Banks wake up to gravity of know-your-customer challenge
On pain of fines and imprisonment, banks from India to the US are looking to beef up their data reporting procedures and customer information standards to comply with know your customer, a due diligence activity to address financial fraud.
Banks face an existential threat from the bread-and-butter of banking – the know-your-customer (KYC) challenge. In short, banks need to have basic information about who their customers are and to ensure they are not engaged in illegal activities.
|Frances McLeod, managing partner at Forensic Risk Alliance|
However, tracking the details of everyone they transact with, at a time when the number of transactions is rising steeply, is proving a considerable feat, with a spate of cases last year throwing into sharp relief the compliance challenge. In December, HSBC was fined around $2 billion by US regulators for involvement with money laundering and terrorism financing transactions, a penalty that sent shock waves through the industry. HSBC’s fine was the culmination of a busy year for authorities in 2012 as they sought to clamp down on financial crime.
Earlier in the year Citi had been issued a cease-and-desist order for “deficiencies in the bank’s overall programme for Bank Secrecy Act/anti-money-laundering compliance”.
ING had to pay the US Treasury department $619 million for transactions it made on behalf of Cuban and Iranian organizations on sanctions lists, while Standard Chartered was fined $340 million by the New York State Department of Financial Services, also for transactions with clients in, or linked to, Iran.
Many of the top-tier banks are now confronting the reputation, legal and political risks of failing to confront the compliance challenge after HSBC was fined by US authorities, as they recognize the scale of the issue that faces them, according to Andrew Clark, partner of forensic accounting at PwC.
“Boards at banks want to obey the law but they still see compliance as a hard cost,” says Clark. “Some still don’t see that expense as an investment that can protect them from serious reputational risk. As an industry they have come a long way since the 90s, but this is where they need to get to.”
Banks can approach their KYC programmes differently, though the US Office of the Comptroller of the Currency has prescribed certain standard approaches, for example in data collection and risk scoring.
Greater coordination of efforts and industry standardization would help ensure all banks meet a certain standard.
“There are certain aspects, primarily relating to the collection of customer information, which can be standardized across the industry,” says Debashis Pradhan, senior principal, financial services and insurance, at Infosys.
“There are efforts under way to look at the feasibility of having such a service available as a standard industry utility.”
This will bring considerable benefits across the industry. “Joined-up information is a hugely powerful tool that can help you shut down a lot of potential risks,” says Frances McLeod, managing partner at Forensic Risk Alliance.
However, with the constant evolution of banks, via acquisitions and incremental investment in new technology, having fully integrated systems within multinational banks is not realistic.
In the end, there is no substitute for diligence. Financial crime needs a highly dynamic response, and banks can never relax or assume they have the necessary systems in place, says Clark.
If a bank installs an IT system for financial reporting, that system is probably fine until the rules change. Criminals are as sophisticated and motivated as the banks, meaning they will adapt their lines of attack all the time. Banks need to meet that challenge with the same dedication the criminals do.
As well as focusing on crime itself, banks must struggle to remain compliant in an onerous and rapidly evolving regulatory landscape. “Many banks have signed consent orders related to addressing anti-money-laundering and know-your-customer gaps,” says Pradhan.
Meanwhile, competition between banks is encouraging them to simplify the banking experience for customers. “Banks are driven by the need to provide a superlative customer experience through more streamlined account-opening processes,” says Pradhan.
“Country specific regulations make it very difficult for banks to establish an integrated KYC framework, one that will allow a single view of customer relationships across geographies. As a result cross-border account opening is very cumbersome.”
Some emerging markets present particular challenges, creating an extra problem for the many banks active in these higher-growth markets. In some, poor infrastructure means banks must process paper forms.
However, an optimistic McLeod says the gap is closing. “In places like China the fight against corruption is not only coming from the top down but increasingly from the bottom up, as they start to see how much corruption retards development,” she says.
The US is coming down on fraud particularly hard and any bank active in the US or transacting in US dollars is impacted by the Patriot Act, which mandates financial institutions to have adequate anti-money-laundering and customer-identification processes in place.
However, the issue is far from exclusive to the US. India has been in the news in recent weeks as the Reserve Bank of India wrestles with investigations affecting three of its biggest banks – ICICI Bank, HDFC Bank and Axis Bank – though there is no suggestion any of the three are suspected of money-laundering offences.
Banks face a monumental challenge ensuring communication within the institution is effective, ensuring they maintain a single view of customers across products.
“Customers typically operate across multiple business units, product categories – for example commercial banking or capital markets – and regions, leading to disparate processes and systems,” says Pradhan.
This creates technology challenges, for example in customer identification, segmenting customers uniformly across the enterprise and establishing a risk-based scoring methodology that properly considers the various factors, while adhering to data privacy laws relevant to different jurisdictions.
However, investing in KYC is money well spent, and not only in hedging against reputational damage and fines – improving KYC processes makes it easier to comply with other regulatory requirements.
“Many banks are looking to leverage KYC information for Foreign Account Tax Compliance Act purposes,” says Pradhan. “Similarly, KYC could also provide important inputs to the bank’s anti-fraud programme, whose primary focus is on mitigating operational risk through the reduction of fraud losses.”
An interesting question is whether any shift away from the multinational, multi-product banking model will make KYC compliance harder or easier.