Third party risk management: why you need to know your business partner

To combat the threat to global financial system’s integrity and stability, governments and regulators introduce laws and regulations that require businesses to verify the identity and legitimacy of their customers and partners.

These are known as Know Your Customer (KYC) or Anti-Money Laundering (AML) processes. Their significance is reflected in both statistics and research, which underscore the necessity of diligence in these processes.

KYC in real life

According to Europol, money laundering accounts for up to 1.2% of the EU's annual GDP, equivalent to €160 billion per year. Furthermore, the FATF has estimated the global cost of AML/CFT compliance to be between 180 and 200 billion dollars per year, with an average cost per obliged entity of 48 million dollars per year.

LexisNexis Risk Solutions found in a survey that the average time it takes financial institutions to screen customers is 26 minutes for individuals and 32 minutes for firms, and the average time to onboard customers is 35 minutes for individuals and 38 minutes for companies. 

According to a report by Refinitiv, 47% of companies worldwide have been fined or received warnings for non-compliance with KYC/AML regulations, and 12% have severed relationships with customers or partners due to KYC/AML issues. However, the fact that only a fraction of the convictions is made public is due to the fear of significant reputational damage.

With regard to the costs that companies have to bear, McKinsey has identified some valuable information in a study. This states that the use of digital technologies and solutions reduces KYC costs by 15-20% and improves KYC quality and speed by 30-50%. 

Data quality solutions to streamline and automate KYC/AML compliance

Before we start, let’s shed light into some of the misunderstandings surrounding companies' KYC processes:

• KYC is a one-time process that only applies to new customers or partners.  

FALSE

KYC is an ongoing process that requires regular updates and reviews of the existing customers or partners, especially when there are changes in their circumstances, behavior, or risk level. 

• KYC is a burdensome and costly process that creates delays and inefficiencies.  

PARTLY TRUE

KYC can involve a lot of data collection, verification, analysis, and reporting, which can consume time and resources, and affect the customer or partner experience. However, KYC can also be an opportunity and a benefit, as it can improve the data quality, the risk management, and the customer or partner relationship, and generate value and competitive advantage. 

• KYC is a standardized and uniform process that applies equally to all customers or partners.

FALSE

KYC is a risk-based and proportionate process that varies depending on the type, nature, and complexity of the customer or partner, and the product or service offered. KYC can range from simple to enhanced, and from automated to manual, depending on the risk assessment and mitigation strategy. 

• KYC is a confidential and secure process that protects the privacy and data of the customers or partners.  

PARTLY TRUE

KYC must comply with the data protection and privacy laws and regulations and ensure the security and integrity of the data collected and stored. However, KYC also involves the disclosure and sharing of the data with the authorities, regulators, or other obliged entities, when required by law or requested by consent, for the purposes of AML/CFT compliance. Therefore, KYC must balance the rights and obligations of the data subjects and the data controllers and inform and obtain the consent of the customers or partners about the use and purpose of their data. 

The future of BP Compliance and KYC? 

Various factors can significantly change current statistics and trends in the future. The increasing complexity and sophistication of money laundering and terrorist financing as well as the methods and channels available to the suspected perpetrators should be emphasized here. New laws and regulations that attempt to standardize new threats and risks as well as vulnerabilities by streamlining AML/CFT regulations across countries are certainly working against this. 

The growing demand and expectations of customers, partners and society, such as the need for greater convenience, transparency and security, the preference for more digital and personalized services or the awareness of and concern for greater social and environmental responsibility are just as much a driver of new developments as innovation in data and technology solutions, the availability and accessibility of more data sources, but also the further development and introduction of more data analyses, artificial intelligence or blockchain tools and the creation and collaboration of more data ecosystems, platforms or networks. 

Implementing KYC processes in companies can generate various opportunities. For example, it can improve and automate KYC processes by leveraging data and technology solutions to enhance data quality, risk management, and the customer or partner experience, while also reducing costs, errors, and inefficiencies.

What challenges does this entail? 

The challenge of data quality encompasses several aspects, including accuracy, completeness, consistency, and timeliness of data collected and stored about business partners. Additionally, it involves ensuring the availability and reliability of data sources and providers.

Data protection is also a significant concern, encompassing privacy, security, and integrity of the collected data, as well as compliance with data protection and privacy laws and regulations such as GDPR.

It's possible that challenges may arise in data sharing, disclosure, exchange, and use of collected partner data. Also, compliance with AML laws, and considering the consent and preferences of data subjects and controllers, might become focal points. 

CDQ response to KYC challenge 

CDQ is the pioneer in the field of data quality, and we have extensive knowledge and experience in providing data quality solutions and services, such as data cleansing, data reconciliation, data enrichment or data governance.

Through this, we have developed an innovative and powerful SaaS platform called AML Guard that enables obligated parties to perform business partner controls in a fast, easy, and reliable way by leveraging various data sources, tools, and techniques. In doing so, we aim to help our clients comply with AML laws and regulations and improve their KYC processes by providing them with high quality, timely and secure data and technology solutions and services, and obtaining their consent and feedback. 

How CDQ can help with third party risk management

On the one hand, through AML Guard, our SaaS platform that enables obliged entities to perform business partner checks in a fast, simple, and reliable way by using different data sources, tools and techniques. 

On the other hand, AML Guard is based on a number of services that are essential for a valid and legally compliant audit and must be carried out:  

• To verify the identity and ownership of business partners by using official and reputable data sources, such as commercial registers, sanctions lists or PEP databases.  
• Manage and document the KYC process by using intuitive and user-friendly interfaces, dashboards and reports that support data collection, verification, analysis, and reporting. 

In terms of Data Quality solutions and products to ensure and improve the data quality of business partner data before a screening process, CDQ ensures valuable und trustworthy data through:

• Data cleansing, i.e. detecting and correcting errors, inconsistencies, or duplicates in the data and ensuring the accuracy, completeness, and consistency of the data. 
• Data reconciliation, i.e. identifying and linking data sets that relate to the same entity and ensuring the uniqueness and integrity of the data. 
• Data enrichment, i.e. the process of adding or updating information or attributes to the data and improving the value and usefulness of the data. 
• Data governance, i.e. establishing and implementing policies, procedures and controls for the data and ensuring ownership, accountability, and responsibility for the data. 
• Data Quality Community, our network and platform for data quality experts, professionals, and enthusiasts to share and exchange their knowledge, experience, and best practices on data quality topics.  

If you want to learn more about how our platform can help you improve your data quality, screen your business partner and having a compliant process, please contact us for a free demo or a trial. We will be happy to show you how our platform works, and how it can solve your specific Compliance and KYC challenges and needs. 

Drop me an email at thomas.spitzer@cdq.com Reach out to me on LinkedIn