Remote working presents unique problems for due diligence in general and client onboarding in particular.
Firms will need to address and codify new guidelines so as to ensure consistency and effectiveness of any temporary internal know your customer (KYC) processes. That they do so and do so rapidly is driven not least by the fact that both FinCEN and the NCA continue to ramp up warnings about emerging financial crime threats exploiting opportunities presented by the global health crisis.
And while regulatory authorities will not be insensitive to the challenges posed to firms by the rapidly changing environment, consistent failings regarding client identification will not long be tolerated. Especially if this results in the abuse of vulnerable customers or the generalized lowering of anti-money laundering safeguards.
Face-to-face contact has long been an important method of gaining comfort as to the identity of a new client. For example, the UK’s Joint Money Laundering Steering Group has stated that the nature and extent of AML/CFT controls depends on a number of factors, including the extent to which the firm is dealing with the customer on a non-face-to-face basis. It’s also a good method for assessing delivery channel risk factors.
While in the US, FinCEN’s KYC guidance does not specify risk factors that must be considered in determining a customer-entity’s AML risk, most analysts consider that one factor that should be taken into account is whether an institution’s relationship with a client is face-to-face. The Monetary Authority of Singapore distinguishes between face-to-face and non-face-to-face client onboarding and KYC measures, viewing the latter as riskier.
The view has long been that the physical presence of a new client makes it less likely that identity fraud is being perpetrated. The willingness of the client to physically meet with a business’s representative, while not necessarily required, is nevertheless taken as testament to the legitimacy of the client and the proposed transaction – due to the client not taking active steps to hide themselves.
Further, during such face-to-face meetings, the business’s representative can best compare the prospective client with the proffered ID documents. That such a meeting has taken place often informs upon the decision to adopt simplified rather than enhanced due diligence procedures with all that that implies for both speed and cost of onboarding.
Ultimately, the impact of face-to-face meetings with clients is only one factor that imports upon the risk profile of the client/transaction, but it is not an insignificant one.
Alternatives to Physical Co-Location
Remote working and social distancing have rendered such face-to-face meetings difficult if not impossible. This does not however mean that onboarding teams will need to raise the risk profile of the client, provided that they can find some method of gaining comfort as to client identity.
A reading of relevant legislation reveals that there is room for flexibility in this space and that actual physical co-location is not always an imperative.
Indeed, face-to-face meetings need not necessarily mean being in the same room. Until now many businesses have viewed video conferencing as a method to be avoided because of the view that this did not deliver the degree of certainty provided by physical co-location.
Video conferencing as a means of client onboarding was a method to be avoided if at all possible. However, in the changed circumstances of a remote working imperative for many businesses, video conferencing will inevitably need to play a role in the onboarding process.
It will only add to the integrity of that process if businesses set out clear procedures for onboarding video conferences. Procedures that include standard sets of questions and measures taken to match the prospective client with the ID material separately forwarded to the business.
These questions will vary from business to business, but all will aim to verify that the person at the other end of the call is the person represented in the documentary evidence. Inconsistencies will need to be explained and any suspicions neutralized. Similarly, any new proposed transactions must be coherently articulated and any inconsistencies with existing relationships or understandings be ameliorated as far as possible.
While these factors should have been addressed in the context of physical meetings, it is now vital for the business to set these procedures out in a formal manner and to record the interaction. In so doing, the business will create a more standardized and effective approach. It will also be able to meet both its procedures and record-keeping duties, as set out in relevant regulation.
Standards of Documentary Evidence for Client Onboarding
The demands of remote working do not end with the identification of the client themselves but extend to documentary evidence collected in the due diligence process.
Documentary evidence is central to the evidentiary standards demanded by the due diligence and onboarding procedures and requirements. Standards of evidence may need to be altered – at least temporarily – until social distancing requirements are eased.
The challenges here result not just because a business cannot meet with a prospective client, but because a prospective client may not be able to meet with their own professional advisors.
Many firms require for their onboarding process that certain documents be certified and that that certification be undertaken by a regulated individual, such as a lawyer or an accountant. Examples of such documents include passports and evidence of address that need to be certified by a regulated individual stating that the documents represent true and complete copies of the original. Many firms refuse to accept documents without such certification.
Some businesses go further and require other corporate documents, such as structure charts setting out the corporate structure leading from the client to the ultimate beneficial owner, also be certified by a regulated individual.
Clearly, onboarding departments will need to be more flexible in their approach as clients may be unable to access such regulated individuals for certification purposes. So, for example, rather than requiring identification documents to be certified, they should look to secondary means for backing up their due diligence.
Should the client have previously been onboarded (even, say, over three years ago when many businesses would require the due diligence to be fully refreshed) then those documents, together with information gleaned from electronic identification processes or other screening service databases backed by internet searches, will need to be employed to buttress the onboarding decision.
In these circumstances, the onboarder will need to be confident as to the reliability of the database, the actual provenance of its information and its accessibility. If not, they will be unable to reach the degree of confidence required as to the credibility of the documents.
Records will need to be kept as to how comfort was achieved, and red flags will have to be inserted in the client onboarding file, ensuring that such steps are stop-gap measures and that once this particular crisis has passed and new matters on the same file arise, traditional and robust certification methods will resume.
The Future of Digital Onboarding
Further but not too far down the field, greater emphasis on digital onboarding will, irrespective of the current crisis, act to revolutionize the client onboarding process. Indeed, independent of current demands for remote working, digital identity technologies are advancing rapidly.
Biometric technologies, artificial intelligence and machine learning, as well as distributed ledger technology, will act to revolutionize customer due diligence and the onboarding process, including in respect of proof of ‘liveness’ and documentary validation.
Recently, the Financial Action Task Force has provided guidance that notes non-face-to-face customer identification and transactions that depend upon independent and reliable Identification systems, when combined with effective risk mitigation systems, may present a standard or even lower level of risk. Consequently, changes adopted in client onboarding as a result of the necessities of remote working may become permanent due to the import of emerging technologies.