Looking for a KYC compliance solution? Think Sysero’s low-code – find out more with Ascertus
Often, with KYC compliance it’s not a “one size fits all” approach, which can make it hard to implement process and protect the business from AML risks. But there is a solution…
KYC compliance challenges
Compliance with Know Your Customer (KYC) as part of the wider Anti-Money Laundering (AML) regulation requires every professional services firm to have robust processes and procedures in place to help combat financial crime. The challenge, however, for firms is that whilst there are broad and common KYC compliance best practices, the legislation isn’t prescriptive – and for good reasons. Foremost, the regulators want to ensure that firms take responsibility for compliance and remain accountable at all times. Secondly, in all firms, there is a small percentage of processes that are unique to their organisation and so enforcing a rigid approach to compliance can be counterproductive to the cause.
Against this backdrop, let’s look at what KYC compliance entails, the Sysero platform low-code approach, and why it presents the most effective and practical KYC solution to legal and accountancy firms.
Key elements of the KYC process
Onboarding new clients forms the bulk of the KYC process; therefore, an auditable and systematic approach is needed. The key elements are:
Defining a client – All details pertaining to the client in question must be accurately captured and recorded – i.e., the names of the individuals on the team, their location, the country/region where the work will be performed, the owners of the matter, credit ratings of the organisation, source of funds, and so forth.
Conflict checking and beneficial owners – Especially in professional services firms, ensuring that there is no conflict of interest concerning the individuals involved is critical. Additionally, noting information about the beneficial owners, such as passports, contact numbers, and records of their business’ incorporation, is essential. In the current environment, checking the names of the beneficial owners against sanctions lists has become crucial too.
All these kinds of checks must be performed against information residing in the firm’s business systems such as practice management, accounting, and document management, of course, but often also via online searches and any other source deemed important. This is an example of why KYC compliance cannot be prescriptive.
Letter of engagement (LoE) – Clarity of engagement is viewed as important – issues such as the scope of the project, agreed terms, duration of engagement, and fees, alongside caveats and assumptions, all need to be clearly defined.
Risk assessment – This is again an instance where rigid processes are unlikely to work for KYC compliance. Whilst risk assessment must be undertaken at the start of a relationship, it isn’t a one-off exercise. Firms must continuously assess the business relationship, clearly assigning a rating of low or high risk that is commensurate at that point in time. This customer due diligence is essential to monitor clients and customers to ensure that they aren’t involved in money laundering, financing terrorism, or on a sanctions or watch list anywhere in the world, at any point in time.
Engagement approval – Following a thorough risk assessment, a senior business executive in the firm is required to not only approve the new engagement (after satisfying themselves that due diligence and risk assessment have been duly followed) but also outline the firm’s reasons for accepting the engagement.
Client retainer agreement – This best practice is an important part of KYC. It provides a record of the contract between parties and pre-empts misunderstanding in the future.
Visit our Know Your Customer workflow solution page for all the benefits KYC automation can deliver.
Out-of-the-box KYC solutions won’t work
No two firms in the legal or accountancy sectors work in exactly the same way. They may work similarly, but there will always be processes that differ due to the technologies and systems deployed, the size of the firm, the segment of the market they service, their specialties, and more. Typically, these processes constitute about 20 percent of the overall procedures and workflows but are potentially the most critical from a compliance standpoint – because they don’t fit the archetypical model. Consequently, KYC compliance cannot be an out-of-the-box solution.
A low-code approach to your KYC requirements
Sysero is a low-code platform that allows firms to design unique workflows based on their working practices, technology infrastructure, sources of data, and KYC requirements. This means that despite the variance in a firm’s compliance approach, by adopting the Sysero platform, they can devise a thorough and systematic approach to KYC compliance, fully supported with an evidencable audit trail to demonstrate that all the necessary actions have been taken.
From a technical perspective, firms can implement the platform in-house or deploy via the cloud. The beauty of low-code technology is that minimal IT or programming skills are required, as there is no need to write software code.
The Sysero platform provides an intuitive user interface and a workflow builder that a Money Laundering Officer or Compliance Officer can use to create workflows by simply dragging and dropping decisions and actions to map out the business or compliance process. For example, the individual could drop in actions such as email notifications, pop-ups, or e-signatures at specific stages in the compliance workflow to ensure that the necessary activities are being performed in a timely manner toward KYC compliance. Workflow steps can be assigned to specific email addresses too. Alongside this, there is an in-built forms designer that by asking questions, guides the individual through the relatively complex process of collecting pertinent KYC compliance information. Fully indexed and OCR’d documents can be attached to specific workflows. A workflow can directly produce documents supported by a knowledge library where workflow data is automatically saved, and there’s a very useful end-to-end visualisation of the workflow.
A future-proof approach to KYC and AML compliance
And perhaps the best part? Sysero KYC solutions can be developed and implemented literally within weeks. Thereafter, incremental improvements and enhancements can be routinely made, be it to accommodate changing KYC regulations or the firm’s evolving business processes. This means that the firm is not dependent on Sysero or the implementation partner – in our case Ascertus – to update or evolve the KYC solution.
Regulators couldn’t be clearer that the burden of compliance rests solely on firms. They must take all the necessary steps to comply. This cannot be successfully undertaken with off-the-shelf compliance solutions. Aside from the fact that every firm’s processes are slightly varied, depending on a technology vendor to always update their technology in a timely manner is an unrealistic expectation. There are too many moving parts. A low-code solution like Sysero is the only way firms can effectively future-proof KYC compliance.