Alternative risk matrix design for CLM/KYC

Getting to know KYC

In today’s regulatory landscape, financial institutions face increasing pressure to ensure they know exactly who their customers are. Know Your Customer (KYC) laws play a crucial role in safeguarding against illegal activities such as money laundering and terrorism financing. Non-compliance with these regulations can lead to serious consequences, including fines, damage to a company’s reputation, and, in extreme cases, the loss of their operating license. That means that KYC is not just a legal obligation but a critical component of responsible financial practices.

Pega’s KYC solutions help financial institutions streamline and automate compliance processes, ensuring they meet global regulatory requirements. The platform supports dynamic customer onboarding and ongoing risk management, reducing manual tasks and improving efficiency. With AI-powered decisioning, Pega enhances customer experience while helping businesses stay compliant with ever-evolving KYC regulations. The solution is scalable, adaptable to complex needs, and minimizes risks such as money laundering or fraud.

CLM journeys

As mentioned before, Pega Client Lifecycle Management (CLM) and Know Your Customer (KYC) focuses on automating client lifecycle processes for financial institutions, addressing challenges such as regulatory complexity, outdated manual processes, customer experience, and time-to-completion. The solution supports processes such as onboarding, offboarding, or event-driven reviews across various jurisdictions and products. By automating these workflows, Pega improves efficiency, reduces costs, and enhances compliance.

CLM and KYC leverages Pega’s case management capabilities to orchestrate these client journeys. The core CLM case type integrates various subcases that address different regulatory and compliance needs, such as Global and Local KYC, FATCA, CRS, legal, credit, or documentary requirements. Each subcase serves a specific function, allowing financial institutions to handle regulatory requirements, manage risks, and interact with clients efficiently.

Customer risk assessment

One of the key steps in these processes is risk assessment. Standard regulations require financial institutions to assess the risk profiles of their customers. These assessments are influenced by multiple dynamic factors that can impact their profile over time.

Institutions must evaluate the customer’s risk profile, while also having the ability to drill down into specific risk elements such as the countries involved, the products used, or some related parties. Risk factors can be assigned weighted values, typically ranging from low to extreme, to categorize the level of risk more effectively. More importantly, all of these parameters should be easy to adjust and test in order to adapt and comply with changing regulations while not impacting the relationship with customers.

All this information is processed in Pega inside the Risk Profile page, as part of the customer’s information.

Out of the box risk matrix

By default, Pega proposes a set of data transforms, declare expressions and scorecards for risk calculation. This structure can be followed by their implementation guide, or navigating rules from the SyncrhonizeRiskProfile data transform defined at PegaFS-Work level.

The logic is defined to calculate a list of risk factors depending on the customer’s information and then add them having in mind their different weights depending on conditions, such as the journey, to calculate the risk associated to the customer and their current interaction.

This implementation could be easily understandable for Pega architects in simple scenarios, but it is not friendly for business users. Furthermore, it could get really complex the moment multiple combinations of factors needed to be applied depending on different conditions such as customer types or segments.

Having in mind that these rules might need multiple iterations and adjustments over the years in order to accommodate new requirements or reassess existing ones, it would be interesting to have a more visual and engaging way of designing the risk matrix so that non-technical users could understand and even edit it in real time.

This solution needs to be easy to understand, navigate, edit and extend.

Strategy based risk matrix

One of the strengths of Pega is its low-code and visual characteristic mindset. Case types and flows allow architects to easily define in an engaging way complex business processes.

Similarly, the Decisioning package provides a set of rules that help users define logical paths for items, allowing them to filter, enrich, order or assess, called Strategy rules. They are typically used for marketing and CRM purposes.

By leveraging all of Strategy rules’ shapes such as filter, enrich, scorecards, decision tables or embedded strategies it is possible to define the risk matrix in an understandable and navigable way for all users. Even more important, once users are familiar with these rules they can be delegated so they can edit them as fast as needed according to regulations and compliance urgencies.

Implementation example

The first step is overriding the SynchronizeRisk data transform to execute the strategy matrix instead of the out of the box structure. In order to run the strategy from the case it is necessary to embed it into a data flow. By calling Data-Decision-DDF-RunOptions.pxRunSingleCaseDDF this rule can be executed.

The data flow just needs to run the strategy from and to abstract shapes as ideally nothing needs to be persisted. It can be run on the party page or the risk profile page depending on the requirements. For this example, it will be run over the party as the factors are calculated directly on the flow.

This orchestrating strategy could be designed in many different ways. For example, an entity could propose splitting their matrix between individual and organization customers.

An agent trying to understand or edit the matrix would arrive to the main strategy, which could look like the following.

The switch shape uses the out of the box property Tax ID to choose the correct strategy.

From here, they could select the individual strategy to check the factors involved. They can see that there are two factors involved in the risk calculation.

Then they could access one of the factors’ strategies to find out how their risk is calculated. They can see that a scorecard is used, and that the results are stored directly into the risk profile page for later use.

These scorecards could be the same provided by the product or new ones using custom factors. More complex logic could leverage strategies’ capabilities such as decision tables, embedded strategies iterating over page lists, etc.

The final strategy would be in charge of adding all the factors calculated with the requirements defined by business as the product proposes.

Extension points

In the scenario of an organization containing multiple branches that would want to create a base layer for reuse across applications, it could be possible to create a core level strategy with all the global risk factors, and then an extension point to be completed on each local level.

This can be achieved by creating an empty strategy at the base level. It can be then extended by class or ruleset to define whatever logic is needed.

Conclusions

Pega’s CLM and KYC products provide the necessary tools to help organizations comply with today’s regulatory requirements. By extending one of their key features, the risk profile calculation, with rules from another of Pega’s most extended products, the Customer Decision Hub package, this goal can be achieved not only from a technical approach but also from a user-friendly and business-oriented point of view. Delivering a low-code visually engaging risk matrix allows users to understand, improve and update its logic in a simpler and faster