THE RESPONSIBILITY OF RECORD-KEEPING

An Introduction to Customer Records

What's the Big Idea?

Imagine a hospital. For every single patient, the hospital creates and maintains a detailed file. This file contains their personal details, their medical history, the results of every test they have taken, and a record of every treatment they have received. This record is one of the most important tools the hospital has. It allows any doctor to quickly understand the patient's health, ensures that treatments are safe and consistent, and provides a legal record of the care provided. The hospital doesn't just keep these records for a week or a month; it maintains them securely for many years.

A bank operates in a very similar way. For every customer, the bank creates and maintains a comprehensive set of records. This is not just a matter of good organisation; it is a fundamental legal and operational requirement. From the initial account opening forms to the statement of every transaction that has ever occurred, these records form the complete financial history of the customer's relationship with the bank.

This chapter will explore the different types of customer records that banks must maintain, and the critical reasons why this meticulous record-keeping is so essential. Proper records management is the backbone of the bank's operations, ensuring accountability, compliance with the law, and the ability to provide a seamless and secure service to the customer.

Key Vocabulary

• Customer Records: The complete collection of documents and data that a bank holds relating to a specific customer and their accounts.
• Data Archiving: The process of moving data that is no longer actively used to a separate storage device for long-term retention.
• Statutory Requirement: An obligation that is imposed by a law or statute. Banks have a statutory requirement to maintain records for a minimum period.
• Audit Trail: A detailed, chronological record of all activities. Customer records form the primary audit trail for all banking relationships.
• Due Diligence: The care that a reasonable person should take. Maintaining accurate records is a key part of a bank's due diligence obligations.

1. Types of Customer Records that Banks Maintain

A customer's record is not a single document but a comprehensive file that contains many different types of information. These records can be divided into two main categories: physical documents and digital data.

• Identity and Mandate Records: This is the foundational set of documents collected when the account is first opened. It includes the original account opening form, certified copies of the customer's Proof of ID and Proof of Residence (the core KYC documents), and the specimen signature card that the bank uses to verify signatures on cheques and instructions. For a corporate account, this category would also include all the company registration documents and the board resolution that specifies the signing arrangements (the "mandate").
• Transaction Records: This is the dynamic part of the customer's file. It is a complete historical log of every single transaction that has ever passed through the customer's account. This includes records of all deposits, withdrawals, transfers (like RTGS and ZIPIT), debit card swipes, and any loan repayments. This data is primarily stored digitally and is summarised for the customer in their regular bank statements.
• Correspondence Records: The bank must also keep a record of its significant interactions and communications with the customer. This can include copies of official letters sent to the customer, important emails regarding their account, and sometimes, logs or notes from significant phone calls or in-person meetings, especially those involving formal requests or complaints.
• Credit and Loan Records: For customers who have borrowed money, the bank maintains a separate, detailed file. This includes the original loan application form, the formal loan agreement contract, any collateral documents (like the title deeds for a house), and a full history of the loan repayment schedule.

2. Justifying Why Banks Should Maintain Customer Records

Banks don't keep these extensive records just for fun; there are several critical legal, operational, and customer service reasons that make it an absolute necessity.

• To Comply with Legal and Regulatory Requirements: This is the most important reason. The laws of Zimbabwe (such as the Money Laundering and Proceeds of Crime Act) and the regulations set by the Reserve Bank of Zimbabwe legally require all financial institutions to maintain complete customer records for a specified minimum period (often several years even after an account is closed). This is to ensure that there is always a clear audit trail available for inspection by regulators or for use in criminal investigations.
• To Provide an Audit Trail and Resolve Disputes: Customer records provide a definitive, historical account of the relationship. If a customer disputes a transaction from six months ago, the bank can retrieve the transaction records and source documents (like the deposit slip) to prove exactly what happened. This protects both the customer from errors and the bank from fraudulent claims.
• To Manage Risk and Prevent Fraud: The historical data in a customer's record is essential for the account monitoring process we discussed in the last chapter. The bank analyses these records to build a "normal" profile for the customer. Without a detailed history, it would be impossible for the bank's systems to spot an unusual or potentially fraudulent transaction.
• To Make Informed Business and Credit Decisions: When a customer applies for a loan, the first thing the bank does is review their existing customer records. The history of how they have managed their deposit accounts provides a clear indication of their financial discipline and helps the bank to make a responsible lending decision. These records are a crucial input for assessing credit risk.
• To Provide Better Customer Service: Having a complete and easily accessible record allows the bank to serve the customer more efficiently. When a customer calls, any bank employee can quickly look up their file and understand their history and relationship with the bank. This allows them to provide informed and consistent service without the customer having to explain their situation from the beginning every single time.

