The Cost of KYC Compliance in Finance: How Digitalization Helps
How deeply do you understand every threat that’s affecting your business’ Know Your Customer (KYC) workflow and increasing the cost of KYC? Every year new updates and regulatory demands come into play that impact the compliance process of financial institutions, usually in response to an unforeseen or under-regulated scandal.
Fenergo conducted a global survey, KYC Trends in 2022, of over 1,000 C-suite executives across 100 corporate and institutional banks, to uncover the direct and opportunity costs of people-driven, manual and laborious KYC processes.
The Full Cost of KYC Compliance
While understanding the identity of customers has been an essential compliance requirement for more than 50 years, subsequent waves of regulation have added cost and complexity to the process of acquiring and retaining customers.
Since the US government enacted the Bank Secrecy Act of 1970, global anti-money laundering (AML) laws have become increasingly complex, resulting in KYC processes that can grow unmanageable without using a strategic approach.
KYC is a regulatory requirement that every bank must fulfil – from client onboarding to performing ongoing client reviews. It is the most time-consuming part of client onboarding and has significant implications for financial institutions in delaying time to revenue. A poor onboarding experience also puts the client relationship at risk.
Behind the Digital Curve
KYC processes have been left behind by the digital revolution that is sweeping through the financial services industry, resulting in an increased cost of KYC.
While the front-office is transformed, back and middle office functions are lagging. KYC operations have often been viewed as a cost center at the bottom of the list for innovation while customer-facing and revenue generating parts of the firm are prioritized. A legacy of this under-investment is a process which is still largely manual, fragile, and expensive to run.
Understanding Developing Compliance Priorities
The data from our survey paints an encouraging picture of changing attitudes. Financial crime risk is a top three investment priority for 45% of respondents, after cyber risk (49%), reflecting the new business-as-usual for banks seeking to make processes more robust, enhance controls for financial crime and protect IT infrastructure.
Tech Investment Priorities (Figure 1)
Compliance Spending for KYC
KYC is a major component of compliance spend, representing 31-40% of the total compliance budget for almost one third of banks that took part in our survey. For one fifth of firms, KYC spend is even higher at 41%-50% of the compliance budget. No firm is spending less than 10% of their compliance budget on KYC.
These figures can be attributed to the large number of full-time employees working in KYC operations. It remains a people-driven, manual operation, with a third of banks employing 1,001 to 1,500 (Figure 3) full time employees (FTEs) just to manage KYC, while another third report 1,501 to 2,000 FTEs. The largest firms employ up to 3,000 FTEs for KYC.
Percentage of Compliance Cost Base for KYC (Figure 2)
Number of Full-time KYC Employees (Figure 3)
The Real Cost of KYC
KYC reviews are incredibly time-consuming for firms that serve corporate customers.
The survey shows that a KYC review for a single corporate client takes from 31 to 60 days (Figure 5) for 40% of banks to complete. While there is clearly room for improvement in the majority of financial institutions, a minority have much further to go in expediting the KYC review process. One fifth say it takes up to 150 days and 8% take up to 210 days to complete a single review. In today’s technology-first era, that is clearly an unnecessary drain on operating costs.
KYC is not just an operational pain point. 90% (Figure 6) of the surveyed banks said that their existing process, with its potential for human error, impacts their risk decision-making. However, the biggest problem around current KYC practices is the cost. Two thirds of survey respondents said a review costs between $1,501 and $3,500. For banks that may be onboarding tens of thousands of clients every year, the cost of KYC alone can run into millions of dollars (up to $35 million for a bank onboarding 10,000 new clients per annum).
Average Cost to Complete KYC Reviews per Client (Figure 4)
Time Spent on KYC Reviews (Figure 5)
Does Manual KYC Impact Ability to Make Better Risk Decisions? (Figure 6)
Reputational Impact of Inadequate KYC and AML Processes
Financial institutions also face the risk of enforcement actions from the regulators for not having adequate KYC and AML processes and procedures in place. In 2021, AmBank in Malaysia was fined $700 million for failing to conduct effective due diligence of the former Malaysian prime minister who transferred millions of dollars from the 1 Malaysia Development Berhad (1MDB) fund into his AmBank account.
While fines grab the headlines, the larger impact is the cost of remediation and the lasting damage to the reputation of the firm.
Ongoing Monitoring of Risk
KYC reaches far beyond the initial onboarding phase of the customer journey. There is also the ongoing burden of managing periodic KYC reviews.
As evidenced by our survey, this process is expensive and time-consuming for many firms. Our research describes an environment which is heavily manual, siloed and requires significant human intervention, with 31-50% of review tasks being conducted manually for 41% of respondents.
Percentage of KYC Review Tasks Done Manually (Figure 7)
Ongoing KYC Reviews
In the case of ongoing reviews of client profiles, the number of trigger events that have a material effect on risk relationships – such as the arrival of a new CEO, a change in jurisdiction, or a senior executive becoming a politically exposed person (PEP) – that banks are required to assess is already high. Just under three-quarters of respondents (Figure 8) receive between 2,001 and 4,000 trigger events per month. For a large corporate and institutional bank with anything from 70,000 to 100,000 clients, the scale of the book of work is eyewatering and has a commensurate cost of KYC.
Another key component of ongoing KYC reviews is understanding transactional activity and proactively reacting to unexpected patterns. Yet 56% (Figure 9) of respondents haven’t fully integrated KYC with their transaction monitoring systems, making the ongoing monitoring of client behaviour for risk assessment extremely difficult.
Number of KYC Trigger Events Assessed per Month (Figure 8)
Integration of Transaction Monitoring Systems for Client Behaviour Monitoring (Figure 9)
So, what is the alternative to managing ongoing KYC compliance with static client profiles that must be updated manually?
With technology and automation, firms can ensure client profiles are updated automatically and in real-time, allowing for the continuous monitoring of risk. Through API integrations with third party providers for entity data, screening and AML transaction monitoring systems, FIs can automate and streamline KYC events and detect and react to changes in client data as they arise, while capturing new sanctions, PEP and adverse media hits.
An automated system can decipher and triage the materiality of trigger events to straight through process low-to-medium risk cases. Automated ongoing KYC reviews of this nature would have the added benefit of reducing workloads and allowing analysts to focus on higher risk cases with the nuance that requires human intervention. And this all works together to reduce the operational cost of KYC as a result.
For more insight into the changing attitudes around KYC and digitalization, download KYC in 2022: A Final Frontier for Digital Transformation in Financial Services.