Article
The cure for KYC sickness

JWG analysis.

2015 will see a number of new regulatory requirements, long in the proposal or draft stage, crystallise into prescriptions for better customer data management.  At a time when record fines for AML failures and new personal liability for senior managers have intensified the pressure to ‘get KYC right’, these ‘remedies’ pose significant challenges – client outreach, data management, multiple, iterative implementation dates – to all firms in the market.

In order to avoid missed opportunities in 2015, and costly sanctions further down the line, we must set up integrated approaches now to manage the challenges as the appear.

If regulators are like doctors, then regulation is like a medical textbook.  The first symptoms affecting financial services were seen in 2008 (financial crisis, angry consumers).  In 2009 several diseases were diagnosed (poor systems and controls, insufficient transparency).  Now firms have to swallow the multitude of prescribed medicines (new KYC requirements, multiple reporting regimes, etc.) to get better.

New tax evasion, anti-money laundering, trading or risk management regimes, like many new medicines (especially when prescribed by different doctors), are having a variety of unexpected side-effects.  Firms have been forced to implement an array of disparate and siloed databases, tailored for different use-cases, jurisdictions and requirements.  As a result, counterparties are now complaining of long onboarding times (often passing 3 months), while politicians are unhappy that consumers are being left ‘debanked’.

The sheer number of regulatory pills is getting difficult to swallow, yet more and more are prescribed.  Last year, we discussed how the 20+ regulations to be implemented over the next 3 years will require an additional 300 entity data fields in order to be compliant between Europe and the US.  Since then we have added at least 10 new initiatives to that list and the additional data fields will likely be closer to 500.  Getting a stronger stomach in 2015 means thematic programmes are needed now across these areas:

Focus on trading relationship documentation: OTC rules came to fruition with Dodd-Frank and EMIR in US and the EU but Asia’s regime is only now heating up.  As a result, pre-trade documentation requirements continue to be a problem with clients needing to be classified under new regimes and their status assessed for the clearing mandate.  In addition, MiFID II’s new and enhanced suitability and appropriateness regime will impact across the trade lifecycle from 2017.

Global tax evasion rules begin to land: The OECD’s ‘Standard for Automatic Exchange of Financial Account Information Common Reporting Standard’ (CRS) was championed by the G20 in 2014 and now the final rules for its implementation are appearing.  Like FATCA – but global – the CRS will force firms to collect new information (specifically tax residency) on their customers to classify and assess them for tax purposes.  This will happen in parallel to the continued FATCA implementation and the UK’s Crown Dependencies and Overseas Territories tax regime (CDOT).

Anti-money laundering rules continue to take shape: The 4^th Anti-Money Laundering Directive (AMLD IV) is due to be finalised in early 2015 and will extensively reshape due diligence and KYC rules in Europe, particularly around the collection of beneficial ownership regulation, while in the US, FinCEN’s Customer Due Diligence rules will do the same, albeit on a smaller scale.

More pills include new transaction and trade reporting regimes, updates to the UK Single Customer View (SCV) regime, record keeping requirements and more.  When looked at in aggregate, firms now need to know – and prove that they know – more things about their customer than ever before.  Clients’ tax status, suitability assessment, beneficial ownership, AML risk and their eligibility to centrally clear will all need to be reassessed against the new rules.  Key challenges that need to be addressed across the 2015 regulatory landscape include:

• What new information is needed, for what purpose?
• How does it need to be collected?
• Can I rely on existing processes?
• What will take the most effort?
• What are my priorities?

With regulatory deadlines starting in Q1, the timeline to solve these problems is shortening rapidly.  Getting better means adhering to a strict diet and exercise regime:

1. Integrated approach: An integrated approach across regulatory initiatives is needed for effective implementation. Doing regulatory reform ‘regulation-by-regulation’ is no longer feasible – the requirements are too many and doing them one-by-one wastes time and requires you to ‘dig up the road’ every time a new capability requirement is identified.
2. Know your client outreach strategy: Client outreach takes time and, with multiple iterative implementation dates, firms will need to get their ‘ducks in a row’ in order to collect and sanitise the right documents at the right time. Getting this right will please your clients too – they won’t need to continually resubmit information for each requirement.  Knowing what documents/information you need, by when and from whom at the beginning of the year will prevent issues at the end of it.
3. Robust data management: Data quality can no longer be left to chance. Information you collect about your clients now will be exposed to the regulators through a multitude of reporting regimes later.  Whether it is tax, trade, transaction or suspicious activity reporting, regulators will be receiving more information in 2017 than ever before and firms are going to be judged on that.

You can’t rely on others to find the answers for you.  Vendors will be able to provide cost-effective solutions for many of these issues, but they are ultimately in the same boat when it comes to defining what is required by new regulation, and the responsibility (and accountability and liability) is on the firms to decide what is right.

This is a global epidemic and, given the depth and breadth of the challenges involved, finding a cure for KYC sickness is going to be an unprecedented exercise in standard setting.

JWG has the sugar to help the medicine go down.  We are running a full programme around KYC this year through training and peer-to-peer benchmarking, while our RegDelta analysis tools help firms and their suppliers to:

• Know their requirements and the deltas between them
• Understand the timing, linkages and dependencies
• Identify the risks involved and make the right choices.

1. CDMG: CDMG’s 2015 inaugural meeting on 22 January starts with the question ‘what new information do we need about our customer?’ and aims to help those of you at the coalface sort out what matters most. Email CDMG@jwg-it.eu for details
2. RegIT: Our regulatory implementation training course leads attendees through a helicopter view of the 40+ initiatives impacting KYC over the next 3 years, orients your team and contextualises their requirements – without the need for expensive consultants and law firms
3. RegDelta KYC instance: Provides a golden source catalogue of 40+ global legislative initiatives and analyses and tags at footnote level over 500 counterparty data fields from 2009 to 2019.