Do you really know your customer?
The financial crisis of 2008, as well as other significant events like 9/11, heralded the start of a new era of regulatory scrutiny. They brought into sharp focus the pitfalls of an inadequate regulatory framework and highlighted the many risks hiding in human and business networks.
Regulators responded by introducing a plethora of ever-more-complex regulations governing the financial community. Now, more than ever, banks and FIs simply cannot risk doing business with any organization or individual with connections to financial crime or funding of terrorist organizations; or where they cannot quantify the risk: understanding the risk of doing business with an entity or individual has become more crucial than ever.
These factors focus the need on ensuring that information on customers be maintained, valid and appropriate. It is vital to understand customer activities involving:
• Who their business partnerships involve
• Where their location of business is taking place
• What type of business they are involved in
• How their source of wealth has been obtained
This information enables organizations to make informed judgments about whether or not to provide – or continue to provide – services to particular customers. Those engaged in inappropriate, suspicious or non-compliant/illegal activity can only be identified if the due diligence conducted is thorough, accurate and complete.
An ever-changing regulatory landscape
Financial industry players have increasingly come under the regulatory spotlight and the sheer number of regulations governing Anti-money Laundering (AML) and Counter Terrorist Financing (CTF) continues to rise. Tighter regulations, while necessary to maintain the integrity of the global financial system, have created very real challenges for banks and FIs.
Costs, time and effort have spiraled almost out of control, with one estimate suggesting that there are approximately 170 changes to regulation, or regulatory activities, every single day. While not all of those concern customer due diligence, a large part of the challenge lies in understanding and analyzing this volume of regulations in order to decide what is relevant, the ability to accommodate new and changing regulation and ensuring procedures are watertight from an audit perspective.
The 2012 Financial Action Task Force (FATF) Recommendations, in particular, set new guidelines that require the regulated sector to hold relevant, up-to-date ownership information on all customers. These Recommendations are already filtering into legislation (in particular, the EUs Fourth Money Laundering Directive 4MLD) around the globe, with different regulators interpreting the new legislation differently - further adding to the complexity faced by compliance professionals.
Costs, time and effort have spiraled almost out of control, with one estimate suggesting that there are approximately 170 changes to regulation, or regulatory activities, every single day
KYC affects banks and end-clients alike
Compliance is never optional, it is simply a requirement and the cost of getting it wrong is well-documented. Banks clearly have a regulatory obligation to conduct thorough KYC due diligence on all their clients and, further, to maintain up-to-date customer profiles, but there are knock-on effects that affect both the bank and their end-clients.
TIME, COST AND EFFORT
Determining who you can and should do business with has significant implications for both banks and end-clients in terms of cost, time and effort. Additional strain is placed on existing resources and this often leads to frustration. Not only has the sheer volume of due diligence information required increased exponentially, but the supporting documents will usually reside in several different locations within your company. Finding, extracting and organizing this information has become increasingly burdensome and time-consuming.
SLOWING THE PACE OF BUSINESS
Whether you’re a trading firm, corporation, hedge fund or asset manager, the due diligence process required for KYC compliance with a new FI can now take over 6 months - just to open a new account. And it’s not just opening the account that is time-consuming. There are also intermittent and ongoing identity verification requirements to ensure that banks maintain an up-to-date single view of each client and identify any emerging risks. In addition, FATF recommended in 2012 that it should be a legal requirement for an organization to provide their bank with the most up- to-date legal entity information available at any given time.
NO CONSISTENT STANDARD
As regulators move from a tick-box to a risk based approach to compliance, banks are left to interpret AML legislation and develop their own processes to comply with KYC regulation. With no consistent ‘standard’, each bank requests end-client information in its own unique format – leading to further duplication of effort.
The security of end-clients’ strictly confidential information cannot be guaranteed. Information is often disseminated via post or email and can easily be lost or intercepted. Emailed information, in particular, is easy to hack if it is not encrypted. The alarming rise in cybercrime and identity theft has been well-documented in recent headlines and serves to highlight the dangers of business-critical information falling into the wrong hands. And even if the secure delivery of documentation to the right person is achieved, end-clients have no control over how this information is stored and who can access it. These are very real security concerns. Understanding exactly who you are doing business with is of the utmost importance, but KYC issues affect all stakeholders. Both banks and end-clients want to spend more time on running their businesses and less time on KYC
KYC issues affect all stakeholders. Both banks and end-clients want to spend more time on running their businesses and less time on KYC.