As these regulations and consumer behavior evolved, so did KYC/AML processes. Before, KYC was often paper-heavy and required in-person interactions. Today, modern identity verification (IDV) tools allow users to verify their identity in just seconds.
However, the same cannot be said for many regulatory processes with the landscape becoming increasingly complex. Regulations are constantly changing, and businesses need to stay abreast of their requirements for each geography they operate in, demographic they serve, and more.
Unfortunately, many RegTech solutions and infrastructure aren’t able to keep up.
The problem with existing compliance solutions
Given the sensitivity and seriousness of the work involved, compliance requires best-in-class tools — technology that historically has not been available to these teams. Compliance systems are often utilitarian, but neither comprehensive nor user-friendly, which limits the visibility required for thorough investigations and remediation. The tools are disparate and hyper-specialized in particular processes rather than making teams more efficient. Put simply, they help with tasks but don’t solve major pain points.
As a result, while compliance has moved from checkbox to strategic function, its supporting technology has not.
This is problematic, as businesses need agile solutions that can adapt to ever-changing regulatory environments. Compliance can’t wait on engineering resources, code review, or the like — they need to adjust and deploy quickly so their companies don’t face significant fines, class action suits, and other penalties. Ultimately, configurability and adaptability will become table stakes for compliance technology as more regulations are proposed and passed both at the state and country level.
RegTech: an agent for growth
While collecting and verifying user information is the necessary baseline to prevent fraud and financial crime, how businesses go about doing it can actually set them apart. Specifically, if they can deliver a seamless user experience during their mandatory processes (such as KYC/AML) — and streamline these tasks — they can transform compliance from simply a requirement to a point of differentiation.
Compliance is often cast as an impediment to higher conversion numbers, but flexible, cutting-edge RegTech solutions can help set organizations apart by saving them time, allowing them to offer a better user experience, and helping them stay compliant, fight fraud, and build trust.
With an agile solution, compliance teams are no longer pitted against growth. Instead, they can collaborate to dynamically adjust friction for risk segmentation during KYC/AML and apply their ideal balance between fraud mitigation, compliance, and conversion. They can focus their attention on higher-risk users. And they can get a more complete picture of individuals to make better decisions faster.
No longer a case of build vs. buy
While compliance teams may think their options are limited to building or buying, the reality is much more nuanced.
By themselves, both options have faults — building compliance infrastructure in-house ensures it’s hyper-tailored to your needs, but it takes a lot of effort to productionize and maintain. Ensuring it’s able to stay on top of ever-changing regulations isn’t any easier. Meanwhile, off-the-shelf compliance tools often tout their machine-learning capabilities as the silver bullet that’ll magically solve all your fraud and compliance issues. Unfortunately, these promises are often too good to be true.
Because financial institutions have a myriad of proprietary payment and compliance tech (a lot of which can be decades old), in many cases the best option is to build and buy — in other words, partner with a platform that can integrate with the systems and tools they already use and automate processes to help compliance teams combat fraud and promote growth.
Persona: The next evolution of RegTech
At Persona, we strive to do more than just check the boxes for what compliance teams need. One of our main goals is to help them do their jobs more efficiently and address their pain points through automation and configurable tools. In addition to offering building blocks organizations can use to design the identity programs they need to adapt to changing regulations, fight new types of fraud, and build trust, we also listen to our customers and build features to eliminate their tech and resource burdens and reduce overhead costs.
For example, one industry-wide problem customers often mentioned was the FinCEN314a screening process.
Today, organizations often spend days trying to compare FinCEN314a lists to their user base — a mandatory resource-intensive process that happens every two weeks. While some organizations have piecemeal solutions to help make their team more efficient, none we spoke to had figured out how to automate this and ensure accuracy.
After seeing this problem repeatedly, we decided to build a solution that allows organizations to upload the FinCEN314a list to Persona, automatically compare it to their existing user base (usually within less than 10 minutes), use our case management system to review any matches that come up, and perform follow-up actions in their other tools (e.g. CRMs and customer service software) via our marketplace integrations — all within Persona.
Using tools that specialize in making these processes easier and ensure everything is housed in the same place will be a game changer for most organizations. Instead of compliance teams spending days manually comparing users to a list, they can spend their time on more business-critical initiatives.
Ultimately, this usually also ends up saving organizations money, as the cost of a tool is typically much lower than either fines for being out of compliance or the engineering burden of building and maintaining an internal resource.
Another universal issue compliance teams in the financial space face is false positive matches.
While we’ve always allowed companies to configure their match criteria based on their risk tolerance and surface certain verifications to some individuals but not others, high false positive rates take time and mental capacity away from manual review teams.
Even worse, it creates the baseline assumption that everything is a false positive. The vast majority of hits on a watchlist screening are going to be false positives — it’s very rare that a watchlist screening will surface real money laundering or a financial terrorist. However, while true matches are rare, you can’t assume everyone is a false positive, or you could miss real signals during manual review — or worse, start devaluing the hits you receive.
We knew this was another compliance task we could optimize.
Our Watchlist Portrait Match solution allows organizations to enrich watchlist matches with photos of individuals, decreasing the rate at which false positives are surfaced. For individuals who have both a photo on file and a name that matches an entity that is covered, we’re able to reduce false positive matches by 99%. This will be massive for manual review teams, as it gives them the ability to refocus their efforts on revenue-driving activities rather than continuously reviewing false positive hits.
Both of these solutions — and other features like our SAR filing tool — work because Persona’s compliance suite doesn’t just cover the basics of any KYC/AML program, but instead offers a full platform to manage identity throughout each customer’s lifecycle.
And this is just the beginning — we’re excited to continue partnering with organizations to develop novel workstreams that push the compliance industry forward.
The future of compliance
As RegTech improves, compliance will be a vital participant in company growth.
One of the keys to this will be leveraging underutilized data, such as face portraits, to combat financial crimes. Today, users generate myriads of written, audio, and video content, but most of this information is wasted from a compliance perspective because teams aren’t able to ingest and assess it at scale — this is why we’ve invested in tools like Graph and Watchlist Portrait Match.
In the future, we see compliance teams relying less on spreadsheets and database queries. While those still have a place now and in the future, compliance investigations won’t be limited to these archaic processes, and teams can channel their energies into what they are meant to do — creating safer, trusted services, interactions, and communities for us all.