In the same way that the City of London, for example, has evolved over centuries with narrow lanes, outdated sewage systems, and inconsistent planning, KYC operations in most organisations have grown in an often reactive way, responding to new regulations, data demands, and technological challenges as they emerged.

This has led to a KYC model that ‘gets KYC done’, and while generally completed in a compliant manner, is still very manual, time consuming, and costly, with significant friction for both the customer and the institution.

A primary driver has been regulatory change. In Europe we’ve seen the introduction of a series of Anti-Money Laundering (AML) Directives, each demanding further adjustments in KYC policies. These have been translated into local laws, adding to complexity, particularly for multi-jurisdictional organisations.

An example is the inconsistent treatment of Politically Exposed Persons (PEPs) across jurisdictions. So, while UK Members of Parliament may not be automatically classified as high-risk domestically, they may be treated as such in other countries, creating a need for nuanced policies that can accommodate these international variations.

Financial institutions’ own internal policies have had to develop in line with regulations while considering their unique operating environments, strategic objectives, and risk appetites.

For multi-jurisdictional entities, this has often meant drawing up country-specific policies while trying to maintain global standards, again resulting in variances between jurisdictions, leading to operational inefficiency.

KYC operations are only as good as the data they rely on, and here too, evolution has been anything but straightforward. Data collected 5 or 10 years ago no longer aligns with today’s requirements, and as institutions have acquired new businesses, introduced new technologies, and grown their operations, data structures have become increasingly fragmented.

With different systems holding different versions of data, often in incompatible formats, the result is a landscape that severely limits the ability to make informed, data-driven decisions.

The lack of common data taxonomies, and awkward challenges such as free-text fields, create further inefficiencies. These problems are endemic in the corporate and institutional banking sector, with its inevitably intricate KYC data structures that reflect the complexity of corporate and institutional clients.

The rapid expansion of operational teams to cope with the labour-intensive nature of KYC work, has driven up costs without delivering a corresponding increase in efficiency. Despite the adoption of KYC platforms like Fenergo and Pega, technologies are used mainly as control mechanisms instead of driving efficiency.

Misalignment between technology and process is a significant problem. Many tech platforms in the KYC space are difficult to configure, not because of inherent flaws in the software, but because it has proved almost impossible to accommodate the sheer variety of KYC operational models that exist today. As a result, the promised benefits of digitisation and automation remain elusive.

Perhaps the most damaging aspect of current KYC operations is the impact on customer experience. While the personal banking sector has achieved some improvements in this area, corporate and investment banking customers have seen little progress.

In fact, we would argue that the mushrooming measures taken to remain compliant have made the customer experience worse, with lengthy processes, excessive and repeated documentation requests, and a general lack of transparency.