For treasurers around the world, the challenges associated with know your customer (KYC) compliance have escalated rapidly in recent years. With banks required to comply with ever more stringent regulatory requirements – and facing the risk of regulatory enforcements and reputational damage if they are not compliant – the burden faced by treasurers in supplying the necessary information has likewise increased.
“If you talk to anybody who is remotely associated with the financial markets, KYC will come up as one of the big areas of focus,” says Sanjeev Chatrath, Managing Director, Region Head – Asia, Financial & Risk at Thomson Reuters. “KYC is the foundation of any kind of banking relationship, in that banks need to understand their customers and what is happening in their businesses. Having said that, KYC has grabbed more attention in recent years because of some of the enforcement actions that have happened.”
Indeed, Kristof Segers, a manager at Zanders, says that “monster fines” imposed due to anti-money laundering (AML) and sanctions control failings have incentivised financial institutions to strengthen their compliance frameworks and related processes.
With corporates increasingly struggling to meet KYC requirements, what specific challenges do they face – and what developments and initiatives could help them to overcome these issues?
KYC challenges in asia
Research published last year by Thomson Reuters explored the challenges faced by banks when conducting KYC and client due diligence (CDD) in Asia Pacific.
According to the Asia Pacific results of the 2016 Know Your Customer survey, which consulted 334 respondents across the region, the average time taken to onboard a new client is 26 days. The survey found that the costs associated with onboarding new clients had increased by an average of 18% over the last year and are expected to increase by another 14% in the coming 12 months.
Where specific challenges are concerned, 39% of the financial institutions surveyed cited a lack of people as the main challenge in conducting CDD/KYC processes. The research also noted inconsistent requests for information and “excessive client contact to the detriment of the client relationship” among the challenges.
Challenges for corporates
Dubbed a ‘nightmare’ by more than one treasurer, KYC compliance can be challenging for a number of reasons. For one thing, the process of opening a simple bank account is often far from simple. “While in the past a bank account could be opened in a matter of days or in some cases within the very same day, we now hear stories from multinationals who struggled for months to open a single bank account, especially for those corporates who have operations in developing and/or high-risk countries,” says Segers.
Where specific challenges are concerned, simply getting banks to provide a comprehensive list of the items required can be problematic. “It can be difficult to get a complete list at the inception,” says François Masquelier, Chairman of ATEL, the Association of Corporate Treasurers in Luxembourg. “Sometimes banks follow up with further requests after you deliver. And even if they are satisfied with the information, that doesn’t mean that they won’t come back in two years’ time with additional demands.”
Another issue is the duplication of effort involved in KYC. All too often, treasurers are required to provide the same KYC information again and again – both to different banks and to separate departments within a single institution. As Jack Spitzer, Treasurer of global health and wellness company Isagenix International, remarks: “I can’t count how many times I have told a bank, ‘You already have that’.”
Even once an account is open, corporates may receive recurring requests for KYC information throughout their relationship with a bank. Furthermore, unlike some other regulatory requirements which can be leveraged for the benefit of the company, KYC compliance doesn’t bring any advantages from a treasury point of view. “What makes this annoying is that it has no benefit,” says Masquelier. “You don’t generate any value – it’s a pure compliance issue.”
Lack of consistency
Compounding the challenge, the type of information requested can vary between banks and from country to country. For companies which work with multiple banks around the world, providing the necessary information can be extremely time consuming. Depending on the jurisdiction, companies may need to provide the passports, utility bills and bank statements of all signatories on a particular account. Requirements may also include directors’ information, such as names, addresses and dates of birth, as well as tax and legal documentation.
The lack of consistency between banks is a common challenge. “One issue is that there is no standardisation,” says Bart Claeys, Head of KYC Compliance Services at SWIFT. “The regulations are strict and they are continuing to evolve. At the same time, each bank will have its own internal risk appetite and will define its internal policies.”
“If you talk to anybody who is remotely associated with the financial markets, KYC will come up as one of the big areas of focus.”
