Mastering Periodic Customer Reviews with eKYC and Automation

The process of conducting periodic reviews of customer information helps ensure the relevance of anti-money laundering and counter-financing of terrorism measures (AML/CFT) that designated non-financial businesses and professions (DNFBPs) have implemented in their business.

This blog elaborates upon the following:

The purpose and factors triggering the initiation of conducting customer reviews.
The management of such periodic review processes through automation with AML software.
The best practices for carrying out effective customer reviews.
The advantages of relying on eKYC with the use of automation tools.

Periodic Review of Customers in the context of AML/CFT Compliance

The AML/CFT law in UAE requires DNFBPs to conduct periodic reviews of customer information collected during the customer due diligence (CDD) process. Keeping the CDD information up to date is a legal requirement that DNFBPs need to adhere to. The guidelines for DNFBPs require them to adopt a risk-based approach (RBA) when it comes to updating CDD. To achieve this, DNFBPs are required to have in place appropriate AML/CFT policies and procedures, which clearly state the steps and measures taken by the DNFBP to conduct periodic reviews of customer information, the tools or software used, and defined workflows to ensure that customer information collected during the CDD is maintained up to date.

Purpose of Periodic Review of customer KYC details

The regulatory requirement of conducting periodic reviews of customer information throughout the business lifecycle is backed by purposes such as:

Identifying Suspicious Activities

Conducting periodic reviews enables DNFBPs to identify suspicious activities, which is made possible through tracking or monitoring the customer details. It also helps entities to submit required regulatory reports like SAR/STR.

Assessing Customer Risk Profiles

When the customer information and activity are monitored or supervised periodically, such periodic review enables the DNFBP to assess the fluctuation in customer risk, such as the shift of low-risk customers to high-risk status or vice-versa due to changes in their circumstances supported by valid documents.

Ensuring Compliance with Regulatory Requirements

The UAE AML/CFT laws and guidelines require DNFBPs to conduct periodic reviews of CDD information, which is a regulatory compliance requirement.

Strengthening Risk Management Practices

When periodic reviews are conducted in a timely manner, the DNFBP is able to identify the customer profiles needing attention and additional or enhanced due diligence (EDD) measures. The exercise of conducting periodic reviews helps strengthen risk management as a DNFBP is able to plan how it shall mitigate ML/FT and PF risks.

Key Triggers for Periodic Reviews

The situations or circumstances necessitating the carrying out of periodic reviews are:

Risk-Based

DNFBPs need to imbibe a risk-based approach, meaning that they shall deploy risk mitigation measures according to the degree and extent of risk they are exposed to. One of the simplest ways to set or determine the frequency and timing of periodic reviews is to review their profiles according to the risk they pose to a DNFBP’s business, for instance. A low-risk customer’s profile can be examined less frequently than a high-risk customer whose profile needs to be examined more frequently.

Coming across changes in customer information that would impact the customer’s existing risk profile.

Changes in the list of High-Risk countries as maintained by the FATF.

Event-Based

Change in circumstances of a legal entity customer, such as a change in beneficial ownership, legal structure, change of address, purpose of business, or capital structure. For instance, non-PEP customers getting classified as PEP, change in transaction pattern, etc.

Discovery of adverse or negative media about the natural person customer or ultimate beneficial owners (UBOs) of a legal entity customer, where such adverse news contains information that can materially impact the business relationship with a DNFBP. For instance, there is adverse news pertaining to involvement in a predicate offence, which might ultimately be linked to financial crime such as ML/FT or PF.

Commencement of legal proceedings against the customer.

Due to recommendations derived from findings of AML auditor.

Transactions or behaviours indicating suspicion with regard to ML/FT or PF involvement.

Time-Based

DNFBPs, through their internal AML/CFT policies and procedures, need to set rules according to various customer risk categories and the timing and frequency of their CDD reviews, whether such reviews shall be conducted through notification parameters configurated into eKYC software, the degree of manual input and automation parameters for CDD or KYC reviews.

DFNBP can set the periodicity of customer information reviews in their policy according to the ML/FT and PF risk customers pose to the business, which can be semi-annual, annual, etc.

Components Contributing to Periodic Customer Review

A periodic customer review of a DNFBP usually consists of the following components:

Transaction Monitoring

Transaction monitoring is an AML compliance component that enables the DNFBP to configure alert generation in the context of transactions by customers that are not normal, reasonable, or consistent with the customer’s risk profile. Any change or deviation in customer transaction patterns should be considered as a factor necessitating the initiation of customer review or re-KYC.

Behavioral Analysis

The suspicious nature of customer activities and transactions can be identified through behavioural pattern analysis. For example, if a customer starts behaving differently than their normal pattern, then such a change in behaviour must generate a red flag for a DNFBP, following which they can conduct KYC refresh or re-CDD to ascertain the consistency and identify the cause of change in customer behaviour.

eKYC/CDD, Ongoing Monitoring, and Transaction Monitoring software are often equipped with machine learning capabilities, which can be taught to identify or detect suspicious behaviour patterns to trigger KYC refresh

Screening

Screening of customers against relevant watchlists such as sanctions lists, politically exposed persons (PEPs) databases, and adverse media screening enables DNFBPs to identify if the customer’s name matches with that of the names contained in such watchlists or sanctions list, enabling the DNFBP to determine the degree of ML/FT and PF risk posed by such customer and classify them into high risk, medium risk, or low-risk categories.

Based on the assigned risk classification, the DNFBP can determine the periodicity of conducting a re-examination or review of customer information.

