Often, with KYC compliance it's not a "one size fits all" approach, which can make it hard to implement process and protect the business from AML risks. But there is a solution...
KYC compliance challenges
Compliance with Know Your Customer (KYC) as part of the wider Anti-Money Laundering (AML) regulation requires every professional services firm to have robust processes and procedures in place to help combat financial crime. The challenge, however, for firms is that whilst there are broad and common KYC compliance best practices, the legislation isn’t prescriptive – and for good reasons. Foremost, the regulators want to ensure that firms take responsibility for compliance and remain accountable at all times. Secondly, in all firms, there is a small percentage of processes that are unique to their organisation and so enforcing a rigid approach to compliance can be counterproductive to the cause.
Against this backdrop, let’s look at what KYC compliance entails, the Sysero platform low-code approach, and why it presents the most effective and practical KYC solution to legal and accountancy firms.
Key elements of the KYC process
Onboarding new clients forms the bulk of the KYC process; therefore, an auditable and systematic approach is needed. The key elements are:
Defining a client – All details pertaining to the client in question must be accurately captured and recorded – i.e., the names of the individuals on the team, their location, the country/region where the work will be performed, the owners of the matter, credit ratings of the organisation, source of funds, and so forth.
Conflict checking and beneficial owners – Especially in professional services firms, ensuring that there is no conflict of interest concerning the individuals involved is critical. Additionally, noting information about the beneficial owners, such as passports, contact numbers, and records of their business’ incorporation, is essential. In the current environment, checking the names of the beneficial owners against sanctions lists has become crucial too.
All these kinds of checks must be performed against information residing in the firm’s business systems such as practice management, accounting, and document management, of course, but often also via online searches and any other source deemed important. This is an example of why KYC compliance cannot be prescriptive.
Letter of engagement (LoE) – Clarity of engagement is viewed as important – issues such as the scope of the project, agreed terms, duration of engagement, and fees, alongside caveats and assumptions, all need to be clearly defined.
Risk assessment – This is again an instance where rigid processes are unlikely to work for KYC compliance. Whilst risk assessment must be undertaken at the start of a relationship, it isn’t a one-off exercise. Firms must continuously assess the business relationship, clearly assigning a rating of low or high risk that is commensurate at that point in time. This customer due diligence is essential to monitor clients and customers to ensure that they aren’t involved in money laundering, financing terrorism, or on a sanctions or watch list anywhere in the world, at any point in time.
Engagement approval – Following a thorough risk assessment, a senior business executive in the firm is required to not only approve the new engagement (after satisfying themselves that due diligence and risk assessment have been duly followed) but also outline the firm’s reasons for accepting the engagement.
Client retainer agreement – This best practice is an important part of KYC. It provides a record of the contract between parties and pre-empts misunderstanding in the future.
Visit our Know Your Customer workflow solution page for all the benefits KYC automation can deliver.
Out-of-the-box KYC solutions won’t work
No two firms in the legal or accountancy sectors work in exactly the same way. They may work similarly, but there will always be processes that differ due to the technologies and systems deployed, the size of the firm, the segment of the market they service, their specialties, and more. Typically, these processes constitute about 20 percent of the overall procedures and workflows but are potentially the most critical from a compliance standpoint – because they don’t fit the archetypical model. Consequently, KYC compliance cannot be an out-of-the-box solution.
A low-code approach to your KYC requirements
Sysero is a low-code platform that allows firms to design unique workflows based on their working practices, technology infrastructure, sources of data, and KYC requirements. This means that despite the variance in a firm’s compliance approach, by adopting the Sysero platform, they can devise a thorough and systematic approach to KYC compliance, fully supported with an evidencable audit trail to demonstrate that all the necessary actions have been taken.
From a technical perspective, firms can implement the platform in-house or deploy via the cloud. The beauty of low-code technology is that minimal IT or programming skills are required, as there is no need to write software code.
The Sysero platform provides an intuitive user interface and a workflow builder that a Money Laundering Officer or Compliance Officer can use to create workflows by simply dragging and dropping decisions and actions to map out the business or compliance process. For example, the individual could drop in actions such as email notifications, pop-ups, or e-signatures at specific stages in the compliance workflow to ensure that the necessary activities are being performed in a timely manner toward KYC compliance. Workflow steps can be assigned to specific email addresses too. Alongside this, there is an in-built forms designer that by asking questions, guides the individual through the relatively complex process of collecting pertinent KYC compliance information. Fully indexed and OCR’d documents can be attached to specific workflows. A workflow can directly produce documents supported by a knowledge library where workflow data is automatically saved, and there’s a very useful end-to-end visualisation of the workflow.
A future-proof approach to KYC and AML compliance
And perhaps the best part? Sysero KYC solutions can be developed and implemented literally within weeks. Thereafter, incremental improvements and enhancements can be routinely made, be it to accommodate changing KYC regulations or the firm’s evolving business processes. This means that the firm is not dependent on Sysero or the implementation partner – in our case Ascertus – to update or evolve the KYC solution.
Regulators couldn’t be clearer that the burden of compliance rests solely on firms. They must take all the necessary steps to comply. This cannot be successfully undertaken with off-the-shelf compliance solutions. Aside from the fact that every firm’s processes are slightly varied, depending on a technology vendor to always update their technology in a timely manner is an unrealistic expectation. There are too many moving parts. A low-code solution like Sysero is the only way firms can effectively future-proof KYC compliance.
Know your customer. Do you?
See also:
- Understanding AML Regulations and how they will impact KYC in 2024
- KYC Regulations Requires Flexible Technology Solution – Here’s Why
Visit our Know Your Customer workflow solution page for all the benefits KYC automation can deliver.
FAQ
What are the KYC regulations?
KYC regulations are a set of guidelines and procedures implemented by financial institutions, accounting, and law firms to verify the identity of their customers in order to prevent money laundering, fraud, and other illegal activities. This includes obtaining personal information, such as identification documents, and monitoring transactions to ensure compliance with regulatory requirements. Failure to comply with KYC regulations can result in severe penalties for financial institutions. The most recent legislation is the Economic Crime and Corporate Transparency Act 2023.
What is a KYC checklist?
A KYC checklist is a tool used by organisations to ensure they have collected all necessary information and documentation from customers in order to meet regulatory requirements for Know Your Customer (KYC) guidelines. This checklist typically includes items such as identification documents, proof of address, customer risk assessment, and transaction monitoring procedures to ensure that the institution is able to effectively identify and verify the identity of their customers. By following a KYC checklist, institutions can help mitigate risks associated with money laundering and other financial crimes.
Who needs to perform KYC?
KYC requirements apply to a wide range of financial institutions, such as banks, credit unions, investment firms, and insurance companies, among others. Also included are professional services firms such as legal practices and accounting firms. Essentially, any entity that deals with financial transactions and customer accounts is obligated to perform KYC due diligence. This is to help prevent money laundering, fraud, and other illegal activities within the financial system by ensuring that they know who their customers are and monitoring their activities.