Swift reveals documentation to be included on KYC register
The financial messaging service has inched closer to settling on the final details of its know-your-customer (KYC) registry, focused on alleviating the challenge of fulfilling compliance requirements in the correspondent banking industry.
Swift has now settled on the information to be included on the register, which will be provided by the institutions themselves, including documentation identifying the customer, identification of the ultimate beneficial owners, and tax and compliance information.
Eligible documents include certificates of incorporation/registration or equivalent, banking licences/proofs of regulation, declarations of ownership and responses to the Wolfsberg anti-money laundering (AML) questionnaire.
The list is not exhaustive. “A full list of relevant documentation is still being defined in collaboration with the industry, bearing in mind differing regulations about what type of KYC information is required, and what information institutions are allowed to share,” says Luc Meurant, head of banking markets and compliance services at Swift.
The group has also pledged to check the information held on the register for accuracy, validity and completeness. While liability for the accuracy of the information will still rest with the institutions, meaning all information will need to be double-checked, verifying details should usually be easier than finding them in the first instance.
“The key is to make it very clear to institutions exactly what we have and have not checked,” says Meurant.
“Given the early stage of development, it is unclear the extent to which banks will rely on this kind of resource as the basis of their correspondent due diligence,” says Justine Walker, financial crime director for sanctions and bribery at the British Bankers’ Association (BBA).
“When it comes to compliance there will always be a degree of uncertainty. However, access to valid and up-to-date registry information can only be a welcome step forwards.”
Banks are reluctant to talk publicly about the challenges they face with AML and KYC rules, though their continuing struggle to navigate the regulatory minefield speaks for itself.
HSBC had to pay a $1.9 billion fine in 2012 for breaching US AML rules, while in recent weeks JPMorgan has been handed fines totalling more than $2 billion for AML-rules breaches associated with its business links to Bernie Madoff.
It is therefore little surprise that Swift faces competition from a growing number of competitors, with Switzerland’s KYC Exchange Net (KYCEN) the latest entrant into the space. KYCEN, which goes live on Wednesday, appears to be a broader offering. It will not only target investment and transaction banks but also private banks.
A number of businesses have identified a need for such a service among banks even if additional verification is required, as compliance costs increase, competition for compliance staff intensifies and authorities continue to zealously pursue regulatory lapses.
“What a register like this can do is move banks’ due diligence starting position forward, especially in terms of providing more clarity in terms of beneficial ownership,” says BBA’s Walker.
Swift has 7,000 correspondent banking members in 212 countries, with more than one million relationships amongst themselves. It hopes the register will reduce the costs associated with fulfilling KYC compliance obligations.
To better serve these members, Swift has created a dedicated compliance services unit, headed by Meurant, and it is growing its team to ensure it has expertise in sanctions, KYC and AML.
|Gottfried Leibbrandt, CEO of Swift|
This strategic decision recognizes the growing importance of compliance and financial crime regulation to the industry, which Gottfried Leibbrandt, CEO of Swift, cited as one of the main challenges facing banks globally. In the UK, banks accounted for nearly 80% of all incidents of suspicious activity reporting (SAR) between October 2012 and September 2013, according to the National Crime Agency. SAR among banks increased nearly 12% on the year before, in a picture that looks much the same across the developed world.
“AML and sanctions compliance is certainly a concern among banks providing correspondent services, even causing some to withdraw from certain relationships and countries that are perceived as higher risk, or to pay more visits to institutions in those countries,” says Walker.
“That is hugely resource intensive, for the bank visiting and the bank being visited, especially if they are getting visits from many different banks. That is the problem Swift has recognized and is seeking to respond to.”
The register is in beta, with a small number of the largest banks which are populating the utility with the relevant information. Another group of selected banks will be brought onto the register by the summer, with the final roll-out to all Swift members expected by the end of the year.
And despite there being many months to go until the register goes live, Swift is thinking about subsequent versions of the register, which might be expanded to include additional information, in response to client demand.
Swift has seen demand for additional services, such as name screening, useful when vetting board directors for example, and risk scoring. Both of these services could come in later versions of the register, says Meurant, though in the latter example that would have to be provided by third parties.
Questions have been asked about whether Swift was best placed to host and manage such a utility, given it has no background in compliance and is involved principally in financial messaging as its core business. It has therefore been suggested the register might not be a priority for all its members.
However, the group insists it has received unanimous and unequivocal support in its consultations with them.
And although Swift does not have a background in compliance, its core business does give it an intimate understanding of issues around security and the handling of data – which, in the case of the register, will be held in Europe and subject to European data privacy law.
Swift member feedback has not highlighted data security as a main concern, says Meurant, partly because Swift is trusted to handle such data and partly because the information being held is not highly sensitive, for example pertaining to banks’ institutional information.
“This is a natural evolution for Swift as an industry-wide cooperative, extending its strategic offering beyond payments and securities into compliance services,” says Yawar Shah, chairman at Swift.
However, Swift acknowledged it remains a challenge to ensure as many institutions are included on the register as possible. “Many of the large banks are already confirmed, though we are not in a position yet to offer names,” says Meurant.
More challenging will be reaching the numerous smaller banks, especially those in emerging markets, and the usefulness of the register depends to a great extent on attaining critical mass with all banks.
“These banks are suffering in many cases from being sidelined, if they are perceived to be in less-compliant countries,” says Meurant. “They want to show they are good citizens of the financial community.”