Sanjeev Chatrath, Managing Director, Region Head – Asia, Financial & Risk, Thomson Reuters
Where specific challenges are concerned, Claeys notes that there is still a lot of physical document exchange involved in the bank to corporate space. “Sometimes these documents will need to be signed or notarised, bringing additional overhead,” he says. “This varies from institution to institution. Other banks may require a different format, or may require a certified translation of the document. What this means is that every corporate is having to redo the work with every bank and for every request.”
Marianna Polykrati, Group Treasurer of Chipita, a Greek based international food group of companies, points out that some the majority of banks today require corporates to provide details of their shareholding structures up to the individuals who own from 10% to 25%, depending upon either the country’s Central Bank policy or the bank’s own compliance policy. In some countries, the requirements can be even more arduous. “In Cyprus, there’s now a requirement that each relationship manager has a face-to-face meeting with each beneficial owner,” says Polykrati.
She notes that the requirements have ramped up considerably in the last two years: “Previously, we didn’t have to deal with so many issues – we simply provided a declaration. But now, for example, the National Bank of Serbia requires all the certificates of directors and beneficial owners of all the intermediary companies.”
Impact on bank relationships
These issues can have a significant impact on the relationship between corporate treasurers and their banks – indeed, in some cases KYC-related considerations may limit the pool of banks available to corporate treasurers. Polykrati explains that while providing the required information may not be an issue for public companies, “for a private company belonging to a fund or to wealthy individuals, there can be a reluctance to provide the necessary data such as passport copies and home addresses, primarily due to security issues.”
For Chipita, which has 28 banking relationships across countries including countries India to Mexico, Ukraine and Kazakhstan, Serbia and Cyprus, Polykrati says that this has resulted in some restrictions in terms of the banks the company can work with. “In some cases the attempt to initiate a new co-operation is too bureaucratic, so we decide at the end to work only with banks which already have a relationship with our top level parent company, or a bank that our major shareholder works with,” she explains.
Counting the cost
At the same time, the costs involved in KYC compliance can prompt banks to ask whether some relationships make business sense. Claeys notes that as the costs incurred by banks in doing KYC continue to rise they are, in some cases, becoming prohibitive. “If an institution performing KYC sees the cost go up to tens of thousands of euros, they will be asking whether that justifies the business opportunity,” he says. “If it doesn’t, they might decide not to onboard the client.”
ATEL’s Masquelier says that he has direct experience of this. “In one country, one of our banks took the KYC admin burden as a reason to decline opening an account for us,” he explains. “If banks start being selective in this way it will create a difficult situation – particularly for small and medium sized businesses.”
All of this comes at a cost. Chatrath notes that a global survey conducted by Thomson Reuters last year found that the costs and complexity of KYC are rising with financial institutions spending on average US$60m per year on client on-boarding and KYC processes – with that cost continuing to grow around 19% a year. “A lot of financial institutions have invested pretty heavily in terms of technology and hiring,” he adds. “They are recognising the need to leverage technology in order to make the customer experience much better.”
Know your bank
Another consideration is that KYC isn’t a one-way street. Mark Crowhurst, a Treasury Director at PwC, points out that treasurers should be asking questions about how well banks are able to protect their KYC data once it has been handed over. “Corporates want to know how well their data is being managed – they don’t want it to be exposed on the ten o’clock news if someone gets hold of the files,” he explains.
But there are also opportunities to benefit from banks’ expertise in this area. Crowhurst says that many banks advise their clients about topics such as cyber risk, which can benefit both parties. “There’s a reason why KYC and AML are important,” he adds. “Treasurers should talk to banks about why the requirements are so stringent and ask how they can help them reinforce their controls.”
Despite the many challenges, there are a number of developments and initiatives which may help to alleviate the KYC burden for corporate treasurers. In some locations, regulators themselves may play a part in helping to overcome the challenges. Chatrath notes, “I’m very encouraged with the amount of co-operation I’ve seen across regulators in Asia. They tend to be very focused around what they can do to be more enabling of the economies they operate in, while fulfilling their responsibility to avoid introducing the unnecessary risk of contagion within their regulated institutions.” He adds that it is not uncommon to see a number of regulators across Asia talking to each other, learning from each other and sharing information so that they can collectively be better informed.
