The case for perpetual KYC  

So, another financial institution gets a fine for failures in taking proper due diligence. When are financial institutions and especially banks going to learn that prevention is better and cheaper than stomping up fines and taking reputational hits? 

One day soon, a financial institution won’t just be fined. Someone is going to be made an example. Is that going to be you? Are you going to jail? 4-14 years according to 6AMLD! Think you’re not in the firing line? Think again! 

During various conference and exhibitions we’ve exhibited at, such as AML and Fincrime or RegTech events, where we have spoken to compliance professionals or money laundering reporting officers (MLRO’s), the same theme keeps coming up: “I don’t sleep at night”. 

Basically, the volume of fines to financial institutions around the world has been constant since about 2015, and amount to billions every year with about $8bn in 2022 alone.  

All fines are not in the billions, for instance, a European bank was fined $50 million for failing to put in adequate controls in place to prevent money laundering. Just not carrying out enough checks and having the right processes.  

This fine was from the UK’s FCA who are not known for handing out high values and being particularly aggressive to firms, however, the whole environment post Covid has got harder, stronger and more difficult for all regulated businesses. 

In the last 18 months all kinds of extra complications have opened up, such as sanctions through the Ukraine/Russia war; and where before there were already some modes of sanctions against  North Korea, Iran and a few Russians this has rapidly ramped up. Many things have changed since March 2022. Sanctions have been brought in not only from the US primarily, but by many other countries such as the UK and a raft from the EU, Australia, Canada etc 

With globalisation, the myriad of interconnecting investments, investors, supply chains and businesses make it more and more difficult to define connections. Companies in the mainstream and in the high street may be linked in some way by either the ownership chain or the supply chain to sanctioned businesses. These businesses in themselves may be every day normal running businesses, but they in turn may have an individual involved that has been sanctioned. Not only this, but individuals within those companies may become politically exposed (PEPs) throwing up red flags. 

Businesses constantly get new beneficial owners, new direct shareholders and new officers to run them. A business or individual may be on-boarded and have a good running account with a financial institution and an excellent relationship down the value chain to relationship managers and individuals within the institution giving them a low risk rating. 

However, nothing stays still, things change constantly and because your client or supplier may be classed as low risk, your own internal policies may not need them to be checked unless something specific to business happens. Often, they may be checked every three years to take some kind of a look at them and update the KYC 

But what happens in between? People are constantly coming on or off sanctions and may be connected to your client 

This means whenever there is a change, to a company or the status of an individual, whether it be to becoming a PEP directly or by association or going into or out of Sanction, or getting adverse media or a company changing directors or ownership, you need to know. 

DD for KYC has become a nightmare. Your nightmare.

So this is why compliance professionals started talking to us about the problem. The fact that it’s now also difficult to get enough staff or the right kind of staff. It is said that for regulated businesses, something like 15% of staff/staff time is spent just on compliance issues 

So for the last couple of years, I set my team and myself the task of solving this problem. 

Our universe at Armadillo is 500 million companies, 1 billion businesses and 5 billion individuals for verification purposes. The challenge has been to monitor all the changes, so we came up with a new concept system called the Armadillo HUB using next-gen tech that can even work with legacy systems. 

It’s a ball of code that can plug in any kind of database and looks for changes. It can assist with monitoring for new amendments or what we call Perpetual KYC. It looks for changes in a business or to an individual. Linking them to verifications of sanctions, PEPs adverse media and connections. 

We are launching this shortly and I’m expecting to be able to solve this problem of constant, moving goalposts that stop you sleeping at night. Who is sanctioned? Who’s been appointed? Who is taking over any business anywhere in the world? 

This will mean massive cost savings for regulated businesses. They will be able to upload their whole portfolio of companies or individuals into the system and be fed information throughout the year of any changes that happen. 

Once into our system, you can sleep at night!! 

Manny cohen is Founder and Chairman of The Armadillo Group 
A Global Regtech100 Company 
August 2023