How low-code systems can take KYC and AML to the next level
In recent years, banks have been hitting the headlines for not cracking down on tax evasion and money laundering. Regulators have responded, imposing stricter requirements on how banks should ‘know their customer’. A discussion with Herbert Schild, Appian’s Financial Services Industry Lead for Europe, on how low-code and artificial intelligence can unlock better insights and faster results in KYC workflows.
What are some of the greatest challenges you see with current KYC requirements?
In response to rising financial crime, KYC places a mandatory burden on financial institutions to account for the identity and veracity of customers. The fact that many banks operate across borders adds a layer of complexity, as there are no globally uniform risk analysis guidelines.
Building complexity on complexity, the required due diligence data is often not held centrally, meaning significant manual work is necessary to coordinate KYC investigations. The result is a multitude of complex, time-consuming workflows that pose major challenges and can cause crippling delays for financial institutions.
How do you see KYC-AML measures being implemented in companies?
To achieve faster, more flexible and integrated KYC-AML workflows, low-code automation is the ideal bridge between global information management and centralized case management, as well as orchestrating between internal and external systems.
For example, the Appian Low-code Automation Platform enables institutions to adapt quickly to change in processes, infrastructure or within the organization, expanding and optimizing KYC-AML accordingly. More than that, having artificial intelligence (AI) and machine learning (ML) available alongside robotic process automation (RPA) and case management on a single platform brings invaluable advantages to KYC-AML workflows.
In addition to uniting different forms of automation in one place, Appian also enables mobile applications, which customers appreciate when verifying or signing documents, for instance.
The trend towards data processing in the cloud shows no signs of slowing down, although certain types of information cannot leave institutions under privacy and data regulations. The Appian Low-code Automation Platform can be used in the cloud, on-premises or in a hybrid of both, which affords financial services firms tremendous flexibility. Low-code also allows different business areas a degree of independence as, in most cases, no software developers are required to create applications.
In addition, changes to functionality or design can be configured by line of business leaders with relative ease at any time.
KYC workflows are at the center of fraud detection. They not only require transparency and access to essential information, but also effective processing of that data. To what extent do you think artificial intelligence can help here?
Manually collecting, processing and interpreting customer data can take several hours, or even weeks, to complete. As the workflow is inherently complex, the quality and integrity of the data is often not guaranteed. AI evaluates the data faster, and in more detail, structuring large amounts of data and analyzing them with the help of machine learning. This enables comprehensive, precise and verifiable risk profiles to be created very quickly.
AI can also be used as a preventive measure to identify potential fraud and related weaknesses before a case occurs. At the moment this is still carried out through so-called "penetration testing", but AI can make it possible in near to real-time.
What do you recommend to banks that may be missing important aspects of KYC governance?
KYC workflows are crucial for all companies operating in the financial markets with customer data and are intended to protect against financial fraud. However, a word of caution about the term KYC. KYC is an umbrella term for a wide variety of processes that are necessary and run in the background. Many of the associated control workflows are still too complicated, inflexible and error-prone.
For both new customer onboarding and the regular existing customer due diligence checks, KYC means analyzing data from numerous internal and external sources. For a bank, that might mean trawling several million data records across disparate systems. The obvious answer is to digitally replicate those manual work steps, but I’d suggest going further: look at workflows from end-to-end, and even redefine them.
Truly automated KYC processes are faster and more flexible. And, if nothing else, the pandemic has taught us to bake-in flexibility and speed into business-critical processes as a matter of course to ensure liquidity and, ultimately, a viable organization.
What actions should be taken against money laundering?
Increasingly stringent anti-money laundering regulations (AML) pose an ongoing major challenge for financial institutions. The risks of not complying are high and range from fines and reputational damage, to declining share prices and even financial difficulty from lost custom. To stay on top of that significant risk, financial services firms must therefore continually develop and improve their AML workflows.
Low-code automation offers institutions the opportunity to optimize their AML and KYC processes across the board, with the crucial benefit of being able to adapt them at speed in response to changing circumstances or regulation.
What tools do you recommend?
Financial institutions are under tremendous pressure from regulators, credit rating agencies and law enforcement in their efforts to combat money laundering. A low-code automation platform supports onboarding compliance by enabling process conformity, speed, and a more customer-oriented experience.
Orchestrating global front to back-office processes, even for complex multi-product and multi-jurisdictional customer onboarding, improves the customer identification program (CIP) and Know Your Customer (KYC) compliance. In addition, tools such as stress test management, horizon scanning, AML, service provider oversight and control, as well as data protection, including GDPR and CCPA, can help control the development, use and scaling of governance, risk and compliance related initiatives.