Winning a new wealth client is just the start of the relationship. The next step, client onboarding, requires the firm to conduct due diligence including regulatory compliance.
Winning a new wealth client is just the start of the relationship. The next step, client onboarding, requires the firm to conduct due diligence including regulatory compliance. It is where the client sees how the firm performs. Many firms are turning to technologies such as Robotic Process Automation (RPA) and Application Programming Interfaces (APIs) to achieve a streamlined but thorough onboarding process.
This article is Part 2 of our series on the Benefits and Risks of APIs in Wealth Management (“WM”) and here we focus on the Client Onboarding phase. In Part 1 - Focus on Client Engagement, we considered the benefits and risks of using APIs to enhance client engagement.
Critical client experience begins after the client decides to sign up with a firm. The onboarding process gives the client their first experience of how the firm works in practice. It is this “second impression” that firms often find challenging.
Wealth Managers need to conduct a thorough client due diligence (CDD) including regulatory checks such as a comprehensive Know-Your-Client (KYC) and Anti-Money Laundering (AML) to ensure that the client is who they say they are, have ownership of the assets they claim to have, are investing for themselves, are not engaged in criminal or terrorist activities, and are not subject to economic sanctions or other restrictions.
Additionally, certain clients may require enhanced due diligence (EDD) checks based on their profile. High Net Worth Individuals (HNWI) and Ultra High Net Worth Individuals (UHNWI) invest across multiple asset classes and geographies. This can lead to a complex structure of ownership across legal jurisdictions which may require Wealth Managers to engage with a third-party Service Bureau to conduct broader checks and perform EDD.
There are several steps involved in onboarding a client to ensure the Wealth Manager meets all the relevant regulatory requirements and here we highlight some of them -
The manual nature of the above processes can lead to severe bottlenecks leading to delays and frustrated client experience. Therefore, digitising documents as early as possible or better still verifying identity digitally, can streamline the process and the workflow can be moved swiftly through each of the stages of verification, approval, and fulfillment.
But it is not as simple as that. Source documents are often on paper, and legal documents are not structured in a way that can be easily read by a machine. This results in manual data entry and interpretation by humans.
RPA is designed to automate processes that are manual, repetitive, high-volume, rules-based, involving data in a structured format. They can involve front-end (customer-facing) systems such as Customer Relationship Management (CRM) system, or back-end (non-customer-facing) systems such as IT help desks. Processes that involve human creativity or evaluation are not suitable for RPA.
The work is done by a software robot (“Bot”) that interacts with systems that have only a human interface, by mimicking the keystrokes and movements that a human performs on a keyboard.
Bots can assist in processes such as moving or adding clients from CRM to Core Systems and creating client accounts; thus, eliminating the risk of manual copy-paste or re-keying errors from one-system to another.
Bots can also automate a user’s interaction with external web-based applications.
Automating a workflow with RPA involves building a Bot, a sequence of tasks that would normally be carried out by a human. A Bot is “trained” by a human operator recording the keystrokes and actions they would normally carry out during a process. This is similar to the way a macro is recorded in spreadsheets such as Excel. RPA software is more powerful, as it can automate steps across multiple applications (not just within one application). Bots can also be stored centrally, so subject matter experts can design new Bots that can be applied across the organisation.
Bots can incorporate rules to identify abnormal conditions in the data being processed. These may be business rules, or rules derived from Artificial Intelligence (AI) models. As there is a risk of false positives (determining something is bad when it is actually good) and false negatives (determining the condition is good when it is actually bad), abnormal conditions should be flagged for human review, rather than taking automated actions.
The skills required to create, and train Bots are more easily acquired than for traditional programming languages. Business analysts, and in some cases subject matter experts within a team, can combine Bot creation skills with their understanding of the firm’s processes to achieve good results.
While Bots are simpler to create than other software, like other software they should be tested under different conditions, with a variety of data before releasing. They should be able to handle “error conditions”, circumstances when an unexpected input or output is provided. They should also be checked to ensure they cannot be used to grant access to unauthorised users.
In Part 1 - Client Engagement we gave an example of calling an API to retrieve stock price data.
APIs in client onboarding are more complex, as they pertain to Personally Identifiable Information (PII). Greater security is needed to protect clients’ privacy. Also, it is necessary to gain explicit consent from the client to share information with third parties.
