KYC forms, or the art of doing differently that which could be standardized...

This article tackles the problem of KYC forms – the process of gathering information on bank customers. It is sad that so little has been done to standardise these forms or make them consistent when most of the time they involve the same data being recycled endlessly. Surely solutions could be found that would help set up a central register of this data (banks and customers)? Where are we in terms of KYC? The banks say that this process is one of the most burdensome and costly for them, but nevertheless it is specific and unique to each bank and, even worse, to each country. The time has come to get to grips with this idea and strive to have certain solutions (or at least one) put in place to make life easier for treasurers and to make sure information can be exchanged reliably.

"Knowing me, Not knowing you" (ABBA)

The cynics amongst us might be tempted to parody ABBA's famous song, and change the words to "Knowing me, Not knowing you... ha-ha". It is increasingly dangerous to do business with people or companies that you know nothing about. Even worse, it has become completely impossible. However, as always there has been an overreaction. In trying too hard to protect people from hackers and other crooks, the procedural requirements have been raised sky high. Far too high, some say. The rules are there, but the banks still don't know their customers. Time and time again they ask for the same information, sometimes adding further information, even though the customer has been with them for many years. It is like a never-ending story. Unfortunately, it has a high cost for the bank, and the bank has every intention of recouping that cost. It also has a high cost for the customer company, which has to grin and bear it. The KYC (Know Your Customer) concept has very appositely been described by David Blair in his blog as being 'Killing Your Customer”. The administrative burden of complying with these KYC obligations, country by country, establishment by establishment, with disparities even within these same banks, has become excessive. It has even become an obstacle to opening bank accounts in some cases. The process is burdensome for both sides, so we cannot put the blame on the banks for doing their job. We may, however, be critical of the lack of standardisation in the process. SWIFT has indeed tried to put together a continuously updated list of documents required, country by country and bank by bank. But even this compilation of information, in spite of today’s internet access and total connectivity, seems to be impossible to achieve. You never know beforehand what the bank is going to ask you for, and very few of them can provide you with a comprehensive list of the documents that you will need before you can open an account. You know when the exercise will begin, but you never know when it will end. What we are entitled to criticise is the burdensome procedure in combination with the fragmentation of the market in this matter. We can put up with local or regional specifics and peculiarities here and there, but only to a reasonable extent. The lives of treasurers have become more complex in terms of the documentation that has to be supplied to banks. Some banks have even started to refuse to open accounts without guarantees of sufficient business in return.

What do you understand by “KYC”?

KYC is the process of a business verifying the client’s identity. The Know Your Client process is employed by banks for the purpose of ensuring their proposed agents, clients, distributors etc.… are anti-bribery and money laundering compliant. It is crucial to know to whom you lend money and to whom you deal with in order to prevent any infringement of regulations and embargo restrictions. KYC policies became much more important globally to prevent identity theft, financial fraud, money laundering, tax evasion and terrorist financing. These procedures aim at preventing banks from being used, intentionally or unintentionally, by criminal elements for money laundering activities, for example. The guidelines enable financial institutions to better understand their clients and counterparties. It helps banks manage risks more prudently.

https://complianceservices.swift.com/kyc-registry

"Know Your Customer" (KYC) – what lurks behind that acronym?

No treasurer would dare to find fault with the objective the regulators are seeking to attain in beefing up the KYC ("Know Your Customer") process – the process that is intended to establish firmly who the bank's real customer actually is, and to identify that customer with certainty. Such a process has never been as vital and as essential as it is today. None of us doubts that even for a second. We hear of embargoes, blacklists, banned products and dangerous countries. Banks that have been caught out with heavy fines sometimes prefer to take caution to extremes, even to the detriment of their business and their customers. It is best to be squeaky clean in a troubled political, economic and financial climate. We all want and hope for the same thing: to counter the money-laundering (AML, Anti-Money Laundering) that terrorists, gangsters and other criminals try to engage in to launder dirty money coming from their trafficking and illegal activities. Nobody wants to break laws or international restrictions, at the risk of losing a permit or paying a fine. However, the way of achieving it seems to us to amount to overkill, and to be poorly coordinated and fragmented. Banks that have had to pay fines in the billions have become overcautious to the point of refusing business if there is even the slightest doubt. Treasurers are very critical of this excessive caution, but also of the disparate requirements varying from one country to the next, from one bank to the next, and even worse within the same bank. They understand why banks need the information and also the huge costs of compliance. But what treasurers find harder to understand is the poorly coordinated approach adopted by financial institutions, an approach that is not yet computerized or secure. For example, banks could use an eBAM format to exchange information that is confidential, important and that must not fall into the wrong hands. Fraud today is constantly on the increase and, as with drugs and dope, the fraudsters are always one jump ahead of the authorities.

Overkill does more harm than good!

By asking for a ragbag of information too often, the banks have caused treasurers real frustration. They even find that banks use KYC as a pretext for refusing to open accounts that do not produce sufficient return for the bank. The banks are becoming selective. However, using the cost of KYC as a reason for not opening an account would seem rather far-fetched. It is a clear misuse of a good system, but one that is poorly thought out and not properly coordinated. Customers do not understand why they are constantly being asked to produce information that may be different depending on the time and the accounts involved. In addition to being a worry for treasurers, these KYC rules have an administrative and technical impact on their day-to-day activities. The KYC exercise, if done properly, can only be helpful. It must not boil down just to a simple cross in a box on a specially designed form. The KYC process may sometimes lead to requiring documents that treasurers cannot produce or present. Seeking the ultimate beneficiary is a difficult exercise for companies that are publicly listed or owned by their founders, for example. Trying to achieve too much may be counter-productive, and we need to be careful not to create any unintended or undesirable side effects.

