Low Code Systems Can Improve User Experience and Save Time
CIOReview
CIOREVIEW >> Compliance >>

Low Code Systems Can Improve User Experience and Save Time

John Entwistle, Senior Vice President, Compliance Systems, Brown Brothers Harriman
John Entwistle, Senior Vice President, Compliance Systems, Brown Brothers Harriman

John Entwistle, Senior Vice President, Compliance Systems, Brown Brothers Harriman

The Compliance “Know Your Customer” (KYC) process is a business workflow process to capture the details of a business’ client relationships. Defined by FINRA regulations, this process ensures that financial institutions verify the identities of customers and their beneficial owners and calculates the risk associated with the client relationships.

It can be challenging to devise a systemic workflow to automate the KYC process. Global firms operating in multiple jurisdictions with different regulators are subject to a multitude of data collection requirements, often contradictory. Different business lines, corporate entities or subsidiaries in different countries, and different products all affect the data set required by the KYC process. Banking and KYC regulations are subject to frequent change. In addition, the firm’s Legal and Compliance department’s interpretation of these regulations evolves over time, leading to additional changes to KYC requirements.

An application designed to automate the KYC process must be flexible enough to accommodate the different data sets and workflows dictated by these differing requirements. It must be easy to change the data forms and data attributes that are captured in each scenario as regulations, corporate entities or products change over time. Organization structures and user roles may change, and users may enter, leave, or change teams frequently. The risk ratings of countries, products, and client’s related parties frequently change. Parties may be “PEPs”, political entities, or there may be negative news against them. The data must be collected, validated against the regulator requirements, stored, then formatted into very specific regulatory reports which are reviewed by auditors and regulators.

A typical global bank may have more than 350,000 combinations of data elements embodied in its KYC program. These are enveloped within a dozen or more master forms or “Client Information Documents” which are controlled by a half dozen different process workflows, each of which may contain multiple conditional sub-processes.

There is an adage that goes “Never ask your barber if you need a haircut.” The traditional approach to building a workflow automation solution is to construct a three-tier web application with a relational database on the back end, a Java server layer performing business logic, attribute change detection, user authentication, and attribute mapping, and a JavaScript-based front end probably leveraging a front[1]end framework such as Angular or React. To construct an application for KYC using this approach requires dozens of screen templates and more than a million lines of JS and Java code. Screen, verification, and Crystalized CID are most likely coded separately. Once constructed, this hard-coded application will require constant development in multiple technologies to keep up with regulatory changes. Such a solution is brittle in operation and costly to maintain, with a large team of technical specialists needed at each layer of the technology stack.

“Different business lines, corporate entities or subsidiaries in different countries, and different products all affect the data set required by the KYC process”

New technologies offer alternative approaches to solving this problem. Workflow automation tools such as Pega, Appian, IBM BAW, or an open source tool like jBPM can be used to construct easily configurable workflows that can tie together user activities and system processes seamlessly. Simple business processes can be automated entirely using these tools. Overlay these tools with decision management capabilities and the resulting solution can handle the most complex business domains.

A low code solution for KYC is based upon an AI rules engine utilizing Natural Language (NLP) decision trees. The rules engine centralizes the encoding of the screen layouts and data elements and presents them in a human-readable form. Screens, data entry forms, regulatory report forms, and data attribute keys are all configured in one global rule set. The server layer is constructed using a Domain Driven design methodology that incorporates both modular monolithic and microservices components to optimize the user experience while managing the use of computing resources. The design incorporates a configurable command orchestration component based on an enhanced version of the CQRS event model which accommodates both synchronous and asynchronous processes to inject custom business logic. User workflows are orchestrated by a workflow manager. Underlying the application is a no-SQL or key-value database which transforms the data model from hard-coded attribute columns to configurable tagged data rows.

This solution eliminates hard-coded JS and Java templates in favor of rules-generated screen layouts which can be interpreted by non-programmers. Commonly changed reference data elements such as country and product risk ratings can be presented to business users directly through rules engine interfaces. Changes in regulatory requirements to add, remove, or change data attributes and data forms are entirely rules driven – updates to the application no longer require changes to HTML/JavaScript screens, Java data mappings, or database tables and SQL scripts.

While intended to solve the complex requirements of KYC and regulatory applications, a low code platform such as this can be used to automate any data management workflow in the bank. Hundreds of data and document workflows in operations, risk, compliance, and finance can be rationalized onto one common platform, eliminating millions of lines of code, and shifting the responsibility for managing the applications closer to business users and SMEs who better understand business needs. Applications are based on a standard set of GUI components and provide a common user experience firm-wide. Small applications can share an instance of the platform, while larger or mission-critical applications can be deployed onto a dedicated platform. Although hosted internally today, the architecture is cloud[1]ready and can be easily moved to a cloud platform like AWS/ Azure.

In operation, this solution has proven quite robust. Directly engaging business SMEs and business users in the definition of application rules has reduced the time to market for CID changes by 60 – 90%, and the number of defects related to misinterpretation of the regulatory requirements by half, simultaneously eliminating defects relating to different implementations in different layers of the system. Performance is more than acceptable – the highly optimized AI rules engine can process thousands of rules in milliseconds and form rendering occurs in sub-second intervals. The technical staff supporting the KYC application has been reduced by 50% with more savings to come over time.

Gartner has forecast a 23% increase in the number of low code solutions in 2022 and projects that 85% of applications will be constructed using low code technologies within five years. Based on our KYC experience we believe that the benefits of AI / NLP rules engines and configurable workflow managers are clear. Our barber may soon need to learn new skills.

Read Also

Challenges Over The Past 18 Months

Marc Ashworth, Chief Information Security Officer, First Bank

Information Technology Thought Leadership And The Challenges

Christopher Nichols, Director IT/OT Resiliency & Support, Stanley Black & Decker

Security Architecture In Theory And In Practice: Why Security Should...

Marco Morana, Head of Security Architecture, JPMorgan Chase & Co

How Wi-Fi 6 Will Seamlessly Integrate With 5g

David Haynes, Vice President, Specialty Technologies for Lam Research's Customer Support Business Group (CSBG)

Adopting Digital

Abdullah Sultan Al-Rashdi Head of Digital Strategy & Integration at Petroleum Development Oman