Running effective KYC (Know Your Customer) training is a challenge. In the past, it was a negative necessity, with large investment banking houses using training as a knee jerk response to live regulatory issues.
But now, this is rapidly and radically changing:
- regulators across the globe are expanding their focus, with scrutiny extending right into the heart of the retail banking sector and start-up/challenger banks
- and firms are realising that the benefits of an effective KYC programme extend way beyond box ticking – if they’re run as meaningful cultural and behavioural change programmes.
Six Steps to KYC Training Success
The real question is, how can you run a successful KYC programme that ensures compliance and delivers a sustainable reduction in risk and an enduring protection against regulatory censure?
- Do you have senior management buy-in?
While it may seem obvious for a regulatory driven programme, a lack of senior management understanding or engagement will inevitably create a sub optimal outcome. KYC needs to be seen as a critical part of a firm’s overarching compliance framework, with ownership throughout the firm – not just an admin task carried out by Operations. It is imperative that the importance of KYC is reinforced at senior levels to ensure that the ‘tone from the top’ hits the right point and cascades throughout a firm. Failure to ensure this is correct will lead to a lack of focus on the programme and expose a firm to potential regulatory action with the associated reputational impact.
- Are you investing enough?
In our post Lehman’s, post 2008 environment cost reduction is an imperative, as firms seek to ensure that where they spend money on large programmes they are getting ‘bang for buck’. From a business perspective, this makes absolute sense – but it needs to be balanced against ensuring that KYC programmes achieve their prescribed outcomes and bring a firm’s standards up to the relevant regulatory requirements. As the saying goes: “If you think compliance with KYC is expensive, try non-compliance!”
- Is your governance in good shape?
As with all large-scale programmes, governance is the key to ensuring that your KYC programme achieves its defined goals. Regular checkpoints with stakeholders are key to a successful outcome. The presence of key executives on the various programme forums will ensure the requisite focus and help to drive positive outcomes. By contrast, poor governance will lead to missed deadlines and reflect poorly with regulators who take a keen interest in these programmes, particularly in scenarios where they have appointed a monitor to the firm.
- Do you have a robust remediation strategy?
By their very nature, KYC programmes will invariably require a remediation exercise to be carried out on at least part of a firm’s client records. Depending on the size of the population to be remediated, this can be a large-scale exercise that takes up a significant amount of time, headcount, and cost. When one single workstream takes up such a proportion of resources it is imperative that there is an appropriate strategy in place. In particular, firms need to be clear about:
- the standard to which they are remediating
- the volume of records to be remediated
- the timelines involved
And timeliness is particularly important where regulators have imposed deadlines on a firm for completion of remediation activities.
- How complex is your policy framework?
Each firm’s KYC policy is dictated by the relevant local regulatory requirements, overlaid by a firm’s own risk appetite. Those charged with crafting a KYC policy must balance those factors with the ability of the firms operational teams to implement the policy without a negative impact on the business. And – as I know only too well from my experience of in-house policy implementation – an overly complicated policy framework creates significant implementation challenges and will lead to cost increases. While we are not recommending that standards should be lowered to allow for easier implementation, it is necessary for firms to have a dynamic approach to policy writing which allows for a robust implementation which meets the regulatory requirements and the needs of the business.
- Is your training tightly targeted?
Once the above items have been considered, the next critical step is to consider how the required cultural and behavioural changes can be embedded into the fabric of your organisation. While enhanced KYC training is the most obvious answer; it is also imperative that firms engage in training that is focused, not generic, and targeted to the precise needs of your specific audience and operating context: there is no one size fits all. For example, while a Sales team may require training on the fundamentals of KYC and the importance of their role as the First Line of Defence, their colleagues over in KYC Operations team need detailed training on the operational aspects of KYC and what the policy changes mean to their KYC process.
How can we help?
The success, or failure, of any KYC programme rests on the successful transition of the programme activities into business-as-usual processes. And the key to that is a targeted, specific training programme to allow for an enhanced control environment which helps to minimise KYC risk.
At Sionic, we offer a fully comprehensive KYC Academy which will arm your teams with all the knowledge and skills they need to be competent KYC professionals, allowing your firm to combat KYC risk.
"*" indicates required fields