1. A decision on whether to onboard or not onboard: yes or no?
  2. (If yes) A decision on the customer’s or client’s risk score: how acceptable is the customer’s/client’s risk score? What percentage of risk can be attached to that score?
  3. (And) A decision on customer or client monitoring frequency: how often should you carry out follow-up checks?
  4. Whether or not enhanced due diligence (EDD) checks are required: do you need to run further checks to assess the suitability of the customer or client for onboarding?

Important: EDD checks can require manual intervention. But they are crucial to get right. If you determine that you need to run additional EDD checks, then you will need to seek further information on the customer. For instance, details on a PEP and the associated relationships between that PEP and family members. 

If you do complete EDD checks on a customer or client, it should put you in a better position to answer questions 1 to 3.

2. What you need to do for follow-up due diligence checks on onboarded customers

For subsequent checks, you should run due diligence checks exactly as you ran them at the initial onboarding stage. That means you need all of the (same) facts to be rechecked on every customer or corporate client.

It’s likely that you will be using a customer risk categorisation system comprising three levels: high risk, medium risk, low risk. 

It’s likely, also, that this categorisation will determine how often you monitor your customers.

 
For example, you might currently check a high-risk customer or client every three months to determine whether their level of risk has changed (and, if so, what action needs to be taken). 

However, this kind of approach can be ineffective, and even counterproductive. That’s because it risks delaying the time it takes for your KYC team to notice signals of impending criminal activity—not good when your KYC process’s underlying goal is to reduce risk.

This is where intelligent decision automation software comes in.

3. How to run ongoing due diligence as a continuous, dynamic KYC process

Regardless of the level of complexity of the checks, using intelligent decision automation software makes KYC processes more responsive to changes in risk. 

Combined with the right stack of robotic process automation (RPA), data and other in-house monitoring systems, intelligent decision automation software can boost your compliance function’s ability to run due diligence checks continuously, throughout any customer’s or corporate client’s lifecycle.

This is particularly important to do because:

  • The regulators are pushing firms in the direction of continuous, dynamic monitoring for KYC.
  • Customer and client risk status is a function of human behaviour, which is liable to change at any time.

Intelligent decision automation software enables you to be both proactive and reactive when it comes to compliance.

On the proactive side, you can build a much more accurate picture of who your customers are. This is because intelligent decision automation software can reason over data, using the models of your best KYC analysts’ knowledge. 

The software generates a percentage risk score for each customer or corporate client, which you can then monitor over time. You can also set accurate risk parameters, determined by these percentage risk scores, and follow-up due diligence checks of the required frequency.

On the reactive side, you can feed into the software important information from your transaction monitoring system. 

For instance, if unusual transactions start appearing in a customer’s account, it may be an indicator of irregularity within that account. You could set any such transactions to trigger new due diligence checks. 

The goal here is to narrow the financial criminal gap: the closer to real-time the monitoring, the smaller the gap. 

4. Essential considerations for keeping regulators happy and fraudsters at bay

As AI and automation solutions flood the compliance technology market, you need to make sure the intelligent decision automation solution you choose follows these key tenets:

  1. Explainability: Regulators recommend that AI be explainable. In KYC, this can mean that any customer or client decision must have a clear evidence trail that shows why each decision was reached. Such an evidence trail is not always readily available through pattern-finding automation techniques, such as machine learning.
  2. Adaptability: The rules on which your decision automation is based should be able to change in step with regulations. Further, you should be able to plug your intelligent decision automation software into any data source or technology you require. Where possible, aim for platforms that have an open API.

Transform your business into a Decision Intelligence powerhouse

Explore how Rainbird can seamlessly integrate human expertise into every decision-making process. Embrace the future of Decision Intelligence powered by explainable AI.