APIs that can assist in client onboarding are available from government and commercial services.
Service bureaus offer digital verification of client identity through API calls. Firms can upload images of clients’ passports, drivers licences, national ID cards, and in some cases visas. The service provider uses Optical Character Recognition (OCR) and AI to extract the details from the image and returns its assessment to the requestor.
Governments of some countries have launched identity verification initiatives, which can assist Wealth Managers. The Singapore government launched their MyInfo service, https://www.ndi-api.gov.sg, to simplify the identity verification process. Leveraging the National Digital Identity (Singpass), financial institutions can offer clients the option of authorising the government to share their identity information with the institution. This removes the need for institutions to physically see clients’ identity documentation. Verification can be conducted completely online. Many banks and insurers in Singapore now offer their customers this option.
India’s Aadhaar eKYC, https://www.indiastack.org/ekyc/, leverages that country’s Aadhaar national digital identity to verify the Identity and Address of the client. With the explicit consent / authorisation by the resident, the Aadhaar e-KYC service provides an instant, electronic, non-repudiable “Proof of Identity” and “Proof of Address” along with date of birth and gender. It also provides the resident’s mobile number and email address to the service provider.
Additionally, in some jurisdiction information about registered companies is available to the public. In Singapore, the Accounting and Corporate Regulatory Authority (ACRA) publishes APIs that provide information about companies and partnerships in its API Mall https://www.acra.gov.sg/announcements/acra-api-mall.
Some of the most important APIs for Wealth Managers conducting due diligence include:
Some service providers use APIs to conduct AML/CTF and sanction checks. The requestor sends a search term (e.g. person or company name) via API, and the service provider returns a list of references to the search.
The challenge with these checks, whether made via API, RPA or manually, is that data is imprecise. People and companies may be listed on different registries under slightly different names or other details. Human review of search results is therefore important to prevent mis-categorisation.
A hybrid approach combines RPA and API technologies. In this approach, RPA is used to access a human only interface (“green screen”) system and expose the data to other systems through an API. RPA Bots can also call APIs.
Choosing between RPA and API approaches to client onboarding depends on a firm’s planning horizon and development capability. RPAs can be implemented quickly, as they require limited technical skill, and minimal changes to existing processes and systems. APIs, on the other hand, enable a more seamless experience. Data can be incorporated into the firm’s own applications, and so can be presented with a consistent look and feel. However, this requires skilled software developers.
Advantages:
Advantages:
Disadvantages / Risks:
Disadvantages / Risks:
Whether Wealth Managers apply RPA, API or Hybrid RPA/API technologies into the client onboarding process, the nature of clients’ financial dealings is often too complicated for a static set of rules to be sufficient to address all cases.
AI is being applied to identify red flags, and alert human operators for further investigation.
There is also a risk of AI models becoming outdated, producing too many false positives and false negatives.
In Part 1 - Client Engagement of our series we gave examples of the risks that need to be considered in Client Engagement and here we add to it:
Despite the impression that Client Onboarding is a back-office function, streamlining this process benefits the client experience as well as internal efficiency. Technologies such as APIs, RPA and AI can simplify information gathering from clients, accelerate the onboarding process, and enhance Identity Verification, AML/CTF and sanctions screening and break down the traditional silos between Front Office and Back Office.
Effective implementation of these technologies requires an understanding of the risks, including security and privacy of data, accuracy of information, and the robustness of controls applied by both the Wealth Management firm and external service providers.
The next article in this series will consider how APIs can enhance Investment Analysis in Wealth Management firms.
Jon Scheele formed blue connector with the sole purpose of leveraging digital technologies such as APIs to fast track and enable medium sized and growing businesses to meet their strategic objectives. He helps companies build customer value propositions and streamline processes using Application Programming Interfaces (APIs). Jon's experience spans the Financial Services, Fintech, and Telecommunications industries. He has an MBA, a Bachelor’s degree in Electronic Engineering, and Graduate Diplomas in Applied Finance and Digital Communications.
Alpa Parekh has worked for several years in Risk Management which includes the disciplines of Operational, IT, Credit and Compliance in Financial Service industry. She has also worked in Internal Audit and conducted a variety of audits in FinTech, Financial Service and Consulting industries. She has an MBA from the UK, CIA from Australia, CPA from the US, and CA from Australia.