With the cost of KYC compliance increasing, sharing client information to a standard everyone trusts makes absolute sense. Chris Hall explores how far KYC utilities and technologies have come and what practical support they offer to help reduce the costs of compliance
An accelerated development of global standards for the sharing of customer information is providing a welcome addition for what has long been a burden for correspondent banks. In February 2018, the Wolfsberg Group of 13 banks announced that it had revised its Due Diligence Questionnaire (DDQ), a de facto standard for correspondent KYC due diligence information.
Global regulators, including the Financial Action Task Force (FATF), the Financial Stability Board Committee on Payments and Market Infrastructures (CPMI) and the Basel Committee on Banking Supervision, have already given this a nod in a joint press release on 8 March 2018,1 endorsing the updated DDQ.
This amendment has been welcomed, for the simple reason that full customer knowledge – in the form of detailed checks to a specified level of granularity – has stretched even the most established financial services providers. It has been particularly difficult for correspondent banks to achieve, and causes headaches for their customers, too.
Not only do they have to fully understand a prospective client’s business, including ownership structures, risk appetites and geographic footprint, but because correspondent banks allow client banks’ transaction traffic to flow through their own infrastructure, they must also understand at a detailed level the nature and shape of their clients’ clients’ business, or so-called Know-Your-Customers’-Customer (KYCC). Failure to do so not only increases the risk of fraud, cybersecurity attacks and other operational hazards, but it also lays the bank open to steep fines, as regulators raise the bar in protecting consumers, increasing transparency and tackling financial crime. According to SWIFT, there are 1.3 million bilateral correspondent relationships across the banking industry. “That’s a huge administrative burden for banks each time a relationship is added, or information needs updating,” it notes.2
A ramp-up in due diligence obligations over the past decade impacted data collection workloads; demanding correspondent banks take the necessary steps to understand the risks inherent in the payment flows of their clients’ clients. Furthermore, this all has to be done in the context of multiple sanctions regimes3 and fraud prevention requirements. As a result, third-party tools and capabilities have emerged, offering the means to exchange and verify KYC data cost-effectively and monitor transaction flows through data analytics to ensure continued compliance.
Knowing your customer makes sense from a commercial as well as a risk management perspective. But proving full compliance with KYC legislation across multiple jurisdictions can thwart commercial imperatives. The cost of conducting water-tight due diligence checks and risk assessments – both at the start of a business relationship and at regular intervals throughout – can soon prohibit profitable service delivery, especially if KYC checks are conducted manually, and subject to different processes and requirements across product lines, client groups and markets.
Katja Zschieschang, Director for KYC Business Execution, Global Transaction Banking, Deutsche Bank, says banks improved their processes and coordination to manage higher data volumes. “Like many banks, we initially took on more human resources to handle the data we need to capture and evaluate in line with increasing regulations, but we’re now getting smarter in how we collect and review information. Rather than several different departments sourcing the same or similar data, we share core information internally, then request more specialist, product-specific details if necessary,” she says.
"To be truly effective, KYC utilities need to
leverage multiple technology innovations"
If payments banks pare back their use of correspondents, there is an inevitable consequence for the breadth of cross-border payment services offered to corporate and institutional clients. “In recent years, corporates large and small have experienced a reduction in the availability of cross-border payment services and a reluctance by the banks to take on new business,” says Caroline Stockmann, CEO of the UK’s Association of Corporate Treasurers.
While banks have had to adapt their operations, the changing regulatory landscape has also had a far from trivial impact on corporate treasuries. “The treasury department of even pretty large multinational corporates might be staffed by only a handful of full-time employees. They can’t afford to spend a lot of time supplying compliance data, which means the reduced availability of correspondent banking services can be a very real barrier to doing business,” Stockmann adds.
Utilities: why come together?
The CPMI report backed a number of collaborative initiatives aimed at more effective information sharing, notably greater use of utilities serving as shared central repositories of KYC due diligence data, with the aim of reducing the time and cost spent sourcing and preparing information bilaterally.
In recent years, the number of KYC utility operators has reduced through consolidation, with the facilities being integrated into a broad financial crime compliance service offering, in response to a more coordinated approach by financial institutions. Overall, the core utility service proposition is similar, i.e. secure, scalable processes for permissioned exchange and storage of compliance-related documents, typically standardised and validated. However, functionality varies, for example on the extent of validation, the range of documentation covered and the diversity of the client base (see Figure 1).
Figure 1: KYC utility operators
Enables banks and brokers to source validated KYC data from buy-side securities market participants, e.g. hedge funds, multinational corporates and asset managers. Integrates its utility into a wider range of risk management, compliance and reference data offerings and, says its website, provides “validation of publicly sourced and client-provided entity data using defined industry standard KYC policies to complete management of KYC processes”.
Thomson Reuters KYC as a Service
Provides the same capability to banks and brokers as IHS Market and includes the former Clarient (acquired in 2017). Website states that it ‘provides end-to-end client identity, verification, screening, and monitoring for accelerated client onboarding, remediation and refresh built on an interactive platform that streamlines KYC compliance and the distribution of due diligence information.
SWIFT KYC Registry
Focussed on multilateral KYC data exchange between correspondent banks at present, the cooperative provides compliance tools across both the payments and securities markets. “SWIFT has worked with the world’s largest correspondent banks to define a set of data and documentation that addresses KYC requirements across multiple jurisdictions,” states the website.
