12 June 2022
The KYC screening process is not just a compliance issue. It also helps prevent your customers from using your organisation to launder money, fund terrorism or perform any other illegal activity.
To be most effective, your screening process should start before onboarding the new client and continue throughout their relationship with your organisation. This helps you stay compliant with KYC requirements and the anti-money laundering (AML) legislation in your region, such as the various European Union Anti-Money Laundering Directives (AMLD) and the Financial Action Task Force (FATF) recommendations.
Speaking of regulations, the European Union is taking money laundering ever more seriously, and it may even establish a union-wide financial intelligence unit (FIU). This will potentially lead to even more strict legislation in the future, meaning your KYC processes will need to be ready for the adjustment.
Keep reading to find out what KYC screening involves, why we do it, its limitations and how to upgrade your systems to maintain compliance when dealing with clients.
Screening is the act of searching all of the available information on a client or a prospective client that could help you form a risk profile of them going forward. It is one of the main steps in completing your customer due diligence (CDD).
KYC screening typically involves assessing the risk of each new customer to spot the potential for criminal activity. The screening process continues throughout the lifecycle of the customer, monitoring the status of the individual, business, the ultimate beneficial owner (UBO), the transactions made and even the press coverage and public reputation of the customer.
Performing KYC screening allows your financial institution to pick up on your customers’ existing legal sanctions, their adverse media coverage and whether there is a politically exposed person (PEP) involved. PEPs are those who hold political office or other major roles, such as being a member of a supreme court. Their family members and close business associates are also considered PEPs.
Screening is an important step for assessing risk, but it is not the only tool that you should use. The limitations of screening are that it generally only brings up details of those customers who have already been sanctioned or banned. Yes, it can flag negative publicity of an otherwise ‘clean’ client which can prove helpful in assessing risk. It is also good to know that you can avoid those already caught outperforming illegal activity. But many previously untainted customers might still turn out to be opening an account to commit money laundering, for example.
You should continue to screen, but ensure it is part of a holistic approach to researching your customer during your KYC process.
One of the important aspects of screening is knowing what to do with the data when your process uncovers it. If you are over-reliant on screening to perform your entire CDD, you can expend thousands of working hours exploring every last connection, no matter how tenuous, between your customer and a PEP, for example.
Two main types of screening should form part of your KYC process.
This uncovers customers who have been censured for criminal activity or other illicit behaviour by governments and bodies. The sanctions imposed against them can include banning businesses from entering into a relationship with the sanctioned entity.
The bodies issuing these sanctions place the entities onto sanctions lists, which are available for searching during your KYC screening. They are constantly updated, with individuals and businesses being added to or taken off the list as and when it is necessary.
You should also be wary of customers that own or are owned by sanctioned entities, as well as those who work with customers on the list.
Politically Exposed Person Screening
You should screen your customer and the UBO to check their PEP status. They could hold a major political role or other high profile public position. This does not mean that they are involved in illicit activity, but the idea is that they would be more likely to be exposed to corruption, bribery, blackmail and other issues.
The EU’s 5th Anti-Money Laundering Directive implemented a requirement for all member states to make a list of PEPs within the country. This list must be publicly available to help with PEP screening.
The KYC screening process can become labour-intensive once you receive the data. So, prioritising the most high-risk customers is essential.
The screening returns information about a business with a PEP as the UBO who is doing business in a non-EU country in which there is well-known, endemic corruption. This will require you to dedicate more of your resources to investigating it than a locally-based government agency with its own robust AML procedures.
Such a risk-driven approach allows you to implement enhanced due diligence (EDD) on those problematic clients or simplified due diligence (SDD) on the more straightforward customers. This affects how much time and resources you expend monitoring their account going forward.
When you collect data from a variety of sources — from the media to the government, the quality of that information is not always equal. This means that, before you analyse your results, you should check for inaccuracies and inconsistencies to ensure you will use the highest quality information to base your decisions on.
A company may appear on the UN’s sanction list, but may not appear on the sanction list of the European Union in which they are based. You have to find out who has the wrong information. You have to explore whether the UN has not yet updated its listing and this organisation has cleaned up its act or whether the member state has yet to add a problematic entity to its list. Only by working out the true picture can you properly screen the customer and create an accurate risk profile.
To build up the most accurate picture of the risk that your customer poses, you need to search the widest range of sources possible. This includes sanctions lists, enforcement lists, regulatory lists, PEP lists, as well as reports from reliable and trusted media outlets. You should also try to find internal black and white lists.
It is also important to search across the world, especially when dealing with international firms that have operations in different countries or even continents. This brings challenges when automating searches in languages that use different scripts from your own. For example, Chinese and Arabic.
Fuzzy matching involves expanding the parameters of your search to take in matches that are not exact in order to pick up on spelling mistakes and alternative versions of names in your search. The advantage of using this approach is that you find results that are relevant to your screening — results you might otherwise miss.
These could be the different spelling of names, like ‘Marc’ or ‘Mark’, ‘Elisabeth’ or ‘Elizabeth, or shortened versions, such as someone called Robert being referred to as Bob. It might also be a misspelling, the insertion or omitting of punctuation marks and abbreviations, such as Ltd for Limited.
However, there is also an issue with fuzzy matching that you may find references to someone who is not the person you are screening. If someone with a similar name appears on a sanctions list, using fuzzy matching could flag your entirely innocent customer incorrectly as a high-risk individual.
