Capco Blog

Time is now to strengthen KYC due diligence procedures

Financial institutions need to focus more assiduously on Know Your Client (KYC) due diligence, analysis, validation and record keeping to comply with new regulations currently being implemented by FINRA and folded into the data collected under the Dodd-Frank Act.

Established as part of the U.S. Bank Secrecy Act in 1970 and supplemented by the USA PATRIOT Act after the September 11, 2001 terrorist attacks, KYC procedures are performed by financial institutions to ensure they know more about the clients with whom they intend to do business with. This due diligence is intended to prevent identity theft, financial fraud, money laundering and terrorist financing.

Heightened regulatory scrutiny and oversight into KYC policies and procedures has resulted in numerous fines and public sanctions across the financial services industry. For example, in April 2012, the U.S. Treasury Department’s Office of the Comptroller of the Currency (OCC) issued a cease and desist order against Citibank for deficiencies in its internal controls, customer due diligence and anti-money laundering audit function1. In June, ING reached a $619 million settlement with the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) for moving financial transactions on behalf of sanctioned Cuban and Iranian entities2. In August, the New York State Department of Financial Services fined U.K.-based Standard Chartered $340 million for OFAC-related violations involving Iranian-linked client transactions3. And HSBC, Europe’s biggest bank, has set aside approximately $1.5 billion to cover potential fines and settlement charges related to an ongoing investigation into violations of U.S. federal anti-money laundering laws4.

To comply with the heightened awareness and new regulations, financial institutions must establish new or improved KYC policies, procedures and infrastructure, which can be a challenge in today’s cost-cutting environment. However, strengthening KYC activities also provides organizations with opportunities to build deeper client relationships, improve the client on-boarding experience and engage in cross-selling activities.

For example, organizations can strengthen client on-boarding by linking their client data and account opening processes to their KYC procedures. Tying these activities together gives financial institutions a deeper understanding of who the new client is, where its source of funds originates, who the beneficial owners are, as well as what products and services they are buying.

Financial services institutions can begin assessing the strength and robustness of their KYC policies and procedures by asking the following key questions:

  • Are your KYC due diligence requirements understood across the organization?
  • Is the impact of new regulations on your current operating model clearly understood?
  • Does your infrastructure currently support a risk-based KYC due diligence process with appropriate record keeping and documentation retention?
  • Do you have the proper controls in place to identify missing or invalid KYC profile certifications required to block trading and transaction execution?
  • Are your record-keeping and document management functions integrated?
  • Can your infrastructure successfully identify and diagnose early warning events and trigger requirements for updating KYC due diligence profiles?
  • Do you understand data sharing and privacy issues related to your customers?

Failing to properly focus on KYC activities in light of the heightened regulatory scrutiny may result in possible punitive fines on noncompliance to regulatory obligations, as seen in the cases cited above. Other negative effects include possible reputational and brand degradation through negative publicity of control failures and regulatory sanctions. In addition, financial institutions face exposure to litigation from clients, investors and professional counterparties in the event that fraudulent activities are detected by other clients or counterparties.

How are you assessing the strength of your KYC due diligence policies and procedures? Join the discussion.

1http://www.occ.gov/news-issuances/news-releases/2012/nr-occ-2012-57a.pdf
2http://www.treasury.gov/resource-center/sanctions/CivPen/Documents/06122012_ing_agreement.pdf
3http://www.dfs.ny.gov/banking/ea120806.pdf
4HSBC Says AML Probe Has Cost $1.5 Billion — And Could Go Higher,” Wall Street Journal Blogs, Samuel Rubenfeld, November 5, 2012

Comments

Great synopsis Steve. Low intrusion methods are definitely key in capturing KYC data. As you've said, firms could certainly improve their KYC procedures, by garnering the appropriate data through relationship management/client service teams, during the client on-boarding/refresh stages. Quality of KYC questions asked to clients are also key as firms individually interpret their own level of specificity necessary (the spread between "need to know" and fluff data). Staff training that review the data once captured are also important as they have to know what their looking at, as the final line of defense, after system controls catch initial “violations” (i.e. Non profit orgs are sometimes used as money laundering/terrorist cover-ups, but a firm should have the expertise to differentiate an unscrupulous non-profit org as opposed to one that is actually helping those in need).. Those that can find that happy medium of the right questions to ask and the method of delivery, and executing the knowledge to interpret the data are among the winners.

Leave a comment

Comments are moderated and will be posted if they are on-topic and not abusive. For more information, please see our Comments FAQ
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
previous article
Rate this Article
No votes yet
next article