Izengard Customer Journey - KYC (Onboarding) / CDD
Izengard drives process driven best practices in onboarding, due diligence and on-going CDD. The tabs below will apply to all industries. The difference largely being in the Crypto space where anonymized ID tokens have to be extracted and then ID determined through other means. Izengard ingests multiple regulatory requirements and where possible auto-classifies/categorizes and uses information obtained during on-boarding to determine the appropriate course of action. For investments, capital markets the categorization and suitability steps are more onerous and in-line with best practices and regulatory requirements.
Izengard is designed for perpetual KYC. A KYC tool on it’s own cannot do this and relay the facts back to Fraud, Sanctions or Transaction Monitoring without these modules being part of the suite. In this case those tools whilst they espouse perpetual KYC fall short, because it is actually a multi-way bargain, you have to understand root causes in other areas such as Fraud, Sanctions, Cyber and Transaction Monitoring to handle perpetual KYC in it’s fullest sense.
Depending on client requirements, Izengard does not just rely on local government and other sources for verification of the customer, and therefore is not limited to one jurisdictional ID&V check. If the client requires a more regional/global and social media check to verify key parameters, Izengard can be set up to do this. If a customer is already known to Izengard due to its consortium database, Izengard provides additional information on a request basis. Izengard applies document verification techniques and other artificial intelligence techniques to determine if documents supplied are forgeries or real. In addition, where there is real time feeds to other organizations available for education, salary/income and other checks, these can be easily incorporated by KYC analysts in Line 2 or Line 1 based on organizational permissions.
Izengard has in particular a range of checks that do not impact the customer onboarding experience by doing the following:
a) Scan one local plus N configured local/regional/global data sets for government approved ID and indicate when each of the data sets was last updated. Izengard has multiple integrations with 3 to 4 global/regional/local ID&V providers.
b) Work with a range of document verification services to verify the validity of the documents submitted, including names, aliases etc and addresses, locations, salary, employer etc
c) Apply AI based NLP and Computer Vision to examine any key discrepancies in the documents provided and determine if there indeed has been any potential tampering or forgery committed
d) Call Izengard’s sanctions/name screening module to perform a sanctions check on the individual
e) Based on the results from above, allow the following options:
- Allow full onboarding
- Allow partial onboarding with limits set until full CDD is complete
- Deny onboarding and present reasons
Once the initial ID&V checks are done and assuming that there is a full or partial approval to proceed, then there will be an initial segmentation.
For retail and corporate customers the categorization is different, it is also different if it is a financial institution or a fintech. For customers that are also getting into investments in capital markets, the categorization criteria is different.
Izengard regularly updates it’s criteria and allows over-rides which are logged to avoid potential tampering. The categorisation is often used in conjunction with further segmentation, product/service suitability and economic risks to help assess the risk of the customer carefully.
Standardized CDD procedures are built into Izengard’s workflow with appropriate approval steps and integration with third party datasets as required. In general, standardized CDD, will do the following:
- Ascertain if the income declaration makes economic sense
- Ascertain if the customer is in a high risk industry or a high risk employment role
- Take into account credit worthiness and liquidity needs of the customer to allow them access to the required banking products.
- Ascertain if sanctions or other risk factors are present that make this customer a high risk
- Ascertain if they are related to other parties economically, politically or through blood relationships that also mean that this customer may be classfied as high risk
- Ascertain potential vulnerability, could be based on age, digital savvyness, medical conditions declared etc that could potentially make them highly susceptible to manipulation.
- Follow local/group policy and other regulatory requirements.
- Create RFI (request for information) requests to obtain more information from the customer for validation
- Decide if based on these findings, the customer needs enhanced due diligence
For retail, corporate and other financial services market participants, it is necessary to understand their sources of income.
With retail customers it may come from salaries, or dividends paid out of equities or returns from annuities or other investments.
For corporates this will be their revenues earned and/or in some cases it will be based on their free cash flow based on retained earnings and other cash generating instruments they may pose.
With financial intermediaries, not only are similar steps as corporates performed, but additional regulatory background checks and a review of their banking KPIs, such as RWA, CET1 ratio, LCR may well be taken into account.
