Banking, Fraud

How perpetual KYC can change the norm in compliance

  • As banking goes digital, some of its enabling processes, like KYC, remain painfully manual and time consuming. There are now calls for changing that.
  • Perpetual Know Your Customer, or pKYC, is an approach to KYC which makes it ore ongoing and seamlessly integrated into the user experience.

Email a Friend

How perpetual KYC can change the norm in compliance

As people use increasingly innovative methods to avail financial services – from making payments to applying for mortgages and paying off student debts – the mechanisms powering them on the backend must evolve as well. Among those is Know Your Customer (KYC) – a practice that has seen little innovation over the past few decades.

The user growth ushered in by digital banking requires enabling systems to become faster and more efficient. 

Compliance, which includes KYC and a host of closely affiliated processes, has historically been time-consuming, with teams having to rely on manual and unintegrated processes, according to a Moody's Analytics report.

Today, the digitization and improvement of  KYC approaches are considered integral for any service provider. If companies don’t evolve, they could be putting themselves at risk and lose customers in the process, according to experts.

“As the world becomes increasingly digital, companies face evolving risk factors they may have failed to consider before implementing new technologies, processes, etc,”  Keith Berry, General Manager of Know Your Customer Solutions at Moody’s Analytics, told Tearsheet. “It is important for KYC practices to evolve, reflecting customer needs and the rapidity with which threats can change.”

The need for KYC practices to evolve

The idea that KYC practices need to evolve is closely tied to how the industry views KYC differently from before. Thus far, KYC has been viewed as a customer onboarding issue, and that is changing to a customer lifecycle management issue.

This change in perspective calls for all new solutions and data to back a KYC process. There is a desire to improve the industry’s currently prevalent method – which is to use a mix of event and trigger-based screening.

The industry understands that it is far from high-tech KYC 

A Moody’s Analytics survey found that 76% of organizations assess the digital sophistication of their own KYC approach as either poor (29%) or mediocre (47%).

Traditional banks and professional services firms made up a significant portion of the firms that rated themselves as poor. They reported being frustrated by manual processes, excess paperwork, and unintegrated legacy systems. The survey also found these firms to be reluctant to believe that improving KYC can solve their issues. 

In the middle range of frustration, shown in blue in the chart above, were mostly large and complex institutions that have invested heavily in KYC but remain frustrated by their systems. Such firms are referred to as ‘semi-automated’, and their systems are generally held back due to IT limitations, and the complexity of their products and market. Having already spent resources on KYC, they are largely concerned with the cost of reaching the next stage.

Younger and more agile companies, generally fintechs, found themselves in the most sophisticated bracket (denoted by green in the graph above). Here we note a difference in approach between these firms and the rest, as they treat KYC as a strategy to develop a competitive advantage. They support this by connecting KYC efforts with customer relationship management and building sound IT integrations. They aim to maximize automation in the process, while also balancing human agency.

The notion of perpetual KYC (pKYC)

The next stage in KYC practice is an approach that brings it out of just the onboarding process and makes it a periodically recurring exercise that is seamless to the customer. It's called perpetual KYC, or pKYC.

“Perpetual know your customer or pKYC reimagines traditional KYC monitoring, ensuring a more reliable ongoing risk management approach by re-screening customers and suppliers on a continual and near real-time basis – rather than to a rigid, set time frame,” Berry said.

With traditional KYC, risk monitoring happens on a one, three, or five-yearly cycle – depending on the original risk score of the counterparty. Sticking to such a hard schedule creates the risk that companies may miss risk factors and threats that have changed, and therefore may have been festering for years.

pKYC is an automated, event-based approach to risk monitoring that takes place in near real-time. When a threat is detected in the back end, it is flagged to the compliance team, and enhanced due diligence takes place without delay. This maintains an accurate picture of risk across a counterparty network on a perpetual basis – if nothing changes in the risk profile, no screening needs to take place. If a risk alert comes in, it can be actioned straight away. The trigger is the change in behavior and circumstances, not the calendar year.

Hence, pKYC is much more user-oriented than traditional KYC, and makes use of customers’ behavioral data in real-time to make informed decisions.

The benefits of such an approach to KYC are outlined in a chart of Maslow’s hierarchy below.

