Step Away from the Edge: Facing the KYC Cliff

With the average global treasury team reportedly spending more than one day each week dealing with know your customer (KYC) requirements, compliance remains a significant pain point for treasurers worldwide. What progress is being made to help treasurers – and their banks to overcome this headache? Are regional approaches worthwhile or should we be holding out for a global solution? Can fintechs save the day? Industry experts answer these questions and more.

Werner Fontanive Member of the Executive Team of SWISS POST and Head of New Business Regulatory Data Services, Co-founder, cinfoni

Although the extraordinary coronavirus pandemic is occupying treasurers’ minds at present, everyday challenges have by no means vanished. One of the top day-to-day pain points treasury teams face is dealing with the KYC requirements of banks across the globe. In fact, recent research supported by SWIFT shows that 93% of treasurers believe KYC requests are more challenging today than they were five years ago. In addition, more than 50% of treasury professionals have reduced the number of banks they work with to avoid lengthy KYC processes.

Marc Delbaere, Global Head of Corporates and Trade, SWIFT, neatly outlines the issues behind these eye-opening statistics: “Treasurers who work with multiple banking partners in different regulatory jurisdictions across the globe have to provide KYC data in multiple formats, often through bilateral exchanges, in order to meet the regulatory requirements of each partner, which is costly, time-consuming and inefficient.”

Expanding on this, François Masquelier, Founder and CEO of SimplyTREASURY, adds: “Ultimately, KYC negatively impacts the client experience. Opening new bank accounts takes up more and more time. Furthermore, KYC costs are inflating significantly as requirements add up and are not standardised. In addition, data and documents are transferred via unsecure means, which translates into high levels of risk around sensitive pieces of information.”

Paul-Gerhard Haase, Member of the Executive Board, Co-founder, cinfoni BFS finance GmbH, agrees: “Some of the major issues revolve around the lack of standardisation, inconsistencies – even within the same institution, and multiple communication channels with banks. What’s more, KYC requests are often ‘blanket’ and therefore too intrusive, with no tailored data requests.

Adding to the challenge, there is frequently a lack of integration between Bank Account Management [BAM] and/or Treasury Management Systems [TMSs], which in turn requires multiple document uploads.” Werner Fontanive, Member of the Executive Team of SWISS POST and Head of New Business Regulatory Data Services, Co-founder, cinfoni, adds: “The sharing of KYC information is based on trust which is provided under cinfoni through a government backed network that exchanges regulatory reliable data from corporates via full validation nodes towards banks.”

In this seamless digital day and age, this labour-intensive approach to KYC seems out-dated and even alien. Yes, it is easy to place the blame for this on the banks, but as Delbaere rightly notes: “It’s not any easier on the financial institutions’ side of the process.

They have to reach out to correspondent banks or corporate customers for information and search for data across multiple sources, which is often incomplete or out of date. In many cases, they are forced to repeatedly follow up with existing customers as part of regular KYC reviews, which can place strain on relationships. In short, it’s repetitive, confusing, time-consuming and costly for all parties involved.”

All for one and one for all?

The rationale for a global solution to these KYC issues has never been clearer. And SWIFT has been making significant headway with its KYC Registry, which opened to corporates in late 2019. But is it enough to turn the tide?

Marc Delbaere Global Head of Corporates and Trade, SWIFT

Delbaere says: “It is still early days but we have developed a strong pipeline of interested corporates, some of which have already started uploading information on to our registry. Before launch, we tested the KYC registry with 18 leading corporate groups, including BMW, Spotify, and Unilever, along with 16 global banks representing more than 7,000 corporate-to-bank relationships on SWIFT. This meant that when it opened to corporates, we already had strong interest from trial participants and we have followed this up by promoting it to the 2,000-strong corporate community connected to SWIFT.”

