Ian Henderson

The Pitfalls of Stored Data: Why AML Compliance Needs Primary Source Data

Stored data is old data by definition, and old data is unreliable.

With stored data, companies cannot be sure whether their information is accurate. The world moves quickly. Who’s to say information collected weeks ago is still relevant?

Worse, bad actors know how to probe for weaknesses in KYC processes. They understand that stored data often remains undisturbed, so they time their activities in a way that allows them to fly under the radar. For financial institutions attempting to curtail rising issues of money laundering and avoid accidentally funding criminal organizations, this dynamic poses a significant challenge.

Regulators, too, are aware that organizations relying on stored data cannot reliably meet expectations. In the past, stored data may have been the common solution, but today’s governments and supranational organizations do not have the patience for outdated solutions that open the door for unnecessary problems. They want results, and because the tools to deliver those results already exist, their patience is running out.

Primary source data is not an alternative to stored data; it is a direct replacement. With primary source data, companies cannot only guarantee that their information comes directly from the legally reliable source, but they also can be rest assured that the collection of that data happened in real-time at the moment of the request. Instead of hoping stored data remains relevant, companies can use accurate data and act confidently in the knowledge the data is always up to date.

Why should every company rely on primary source data?

If you haven’t experienced the difference for yourself, you may not realize just how dramatic the improvements from stored data to primary source can be. Consider the following drawbacks of stored data that disappear after switching to primary source data:

  1. Stored data goes stale quickly.

Stored data does not remain relevant long enough to be worth procuring. Where primary source data is always reliable by virtue of its immediate sourcing, stored data may not even be reliable at first pull. Who’s to say how recently the data updated before the pull? Only primary source intelligence provides verifiably up-to-date insights.

  1. Risk exposure increases with time.

The longer stored data sits, the more likely and severe the potential business and regulatory risks become. Yet, many firms continue to rely on periodic reviews where the highest risk customers are reviewed annually, their medium risk customers are reviewed every three years and their lowest risk customers usually are reviewed just once every five years.  Not many bad actors can take advantage of a window of a few hours, but give them the timelines above, and they will have all the time they need to circumvent traditional compliance safeguards. 

Questionable accuracy of information creates uncertainties.

Stored data does not just do harm by virtue of being stored. Many times, stored data does not even reflect accurate primary source information at the outset. This uncertainty limits the ability of organizations to act on the insights they have, calling into question the entire purpose of data sourcing. Primary source data removes these questions and allows companies to make more informed KYC decisions.

  1. Lack of coverage leads to repeated effort.

When stored data doesn’t have all the answers, someone has to go looking for new information to fill in the gaps. These manual processes are time-consuming headaches that introduce new opportunities for human error into processes and can be extremely expensive.  Oftentimes, companies end up running remediation projects that are outsourced to other firms — costing anywhere from £1,500 to £6,000 per customer. Perpetual KYC can dramatically reduce the fees spent on remediation. 

  1. Ongoing monitoring demands better

The world of compliance is changing. Ongoing monitoring already empowers companies to do more with their data. Stored data as a concept is on the way out, and as ongoing monitoring becomes the norm, primary source data will be the only respected type of intelligence.

Is it difficult to move from using stored data to primary source data? It can be — unless you find the right partner. Kyckr has been working exclusively with primary source data for 10 years, long before the market began to demand a higher standard. We’ve built relationships with over 180 corporate registries across the world, including China. We have led the way on corporate primary source data since our inception, and we will continue to do so as markets, regulations, and threats evolve.

Ian Henderson is the CEO of Kyckr. Mr Henderson was most recently the CEO of a leading UK-based private and commercial bank, and during his two-year tenure he drove the successful and profitable diversification of the banking business. He also covered the role of CEO at Shawbrook Bank, one of the first UK Challenger banks, where he delivered the bank’s first ever profit. Mr Henderson previously held the roles of Chief Operating Officer of Barclays Wealth Private Banking where he was responsible for risk management & control of Barclays’ core private banking business in the UK and parts of EMEA and Asia. He was CEO of RBS International from 2005 to 2010 and during his tenure, profitability doubled, and the division was named the best performing general banking division in the RBS Group. Mr Henderson spent a total of 17 years at Royal Bank of Scotland where he was responsible for business and marketing strategy for the Royal Bank of Scotland and NatWest brands, comprising 2,400 branches and 13 million customers.