RegTech Intelligence


Article
The KYC Goldilocks paradox – can we please have a standard?

Huge fines and complex KYC rules are causing banks to ‘de-risk’ their client portfolios leading to many without access to banking.  Now both consumers and politicians are unhappy.  For years, the industry has struggled without real standards in the AML arena.  So what happens next?

SIBOS news was full of more KYC claims again this year.  One big firm noted that they had 30,000 staff involved in the space – 12% of their workforce.  No wonder the total annual cost of KYC data management is in the billions and we are seeing so many customer data management services enter the fray.

These costs, coupled with the regulatory risk of huge fines for KYC failings, has understandably made all financial institutions nervous.  Are we next on the chopping block?  Is our process good enough?  Do we use our data suppliers in the right way?  Given all the uncertainty, one answer is just … simplify to the greatest extent possible.

This means get the diversity of customers down or, quite simply, fire those customers that might get senior management into trouble.

As a result, firms are now going through the widespread exercise of ‘de-risking’ their client portfolios.  Why let a ‘high risk’ individual open a current account when the risk is a $9 billion fine?

The problem is that this practice is now leading to many innocent people being left without access to banking services at all, i.e., those perceived as being ‘high risk’ – even if they are not.  It’s not just UK residents that are being affected, but whole countries’ economies according to Nomura’s Chief Executive in Europe and the British Bankers’ Association who warned of “devastating consequences”.

In this climate, political problems quickly come back to the regulators to work out just what the right formula is for risk related to customers.  Andrew Tyrie, Chair of the UK Treasury Select Committee, recently grilled Martin Wheatley, CEO of the FCA:

Is not the de-risking leading to the de-banking of a large number of people, and vastly increased and unreasonably increased costs for many thousands more – tens or perhaps even hundreds of thousands more?”  Wheatley’s answer: “I think that is right”.

The follow-up question (to paraphrase): What are you going to do about it?

Ironically, the regulators and, by extension, the banks are now being criticised for being overly cautious about who can access what services.  The expectation, it seems, is that they aren’t allowed to be ‘too’ risk averse.  Not too hot … not too cold … so what is the correct temperature?

As Tyrie pointed out, and asked Wheatley to provide, there has been no cost benefit analysis of KYC rules.  Consequently, banks currently have to implement a vast number of KYC requirements.  Last year we discussed how 20+ regulations to be implemented over the next 3 years will require an additional 300 entity data fields in order to be compliant between Europe and the US – it’s no wonder that customers who don’t meet the criteria stipulated by these regulations are being denied access to certain banking services.

Since then we have added 10+ new regulatory initiatives to that list – examples include the new UK Immigration Act, FinCEN Beneficial Ownership Rules, The G20 Tax Evasion rules, MiFID II and more.  The reason that the FCA has not undertaken any cost benefit analysis of KYC rules is that their hands are largely tied in terms of legislation.  They don’t create the rules – they just supervise them.

Taken in isolation, complying with each new rule is not an impossible task.  However, making sense of thirty of these requirements requires standards.  Without a way to guide the hundreds of thousands of bankers who onboard, manage the relationship with and offboard clients, we are never going to get the formula right.  Oh, and by the way, costs will go up so we’ll probably annoy the people we’re trying to please the most.

Getting your KYC systems working well is a huge source of competitive advantage over the coming years.  It will enable you access to a much broader customer base (the high risk), it will please regulators (you’re compliant), please your customers (you are efficient) and please your board (reputation and fines).  So what’s the problem, then?

Many are hoping that new vendor software and utilities will be able to provide cost-effective solutions.  They may just yet get us all to realise that we need extensive standards in this space.  JWG formed the Customer Data Management Group in 2009, with scores of banks and trade associations.  You can still find the guidance here.  It’s not beyond the wit of man to update it to include all of the new requirements but, if the industry doesn’t embrace the effort, it won’t get far.  Is it on your action plan for 2015?

As Wheatley concluded at the Treasury hearing, “Delivering an intelligent solution is quite complex and takes time …  It is the job of the banks to design what ‘proper’ means”.  But who’s going to say what is ‘just right’?

To promote global dialogue on how to deliver regulatory change JWG post hundreds of focused articles a year to thousands of subscribers. Get involved and join the mail list.

By hitting the subscribe button you agree to our Privacy Policy

Latest
Unwrapping DORA

December 10, 2024 - In: Analysis

Bridging DORA Gaps 2025

November 25, 2024 - In: Analysis

Supplier countdown DORA: T-40

November 25, 2024 - In: Analysis

DeFi RegTech Opportunities: 2025

October 25, 2024 - In: Analysis

Scaling OpRes Mountain: The New Risk Frontier

October 22, 2024 - In: Analysis

Navigating OpRes Storms in 2025

October 9, 2024 - In: Analysis

Navigating OpRes with RegTech

October 6, 2024 - In: Analysis