Izengard allows this to be done programmatically vis REST API calls or by collecting information via RFI requests.
Source of Income is used to help analyze peer behavior and to determine if expenditure and financial transactions are commensurate with declared income and capacity levels
Source of funds needs to be calculated and often the data is obtained via several different sources.
Source of Funds (SoF) refers to the origin (i.e. how the funds being deposited with the bank were generated) but also includes the means of transfer of cash/deposits, precious metals or financial instruments deposited with a bank, focusing on the initial deposit amount and expected deposits during the business relationship.
Izengard helps capture some of these mappings and with estimates of the funds, the frequency of transactions and where values of certain assets can be obtained via non-opaque means can create risk indicators for downstream models to analyze actual behavior versus declared behavior and challenge this assumption.
Izengard provides mechanisms for collection and calculation as well as workflows for approval and extraction of risk indicators for downstream risk detection models.
Source of Wealth (SoW) refers to the total wealth of the majority of the wealth of a customer, i.e. activities which have generated or contributed to a customer’s accumulation of funds and assets. SoW therefore describes how a customer acquired their total wealth over time i.e. the sources through which the wealth was generated.
Izengard builds a calculator for source of wealth and it varies depending on the line of business, the type of customer and if there are best practices or regulatory requirements.
Izengard is the most comprehensive Source of Wealth capability in the industry, taking into account the following:
a) Verification processes :- often involving documents and call reports (customer discussions) and other third party sources. If the customer has a long history with the bank, transactional data can verify, but if it is a new customer the process needs a lot of external input
- Implementation of bank controls have been applied correctly (assessment of documents/sources, rating across it, due diligence notes, follow ups etc). No checkbox exercise
- Analysis of the timeline of wealth accumulation and expected movements in prices of the underlying assets measure up to the customers overall (or KYC analyst) SoW estimate
- Analysing volatility in the source of wealth because of the highly liquid nature of the assets
- Determining if the assets co-owned by people who are on sanctions/terrorists lists or operated by entities which are dubious in nature.
- Identifying all the entities where the customer has a significant interest or influence. Determining if there financial dividends or equity from these, and if there any grounds to doubt the authenticity of these entities and their risk assessment for financial crime
- Analysing the impact of drawdown risk on these assets over time. If the drawdown is happening in large amounts, is this a potential red flag?
- Profile the entire source of wealth, timeline it, challenge it with Izengard best practices and red flags.
b) Corroboration :-Variation analysis to determine if Izengard’s analysis verified is consistent with the information provided by the customer
c) Determination if there are potentially sanctions issues related the accumulation of funds? i.e. blood diamonds, drugs, armaments, terrorism, proceeds out of war crimes, human trafficking, multi-level organizational holdings, tax evasion
d) Determination of which KYC/CDD red flags/obligations are potentially broken from a regulatory perspective with this both in the current regulatory jurisdiction but in other regulatory jurisdictions that the customer is in or has entities or sources of wealth in.
Suitability is tied to the customer categorization element done early. The workflows for product/service suitability especially for investment type products are often relayed to the customer by a Relationship Manager. In this way, a one on one record of the conversation, advice given and client instructions to proceed despite risks etc is undertaken.
The requirements for a retail investor versus a professional investor are different and so is the level of criteria applied to the conversation. Izengard’s modules are capable of:
- Transcribing audio into call reports via NLP and getting the RM to approve these.
- Guiding the RM based on suitability requirements and if necessary to reject the customers request for the product/service if reasonable suspicion of risks related to crime are ascertained
- A log of changing suitability requirements by customer are kept and if there are overrides where Izengard has rated the risk high or very high, immediate escalation for approval to key individuals identified in the escalation workflows are required,with either full consensus or majority consensus of 60% needed.
- Internal audit is always informed when there is an escalation and can provide a veto which is then approved by the COO/CEO of the designated business unit.
In general if any of the above steps, raises red flags, these are then escalated to a specialist team for Enhanced Due Diligence. EDD also applies to cash intensive business and DNFBPs (Designated Non-Financial Business Providers – often gatekeepers like accountants, tax advisors, lawyers etc).
