As companies grow, so do their compliance teams and costs. Therefore, it becomes more viable to outsource to a third-party solution who can provide the expertise and scale at a reduced cost point. When building KYC functions, businesses should consider their risk appetite along with guidance from Regulators. A proper balance between in-house compliance and outsourced solutions can significantly cut costs, whilst keeping the firm fully compliant with regulations and protected from fraud.

KYC (Know Your Customer) Outsourcing refers to the practice of engaging third-party service providers to handle the compliance processes related to customer verification and due diligence. By outsourcing KYC functions, firms can effectively cut costs and streamline their compliance operations.

Here are some benefits and strategies for KYC Outsourcing to reduce compliance costs:

Benefits of KYC Outsourcing:

1. Cost Savings: Outsourcing can reduce the overhead costs associated with maintaining an in-house compliance team, including salaries, training and technology investments.
2. Access to Expertise: Third-party providers often specialise in compliance and KYC processes, bringing expertise and best practices that can improve efficiency and accuracy.
3. Scalability: Outsourcing allows firms to scale their KYC efforts up or down based on need without the fixed costs associated with a permanent in-house team.
4. Technology Solutions: Many KYC outsourcing firms leverage advanced technology, such as artificial intelligence and machine learning, for data analysis and risk assessments, which can lead to better compliance outcomes.
5. Focus on Core Business: By outsourcing KYC processes, firms can focus more on their core business activities, improving overall productivity and growth.

Whilst it’s true that firms create certain risks by sharing information with third parties, such risks can be minimised.

Risk Management Strategies

Despite the advantages, managing risks associated with outsourcing is essential.

Here are some strategies to minimise potential risks:

• Vendor Due Diligence: Conduct thorough assessments of potential outsourcing partners. Request details about certifications, audits and compliance history to ensure they meet regulatory standards and have a strong track record.
• Consolidation of Services: Choosing a single provider for multiple compliance services (like KYC and transaction monitoring) can streamline operations, improve integration and reduce the complexity of managing multiple vendors.
• Data Security and Compliance: Ensure that the outsourcing provider adheres to stringent data protection protocols. Contracts should include clauses that specify how customer data will be handled, stored and protected.
• Regular Audits and Reviews: Implement regular performance reviews and audits of the third-party vendor to ensure ongoing compliance and operational effectiveness.

Conclusion

KYC Outsourcing presents a valuable opportunity for firms of all sizes to manage compliance costs effectively whilst still adhering to the necessary regulatory requirements. By carefully selecting trusted partners and maintaining a balance between in-house oversight and outsourced solutions, firms can enhance their KYC capabilities and mitigate associated risks. This enables firms to not only comply with the regulations, but also focus on innovation and customer service in their core business areas.

Contact Complyport today to learn how our KYC/AML Compliance Managed Service can safeguard your organisation against financial crime and ensure regulatory peace of mind.

Complete the form below to book a FREE consultation.

Ask ViCA, your Virtual Compliance Assistant. Claim your complimentary 20 queries today!

The post KYC Outsourcing – Cut the Cost of Compliance! first appeared on Complyport - Your Trusted Partner in Governance, Risk, Compliance & Technology .

The Package is currently being scrutinised and amended by the European Parliament with the intention to release the updated draft proposal to the European Council in February 2022 for consideration. This will then be released under consultation to the regulated sector in Europe—a vital process which allows not only member states but also firms within those member states to comment on and potentially shape the money laundering regime across the whole EU.

Outsourcing Arrangements

A key area outlined by the proposals involves prohibitions around outsourcing arrangements. The proposals introduce specific prohibitions on activities that must not be outsourced, such as:

• the financial crime internal audit function
• the development, drawing up, and approval of internal policies, controls, and procedures.

Outsourcing an internal audit function is by definition contradictory, so it is understandable that this may become a prohibited outsourced function. After all, internal audits are the third line of defence (3LoD) and a firm must be in control of all its lines of defence to learn from the findings of its own internal audits.

However, the intended benefit of prohibiting the outsourcing of policy and procedure authoring is not entirely clear. It has long been argued that if a company doesn’t write their own policies, they can’t truly understand and operate by them. This can expose them to greater legal, operational, and regulatory risks due to inadequate policies and procedures or compliance failures because their policies were not written with the unique products and services of the company in mind. Nevertheless, this largely depends on how a company interacts with its outsourced provider.

Outsourcing policy- and procedure-writing is understandable when a firm pays a small sum to buy an off the shelf policy designed for a bank, for example, and all that is allegedly required for this to become the company’s policy is for them to insert its name where indicated. However, engaging a professional outsourced provider should work as an extension to the company’s own department – obtaining a temporary expert resource because a company’s workloads, budgets, or a combination of both do not stretch far enough to allow for this level of work to be undertaken in-house.

Example: Good Practice

SA professional outsourced firm will help a company in the authoring of its policies, for example, whilst ensuring that the company is fully immersed in the process. This is because the company, not the outsourcer, is the firm responsible for working to the requirements of the policy and explaining both the policy content and the decision- and thought-making process behind it if questioned by a regulator.

