Loyalty Program Benchmark 2023 by SiaXperience
At the bare minimum, all Financial Institutions (FIs) need to identify their customers under the Anti-Money Laundering regulations’ ‘Know Your Customers/Clients’ (KYC) requirement.
Given the increasingly strict regulatory enforcements and extensive volume of customer records to be obtained and held by FIs, they are continuously looking for alternate data solutions to better manage and streamline customer KYC records across internal platforms, tools and/or systems.
Presently, FIs generally adopt two types of KYC system models:
Current major solution providers include:
Current major solution providers include:
FIs have indicated that the above solutions are not efficient in processing large volumes of customer on-boarding documents as manual processes are still required, e.g. following-up with outstanding documents and performing manual data validation and identity verification. This is known as a partial automation process, which requires people to manually complete the remaining KYC on-boarding procedures.
Consequently, manual processes are known to statistically result in a greater number of errors and creates challenges to complete the screening process within a specified timeframe due to complexities in identifying all required legal persons. As indicated by research released in February 2015 on Fenergo’s regulatory on-boarding and client lifecycle management solutions, it was broadly estimated that FIs customer on-boarding processes can take up to 34 weeks; specifically:
In this article, we explore two new developments (split into two Parts) that address KYC issues and promotes more seamless, innovative solutions:
The KYC Utility Model aims to centralize the KYC process, where ‘utility’ implies a system which stores and transmits customer data into a centralized database.
In this model, the Data Contributors (e.g. individual customers, corporations, etc.) provide the data and documentation to a centralized system, which then transmits into the utility. Upon request, the utility will transmit requested information to other banks as necessary.
Current products in the market include:
On the other hand, a non-KYC Utility Model requires customers to establish their relationships independently with each financial institution. This means that for the customer, the KYC process is repeated every time. Also, as typically required by banks in the APAC region, KYC documents are collected when the customer applies for different products within the same institution, especially if it was applied at a different time period.
The diagrams below illustrates the differences:
There is support from local regulators, such as Singapore’s Monetary Authority (MAS), to implement a KYC Utility Model under the RegTech innovation initiative. However, risk, legal and regulatory concerns such as data privacy and cybersecurity, will also need to be addressed.
Given that customer’s KYC data and relevant documents are readily available in the utility database, FIs should no longer have the need to handle and internally maintain customers’ personal and/or confidential records pertaining to the individual and corporation/s.
According to Thomson Reuters, using this model is said to reduce client onboarding time by 90% or more. FIs would only need to follow-up with customers on specific information that is not available in the utility.
With the assumption that the utility system is autonomous, and has the ability to screen customers’ data automatically against regulators’ database (e.g. name and sanctions screening), and conduct appropriate risk assessments, manual processes are reduced. As such, errors in validating and verifying customers’ identity in the KYC process are also reduced.
The concern lies in the fact that a centralized utility server containing large volumes of personal data may have a disastrous result if ever the centralized server was hacked.
Data privacy regulations differ by country, including cross border data sharing requirements. For example, the Data Privacy Ordinance in Hong Kong states that personal data shall not be used for a new purpose without the consent of the individual. In Singapore, the Personal Data Protection Act (PDPA) prohibits the disclosure of personal data without the individual’s consent.