But therein lies the rub. The utility is currently open only to SWIFT-enabled corporates. As a former corporate treasurer, Masquelier has mixed views on the situation. “SWIFT’s KYC Registry is certainly a huge ‘plus’ and a great step towards a multi-bank international KYC solution. We have great expectations for it. However, SWIFT still lacks regulatory standards in individual jurisdictions and does not allow for 100% coverage of specific KYC information.” Masquelier speaks from experience here as his former employer, RTL, took part in the first round of pilots two years ago.

Nevertheless, the solution is still nascent and there are only a handful of pilots that can be used as a baseline. Concerns also exist around the barriers to entry. Masquelier continues: “I remain cautious about the business model and hope that this will be – and remain – free and not just for SWIFT customers. We must think of all those treasurers who do not have, or do not want to use, the SWIFT network, especially due to the cost and complexity of SWIFT’s Customer Security Programme.”

As a side note for those who have not come across it, SWIFT launched its Customer Security Programme (CSP) in 2016 to drive industry-wide collaboration in the battle against the cyber threat. Designed to support all types of customers, from central banks to large corporate groups, the CSP provides tools, information and a framework to help the SWIFT community secure itself. Despite the positives, the change has proved challenging for some.

François Masquelier Founder and CEO of SimplyTREASURY

Masquelier believes there is room for several players in the KYC utility space, with SWIFT being a major participant alongside local and regional initiatives. In fact, he says that targeted initiatives, such as the Nordic KYC Utility, “emerged because of the absence of fully international ones. Facing such a KYC cliff pushed some actors to think locally, before considering global solutions”.

For those not familiar with the Nordic project, six of the largest banks in the region have now joined forces to launch a platform for handling KYC data. Due to launch during 2020, the idea is that the utility will benefit large and mid-sized corporates in the region. The word on the street is that the Nordic banks did not wish to wait for the SWIFT KYC Registry to be adapted to local needs and formats, as they felt the Nordics would be at the back of the queue from a priority perspective. The plan was always to integrate with the SWIFT offering once it was fully operational. But the waiting was too unappealing, especially since the banks saw the launch of a KYC solution as a means to help repair the reputational damage caused by recent money-laundering scandals.

In the name of transparency, it is worth noting here that TMI asked to speak to several Nordic banks about the utility for the purposes of this article – yet they declined. Perhaps it is too early to comment. The website for the initiative (www.kycnordic.com) simply displays a ‘coming 2020’ message. Or perhaps the realities of investing in a joint KYC utility – and each bank still being individually liable for satisfying KYC obligations – are taking their toll, alongside the building of the infrastructure, of course. Only time will tell.

UAE forges ahead

Such hurdles are not holding back progress in the Middle East, however. In Dubai, a KYC consortium has been launched by Dubai Economy, along with Abu Dhabi Commercial Bank (ADCB), Emirates NBD, Emirates Islamic, HSBC, RAKBANK and Commercial Bank of Dubai (CBD). The consortium enables regulated sharing of KYC data between banks and licensing authorities in Dubai and leverages blockchain technology to ensure security and integrity of KYC data.

Mohammed Al Jayyash Acting Group Chief Operations Officer, ADCB

Mohammed Al Jayyash, Acting Group Chief Operations Officer, ADCB, “Establishing the first KYC blockchain consortium in the UAE further enhances the ease of doing business in the region – attracting even more investors to the country. The consortium will also bolster the ongoing smart transformation of the UAE’s economy, in line with Vision 2021.

For the six founding banks and their clients, the consortium will enable much more rapid and secure onboarding and exchange of digital customer data and documents. “Through this initiative, we are establishing a single source of truth for KYC information in the UAE. This will greatly increase the speed of opening a bank account for new companies and existing customers will benefit from a significant reduction in the requirements of managing and refreshing their KYC data.

Explaining how the consortium will deliver these benefits, Al Jayyash says that it involves close co-operation with the Department of Economic Development (DED),which issues trade licences. “There is a significant overlap between the due diligence that is performed to issue a trade licence and the KYC requirements of banks. By securely sharing the documents used for the trade licence application among permissioned banks – via the blockchain – it is possible to significantly reduce the KYC burden on customers.”