The specialist team takes into account the range of red flags and risks raised and makes a determination to proceed or prohibit/de-bar the customer from services. In a more extreme situation and due to the risk they may deny a banking relationship.
However, in most cases, this is then often discussed with the CRO/Credit Risk and credit risk limits and transaction limits in terms of value, destinations, transfers, payees etc is often put in place. Enhanced monitoring is then commissioned such that Sanctions, Fraud and AML Transaction Monitoring will know that certain red flags must be continuously monitored often with the thresholds set by limits on the customer to ensure that any suspicious activity is escalated.
Izengard provides an EDD module and a case management workload for EDD staff to make these determinations and as soon as these determinations are made, Izengards detection models and profiling are updates, so that Sanction, Fraud and TM modules will automatically conduct enhanced monitoring on the customer (either at overall relationship level, account level, or a combination of both).
After all of the previous steps are completed, Izengard can be set up to auto-calculate an initial risk rating and have it then reviewed or approved by a KYC leader.
Alternatively, the KYC team can override automatic calculation and create their own calculation of the risk rating and then align that qualitiatively to segments.
Izengard for fraud,sanctions, cyber-security and transaction monitoring creates different segments for it’s internal detection models based on peer groups. This could be a combination of the following factors:
- Risk Rating
- Age Group
- Digital Savvyness Index
- Channel usage
- Product holdings
- Income
- Source of Wealth calculation
- Limits/Thresholds imposed by the bank.
These segments and various risk indicators are added into the Izengard Mind Map which creates a profile and then holds historical plus future digital behavior by risk indicators and is used to detect anomalies and help machine learning and rule based detection models.
Izengard assesses a customer not just on AML risk factors, but also on other characteristics that are identified via cyber-security and via IT Risk Assessment as well. If Izengard’s consortium model has come across this customer, even though tokenized, it can add any additional data points from the consortium model to the risk assessment. Risk assessments are driven by a combination of best practices, regulatory requirements and by the product risks/suitability requirements above as well as taking into factors from the source of wealth/source of funds processes above. The important difference in Izengard is that this is not a questionnaire approach but it is threat intelligence driven, locally, regionally and globally via global threat intelligence AML database that Izengard has sourced and integrated into our KYC. Clients can add additional criteria which may be specific to jurisdictions, to their policy and to their regulatory or line of business to the risk assessments. Izengard will notify clients if the factors in the risk assessment do not live up to observed behavior. Once the final risk rating is completed, Izengard sets up an internal and an external segmentation for assessing peer risks with other modules (fraud, transaction monitoring, sanctions screening, device profiling).
Once the initial risk rating and initial segments are recommended, the process is ready to deal with risk assessments.
Izengard supports the set up of an Enterprise Wide Risk Assessment (EWRA) and is often done during initial implementation and then Line 2 Risk Assessment specialists, can go in and modify these assessments by adding new categories, new criteria, change scoring method and if necessary remove old or redundant categories.
The individual risk assessments within EWRA are driven by Izengard’s respective modules. However, Izengard doesn’t waste Product/Channel Owners time because it combines Sanctions, Fraud, AML and Cyber risks with products and channels into one and allows the Product/Channel owners to fill this out based on deadlines set for them.
All of the Izengard risk assessments are organizational structure aware including geo-locations, branch versus full fledged holding company or subsidiary. Izengard’s Risk Assessments can be seen at individual line of business level or rolled all the way to Group structures.
Izengard handles economic risks differently for retail customers vs corporates vs financial intermediaries.
In essence, much of the economic risk for the individual comes from a the economic purpose of what they intend to use the bank accounts for. In general, patterns of luxury items/travel spending, general utilities/credit card spending, regular money transfers and regular spend such as groceries/dining out etc. This helps as an initial guide as to what to expect when looking at transactions that do not make economic sense when compared to income, source of funds, source of wealth.
