In a world where financial crime and money laundering are becoming ever more common and widespread, the need to have strong – and regular – KYC checks has become imperative.
In a recent post by RegTech firm PassFort, the company looked at the difference between KYC and perpetual KYC. The former is commonly undertaken on a singular basis to look for risks associated with a customer. Perpetual KYC – as by its name – is a similar process but looks for these risks all the time on a rolling basis.
KYC is a compliance process that many regulated and non-regulated firms use to dig deeper into their customer base. Companies perform assessments to look for risks associated with a particular customer before they are onboarded, and then build these risk profiles as part of their AML compliance programs as well as to mitigate exposure. Companies then monitor these accounts at set intervals over time, to assess whether anything in the risk profile has altered over time.
As PassFort detailed, many institutions will traditionally define what constitutes a low, medium and high-risk customer profile. Factors that might inform a customer’s risk profile could include where they live to whether they are a politically exposed person amongst other things. Once as institution has concluded its due diligence and built a risk profile, they can then decide what to do next.
PassFort said, “As long as the firm is compliant with their regional AML regulations, regulated businesses can set their own KYC standards. Some will have a strict global standard that needs to be met that is simply tweaked for different jurisdictions to meet compliance with local regulations. Others will have a minimum standard, and regional compliance officers or money laundering reporting officers are empowered to define the KYC process for their jurisdiction or line of business.”
The company added that many institutions will set an annual review for a high risk account, a 2 year one for medium and a 3 year one for the low risk accounts. This, PassFort highlights, doesn’t consider the fast pace at which things change in company structures or in people’s lives.
The firm gave the example of a local election that leads to a new representative being voted into power. While the day prior to election this person was medium-to-low-risk, after being elected they are a PEP. Businesses, PassFort claims, can’t afford to let a factor like this wait up to 3 years to filter through its KYC monitoring processes.
PassFort said, “This is where perpetual KYC comes into effect. The process of perpetual KYC is removing the issue of looking at an individual or corporate customer in a snapshot in time. This is important given materially significant risk factors can change overnight and over time.
“Traditionally, KYC and its approach to risk monitoring has been rigid, with hard timelines for ongoing reviews. Perpetual KYC looks for material changes in circumstances all the time. For example, with a corporate customer the trigger for due diligence to take place might be a company reincorporating or changing locations, or adding new shareholders, or making changes to the board. “
Perpetual KYC, the company underlined, is about using automation to look at possible sources of risk all of the time and moving away from set review periods. In some cases, it involves moving away from low, medium and high-risk and moving to a process that is driven by material changes that raise red flags and trigger reviews.
Read the full post here.