Emma Newman, Head of Sales, Veridate, highlights the key factors corporate services providers should consider when seeking the right technology to assist with know your client and customer due diligence compliance.
For people working across the finance industry and related sectors, keeping track of regulatory updates and guidelines, as well as implementing these industry changes, can sometimes feel like you are navigating a minefield – especially in this era of unprecedented regulatory upheaval.
In 2018, Hong Kong witnessed diverse regulatory updates as amendments were made to Hong Kong’s principal Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO). Know your client (KYC) requirements for corporate services providers (CSPs) were enhanced, bringing existing anti-money laundering legislation in line with international best practices framed by the Financial Action Task Force (FATF) – an intergovernmental organisation founded in 1989 to develop global policies to combat money laundering and terrorist financing. For the first time, all designated non-financial businesses and professionals (DNFBPs) were expected to observe the same customer due diligence (CDD) and record-keeping requirements as financial institutions. Regulatory hurdles became even higher and more complex for all professional services firms, including CSPs, and almost two years after these changes were made these businesses still struggle with the processes, relying heavily on traditional ways of client onboarding rather than shifting to digital. Many firms seem unwilling to adopt new technologies that could help them with these new regulations. But why? What are the challenges that CSPs now face and what are the key factors to consider when seeking out the right compliance technology for your department?
The compliance requirements
The compliance requirements ask that DNFBPs not only conduct customer risk assessments (or due diligence) before starting a business relationship or business transaction valued at HK$120,000 and above, but also include the ongoing monitoring of business relationships to look for any signs of unusual activity. The amended Schedule 2 of the AMLO also asks that all DNFBPs maintain records related to all transactions and business relationships (with a time period of six years from the date the transaction is completed or the business relationship ends). In other words, the initial client engagement is only the start of regulatory obligations and in order to satisfy the required continued monitoring of clients, CSPs must continually check the status of clients through regular background checks and ensure that their identity documentation (ID) is still valid.
Imagine a local CSP has 100 existing clients (in this case, companies) who they act as a company secretary for. There might be up to five individuals, along with the company name, per client that they are required to run checks on. Depending on the anti-money laundering (AML) risk assessment of each client, CSPs may have to run these checks anywhere from one to four times a year for each individual. Six checks per client for 100 clients just twice a year would mean a total of 1,200 checks on these individuals’ and companies’ names – in addition to keeping the IDs up to date. This is a tremendously laborious task if these checks are being conducted without technology to help. Not only this, but these manual processes, according to The Fintech Times (https://thefintechtimes.com), could be resulting in significant losses in revenue.
Technology has advanced exponentially over the past few years, but when visiting a compliance department one will most likely be greeted by stacks of paperwork and employees inundated with manual tasks. There are many immediate hurdles to consider when embedding new technology into old systems, such as the test-and-learn approaches characteristic of digital transformation, but those who adopt new RegTech solutions will have significant advantages – in particular smarter, cheaper and more efficient administration, risk and compliance frameworks, as well as improved customer service experience. An advanced risk reporting framework that uses automated processes can provide organisations with real-time risk and business data to help improve both business and risk decisions. For example, some compliance technology can filter clients according to a scoring matrix when answering certain questions and allocate them a ‘risk colour’: red, amber and green (RAG) or high, medium and low. This would mean that the client’s risk is more easily visible when conducting research, saving both time and effort. Scoring is in line with the framework used by the Companies Registry and refined by the CSPs level of risk acceptance for ease.
Another challenge faced by CSPs is the client onboarding process. Digital onboarding begins the moment a customer wants to use your services and requires a careful mix of both technology and data. Speed, security and convenience are of the utmost importance from a user’s standpoint. However, there are opposing forces requiring stringent documentation for this process, which can slow down the much sought after quick onboarding process. According to the first edition of the ‘Digital Onboarding and KYC Report 2020’ – published by The Paypers (https://thepaypers.com) – inappropriate digital onboarding and lack of KYC practices affect the rate of customer onboarding. By using RegTech and putting an emphasis on data-driven onboarding, CSPs are more easily able to manage risk assessments when taking on new businesses. For example, they may be able to view their whole client portfolio risk, which would reveal how many politically exposed persons (PEPs) are already on the books, in addition to creating a guided journey for clients to apply for a new company themselves in digital form (or created by staff on behalf of the client). This makes it easier to understand what is required, when it’s required and most importantly, means one only needs to capture the data once to avoid duplication and transcription. More data means more analysis, so focusing on this data-driven onboarding is key for businesses.
