Towards Increased Efficiencies in KYC and TDD Screenings
Banks are subject to an increasing regulatory pressure relating to various regulatory regimes, such as anti-money laundering ("AML"), economic sanctions and export controls. To mitigate potential liability, banks regularly invest resources in screening their customers and their customers’ transactions, a procedure that is normally referred to as Know Your Customer and Transaction Due Diligence Screening ("KYC/TDD"). As many customers often engage with more than a single bank at a time, the efforts of these banks, with respect to KYC/TDD, are often duplicative. They are conducted separately by several banks with minimal-to-none cross-banks coordination. This working paper explores the pitfalls of the currently applied duplicative system of KYC/TDD and proposes a coordinated system that may substantially reduce KYC/TDD procedure costs and improve overall efficiency. We subsequently describe the process side of the system and analyse potential challenges.
As banks and customers alike begin to recognise the importance of improving operational efficiencies and increasing customer satisfaction when conducting KYC/TDD, the IFFC's Compliance Chamber has developed a third-party KYC/TDD vendor model, designed to save some of the resources lost as part of a duplication of efforts exerted by various banks to gather similar sets of information regarding their customers.
Over the past several years, many proposals of market utilities for KYC/TDD have emerged globally. We propose engaging an existing or a newly-created vendor (or a consortium of vendors) to standardize the KYC/TDD processes and ensure smooth customer on-boarding and regulatory compliance. This would be done by centralising both customer information and related documentation into a secure repository. Banks subscribing to the system would be able to access the centralised database in relation to their prospective customer and leverage the information to further perform enhanced risk management. With this information, banks would be able to decide on whether to engage in transactions with the customer, thereby reducing the overall operational costs.
KYC/TDD: THE PROBLEM OF DUPLICATION OF COSTS
Role of KYC/TDD in combatting financial crimes
Banks are required by laws and regulations to perform KYC/TDD screening on their customers and their customers’ transactions. In order to comply with a myriad of regulatory requirements and mitigate risks, banks perform KYC. Furthermore, banks ― depending on the levels of risk associated with a transaction ― conduct TDD to assess the customer risk as well as to determine the customers’ transactional risks in certain geographical, sectoral, product and tax areas, and to identify irregular and suspicious transactions.
Briefly, this process entails extensive due diligence to identify the trustworthiness of prospective customers and to obtain relevant information necessary for doing financial business with them. The growing pressure in the financial industry and the increase in customer expectations means that the compliance function has never been more vital to banks and other financial organizations in terms of offering an efficient customer on-boarding experience, while at the same time detecting criminal activity and deterring people and businesses from engaging in criminal activity. The KYC/TDD processes serve as the first line of defence for banks when screening potential customers, having great implications for not only the bank's bottom line, but also its reputation. The KYC/TDD processes may shield banks from money laundering, terrorist financing and other related threats to the integrity of the international financial system and ensure that banks engage with reputable and compliant customers. However, a bank's ability to do this is largely influenced by the data it can gather on prospective customers, the efficiency of the data- gathering process, and industry-related laws and regulations that it is required to comply with.
Offenders are becoming more specialised in their criminal activity, leaving authorities with increasingly complex questions and more sophisticated investigations. Laws and regulations across the industry are constantly evolving in order to ensure that banks are able to effectively identify, verify and monitor their customers and their customers' financial transactions, to prevent money laundering and the financing of terrorism. The financial industry has undergone ample shifts since financial regulators increasingly began to focus on enhancing the level of sophistication of KYC/TDD. Despite those changes, the complex laws and regulations are far from being standardised and leave substantial room for interpretation by individual banks.
Inconsistent KYC/TDD processes
Banks are subject to a wide range of regulatory frameworks such as the Fourth EU Money Laundering Directive (4MLD), the Financial Crimes Enforcement Network's (FinCEN) Final Rule on Beneficial Ownership, anti-bribery, anti-corruption and AML laws. KYC/TDD screenings are an important tool for banks to ensure compliance with such regulations. Screening, for instance, assists in: identifying customers and verifying identities against numerous external publicly-available databases; identifying the ultimate beneficial owner ("UBO") and verifying the ownership and control structure of the customer; obtaining information on the purpose and intended nature of the business relationship; and scrutinizing the transactions being conducted to ensure that these are consistent with the business and risk profile of the customer.
To date, many financial market organizations have issued guidance and manuals with the goal of introducing a comprehensive KYC/TDD screening framework (e.g. the "FATF Recommendations"). Nevertheless, in practice, there seems to be no widely accepted 'golden standard' that is being followed by all banks: each bank applies its own internal procedures and standards to the best of its interpretation of all applicable regulations.
Duplication of efforts
KYC/TDD screenings undertaken by banks are costly. According to a recent survey, banks currently spend over USD 60 million on KYC/TDD screening annually. By 2018, a quarter of all banks ― with total assets between USD 101 billion and USD 500 billion ― expect their expenditure on AML activity to increase by over 50 percent. Some of the high costs are the result of embedded challenges in KYC/TDD processes, including :
- Lack of automation: Businesses manually process the data received from customers for the KYC/TDD screening. Manually processing data creates many problems such as resource drain, data quality problems, expanding costs and delays in completing the KYC/TDD process.
- Drain on resources: The manual processing of information takes large amounts of time and human resources, and requires the diversion from other tasks towards KYC/TDD.
- Data quality: The manual processing of data can cause misinterpretation or loss of data, which is highly dangerous for the KYC/TDD for AML purposes. Especially in large banks which work with large corporations, assuring data quality is a challenge, even disposing of the best task force to handle the data.
- Customer expectations: Running an enhanced KYC/TDD is timely and costly. However, customers of large banks also expect to be on-boarded with the banks as quickly and effortlessly as possible in order to run their businesses. Even though large corporations are aware that the banks must run the KYC/TDD processes in order to comply with AML regulations, delays create a negative impression and the feeling of not being trusted while doing business with the chosen banks.
- Risk profiling: It is increasingly challenging for banks and KYC/TDD professionals to assess whether existing or potential customers pose regulatory risks.
While KYC/TDD costs are substantial, under the current state of affairs, each bank conducts a new screening per customer. This means that it has no access to valuable factual and background material that may have recently been collected by another bank for the same customer. This duplication of efforts (and costs) is underscored by examining the results of another survey, showing that corporations have, on average, relationships with 10 banks globally, with larger corporations having as many as 14.
The parallel KYC/TDD procedures conducted by different banks on the same customers not only slows down on-boarding procedures by banks, but it also generates unnecessary duplication of costs, thereby increasing the overall costs of the system and possibly jeopardising the smooth functioning of the system. In practice, the lack of standardization and cooperation between banks has severe repercussions in terms of speed and efficiency for both the customer and the bank. It may not come as a surprise that over 50% of large banks expect an increase in spend for AML activity between 25% and over 100%.