Customer screening can be time consuming and expensive, but it doesn’t need to be if you adopt a risk-based approach. Get smarter about the depth and regularity of screening and avoid these common pitfalls in due diligence that can expose your business to financial crime risk.
1. “We know our customers”
Businesses often develop a false sense of security about the risk profile of a particular customer or group of customers. This could be because they have met the person in question, have a longstanding professional relationship with them, or because the business and the customers are in the same jurisdiction. This attitude of “we know our customers”, especially amongst more senior staff who have an historical relationship with some individuals and personally vouch for them (think old boys’ network), can lead to red flags being overlooked and a failure to screen well-known customers with the intensity which they objectively deserve. In addition, the failure to recognise the risks associated with your own jurisdiction is a particularly common pitfall.
2. Lack of applicable staff knowledge
In our experience many frontline staff have a limited understanding of the ways in which their business could be abused by criminals. Staff often report that they would not feel confident analysing a customer’s rationale and activity in relation to a particular product—let alone whether the rationale and activity are consistent with one another, or fit expected norms.
Understanding whether a complex offshore structure ‘makes sense’ in all the circumstances can be a difficult task, calling for both experience and sound judgment. But training staff to recognise common red flags, tailored to the products and services offered by your business will pay enormous dividends in good business promoted and bad business avoided.
Developing staff understanding of the money laundering risks faced by your business is not expensive. Along with initial screening and risk-based transaction and profile monitoring, it should be a core element of your financial crime prevention strategy. Effective KYC requires much more than verifying that customers don’t have a criminal record. It’s not possible, obviously, to properly ‘know’ each customer, but it’s a fairly minimal investment to train staff to know what the wrong sort of customers might look like.
3. Evidencing your work
Under almost all regulatory regimes, businesses are obliged to keep good records of compliance related work.
Document not only any screening you carry out but also any decisions you took on the basis of it (e.g. “we collected the following results and discounted them for this reason …”; “we made the following assessment of this adverse media report …”). Include minutes from relevant meetings.
Printed, filed reports are hard to search and tend to go missing; we recommend storing everything in a dedicated compliance risk management platform, or on a document management system.
4. Not recognising the limitations of screening
Screening is a critical part of protecting your business against financial crime. But years of experience has taught us that screening can only serve as a first step. Most people looking to misuse financial services know that they won’t make it through screening if they have a criminal record – and so won’t apply for financial services under their own name, either putting up a ‘clean’ front man to open accounts on their behalf, or obtaining access to the accounts of an existing customer.
Spotting that these people are abusing your products and services therefore goes beyond screening customer names and involves considering account activity and usage against what was expected, both for the individual customer concerned and for similar customers of the same type.
Thus, while screening acts as an essential gatekeeper to your business, and will pick up existing customers who have committed a serious crime or become politically exposed since you took them on as a customer, it needs to be seen as one component of a wider financial crime prevention strategy, and its limitations clearly understood.
Over the past few years some firms have engaged in an arms race when it comes to screening, spending big on elaborate tech at the expense of broader effective financial crime prevention. The responsibility for this lies in part with legacy mainstream providers of screening services. These large corporates run with significant overheads in the form of sales and support teams, R&D, database access and so on. In order to justify the cost of licences, with a tougher regulatory environment leavingbusinesses with little choice but to pay up, providers began charging for a broader and more complex range of features than firms really need.
Counterintuitively, this over-provision can weaken compliance regimes. KYC work at many businesses is not carried out by compliance professionals but by comparatively junior staff who may not be equipped to interpret complicated search results or feel confident in selecting from the many different features and options on offer when screening a customer. This can lead to less robust and consistent outcomes than when a simple but powerful screening tool is used.
Overscreening is also cost ineffective: interpreting the results for each customer can take up a significant amount of time and drain staff resources. False positives, a common consequence of overzealous screening solutions which lack proper filtering technology, are a particular bugbear of many staff.
As regulatory regimes around the world continue to tighten (with, for example, the passing of the Criminal Finances Act in the UK), the range of businesses that need to carry out KYC checks is widening.
Simply crossing your fingers and hoping that you don’t end up with the wrong sort of customer exposes your business to penalties—reputational, financial and even criminal—that can be severe. If your business is abused by criminals and becomes the subject of an investigation, regulators will take a kinder view if you can demonstrate that you had rigorous KYC procedures in place and were doing your best to prevent criminals from gaining access to your services.
Customer screening is the critical first step in any comprehensive AML regime. Make sure your staff are equipped with the ability to recognise the ways in which criminals may abuse your business and record and file evidence of their screening outputs and decisions they made on the basis of the results.