It is clear that technology can play a role in streamlining KYC compliance for corporates. According to Zanders’ Segers, “The easiest and cheapest way is to be equally stringent towards your banks with regards to the information they request and ideally corporates should aim to agree on a standardised approach across their banking partners to prevent replication of tasks. Some companies store the relevant KYC company data in spreadsheets which they keep up to date and share with all of their banking partners on a predefined schedule.”
Innovative technology is also bringing new opportunities for efficiency, and there is considerable interest in how such developments can be leveraged to streamline the processes associated with KYC and compliance as a whole. For example, the Thomson Reuters Org ID KYC Managed Service enables banks and their customers to exchange KYC related information, thereby reducing onboarding time. Other platforms include KYC.com, a joint venture between Markit and Genpact which enables corporates to upload KYC related documentation and give participating banks permission to access their data.
Aside from solutions specifically designed to improve KYC processes, technology companies are also exploring the use of technology to overcome wider compliance challenges. “We are trying to help as much as we can through our technology solutions and trusted content solutions,” comments Chatrath. “For example, we’ve used machine learning and augmented intelligence to be able to identify fake news from trusted news, which helps us to get to things much faster using social media.” He adds that the company is involved with many proof of concepts around new technologies including digital identity and distributed ledgers.
Meanwhile, Claeys says that other solutions more traditionally adopted by banks, such as sanctions screening and name screening solutions, can also play a role in supporting corporate compliance efforts. “We’re seeing interest from corporate segments in getting more transparency and controls in place in order to avoid any problems later on,” he adds.
Beyond the solutions currently available, other developments could potentially help to address KYC challenges in the future. For one thing, PSD2 may provide more opportunities to make ongoing KYC processes more efficient. “Under PSD2, with a corporate’s permission, a bank could access the corporate’s bank statement from different banks,” explains PwC’s Crowhurst. “This allows the bank to look for unusual patterns in transactions.” He notes that developments such as blockchain and biometrics may present further opportunities for improvements around management of AML/ KYC data and verification.
Another area of interest is the development of industry utilities. SWIFT’s Claeys explains that until now SWIFT has focused on the inter-bank correspondent banking space, developing solutions to increase efficiency and transparency in KYC compliance. Particularly significant is The KYC Registry, a shared platform which enables correspondent banks to manage and exchange standardised KYC data. The Registry was launched in 2014 and is now used by nearly 4,000 banks around the world.
“We are currently running a feasibility exercise and are looking at whether it is possible to define a global standard for bank-to-corporate KYC.”
Bart Claeys, Head of KYC Compliance Services, SWIFT
“This is a utility approach with one centralised environment, which means that banks only need to upload their KYC information once,” says Claeys. “We check the information for completeness, accuracy and validity, and banks can then give the relevant institutions access to that data.”
While The KYC Registry is designed for inter-bank rather than corporate use, Claeys says that SWIFT is increasingly receiving requests from corporates who are looking for solutions to their own KYC challenges. As such, this is an avenue which SWIFT is exploring. “We are currently running a feasibility exercise and are looking at whether it is possible to define a global standard for bank-to-corporate KYC,” says Claeys. “We are considering whether a cloud based utility is something we could envisage in the bank-to-corporate segment too.”
Claeys adds that SWIFT is working through some questions before deciding whether to pursue this area. In the meantime, however, he notes that there are certain questions which will need to be addressed before a solution could be developed.
“What we have seen is that it is mostly the large corporate institutions with multiple bank accounts which talk about the challenges and inefficiencies they face,” he says. “But from the banks’ point of view, large multinationals do not necessarily present the most challenges – rather it is the smaller corporates with fewer bank accounts which may present more difficulties in providing the expected level of transparency.” As such, if SWIFT does embark on a solution in this area, decisions will need to be made about where any solution should be focused.
That said, there would be clear benefits to a solution which would enable treasurers to maintain one set of KYC information. Masquelier is an advocate of the utility approach: “Clearly it would be easier to maintain one set of data instead of 15 or 20,” he says. “Any solution that would improve the situation and reduce the burden would be welcomed by corporates.”
Masquelier points out that one potential obstacle is that most corporate treasurers prefer to wait until a finished product is available. “They don’t want to pioneer new solutions – but we do need a few pioneers to push this through,” he concludes.