Updating Customer Records in Line with Customer Instructions

What's the Big Idea?

A customer's life is not static; it is constantly changing. A student graduates and gets a job. A person gets married and changes their surname. A family moves from a small flat in the Avenues to a new house in Westgate. A business owner appoints a new director who needs to be able to sign on the company's bank account. When these life events happen, the information the bank holds for the customer is no longer accurate.

An outdated customer record is a serious problem. It can lead to important mail being sent to the wrong address, security alerts being sent to an old phone number, and, most dangerously, unauthorised individuals still having access to an account. Therefore, the process of updating customer records is a crucial, ongoing task. It is the bank's responsibility to make it easy for customers to update their information, and it is the customer's responsibility to provide this new information. This process ensures that the bank's data remains accurate, the customer's account remains secure, and communication remains effective.

Key Vocabulary

• Customer Instruction: A formal and verifiable request made by a customer to the bank to perform a specific action, such as changing their personal details.
• Mandate (Signing Mandate): The official instruction, particularly for a corporate account, that details who is authorised to sign and transact on the account.
• Verification: The process of confirming the authenticity of a customer's instruction and their identity before making any changes to their records.
• Data Integrity: The overall accuracy, completeness, and consistency of data. Updating records is essential for maintaining data integrity.

The Process of Updating Records

When a customer provides an instruction to update their records, a bank employee must follow a strict process to ensure the request is legitimate and is actioned correctly.

1. Receiving the Customer's Instruction: The process begins when the customer communicates their need for a change. For security reasons, most significant changes cannot be made over the phone. Banks have specific organisational policies that dictate the required channel for different types of instructions. A simple change of a mobile number might be done via the mobile app after a security verification, but a more significant change, like a change of surname or account signatories, almost always requires the customer to visit the branch in person and fill out a formal, signed instruction form.
2. Verifying the Customer's Identity: This is the most critical precaution. Before any change is made, you must be 100% certain that the instruction is coming from the actual customer and not a fraudster. For an in-person request, this means asking for the customer's original National ID or passport and comparing the photo and signature to the records the bank already holds. For a written instruction, it means meticulously comparing the signature on the letter or form to the specimen signature that the bank has on file from when the account was opened. No changes should ever be made without this fundamental identity verification.
3. Obtaining the Necessary Supporting Documents: Different types of updates require different proof. The bank cannot simply take the customer's word for it; a clear audit trail requires official documentation. For example, a customer wanting to change their surname after getting married must provide the original Marriage Certificate. A business wanting to change the signatories on their corporate account must provide a new Board Resolution, signed by the company directors, which clearly states the old mandate is cancelled and specifies the new signing arrangements. These supporting documents are essential proof that the requested change is legitimate.
4. Executing the Update in the Banking System: Once the instruction has been received through the proper channel and both the customer's identity and the supporting documents have been verified, the bank officer can then proceed to make the change in the bank's core banking system. This requires careful and accurate data entry. The officer will access the customer's profile and update the relevant field—be it the address, the surname, or the list of authorised signatories. This step must be performed with great attention to detail to ensure the new information is captured correctly.
5. Confirming the Update and Filing the Records: After the change has been made in the system, it is good practice to confirm the update with the customer. This can be done by printing out the updated profile for them to review and sign, or by sending a formal confirmation letter or SMS. Finally, the original instruction form and the certified copies of the supporting documents must be filed correctly in the customer's physical or digital file. This ensures that a complete record of the change is maintained, showing what was changed, who authorised it, and when it was done.

