AML/KYC’s Data Confidence Crisis


The last thing anyone wants to hear from a financial organization is that the people tasked with risk management are feeling less than confident about their ability to do the job — because they aren’t sure if their data is good. If the risk experts aren’t feeling confident, it is difficult to know how anyone else in an organization will.

However, in flipping through the latest edition of the PYMNTS AML/KYC Tracker, a collaboration with Trulioo, there is a lot of data to suggest that this is the situation in many organizations.

About 29 percent of banks have not implemented know your customer (KYC) tools or external data providers across the customer life cycle. In addition, 69 percent of crypto exchanges lack “complete and transparent” KYC and customer due diligence processes, and 71 percent of trade providers have cited compliance limitations and inadequate KYC practices as key factors in driving trade finance rejection rates. Perhaps most worryingly, 63 percent of anti-money laundering (AML) compliance professionals said they lack confidence in their data.

These statistics are not built to inspire much confidence in consumers, or anyone else for that matter. There’s no reason to panic, Trulioo General Manager Zac Cohen told PYMNTS in a recent conversation, but that last statistic alone is enough to make anyone sit up and take notice.

“Yes, we should be concerned when the individuals tasked with making the risk assessments and decisions are widely reporting a lack of confidence,” he said.

Cohen indicated that finding the solutions to those problems and gaps is often a matter of stepping back. The problems aren’t usually due to a lack of interest or will, but in overcoming structural obstacles that are long-standing, particularly for large and established players. Big ships take a while to turn, after all.

The problem is that the tides in the market are changing quickly — fraudsters and other bad actors in the system are always aiming for speed in their pivots. What the market currently needs is more confidence in the data it is working with, not less, to repel those efforts.

That means the marketplace needs to evolve differently when it comes to technology partnerships. The simple, one-off vendor relationships of the past are ready to pass away, and the forward path for evolution is happening in more comprehensive partnerships.

The Headwinds Pushing Back On Progress

The critical difference that often separates established banks from the digital startups that have risen to challenge them is the point of view from which their systems were developed. Products built during the digital era were designed for mobile consumers, while legacy products were designed for face-to-face interactions. That creates special challenges for larger legacy players looking to integrate into the digital age of financial services — and looking to serve two demographic masters in their offerings.

“A growing segment of these banks want to capitalize on the digital segment more directly, but they can’t ignore that a significant portion of their customers prefer in-person transactions, as opposed to [a] mobile moderated set of use cases and interactions,” Cohen said.

Moreover, he added, in the era of the omnichannel consumer, the real pressure in the market is to offer a variety of interconnected channels that allow for seamless customer motion throughout. Getting that type of sophistication securely integrated to accurately verify and authenticate customers at onboarding and beyond is not easy, particularly in the context of hard-to-modernize legacy systems.

On top of all of that, large, multinational financial organizations often face real challenges around segmentation and siloing. That means a solution put into place in one part or jurisdiction of an organization won’t work in another one.

“It is not anyone’s fault, but it is a technical reality that needs to be overcome. What these firms need [are] large, common integration layers — an internal [application programming interface (API)] economy that can provide access across all sectors of an organization,” he said.

However, for all the help that can be provided, and for all the will within the industry to see innovative changes move into place, the reality is that, sometimes, factors outside any financial institution’s control affect the pace of progress. An example, Cohen observed, is the aforementioned cryptocurrency statistic — 69 percent of crypto exchanges lack “complete and transparent” KYC and due diligence processes. That lag often has less to do with institutional decisions themselves than it does with genuinely murky regulations and confusion over what best practices are in this area, particularly in the developing world.

These are often jurisdictions where cryptocurrency is rising rapidly, and where KYC/AML issues are pre-existing, with a lot of tension around crypto’s regulatory future. Part of that is due to cryptocurrency’s checkered history — it attracts speculation, has been associated with funding all kinds of crimes and is extremely resistant to the transparency around knowing one’s customer that financial regulations tend to favor. There are many valid concerns about offering regulatory legitimacy to something connected with so much illegitimate activity.

There is also the fact, Cohen told Webster, that governments don’t want to lose control of the money supply.

“On the same side, they can’t ignore the uptick in usage, or the negative repercussions of withholding clear regulations,” he said.

The good news is that this issue, like many of the others discussed, is in a “transition period” — where the future shape of services is becoming clear, though the exact mechanisms of the hand-off are being perfected.

The Innovative Steps Forward

As is the case in much of financial services, the future of navigating complex and choppy waters isn’t necessarily in building the best boat by which to do it alone, but assembling the best fleet of partners and providers with which to navigate. Critically, Cohen said, these are going to involve AML/KYC partners — and not only finding a holistic approach to optimizing in a series of one-offs, but coming up with an interconnected strategy under which to do it.

“Technical partners are looking to work with their customers, and continually optimize,” he said, adding that one-off vendor solutions and “one-size-fits-all” doesn’t work in today’s environment.

What does work — and is working — is the continuous monitoring of and revisits to the technical stack, looking at what’s in place already, then stepping back to connect that progress to a further set of goals. From there, organizations can begin thinking about how to build out the API bridges to the rest of the functions they want and need to enable.

The wider effort, however, may be in the data sets themselves — and in finding better ways to collect and collate them into more manageable and accessible forms.

“This is a two-sided marketplace,” Cohen pointed out, “and one side needs to be developing new data assets and models so we can ensure our ID verifications are successful to stop bad guys before they are on our sites exploiting weaknesses.”