Building a Data-driven Ecosystem: Introducing the Future of KYC in Finance

LinkedIn
Twitter
Ivar Lammers

Ivar Lammers has recently vacated his role as COO of Daily Banking and Treasury, to once again become Global Head of Financial Crime Wholesale Bank in 2024 – a role he previously held between 2017 and 2020. A “victim of his own success”, he jokes, as he is tasked with finding more innovative ways for ING, and indeed the wider financial services sector, to streamline the Know Your Customer (KYC) process and to ensure compliance, crime prevention, operational rigour and customer satisfaction in equal measure.

Hi Ivar. We seem to have caught you at a bit of a personal career juncture, but also at a crossroads from the perspective of ING and the finance industry more broadly. How would you surmise the current state of play in your sector?

The absolute key thing for us now, with the volumes and workloads we are facing, is to be data and intelligence driven.

When I look at the client services side in my former position of COO Daily Banking, I was in continuous interaction with clients, and clients have questions like “what’s the balance of my account?” or “where is the confirmation for my payment order?”. All of these interactions can be significantly automated, because if you have, for instance, an account number or payment date, you should be able to wire that fully automatically through the customer portal to your system of record, and back to the customer. However, when we’re talking about large corporate clients, they have a centralised Treasury Department, and they deal with not just ING but different banks in different regions. So, they prefer to engage with you via the global universal banking portal, “e-mail”, where you get text instead of data points. The question becomes hidden in the blur of text, and more difficult to translate into structured data points that allow me to automate interactions and to automatically query my systems of record. That is one aspect of data-driven challenges, although partially addressed by eBAM, that needs to be addressed more passionately.

However, there is another side to this data conversation, which more revolves around my role around financial crime prevention. And that is the Know Your Customer (KYC) process.

Also jovially known as ‘Kill Your Colleague’ sometimes, as I understand… what impact could automation play in this traditionally frustrating process?

There are a lot of redundant data points across the entire financial industry. Reviewing clients at regular timed intervals equates to hundreds, if not thousands of pages of data points across the industry, and those data points need periodic reviewing which is incredibly time-consuming and complex if done in an unstructured and manual way. Regarding the client’s digital identity (known as Identification and Verification of the ownership structure) this includes hard data points such as names or addresses, obtained from public trusted sources like trade registers. But there are also soft party data points which refer to the purpose and nature of business relationships, and therefore where and why transactions are done. Next to the digital identity, you must become familiar with and baseline the client’s transactional behaviour. This typically boils down to a per-individual relationship: “products vs jurisdictions”, “accounts vs jurisdictions”, “flow from-and-to jurisdiction”, and an overview of booking and initiating offices. These data points allow a KYC operation to ensure that the correct local legislation and specific product legislation is applied to a Customer Due Diligence (CDD) review. Then there is something called verifiable evidence, where, for instance, identities of main principles within a legal structure identified in a trade register, need to be confirmed by an independent verifiable source which usually requires either an ID card or a passport.

See Below: magazine version of this content

The aim has to be to have this data, and to both see and review this data, in a more structured and continuous way. Yes, because it is more seamless for us; but also so I don’t have to confront a client with a cold call for an ID document every three years, but rather ask for reconfirmation on what we have already exchanged. Here I’d initiate a CDD review, not just for the sake of a timestamp, but rather because my continuous (perpetual) view of the client’s identity and behaviour surfaces a change that – in line with legislation and policy – requires investigation or confirmation.  

This would ultimately mean being able to do our work more effectively, with greater efficiency, while improving the customer experience. Because, at present, if I’m asking a treasury department to bother their CEO for a copy of their passport, they are typically not too excited about it. Whereas, if we’re just seeking seamless confirmation of data we already have as part of our continuous customer due diligence, then it’s much simpler for a treasurer to respond (reconfirm), everyone remains compliant, and nobody becomes fatigued by the process.

I’m sensing there is still some hesitancy among clients to make this transition, though?

