Know your customer used to be an important principle. Now you can go to jail for KYC shortcomings. The market reacts.
KYC (know your customer) has taken on a whole new regulatory and operational meaning in 2016. The market has long talked about and laboured over the implementation of new KYC regulations in every jurisdiction. Bankers and investment managers need to think carefully and articulate to themselves and clients what stands for ‘good’ or ‘sufficient’ reporting standards. Transforming what used to be form filling into a process that fulfils quantitative requirements for client on-boarding and due diligence has become more urgent.
The MAS charges against BSI Bank in Singapore included the revocation of its local merchant banking licence. This represents the first time a KYC failure (along with anti-money laundering charges) have resulted in a bank shutting down. Ongoing investigations in Singapore and Switzerland could result in personal and criminal liability.
Rolling out, monitoring and enforcing KYC practices throughout multiple jurisdictions – especially in Asia – means their effectiveness will vary from country to country. The enormity of the challenge is whether or not organisations can make the necessary compromises and adjustments to on-board a client. Permitting an existing client to do a particular trade or make an investment could determine whether the bank decides to withdraw from a market and drop certain clients.
The 2012 guidelines of FATF (the Financial Action Task Force) represent best practice standards for financial service organisations. But beyond these rules lies a twisted road. They need to understand how unrelenting global enforcement culture has asserted its determination in KYC with actions against BSI.
The difficulty in making KYC shortcomings a serious offence is underscored by the appearance that regulators have watched BSI for years. Despite paying a USD211 million penalty to US authorities in 2015, BSI’s senior management still couldn’t reform a failed compliance culture. The bank’s auditors did not appear to raise any warnings over AML and KYC.
BSI evidences that principles based, internal KYC and AML compliance structures can deteriorate despite all the talk and conferences touting their insuperable importance. Regulatory enforcement occurs too late after grotesque, headline generating violations explode.
The FATF guidelines require major changes in the way client on-boarding and due diligence are completed. Many financial organisations continue to struggle with them. And smaller ones might not be able to meet them without going out of business.
For example, all client records must be updated constantly, not just reviewed periodically, occasionally or as the result of a trigger event. Clients must also now provide updates about any material changes they make. However, it is ultimately the responsibility of financial services firms to ensure their client records are current and accurate. And if clients do not confirm material changes, financial services firms must maintain the accuracy of this information or face daunting penalties.
How accuracy and constant updates and material changes are defined becomes a riddle for compliance and legal teams. Although KYC principles are generally the same, individual jurisdictions have adjusted their own implementation methods to suit their domestic circumstances. It will require an entirely new approach to KYC data management and client relationships.
Regulatory volatility is the unintended outcome already being felt at the customer and relationship manager level. In Hong Kong, managers are already complaining that cumbersome due diligence and approval procedures have to be repeated for the same client for investments in different types of assets.
MVTS (money or value transfer services) are also regulated by FATF and local regulators who implicitly force oversight down to the banks that deal with them. But, banks are minimising their KYC workload and risk weighting by simply withdrawing credit lines and exchange clearing services from them. Getting rid of nuisance clients has become the easiest choice.
It’s a normative reaction – monitoring these smaller outfits is too troublesome and the downside is too high. Don’t forget it’s the banks who have to bear the multi-million dollar fines if an MVTS clients turns out to be engaged in illegal or sanctioned activities. Processing technologies, whether improvements to current systems or radical solutions like blockchain, face an uphill climb in solving these problems and ensuring average people can readily access financial services.