Managing client risk through the life of a business relationship
Client risk changes over time
Client life-cycle management is concerned with managing four key aspects of the business relationship through its life: compliance, risk, profitability, and client experience.
In practice a client may be in more than one stage at a time at a product level. For example, a client may have already been onboarded in one location for a product and be in the fulfilment and maintenance stage for that product/location, but be prospecting or onboarding for additional products or locations.
Equally, a client may no longer have a need for a particular product in a location and be off-boarded for that product/location, whilst the business relationship is still be maintained for other products or locations.
Each stage in the client relationship life-cycle has underlying activities
Client life-cycle management is ultimately concerned with fulfilling the customers need (via delivery of products and services) whilst generating profit at an acceptable risk profile.
The value to the client is derived through the organisation’s value proposition and delivered through the organisation’s business model.
The organisation’s business model is concerned with the activities required to deliver products and services to the client. Delivery of products and services requires ‘setting up’ activities as well as ‘delivery’ and ‘maintenance’ activities. These activities are preceded by risk management activities to confirm that the business relationship has an acceptable risk profile.
A client’s risk profile does not remain static so risk management activities occur through the life of the relationship, triggered by events or by elapsed time.
Activities are delivered through processes - multiple activities combined in parallel or series - which are experienced as a ‘service’ by the person requesting it. The ability to deliver services is described as a ‘capability’. To effectively manage a client through the client relationship life-cycle the organisation needs to have the capability to execute the required product and service provision, and risk management services, for the customer. An example of these capabilities organised across the client life-cycle is shown at right.
Aligning Business Architecture to the client life-cycle
Capabilities are one of the foundational elements of business architecture. Most definitions describe a capability as the ability an organisation has to achieve a purpose or outcome. A capability describes what an organisation does but it does not describe how the organisation does it. An organisation’s capability map is therefore a depiction of all the things that an organisation does.
How an organisation achieves the purpose or outcome is determined by the activities in the processes. The requestor of the process to be performed is concerned with the end result - for example a risk assessment - so end-users of the purpose or outcome look at the organisation’s activities in terms of completed services. Both processes and services are foundation elements of Business Architecture.
From an end-user perspective the organisation’s service catalogue sets out how outcomes are executed for both internal and external customers. Client and user experience is determined by the service design so a customer and user oriented organisation will be primarily concerned with services and then the capability to deliver them.
From an organisation ‘top-down’ stand-point the capability view is useful, particularly for understanding the operating costs and priorities for investment.
Transformation across the client life-cycle will often be considered from the capability perspective but the capability designs must deliver the required services from both a client and user (operational) experience perspective.
Aligning AML risk management to the client life-cycle
Purpose is identified as the reason for a capability to exist. The AML risk management system has a core purpose - to protect the organisation from financial crime and ensure that it remains compliant.
Core capabilities were identified for ‘Detection’, ‘Communicating’, ‘Learning’, and ‘Response’.
The first action that occurs is ‘detection’, which can be both proactive and reactive. All subsequent actions on our AML risk ‘immune’ system are triggered by the observation of some external event which has been identified through a detection activity occurring - which can be any activity ranging from reading new taxonomies advised by an FSRB, an RM’s observation, a KYC review, or transaction monitoring, etc.
These ‘detection’ activities occur through the life of the client business relationship. Responsibility for performing them is defined in the risk framework and contained in specific Job Descriptions. The activities may be simple activities - such as regular review of FSRB’s new publications and advices - or through the execution of specific services such as KYC reviews, transaction monitoring etc.
From an AML risk management perspective the client life-cycle viewpoint is a strong approach to identifying what events may occur through the relationship with the client (which can be client initiated events or external events which affect the client), how those events are identified, and what services or activities are executed to risk assess and manage any risks arising from those events.