Why Neo Banks Might Need a Different Customer Risk Assessment Approach
As financial institutions go increasingly digital in the wake of the COVID-19 crisis, physical verification of customers’ identity and paper forms might become practices of the past. In many countries, neo banks and other regulated financial services have moved to digital or electronic Know Your Customer (KYC) measures. While normal KYC checks may take months to complete, eKYC speeds up the onboarding process and enhances the customer experience. Electronic means of customer onboarding eliminate human errors. Above all, eKYC enables better and faster data analytics, easing auditing and reporting processes.
Money laundering across the globe has increased not just in volume, but also in terms of complexity and sophistication. Despite their cost-effectiveness and efficiency enhancements, eKYC methods are not free from fraud. Criminals may use the loopholes in existing KYC processes (eg. opening accounts with stolen or fake identities) and transfer illegal money across geographies with ease and in a fast manner. Therefore, a customer passing the KYC test may not end the risk and financial institutions need to be vigilant about potential risk in the future. They need to continuously evaluate their customers’ risk score based on their behaviour and monitor based on their updated risks at all times.
Customer Risk Assessment Practice
For the verification of the identities of existing and potential customers to understand their risk profile, financial institutions across the globe are mandated by their regulators to implement customer identification programs. Financial institutions collect as much data as they can about their customers, analyse the data they obtain, determine the risk and provide a risk rating. Customers with a high-risk rating are closely monitored for their actions. Low-risk customers are also monitored but not as diligently as high-risk customers. Even after onboarding a customer, banks periodically update their database about customers. Typically, they do data updates for high-risk customers more frequently than low-risk customers.
Different jurisdictions have different standards for setting up these programs. The following are the widely adopted methods in customer risk assessment.
Gathering of essential information about individual (name, date of birth, address and national identification number) and corporate (name, date of incorporation, registered address, registration number) customers is the first step in the customer identification process. This is done at the time of onboarding and at defined intervals once the customer is onboarded. The depth and frequency of data collection change depending on the type of institutional customers and the type of service requested. After gathering, this data is verified by cross-checking with public databases and consumer reporting agencies. Some institutions and services require physical verification of the customer.
Customer Due Diligence (CDD)
CDD procedures attempt to ensure if a customer can be trusted or not. These procedures are important given that doing business with criminals, terrorists and potentially exposed persons (PEPs) can create multiple compliance issues for the company. There are three levels of due diligence:
- Simplified Due Diligence (SDD): This is applicable to very low-value accounts where the perceived compliance risk is significantly low.
- Basic Due Diligence (BDD): This is applicable to most of the customers. Here, financial institutions verify customer identity and assess the risks associated with the customer.
- Enhanced Due Diligence (EDD): EDD is used in high-risk situations where a financial institution requests additional information to have a deeper understanding of the risks associated with a customer.
In the CDD phase, financial institutions conduct steps to understand the level of due diligence required for each customer. These include gathering information about the customer’s location and nature of business and classifying the risk category. Financial institutions at times conduct continuous research into the customer information to get real-time risk assessment as some customers, who may not be a risk at the time of account opening, may turn into a risky customer in the future. For this research, additional information such as location, occupation, transaction details and payment methods.
In the third phase, financial institutions track customers in real-time with ongoing monitoring of the available data points. Here, they pay attention to the types of services used, transactions carried out and third parties involved. This will help them find out unusual activities that are further investigated. In case the activity gets verified as unnatural, a Suspicious Activity Report (SAR) is filed. This is a complex process and often requires superior data analytics and modern technologies such as artificial intelligence and machine learning.
Challenges of current customer risk rating tools
Many of the current customer risk rating models are not robust to capture the complexities of modern-day customer risk management of fintech companies. Customer risk ratings are either carried out manually or are based on rudimental data models that use a limited set of pre-defined risk parameters. This leads to inadequate coverage of risk factors which vary in number and weightage from customer to customer. Further, the information for most of these risk parameters is static and collected when an account is opened. Often, information about customers is not updated in the required format and frequency. The current models do not consider all the touchpoints of a customer’s activity map and inaccurately score customers, failing to detect some high-risk customers and often misclassifying thousands of low-risk customers as high risk. Misclassification of customer risk leads to unnecessary case reviews, resulting in high costs and customer dissatisfaction. Adding to this, the static nature of the risk parameters fails to capture the changing behaviour of customers and dynamically adjust the risk ratings, exposing financial institutions to emerging threats.
How AI can help in customer risk scoring
Today, modern technologies like AI and machine learning are getting widespread attention for their ability to improve business processes and regulators are encouraging financial institutions including fintech companies to adopt innovative approaches to combat money laundering. In the area of customer risk scoring, the need of the hour is a sophisticated technology that can capture the complete customer activity through proper identification of risk indicators and continuously update customer profiles as underlying activities change.
Keeping that in mind, Tookitaki developed Customer Risk Scoring (CRS) as one of the modules of its award-winning Anti-Money Laundering Suite (AMLS). Powered by advanced machine learning, the module addresses the market needs and provides an effective and scalable customer risk rating solution by dynamically identifying relevant risk indicators across a customer’s activity map and scoring customers into three risk tiers – High, Moderate and Low. The solution comes with a powerful analytics layer that includes actionable insights and easy explanations for business users to make faster and more informed decisions. It provides an accurate customer risk rating with a few high-risk customers and a large number of low-risk customers.
The key benefits Tookitaki CRS solution are given below.
Broader risk coverage
CRS assesses risk across a comprehensive range of risk indicators that provides a 360-degree view of AML Risk relative to the customer, their relationships and activities. These dimensions are Customer, Counterparty, Transactions and Network Relationships.
Dynamic customer assessment
Customer assessment adapts over time to actual customer behaviour. This vastly reduces false signals and improves inappropriate behaviour detection.
Solution level agility
The solution is not a single “model.” CRS has been developed with advanced ongoing self-learning to evolve based on what is happening within specific client portfolios, business policies and industry trends. This functionality is controlled by client configuration to support all model governance policy and regulation requirements.
Accelerated risk assessment
CRS filters and presents the most critical information needed for investigators to make effective risk-based decisions timely and consistently. The solution simplifies highly complex machine learning decisions into understandable and actionable information.
CRS does not require time and cost, consuming change of existing Customer Risk Policies and Controls. Initially complementing your legacy operating environment, CRS provides the functionality required to transition to full machine learning-based AML Customer Risk as and when it is appropriate.
Reduced cost of compliance
The solution helps identify high-risk customers and enables banks to take proactive measures to mitigate the risk of financial loss due to penalties along with various other regulatory, legal and reputational risks.
To know more about our AML solution and its unique features, please contact us and we will be happy to give you a detailed demo.
As regulators are becoming more stringent globally around AML compliance, strengthening the AML systems continues to remain among the top priorities. Tookitaki CRS solution enables financial institutions to realize benefits with dynamic customer risk scoring, leveraging advanced machine learning models for improved effectiveness of Enhanced Due Diligence with fewer resources.