To benefit from the KYC consortium clients do not need to do anything, except to give their permission for a specific bank to access their trade licence information. “When a customer applies for a bank account, we access the blockchain repository via an API and pull the relevant trade licence information. We then only ask the client to fill in any gaps, rather than provide the full KYC package again. Moreover, we are updated instantly of any future changes in trade licences, which helps with the KYC refresh going forward.”

All of this happens in the background, without any effort from the client, but – as stated – with their explicit permission. “Sharing information in this way significantly cuts down on duplication, which in turn leads to time, efficiency and customer service benefits,” says Al Jayyash.

These immediate positives will undoubtedly be welcomed with open arms by treasurers in Dubai, but there are longer-term plusses that must not be overlooked in the excitement. “Over time, the consortium aims to examine the various KYC processes and requirements used by banks – with the aim of streamlining and harmonising them.” Naturally, this will be a challenge given the mix of local, regional and global banks in the UAE.

Furthermore, the intention is that the KYC streamlining will be extended beyond Dubai to the entire UAE. Al Jayyash continues: “By building a KYC ecosystem across the UAE, involving all of the relevant federal authorities and permissioned financial institutions, we can ensure a consistent and easy KYC process for customers – while retaining the highest standards of regulatory compliance.”

“Although a global KYC solution is the ultimate goal for corporates and banks alike, it is also extremely challenging – and regional solutions such as this are necessary as a first step. ADCB was keen to be an early mover in this space, demonstrating our ongoing commitment to driving change through innovation, new technologies, and collaboration,” Al Jayyash notes.

Alternative routes

In mainland Europe, meanwhile, banks have been less forthcoming with local or pan-regional solutions, so some treasurers have been taking matters into their own hands. In Luxembourg, for example, the Association des Trésoriers d’Entreprise à Luxembourg (ATEL) has created a distributed ledger technology (DLT) solution in collaboration with the University of Luxembourg, digital KYC experts, Telindus, and the Bankers’ Association (ABBL).

Paul-Gerhard Haase Member of the Executive Board, Co-founder, cinfoni BFS finance GmbH

Masquelier believes that there is great potential for these types of local solutions to be interfaced with other KYC initiatives run by fintechs, in order to expand their reach and functionality. He cites cinfoni as a perfect example of a potential collaborator here. “This German-Swiss company proposes a fantastic solution which will be interoperable with other local and international KYC utilities.” As Haase puts it: “cinfoni combines local, regional and international approaches under one umbrella”.

For those who have yet to discover cinfoni, it stands for Customer Information Network Intelligence and it is a regulatory framework developed by Arvato Financial Solutions and Swiss Post, which aims to simplify the tailored compilation of regulatory data such as KYC. According to Arvato’s website: “The framework combines an international network with repeatable solution components for banks, corporates and regulators and jurisdiction specific utilities. cinfoni is accessible to all local data utilities as well as data and service providers.”

cinfoni operates in the European payment zone on the basis of nationally aligned KYC data and anti-money laundering (AML) regulations, which in turn are based on a country-by-country regulatory requirements gathering. The network protocol is tailored to KYC and the underlying international AML regulations, thus making use of an open distributed ledger technology (DLT). The hope is that cinfoni “will enhance, accelerate and simplify the onboarding and required mandatory periodic maintenance processes for banks and their customers. For corporate clients, a cinfoni Corporate Service is designed to streamline KYC files in standardised processes for individual bank requests. By ensuring reusability, corporate companies’ effort for KYC is reduced by an estimated 80% compared to today’s non-harmonised, unstructured processes,” says the official rubric.

Providing a more independent view, Masquelier believes cinfoni is a KYC game-changer for the following reasons: simplification of KYC through minimal intrusion; standardised communication with banks with an international single point of contact for corporates and a unique protocol; and full control for the corporate regarding KYC data. “The corporate decides who gets access to what and where the data is stored – whether that be in their own BAM/TMS, customer wallet or a jurisdiction specific network node. As such, it will speed up KYC and significantly reduce the effort required by treasurers, at no cost to the corporate.”

