THE STRUGGLE FOR A HOLISTIC VIEW OF THE CUSTOMER AND THE RISK TO COMPLIANCE SYSTEMS
/Issue
Most, if not all enterprises, would like to have a holistic view of their customers and this is especially true for financial institutions. However, the reality on the ground at some financial institutions seems to fall short of this goal for various reasons such as:
- Acquisitions and mergers with other companies
- Business lines operating as separate silos within the organization
- Incompatible technologies which is cost prohibitive to try to integrate in a meaningful way
- Data privacy laws and constraints of local jurisdictions where the customer was on-boarded
- Lack of an enterprise customer repository which stores all relevant customer information about the entity from all business lines
- Absence of standard rules of how the enterprise defines and can identify a customer across the institution
Enterprise Wide Initiative
Implementing a system which can provide a holistic view of the customer will most likely need the support of senior leadership in the institution to be successful as it will be an enterprise wide initiative with varying levels of complexity depending on the size, distribution and infrastructure of the organization. Additionally, the holistic view of the customer should be able to serve a wide audience within the organization which includes, but not limited to the following departments:
- Accounting
- Business lines
- Compliance
- Information Technology (IT)
- Legal
- Marketing
- Operations
- Risk
Financial Crimes Compliance
The lack of a holistic view of the customer is particularly evident when implementing financial crimes systems. When a financial institution implements a system to risk score its customers the organization will need to develop a plethora of rules which assign a score based on various attributes of the customer. For example, if “XYZ Inc.” was identified to be a Money Service Bureau (MSB) and one the beneficial owners of the business was identified as an inactive Politically Exposed Person (PEP) then this customer will end up with a particular score depending on the organization’s risk appetite.
Use Case
What if “XYZ Inc.” was a customer in four separate business line applications, with slightly different customer validation and on-boarding requirements, and the organization didn’t have an enterprise customer repository to realize that all of these instances of the customer were indeed the same entity? Then when it comes to down to risk scoring the customer the risk rating solution may need to ingest both records from each business line application to the financial crimes database because there are vital risk attributes in each application, but this will ultimately lead to customer fragmentation. One could argue that before the customer records are loaded to the financial crimes system there could be a process in place to combine, de-dupe or enhance the data to achieve a holistic view of the customer, at least, for Compliance purposes. The only downside to this approach is that it undermines the business line’s authority as the system with the most recent and accurate data of the customer for that product offering.
Current State
In the below diagram the customer "XYZ Inc." has been on-boarded or has accounts with four different business lines. However, the Financial Crimes Compliance department may be interested in specific risk attributes of the customer which are only relevant to each business line based on the type of products and services offered. Consequently, multiple versions of the same customer could be ingested and risk scored by the financial crimes system which has implications that are manifold.
- Risk scores could be inaccurate and understated due to a fragmented view of the customer
- The same customer with potentially different risk scores may have to be reviewed multiple times during the periodic review process which could drive up costs and inefficiencies
- Transaction monitoring and fraud investigations could also degrade in quality if the investigator does not have all of the relevant customer and transactional information in one consolidated alert
Target State
If, the financial institution is able to implement an Enterprise Know Your Customer (KYC) repository which can serve the needs of many different stakeholders then the Compliance department will undoubtedly be one of the major beneficiaries of this type of project.