Updating Customer Accounts in Line with Organisational Policy

What's the Big Idea?

Think about the software on your smartphone. Every now and then, you get a notification telling you that an "update is available." You don't ask for this update, but the company (like Apple or Google) pushes it out to you. These updates are essential; they fix security vulnerabilities, improve performance, and ensure the system is running according to the latest standards. It's an automatic, policy-driven process designed to keep the system healthy and secure.

In a similar way, banks perform regular, automatic updates on customer accounts that are not initiated by a customer's direct instruction. These updates are driven by the bank's own internal organisational policy. These policies are the bank's rulebook, designed to manage risk, comply with regulations, and ensure the smooth and efficient operation of the entire banking system. For example, a bank will have a policy that automatically changes the status of an account if it has not been used for a long time. This is a proactive, automated form of account maintenance that is just as important as handling a customer's direct request.

Key Vocabulary

• Organisational Policy: A set of formal rules, principles, and guidelines adopted by an organisation to reach its long-term goals and to govern its internal processes.
• Dormant Account: A bank account that has had no customer-initiated financial activity for a specified long period of time.
• Account Status: A label or classification given to an account in the banking system that can affect how it is treated (e.g., Active, Dormant, Frozen).
• System-Generated Update: An automatic change made to an account's status or details by the bank's core banking software, based on pre-defined policy rules.

Types of Policy-Driven Updates

1. Updating Account Status to "Dormant": This is the most common policy-driven update. Every bank has a policy that defines the period of inactivity after which an account is considered "dormant." In Zimbabwe, this is typically a period of 12 months with no customer-initiated transactions. When the system detects that an account has passed this threshold, it will automatically change its status from "Active" to "Dormant." This is a critical risk management procedure. A dormant account is more vulnerable to fraud because the legitimate owner is not monitoring it. Changing the status often places a restriction on the account, requiring the owner to visit the branch and provide their ID to "reactivate" it before any further transactions can be made. This policy protects the customer's funds from being fraudulently withdrawn.
2. Periodic KYC and Customer Information Reviews: Regulatory requirements and good banking practice demand that customer information does not become stale. Therefore, banks have a policy for the periodic review of customer records, especially for high-risk or corporate clients. The bank's policy might state that every two or three years, a relationship manager must contact their corporate clients to request updated documents, such as a new CR5 (list of directors) or an updated tax clearance certificate. This is not in response to a customer instruction, but is a proactive, policy-driven update to ensure the bank's KYC information remains current and compliant with the law.
3. Applying Interest and Bank Charges: The monthly or quarterly crediting of interest to a savings account, and the debiting of service fees from a current account, are also policy-driven updates. The bank's central system is programmed to automatically run these calculations and post the transactions to millions of accounts on a specific date, according to the rates and fees outlined in the bank's official policy and the customer's account agreement. These system-generated updates ensure that interest and charges are applied consistently and accurately across the entire customer base without any manual intervention for each account.
4. Flagging Accounts for Review or Closure: As discussed in a previous chapter, the bank's risk management policies define the rules for the account monitoring system. When a customer's account consistently breaches these policy rules—for example, by repeatedly having transactions that are flagged as suspicious—the system will automatically update the account's status to "Flagged for Review." This triggers a manual investigation by a compliance officer. If the activity is found to be in serious breach of the bank's policies (e.g., confirmed illegal activity), the policy will then dictate the process for account termination, which is another form of a system- and policy-driven update to the account's final status.
5. Updating Product Features or Terms and Conditions: Finally, when a bank decides to change the features, fees, or terms and conditions for a certain type of account, this change is rolled out to all affected accounts as a policy-driven update. For example, a bank might have a policy to upgrade all basic "Youth Accounts" to a standard "Current Account" automatically when the account holder reaches the age of 25. The system would be programmed to identify all customers turning 25 and automatically update their account type in line with this organisational policy, usually after giving the customer advance notice.

