Ensuring compliance excellence – Insights into KYC/CDD solution verification and validation process
Verification (are we building the product right?) and validation (are we building the right product?) process is a key aspect in software development. This is particularly important for financial crimes compliance solutions dedicated to banks and other financial institutions.
Let’s focus on Know Your Customer (KYC) process of verifying the identity of customers and Customer Due Diligence (CDD) process of gathering additional information about customers – both are required to assess a customer risk profile before establishing a business relationship and to ensure compliance with Anti-Money Laundering (AML) regulations.
Their primary goal is to ensure that financial institutions have accurate information about their customers, including their identity, addresses, officers, shareholders, UBOs, and source of funds.
In order to be able to meet such goal any KYC/CDD software solution relying on data collection and aggregation must pay a special attention to data quality helping banks and financial institutions to comply with AML regulations and mitigate the risk of financial crime.
There are hundreds of sources from which data can be fetched. Besides Intrenal sources of financial institutions there are external public sources such as company registry, stock exchange, regulatory or global data vendors e.g. Bureau van Dijk, Dun & Bradstreet, Refinitiv, etc.
The way data is fetched could vary as well. On one hand, the most popular web scrapping approach for web based sources, on the other hand, much faster and more reliable API based approach if a given source supports such integration.
When it comes to data quality testing the following “4C” approach can be applied:
- Complete data – to ensure all required data points are included (nothing is missing).
- Comprehensive data – to ensure all required data points are populated with data.
- Consistent data – to ensure all required data points are retrieved correctly without any corruption and loss in consecutive attempts.
- Credible data – to ensure how much collected information is up to date and to ensure it comes from reliable sources.
There could be multiple reasons why data quality may be affected:
- Incorrect integration with a source – ensure that data is correctly collected, transformed, and stored in a target system.
- Poor performance – evaluate how a system performs under heavy loads for integrated source and ensure caching mechanism are working efficiently and effectively.
- User interface – ensure data is correctly rendered and properly handled in case of CRUD operations on data.
The consequences of failing with data quality may result in:
- Lack of trust in the information provided by KYC/CDD solution
- Far-reaching implications for financial institutions (financial penalties, reputational damage, legal action, and adverse impacts on business operations)
Therefore it is crucial to make sure information used in KYC/CDD is reliable, accurate and complete.