It is hoped that staff within frequently overworked financial crime departments will not be prohibited from seeking essential assistance from external firms when they need it. Such a predicament will leave firms torn between two options:

1. breach the prohibition and face the consequences of that breach
2. allow their company to operate under out of date or inadequate policies and prepare for the consequences if subject to a regulatory visit or inspection.

CDD Controls

Another key area in the proposals is the proposed changes to CDD controls. The changes propose a due diligence that is focused on a 5-year review and includes elements such as information on the transactions associated with a business relationship—including a transaction’s value (or estimated value), its intended destination, and the economic rationale of the transaction.

This kind of information has always formed part of an intelligence led CDD/customer risk assessment, usually under a title of the “does it make sense” test. However, if specific items such as this and time frame for when such must be reviewed within is introduced, then this could remove a company’s ability to apply a risk-based approach for itself. The proposal raises the question: will EU-based financial services companies now have to undertake CDD reviews in a prescribed manner and timeframe, irrespective of the risk presented? If this is the intention, further detail will be required for every circumstance under which a company may find itself engaging with a customer, and what type and level of documentation will be required to satisfy the requirements and retain safe harbour from regulatory scrutiny.

Moreover, the five-year requirement for CDD controls also contradicts the proposed guidance on beneficial ownership information. The proposal suggests these should be updated annually; these timeframes must be refined to remove any uncertainty.

Beneficial Ownership

Under the new package, firms will have to maintain adequate and current information on the identity of their customer’s beneficial owner (BO). The proposals contend that relevant information must be obtained within 14 calendar days of any change of BO and from the creation of any entity or legal arrangement. However, it is unclear at present whether the 14 days begin once the obliged entity has been informed, or once the change in the BO occurs. In the case of the latter, this would be costly for companies and produce even more work for them, especially if they are unable to use the services of outsourcers for tasks like annual policy updates and rewrites.

Further, the ability to hold such information within a 14-day period will mean companies have to place a huge reliance on customer speed and co-operation in order to remain compliant with this requirement. Even with the best of intentions, such speed and co-operation will not always be forthcoming. This begs the question: how can a regulated company be found in breach of a regulatory requirement due to the action or inaction of a non-regulated company?

It is clear that the Package is intended to create a harmonised EU framework on AML/CTF which, if attainable, will be of great benefit to all financial institutions. However, the proposed changes need to be able to work for everyone if the real benefit is to be felt. Once the updated proposals are released this should provide more clarity on how the proposed changes will impact companies – let’s hope the impact is a positive one!

Anti-Financial Crime Support – How can Complyport Help?

Our experienced Financial Crime and Forensics team led by Martin Schofield—one of the world’s leading specialists in the field—brings a wealth of experience to every project we are engaged in. Our highly experienced financial crime professionals and forensic experts, in subjects such as anti-money laundering, counter terrorist financing, anti-bribery and corruption and fraud and regularly help our clients navigate the complexities of the financial crime and money laundering environment. Services offered by Complyport include:

• Financial crime health checks and audits,
• Implementation of financial crime, AML, CTF, ABC, Fraud and market abuse controls and frameworks,
• Ongoing advice on financial crime, AML, CTF, market abuse and fraud prevention,
• Authoring/reviewing financial crime policies,
• Outsourced MLRO support
• Outsourced KYC and CDD support,
• Assistance in identifying Politically Exposed Persons (PEPs),
• Assistance in navigating international sanctions,
• Support with preventing market abuse and insider dealing,
• Expert Witness in Financial Crime cases
• Forensics and Investigations
• Design and/or delivery of online or face to face financial crime training

If this article has raised any questions, or you think your firm may require assistance, please contact either Martin Schofield via martin.schofield@complyport.co.uk or Jan Hagen via jan.hagen@complyport.co.uk to book in a free consultation.

About Complyport

Complyport is the City’s market leading consulting firm supporting the UK financial services industry for over 20 years. We specialise in providing Governance, Risk and Compliance services to support the regulated financial services industry to raise standards and thrive.

Complyport advises and assists firms to become authorised and to comply with the rules and requirements of regulators on an ongoing basis. Our vision is to be there for our clients every step of the way, helping them change, grow, and excel through expertise, insight, and innovation, and in so doing to become our clients’ most valued supplier and trusted advisor.

We have successfully assisted over 1000 firms to become authorised with the FCA and EU and are providing regulatory support to over 600 regulated firms on an ongoing basis globally. With presence in the UK and EU, as well as via our Associates Network, Complyport can assist firms across multiple jurisdictions.

Complyport’s multidisciplinary consultants possess deep expertise in their field, having acted in FCA skilled person reviews, as expert witnesses in legal cases and as expert investigators for firms or their legal advisers.

Day to day, we conduct audits and reviews of a firm’s products, processes, policies, and procedures to identify scope for business, to determine the impact of regulatory developments and to verify compliance with local regulations. Our clients tell us we live our values; we are driven, agile and collaborative.

The post An Update on the EU’s AML Regulatory Package first appeared on Complyport - Your Trusted Partner in Governance, Risk, Compliance & Technology .