Adhering to Organisational Timelines

What's the Big Idea?

Imagine you order a meal at a Chicken Inn. You expect your two-piecer and chips to be ready in a few minutes. You would be very unhappy if the staff told you to come back in three hours. Similarly, if you report a burst water pipe to the City of Harare, you expect them to respond with urgency, not in three weeks. In the world of service, speed matters. The quality of a service is not just about what is done, but also about when it is done.

In banking, the element of time is even more critical. Delays can have serious financial and emotional consequences for a customer. A delay in processing a deposit could mean a business fails to pay its staff on time. A delay in blocking a stolen debit card could lead to a customer losing their life savings. To ensure that all tasks are completed in a timely and efficient manner, banks establish strict organisational timelines. These are internal deadlines and service-level agreements that define the maximum amount of time an employee should take to complete a specific task. Adhering to these timelines is a key measure of professionalism and is essential for providing a reliable, trustworthy, and efficient service.

Key Vocabulary

• Organisational Timeline: A pre-defined, official timeframe or deadline within which a specific task or process must be completed by an employee.
• Service Level Agreement (SLA): A formal commitment between a service provider (the bank) and a client that specifies the standards and timelines for the services to be rendered.
• Turnaround Time (TAT): A common business metric that measures the time elapsed from the moment a request is received to the moment it is fulfilled. Adhering to timelines means meeting the required TAT.
• Efficiency: The ability to accomplish a task with the minimum amount of time and effort.

The Importance of Adhering to Timelines

Adhering to organisational timelines is a core professional duty. It is crucial for several interconnected reasons that impact the customer, the bank's reputation, and its operational health.

1. To Meet Customer Expectations and Ensure Satisfaction: This is the most direct and important reason. Modern customers expect service to be fast and efficient. A bank that consistently meets or beats its promised timelines for common tasks—like issuing a new debit card or processing a loan application—will be seen as reliable and professional. A customer who is told their new account will be open in 24 hours and finds that it is, will be satisfied. Conversely, failing to meet these basic timelines is one of the quickest ways to create a frustrated and dissatisfied customer who will likely take their business elsewhere.
2. To Mitigate Financial and Security Risks: In many banking operations, time is a critical security factor. A customer's instruction to block a stolen card or to place a stop payment on a cheque must be actioned immediately. The organisational timeline for such high-priority tasks is often measured in minutes, not hours. Any delay creates a window of opportunity for fraudsters to steal the customer's money. By adhering strictly to these urgent timelines, you are actively protecting the customer and the bank from financial loss.
3. To Ensure Operational Efficiency and Manage Workload: Organisational timelines create a structured and predictable workflow within the bank. They prevent backlogs from building up and ensure a smooth operational flow. When every employee completes their tasks within the specified turnaround time, the entire system works efficiently. If one person delays, it can create a bottleneck that affects other departments and slows down the service for many other customers. Following timelines is a key part of being a reliable and effective team member.
4. To Maintain the Bank's Professional Reputation: A bank's reputation is built on its perceived reliability and competence. A bank that is known for being slow—slow queues, slow application processes, slow problem resolution—will quickly gain a negative reputation in the market. Adhering to timelines is a tangible way to demonstrate the bank's commitment to professionalism. It sends a powerful message to customers that the bank values their time and is managed efficiently.
5. To Comply with Regulatory and Legal Standards: In some cases, timelines are not just internal policy; they are a matter of law. For example, financial regulations may dictate the maximum amount of time a bank has to resolve a formal customer complaint or to respond to a request from a regulatory body. Failing to adhere to these statutory timelines can result in fines and other penalties for the bank. Therefore, following the internal timeline is often essential for ensuring the bank remains in good standing with its regulators.