At which point becomes KYC excessive and counterproductive?

Unless you run a criminal operation, you would most probably agree with me that financial crimes should be prevented and that KYC is a critical element in preventing the illegal flow of money. Sadly, that doesn't mean that KYC in today's shape and form is working well.

I've written before about the deficiencies of a KYC regimen relying on third-party documents. A bank reviewing a notarized copy of my passport essentially relies on that notary's ability to spot a fake document; at the same time in most jurisdictions banks actually lack the ability to query my passport in an official government database to confirm that I actually exist.

Unfortunately, there is a trend that institutions impose ever more burdensome and even absurd requirements on innocent customers. For the first time in my life, I just have closed an account solely because the KYC requirements had become too ridiculous and expensive – I literally had to spend over a hundred USD and several hours every year on pointless paperwork. The offending institution wasn't satisfied with a public notary certifying my passport copy but then required a court to authenticate the notary's signature, a licensed translator to translate my passport into the local language (admittedly, how should they have figured out what "name" and "surname" means?), and their embassy to legalise the court's authentication – a lengthy process costing over USD 100 in fees. This year they decided to add a requirement of their foreign ministry to further authenticate the embassy's signature – yet the whole process does nothing to solve the above-mentioned original issue that if my notary had failed to spot a fake passport, all these government officials would merely certify the authenticity of a copy of a fake document.

There are three root causes behind this mess. First of all, compliance officials face a very asymmetrical incentive structure. A bank's share price will never rise by 50% because the Wall Street Journal publishes an article praising the bank's compliance effort – but a single high profile compliance issue slipped through might cut the share price in half if the market fears billions of dollars in fines or even the loss of the banking license. As mistakes do happen, there is pressure to add requirements solely to be able to better argue to have "done everything we could" in case a problem does occur. Here the KPIs need a fundamental rethink – e.g., it might be more productive to have "white hackers" try to circumvent KYC safeguards and measure their success rate than adding ever more requirements with unproven effectiveness.

Second, it doesn't help that compliance processes often are designed without the focus on customer experience shaping other aspects of the customer journey. While initial onboarding of a new customer tends to be keenly optimized, subsequent KYC updates typically are buried deep in the back-office – but what is the benefit of a slick initial onboarding if in subsequent years customers attrite due to an abysmal KYC update experience? For example, the institution that just lost me as a customer also required me every year to fill out the account application form anew (about a dozen pages) and didn't even bother to send me a version prepopulated with existing information. This was simply a very lazy and unfriendly way to ensure an update of all my information. Other banks send me the information on file and simply ask if anything has changed (plus request me to fill in the new fields that have popped up since last year). It is telling that not a single financial institution has ever asked me how satisfied I was with the KYC update process or if I had any suggestion for making it smoother?– while nowadays you barely can contact customer service without a barrage of requests for feedback.

Third, regulators are certainly to blame, too. The regulators in charge of financial crimes often are different from those in charge of consumer rights or financial inclusion and therefore unwittingly torpedo the most vulnerable customers. For one, the cost of compliance processes makes it uneconomical to serve poor customers, thus powerfully undermining financial inclusion. Plus any customer not fitting into the most anodyne standard schema is likely to be thrown under a bus. For example, a Dutch colleague now living in Brazil saw his Dutch bank accounts closed because Dutch banks blanket-label Brazilian residents as de facto financial criminals. Even though Queen Máxima has been lobbying for years to increase access to financial services, nobody cares how Dutch Citizens residing in Brazil will take care of their residual business and financial obligations in the Netherlands without a bank account.

Regulators need to wake up to the damage caused by the KYC train continuing in its current direction – as well as the spectacular way how the current KYC processes fail to catch many big fish. It is long overdue that KYC becomes a sovereign responsibility where government agencies verify a customer's identity on behalf of banks – this ensures that both courts (on a transactional level) and voters (on a strategic level) can control the reasonability of KYC measures and that economic reasons do not deny a bank account to anyone. And if governments used such a sacrosanct KYC process also to assign a universal payee ID, the same process could greatly improve AML and protection from payment fraud.

What are the most absurd and excessive KYC requirements you have experienced yourself already? How do you imagine an efficient, fair, and effective KYC regime?