Could a global KYC register be a solution?

SWIFT has certainly tried and has not given up the idea of setting up a worldwide register that would avoid having to ask for the same information every time a new account was opened. Such an initiative would make sense only if the corporates were also brought on board. People are trying to set up other initiatives with the same objective of harmonizing a (more or less) "standardisable" information format. Such projects seem neither insuperable nor impossible. They do, however need a lot of energy and involve an enormous number of different players. That is where the difficulty lies. The services offered by Accelus Org ID KYC (Thomson Reuters), for example, are intended to help businesses and banks. From start to finish, this service is devoted to checking customer identity and to verification, screening and surveillance procedures, to ease and speed up customer acceptance. And, on the other side of the coin, for the buy-side and the customer business, it streamlines the laborious and repetitive procedures associated with sending identification documentation to financial institutions. The idea is to avoid repeating tedious procedures that are costly in time and energy, by storing data centrally in an organized manner to make it available to users, including banks. In 2014, Markit/Genpact launched a new service with several large banks including JPMorgan, HSBC, Citi, Deutsche Bank, etc. to manage KYC data centrally. The service involves gathering data, managing it centrally and enriching it in terms of the documents and information required by the banks as part of their KYC activities, including FATCA, EMIR, MIFID and other data. Why duplicate something that already exists, and repeat it? Why not identify a business by its LEI (Legal Entity Identifier), which most businesses already have for reasons of complying with EMIR? This identifier could then be used for purposes other than EMIR and, when making payments, could provide assurance on the counterparty to which funds are being paid.

It is a simple and obvious idea, so why is it not already in general use?

This idea of holding KYC information centrally is obviously brilliant through being so simple. So why has nobody thought of it before? SWIFT would have seemed to be the most sensible way, not to say the premier way, of holding bank and customer KYC data centrally. It is not as if the work is hard only for the customers. It is enormously more difficult for the banks, which have a regulatory duty to carry out in-depth enquiries. The various fines recently paid by big banking groups for not complying with embargoes or doing business with blacklisted entities demonstrate the importance of complying with these KYC obligations. It is true that these plans are perhaps not as simple as they seemed at the outset. In spite of the difficulties of this exercise, it is high time to rationalise and standardise, even if here or there it leaves or would leave over a few local peculiarities specific to one country or another. It is the duty of treasurer associations to help "push through" and to encourage solutions of this type, even multiple solutions. Procedures and exchanges of data, which are all too often made by post or by email, need to become more secure. The upsurge in fraud proves that this process must be made more robust and secure. The eBAM format could have been a secure means of transferring data of this type. A giant register of KYC details would be a holy grail toward which treasurers would secretly strive. It is not priority for them right at this moment. However, no treasurer you speak to will gainsay it. It is a nice idea, but unfortunately not yet fully functional. Let us at least give credit to the three initiatives referred to above. Sometimes you have to push things forward, innovate and step forward into the unknown. A standard never becomes a standard overnight. It has to be adopted gradually, become respected, earn credibility and in the final analysis gain acceptance by itself. Treasurer associations can contribute to speeding up this process and to encouraging the pioneers to keep on working at it.

Looking at it the other way, we could encourage customers to know their bankers better, and to select the banks that have better thought-out and more structured KYC procedures. On the face of it, working with one single banking group should make it easier to open offshore accounts or accounts for group subsidiaries. Customers, too, should know their bankers: "Know Your Banker" (KYB) because banks can sometimes leave you in the lurch, deciding to exit a market, a segment or a region at short notice. Banks are far from perfect, as the crisis and the repeated fines have demonstrated to the full. Bank utilisation strategy becomes a very real concept that needs to be maintained and adapted, because a bank that is here today may no longer be there tomorrow to serve you in the same way. The relationship with your bank needs to be managed continuously if it is to last.

A global KYC register, a reality in the making

Let us stay positive and realise that this aim of having a shared standardised register holding full KYC data from which banks could draw information that a customer keeps continuously updated is realistic. A register that would allow for the secure electronic exchange of data does not look like any sort of pipe dream in this age of the digital revolution. It is a matter of rationalising the requisite information, even if a few local exceptions or peculiarities specific to certain countries have to be built in. We could have a shared repository of data available to everyone, provided customers agree to disclose it to the banks. Confidentiality considerations require the systematic prior agreement of the party that is to share its data with anyone else. The way in which data is exchanged is also crucial at a time when the creativity and ingenuity of fraudsters knows no limits or boundaries. It would be essential to secure exchanges of KYC details by specific channels and formats such as SWIFT's eBAM format or the ISO 20022 XML format, for example, and to encrypt the data to safeguard it from hackers. It must not be exchanged by post, as this method is too uncertain. The initiatives described above need to be encouraged. There are others now, and there will be more in the future. Without being able to say which one or more of them are right, all should be encouraged through having the simple merit of existing and of giving us a glimpse of a future solution. This is no impossible dream, and it could become a reality, but it needs us to rally round to support these initiatives, whatever they may be, and to make our contribution to ensuring that they thrive. A "KY3P" (Know Your Third Parties) process is needed more than ever before, so let us organise the reciprocal exchange of information to give ourselves better protection without disadvantaging customer businesses.

Fran?ois Masquelier, Chairman ATEL