Well, yes and no. They like the idea, but it’s not as simple as that for the larger clients with more complex structures, that deal with multiple financial service providers. The idea of interacting with structured data via a customer portal that automates parts of the relationship and makes their management more seamless, is attractive. But a treasurer deals with numerous banks, and would be confronted with needing to log in and out of multiple bank portals, being exposed to multiple KYC policies. They want one multi-bank vault to store their KYC information in, where they can decide which bank they want to provide the key. This is where we use CoorpID as the multi-bank portal.

And that is where your recent initiated digital transformation comes in?

Exactly. For KYC, we have established, through our partner, BlackSwan, a market data hub. This hub creates the international profile of a client through a global trusted source and overlays every entity’s data, based on the country of incorporation, with a local trusted source. This is primarily the trade register, but a Financial Economic Crime (FEC) policy typically has a confirmed trusted sources setup with primary, secondary and other sources as well. The BlackSwan datahub allows us to apply that hierarchy and receive an alarm where different sources provide a different value for the same data point. It issues a “distillate” of ownership that could not be identified (private equity, trusts, etc) that requires us to reach out to our clients. This automates the majority of the identification and verification of ownership structures, and reduces our dependency or vendor lock-in to specific data vendors significantly. Also, with it being digital and structured, it also allows us to perpetually compare the values in trusted sources to those in our systems, to identify – for instance – new main principles or changed ownership percentages.

For the aforementioned transactional behaviour side we perform the exact same perpetual comparison across our systems-of-record on a month-to-month basis for relevant data points, to identify any relevant change in transactional behaviour. This is done through our Domino system.

And as for the still required verifiable evidence, we have the multi-bank vault through which we can publish questions to the client. This perpetual way of working allows us to stay away from “mechanical” questions and engage in a more client-centric way. Our data-driven foundation allows us to relay to the customer, ‘we are giving you advanced warning that your ID document, statement of non-polluted shares, trust letter, etc is up for reconfirmation’.

If the identity and behaviour remains unchanged, and the verifiable evidences are reconfirmed, no full Customer Due Diligence process needs to be commenced, bringing significant relief to both customer and bank.

Are you able to quantify the potential scale of this newfound efficiency?

To give an idea of the scale of data we’re dealing with and the need to perform regular CDD on, it pertains to the ownership structure of the client which can be up to hundreds of entities. For each of those entities we need to know the entity name, address, the ownership control, main principles, industry code(s), which products are used in which jurisdiction, source of funds, the purpose and nature of the relationship, what laws govern each of those activities in those jurisdictions, and much more.

With this transformation ahead of us we will, in the future, have real-time visibility of that information as it changes. Perpetual KYC gives us a data profile that can seamlessly be updated, checked or flagged; rather than putting our clients through the entire, strained process every one, three or five years where breaches or shortfalls could have also occurred between those timeframes. Maintaining our customer dossier in this data-driven way allows for a continuous, fluid relationship with clients in the future.

Content Sponsor: Xlinq

Presumably with this perpetual KYC, you’re also only receiving automated red flags for things that require your time and attention, so you’re also channelling your own operations and resources towards necessary tasks; rather than just complete reviews of often-static client profiles?

Precisely, but BlackSwan, our systems of record and our customer portal, are not alone in facilitating this. They are part of a broader digital transformation.

This is where Xlinq comes in. First, Xlinq verifies entities’ behaviour, flags any issues, and pinpoints where the Relationship Manager can respond within the workflow. For active entities Xlinq orchestrates what BlackSwan obtains to form a global digital identity profile to bounce that against our internal system and to identify any changes. The changes are assessed within the workflow by an analyst to ensure we capture the correct data within our client profile. Xlinq equally does that for the client behaviour side of things too. After applying the rules engine, Xlinq issues the proposed client outreach questions which are then reviewed in the workflow by both analyst and Relationship Manager, before publishing these into our client portal.

