The challenges of managing Know Your Customer information

Jon Roscow, commercial director, ROW, FileTrail|Briefing June 22

Know Your Customer (KYC) regulations are a longstanding requirement for combating fraud, money laundering and the financing of organised crime or terrorism. All regulated sectors, including law firms, face a great deal of scrutiny with respect to KYC rules compliance.

The UK Law Society recently made a significant regulatory change to retention of KYC information by law firms, bringing the regulation very much in line with increasingly prescriptive data privacy trends brought about by GDPR and other requirements. But the new rule creates several challenges for law firms, as they are now required to delete any KYC information from all firm systems no more than five years after the last matter for that client was closed.

While this may sound simple, there have been several changes compared to the existing processes for removing such information in line with standard law firm retention policies. At the very least, a law firm needs to know what KYC it owns on a client-by-client basis, the last matter close/activity dates need to be proactively managed, all KYC information needs to be identified separately from other client/matter information, and separate workflows are needed to remove this specific type of record.

“Managing KYC obligations adds to an already heavy workload for records and compliance personnel. Firms that lack the internal expertise to establish and manage these programmes may benefit from looking at newer, more flexible information governance solutions to manage the increasingly complex rules and regulations around data and records retention, governance and destruction.”

Managing KYC obligations adds to an already heavy workload for records and compliance personnel. Firms that lack the internal expertise to establish and manage these programmes may benefit from looking at newer, more flexible information governance solutions to manage the increasingly complex rules and regulations around data and records retention, governance and destruction.

When seeking help from an outside expert to aid with KYC retention requirements, there are many factors to consider. Legacy records systems often lack the ability to integrate with other core business platforms or automate certain functions that help promote policy compliance. Consider these factors when vetting outside providers:

  • Ability to recognise KYC classifications with flexible definitions of document types or class
  • Integration with financial systems that allow metadata (such as last invoice date) to be synchronised with client and matter profiles
  • Triggers to research potentially closed matters and identify records subject to disposition
  • Disposition review workflows that ensure timely review of KYC documents and final disposition from document management and records management systems

As the compliance burden for law firms rises under KYC regulations, we strongly advise them to trust providers with experience implementing KYC strategies as part of an overall governance solution.

For further information, visit: filetrail.com/governance

blog

Knowledge still has questions about genAI

Where does knowledge management see its chances and challenges with genAI?

Richard Brent
Head of content, Briefing
blog

Briefing webcast | The building blocks of business intelligence

Why law firm data fit for 2024 — like legal itself — is a people business

Cheryl Ashman
Senior program manager, business intelligence group, White & Case

Gareth Powell
Group data officer, Irwin Mitchell

CJ Anderson
Director, Iron Carrot

Suzanna Hayek
Deputy editor, Briefing