The Issue

Most (if not all) enterprises would like to have a holistic view of their customers, and this is especially true for financial institutions. However, the reality on the ground at some financial institutions seems to fall short of this goal for various reasons such as:

Mergers and acquisitions
Business lines operating as separate silos within the organization
Incompatible technologies that are cost prohibitive to try to integrate in a meaningful way
Data privacy laws and constraints of local jurisdictions where the customer was on-boarded
Lack of an enterprise customer repository to store all relevant customer information about the entity from all business lines
Absence of standard rules for how the enterprise defines and identifies customers across the institution

Enterprise-Wide Initiative

Implementing a system that can provide a holistic view of the customer will most likely need the support of the institution’s senior leadership to be successful, as it will be an enterprise-wide initiative with varying levels of complexity depending on the size, distribution and infrastructure of the organization. Additionally, the holistic view of the customer should be able to serve a wide audience within the organization, including, but not limited to, the following departments:

Accounting
Business lines
Compliance
Information Technology (IT)
Legal
Marketing
Operations
Risk

Financial Crimes Compliance

The lack of a holistic view of the customer is particularly evident when implementing financial crimes systems. When a financial institution implements a system to risk-score its customers, the organization will need to develop a plethora of rules that assign a score based on various customer attributes. For example, if “XYZ Inc.” was identified to be a Money Service Bureau (MSB) and one the beneficial owners of the business was identified as an inactive Politically Exposed Person (PEP), then this customer will end up with a particular score depending on the organization’s risk appetite.

Use Case

What if “XYZ Inc.” was a customer in four separate business line applications, each with slightly different customer validation and on-boarding requirements, and the organization didn’t have an enterprise customer repository to realize that all of these instances of the customer were indeed the same entity? Then when it comes to down to risk-scoring the customer, the risk-rating solution may need to ingest the customer records from each business line application to the financial crimes database, because there are vital risk attributes in each application. However, this will ultimately lead to customer fragmentation. One could argue that before the customer records are loaded to the financial crimes system, there could be a process in place to combine, deduplicate or enhance the data to achieve a holistic view of the customer, at least, for compliance purposes. The only downside to this approach is that it undermines the business line’s authority as the system with the most recent and accurate data of the customer for that product offering.

Current State

In the below diagram, the customer “XYZ Inc.” has been on-boarded or has accounts with four different business lines. However, the Financial Crimes Compliance department may be interested in specific risk attributes of the customer, which are only relevant to each business line based on the type of products and services offered. Consequently, multiple versions of the same customer could be ingested and risk-scored by the financial crimes system, which has manifold implications.

Risk scores could be inaccurate and understated due to a fragmented view of the customer
The same customer with potentially different risk scores may have to be reviewed multiple times during the periodic review process, potentially driving up costs and inefficiencies
Transaction monitoring and fraud investigations could also degrade in quality if the investigator does not have all of the relevant customer and transactional information in one consolidated alert

January 28 - fragmented view image

Target State

If the financial institution is able to implement an enterprise know your customer (KYC) repository that can serve the needs of many different stakeholders, then the compliance department will undoubtedly be one of the major beneficiaries of this type of daunting, but rewarding project.

January 28 - holistic view image


Keith Furst

Keith Furst headshot (327x400)Keith Furst is Principal at Data Derivatives and has years of proven experience within a variety of financial institutions including investment banks, retail banks, payment providers, merchant acquirers and brokerage firms with a focus on technical business analysis. His forte relates to transaction monitoring, customer due diligence, fraud and trade compliance systems, and his work included custom data analytics and root cause analyses resulting in identification of suspicious activity outside of the traditional monitoring systems. His work at both Actimize and Exzac/Matrix enhanced his expertise with proven domain knowledge of related Actimize products including the modules SAM (Suspicious Activity Monitoring), CDD (Customer Due Diligence) and TC (Trade Compliance). He is skilled at bridging the requirements of risk and compliance with technology, specifically the effective implementation of support systems and related data sources required for monitoring, analysis and reporting.

He is well-versed on model risk management and has performed deep-dive assessments of banking institutions policies, which resulted in enhancements to policies and model governance. With deep knowledge of SWIFT message types, he performed multiple assessments to ensure cross-border payment transparency aligns with both industry and internal policy guidelines.

He holds an MBA from Baruch College, Zicklin School of Business.

Related Post

Got Compliance News?

We do!  Sign up for CCI’s free weekly eBlast to get GRC news, views, jobs & events delivered to your inbox once a week.  Cancel anytime.

Click to Subscribe.