Explore our latest thought leadership, ideas, and insights on the issues that are shaping the future of business and society.
Choose a partner with intimate knowledge of your industry and first-hand experience of defining its future.
Discover our portfolio – constantly evolving to keep pace with the ever-changing needs of our clients.
Become part of a diverse collective of free-thinkers, entrepreneurs and experts – and help us to make a difference.
See our latest news, and stories from across the business, and explore our archives.
We are a global leader in partnering with companies to transform and manage their business by harnessing the power of technology.
Our number one ranked think-tank
Explore our brands
Explore our technology partners
Explore careers with our brands
As KYC analysts, we have worked our way through dozens of files to detect sanctioned parties, money laundering, and terrorism financing. This gave us deeper insights into the current know-your-customer-processes at Dutch financial institutions. In this blog we elaborate on the various KYC policies, the operational procedures and business processes following these KYC policies. Further, we discuss the room for interpretation that these policies leave. Lastly, we elaborate on ways to enable standardization and smart automation by starting from the core – policies and taking into account operational executability.
Current KYC processes of financial institutions often consist of customer onboarding, customer due diligence, and monitoring. All financial institutions are obligated to comply with European and National laws and regulations. In addition, other regulations may be applicable depending on the institution’s field of operation.
Nonetheless, every financial institution needs to know their clients and know about their transactional behavior and intentions to ensure compliance with, for example, the anti-money laundering Directive. Knowing your customer involves yearly monitoring of clients with transactions and activities in sanctioned countries, activities with a high risk of money laundering and illegal activities. Since rules and regulations can be complex, financial institutions write their own overarching policies to ensure compliance. These policies can consist of multiple layers of rules, each more ambiguous and open for interpretation. During our work, we experienced this firsthand. It causes challenges when reviewing and writing client reports and is one of the main reasons for inconsistency, compliance risks and inefficiency and related high cost.
The complexity of compliance stems partly from interpretability of laws and regulations. European laws and regulations to prevent the use of the financial system for money laundering or terrorism financing can be interpreted in different ways, because most laws and rules are written in a European Directive rather than a European Regulation. A “Regulation” is a binding legislative act. It must be applied in its entirety across the EU. A “Directive” is a binding legislative act that sets out a goal that all EU countries must achieve. However, it is up to the individual countries to devise their own laws on how to reach these goals.
An example of a European Directive is the EU Fifth anti-money laundering Directive. This Directive is devised in the Dutch law as Wet ter voorkoming van witwassen en financieren van terrorisme (Wwft) (Anti-Money Laundering and Anti-Terrorist Financing Act), which entered into force on August 1, 2008 of which the last legislative amendment came into effect in 2020. The Dutch legislator interpreted the EU fifth anti-money laundering Directive to create the Wwft to meet the requirements set by the EU legislator.
Such interpretation leaves room for ambiguity. However, this is not the only contributing factor. In addition, financial institutions have their own risk-based approach which they describe in their own policies. What’s more, financial institutions can also apply supplementary laws and policies if they are of interest to their business. This results in three layers of “rules”: national law and regulation, rules and policies regarding financial institutions’ specific business interests, and financial institution-specific policies. These layers of rules make compliance increasingly complex. While working through customer files, we saw that a client can breach a financial institution’s additional policy without breaching national laws and regulations.
An example of such a breach is when a customer is not allowed to perform transactions with a sanctioned entity under the institution’s additional policy, whereas national laws and regulations do not prohibit this.
This creates the complex situation in which the financial institutions operate and makes it difficult for them to do so in a standardized way. Also, it is one of the reasons why current KYC processes are often manually executed by analysts. If the complexity in compliance is reduced with smart policies, opportunities for smart automation of KYC processes arise. Smart policies are policies which take into account applicable legislation and regulation, the client perspective and operational executability.
The policies defined by the financial institutions are the first step towards a better and more streamlined process to follow protocol. Nevertheless, these additional policies are often open for interpretation and written from a law and regulation point of view. Yet, we can also use these policies as a starting point for automating the KYC process. This requires writing them in a smarter and more precise way. By keeping possibilities for automation in mind when creating policies, the KYC process is formed in a way that allows for automation and thereby makes automation an important field of focus. This has the added benefit of less ambiguity, even when the policies are not automated. The following technologies are ways to achieve automation within a KYC process:
To enable automated processes, process descriptions must be streamlined. However, more importantly, operational executability and smart automation need to be considered when drafting internal policies. Currently, these are only focused on interpreting laws and regulations correctly from a legal point of view. Therefore, we need to explore how these laws and regulations can be translated into strict rules, smart criteria and binary code instead of leaving them open to interpretation for every separate case wherever possible. We can then use technology to enhance consistency and efficiency in the interpretation of laws and regulations through these rules. To establish this, collaboration between different departments is essential.
In real life, automating an entire KYC process is hard to imagine. Therefore, the first step is towards hybrid automation rather than full automation. This implies finding a process where most routine tasks can be done by processing power, leaving the task of drawing the final conclusions for the analyst. This means considering a technology-led approach where we identify all the current tasks and test if they can be automated. In doing so, skilled professionals can focus on those tasks that still require human reasoning, such as shaping policies and making risk profiles, while the repetitive information-gathering tasks are left to automation.
As Capgemini Invent, we can help you bringing to life what’s next in the KYC domain. We can offer you an approach that starts with rationalization of policies from an operational executability and smart automation perspective and that ends with smart automated compliant and cost-efficient KYC processes. We combine our extensive experience in compliance, digital transformation, data science and smart automation in a customized approach to optimize your KYC practice. To discover more, please take a look at how to lower processing costs and increase efficiency. If you would like to learn more, please reach out.
This blog was authored by Milou Mertens, Megan Merkens and Elisa Vlaanderen.
Please reach out to our expert Casper Stam if you would like to know more about the KYC domain.