The risk from corporates and financial intermediaries come from what are the main economic sources and regular spending/transfer habits of these organizations. Any surges which are later caught out by fraud, transaction monitoring etc are then able to understand transactions that do not make economic sense.
Izengard incorporates best practices and general economic indicators where possible for industries, inflation, volume of exports/imports, peer analysis and a wider capability to determine transactions that do not make economic sense.
Izengard supports the industry definition of high risk customer (retail or otherwise) and therefore applies a higher risk criteria as well as enhanced monitoring. In general all high risk customers go through enhanced due diligence anyway.
High risk customers can include (non-exhaustive):
- A Politically Exposed Person (PEP)
- A professional with a license/qualification to operate as a DNFBP
- A cash intensive business (i.e. remittance businesses, casinos)
- A charity or non-profit – including those with religious links
- Jurisdiction of customer
- Jurisdiction in which funds likely to be transferred to
- Sanctions on significant shareholders or those in direct control of the company
- Sanctions on products/services of company
- PEPs in direct control or on board of the company
Izengard allows these to be set up in such a way that these risk factors are dissected and put into Izengard’s anomaly detection and typology detection models.
Related party risks are often considered in terms of influence on the customer. In many cases, co-ercion, bribery and ethics risk can remain due to external forces.
Izengard’s risk assessment here focuses on the following (non-exhaustive):
- Family members who are PEPs or high risk individuals due to other criteria
- Joint accounts
- As indicated in the high risk criteria, if there are PEPs on the board or in direct management control.
- Significant investors who are designated as high risk, or level of control or influence
- Ultimate Beneficiary Owners, even via complex structures – AML/CTF risks against those and how subsidiaries may be used for layering or integration.
The credit risk of a customer and especially a declining one is often seen as a potential opportunity for fraud or money laundering. This depicts the vulnerability of the customer.
Izengard does not generate the Probability of Default or the Loss Given Default credit risk characteristics. Institutions that calculate this on an event, daily or periodic basis can integrate their REST APIs or data set’s into Izengard.
Izengard does maintain the history the changes in credit risk ratings both internal and external for customers, in order to correlate whether this may have influenced fraud, or money laundering events.
Since Izengard builds in product/service suitability into our KYC/CDD module, it is also used in the risk rating of the customer.
If the product is cash intensive and the expected usage of the product exceeds what the customer was initially using it for, it may indicate that the product is being used to conceal criminal activity.
Izengard does a variance analysis of actual product/service usage versus initially expected use, so that patterns of abuse of a product/service can be found.
Izengard focuses on several aspects of the geography surrounding customers:
- Their address location as provided during onboarding.
- Their typical travel destinations
- The destinations to which they transfer funds to and the reasons why.
- Their customers locations and currencies involved in transfers as well as the typical economic reasons for the transactions
- Expected movement of funds between subsidiaries, branches, sister companies controlled by the same UBO, especially if those are in other geographies
Izengard takes these as risk factors and builds them into the profile of the customer and later uses these for comparison when anomaly and typology detection models are deployed.
Izengard supports ISIC and NAICS codes for industry classification of customers. In addition, Izengard has a wide range of job specifications based on various industries.
Izengard treats retail customer versus corporates and financial intermediaries differently for employment or industry risk.
For example, for retail customers, some of the following factors are assessed (non-exhaustive):
- Profession
- Licenses or Qualifications
- Years in Profession
- Years in Industry
- Name of Company they are employed by – has employer been sanctions, fined, regulated
For corporates or financial intermediaries, some of the following risk factors are considered (non-exhaustive):
- Designated ISIC/NAICs code
- Comparison of P&L, Balance Sheet, Financial Ratios or other competitors in the geography, region or globally
- Has customer been fined or had sanctions on them? When? What is the extent of damages?
- Product or services the firm offers – do they carry sanctions, cyber or other AML/CTF risks.
- Number of staff
- Last 5 year growth rate in P&L, Balance Sheet, Staff, financial ratios
One of Izengard’s strengths when it is doing anomaly detection or typology detection is to conduct peer analysis and look at trends. In this way Izengard serves as an early warning system for heightened monitoring or to place loss reduction measures (i.e. limits) in place to avoid exposure.
