May 30 by Cory Haynes
According to Russell Saunders, managing director of global payments at Lloyd’s Banking , 20% of their time will be spent “KYC-ing” customers, as reported in American Banker. That can be a huge operational expense for financial services companies. The average bank spends $80M USD a year on KYC Compliance, according to a recent Thomson Reuters Survey, In fact, the cost of the regulatory demands being placed on big banks is so high, JP Morgan CEO Jamie Dimon wrote in a letter to shareholders that the firm had spent over $3B USD on their Compliance Department, employing 13,000 people to ensure they were addressing regulatory issues and compliance after paying more than $32B USD in legal penalties in 2017.
Know Your Customer
KYC (know your customer) is really all about institutions protecting themselves from being used by money launderers, intentionally or unintentionally. Thus you usually see KYC accompanied by another initialism, AML (anti-money laundering), which governs and regulates banking activities. More and more corruption due diligence is becoming de facto in banking and financial services. As the criminal becomes craftier the systems must adapt, especially now with the immersion of crypto currencies.
Staying with traditional banking for a little: KYC & AML has now engulfed itself into every procedure before you do business with a customer, small or large, you must verify they are who they say they are. You also need to verify their intent to transact is for legal business. This is known as customer due diligence (CDD) or enhanced due diligence (EDD). US regulations require that EDD measures are applied to account types such as Private Banking, Correspondent Accounts, and Offshore Banking Institutions. Because regulatory definitions are neither globally consistent, nor prescriptive, financial services institutions are at risk of being held to differing standards dependent upon their jurisdiction and regulatory environment.
An article published by Peter Warrack in the July 2006 edition of ACAMS Today (Association of Certified Anti-Money Laundering Specialists) suggests the following: “A rigorous and robust process of investigation over and above (KYC) procedures, that seeks with reasonable assurance to verify and validate the customer’s identity; understand and test the customer’s profile, business and account activity; identify relevant adverse information and risk; assess the potential for money laundering and / or terrorist financing to support actionable decisions to mitigate against financial, regulatory and reputational risk and ensure regulatory compliance. These extra steps and procedures incorporate questionnaires and ask for verification documentation to prove their customer is who they proclaim they are, think about it like TSA-on steroids.
KYC helps financial institutions manage their risks prudently by framing their KYC policies to incorporate the following four key elements:
• Customer Acceptance Policy;
• Customer Identification Procedures;
• Monitoring of Transactions;
• Risk Management.
Most of the KYC questionnaires are supplied by regulators and can be adjusted to be business-specific through internal auditors and consultants (see PwC’s KYC/AML guidelines) in partnership with legal and risk teams. These questionnaires are process flows, that usually start with a determining the client’s country of oirgin (HQ), their revenue and asset size, whether they are a financial counterparty, and if they have US or non-US clients, etc. Each of these questions takes the flow down a different route. The questionnaires and process flows can be onerous and opaque, especially if they are managed in separate systems and by separate departments, from Sales, to Legal, to Risk, to Ops, etc. For example, Sales may start a discussion with an institutional client in June, but after all the CDD and EDD that client may not be cleared to trade until 4 to 6 months later, due to all the validation steps and time waiting for responses to even more questions. It’s much like applying for a mortgage, but a hundred times worse. Most of the time that is wasted is due to decentralized communications, such as lost emails, overlooked SMS texts, or misplaced physical documentation.
The need for a single solution that can orchestrate the workflow, via APIs and can tie into 3rd party verification providers like Lexis Nexus or Thompson Reuters, is overwhelming. The Apttus Onboarding platform for Financial Services can provide a dashboard to orchestrate the workflow with full transparency through the incumbent CRM system like Salesforce or Dynamics 365. The Apttus Onboarding dashboard not only provides transparency but full metrics and proactive triggers for reviews, approvals, or escalations to ensure that Service Level Agreements are met. As with most verifications, outside official documents will need to be appended to the file or case. Apttus’ Onboarding solution can ingest and analyze 3rd party paper, verifying whether it meets your guidelines or regulators’ standards.
There are many laws and regulatory bodies around the world. Here’s a short list:
• Australia: The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) gives effect to KYC laws. The Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 provides guidance for applying the powers and requirements of the Act. Compliance is governed by the Government agency, Australian Transaction Reports and Analysis Centre, established in 1989, known as AUSTRAC.
• Canada: The Financial Transactions Reports Analysis Centre of Canada, also known as FINTRAC, was created in 2000 as Canada’s financial intelligence unit. FINTRAC updated its regulations in June 2016 regarding acceptable methods to determine the identity of individual clients to ensure compliance with AML and KYC regulations.
• India: The Reserve Bank of India introduced KYC guidelines for all banks in 2002. In 2004, RBI directed all banks to ensure that they are fully compliant with the KYC provisions before December 31, 2005.
• Italy: the country’s Central Bank (Banca d’Italia), which also exercises regulation power for the financial industry, has enacted in 2007 the KYC requirements and rules that financial institutions must comply with on the Italian territory.
• Namibia: Financial Intelligence Act, 2012 (Act No. 13 of 2012) published as Government Notice 299 in Gazette 5096 of 14 December 2012.
• New Zealand: Updated KYC laws were enacted in late 2009 and entered into force in 2010. KYC is mandatory for all registered banks and financial institutions (the latter has an extremely wide meaning).
• South Africa: The Financial Intelligence Centre Act 38 of 2001 (FICA).
• United Kingdom: The Money Laundering Regulations 2017 are the underlying rules that govern KYC in the UK. Many UK businesses use the guidance provided by the European Joint Money Laundering Steering Group as a guide to compliance.
• United States: Pursuant to the USA Patriot Act of 2001, the Secretary of the Treasury was required to finalize regulations before October 26, 2002 making KYC mandatory for all US banks. The related processes are required to conform to a customer identification program (CIP).
• Luxembourg: KYC is governed in the Anti-Money Laundering (AML) laws and regulations, which became effective in 1993 and were amended for the last time in 2015.
Staying in compliance and exceeding customer expectations are the ingredients of being a preferred financial institution to business with. A preferred bank tends to have more leads and more typically translates into more opportunities which equals more revenue.
Contact Apttus today so we can help you with your KYC/AML, CDD, and EDD needs.