It begs the next question: why do banks cling to their own practices? The answer lies in the fact that ultimate KYC responsibility remains with banks – they are still accountable for knowing their customers and making final decisions regarding customer acceptance. “SWIFT is not a financial institution and we are not regulated as such,” says Claeys. Tom Devlin, Partner at law firm Stephen Platt & Associates and behind the development of KYC360, a community of anti-money laundering and financial crime professionals, adds. “These services are appealing because they reduce the workload and compliance headcount for banks, but the danger is that if the provider gets it wrong, the bank remains on the hook. Banks can’t outsource their responsibility.”
Competition amongst banks is also a factor impeding collaboration. “There is a cultural mentality amongst banks that if they do KYC well, and others do it badly, they will have an edge. How fast a bank can on-board a client affects how quickly they can win business,” says O’Shea. Similarly, the proliferation of competitive KYC services chasing the same segment reduces the chance of industry-wide standards. “Seven is too many. One or two would be plenty,” says David Blair, seasoned treasury expert and Managing Director of Singapore-based Acarate Consulting, in reference to the number of third-party providers competing for market share. He believes that the sector is likely to consolidate and special providers emerge for particular markets, like KYC for SMEs, just as SWIFT has cornered the inter-bank market.
It has left some experts to reason that only when regulators deliberately specify clear KYC parameters and requirements, will shared platforms or ‘one-stop-shops’ really work. “Regulators refuse to tell banks what constitutes adequate KYC and banks continue to dream up more and more ridiculous KYC criteria for their clients,” says Blair. “One alternative would be for national governments to take on policing KYC. They already provide passport and tax identification services, and hold details on corporate earnings. This is a good basis for KYC.”
He argues that corporates themselves should also work harder to create uniformity, taking a more proactive stance on submitting their information to shared platforms and updating outdated records that put the compliance process at risk. “This would make it much harder for banks to insist on their own in-house compliance requirements. A strong corporate stand will also make the banks’ position with the regulators stronger,” he says.
Bank acquiescence was certainly something Sack noticed. When Sivantos signed up with managed service provider kyc.com, a platform developed by IHS Markit and Genpact in collaboration with four of the big banks, he was immediately able to take a tougher stance with the company’s 30-odd banking partners over KYC and on-boarding. “By using a tool I know is acceptable to major banks, I can tell my banks to take it or leave it. From our experience they quickly come round to accepting the documents on the platform.”
Similarly, banks also need to encourage their corporate clients to get on platforms, ensuring treasurers understand the proposition and reassuring them that their data is protected. The concept of sharing and pooling information behind the platforms will only work when adoption rates grow, creating in Reuters’ Pulley’s words, “volume”.
Progress is also stalled by the lack of joined up regulation between regions. Local laws and restrictions, such as whether customer data can be stored outside the country, blight progress. Selvan Lehmann, a project manager at the not-for-profit Basel Institute of Governance explains. “You can’t violate privacy regulations and this also affects reporting obligations. There are still no clear regulations on what banks can, and cannot, disclose to regulatory authorities across jurisdictions.” In an unprecedented attempt to provide AML uniformity across jurisdictions, Basel launched the Basel AML Index in 2012, an annual global ranking of country risk regarding money laundering and terrorism financing. “There was no such tool available before and what we’ve achieved with the AML Index is still only a very small part of the compliance issue,” he says.
Yet these challenges are surmountable, counters Sack. “Our KYC requirements were a nightmare because of the different requirements in Singapore and Hong Kong, but you can find a tool that works for you,” he says. “We benefited from being a small company and having the freedom to make decisions ourselves. As the treasurer, I am responsible for on-boarding and I was happy to give it a go.”
For financial crime experts, shared platforms also have other worrying unknowns. Utilities, and even tailored managed services, struggle to provide the event-driven data that tracks the everyday financial habits of financial institutions and businesses. It is this information that builds the complete customer profile that is the real alarm bell to financial crime. “We don’t monitor clients; this is not our role,” admits SWIFT’s Claeys. “If information is updated we send a note to banks, but our role is objective and factual, not judgemental.”
Devlin argues that rather than “on-boarding the customer and then leaving them alone for five years,” KYC needs a more holistic approach that brings banks closer to their customers’ behaviour. It should include tracking client spending habits, social media activity and internet search histories to build an in-depth social profile: it is no longer just about who you are, but about what you do. “There is a limited value in extensively proving who someone is,” he says.
Technical innovation offers a solution on the one hand – but adds to the problem on the other. It puts KYC tools from biometrics to running searches for criminal convictions and compiling negative news data feeds at service providers and banks’ disposal. Yet more data means more information to submit and manage, more overheads, and the danger of losing what is truly valuable in the quantity of information. Regulators, and corporates already wary of identity theft, still need to engage with technology. Much KYC regulation was written in the pre-digital age and doesn’t readily facilitate the use of digital techniques, although regulators including the UK’s Financial Conduct Authority and the Monetary Authority of Singapore, are beginning to adapt.
And of course the relentless demand for data holds more worrying consequences altogether. It could push financial crime – and respected, frustrated businesses – away from conventional lenders to alternative financial intermediaries that are not subject to the same regulatory oversight. “Some people will begin to question whether to engage with mainstream financial services because of all the data requirements,” warns Devlin.
One solution could be Blockchain, the shared database technology shaped around a network of computers which approve a transaction recorded in a chain of computer code. It is increasingly touted as an answer to safely storing validated KYC details on individuals or companies. Details are recorded on a public ledger that anyone on the network can see. The more people that have the ledger and participate in the approval process, the more secure it becomes. Proponents of the technology, like consultancy PwC which is currently assessing the blockchain’s adaptation for KYC, argue it could help with data security around repositories holding large amounts of sensitive data, and greater standardisation.
A recent report by Spanish bank Santander, management consultancy Oliver Wyman and venture capital investor Anthemis, argues that the technology could cut banks’ infrastructure costs for cross-border payments, securities trading and regulatory compliance by $15-$20bn a year from 2022. “Greater innovation around how the information is collected from the clients can improve the overall client experience. Digital solutions are key to this and so are security technologies that improve and ensure data protection. While we are looking at Blockchain and its potential, it is still too early to determine what lasting impact this will have,” says Fleet. Others are more cautious, concerned that the future technology detracts from today’s pressing issues around compliance. “I understand why people are looking at Blockchain but I am still sceptical. I believe it would complicate KYC further, holding it back rather than encouraging it,” says O’Shea.
Whatever the future holds, easing the current regulatory burden of KYC depends on banks and their customers signing up to new platforms. “The end-game that third-party utilities can help drive a single and validated golden source is something that is going to be very valuable for the entire industry,” says Fleet. Far-sighted corporates have got to lead the way.