The foundational benefits here are table stakes – expected in any functioning KYC process. However, the automation offered by pKYC can help bring down the operating costs for such an offering, while offering better reputation management. Among the differentiators, the appeal for pKYC is that it can enable companies to fine-tune their processes to their specific risk appetites.

The top of the pyramid is where the real appeal of pKYC becomes apparent. A perpetual approach to KYC creates a better and more seamless user experience, contributing to greater retention. Secondly, it can help develop better customer insights as firms will be able to put together more detailed and sophisticated user profiles. And lastly, it will enhance the ability to cross and upsell as businesses can have a deeper understanding of customer needs.

When we look at the industry’s readiness to adopt pKYC, we learn that there’s still some time before it becomes the norm.

“Only 40% of the industry is “fully aware” of pKYC and its’ benefits compared to 60% of the industry who sit on the opposite side, unaware of pKYC, although this vast separation in knowledge and mindset doesn’t mean companies aren’t ready to adopt pKYC solutions,” Berry told us.

He argued that firms need to overcome cultural and financial barriers before they get to a place where pKYC can be widely adopted. Currently, pKYC is something that businesses have come to desire, but for the industry to realize its true potential, it needs to start being viewed as something necessary.

Roadblocks in KYC innovation

The primary problem here is the perception of KYC in firms – many continue to view it as a “bad cost” or a “necessary evil”, one that can not translate directly into ROI.

“One of the biggest roadblocks for companies who want to achieve better ROI when using KYC is a mindset. Leaders need to move away from thinking of KYC as a necessary evil and realize it is something that will ultimately yield positive results,” Berry told us.

According to Moody Analytics, firms that hold this perception have inefficient KYC practices. These businesses find it difficult to gather data from customers, and even more difficult to derive meaningful insights from it.

Such firms are also more likely to have a defense-based approach to KYC. They see it primarily as a tool to manage risk and reputation and to remain compliant.

On the other hand, we find firms that give great importance to KYC, seeing it as a “good cost” that can deliver value if done well. A valuable aspect is that effective KYC helps build better relationships with customers, all while improving operations and aiding PR efforts.

These firms have what we can understand as an offense-based approach to KYC, where they see it as an effective means to build better customer relationships.

“KYC can foster better relationships between companies and their customers or partners, and open the door to better compliance experiences, to upselling, and improved data insights – as well as protection from fines and reputational damage,” Berry detailed.

Fintechs and FIs are always looking to gain greater efficiencies in their operations, integrate systems to create a better value proposition, and gather valuable customer insights. With the promise of all of those things, pKYC might just be tomorrow’s norm in the making.

0 comments on “How perpetual KYC can change the norm in compliance”


Amid shifting threats, FIs should be mindful of these emerging cybersecurity risks

  • The US region was the most heavily targeted for fraudulent card transactions over the period of June 2022 to November 2022.
  • A new Visa report highlights several key factors and contributors that elevate risk and fuel vulnerabilities making it possible for bad actors to carry out cyber-attacks and fraudulent activities in current times.
Sara Khairi | April 05, 2023
Banking, Fraud

Banking Briefing: A new year, but fraud is still here

  • Where do banks stand with fraud?
  • Meanwhile, we take a quick look at Greenwood’s new subscription offering.
Rivka Abramson | January 03, 2023

Breaking the mold of authentication: 5 questions with Raj Dasgupta, Director of Fraud Strategy at Biocatch

  • As digitalization continues, the cat and mouse game of preventing fraud gets harder.
  • Biocatch uses behavioral biometrics to distinguish good users from bad actors.
Rabab Ahsan | November 29, 2022

Behind Galileo’s payments fraud management revamp

  • Fraud attacks on financial institutions are nothing out of the ordinary – what's different now is the rise in their frequency and intensity.
  • We take a look at how Galileo Financial teamed up with fraud management firm DataVisor to bolster its payment risk mitigation platform.
Sara Khairi | November 11, 2022
Fraud, Payments

What’s the role of encryption and tokenization in protecting omnichannel payments?

  • Retailers today are accepting payments in more ways than ever before, and that is exposing them to new risks.
  • The user data retailers hold makes them vulnerable to cyberattacks, and it needs to be protected using tokenization and encryption techniques.
Subboh Jaffery | September 08, 2022
More Articles