Regional KYC utilities: Genesis of global collaboration on shared compliance platforms
Know your customer (KYC) is a high-cost compliance function, entails huge administrative responsibilities, and in most cases involves repetitive manual tasks. The KYC information captured, and processes followed by financial institutions across multiple jurisdictions, or even within the same jurisdiction, are not standardised.
The banking fraternity had long been mulling over the idea of building shared KYC utilities for the purpose of standardising KYC data, streamlining the processes, eradicating effort duplication, improving operational efficiency and mutualising cost of compliance.
KYC processes, even within the same jurisdiction, are not standardised
The first generation of shared KYC utilities was launched about five years ago. Swift KYC registry, Markit | Genpact KYC services, Thomson Reuters’ Accelus Org ID and DTCC co-founded Clarient entity hub were formed in 2014.
Their objective was to serve as a single repository of commonly used KYC data of customers, which could be used by participating financial institutions. However, their focus on customer segments and geographies varied, thus leaving the KYC landscape fragmented.
Soon after, India launched its central KYC registry in 2016, aiming to centralise KYC documentation and due diligence of individual customers across all regulated financial institutions (FIs) within the country. This was certainly a huge step forward in bridging the gap of non-standard retail customer KYC data, while also removing duplication of efforts and mutualising cost of KYC among FIs. However, this registry still needs to be integrated with other existing siloed KYC utilities in the country, e.g. the Securities and Exchange Board of India’s (Sebi) KYC Registration Agency, for its full potential to be realised.
Several countries are now adopting this model of a unified platform covering banks within their jurisdiction for centralised KYC. Five banks in France recently launched their KYC utility – CordaKYC, which went through a successful trial by 21 corporates in their country in December 2018. Hong Kong’s Financial Services Development Council has been advocating the need for such a utility in their country. Australia is looking at this option as well, as deficiencies in AML compliance was identified in several banks in this country in the last couple of years. The lessons learnt from India and France’s KYC registries will certainly go a long way in shaping such platforms in other countries that are now contemplating its implementation.
Industry collaboration across geographies
The second generation of KYC utilities started taking shape in the last few years, as the world witnessed a strong urge among nations in several regions to collaborate on customer due diligence. From a shared KYC platform within a country, the vision expanded to building common KYC platforms for sharing data and intelligence among banks across nations in a region.
Africa has traditionally been seen as a high-risk geography in terms of conducting business. With regulators around the globe emphasising on risk-based compliance, African counterparties, i.e. banks and corporates, struggled for access to low cost trade finance from global banks due to this perceived high risk. African Export Import Bank (Afreximbank) took the lead in bringing about credibility in customer due diligence and trust-worthy risk assessment of African corporates and FIs. The initiative brought about collaboration among FIs of several countries in Africa, and the region’s first shared KYC utility – Mansa – was launched in July 2018.
Africa opened Mansa to global banks for reliable due diligence information on African counterparties seeking trade finance. Meanwhile, six banks in the Nordics established a joint venture company to run their shared KYC platform – Nordic KYC Utility – that has since been approved by the European Commission in July 2019, and the first commercial launch targeted for 2020. This utility aims to define common KYC data standards as well as harmonise customer due diligence processes for the region, through consensus among the participating banks.
In the aftermath of some recent AML violations involving funds routed through FIs operating in the Baltics, the financial community of Latvia initiated discussions in November 2018 around developing a KYC utility in the country. The possibility of a regional KYC utility for the Baltics, covering Latvia, Lithuania and Estonia, was also explored. As the world has started looking at Baltics with suspicion around their sophistication in financial crimes monitoring, a regional KYC utility with best-in-class standards can restore some of the confidence this region previously enjoyed but have lately lost!
Leveraging shared KYC utility towards a global KYC platform
Regulatory frameworks vary across countries and regions, and the KYC compliance regulations are no exception. There are jurisdiction-specific variations in terms of documents, data, risk classification, periodic review and so on for KYC. It is therefore undoubtedly a challenge to unify FIs across countries to have common KYC data standards and processes, through shared KYC utilities. However, the broad guidelines framed by regulators globally are aligned when it comes to customer due diligence during onboarding and through the customer lifecycle. In the case of regional utilities, best practices are being designed by incorporating the regulations of multiple jurisdictions and followed by the participating banks.
Nations in several regions are collaborating on customer due diligence
Apart from unifying processes and data requirements across geographies, several other factors need to be considered while setting up such international compliance platforms that are built to hold and process very large amounts of customer data. One is an analysis of cost of setting up the utility versus benefits for banks in terms of savings through mutualisation of compliance cost. Infrastructure of the platform is another factor to be considered, as it needs to support huge volumes of data and users while enabling operational efficiency across a network of banks. Data protection and customer consent is fast becoming a global compliance requirement, as personally identifiable customer data is processed during KYC, with some countries even restricting movement of such data beyond their shores.
The regional KYC utilities are showing the world that cross-border collaboration can go a long way in overcoming the above-mentioned challenges, if the banking community is united in the fight against financial criminals. What has been implemented by some countries in a region can be extended globally, to unite all banks on a common KYC compliance platform, by leveraging a robust technology. Agreed, the scale would be exponentially higher – but so could the expected operational efficiencies and cost optimisation!
Technology continues to disrupt the regulatory world every day, and blockchain is now emerging as a favourite for building KYC utilities – within and across nations. An example is France’s recently launched CordaKYC, which is running on blockchain. Blockchain, the technology underlying Bitcoin, has so far been used for payments in virtual currency, with each transaction verified by its network nodes and recorded in distributed public ledgers. This technology is now being leveraged for securely sharing KYC data and documents in digital format across banks and FIs that wish to participate in the network. The strength of the blockchain technology lies in its distributed database, making it extremely secure and safe from tampering, in addition to high stability and performance efficiency that is already proven. For a global KYC utility – which might soon start taking shape, blockchain possibly makes a perfect match as that robust technology platform!
We may well be looking forward to the emergence of the third generation of KYC utilities – a global KYC utility, as we witness increasing collaboration among banks globally in the combat against financial crimes. A huge initiative that would be, but every big endeavour starts with a small step – it’s just a matter of time before that first step is taken!
By Sujata Dasgupta,
head of financial crimes compliance, BFS risk & compliance practice,
Tata Consultancy Services (TCS)
