Survey: KYC action plans 2014
While Know Your Customer and anti-money laundering regulations have been around for a long time, new laws across different jurisdictions are complicating what some might think is a straightforward data aggregation issue.
The task is enormous – over 300 data attributes, some of which may be recorded today, but the regulatory requirements have changed and will continue to change,” says PJ Di Giammarino, chief executive of JWG, which defined the questions and set the topics for this survey. “What we wanted to do was to understand how the industry has been attacking this huge demand on customer information.”
One of the things that the survey set out to elicit was to what extent firms are approaching the issue tactically – addressing each requirement as they arise – or taking a more strategic approach to data integration. “To what extent are they taking a more holistic approach?” asks Di Giammarino.
The majority of the respondents were investment, commercial, and retail banking. “That highlights an interesting point – there are a lot of transactions banking issues that have been ticked for everyone, but my suspicion would be that for investment or retail banking, different issues will be more pressing, such as OTC derivatives trade reporting,” says Di Giammarino.
Drilling down into the statistics, this turns out to be the case (table , top). Breaking out the functions that respondents considered to be under the most pressure from KYC initiatives in 2014 shows considerable divergence. For investment banking, tax issues such as FATCA, and post-trade regulations such as the US Dodd-Frank and European move further up the list of priorities.
Commercial banking respondents conformed closely to the norm, matching the priorities reflected in the consolidated results, with financial crime and AML followed by infrastructure and operational risk.
For retail operations, financial crime and AML is also top of the list, but tax requirements are much further to the fore, coming in the number two slot, while account switching is much more of an issue than in the other types of institution.
While this is perhaps to be expected – the regulations are primarily aimed at consumer banking in the UK and Europe – Di Giammarino says that it is interesting that no investment bank respondents consider account switching to be an issue for them. “There is plainly a customer onboarding question if an account changes, so there are KYC issues” he says.
“I see two different themes here: in 2014, you can make a case that external pressure from regulators to know more about the customer puts operations and customer account management front and centre of the internal show.
One explanation of why regulatory reporting is seen higher as a priority for many may be that it is more visible. “The difference between a trade break and an AML fail is that someone yells ‘it’s broken’,” says Di Giammarino. “With a customer data fail, you don’t really know it’s broken until someone goes and looks. In one case you are exposing yourself externally.”
In terms of risk, you’d have thought that it would have been a lot higher. Unfortunately, what often happens is the KYC/AML teams focus exclusively on their beneficial ownership challenges and it is not joined to other aspects of the organisation, such as the risk function.
Another factor is that AMLD IV – the latest version of the Anti-Money Laundering Directive – was one of the few regulations that were not passed by the European Commission in its “Super Tuesday” clearing of the decks in April, when thousands of pages of regulation including MiFID II, MAD 2, PRIPS, CSD, BAD and UCITS V were adopted.
“Some key issues are not yet settled and while people know that it is a huge issue, there remains a lot of uncertainly,” says Di Giammarino. It is now expected that details will become clear after the European Parliament reconvenes after the summer.
There was also some uncertainly among respondents as to the budgets being set for particular initiatives. Considered from the perspective of “change the bank” budgets a sizeable percentage – almost 40% – put AML at the top of the list, and it was also the area that scored highest, with 12% putting their budget at between €1.5 million and €5 million for this year.
Looking ahead into increased “run the bank” costs, more (14%) see cybersecurity and data protection as hitting their pockets hardest. Also further up the table is the issue of financial transaction taxes, overtaking trade monitoring. (At the time of the survey the failure of the UK’s attempt to derail the introduction of an FTT had not occurred, so it is possible that this will now be moving higher up the agenda.)
In terms of how these budgets are being spent, one surprise thrown up by the survey was the continuing dependence of institutions on in-house developers, which are cited as the current approach by some 60-65% across all topics.
Breaking this down by institution type, the result is similar except that investment banks show a slightly higher than average willingness to use third party vendors and service providers in some areas – AML, data protection and security, and FATCA and of little use in other areas such as trade monitoring.
