Perspectives

KYC is killing your customers

Published: Jan 2016

The burden of complying with unclear and fragmented KYC regulations is having wide reaching impacts on banks and global finance. It has also been a growing inefficiency for corporates which is intensely frustrating because meeting the authorities’ aim of transparency should not be difficult.

Regulators are wary of Know Your Customer (KYC) requirements, the global efforts to prevent anti-money laundering (AML), becoming box ticking exercises so they generally make banks liable for knowing their customers and customers’ customers (KYCC) without specifying what they consider to be adequate due process for KYC. Since this liability has amounted to considerable fines over the last few years, the banks are understandably anxious. Compliance departments are therefore showing surprising creativity in trying to manage KYC and AML liability. The result, however: corporates end up facing fragmented KYC requirements.

The corporate view

Corporates respect the authorities’ need for KYC and AML, and have nothing to hide; they would just like to see their needs met in an efficient manner. Currently, there is frustration with the lack of progress with electronic bank account management (eBAM) and electronic bank services billing (eBSB). On eBAM, banks seem to be slowing the process because their IT budgets, post the global financial crisis, are heavily skewed to compliance, despite the considerable savings that banks themselves could enjoy with better BAM processes. On eBSB, interfacing seems to be an issue as well, but we cannot help wondering if the opaque status quo is just too juicy a profit centre for banks.

The confusion around fragmented KYC cannot be beneficial for banks. It is bad enough that each bank invents its own (overly elaborate) wheel. It gets increasingly burdensome when different branches and departments within banks ask for different KYC documentation. This represents a huge workload on corporates at a time when macro-uncertainty, as well as slowing growth, severely limits resources. Burning time on zero value added work does not improve customer satisfaction.

The bank view

Bankers do not like the current state of play either; compliance departments continuously up the ante with regard to KYC in their search for a safe haven from billion dollar fines. It is a Sisyphean task because no one knows what next year’s regulators will consider sufficient effort. The travails extend to the inter-bank space too. Previously, banks would tend to trust that their peers, being regulated entities, would be safer than non-banks. Western regulators’ AML zeal and appetite for fines has changed this. Problems with inter-bank KYC have become so fraught that KYC is threatening the global correspondent banking system, potentially leaving some developing countries unable to execute cross-border payments.

The regulator view

Regulators, keenly aware of the banking scandals of the last decade, have little time for banks’ challenges. They do however fear that if they set out clear guidelines as to what constitutes adequate KYC, such guidelines will become an alternative to deeper KYC – whatever that might be. This has resulted in a deliberate withholding of guidance while maintaining the threat of massive fines to terrorise the banks into trying to do thorough KYC, which they are arguably unable to do in reality. It does sometimes feel like this is a lazy solution to the lack of clarity in law and in regulation of the real economy that is being foisted unfairly on the banks. On the other hand, maybe it is fair to attach such burdens to rent extraction licences, but they weigh heavily on the real economy too.

Corporates respect the authorities’ need for KYC and AML, and have nothing to hide; they would just like to see their needs met in an efficient manner.

Current reality

Using the US environment as an example, there are multiple layers – and levels of clarity – in KYC regulations. The first level is the customer identification process (CIP), which “enables the bank to form a reasonable belief that it knows the true identity of each customer.” This is reasonably well spelled out, but with the proviso that “bank must implement a written Customer Identification Program (CIP) appropriate for its size and type of business that, at a minimum, includes each of the requirements.” Hence some of the variations that frustrate corporates seeking a consistent process.

The second level is customer due diligence (CDD), the objective of which is “to enable the bank to predict with relative certainty the types of transactions in which a customer is likely to engage.” This is minimally detailed, and more in terms of objectives than methods, so here the banks get even more creative. And corporates get even more frustrated.

The third level is enhanced due diligence (EDD) for “customers that pose higher money laundering or terrorist financing risks present increased exposure to banks.” Determining which customers are “higher risk” is a judgement call left to bank compliance officers and their legal advisors, and it is open season when it comes to what is appropriate EDD.

In all this, the bank has to reach an understanding of the expected flows across its accounts, and thereby be able to identify potentially suspicious activity. There is also an obligation to ensure that CIP and CDD are kept up to date – another source of corporate frustration when they are in any case providing financial statements and regular business updates to their banks.

The reality amongst MNCs is that banks would not be banking them without commercial due diligence in the first place. So whatever the regulators’ intentions, with respect to MNCs, this is box ticking. In some ways, it feels like the regulators would like to turn the clock back 100 years to a time when your banker knew you because he lived next door and knew your parents and grandparents. Furthermore, it also seems like banks are being lumbered with responsibility for policing money flows to make up for society’s failure to properly identify people and businesses.

Pathing the way

Some possible solutions might include:

  1. Clear regulations.

    Regulators have a conscious – and (ironically) globally consistent – policy of leaving the details vague to avoid the risk of box ticking by the banks.

  2. Handing responsibility to more appropriate (public) authorities.

    Beefing up public registries to handle the responsibilities currently foisted on banks will be politically tough. As long as the banks are perceived to be doing an adequate job – and contributing generously to public coffers when they don’t – there is little motivation to change the status quo.

  3. Banks come up with a consensus position.

    In response to the threat of fines and the challenges to the correspondent banking model on which international flows are based, banks are working on standard platforms – notably SWIFT’s KYC registry. This is a solution that will help SWIFT’s 7,000 correspondent banks to streamline their 1,300,000 annual KYC requests – and hopefully reduce their use of the current expedient of closing correspondent relationships. Unfortunately, the banks are showing a distinct lack of KYC – or at least customer care – by refusing to let corporates join the KYC registry, even though corporates now account for 20% of SWIFT members.

  4. Corporates come up with standards.

    Corporates are generally not good at collective action, perhaps because they are a diverse bunch, whose goals may differ. Some notable successes in the past decade, including derivatives regulation et al, give reason for hope.

Based on recent evidence – including BCG’s corporate treasury survey, EuroFinance International in Copenhagen and SIBOS in Singapore – it seems we are close to a high enough pain threshold to trigger action. Some corporates have already started putting their data on a registry and telling banks to visit the registry rather than their offices. It can be made even better if corporates agree on common standards for corporate KYC data. This need not be complicated since the registries have already reached some degree of commonality with banks covering wide geographies. It would then be much harder for banks to insist on their in-house compliance requirements – and a strong corporate standard will make banks’ position with the regulators stronger as well.

David Blair, Managing Director

Acarate logoDavid Blair, Managing Director, Acarate

Twenty-five years of management and treasury experience in global companies. David Blair has extensive experience managing global and diverse treasury teams, as well as playing a leading role in eCommerce standard development and in professional associations. He has counselled corporations and banks as well as governments. He trains treasury teams around the world and serves as a preferred tutor to the EuroFinance treasury and risk management training curriculum.

Clients located all over the world rely on the advice and expertise of Acarate to help improve corporate treasury performance. Acarate offers consultancy on all aspects of treasury from policy and practice to cash, risk and liquidity, and technology management. The company also provides leadership and team coaching as well as treasury training to make your organisation stronger and better performance oriented.

[email protected] | www.acarate.com

The views and opinions expressed in this article are those of the authors

All our content is free, just register below

As we move to a new and improved digital platform all users need to create a new account. This is very simple and should only take a moment.

Already have an account? Sign In

Already a member? Sign In

This website uses cookies and asks for your personal data to enhance your browsing experience. We are committed to protecting your privacy and ensuring your data is handled in compliance with the General Data Protection Regulation (GDPR).