By Ian Henderson, CEO of Kyckr

Data is the lifeblood of modern financial institutions, and Know Your Customer (KYC) and Anti-Money Laundering (AML) teams make critical decisions based on customer data. But KYC compliance has historically been an onerous task littered with inefficiencies and gaping holes in data. While there is a constant flow of information between banks and third parties, numerous banks still use and rely on stagnant, outdated data stored in systems for risk identification and mitigation purposes.

To be compliant with anti-money laundering and KYC regulations, financial institutions must collect, verify, and validate client data to onboard customers and perform the required level of customer due diligence. This is done by applying a risk-based approach proportionate to the level of money laundering and terrorist financing risk.

We have all heard the phrase: “You only get out what you put in.” Compliance is no different. Better quality data means better results. Below, we assess the different types of data used in KYC and AML compliance — primary-source intelligence and stored data — and the risks associated with the latter.

Primary-Source Data vs. Stored Data — What’s the Difference?

Primary-source data is original, first-hand data collected directly from the source. For example, during the process of opening a business account, information regarding the legal entity is obtained from the official company registry at that specific point in time. On the contrary, stored data is as it suggests: stored or cached data in a system that is outdated by nature.

Even if information comes from the same source, it is only primary-source data if there is a time and date stamp in the present moment. Time is the differentiator when comparing primary-source data and stored data, as it is a universal law and guiding principle. Everything changes over time and customer information is no different.

What Are the Risks of Relying on Stored Data?

If we assess data in four contextual parameters — quality, time, quantity, and cost — stored data can pose serious risks to an organization.

Stored data is outdated, thus cannot be effectively used in time-sensitive KYC investigations. Furthermore, stored data lacks quality as its information is often unreliable. Although it may initially be perceived as savings, using stored data may end up costing your business more if used to make important compliance decisions. Leveraging stored data in vast quantities can be catastrophic and debilitating to your business. The risks of using stored data seriously outweigh the benefits.

Regulatory and Legal

Money laundering and other criminal activities are an ever-present threat to financial institutions. The United Nations Office on Drugs and Crime estimates only 1% of illegal funds are frozen or seized by the authorities. Fighting financial crime is a monumental task, and outdated stored data creates unwanted obstacles by taking on criminals with one hand tied behind your back.

What are the implications of non-compliance due to poor quality data? Would it be regulatory or legal action? Or worse, could it be both? There may be fines, imprisonment, or a banking license revoked in the event laws or regulations are breached. Is it worth the risk? Do not let stored data be the reason why regulators take punitive action.

Money Laundering and Terrorist Financing Risk

Missing compliance red flags creates an unwanted opportunity for money launders and fraudsters to commit crime. The risk-based approach means “banks should identify, assess, and understand the money laundering and terrorist financing risk to which they are exposed.” Poor-quality data fundamentally compromises the risk-based approach, rendering it obsolete, which is why the biggest risk is always the unknown.

Risks associated to KYC Customer Due Diligence

KYC reviews of customers are undertaken according to risk categorization: high-risk customers are reviewed annually; medium-risk every three years; and low-risk customers approximately every five years. From there, risk exposure increases over time. Outdated information is an ever-present risk in KYC reviews, impacting remediation efforts and the ability to mitigate compliance risks effectively. Customers change, which means so does the underlying data.

Changes in Ownership

Identifying and verifying corporate ownership structures using stored data is pointless. Criminals hide behind a veil of corporate secrecy. Reliable and accurate data is paramount for identifying beneficial owners. Organizations must therefore use primary source intelligence to identify corporate shareholding structures and the true owners of entities to understand with whom they are doing business.


Financial institutions need to be more efficient without compromising quality or compliance with regulations. Improving KYC processes must start by addressing poor-quality data. The sooner banks and financial institutions iron out data issues by eliminating the use of stored data, the faster they can transition to a more robust compliance operation — a win-win for banks, customers, and regulators. The need for more complete and accurate data is greater than ever before, but stored data is a ticking time bomb. The time has come to integrate primary source intelligence in your compliance function to save costs and reduce compliance risks.

About the author: Mr Henderson was most recently the CEO of a leading UK-based private and commercial bank, and during his two-year tenure he drove the successful and profitable diversification of the banking business. He also covered the role of CEO at Shawbrook Bank, one of the first UK Challenger banks, where he delivered the bank’s first ever profit. Mr Henderson previously held the roles of Chief Operating Officer of Barclays Wealth Private Banking where he was responsible for risk management & control of Barclays’ core private banking business in the UK and parts of EMEA and Asia. He was CEO of RBS International from 2005 to 2010 and during his tenure, profitability doubled, and the division was named the best performing general banking division in the RBS Group. Mr Henderson spent a total of 17 years at Royal Bank of Scotland where he was responsible for business and marketing strategy for the Royal Bank of Scotland and NatWest brands, comprising 2,400 branches and 13 million customers.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.