This means you need to balance the use fuzzy matching and avoid setting the parameters so wide that you receive a deluge of information about multiple people. Otherwise, you risk making the process more confusing and liable to provide you with false information.
Linked to the fuzzy matching issues are false positives and negatives. Every time a false-positive screening result comes through, investigating it takes up time and effort for your analysts, only for them to find out the red flag was raised for a different person.
Similarly, false negatives can be damaging to your business, too. Failing to spot a risk factor for a new customer could leave your institution open to abuse in the future, causing regulatory headaches for your team.
To cut down on false positives, you need to work hard to uncover as much information about the customer as possible. You should verify it with trusted third-party sources and make sure it is complete before you start looking for matches in the various databases. You should also look at the criteria that you are using for your searches.
Are you too vague and open-ended?
If you are not specific enough in your screening, you may turn up multiple results that have nothing to do with your customer.
To minimise false negatives, you have to look at the limitations of your system. Does it need upgrading? And, are there human errors that are responsible for missing key information? If so, additional training may be in order.
When you are screening multiple clients, you need to customise the process for each one of them. With high-risk clients, you might want to widen the match rules for searching their names to ensure you don’t miss anything that could inform your decisions. With lower risk clients, you might choose to tighten the rules so that you have fewer results to work through. This will eventually save you time and money.
In addition, where a client has a common name, whether an individual or organisation, you might need to tighten the search so you are not inundated with information on every other party with that name. When the customer has an unusual name, you can set the match rules wider, as it is less likely there will be many others that appear in your results.
Of course, the searches you carry out as part of your customer due diligence are not confined to the onboarding process. You have a duty to regularly review and screen your clients to ensure the status of their account has not changed.
If the screening system continues to throw up the same false positives when you search for details on your client, it is a waste of time for the team tasked with reviewing the potential matches. There should be a rule in place on your screening system that, once you have reviewed a match and ruled it out as a false positive, it does not show you that result again. This will streamline the monitoring process in the future and avoid depleting your resources.
Over the lifecycle of a customer, you can find that you store data in a variety of formats and in multiple locations. However, when it comes to screening, it pays to have as much detail as possible close at hand.
You should make it a priority to put the groundwork into integrating all of the data sources to make ongoing screening more straightforward and complete.
The system that you use for your screening must be able to upscale your screening processes to account for enhanced due diligence (EDD). When you have a high-risk client on your books, you must be able to constantly monitor their account and your business relationship whilst maintaining a robust audit trail that proves you have done everything you can to comply with your AML obligations.
Your platform of choice should feature investigative and reporting tools to track activity throughout the customer’s relationship with your organisation. These should automatically spot anomalies and flag them for review or action in good time to allow you to keep on top of compliance.
To help your ongoing monitoring, you need to review your KYC procedures for every client. Some will need more regular checks than others, which should be determined by your analysts. You should set updates for your next screening with alerts, set out how to complete them in a timely manner and how you will record them in a clear and straightforward audit trail.
This would take some of the burden from your staff, who are already busy, and it will ease the strain on your compliance budget. Anything that cuts the hours humans spend working on a task makes you more efficient as a department and keeps the screening on task and on time.
You should also ensure your procedures are up to date and compliant at all times. KYC is a fast-moving field and regulations change as the nature of criminal activity adjusts. This is why you should regularly review your KYC procedures.
Name screening is key to helping you identify and verify exactly who you are working with. When using an online identification system, you can immediately verify your customers based on the different electronic identities used in all of the major EU markets, NFC chip reader or via a passport selfie check. For each transaction, you will receive an identification file with independent evidence from a trusted source, ensuring that you satisfy the requirements of your supervisory authorities.
A slick and efficient onboarding process is key to not losing out on business. Forbes reports that it now takes an average of 24 days for banks to onboard new customers, which gives ample time for them to abandon the process. Shortening that time lessens that risk.
One of the ways to speed up the onboarding process is to use an online login tool such as ID Connect. It is simple and convenient for the customer, who can prove their identity quickly, thus speeding up the workflow.
You should do anything you can to fast track the KYC process, whilst also ensuring you meet all of the AML obligations.
Pre-employment screening works along the same lines but focuses on prospective staff members, rather than clients. You can use an online identification system to verify the identity of someone seeking employment within your organisation before performing the necessary screening checks.
It is important to make sure that both customers and colleagues are acting in good faith and are not looking to use your organisation for illicit activity such as financial crime.
When performing name screening, it is usual to search a host of different sources for information on your customers. These include international sanction lists from governments as well as organisations such as the UN. It is often necessary to check PEP lists, lists of relatives and closely associated (RCA) individuals of those PEPs, sanctions ownership research (SOR), trusted press sources that might carry negative news about the customer and more.
You should screen customers against the sanction lists during the onboarding process, as well as continuously throughout the duration of your business relationship.
All customers should be screened against the PEP list to check whether they hold some public office that could increase their risk to your business. Although they may seem completely innocent, their public profile means that bad actors around them could use their position as leverage for blackmail and conducting criminal activity.
Your KYC screening process is key to compliance, but it can be labour-intensive and time-consuming. Automation and other effective systems for streamlining the process are central to upgrading that process.
This is why using tools such as ID Proof is helpful. Quick and effective identity verification allows you to keep the momentum going and onboard customers as quickly and as safely as possible. If you would like to know more about ID Proof, contact us here.