EXPERT TALK DOES IT MATTER HOW YOUR FINANCIAL INSTITUTIONS MANAGE THEIR KYC/AML PROCESSES? OPENING A BUSINESS BANK ACCOUNT USED TO BE SO EASY Question: how many banks does your firm do business with? If you are like most of your peers, the answer is an average of five – and in some cases up to quadruple that number. Each of these banks needs to be compliant with the multitude of regulations governing Anti-Money Laundering (AML) and Know Your Customer (KYC), whilst simultaneously complying with the Foreign Account Tax Compliance Act (FATCA). As regulators move from a tick-box to a risk-based approach towards compliance, banks are increasingly left to interpret AML regulations and comply with KYC requirements as they see fit, leading to different banks developing different processes for client verification. The net result is that clients are often faced with a situation where they are required to provide client identity information on an average of five times – each time according to different specifications. This duplication of effort is both time-consuming and costly. THE BUSINESS MODEL HAS CHANGED Long gone are the days when bankers knew all of their clients personally or via a referral from a mutual party. The explosive growth and globalization of banking means that today, whether you are a trading firm, corporation, hedge fund or asset manager, the due diligence process required for KYC compliance can take up to 6 months. There are many more steps to follow and countless additional documents are required. All of this adds time to an already time-consuming process. Research has revealed that some clients are asked to submit up to 100 documents (either directly or through external sources) just to open a bank account1. And it’s not just opening the account that is timeconsuming; there are also intermittent and ongoing requests for client identity documents to ensure that banks maintain an up-to-date single view of your organization. In addition, the Financial Action Task Force (FATF) recommended in 2012 that it should be a requirement for an organization to provide their bank with the most up-to-date legal entity information available at any given time. It’s easy to forget that you are the client in this scenario. Remember that you have every right to expect a positive customer experience when dealing with your banking counterparties. HAND OVER YOUR MOST STRICTLY CONFIDENTIAL INFORMATION … AND VISIBILITY AND CONTROL There is also the crucial matter of data security and privacy. Essentially, once strictly confidential information is shared, the client no longer has control over how that information is being shared or whether any safeguards are in place. There is no audit trail and clients do not know who is consuming their information – or why. Cyber crime is a growing global problem and regulators require organizations to demonstrate that they are proactively managing these threats. COMPLIANCE IS NOT OPTIONAL Financial institutions are increasingly coming under pressure from shareholders, regulators and customers to find the balance between profitability and compliance. Since the financial crisis of 2008, which has largely been blamed on the failure to properly regulate the financial industry, banks have been subjected to ever-more extensive regulations around AML and Counter-Terrorism Financing (CFT). As a result, they are mandated to carry out extensive and ongoing KYC checks on all their clients. More recently, regulators expect banks to know - and document - their clients’ sources of income, as well as the tax consequences of their activities. This is governed by legislation such as FATCA. This has naturally led to banks requiring more information from their clients and, because the stakes are so high, many of them are erring on the side of caution and gathering too much rather than too little information. It is understandable that banks are taking this approach given that the costs of non-compliance are punitive, both in terms of fines and, more importantly, reputational damage. One telling example is that in roughly the last two years, banks have been fined more than $10 billion globally for activities involving money laundering, or doing business with persona non grata. Bank clients face a multitude of issues – some costly – relating to bank KYC requirements: • The documents you need to provide can reside in several different locations within your company. Finding, extracting and organizing these documents has become increasingly burdensome and time-consuming. • The sheer number of documents required has also increased exponentially. Because the number of regulations has escalated and banks need to ensure that they remain compliant, they tend to request more information, rather than less. Continued 1 Fenergo, 2015, New Research Study Measures the Time, Cost and Challenges of Client Onboarding. [online] Available at: http://www.fenergo.com/top-menu/newsevents/press-releases/newresearch-study-measures-the-time-cost-and-challenges-of-client-onboarding.html [Accessed February 2015] The views and opinions expressed in this paper are those of the author and do not necessarily reflect the official policy or position of Thomson Reuters. EXPERT TALK | DOES IT MATTER HOW YOUR FINANCIAL INSTITUTIONS MANAGE THEIR KYC/AML PROCESSES? • In addition, there is currently no universal global KYC standard, so each bank relies on its own interpretation of AML/KYC requirements. As a result, each requires different documentation from institutional clients. • With identity theft and cyber crime increasing, there are concerns surrounding current methods of sharing client identity documents, particularly via email. If not encrypted, these messages are easy to hack. In addition, organizations want more visibility and control over who can access their information before and after it has been sent to the banks. This is all leading to increased effort, time and cost – simply to open an account and maintain a business relationship with your bank FORTUNATELY, THE INDUSTRY HAS WOKEN UP TO THESE ISSUES Within this troubled space, new solutions have emerged to make it easier for clients - and banks - to