Article
The 2015 challenge: hurdling the KYC bar

JWG analysis.

With 40+ regulations covering 500+ KYC data requirements due to be implemented over the next 3 years, meeting the requirements poses significant challenges to all firms in the market, not least client outreach, data management and multiple, iterative, implementation dates.  Combined with record fines for AML failures, and new personal liability for senior managers, the pressure to ‘get KYC right’ is intense.

Driver	KYC requirement	Key relevant regulations
Identification and verification	Due diligence – CIP/CDD/SDD/EDD Politically Exposed Persons (PEPs) Beneficial ownership US indicia/tax residency Sanctions screening	EU Anti-Money Laundering Directives Foreign Account Tax Compliance Act (FATCA) Banking Secrecy Act/Patriot Act/FinCEN/FinRA rules AEoI Common Reporting Standard (CRS) Sanctions legislation (e.g., Iranian Financial Sanctions Regulation)
Classification	Suitability and appropriateness checks Client classification Credit risk assessments	MiFID/MiFID II EMIR Dodd-Frank FATCA Basel III
Monitoring	Sanctions monitoring Fraud monitoring Transaction monitoring (market abuse) Account monitoring (Suspicious Activity Report)	Sanctions legislation (e.g., Iranian Financial Sanctions Regulation) Bribery Act Market Abuse Directive EU Anti-Money Laundering Directives
Reporting	Transaction reports Trade reports Suspicious Activity Reports (SAR) Suspicious Transaction Reports (STR) Sanctions notification Tax reporting Ownership and control reporting Risk reporting Financial reporting	MiFID II EMIR/Dodd-Frank EU Anti-Money Laundering Directives Sanctions legislation (e.g., Iranian Financial Sanctions Regulation) Foreign Account Tax Compliance Act (FATCA) AEOI Common Reporting Standard (CRS) Dodd-Frank Large Trader reporting Basel III/CRD IV/FINREP
Other	Marketing rules Single Customer View (SCV)/FSCS Recovery and resolution plans Authorisations/registrations Client assets	MiFID II Financial Services Compensation Scheme (FSCS) Deposit Guarantee Scheme Directive Recovery and resolution Directive Banking Reform Act

Source: JWG analysis of regulatory requirements for KYC information, February 2015

It’s no easy task.  Fragmented rules designed to meet multiple and varied regulatory objectives mean KYC requirements are impacting different parts of the business in ways that are not aligned.  On top of this, each regulatory initiative defines slightly different classification lenses that differ between jurisdictions with differing data and documentation requirements to support them – all with severe penalties for poor data quality.

JWG’s RegIT training course, “KYC helicopter view”, ran for the first time last week with the message that, in order to make sense of the incoming requirements and implement them effectively, it is imperative for firms to take a holistic view of the requirements, align them thematically and define an integrated approach.  During the course, participants discussed the key challenges of:

Governance: New regulatory requirements are not necessarily treated equally within the firm, and processes for their ingestion, interpretation and implementation may be handled differently across functions which can lead to siloed approaches and inconsistent application of new rules.  There needs to be harmonised, clearly defined and consistent processes for regulatory implementation – from beginning to end.  Achieving this requires clear communications from recognised bodies internally, whether it is compliance or a business change group.

Client outreach: Several issues arose around client outreach management.  Participants noted that clients were unhappy with multiple, iterative requests for similar information and that, often, were not willing to disclose that information in the first place.  One solution mentioned was to ensure a single point of customer contact for client outreach and reduce overlap from different functions asking for the same information.  Keeping customers in the loop about when they would be asked for new information would increase their willingness to disclose and reduce last minute panics when gathering essential information.

Supplier management: Keeping suppliers aligned across the various data requirements in new regulation was seen as a key challenge.  With multiple regulations requiring information across different types, formats and standards, ensuring that suppliers can provide this information is difficult.  A particular issue was that multiple utilities collecting and sharing information across a common customer base in different ways could lead to confusion as to what exactly was required.  One suggested solution to this was to educate suppliers early on the new requirements to give them enough time to adjust their offerings and get aligned on the necessary information standards.

JWG had resoundingly positive feedback from everyone that attended, with average feedback scores of 4.8/5 for the content, relevance and presentation of the course.  Some of the feedback:

• “Really interesting to see all the layering of the different requirements on the KYC onboarding function … Brilliant course”
• “Covered data expectations for KYC and reporting and introduced concepts I was not aware of”
• “Very useful, made me aware of areas in KYC reporting that are important”
• “The overview of what is coming up in the pipeline allows us to go away and plan using what we learned today as a guideline”

After the training had concluded, those participants who were brave enough to do so joined JWG at the CDMG meeting on ownership and personnel information.  At this meeting, 20+ participants discussed the impact of new regulatory requirements for beneficial ownership information and prioritised solutions.  The next CDMG meeting on 26 March will focus on customer profile information so stay tuned for more information.

RegIT will be hosting the course materials on its new eLearning platform over the next couple of weeks, so watch this space.