In recent years, maturity of regulation has brought a number of advantages to the Virtual Assets industry. For example, two significant supra-regulatory bodies, the International Organization of Securities Commissions (IOSCO), and the Financial Action Task Force (FATF), have assisted regulatory authorities with evaluating how virtual assets work with regulatory frameworks around the world. As a result, we have seen many relevant FS jurisdictions issuing considerations, rules or conditions for VASPs.1 This helps to bring legitimacy to the sector in the eyes of institutional investors.

A strong compliance program is mandatory for licensing and provides a clear advantage over unregulated competitors when addressing the professional and institutional client segment.

Hugh Madden
Chief Executive Officer
BC Technology Group

Customer due diligence

Most regulations and licensing regimes focus on robust customer due diligence and monitoring programs for the purposes of Anti-Money Laundering (AML) and Counter Terrorism Financing (CTF) compliance.

A key part of this is having a robust Know Your Customer (KYC) program, and in recent years, many VASPs have adopted some elements of a KYC program and practice. This uptake increased after global regulators clarified their expectations for ‘risk-based customer due diligence’ in the June 2019 declaration from the FATF.

Risk based customer due diligence and KYC programs are often executed as a set of policies and processes that aim to set boundaries around the type of customers an organization will and will not accept. Historically, many VASPs have met minimum KYC standards by establishing basic customer data collection practices or integrating third-party solutions to support identity collection and verification (ID&V). This approach is influenced by the retail heritage of many VASPs.

However, when catering for institutional investors, a KYC program can only be a first step towards a risk-based Customer Acceptance Policy. ID&V procedures must be matched by a set of screenings and checks that result in a graduated level of due diligence and risk management. These checks may include Politically Exposed Person (PEP) screenings and suitability assessments to assess the fit of an investor with the products offered.

This process can be complex for corporate and institutional clients and is no different to the onboarding at traditional FS organizations. It requires up-to-date documentation for the organization and all parties engaging with the service.

Institutional onboarding

A good practice for institutional onboarding is an online-based process guided by a relationship manager, to deliver outstanding customer service in the first touchpoints. The goal is to provide a frictionless user experience and avoid recreating the same process every time a customer signs up. This is especially helpful for customers from larger institutions that may have multiple accounts for different products with one service provider. Part of this needs to be a risk-level driven feature, which allows customers to do certain things with a (reduced) level of KYC. To access higher-risk functionality or more complex products, the system will ask for additional information.

Ongoing monitoring

Some organizations are adopting highly detailed customer risk profiles, such as profiles broken down into peer groups for a more granular risk scoring of customers. This grading takes into consideration the customer’s activity and trading patterns, as well as relationships between master and sub-accounts, for example.

VASPs that apply this practice have been able to further automate their checks, calibrate alert thresholds, and improve the customer onboarding and due diligence process.

Ultimately, this level of customer due diligence should not be triggered upon onboarding only.  A well-established regime will feature ongoing monitoring, review and adjustment at key trigger points in the customer lifecycle.

Policy first, process second

Technology is an important component of an effective KYC program and the safe onboarding of new customers. However, it is prudent to adopt a ‘policy and procedure first’ approach, then apply processes, as the FATF’s KYC requirements may differ from jurisdiction to jurisdiction. Therefore, policies and procedures that consider diversity of jurisdictional needs, and adjust to local requirements for data collection are key.

How Volt Bank is ‘knowing its customers’

Neo-banks (digital-only banks) are playing an important role when it comes to the immersion of new and emerging financial products into everyday banking. However, they are also a high target for fraud and cybercrime – and therefore offer good lessons to VASPs looking to increase security.

For example, Australian neo-bank Volt Bank is continually bolstering its KYC program and security protocols to protect against undesirable customers and activity.

Alexander Maron, Head of Operational Risk, Volt Bank, says, “Volt is focusing on balancing a frictionless onboarding experience with robust KYC protocols. Open Banking is also expanding opportunities for verification procedures, allowing FS providers to improve their customer risk ratings. Australia’s new Open Banking system is strengthening information sharing, with the ability to rapidly pull customer information from multiple sources via third-party providers.”

Footnote

1 VIRTUAL ASSET (PDF 968 KB)

Explore the sections