Audit Trail for KYC/AML

For obliged entities, Anti-Money Laundering (AML) and Know Your Customer (KYC) compliance are standard operating procedures; that being said, no matter how rigorously and carefully a company complies with the aforementioned regulations, it’s ultimately the third-party auditors who are empowered to determine if these processes meet regulatory standards. This makes it incumbent upon the compliance department to keep a play-by-play account of all actions pertaining to its AML and KYC processes, to the satisfaction of auditors.

Historically, keeping an audit trail has proven to be difficult   

Up until a few years ago, identity checks were done manually. A customer had to present her identity documents, in person, to the onboarding organization. The onboarding agent would then check the document, make a record of it, along with transcribing the information and then creating a file. It was a slow, laborious process, rife with many points of failure; furthermore, clerical errors, inaccuracies and, a lack of expertise in identifying forgeries, would protract the KYC process, or worse, fail to prevent a bad actor from being onboarded.

When it comes to record-keeping, paper files are easily misplaced, lost or destroyed and are difficult to handle, transmit and otherwise manage. Tracking or auditing accounts through the KYC process is difficult or impossible using manual procedures. Add ongoing checks, such as transaction monitoring, to the mix, and compliance starts to look like an intractable problem. The only way for compliance departments to cope with the exacting demands of maintaining a paper trail was hiring more staff – a recourse that wasn’t just cost-prohibitive, but also ultimately unsustainable.

Automating record-keeping

The benefits of electronic identity verification (eIDV) are plenty – among these being the ability to perform identity checks on customers not only instantly and remotely, but also with more trust and accuracy. The one advantage that isn’t highlighted enough is eIDV’s ability to ease – effectively, automate – the process of record-keeping. By virtue of the digitization of the identity check, an audit trail is automatically generated, with a detailed account of every step of the identity verification process.

With eIDV, every stakeholder has a record of what checks were run, when they were run, and the resultant details. There’s no guessing work, no one is anxiously searching for missing files – everything is stored in a central place, with all the details that the auditors can ever ask for.

A digital audit trail offers a mountain of useful data

Additionally, the information has a strategic value: it provides insights into patterns, use-cases and other data points that can improve risk-mitigation strategies as well as provide growth and revenue opportunities. With eIDV, every applicant that enters their information into the system adds to the data analysis capabilities of the system, rather than simply being another difficult record to somehow trace.

With eIDV in place, internal audit processes can account for deeper data sets, can re-run and re-analyze situations to decrease risk, improve performance and better guard against problematic accounts. This “third line of defense” helps protect the entire compliance process, double-checking accounts that have passed onboarding checks. These checks also allow the auditing team to hone their strategy and tactics, test assumptions and otherwise optimize compliance procedures.

The digital audit trail is a cornerstone of creating a resilient, standardized, testable compliance program. Rising above the vagrancies of individual people running and being responsible for account compliance, a systematic compliance program helps protect the company, besides being scalable and adaptable.