The 2008 financial crisis left a legacy that caused a major shift in the financial world. Although for the best, a highly complex compliance framework now presents its own set of challenges to the industry, from rising costs to the difficulty of implementation. One such policy is ‘Know Your Customer’, commonly referred to as KYC. The logic behind the recent upgrade in KYC is reasonable; by demanding detailed information about counter parties, banks are less likely to engage in money laundering and terrorist financing unknowingly, while also being hampered from doing so knowingly.
That being said, compliance is no easy task – it requires a dedicated team of specialist data experts and a complete transformation of internal processes within institutions. So precarious has the situation become, that some banks are abandoning entire categories of customers so as not to face the looming risk. But ironically, doing so only increases the likelihood of fraudulent behaviour within the global financial network.
KYC is not optional. Unless complied with, it poses the risk of huge fines (see Fig. 1), as illustrated by the £7.6m fine issued to Standard Bank in 2014 for its failure to implement sufficient money laundering controls. As such, KYC is now an integral part of a bank’s risk based approach, which is vital for monitoring clients and counterparties. KYC enables institutions to understand risk more effectively, which is a crucial tool in a globalised network.
Through the correct implementation of KYC, financial parties are made aware of pertinent issues relating to a customer, such as their reputation, whether they have a fraudulent history or if they are currently facing money-laundering penalties. There is also the ever-important risk profile of the country in which the institution is seeking to do business, if sanctions come into play and whether there are any Politically Exposed Persons (PEP) involved.
KYC enables institutions to understand risk more effectively, which is a crucial tool in a
“Across the industry, banks are getting better at initial client on-boarding and data/documentation validation at the initial point of collection. However, with the introduction of many new regulations, such as Dodd-Frank and FATCA to name two, there is now an additional requirement to also categorise clients as part of the process”, said Patrick Hinchin, Director of Product Management at Accuity, a world leading provider of financial solutions.
Implementation is thus a costly enterprise, largely due to the complexity of decision trees and the necessary integration of technology platforms. Sourcing accurate and up to date data is a considerable challenge for institutions, which is made more difficult by the lack of standardisation across the industry. Furthermore, ongoing monitoring of counterparties and tracking any changes in relevant information requires integrated computer systems and a specialised team, not to mention the countless man-hours required for such an enterprise.
While keeping abreast of the latest details is necessary for each and every customer, the regularity in which it is necessary to do so depends on the risk profile of the client and the country. Those that are deemed as high risk will require re-evaluation more frequently and additional data points. Therefore, by understanding the level of risk to begin with, the system can be far more manageable than many presume. Of course, it is inevitable that in such shifts in working models, there are numerous teething problems during the transitional period, as evidenced in this case by the rising incidence of fines for poor risk management and data inefficiencies, which thereby indicate that there are still a number of inefficiencies in compliance procedures.
As a result of the increasing cost and difficulty of KYC compliance, a number of institutions are turning to de-risking, whereby they no longer offer services to entire groups of customers that score highly in terms of money laundering risks. De-risking impacts correspondent relationships considerably, while also preventing mutually beneficial financial dealings. In addition, there is a growing incidence of unbanked banks, in which larger institutions withdraw their support of smaller, local counterparts that rely on such partnerships significantly. Both outcomes could be particularly detrimental for countries seeking investment and project financing for much needed infrastructure development, which often happens to be those with higher risk profiles.
Moreover, de-risking is actually counter-intuitive as it can enable the very crimes it seeks to prevent. “Looking through a global lens, de-risking can actually lead to a higher potential for money laundering at some point in the payments chain. Entities that are being de-risked or unbanked will continue to operate and do business. However, there is more potential for money to be moved in illegal manner”, Hinchin told Mrassociates.
It is recommended that front house offices engage effectively with regulators so as to better understand how compliance can be carried out without the negative consequences described above. “Of course, to be able to do so, entities need easy access to a counter party’s data and documents, while also having exposures to their global transactions. This is where we see the industry using various vendor data to keep their systems up to date and to avoid mass de-risking. Especially as there are lucrative opportunities for banks in higher risk areas, having access to reliable information can encourage banks to maintain higher risk counter parties”, said Hinchin.
All-inclusive risk management
There may be situations in which a financial relationship must be terminated, as the risk cannot be managed successfully. Yet, this should not have to result in the cessation of entire categories of customers, as each individual must be assessed specifically. Doing so may require a new system in the bank’s internal operations, but it is not an impossible task. Traditionally, silo repositories have been used in financial institutions to store data regarding customers. New KYC requirements however necessitate a single customer view that is aggregated across the institution via a central repository.
A holistic approach facilitates regulatory compliance, while also assesses risks more efficiently through the in-depth identification of involved parties and a deep understanding of global exposures. This in turn improves customer service, which enables higher retention and conversion rates, as well as a superior level of internal communication within a bank.
“This is not an easy task and we see banks struggling with global and local regulations. An institution should primarily focus on its own jurisdiction and build relationships with all relevant regulators”, Hinchin explained. “To be able to achieve all-inclusive risk management across the board, risk, compliance and audit functions need to come together to form a combined view of risk management.” Given the importance of the task and the arduous process of continually fulfilling requirements, a number of banks have turned to outsourcing instead.
Third parties offer their own solutions, such as Accuity with its Bankers Almanac and Due Diligence Repository, which are managed by a team of data specialists that proactively engage with relevant individuals in order to maintain the latest documents and data. Thomson Reuters also provides KYC and client on-boarding solutions, as well as data management and due diligence for financial institutions using a standardised global policy for document collation.
There are still many challenges ahead, certainly in terms of compliance functions that continue to face difficulties due to limited resources and the volume of regulatory changes. The successful management of cross-border requirements will require significant investment into technology, data and the relevant expertise within compliance teams. To offset rising costs, it is crucial for banks to focus primarily on their own jurisdiction and build relationships with relevant regulators. This in turn will help institutions to manage compliance costs and stave off the temptation to de-risk.