Banks used to see a competitive advantage in identifying customers, but it has now become a regulatory headache, with multibillion dollar fines being levied on those firms not up to speed.
As a result of huge regulatory fines, European banks are poring over their back books to see if they could be in the firing line. In the UK, penalties are being imposed on banks that fail to properly safeguard against criminal activity and banks have received large fines for holes in their internal anti-money laundering (AML) policy.
In the case of one particular firm in Asia, it declined $300,000 worth of business with a China-based corporate because it was impossible to carry out all the due diligence on its ownership structure in the time available to complete the deal.
In June 2013, the Reserve Bank of India (RBI) fined three regional banks for KYC lapses. A month after inflicting this initial penalty, the RBI fined a further 22 banks for a slew of regulatory failings, including the violation of KYC rules.
Other regulators in Asia have yet to levy any such fines, but some believe the first may be on the way in Hong Kong or Singapore, two jurisdictions where stringent rules on AML and KYC have been drawn up recently.
It is not only the possibility of being fined that worries banks. There is also a great deal of concern about increased regulatory scrutiny which is likely to follow any KYC failings. Banks are keen to demonstrate good and robust adherence to AML procedures, for fear of attracting greater scrutiny by alerting regulators to possible deficiencies in their practices.
Doing everything required to comply with the emerging raft of KYC legislation is proving a challenge for many financial institutions in Asia. Beyond the logistical challenges of data gathering, cultural sensitivities to sharing personal information are also proving a barrier to successful implementation of AML measures. Under Indian KYC laws, the regulator requires the financial details of clients – such as their annual income and net worth – to be provided. However, while this information is used by the intermediary to monitor money-laundering activities, current regulations do not require institutions to authenticate it, which could point to a hole in the system.
Companies are struggling with all the different KYC requirements in the various jurisdictions, and there are huge inefficiencies around all of the banks trying to get the same information from underlying clients.
KYC regulation in the region means that banks have to be able to support a huge management of information, but at the same time their business requires speedy onboarding of clients. It is difficult for organisations to get economies of scale if they do all the onboarding in-house, which is why they are increasingly looking at how they can outsource the process."
With so many solutions coming on to the market, it is unclear to what extent the various platforms will communicate with one another. There are huge challenges to overcome, however, before information can be shared around the region freely. A particular issue is the restriction placed by some governments on data leaving their jurisdictions. Singapore, Hong Kong, Malaysia, South Korea and Japan all have fairly rigid data-protection rules in place, but Indonesia is highlighted as causing particular difficulties for pan-regional players.
There may be ways of circumventing the restrictive data-protection rules. Singapore, for example, allows personal information to be shared with foreign parties as long as the recipient has adequate levels of protection in place to prevent it being misused. Hong Kong has also introduced such exemptions.
While KYC legislation has become a particularly hot topic over the past couple of years, as an idea, it has been around for a lot longer. Several years ago, many financial institutions saw an efficient KYC process as a way of gaining a competitive edge, in terms of faster onboarding of clients and getting business first. That kind of mind-set has pretty much gone now, because KYC compliance has become so labour-intensive and most financial institutions now view it as something that just has to be done.
Successful companies in this area will be those that not only manage to meet all the new requirements from regulators, but do so in such a way that adds value to their business. The majority of institutions may not be able or willing to seek the competitive advantage, but this could be an opportunity that is being missed.