What you don’t know can hurt you: KYC regulations are created to protect companies, but keeping up is costly
Welcome to Thomson Reuters Exchange! Each week, we will be bringing you features from within Exchange, Thomson Reuters new financial and risk publication. We created Exchange, as the name suggests, as a forum for dialogue, a digital publication where ideas and insights, information, news and analysis can be exchanged and shared across the global ecosystem of financial professionals in a dynamic, interactive format. We invite you to experience the rich content and interactive features on your iPad or Android tablet by downloading it from the App Store, Google Play or on Amazon. Or, to learn more about Exchange and stay abreast of the latest features, functionality and content in this issue and subsequent issues, visit our website.
A UK-based NGO that investigates corruption around the world unmasked a massive money laundering scheme involving the small Central Asian nation of Kyrgyzstan and four UK-based ‘shell’ companies. The risk it exposed is the kind KYC regulations were created to prevent. By the time the scheme was discovered in 2010, over a billion dollars had passed through foreign bank accounts set up by entities that were obviously illegal. The owner of one was a Russian who died three years before the company was formed. None of their accounts were properly registered, and one was legally classified as dormant.
Know Your Customer (KYC) anti-money laundering regulations are becoming increasingly important globally to help businesses protect themselves from identity theft, money laundering and financing terrorism. Nevertheless, episodes like the one above are all too common and the costs of complying with KYC’s anti-corruption due diligence procedures are high. According to the International Monetary Fund, incidents involving money laundering, compliance violations of KYC regulations, and other breaches are estimated to cost between two and five percent of the world’s gross domestic product.
MANAGING THE BURDEN OF PROOF
High-profile money laundering incidents involving major global banks are not new, although in recent years a number of firms have been fined record sums for laundering money and for violations of KYC regulations. As a result, firms are becoming more diligent, organized and proactive in managing the risks and compliance, and are now spending more time and more money trying to remedy and avoid repetition of damaging incidents and violations. The operating challenges, however, are considerable.
The primary obligations with which the industry must comply are known by a wide array of acronyms: anti-money laundering (AML) and anti-bribery regulations (ABC), tax transparency initiatives such as the US Foreign Account Tax Compliance Act (FATCA), The Dodd-Frank Act (DF), Markets in Financial Instruments Directive (MiFID), and European Market Infrastructure Regulation (EMIR) just to name a few.
Under these, and other regulations, institutions’ due diligence must ensure that they understand beneficial ownership, and therefore the source of funds. This process involves collecting and collating identity data and documents on all clients.
We recently researched how financial institutions and their clients view their key challenges around KYC compliance. The challenges most often cited were differing processes for different businesses or jurisdictions, time-consuming documentation and the lack of harmonised document collection systems.
At a minimum, organizations are generally required to document clients’ business type, their source of funds and wealth, the purpose of specific transactions and the expected nature and level of transactions. Many of the sources of data, which include certificates of incorporation, lists of company directors, directors’ passports, and cross holdings, can be very difficult to track down. Collection and verification of the data and documentation can take several months.
Because there are no standards for documentation, there is little consistency and a lot of duplication of effort. This complicates the process for both financial institutions and their clients. For example, many financial institutions are collecting the same data on the same clients, a redundant effort for both parties. In addition, financial institutions often ask for documents from their clients that are not explicitly required under KYC rules. Different regulators in different jurisdictions also require different identity documents. Regulators also expect the financial institutions to review and refresh the data on typically one, three and five-year cycles depending on the type of client.
Global banks are spending in the hundreds of millions to manage and update information that has to be redone with every new regulation. Demand for professionals to manage KYC compliance is rising, but there are not enough individuals with the proper compliance training to support all the banks’ requirements.
COLLABORATION, CONSISTENCY, COMPLIANCE
Financial industry collaboration will be important in establishing standards to ensure more consistency in KYC documentation requirements. Solutions to manage the volume and complexity of compliance will go a long way in empowering organizations to manage their identity records more efficiently, and with greater assurance that they have their KYC ‘need to know’ covered.
If you liked this article, we invite you to experience more of the features within Exchange by downloading it from the App Store, Google Play or Amazon. Or, to learn more about Exchange and stay abreast of the latest features, functionality and content in this issue and subsequent issues, visit our website.