Counting the cost

But, of course, solutions that are free to treasurers have to be paid for by others. And this is another significant challenge that is preventing more rapid progress in the KYC utility space. “The costs for building such solutions are huge,” says Masquelier. “At first glance, a KYC solution seems obvious and technically easy to set up. However, it is extremely complex, and we have seen large technology and data companies giving up on KYC utilities. The fact that we don’t have, as we speak, a couple of global, free, open-to-all, multi-banks and ‘live’ solutions proves they are far from easy to develop and launch. They require huge investment and this is why only a few players will emerge internationally, in my view. They need money, patience and perseverance to be successful.”

Haase cautions here that “solutions struggling with legacy protocols and technology tend to be too expensive”. But cheaper solutions may not necessarily solve the problem, he says, adding that “pure data provider initiatives do not reach far enough”. He believes that “only tailored solutions limiting data requests to what is required by the regulations in individual cases, with a strong focus on simplification, will overcome the KYC challenge and provide significant savings for banks, corporates and regulators alike”.

Delbaere, meanwhile, maintains that SWIFT is well placed to address the KYC conundrum in an affordable and impactful manner. “Our co-operative nature means we can afford to be cost-effective. Furthermore, addressing the problem at industry-level is bound to reduce the overall KYC cost both for financial institutions and corporates – the solution is only a fraction of the cost of the problem.”

Like many others, Delbaere believes collaboration is the way forward – between corporates, banks, regulators, local KYC initiatives and SWIFT. Fintechs have a role to play too, of course. “If financial institutions and corporates thought only of their own individual needs and what works for them, then solving this problem would be extremely challenging. However, from our engagement with them, it’s clear they all recognise KYC is a necessity and they’re also keen to collaborate to solve this problem for all parties involved.

“The forum we created during the trial period of the KYC Registry enabled corporates to understand why banks are asking for certain types of information and banks to reflect on the types of questions they are asking and if there were opportunities for harmonisation with global standards. And, in my view, the key to effective KYC is standardised information sharing.

Unstructured, non-standardised data means that multiple versions of the same information have to be repeatedly submitted to counterparties. By simply embracing a universal standard, corporates and banks can save vast amounts of time and resources.”
According to Delbaere, this is precisely what SWIFT aims to achieve with the KYC Registry. “It aggregates KYC information in a globally recognised, standardised format, providing banks with a centralised database with everything they need. The standard defined for correspondent banking includes the latest Correspondent Banking Due Diligence Questionnaire (CBDDQ) from the Wolfsberg Group and covers up to 90% of the information that global banks typically require for due diligence, making it one of the most comprehensive KYC tools on the market.”

Calling treasurers to action

While SWIFT is clearly making excellent progress, Masquelier believes that treasurers would be wise to stop looking for ‘one solution to rule them all’. “Personally, I would like to see more solutions emerge and see real competition so as not to depend on one single market infrastructure, however broad. We need several solutions – since competition is always beneficial to the market and to users – which allow each type and size of business to easily meet KYC requirements when entering into a relationship with a bank and when maintaining compliance around bank accounts.”

Representing one of the potential competitors to SWIFT here, Haase believes that “treasurers need to push for industry platform-based solutions like cinfoni to be used, otherwise banks will continue to make attempts around symptomatic bank operations-focused initiatives with no convenience gains for treasurers – as they have been trying to do for many years”. cinfoni, he says, “provides that kind of community-based programme, ramping up the new ecosystem for KYC and other regulatory domains”.

Masquelier also issues a call to arms for treasurers, saying: “There is, unfortunately, no single, one-size-fits-all KYC solution yet. As such, we treasurers have the duty to adopt one or several of them, rather than keep complaining about unstoppable KYC compliance rules. Solving the KYC conundrum is a journey. The sooner each firm starts their own part of that journey, the faster the whole industry will realise the change that it’s been seeking.”