Izengard’s customer risk assessments are flexible enough for clients to add their own criteria, above the pre-packaged criteria. This can be due to policy for example, i.e. crypto or NFTs will not be allowed as collateral against a loan.
In addition, since Izengard is a unified platform, there are cyber risks associated with a customer. These risks are also factored into customer risk rating and are not done separately. This also helps institutions determine who are their digital savvy versus vulnerable customers.
Izengard supports a range of best practices in scoring.
Izengard encourages through it’s best practices to use MECE (mutually exclusive, collectively exhaustive) risk factors.
However, Izengard does realize that some risk factors need to be combined and are correlated in some way.
Izengard offer various methods of scoring, for example it can support the industry standard linear approach with risk weights attached. At the other extreme Izengard can do some level of statistical modelling to derive a risk score with explainability based on an assessments of risk factors without any behavioral data.
Izengard takes the risk scores and then allocates them a qualitative risk rating. This risk rating can be customized and controlled by clients. Allocation can be done manually or via an automatic threshold range.
Izengard typically sees some variation of the below used for assigning the risk scores to a risk rating:
- Very High Risk
- High Risk
- Medium Risk
- Medium to Low Risk
- Low Risk
- Very Low Risk (N/A) – typically to bank’s own subsidiaries or for domestic govt entitites in which the entity is domiciled in.
Izengard uses a combination of the risk scoring above and the risk rating to drive it’s actual versus expected behaviour when examining anomaly detection and typology detection models.
Finally once risk rating is complete, very similar to initial segmentation, the customer is allocated to segments. Segmentation is useful for peer analysis comparisons which are used extensively within Izengard.
Izengard for fraud,sanctions, cyber-security and transaction monitoring creates different segments for it’s internal detection models based on peer groups. This could be a combination of the following factors:
- Risk Rating
- Age Group
- Digital Savvyness Index
- Channel usage
- Product holdings
- Income
- Source of Wealth calculation
- Limits/Thresholds imposed by the bank.
These segments and various risk indicators are added into the Izengard Mind Map which creates a profile and then holds historical plus future digital behavior by risk indicators and is used to detect anomalies and help machine learning and rule based detection models.
Perpetual KYC - On-going CDD Monitoring
Izengard integrates outputs from fraud, cyber, sanctions and transaction monitoring into behavioural characteristics that challenge the circumstances under the original Customer Risk Assessment performed.
If any of these are violated, Izengard queues up the variances for review and gives the CDD analyst wider risk indicators and in some cases with a pre-scribed course of action as determined by the system given risks, regulatory red flags and other information.
The CDD analyst can make a decision and if necessary escalate to the Head of KYC and other leaders as required via Izengard’s workflows.
Leveraging KYC across Cyber Security, Fraud, Sanctions, Transaction Monitoring and enabling the detection of anomalies
Advanced Entity Resolution – Alias entities, hidden entities and profiling
Izengard’s Mind Map module receives entity information continuously and not just at onboarding. The continuous monitoring of the entity (which can be a device, product, customer, financial intermediary, vendor etc) and lifestyle or other changes is what makes Izengard’s entity resolution stand out from the crowd.
Izengard combines entity information from cyber-security, IT risk management, from govt approved data sources, from social media sources, from other third parties at a global level. So if a customer changes names in one country but not another or a retail customer uses multiple alias’ and has different govt ID mechanisms, these are highlighted and escalated for CDD review as and when Izengard is informed or detects these changes happening.
Remember Izengard doesn’t store personally identifiable information without privacy enhancing technologies, so data is usually un-encryptable without specific mechanisms put in place. This rich profiling that Izengard completes across multiple domains and integrating external data sets is what makes Izengard the best perpertual KYC and the most complete crime solution for the industry.
Izengard’s Mind Map is not just resolving entities, but offers an alternative approach when paired with lists and other data sources for Name Screening and Sanctions. The techniques used in the Izengard Mind Map module are more sophisticated and use NLP and other mechanisms better than fuzzy logic alone to handle the complexities in resolution and in name screening.