Risk Assessment

Based on the risk assessment of the ML/FT and PF risk posed by the customer, the DNFBP can determine at which level of risk classification it would request for KYC refresh or re-CDD and document the same in the AML/CFT policies and procedures.

Managing Periodic Review of Customers with AML Software

The process of periodic review of customers can be streamlined with the use of AML software solutions such as:

1. eKYC Software

An eKYC software is responsible for automating the KYC obligations of a DNFBP. The eKYC software facilitates the following:

Setting periodicity or time duration notifications or alerts for conducting eKYC refresh.
Generates alerts when any customer document is approaching expiry, necessitating document renewal and revision of eKYC information.
Remotely fulfilling eKYC requirements such as customer identity verification through liveness check.

2. Screening Software

Sanctions screening software helps with periodic review as it constantly monitors the customer names across relevant and applicable sanctions lists, generating notifications or alerts for further CDD refresh or EDD when a true match or partial match is found.

3. Customer Risk Assessment Software

Customer risk assessment software facilitates the implementation of the customer review process in terms of determining or configuring the risk classification criteria and assigning customer review periodicity. This helps segregate customers into high, medium, and low-risk categories and conduct re-KYC according to the duration defined in the organisation’s AML/CFT policy.

4. Case Management Software

A case management software for AML compliance facilitates holistic monitoring and management of ML/FT and PF risks. The case management tool helps by:

Designing workflows for escalation and management of tasks for conducting re-CDD, such as requesting document renewal for expired or about-to-expire documents.
Keeping track of the case status.

5. Transaction Monitoring Software

A transaction monitoring software generates alerts whenever it identifies any anomaly or change in the pattern of transactions in real-time, which facilitates DNFBPs to conduct re-CDD or KYC refresh in real-time.

6. Regulatory Reporting Software

Reporting software is extremely helpful when, during the screening of customers or transaction monitoring, any positive match or materially suspicious activity is found, which requires the immediate filing of a suspicious activity report (SAR)or suspicious transaction reports (STR) on the goAML portal of the UAE Financial Intelligence Unit (FIU).

Advantages of AML Software While Conducting Periodic Reviews

An AML software is advantageous in conducting periodic reviews in the following ways:

Streamlined Data Collection

AML software, such as eKYC software and screening software, helps with easy document collection where a customer can upload their documents remotely through the app-based customer onboarding tools.

Real-Time Monitoring

Transaction monitoring, ongoing monitoring, and sanctions screening software are the software or tools to look for when any DNFBP intends to track customer activity, behaviour patterns, sanctions inclusion, and PEP classification status in real-time.

Reduced Manual Efforts

The very purpose of software and tools is to automate repetitive manual processes such as entering customer data, screening across regulator-issued sanctions lists, customer document validation, etc., which, due to automation, can help DNFBPs to reduce manual efforts.

Workflow

Various AML software solutions, such as case management, regulatory reporting, monitoring, and screening software, facilitate companies to define and assign workflows for escalation of tasks according to expertise level, right from screening analyst or risk analyst through AML compliance officer or Money Laundering Reporting Officer (MLRO) for further actions or senior management approval for onboarding or continuation of business relationship with high-risk customers.

Document Management

AML software tools help in document management by facilitating the storing and generating of documents required for AML compliance and recording steps taken to ensure compliance with AML measures, such as steps taken to complete the CDD process, alerts set for document expiry, factors triggering re-KYC, timing or frequency of re-KYC, all such measures including others as the case may be, are recorded by the AML software, and such records can be fetched instantly to fulfil record-keeping requirements in UAE.

Regulatory Compliance

AML software facilitates ensuring the timely filing of regulatory reports as well as ensuring regulatory compliance with relevant AML/CFT obligations. AML software facilitates streamlined processes, which, as a result, helps ensure compliance.

Cost-Savings

The most lucrative prospect of switching or opting for AML software is the resultant cost saving that comes due to the reduction of human efforts and increased efficiency.

Best Practices for Effective Periodic Customer Reviews

Ensure Data Quality:

Rich quality data helps in identifying suspicious activity or behavior in a timely manner, reducing the incidences of false positives.

Take A Risk-Based Approach:

Implementing risk measures commensurate with the type and severity of the risk to which the business is exposed helps ensure that a periodic review of customer details is conducted in a timely manner, according to the type of risk the ML/FT and PF customer poses.

Utilise Technology:

The UAE AML/CFT laws and guidelines recommend using technology whenever needed to streamline and strengthen AML processes. Relying on technology to get alerts and triggers for conducting EDD and re-CDD is preferable for DNFBPs to ensure that further steps are taken to ensure regulatory compliance in a timely manner.

Provide Training and Awareness:

Whenever a new or different methodology or technology is introduced in an organisation, as a best practice, personnel must be trained on how to use technology for carrying out the AML/CFT compliance obligations such as ongoing monitoring, re-CDD, KYC refresh, the factors necessitating conducting re-CDD, recordkeeping of CDD and Re-CDD measures, and so on.

Consider Cross-Border Challenges:

Businesses must consider cross-border challenges, such as changes in regulatory requirements and the ability of personnel and technology used by such a business to adapt to the requirements of different jurisdictions.

Consider Emerging Threats:

As a best practice of risk management, it is important to identify the emerging patterns in the relevant field; doing so would enable better management of AML/CFT risk.

Conclusion

When it comes to end-to-end customer relationship management, conducting periodic reviews of customer details obtained during the eKYC or the CDD process can be simplified through the use of the eKYC process and automation with the use of various kinds of AML software to ensure regulatory compliance.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.