Regulatory obligations do not stop once the client has been onboarded and regular background screening is essential to meet these regulatory requirements. Whilst there is only one law laid out by the regulator for CSPs, there are several requirements to be met and certain information required that adds a significant level of complexity to even the most straightforward screening process. Moreover, it is also down to interpretation of the requirements to create internal policies, which is inevitably open to variation as no CSP operates in the exact same way. It is, however, applicable to all licensed CSP companies in Hong Kong and is a vital cog in the compliance process.
Using automated software solutions to track, assess and gather data on a client across various key criteria, such as criminal records, past indiscretions, adverse media, PEP lists or any other specific, individual anomalies databases can help save time and make processes more efficient. Once this information has been gathered, presenting it appropriately can further aid CSPs to make more informed decisions. For example, certain parameters can be programmed to filter the search results according to how relevant that person might be to the client you are looking to do business with, or continue doing business with. These different segments can all be appropriately labelled for ease of decision-making and relevance, to ensure CSPs are able to prioritise accordingly. Modern technology is also capable of automatically rerunning screening checks on ‘active’ clients to drive further efficiencies in this otherwise manual search process. If a client’s status does not change, where is the logic in having to repeat the same screening process and check through the same data across different databases every time the recheck event needs to occur? By automating this process, CSPs can manage by exception and concentrate on the higher risk clients that need more attention when potential ‘red flags’ are raised.
It is also extremely important when conducting these checks to ensure that client IDs are up to date in order to comply with these ongoing obligations. New technology can aid CSPs with this by running a search across all client profiles and checking for IDs that are close to expiring. An automated email can then be triggered asking the client to log into their account to update the ID. Not only would this mean CSPs do not have to spend time manually contacting the client, but all email communications are tracked and logged, giving them peace of mind for audit and accountability of activity.
The customer experience
The pressure placed on compliance personnel today is tangible. Managing the rapidly increasing data requirements whilst implementing new policies and maintaining a document management system is not easy. However, by using RegTech to help streamline this process, the overall client experience and journey will be greatly improved. As Jérôme Dahan, Head of Legal Affairs at Webhelp Payment Services, puts it: ‘More than a regulatory requirement, the KYC has become an essential component of the customer experience. The digitisation of company/customer exchanges requires that customers be given an easy and fast accreditation or identification experience’. Digitisation and automation are the keys to unlocking a better customer experience.
By providing clients with a dynamic digital form, rather than paper, PDFs or word documents, they can be guided through an application for a new account or company by asking only specific questions which need to be answered, something not possible with physical forms. Furthermore, if a local CSP is completing the application on behalf of the client, the client can easily log into their account to submit any additional information required by them. Once CSPs have this information, the database can be maintained and managed in a central source of truth that is safer and easier to manage than traditional, historic databases and spreadsheets.
Using technology allows for data to be reused and therefore makes the process less time-consuming not only for CSPs, but also for the clients filling out this information. There is also less chance of error when using digital forms as there are less transcription errors from reading handwriting and mistakes can be easily corrected without needing to restart the process. If the application for a new company can also be signed off by the client in the same journey, in addition to using the same data already captured from the client to create certain frequent use forms, then efficiency increases and completes full cycle onboarding in one step rather than fragmenting this otherwise simple journey.
Most often, companies and service providers fail to capitalise on a customer’s full digital engagement potential and instead focus on only one aspect of a customer’s digital lifecycle, whether that is onboarding, validation or identification. PDFs and paper-based processes, as well as manual internet searches, are not only difficult to manage, but are unsustainable processes in the long term. Redundant pages, repeated questions and transcription errors all lead to wasted resources and a negatively impacted client experience. By adopting new technologies to capture data that can be used elsewhere in internal operations, CSPs can benefit from more streamlined, time and cost efficient processes. First impressions not only count, they set the tone for a future client relationship, so it’s important to set yourself up to succeed from the start.
The future of RegTech
RegTech will most definitely continue to build on the advancements made in recent years, and this growth will come from new technologies that are now being built to serve the specific needs of all CSPs, rather than any one specific services industry. According to Deloitte, analysts are predicting an increase in client demand for innovative RegTech solutions, with a market potential of US$76.3 billion and US$10.7 billion in Europe alone by 2022 (‘Digital Onboarding and KYC Report 2020’, The Paypers). To remain competitive with other jurisdictions and attract new companies to Hong Kong, it is important to accept modern technology in the workplace. Ongoing regulations remain – and will continue to remain – tough, unless new ways of complying are adopted through new technologies. However, companies that develop and commercialise these RegTech solutions will continue to update their services by incorporating lessons that are continually being learned, making their service more efficient and user friendly to the underlying client at the heart of their business.
Emma Newman, Head of Sales
The author can be contacted by telephone: 9446 9170, or by email: email@example.com.