Print this article

The Arrival Of KYI: "Know Your Investment"

Dermot Corrigan

28 April 2021

Dermot Corrigan, CEO of , argues that wealth managers need to place the same emphasis on investment due diligence as they have done for client due diligence - applying the same rigour to know your investment checks as know your customer checks.

In 2001 some colleagues and I launched the world’s first KYC due diligence research tool that incorporated adverse media checks. The tool was designed to meet the needs of financial crime teams who were required to comply with new ‘know-your-customer’ provisions in the 2001 US Patriot Act; itself a response to the 9/11 terrorist attacks.

Fast forward 20 years, and while the main driver to conducting ESG (Environmental, Social, and Governance) investment due diligence may be more reputational than regulatory, there are obvious parallels with KYC in that both are about identifying risk and avoiding potentially costly financial consequences of getting it wrong. If anything, an ESG investment misstep could be more expensive than any fine. 

So, with the benefit of that experience, what does good ESG-specific due diligence look like?

Post-Patriot Act, a bank’s first undertaking was most likely to be to remediate a book of business to see if there were any historical issues with current clients that constituted a risk under the new regulatory regime. Back then, such exercises were very manual in nature, but the advent of Artificial Intelligence means high volume batch processes can elicit specific risks with a high degree of precision. The same should be done on investment portfolios.

There was also a realisation that the prevalence of risk tended to be higher in certain international jurisdictions. So the ability to mine for intelligence about a prospective client based in an emerging or frontier market became essential. All available foreign language sources should be utilised to develop an informed perspective of the risk of doing business with that counterparty. 

Recently banks have adopted a more proactive stance. They now want to be able to identify risk as it happens rather than to wait for potential problems to be picked up at KYC refresh cycles. Those cycles have typically been 1, 3 or 5 years depending on the perceived risk and not because banks believe this is the right approach, but again it is because of resource constraints. Technology has stepped up here too and allowed banks to implement high frequency monitoring programmes that observe risk in real time as reported in both traditional media and deep web sources. For banks, being able to respond immediately represents the ultimate defence to any regulator. Investors may well be advised to respond with similar alacrity to emerging ESG issues as they relate to portfolio companies.

One of the challenges we help financial crime teams address is the washing away of bad news. A company can burnish its green credentials by greenwashing adverse news away. Financial crime teams have always been acutely aware of how PR-conscious companies and individuals can bury bad news in their financial crime domain. Search engines will boast of millions of hits about your search subject, but the reality is that while they might reside in that number on their servers, you will rarely have more than 150 results returned and many of those will be sponsored links, various company profiles and social media landing pages. So winnowing out the noise to extract need-to-know risk intelligence is a skill in its own right.

While it may be stating the obvious, ESG, like financial crime, requires definition. How are you to watch for present or emerging portfolio risks without a clear understanding of what form these risks can take? We have developed a very fine-grained understanding of how ESG risks can manifest themselves and this “taxonomy”, combined with language-specific rules, underpins all our automated ESG risk screening and monitoring. For example, if one were to include all typologies for slavery (synonyms and local language variants) smartKYC has over 1,000 terms for slavery alone, which is just one aspect of labour and the workplace risks, which in turn is just one category of ‘social’ risk.

All too often people seem to use the term sustainability as short-hand for ESG as if the terms were interchangeable. We place as much emphasis defining the S and the G in as much detail as the E. For example, it would be all too easy to be satisfied that governance is only about board matters – composition and representation, policies, independence etc. However, we find that governance transgressions are more likely to happen at the operating level, often very far removed from the board, both hierarchically and geographically. So we distinguish between board conduct and trading conduct as no amount of worthy policies are a substitute for rigorous policing at ground level. Recent history has shown us that in a number of high profile cases. As an investor, intelligence about the latter is arguably more important than the former.


Now it is perhaps very tempting to discharge the responsibility for ESG risk assessment to an external ratings business. Enumerating risk has its obvious attractions, but there are potential shortcomings users should be aware of. These are not limited to the apparent inconsistencies that have come under recent scrutiny by both the EU Commissioner for Financial Stability, Financial Services and the Capital Markets Union and the European Securities and Markets Authority, but include:

-- Coverage is one such shortcoming. There are generally reckoned to be over 400 million companies in the world. Ratings agencies barely scratch the surface of that universe as they tend to focus on thousands of larger, higher profile organisations. The tail is very long and very geographically dispersed indeed.

-- Are they sufficiently independent not just in terms of who pays to be rated? A questionnaire completed by the company will often form the foundation of an assessment by the ratings agency, but are such self-declarations any more than the company ‘marking its own homework’?

-- And as KYC teams discovered, a risk assessment done at one point in time is just a snapshot and that investment confidence will only come from having a truly dynamic, continuous approach to risk monitoring. 

-- Nor do financial crime teams solely rely on human-researched risk assessments in the form of watchlists - the lesson they learned is that such lists only form part of the picture and they supplement them with their own intelligence-led approach to risk management thanks mainly to AI-based risk screening and monitoring tools. 

Heads of Impact Investing could be forgiven for being both confused and frustrated by the lack of clarity around ESG compliance and how to invest with confidence. But banks and asset managers have already learnt how to leverage content and technology to make informed choices about whom they do business with - KYC now underpins every stage of the client lifecycle. Yes the risks and the nature of the relationships are different, but wealth managers looking to mitigate ESG investment risk would do well to observe the lessons from their financial crime colleagues. Know your investment will likely end up to be the ultimate reputational risk mitigant.