Some believe an industry utility may ease the operational burden of managing KYC documentation but there are concerns over data security, accountability and customisation. Lynn Strongin Dodds explores.
It is not just the avalanche of new rules keeping financial services firms awake at night, it is also the know your customer (KYC) documentation that needs to be churned out. The operational tasks are onerous and while the burden could be eased by an industry utility, concerns over the security of data, accountability and customisation could hamper its development.
KYC is not a new phenomenon, having come onto the scene in 1970 as part of the US Bank Secrecy Act. It has since been supplemented by the USA PATRIOT Act after the September 11, 2001 terrorist attacks as well as a host of rules borne out of the financial crisis. They range from Dodd Frank and the final version of the Foreign Account Tax Compliance Act (FATCA), first enacted in 2010 to the new customer due diligence requirements being mulled over by The Financial Crimes Enforcement Network (FinCen). These are part of the recommendations of the Financial Action Task Force, an international organisation that develops policies to combat money laundering and terrorist financing.
In Europe, firms are grappling with the 4th anti money laundering (AML) directive, the European Market Infrastructure Regulation (EMIR) as well as the Bank Account, Network and Information Security and Eurocrime directives. This is not even mentioning the UK’s Financial Conduct Authority plan to conduct a thematic review into AML and anti-bribery systems.
Although the rules vary, the common thread is that firms need to have the latest and most comprehensive information about their clients in order to prevent identity theft, financial fraud, money laundering and terrorist financing. If they don’t, they could face stringent fines and sanctions.
Not surprisingly, though, getting all the KYC information ducks in order to comply with all these edicts will not be an easy task. One of the main problems is that the current manual, decentralised processes are unlikely to be able to cope with the vastly expanded regulatory framework and subsequent extended client base that will need new documentation, checks, screening, enhanced controls, monitoring and updating. Silos will have to be broken down while an integrated view of KYC data across an organisation needs to be developed. This means firms will have to dig deep into their technology pockets at a time of cost cutting and tight implementation deadlines which regulators may not be willing to extend.
Jaroslaw Knapik, senior analyst at Ovum and author of a report published last year – KYC, Single Customer View, and Information Management – The future of “know your customer,” said: “banks have had their reputations tarnished over the course of the financial crisis, and managing relationships with customers has never been more important. However, despite investments in various systems, consistent and current customer information across the bank remains elusive.”
The Ovum report noted that that the future KYC framework will need to consist of processes similar to those that are common today: initial screening, decisioning, and ongoing monitoring. However, both the input and output channels are likely to be expanded to incorporate the ability to use the solution across the enterprise.
“The traditional KYC requirements are clearly evolving with FATCA, EMIR and Dodd Frank with the result being that there are new ways to classify customer information,” says Mark Davies, general manager and head of Avox, a specialist provider of legal entity data solutions and a wholly owned subsidiary of The Depository Trust & Clearing Corporation (DTCC). “One of the main challenges is that they vary by country and there is no standard KYC document set because all the regulations require different client information.”
Alan Paris, principal, financial services at business processing specialist eClerx, adds, “KYC is being incorporated into central on- boarding for new accounts. The conduct of business cuts across different department boundaries – legal, compliance and tax. The toughest part is the renewals which is three years for low risk but annually for high risk clients. This can create a backlog because it is often difficult to find information for the high risk group.”
Another issue is that from a bank or insurance company perspective, KYC is not a value add proposition, according to Kevin Burrowes, partner at PwC. “If someone was able to provide a utility service it would be enormously powerful for the industry. There are constraints and challenges such as ownership and governance. The other difficulty is managing the risks inside the utility. The rigour and oversight of the utility would have to be significant.”
Customisation and confidentiality of information are also major concerns. There is talk that DTCC is exploring the utility options while banks may also join forces to establish one. “The bottom line is that there is no one size fits all solution and there will likely always be a need for bespoke data services, tailored to each client,” says Davies of Avox. “However, I think an infrastructure organisation like DTCC with proven data management experience could create standardisation and utility capabilities that eliminate many of the redundant processes being performed by financial institutions, while providing financial firms the flexibility to customise and secure their own data.”
Jonathan Davies, chief executive officer of consulting firm JDX. “I think a utility would make sense because it could create a market standard and help reduce costs. I know one of the arguments against is that banks do not want to share information but KYC still has manual processes and is expensive to do. I think though that the banks could come together and build a utility in a similar way as they did with Turquoise (a multilateral trading facility created by nine investment banks in 2008).
Paris also cites TradeWeb, Markit and FXall as other examples of industry-led utilities. However, he sounds a note of caution. “At first glance, it is a great idea because of the commonality of the data and the fact that many of the banks share the same counterparties. However, there is a lot of the added value that a utility can’t do. For example, it goes without saying though that the data will need to be scrubbed, cleansed and updated by each bank.”
In the meantime, banks are approaching the KYC hurdles in their own way. Some are trying to overcome them by outsourcing to third-party providers while others are developing their own internal processes which involve hiring additional internal staff. While many would like to see an industry-led utility, the general view is that it could be a long wait.