The KYC Pain - KYC frustrations are multi-faceted
Every customer I speak to within larger and more complex enterprises has a Know-Your-Customer (KYC) war story or two to tell. With that, I mean a story about their worst experiences when providing KYC to a bank or other 3rd party. I typically have these conversations with the CFO, Head of Treasury, or Head of Legal.
One of them, a large cooperative, told me about a 3rd party requesting passport copies from each of their more than 6,000 members. The company declined this request.
Another told me about a bank sending them six different excel-sheets to be filled out, each of them protected by six different passwords. Then there was the bank that wanted the Head of Treasury to sign each passport copy of the Board personally, and this had to be on the same day the passports were shared with the bank.
Oh, and then there was the one with the bank that wanted the signatory right holder to show up physically in the bank branch. In Greece. The list goes on.
The stories are the tip of the iceberg. An iceberg consisting of frustration, unresolved pain points, wasted resources, and processes in serious need of optimization and digitization.
But it is not just corporates being frustrated.
The process is broken in both ends, as many of the banks sit with none or severely outdated tech solutions to support their KYC on corporates. This includes banks asking multiple questions and receiving replies via free-text emails or constantly changing PDF questionnaires. Often the responses are manually copy-pasted into their systems. The situation is a natural consequence of banks focusing their digitization of the KYC process towards the consumer segment and postponing the more complex corporate customer segment.
More importantly, Anti-Money-Laundering and KYC is a discipline that needs to be learned over time. Outstanding KYC analysts are still rare to find, often leading to KYC analysts that have a
check-the-box approach rather than a risk-based and situational approach. The lack of basic competencies and experience makes a KYC analyst request passports of more than 6,000 people, as mentioned in the example above.
And here is the worst part, the problem is only getting worse.
The banks continue to be under pressure, and as their risk models become more and more advanced, their KYC standards become more and more tailor-made to each bank and its inherent risk profile. A few years back, we would laugh about the notion of KYCC — Know Your Customers Customer — but it’s here now. This is due to the more advanced transaction monitoring systems and the alarms they generate related to incoming and outgoing transactions to/from a company. These alarms need to be explained by the corporate. The explanation needs to be backed by documentation, which puts an extra burden on corporates to understand their high-risk customers and vendors.
Add to this that many other 3rd parties start to request KYC from their counterparties, such as lawyers, accountants, customers, vendors, investors, etc. In other words, we have stepped into a blizzard of due diligence requests coming in and going out of a corporate company. Everyone is trying to make sure that the other party is legitimate and someone you want to do business with. Not so much because it is a legal requirement to do so, but rather as a risk mitigant to reputational impact.
As in all other disciplines, we are on a maturity curve, where a significant shift has already happened — see illustration below. It started with the Information request — you would be asked some questions and reply as best you could and be done with it.
Hereafter followed the Documentation request, where you would be asked to document the correctness of your reply to specific questions. You would scurry to find the proper documents that prove your answer correct.
I believe we are now in the Documentation stage of the maturity journey. What follows next is the Verification stage. This is where we also verify the correctness of the specific document we provide to prove the correctness of the particular information point. Today we are only able to verify very few documents. The most basic example is the passport. There are many robust passport
verification tools out there. Still, they only solve a small fraction of the problem when considering the thousands of data points and documents that are part of a KYC process on larger corporate institutions today.
So, what is the solution to all this?
The obvious answer is that we need a much stronger effort in digitizing the process end-to-end. This is not about blaming the banks for outdated IT infrastructure but about realizing that we need to collaborate across this process to eliminate or reduce the massive waste of resources that could be put to work elsewhere.
Corporates need to internally collect and structure their KYC data in a much more efficient and GDPR-compliant manner. And they need to have an opinion about what they share with their various 3rd parties and how they share it.
We also need to give the dream of standardizing KYC requirements across all the global banks a break. This is a good dream, and over time it will gradually become true — but it will take many years. Therefore the short- and midterm solution is not about standardizing. It’s about creating processes and tech that can handle the non-standardized and complex requests a corporate receives today, thereby doing everything we can to digitize and optimize the environment we are in today.
And finally, banks and KYC utilities are challenged to solve these issues themselves. Therefore, they need to be more open to collaborations with the FinTech and RegTech startup community and have a more agile approach to building APIs to develop a joint route to customer-friendly, compliant, and efficient KYC processes. This massive challenge is not solved by one big player alone but by many larger and smaller players with a joint objective.
See PDF version of this post here.