Utilities: a year on
“A utility approach will help to industrialise parts of the KYC compliance activity. This will result in many savings for banks, but only if we can work together.”
By Alain Bozzi, Chief Compliance Officer, Societe Generale
The main developments in compliance are linked to Know Your Customer (KYC) issues. This is a concept that is very important for regulators and they are asking banks to do a lot. They expect banks to provide notification of any issues when on-boarding new customers as well as periodical reviews of clients and their activities. KYC is a way for regulators to make sure that the bank has a wide knowledge of its customers and can detect any activities such as money laundering or terrorist financing.
Banks have significant obligations when it comes to KYC, including the collection and reporting of information. All banks will have to collect the same information for clients; however the analysis that is undertaken on the information will be specific to each bank.
There are a number of initiatives under way related to the collection of the required documentation, including the SWIFT KYC Registry. For this solution, the intention is for all banks which are SWIFT members to give their own information for KYC into the central utility. The utility would make available for a given price this information to SWIFT members who have joined this service.
The benefit for financial institutions and customers in a utility solution is that information needs be provided only once, rather than multiple times for each bank relationship. The information will be on the KYC Registry website and each bank, once member of KYC Registry, will be able to access that information and conduct its own risk analysis on it.
Those involved in compliance at financial institutions need to find solutions that are consistent and efficient, but are not costly for the bank. The mutualisation of information on a utility will help banks to save time and money in terms of collecting information. Often, a bank group may have the same KYC information in different parts of the group but is unaware of this and collects the information itself. A utility will prevent this from happening.
The collection of information and the analysis of the risk attached to a particular customer have to be segregated. Risk analysis always will be the responsibility of the individual bank.
Another important KYC issue is that of identifying who the beneficial owner of the company is. Banks need to know exactly who owns a company and whether or not they might be exposed politically or are corrupt. This is a very fragmented environment and such information is difficult to mutualise.
A utility model for KYC has to address a certain resistance among some parts of banks, which might believe their procedures are superior to that of a utility or even to other parts of the same banking group. These groups are very focused on protecting their business and consider their approach is best in class.
If a financial institution decides to outsource, it must first understand that it is still responsible for regulatory reporting. It is therefore important to organise strong controls on the provider and also to visit regularly to ensure everything is working properly. Also, a back-up plan must be in place in case, for any reason, the outsourcing provider can no longer provide a service.
An issue to bear in mind when outsourcing or using a utility is confidentiality of information: financial institutions have to be very careful, even with internal communications. Under French law, there are a number of circumstances where banks are not authorized to exchange with foreign authorities without prior approval from the French ACPR. This acts as a limit on what can be outsourced.