When aligned with policy, all required data and evidence is obtained, and the customer file is complete, the actual review of that file can be done, which happens in our KYC orchestrator workflow system (KYCO)

XLINQ

But by then you have only performed what you call data & evidence gathering, right? The actual KYC review still needs to happen?

Indeed. The result is a more scalable operation. The Data & Evidence gathering is supported by this technology, performed by another team aside from the KYC analysts. This ensures we only deploy KYC analysts during the actual review of a customer profile against the policy, to rectify the KYC status of the client. Data (KYC) operations perform all the preparations.

More than just creating a more satisfying customer relationship, this has also – already – had a positive effect on employee satisfaction as well.

So, if BlackSwan is public customer data, and Xlinq allows you to model applications that helps workflow, where does PwC’s solution come into the mix?

In setting up this capability we obviously needed to account for any regulatory and policy requirement. This is where PwC comes in as that third party, to offer an external legal opinion on whether every step, rule and setup is compliant. They are also working with the industry and, with most financial service providers moving in this direction, have constructively challenged us on directions and decisions taken.

And how are customers reacting to the shift so far? What do they think of the new and upcoming approach?

It’s interesting, because it’s not a process they enjoy anyway. That’s the nature of the beast. But from conversations with some of our larger customers that participated in the pilot, the consensus is that they appreciate the digital transformation, the emphasis on data, and on moving away from time-based KYC to a perpetual KYC model. Their remaining frustration comes from what we have to ask them for to ultimately ensure compliance and to have that complete profile up to date. In that respect, they remark banks are almost more stringent than the law. But we have to be, and they understand that, and are very appreciative that we are making huge efforts to make it as “easy” for them as we can in the future.

Of course, a lot of this transformation is quite technical. Are you able to illustrate the ultimate, high-level ambitions of this more data-driven approach?

Simply, we want to become even more effective and efficient. This means less strain on our clients and workforce, less strain on our partners, and more continuous KYC reviews.

We still have a long way ahead of us though. Yes, we successfully completed proof of concept and the pilot, but the actual migration of clients from the time-driven way of working to the new digital and perpetual way of working will take at least three years. This doesn’t happen overnight and will mean we have a hybrid model for the period to come.

How do you envision this transformation evolving into 2024, in line with your role change?

It started on January 1st, operationalising and rolling out the new way of working across 2024 and into the future. That means for clients that are expiring in 2024, we are already working ahead of the curve right now. Piece by piece, client by client, as their rule-based KYC expiration dates come into view, they will be migrated over to the new perpetual environment. But it’s an exponential process because with each migration to the new way of working, capacity is released that we redeploy to the new way of working, further accelerating operationalisation.

I asked at the start how you would surmise the current industry challenge landscape. Circling back to that now, what do you believe ING’s role is in overcoming the KYC challenge in particular?

We, and probably the industry, needed an on-off time travel into what a perpetual KYC experience would look like for clients and employees. It’s an industry challenge we’re all facing and dealing with, and pioneers need to be brave enough to fast-track its introduction and to expose stakeholders to this topic… to create the proof points. From there we travel back in time to today, the apostle will spread and the journey towards something else starts. The most complicated part of building something new is getting out of PowerPoint and to operationalise. But that’s what we’ve done, and I guess that’s what the industry is doing.

We have vital internal and external partners, and the journey we have laid out has been considered and meticulous. It’s been designed in a way that means there needn’t be backward steps from here.

It is designed and built to be bank- and industry-agnostic with an expectation that the gatekeeper role in KYC and financial crime prevention becomes an obligation beyond financial institutions to also implicate sectors such as casinos and government bodies. For each, more effective and less costly operational options need to become available to secure the gatekeeper role across all applicable industries.

I’m passionate about data’s role in all this, so the journey has been focused around not just efficiency at any cost; but very much also compliance, privacy and protecting customers through clearly established rules. It sounds restrictive, but if you have these elements clearly defined, it actually allows for more risk-free agility because you know exactly what boundaries you’re working within.