Customer Due Diligence (CDD) compliance and Operational Effectiveness

With financial crime compliance costs for the UK’s Financial Services sector estimated to be around £34.2 billion annually (LexisNexis Risk Solutions (2023), UK Financial Services Sector Spending £22k Per Hour Fighting Fraud) and approximately two thirds of this spent on Customer Due Diligence (CDD) in 2022, the cost effectiveness of CDD will become an increasing focus in the year ahead. In the first of a series looking at financial crime operational effectiveness we consider the key challenges driving these costs and some enhancements that can help reduce them.

• Regulatory/Risk Outcomes: Whilst most institutions can evidence a compliant policy framework, many struggle to translate those policies into effective operational processes and compliant CDD outcomes. We can trace several recent, significant regulatory fines back to fragmented processes, siloed operations, and a lack of focus on financial crime risk mitigation. Too often a completed file is not a compliant file.
• Data Quality: A failure to understand the critical relationship between policy and data across the compliance framework leads to ineffective outcomes and costly rework. The detrimental impact this has on controls reliant on the quality of CDD data, such as customer screening and customer risk assessments, further increases cost and hampers any chance of an evolution to Perpetual KYC.
• Inconsistent/Ineffective Processes: Overly complex and fragmented CDD procedural guidance often leads to inconsistent or ambiguous standards, resulting in deficient outcomes. Too often extracts of Regulations or JMLSG Guidance are copied into internal documents without considering practical application or a proportionate risk appetite. This allows for subjective interpretation and application which not only results in inconsistent CDD reviews but also increases both the average handling times and likelihood of rework.
• Technological Maturity: Poor traceability between policy, procedures, and financial crime technology platforms makes evidencing compliance challenging and is the most common catalyst for repeated costly remediation exercises. When coupled with an ineffective use of data and analytics within CDD processes, it can undermine your ability to deliver meaningful efficiency and cost savings through technology.

Whilst the challenges above are common issues afflicting CDD processes, we believe you can implement mitigating enhancements which, when deployed in a targeted manner, can increase quality, reduce the costs of rework and remediation, and allow for a greater focus on financial crime risk mitigation. We highlight below examples of actions we have implemented with measurable success across the CDD programmes we have run and advised upon.

• Policy and Procedure Gap Analysis: Undertaking a thorough gap analysis of policies, operational guidance, and existing technology platforms is the cornerstone of compliance. In the data driven age this should include more than just an assessment of regulatory compliance. A foundation of policy lineage offers a robust audit trail from your legal obligations through to the customer data captured during CDD and not only evidence compliant outcomes, but also allows you to react to future regulatory change with a clear understanding of how an amendment to policy will impact processes and system requirements.
• Policy and Procedure Optimisation: Building upon the foundation of policy lineage, it is vital to undertake a full review of the operational implementation of CDD policy. Our clients have found our Subject Matter Expert (SME) led review of the CDD process valuable in the past. Drawing on the review of operational guidance, completed files and CDD analyst interviews, we identify areas of ambiguity, misunderstanding and errors and run workshops across the lines of defence to scope and implement process improvements. When you embed this approach into the ongoing quality framework, it ensures sustainable, continuous improvement, increased quality and tangible cost savings.
• Training & Competency Framework: Enhancing existing quality functions with a SME led framework focused on consistency training and competency forums will increase compliant customer reviews. By empowering SMEs embedded within CDD operations to act in an advisory capacity and to engage with those who own the policy framework, you can quickly identify and resolve quality issues and address non-compliance before errors become systemic. Most importantly, by embedding SME capability within your operations, you are providing critical financial crime expertise, ensuring Analysts can immediately address their concerns.
• Technological Investment: Human error is an ever-present reality in output driven CDD operations. Investing in technology that automates the CDD process where possible and pulls quality data from primary sources, is one of the most cost-effective ways you can mitigate against it. For those with larger budgets, the development and implementation of automated quality assurance tools reduces the amount of manual human intervention.

Whilst the current economic climate is understandably driving a need to reduce overheads, the expectation of regulators is one of an ever more sophisticated compliance framework with data and technology at its core. As such, optimisation is no longer simply about reducing the cost of CDD processes but instead about ensuring more effective risk mitigation within existing or tightening budget constraints.

This is driving the necessary evolution from manual, time-consuming processes driven by periodic review cycles to a more sophisticated approach based upon the foundations of continuous monitoring and dynamic risk assessment. The aims of Perpetual KYC (pKYC) must be:

• Improved Efficiency & Accuracy: Data collation and document processing, whilst vital to CDD, are of limited use for financial crime prevention on their own. Implementation of effective automation in respect of these processes minimises manual data entry, mitigates against human error and facilitates continuous data monitoring.
• Improved Risk Mitigation: The introduction of machine learning models and network risk analysis allows for an evolutionary leap in financial crime detection. Whilst the best CDD analysts use their experience to identify red flags, they can only do so based on the cases they have worked. The implementation of technology solutions which allow peer-to-peer comparison and broader network analysis on a far greater scale, frees up analyst time to critically assess the risks identified by these models. Over time this will allow for smaller, more specialist teams of skilled financial crime practitioners focused on investigation and financial crime prevention.
• Operational Cost Savings: Most financial institutions have a large proportion of standard risk customers for whom the cost of compliance, either through periodic reviews or large scale remediations, is too high. By implementing effective monitoring with clear lineage to policy, underpinned by a robust risk assessment framework, you can confidently address the risks associated with this population through trigger events, with automation and straight through processing applied where changes simply pertain to ID&V.

The evolution from periodic to perpetual does however face some challenges, most notably:

• Confidence in the base line data – to effectively monitor you must first have a complete and compliant view of your customer base.
• Confidence in your monitoring data sources – despite increased transparency and availability, there is still some way to go and the need for more effective public and private sector partnership to ensure data sources are fit for purpose.
• Confidence in customer risk assessment – if you cannot evidence how you effectively identify standard risk customers, you cannot justify a move to a monitoring-led approach.

In the next article we talk about the challenges associated with Customer Risk Assessment models. We will look at how these challenges can be combatted and what the future looks like for conducting CRA’s in a fast-evolving world where geopolitics and risk are closely intertwined and everchanging.

For information on how we are helping clients to meet the increasing demands of customer due diligence best practice, please contact Matt Congreve, David de Loughry or Ronald H, L Yip.