Di Giammarino suggests that this may reflect where firms are in the development of their internal strategies, with internal teams working to identify data sources across the institution and third-party service providers being brought in to work on the resulting processes and systems going forward.
This is supported by the reasons cited by respondents for using third party products and services: asked to rate a range of benefits that they would expect from using third-parties, the overall results showed commonly cited benefits such as reduced cost and project risk mitigation are considered less important in this context than more specific benefits.
Topping the list was improved timeliness in meeting mandatory requirements, followed closely by accuracy, security and regulatory risk mitigation.
Again, splitting across industry sectors, some differences show up. For investment banking, 62% rated security as a strong benefit, compared to 55% and 54% in commercial and retail institutions.
Commercial banks’ need to improve their timeliness on mandatory deadlines boosted that factor, with 75% rating it as a top three benefit, compared to 50% of investment and 44% of retail institutions.
The importance of accuracy was seen as a more mixed benefit: as many investment bank respondent rated it as important as didn’t, with an even split either side of the mid-point. For Commercial banks 49% rated it top three and the bulk of the rest were midway, while 52% of retail banks rated it as their lowest priority.
Where retail organisations see far more benefit in the third party approach than the others is operational risk mitigation, which 54% rated in the top three, compared to 24% and 23% of the investment and commercial banks.
Markit І Genpact KYC Services, sponsor of this survey, sees that firms face immediate compliance challenges but also recognise that a more accurate and timely approach will enable them to focus resources on better serving customers.
It is natural that firms are focused on the near-term operational and compliance challenges arising from KYC regulations. Yet, despite regulatory deadlines and the very serious questions related to compliance, the industry must begin to view KYC not as a burden, but as an opportunity to use customer insights to create competitive advantage and reduce risk. Harmonisation of KYC requirements across jurisdictions creates the opportunity to centralise the management of KYC data and begin to use standardised KYC data in new ways.
The first thing that jumps out from the data is that firms are still addressing KYC challenges as a series of independent hurdles. They are asking “what is in front of us right now”, and the survey reveals a high priority for KYC data projects, including AML, but also a possible underinvestment in mechanisms to ensure data privacy and security.
The survey also suggests that the industry expects that we haven’t heard the last word about regulation in the KYC and tax arenas, meaning that it is difficult for firms to future proof systems and processes.
The industry response to FATCA illustrates the difficulty of preparing for new standards that have different requirements depending on jurisdiction. With the globalization of certain KYC and tax regimes, we see this complexity expanding.
Given the current lack of clarity on some aspects of the rules it is understandable from a risk perspective that firms have multiple, perhaps overlapping in house initiatives under way.
However, if FATCA is an indicator, we can expect harmonisation of other KYC-based regulation and harmonisation paves the way to centralised management of KYC data.
There is a growing sense that institutions are realising they cannot address these issues alone, and it is interesting that while the survey shows the prevalence of in-house processes, respondents recognise, accuracy, reliability and timeliness as key benefits of using third parties for KYC data management. This is consistent with what we are hearing from customers.
Last September, Genpact and Markit announced that we were combining our KYC technology and services widely used by the industry on a firm by firm basis into a new service for KYC data management. Markit І Genpact KYC Services centralises the non-proprietary tasks of collection, validation and remediation of KYC information.
Whether it is done in house or as a service, there are two aspects to customer data management required for client onboarding and other KYC and AML processes. The first is collecting information from public sources and clients and the second is validating and remediating data to preserve accuracy. We will collect and validate information on behalf of subscribers centrally, effectively providing customer master data files to the banks.
Central management of client data offers the ability to transform what today can be a burdensome, fragmented, and resource intensive set of processes into a timely, accurate, and scalable solution. At the moment, collection of onboarding documents might be seen as a roadblock to wanting to do business or engage with customers. With a central solution, institutions can focus on analysing customer data and using that information in order to make better decisions for customer service, business optimisation and risk management.
As firms begin to look up from the many regulatory tasks that they currently face and consider the future beyond immediate compliance, they will see that there are many new opportunities in an industry where customer service has once again become a competitive differentiator.