Do you know your “Know Your Customer” (DYKYKYC)?


François Masquelier, Chairman of ATEL

November 2018

Knowing its Customers is becoming more complex over years

That’s a key question to address. It remains extremely complicate to gather all documents required for a KYC, as no bank gives you prior to opening a bank account a comprehensive list of documents requested. Ask a corporate what he considers as “KYC” and the answer will be different from another one. The first useful objective would be to determine this comprehensive list. Then, with the increasing costs of KYC compliance, sharing the corporation information and data to a standard everyone trusts would make absolute sense. There are already KYC utilities and technologies that can help (e.g. Bloomberg KYC, KYCdotcom, …). But all corporate treasurers would prefer and favor a SWIFT global standardized solution. Who know if this project could be achieve? Some of our peers have accepted to be pilot on this KYC register. However, at this stage, end of 2018, we still don’t know if (and when) it will be “live”. Unfortunately, so far, there is no silver bullets, but a large growing arsenal of solutions, which aren’t fully perfect, or which do not cover 100% of the needs of corporations.

The 4 possible solutions for a central KYC:

In my view there are 4 existing (or under development) possible solutions:

  • SWIFT KYC register (the most logical one but not easy to build given absence of standard)

  • KYC utilities (e.g. KYC.com, Bloomberg, Thomson Reuters/Refinitiv KYC as a service, HIS Markit, …)

  • Bank proprietary solutions

  • Local KYC solution (per country) and ideally validated by national Supervisor (some treasury associations are working on such solutions)

We must admit that banks have been struggling for years to exchange information about the Due Diligence Questionnaire (i.e. DDQ) standard for correspondent KYC due diligence information. It is essential for a bank to fully understand a prospective client’s clients’ business. They need to know a minimum information, including for example its ownership structures, risk appetites and geographic footprint, because correspondent banks’ transaction traffic flow through their own infrastructures. Therefore, they must know also the detailed nature and shape of their clients’ clients’ business or so called “Know Your Customers’ Customers’ “ (i.e. KYCC). According to SWIFT these bilateral correspondent relationships across the banking industry amount to 1,3 million. It is for banks a huge administrative burden, no one could contest. A ramp-up in due diligence obligations over the past years has impacted data collection workloads. It demands to correspondent banks lots of efforts to take the necessary steps to understand risks inherent in payment flows of their customers’ customers’. This has been done with a context of multiple sanctions regimes and fraud prevention requirements. It is important to understand the bank KYCC context to understand also why it is so complicate to find a KYC solution for all corporations. Banks have tried to automate as far as possible their processes, but it remains difficult, partly manual, risky and cost and administrative burden. KYC’s are becoming so complex that it takes months to open accounts and it can even prevent a bank to enter new “risky” relationships. The benefit of doubt is not an option they want to take these days, especially given recent new waives of affairs of money laundering. In last years, corporates have experienced a reduction in the availability of cross-border payment services and even a certain reluctance by banks to onboard some businesses. The KYC compliance costs is also important for corporates. Lots of data and operations must be repeated several times, even within a same banking group. It is a never-ending story and it requires a minimum discipline and maintenance to keep all relationships KYC compliant. The idea of a central shared KYC (and maybe more data) available and accessible for all players could reduce time spent on collecting and transmitting information. It seems to be so obvious and at the same time so complicate to set up… It is the classic “chicken and egg” story where the buy-side (i.e. corporates) wait for the sell-side (i.e. banks) to propose solutions that could cover 100% of the situations. Unfortunately, we are far from a global solution as we speak. There are initiatives and solutions, but none of them is fully satisfactory in our opinion. We need to start from a point and see if a solution or more could emerge. We need as corporate treasurers to also play our role into this building process and encourage banks to adopt our solution(s). Some of the existing utilities have faced the problem of getting the critical mass.

More than the collection of common data that should ideally be shared among counterparties, this is the transmission of information that worry corporates at a time cyber-crime has never been so important. We still transfer data via fax, post or mail, when there are technologies to transfer on a secured encrypted way data from A to B. The pity is that a lot of similar and competitive solutions are emerging at the same time. The technology derived from block chain (i.e. DLT Distributed Ledger tech) should provide us with solutions. Ultimately, the aim would be to secure, scalable and decentralized platform(s) for collecting, sorting, validating, storing, sharing and updating KYC data, benefiting a network of participants, including obviously banks, regulators, supervisors and corporates. Such initiatives require supervisors and regulators consent and support if they want to be effective and fully supported by all.

Money laundering issue

As explained, the context is extremely difficult with recent astronomic fines and coming ones. When it comes to compliance in general aimed at anti-laundering (the so-called AML) and countering the funding of terrorism (the so-called CFT), banks have cold feet. They are facing increasing pressure on multiple fronts. The regulators have significantly raised the bar and have higher expectations when it comes to measures applied by financial institutions for detecting, preventing and reporting on suspicious flows of funds. Therefore, the Customer Due Diligence and Know Your Customer processes makes life more and more complicate for a treasurer. These days, the Politically Exposed Persons (i.e. PEP’s), Ultimate Beneficial Owners (i.e. UBO’s), the Ultra High-Risk Countries (i.e. UHCR’s), the High-Risk Industries, Dual Goods (with two potential uses), Trust structures or Foundations and God knows what else are complicating the on-boarding process and restricting businesses across the world. Complexity can change the way of doing business for corp’s and for banks as well.

What are the problems?

What are the reasons to prevent such a logical solution, like the one SWIFT is exploring? Some smaller banks seem to be reluctant and not prepared to such global solutions. The large banks must find solutions and are enthusiastic where smaller ones seem to be less motivated by such a global tool.

The diversity of KYC’s and data collected is a second issue. Banks seem to be unable to find a common ground on what they really need. The documents required are also on different format and forms making life of treasurers even tougher. Without standardized information and formats, without a comprehensive list of documents required and a clear frontier between KYC documents and other types of documents a bank needs, there is no possible global solution foreseen. At the time engineers are promising robot and machine learning solution to solve all our problems, we can be skeptical and doubtful. We need a larger momentum from the market and from banks to find a global solution, if not, it would have been already implemented successfully. In such situations, the best is to start with one or more solutions and wait for the market to better organize the problem and to see which solution will emerge. Furthermore, if we take the recent example of the central ultimate beneficiary owner (i.e. UBO) register States in EU must implement, treasurers could easily imagine that the amount of data and recipients of these data related to KYC will increase, without being able to share this piece of information with many potential users of it. “Why should we repeat disclosures without being able to share them?” is the question treasurers are raising without finding the answer. The answer is that it seems to be more complicate than it looks like, I’m afraid.

We as treasurers must continue pushing and lobbying for a central solution, local solutions or even proprietary ones, to slightly reduce the workload and secure processes. Because, the main issue beside the workload and administrative burden remains the security in transferring the data from the corporation to the bank, in unsecured ways. Ideally, one day, we will have a central repository to which we will transmit updated data in a fully secured way or why not if it is a SWIFT register, via eBAM messages. I do not think it is wishful thinking. I simply require more involvement from treasurers to get a momentum from all banks and stakeholders. Do not complain about a process if you do not try to find solution to your problem. It is unfortunately often the case.