Continuous KYC and transactional monitoring: the end of spot checks

Contents

SPOT CHECKS: STILL SOME WEAK POINTS
KYC CONTINU: TOWARDS THE END OF "CHECK AND FORGET
TECHNOLOGY REDEFINES TRANSACTIONAL MONITORING
KYC CONTINU: THE FUTURE STANDARD FOR FINANCIAL COMPLIANCE

KYC, for Know Your Customer, has become an essential pillar in the fight against money laundering and the financing of terrorism. Increasingly widespread, this approach makes it possible to strengthen security, meet compliance requirements and, above all, get to know customers better in order to anticipate risks.  

The problem is that, in operational reality, KYC is too often confined to a one-off control logic, triggered at fixed intervals or on the occasion of a regulatory audit. This approach is easily explained: faced with the exponential mass of data to be collected, processed and correlated, maintaining constant vigilance is still a challenge for many institutions. However, in an environment where fraud techniques are being renewed at a frenetic pace, and regulatory requirements are becoming increasingly stringent, this method is rapidly reaching its limits. The context is changing faster than the processes. What's needed now is living, adaptive monitoring, capable of picking up weak signals, adjusting vigilance levels in real time, and transforming compliance into a mechanism for anticipation rather than an exercise in catching up. 

SPOT CHECKS: STILL SOME WEAK POINTS 

Historically focused on onboarding and periodic reviews, spot checks have a number of drawbacks: 

- Customer changes are difficult to take into account: the interval between two periodic reviews creates a significant "risk window": changes in a customer's profile or behavior (change of beneficial owner, appearance on a sanctions list, unusual activity) can go unnoticed for several months. Periodic checks, while interesting, offer a fixed image of the customer at a given moment, without always reflecting the dynamic evolution of his risk profile over time and his activities. 

- The persistence of false negatives or positives: the absence of real-time correlation with transactions can generate false alarms (false positives) or, more embarrassingly, make it difficult to take certain suspicious transactions into account (false negatives). This requires manual investigation, which is costly and time-consuming. 

- A gap in compliance: in the AML-CFT field, regulators such as the ACPR and Tracfin are increasingly insisting on the need for constant vigilance and an evolving risk-based approach, as specified, for example, in the French Monetary and Financial Code. Simply carrying out periodic checks is no longer enough, and companies are exposing themselves to loopholes and even risks of non-compliance that can cost them dearly. 

KYC CONTINU: TOWARDS THE END OF "CHECK AND FORGET 

Perpetual KYC is the appropriate, operational response to the limitations of one-off checks. Perpetual KYC is a process of verifying and constantly updating customer information throughout the business relationship. Rather than a cyclical review, it is an event-driven, automated monitoring of risk. 

Compared to spot checks, continuous KYC offers several advantages: 

- Reduced AML-CFT risk: by immediately detecting changes in risk (change in status, new PEP, negative media mention, modification of beneficial owner data), the entity can adapt its vigilance measures in real time, either by stepping up vigilance or by terminating the relationship with the customer(s) concerned, in order to avoid finding itself in a non-compliant situation. 

- Enhanced compliance: continuous KYC ensures the constant vigilance required by regulations. The joint ACPR/Tracfin guidelines encourage the use of automated systems to segment risks and refine customer knowledge. 

- Greater operational efficiency: the automation of verification processes (calling up external databases, verifying sanctions) reduces the workload of AML-CFT staff, who can then concentrate on genuinely high-risk cases. 

- improved customer experience: by limiting repetitive requests for documents, a source of frustration for customers, the perpetual KYC approach makes the relationship more fluid, particularly when marketing new products or services. 

WHEN TECHNOLOGY REDEFINES TRANSACTIONAL SURVEILLANCE 

To deploy continuous KYC effectively, the use of advanced technologies is essential, with AI at the forefront. These tools not only create dynamic risk scoring, where a customer's rating adapts in real time according to observed events and behavior, but also automatically keep essential information, such as SIREN numbers or legal statuses, up to date, thanks to API integration and regular checks of sanction lists. In addition, these technologies enable widespread transactional monitoring, a true extension of continuous KYC, which analyzes every transaction in the light of the customer's known risk profile, ensuring constant, proactive vigilance against anomalies and suspicious behavior. 

However, transactional monitoring is not limited to threshold detection. It is also based on risk scenarios and behavioral analysis. Any transaction or series of transactions that deviates significantly from this reference model (amount, frequency, geography, etc.) generates an alert. Similarly, algorithms identify laundering schemes (structuring, round-trip movements, use of multiple Beneficial Owners ) that would escape a simple threshold check. 

KYC CONTINU: THE FUTURE STANDARD FOR FINANCIAL COMPLIANCE 

Continuous KYC will become mandatory for all entities affected by AML-CFT. Indeed, an " AML package ", a new European regulatory directive on the fight against money laundering and the financing of terrorism, was published on June 19, 2024.  

This text aims to improve the organization of national AML-CFT systems, and will be applicable in 2027. AMLD6 (for Sixth Directive) came into force on July 10, 2024, and must be transposed by member states no later than three years after its entry into force, i.e. July 2027. The APCR points out that this new regulation " requires supervised entities to identify and verify the identity of their customer before executing a transaction on an occasional basis. In France, identification and verification of the identity of occasional customers is currently only required in the event of suspicion of BC-FT, when the transaction exceeds certain thresholds." This text "extends the information to be collected on customers. "  

Only an integrated technological approach combining automation, AI and data analytics will enable ongoing KYC to deliver on its promise: that of transforming compliance into a lever for trust and performance.