Getting risk right: 4 tips for implementing managed services for your AML and KYC functions
July 22, 2021
Navigating today’s dynamic compliance landscape has never been more challenging. Or critical. In our report, Fight crime with a well-built, managed solution, we recommend a three-phased approach for organizations looking to evolve their Anti-Money Laundering (AML) and Know Your Customer (KYC) functions with a data-driven, intelligent operating model. This model offers stability during design and start-up and identifies areas where processes can be enhanced and standardized. Financial firms, however, are ultimately still responsible for managing their risk.
Based on our decades of experience, we’ve developed guidance that will help you strike the right balance between risk and reward when implementing managed services solutions for AML and KYC.
<<< Start >>>
<<< End >>>
1. In or Out? Choosing What’s Best for Your Business
Which services you retain in-house and which will be handled by your service provider is unique to your organization. Start by considering your risk appetite along with guidance from regulators. A general rule of thumb is to outsource services that are repetitive or labor intensive, and retain any services that require access to additional research, sensitive data or contact with regulators. (See chart)
This chart provides recommendations for determining which services your organization can retain in-house or have handled by a service provider.
<<< Start >>>
<<< End >>>
2. Assembling Your Teams -- Experience and Quality Matter
Once you’ve selected who will handle which services, think about the right balance and mix of people on each team.
- Your service provider: AML and KYC are complex and involve reviewing and analyzing data from multiple systems and sources. Your managed services team should consist of team leads, subject matter advisors (SMAs), analysts and a Quality Assurance (QA) function. It will be a mix of seasoned and junior analysts, and the key will be to have a quality control framework and a support structure for the junior resources.
- Your organization: Regulators recommend that you retain supervisory controls and managerial oversight over the outsourced services. Preserve QA, SMAs and senior analysts who can deal with escalations and regulatory interactions. Based on our experience, the percentage we recommend you retain in-house should range from 0% to 20% of your overall team size.
3. Managing the Managers
You’ll also need to manage the operational and regulatory risk of both the provider executing your services and the services themselves. Incorporate a third-party risk management program that covers policies, procedures, governance, internal checks, audits and regular risk assessments of the services. Make sure your provider understands your business and the customers they are servicing on your behalf. And, monitor and investigate complaints quickly. Ensure that root cause analysis is incorporated into the services delivered as part of a virtual cycle of improvements.
4. Delivering With Excellence
Timing is everything. From choosing a “big bang” or phased approach to when you can expect to see benefits will depend on your goals. For instance, implementing managed services all at once offers speed. But it often doesn’t yield the best results because your provider has very little time to stabilize execution before taking on higher volumes of work. On the other hand, a phased approach to delivery across and potentially within services will yield better results because it gives all involved time to become familiar with the new processes.
Implemented well, a managed services model for KYC and AML functions can drive impressive results. Our experience shows that on average companies can realize cost savings between 20% to 30% and efficiency gains between 15% to 20% within the first 12 to 18 months, while a robust service will continue to increase productivity throughout an engagement.
Contact us to learn how we can help you digitally transform your operations today.
