Sometimes it takes a scandal to advance a policy or law enforcement cause. The Panama Papers scandal has given new life to financial regulators around the world who seek to impose customer due diligence requirements on banks and other key players in the financial industry.

Knowing Your Customer is not only a basic requirement but is fast becoming a potential enforcement nightmare. In this era, KYC requires new tools and strategies for satisfying financial regulators and other stakeholders. No financial institution wants to become the next poster child for a failed anti-money laundering enforcement action.

KYC procedures are often viewed as a check-the-box activity, which is often driven by providing customers with a quick and effective sign up process. An inefficient and slow process will frustrate new customers and bank employees will seek to minimize or undermine the process. To the extent that banks can turn the KYC process into a smooth and effective function, the bank can gain a competitive advantage over other banks.

KYC is a process that should be efficient given current digital technology. Banks that have invested in digital technology have a better chance of gaining a competitive advantage while ensuring an appropriate KYC process top satisfy bank regulators. Banks that continue to rely on time-consuming collection and storage of hard copy documentation are going to fall behind quickly in the KYC world.

A risk-based approach to KYC requires data analytics and risk-ranking procedures to identify high-risk factors in the KYC process. “Knowing” a customer requires a financial institution to learn the identity of the potential customer. How do we define “identity” beyond basic identifiers?

The term “identity” now encompasses a number of new factors that have to be answered.

First and most importantly, a financial institution must identify the beneficial owners of the customer. If there is any lesson to be learned from the Panama Papers scandal, it has to be the importance of confirming the beneficial owners of a customer. I have harped on this issue (yes, I know and admit it) but it is critical – knowing your customer is critical for AML compliance (identifying a PEP or other possible high risk customers), anti-corruption due diligence (potential government or high risk individuals), and sanctions compliance (SDN or broad country sanctions).

Aside from these basic legal compliance requirements, knowing your customer is critical for protecting against reputational harm. While it may be legal to add a particular customer, this same customer can create real and significant reputational risks.

Second, financial institutions now have access to additional online information about various individuals. Data analytics are capturing online information about individuals, including social media sites (e.g. Facebook, Twitter and blogs), which can be factored into a customer’s profile. This is a new and fast-developing area. Of course, there are important safeguards that have to be included to protect against violating potential privacy laws. Monitoring customer activity on social media sites can provide important updates on KYC information.

Financial institutions are going to have to embrace new data analytic services in order to update and monitor customer risks. Eventually, financial institutions will embrace new and evolving technologies to monitor customer risks on an ongoing basis. This will include a continuous risk-ranking process so that financial institutions can allocate compliance resources to high-risk customers and activity to ensure compliance with the law and banking policies.