cost-effectively comply with KYC requirements. While some of these solutions are bank-driven and paid-for, there are powerful direct benefits for end-clients. Let’s take a brief look at these solutions and discuss what we view as the most promising in terms of delivering in three key areas: • Does the solution save you time and money? • Is it easy to use? • Are you given control over who has access to your data? SHARED UTILITY AND MANAGED SERVICE MODELS: FROM ‘MANY-TO-MANY ‘ TO ‘ONE-TO-MANY’ FROM THE COMPLEX STATE OF TODAY’S ‘MANY TO MANY’ KYC PROCESSES THOMSON REUTERS ORG ID PIONEERED A STREAMLINED ‘ONE-TO-MANY’ KYC PROCESS Thomson Reuters Org ID Generally, for a myriad of sound business reasons, financial institutions are increasingly looking to outsource parts of their KYC function – or in some cases, the entire function. KYC processes have become so expensive and complex that they are draining resources, talent and money from core business and revenue-generating activities. Institutional bank clients are also keen for their banks to adopt different models, for the simple reason that current processes are not meeting their needs. THE MANAGED SERVICE MODEL: THE END-TO-END KYC SOLUTION The question that banks are increasingly asking is not IF they should outsource or optimize this service, but WHAT model will best serve their needs. The options fall broadly into two camps – a utility service model and a managed service model. This is a true end-to-end solution, driven by dedicated teams of KYC experts and analysts who monitor and update KYC records. These records are then stored and maintained on a secure portal where financial institutions can access them. SHARED UTILITY SERVICE MODELS The benefits to banks are clear in terms of compliance, cost-savings and resource allocation, but there are equally compelling benefits for endclients. Rather than each financial institution managing their own client identity document collection, they participate in a utility service provided by a third party and pay only for the services and data they use. HELPING YOU REDUCE COMPLEXITY, SAVE TIME AND GAIN CONTROL Several shared utility options have appeared in the last 12 to 18 months, many of them joint efforts between banks and third parties. The financial institution uploads pertinent customer information into a single portal that is then shared with participating financial institutions. A managed service model transforms the entire function by going far beyond collecting, storing and distributing customer data. It enables financial institutions to outsource the process to a third party, and reduce and standardize the costs involved with effective KYC. By one estimate, a managed service model can cut internal KYC costs by 30-40%. Firstly, with a managed service, you can consolidate and upload your client identity documents on one single secure portal. From this portal you can then distribute the documents to all the financial institutions with whom you transact. This eliminates the duplication of effort involved in providing separate KYC documents to each financial institution. The result? A reduction in the time and resources required for effective onboarding. EXPERT TALK | DOES IT MATTER HOW YOUR FINANCIAL INSTITUTIONS MANAGE THEIR KYC/AML PROCESSES? With managed service models, you have complete visibility and control over the client identity documents you provide, allowing access to only the financial institutions you choose. You know exactly who is viewing your identity documents, and with whom they are being shared. THE TOP FIVE BENEFITS OF THE MANAGED SERVICE MODEL: In addition, because managed service providers are independent and usually have core strengths in data management, they can effectively manage data privacy and security. 2. Security – benefit from secure storage and data dissemination, and an audit trail Finally, managed service models are free for the end-clients of financial institutions. STREAMLINE PROCESSES TODAY The industry has recognized the challenges plaguing the current KYC landscape, and has developed a fresh approach. Simply put, financial institutions and their clients recognize that spiraling costs, workloads and processes are no longer sustainable. Recent announcements in the news have validated this and we are seeing the first financial institutions adopting KYC managed service models. Your organization can use KYC managed services models to streamline the provision of client identity documents to your financial institutions. Organizations can upload their documents once to a secure web-based portal and distribute their information to selected financial institutions only. 1. Operational efficiency – maintain one set of documents that can be shared with multiple financial counterparties, reducing duplication and administrative effort 3. Control – gain full control and visibility over who can access and view your documents 4. Speed – streamline and accelerate processes when transacting with financial counterparties 5. No cost – store, maintain and distribute your identity documents at no cost These top five benefits reinforce two important points: firstly, it does matter how your financial institution manages their KYC processes, but secondly, how you respond is also crucial. By adopting these new industry solutions - such as KYC managed services - you can improve operational efficiency, and establish effective data control and security processes, allowing your organization to focus on its core revenue generating activities. These solutions bring real value to your business and truly enable you to improve processes and regain control of your legal entity information. RISK MANAGEMENT SOLUTIONS FROM THOMSON REUTERS Risk Management Solutions bring together trusted regulatory, customer and pricing data, intuitive software and expert insight and services – an unrivaled combination in the industry that empowers professionals and enterprises to confidently anticipate and act on risks – and make smarter decisions that accelerate business performance. For more information, contact your representative or visit us online at risk.thomsonreuters.com © 2015 Thomson Reuters GRC02227/9-15