... or “Kill your customer”
There has been much talk about KYC recently – and for good reasons. In the last few years, many banks have been closely examined on suspicion of tax evasion or money laundering; some banks even got fined. In order to be able to guarantee a thorough risk analysis, banks are making their requirements for clients even more stringent. In view of the expanded geographic reach of companies, banks’ requirements are not only getting stricter but more and more complex. As most readers will already be familiar with KYC, we will not go into details about what KYC actually is. Instead, we are going to give insights into initiatives and best practices that are currently discussed to make the KYC process easier.
In Germany, the legal framework for KYC is the “Geldwäschereigesetz - GWG” (Anti-Money Laundering Act) last amended on 23 June 2017. This legal framework obliges financial institutes to perform a risk analysis and to set up internal security measures. The risk analysis must be documented, updated regularly and made available to controlling authorities, and forms the basis for internal security measures. But varying regulations in the respective countries hinder standardized digital solutions in enterprises that are obliged to meet KYC requirements in various jurisdictions. In view of the administrative fines that were recently imposed on banks, the message is clear: Non-compliance will be penalized!
Treasurers know about the main goals of KYC, which is the fight against the funding of terrorism and money laundering, however, they may not be fully aware of the scale and scope of this challenge. Some reports act on the assumption that money laundering accounts for about 2 to 5 percent of the GDP worldwide, which amounts to almost the whole GDP of Germany. This should be more than enough evidence to show the magnitude of the problem and to explain why the controlling authorities demand closer monitoring. But KYC is still perceived as a tiresome and time-consuming obligation. For financial institutes, it is indeed a complicated process, as they are obliged to apply a very strict due diligence with regard to all of their clients when opening new bank accounts or maintaining existing accounts. This leads to a long and time-consuming bank account opening process that may last up to several months. It is often difficult to obtain the necessary information, the specifications are difficult to understand and moreover, the various banks have different requirements. In the case of non-compliance, existing bank accounts may be blocked, which could be catastrophic for some companies. For the banks, this long and cumbersome process means that many companies might decide to take their business somewhere else.
The obvious solution for this problem would be an easy, innovative and standardized KYC process. However, how can companies/banks achieve an effective KYC and anti-money laundering (AML) process? And how can we keep the administrative costs for the different parties as low as possible? This issue has been debated by banks, enterprises, regulators and politicians for a number of years. The good news is that certain initiatives have already developed that might prove to be the proverbial ‘light at the end of the tunnel’.
One of the possible solutions that currently being reviewed is a shared central repository that contains all KYC data concerning the registered enterprises. In February 2019, SWIFT announced that they will open their KYC register for companies. This will allow the more than 2000 enterprises that form part of the SWIFT network to join the register where they can publish and maintain their KYC data and send it on to banks via the register.
Theoretically, this should make for an efficient data exchange using a safe, central system and prevent having to do the work twice. So far, SWIFT has entered a cooperation with 15 big banks and companies, with the aim of setting up a rule or of institutionalizing the process by creating a ‘standardized set of required documents’. Until now, the different banks did not require the same set of documents, which would have made the establishment of a standardized process difficult. Of course, some open questions remain concerning a central, shared repository, such as whether the banks will accept digitalized documents in the same way as paper documents. This presupposes that the regulators accept the documents in the data base as sufficient proof that the banks have fulfilled their responsibilities arising from the KYC process. Pricing can be an issue, too, especially for smaller banks and enterprises. So far, however, it seems that enterprises and banks have welcomed this step, as it contributes to making the KYC process easier.
In Singapore, KPMG has studied similar solutions to solve the problem with blockchain technology. There, a blockchain-based KYC utility was developed and a proof-of-concept prototype was created successfully. The functionality, security and scalability of the ‚KYC utility‘ was then tested by a cooperation between Bluzelle Networks, a consortium of three banks in Singapore (HSBC, OCBC, Mitsubishi UFJ Financial Group) and the Singaporean regulator. The prototype was tested in Q1/2017 and it passed the test scenarios of the Monetary Authority of Singapore. Besides stability and security, this platform also lowered costs by an estimated 25 to 50 percent, in that it reduces double work and offers a clear audit trail. Several providers of TMS have also studied the use of blockchain technology to solve this problem. The main idea is to record and check the data in the database maintained by the software provider. If blockchain technology is used, these data are kept tamper-proof until they arrive at the receiving database (such as SWIFT).
It seems that a “single source of truth” in the form of a shared data repository is a possible solution for this challenge. However, because this process requires the collective and unrestricted cooperation of all parties, from small banks and enterprises to the regulators, it will take some time before the feasibility of this solution can be assessed.
First, the KYC process has to be established and documented in a treasury policy. This process must be documented with clear procedures and responsibilities. The main goal of this process should be to keep the KYC-related data up-to-date, to avoid non-compliance and to improve the process itself regularly. In addition, we recommend including the following points in the policy:
Keeping the data up-to-date and correct for all involved parties is a challenge in itself. But the central collection, storage and maintenance of data would contribute to a rationalization of the process. Another way of streamlining administrative efforts and lowering fees is to reduce the number of bank accounts as part of a “Bank Account Management” initiative by eliminating unused accounts.
The Verband Deutscher Treasurer (VDT) recently published best practices in its KYC guidelines. This should help treasurers improve their KYC process. It is a step in the right direction, as it means the collaboration of banks, enterprises and software providers and it covers up to 80 percent of German requirements.
It is evident that KYC is one of the challenges that can only be tackled through the collaboration of all of the involved parties. However, we believe that there are promising solutions that can help you meet these challenges.
At our next Digital Treasury Summit (DTRS) on 22 October 2019, we will present more insight in the KYC process and show how technologies can support treasurers in their daily challenges. We look forward to welcoming you there.
Source: KPMG Corporate Treasury News, Edition 94, September 2019
© 2019 KPMG AG Wirtschaftsprüfungsgesellschaft, ein Mitglied des KPMG-Netzwerks unabhängiger Mitgliedsfirmen, die KPMG International Cooperative (“KPMG International”), einer juristischen Person schweizerischen Rechts, angeschlossen sind. Alle Rechte vorbehalten.