However, utilities have faced significant barriers to achieving critical mass, notably guaranteeing secure exchange of accurate and timely data, diverse regulatory requirements and attitudes to utility use across jurisdictions, and the nascence of industry-wide data standards for KYC-related information. Even if, as recommended by the CPMI, regulators coordinate expectations and correspondent banks can achieve consensus on standardisation, are utilities the silver bullet?
Recent advances in standardisation and use of technology give scope for optimism. To ensure standardisation of the KYC data shared between correspondent banks using its KYC Registry, SWIFT established a working group of global transaction banks, including Deutsche Bank. This means that any bank requesting KYC data from the utility on a correspondent is guaranteed to receive a ‘baseline’ of SWIFT-verified information across five categories:
- identification of entity;
- beneficial ownership structure and key controllers;
- products and services;
- AML policies and compliance structures; and
- tax information.
A further step towards standardisation was made in October 2017 when the SWIFT KYC Registry was aligned with the recently revised Wolfsberg Group Correspondent Banking Due Diligence Questionnaire (DDQ).5 This means users can complete the Wolfsberg questionnaire directly via data contained in the utility. Zschieschang says the working group has helped the KYC Registry respond to the evolving needs of correspondent banks, such as the use of timestamps and development of APIs to ingest data directly into users’ internal systems, but acknowledges cost-based resistance from smaller banks. “I hope that ongoing efforts to explain the security and standardisation benefits of sharing data via a dedicated utility – rather than bilaterally over email – will overcome these reservations,” she says. So far, the KYC Registry is the only utility to have aligned its data ‘baseline’ with the updated DDQ and it remains to be seen which other utilities will take a role in supporting this industry standard.
This utility concept is being looked at more broadly as support from the public and private sector continues to grow. The KYC Registry, for example, is looking to extend its reach to non-bank financial institutions and corporates in other segments beyond financial services.
Investigating new technology
Technology has, until now, been an underutilised resource in the goal of leveraging data to support the potential of utilities. IBM’s Marc Andrews, Vice President, Watson Financial Services, believes utility providers are not fully exploiting recent technology innovations to help banks and their clients cope with evolving and diverse KYC compliance challenges.
Partly inspired by the mountain of compliance paperwork greeting its incoming Singapore-based regional CFO for Asia, IBM recently completed the proof of concept stage for a KYC utility with a group of partners, including Deutsche Bank, and is now looking to pilot – using real customer and bank information – before rolling out more broadly.
Ultimately, the aim is to provide a secure, scalable and decentralised platform for collecting, validating, storing, sharing and updating KYC information, thus benefiting a network of participants, including banks, corporates and regulators. “Initiatives such as this require regulatory support to achieve widespread adoption. Singapore could prove a good test bed due to the interest the Monetary Authority of Singapore has shown in promoting the use of new technologies to drive efficiency and positive outcomes for end-users,” says Andrews.
Utilities have largely failed to efficiently address the diversity of KYC requirements across jurisdictions, contends Andrews. But he argues that fast-maturing digital technology innovations have the potential to significantly enhance their ability to reduce compliance costs.
Advances in robotic process automation, for example, are streamlining and accelerating data extraction activities required to validate customer data via third-party sources. In addition, cognitive computing and text analytics are helping to identify potential new risks arising from counterparty relationships. Rather than relying on negative newsfeed alerts for terms such as ‘fraud’ or ‘bribery’ being associated with counterparties or clients, it is now possible to flag broader concepts, which can improve precision and reduce generation of false positives.
Perhaps most significantly, the commercialisation of distributed ledger technology (DLT) is encouraging organisations to share standardised KYC information on a multilateral basis, thus reducing effort, but maintaining control. On IBM’s DLT-based KYC utility, for example, the client can securely post and store information requested by a particular bank, then grant permission to other banks that need the same information, rather than filling in yet another form. The facility enables them to upload new information not already posted and update existing data.
“To be truly effective, KYC utilities need to leverage multiple technology innovations, with services and tools sitting on top of the ledger to refresh the information contained within,” says Andrews.
Furthermore, APIs and the interoperability of banks’ technology stacks could also support the KYC data collection cause. Through the KYC Registry, for example, SWIFT is looking at how APIs can improve efficiency and automation and is getting more support from banks for systems that talk to each other.
The number of correspondent relationships within the banking industry
Buck stops at the bank
As utilities continue to drive adoption among correspondent banks and forge interoperability among those banks through new technologies, their support – from both the public and private sectors – continues to grow, as evidenced by Wolfsberg. However, as interoperability and cross-border regulatory coordination tend to increase consistency of requirements over time, thus simplifying compliance efforts, wrinkles will remain.
According to Bart Claeys, Head of KYC Compliance Services at SWIFT, utilities do not represent any form of outsourcing or delegation and, as such, do not change banks’ regulatory obligations. “Our utility provides access to a unique and validated global source of data, while banks retain liability and responsibility for the decisions taken, based upon the information,” he says.
In other words, while no one utility is likely to serve all segments and use cases, utilities have their place as a useful part of the correspondent banking toolkit. In addition to this, more interoperability through APIs and the exploration of DLT will likely further support them as time goes by. While these advancements do not necessarily present a silver bullet for KYC, they are nevertheless a valuable set of weapons in the fight against financial crime.
Chris Hall is a freelance financial journalist
4 See the BIS report Correspondent Banking (July 2016) at https://www.bis.org/cpmi/publ/d147.pdf
5 See https://bit.ly/2q8MPzL at wolfsberg-principles.com
Sign me up
Register for exclusive insights
relevant to your area of
Manage your profile and
preferences to receive exactly
what you need