Banks may be allocating vast sums and resources to vetting customers but their processes are still falling short of increasingly stringent rules on compliance standards. This has led them to seek new ways to collect the required data.
So-called “know your client” (KYC) rules and anti-money laundering regulations are particularly challenging for the industry. The rules, to prevent money laundering and other malpractice, are aimed at ensuring individuals and companies are thoroughly checked before they become bank customers and that transactions are monitored for suspicious activity.
Falling foul of the rules has landed some banks with hefty penalties. In 2014, BNP Paribas was fined $8.9bn for breaching US sanctions that prohibit transactions with certain regimes.
Part of the challenge for banks is that regulators have raised their standards for compliance over the years. A global survey of financial services companies in May by Thomson Reuters found that 69 per cent of bankers felt that the level of engagement with regulators had increased for KYC and customer due diligence.
The survey reported that “the costs and complexity of KYC are rising, and are having a negative impact on their businesses”. The average cost for a financial business to meet its KYC obligations was $60m a year, but some companies were spending up to $500m on compliance.
Prolonged KYC procedures are also “putting more strain” on relationships with customers; for instance, the time taken to bring a new client on board had increased by 22 per cent from a year before, the study found.
Financial industry faces extreme disruption
Start-up challengers, regulatory pressure and cyber crime create perfect storm
“While the UK regulations themselves haven’t changed, guidance and regulators’ expectations for compliance have,” says Andrew Robinson, a financial advisory partner at consultancy Deloitte.
He says regulators want to see more evidence from firms as part of the compliance process, which requires collecting customer data that must be maintained and added to over time.
One of the challenges for banks is to ensure that a customer profile can be used for comparison with their transactions, in order to detect any anomalous or suspicious activity.
Matthew Russell, a specialist in anti-money laundering at PwC, says: “The challenge for large institutions is that those customer due diligence systems aren’t always connected to the transaction monitoring systems. To connect these systems is very expensive.”
He adds: “Regulators have the expectation that there is a single view of a customer, particularly in relation to US regulatory action.”
For many banks, which have patched together different systems over years as a result of mergers and acquisitions, the challenge of marrying their data are significant. Financial institutions are exploring ways to collate data more efficiently.
One idea is to create a central database that contains certain customer information, on which banks can draw to help their due diligence. Businesses tend to bank with a number of organisations and many are asked for the same information on joining, so the database would also make the process more efficient.
Payments networks battle new breed of criminals in cyber attacks
Plugging weak links in authentication is crucial
António Simões, chief executive of HSBC Bank, says: “A big focus for me as CEO is to make sure we reduce the burden of laborious processes on customers where possible.”
For example, a long-time customer might be required to provide more information over time as its circumstances evolve. Mr Simões says the bank will aim to gather the information as seamlessly as possible through friendly customer service.
A few, small databases already exist, but they face the challenge of achieving scale.
For example, in 2014, Citi, Deutsche Bank, HSBC and Morgan Stanley
joined forces with analytics company Markit and Genpact, which designs business processes, to create a service that centralises KYC data management.
The service standardises the collection and management of KYC data for financial institutions, in order to make signing up new customers more efficient and reliable.
PwC’s Mr Russell says a number of companies overseeing databases are vying for them to become dominant in order to attract more banks. This means more information will be supplied, and will help the databases achieve scale.
Anna Marrs, chief executive of commercial and private banking at Standard Chartered, says: “Client due diligence is a key control — it mitigates financial crime and the more you know about a client, the better the credit risk is.”
Banks struggle to make blockchain fast and secure
Technology must be designed differently for financial institutions
The bank spent about $1bn on total compliance costs in 2015, up 40 per cent from the previous year.
“A key issue is: do you rely on third party data? says Ms Marrs. “There are aspects of customer due diligence — such as explaining where someone’s money has come from — that are hard to systematise.”
Ms Marrs says she hopes a shared database of information will be created for the industry, although she notes that banks will need to undertake their own due diligence.
“The big opportunity and key benefit is data quality, with multiple people contributing to the database,” she says.