Perspectives

The Executive Series Deep Dives: Stephanie Wolf, Bank of America Merrill Lynch

Published: Nov 2018

Stephanie Wolf, Global Head of Financial Institutions & Public Sector Banking for Global Transaction Services, Bank of America Merrill Lynch, takes a close look at how KYC and AML affect corporate treasuries.

Abstract blue background

Stephanie Wolf Portrait

Stephanie Wolf

Global Head of Financial Institutions & Public Sector Banking for Global Transaction Services

How are know your customer (KYC) and anti-money laundering (AML) regulations affecting treasurers?

KYC, or client due diligence, is a process that may seem relatively new for treasurers, yet the process has been in existence for as long as people have been doing business: you have to know who your clients are.

From a regulatory perspective though, this undertaking has been elevated to such a level of importance over the years that documentary evidence related to this is comprehensive. It also varies by country, and sometimes even by type of client.

From a client’s perspective, KYC is one drawn out process where the provider asks a lot of questions that are increasingly detailed and personal. But it can help in understanding what is required if we break KYC down into three stages.

First, there is onboarding where, for every new relationship, comprehensive due diligence is required. Next, that relationship has to be periodically assessed to ensure any changes are captured. This is called ‘renewal’. The third stage is ‘remediation’ where, in between onboarding and renewal, regulatory changes may demand that more or new information is recorded.

Part of KYC and client due diligence is related to the increased risk of money laundering, terrorist-financing and other criminal activities. It therefore involves gathering information to make sure that money-laundering risk is managed; it is our regulatory duty as banking services providers to ensure that funds do not move to support criminal activity.

Often KYC and AML are wrapped into a single comprehensive set of questions that your service provider must ask. Treasurers should know that we are trying to protect the safety and soundness of the financial system and that we are helping the regulators around the world ensure that financial crime does not occur under our watch.

To what extent is the process being streamlined?

I would like to say that the entire globe has consistent regulatory objectives and consistent means of evidencing those objectives. Unfortunately, that is not the world that we live in. Different countries place a greater or lesser emphasis on aspects of KYC and AML and its fulfilment by banks. As such, the regulations and their execution are not the same everywhere.

That said, I often tell clients who say, “you all ask for different things” that we really aren’t asking for different things because we are all following the same laws but may do so in a slightly different way.

From bank to bank, KYC is finding a high degree of consistency. The banking community has discussed what questions really need to be answered from a KYC/AML perspective and has tried to agree on one set of questions that we are going to hold ourselves to as the standard.

That has now been accomplished; I signed Bank of America Merrill Lynch’s due diligence questionnaire recently. Now, when a client asks for our AML/KYC due diligence questionnaire, it will be my signature on the back!

We have created a system that will search every document storage system that we have across the firm. It can look for a particular document, grab it and use it for the purposes of KYC. We are also increasingly using artificial intelligence (AI) to scan responses that clients give to questions, and then auto-populate a system so that there is less manual keying.

Stephanie Wolf, Global Head of Financial Institutions & Public Sector Banking for Global Transaction Services, Bank of America Merrill Lynch

Another aspect that Bank of America Merrill Lynch is very supportive of – and I would like the entire industry and all of our clients to be supportive of too – is using databases utilities to store the information.

The due diligence questionnaire responses that we have at Bank of America Merrill Lynch are stored in a shared utility administered by a third party. We do that because we want our other counterparties to have an easier time getting information from us.

I ask all of my clients “is there a database or a utility that you use to store your information?” If so, I will go there first, get that information, and then come back to fill in any gaps that might exist. It’s all part of the industry effort to make it easier for clients.

In terms of the regulations and the regulators, there are now industry organisations working to develop common standards. For example,BAFT, the Bankers’ Association for Finance and Trade, represents financial institutions, providing feedback on proposed changes in rules and regulations that impact KYC and AML. Aligned with other similar bodies, its aim is to make it easier for the industry and customers to comply by providing information.

The more governments work together to create standards, the more utilities enable databases of answers to be created, and the more banks agree to a common set of standards, the easier it will become. Until then, it can be hard to keep up, for all of us.

How is technology helping with this journey?

The perfect solution for KYC/AML would be that the moment a regulation changes, it could be implemented from a single screen for all customers around the world instantly. Sadly, it doesn’t work like that.

Where standards are constantly evolving, technology is always going to be behind. You cannot build it while it is changing. We are investing technology dollars as fast as we can and I know our clients are trying as much as they can to automate their processes. The only solution is for change to happen at a slower pace, just so we can all keep up.

If there was one utility where all KYC information was stored globally, then I could build one pipe in to get the information,populate my system and all would be good for another year or two until I had to refresh. But there isn’t one utility; there are many. We can’t build a pipe to every single utility, so we end up with lots of manual processes.

There needs to be a narrowing of the set of regulations into a common standard. That doesn’t mean fewer questions, that doesn’t mean less information. What it means is that with fewer standards, and fewer places for those standards to be maintained, technology will not only be able to catch up, it will finally leapfrog the flow of rules.

In the meantime, at Bank of America Merrill Lynch we have created a system that will search every document storage system that we have across the firm. It can look for a particular document, grab it and use it for the purposes of KYC. We are also increasingly using artificial intelligence (AI) to scan responses that clients give to questions, and then auto-populate a system so that there is less manual keying.

Do you foresee change for the better?

I do but it will happen by evolution, not revolution. I am optimistic that within five years we will not consider KYC the burden, from a client perspective, that it is today.

All of the work that we are doing now around KYC/AML – thinking about the questions that we ask, where the information is stored, how it is used, how we comply with regulations – we are doing to make our clients’ lives easier and make it easier for them to do business with Bank of America Merrill Lynch. Easier, simpler KYC/AML is in our future. Getting there allows us more time to focus on what our clients consider more value-added and that is helping them run their businesses more efficiently.

All our content is free, just register below

As we move to a new and improved digital platform all users need to create a new account. This is very simple and should only take a moment.

Already have an account? Sign In

Already a member? Sign In

This website uses cookies and asks for your personal data to enhance your browsing experience. We are committed to protecting your privacy and ensuring your data is handled in compliance with the General Data Protection Regulation (GDPR).