In the wake of the ING money laundering affair, the Dutch National Bank (DNB) expressed its concerns in a letter to the Dutch House of Representatives about how banks are—or aren’t—fulfilling their role as gatekeepers. The DNB wrote the letter in response to questions from the House. According to the DNB, ING isn’t an exception in the Netherlands. The majority of Dutch banks have neglected to fully optimize their business for their gatekeeping role.
Banks do too little client research, and their transaction monitoring is deficient. The DNB emphasizes that the directors of banks need to see themselves as responsible for complying with anti-money laundering legislation. The tone at the top determines the effort the entire organization puts into conducting due diligence and reporting suspicious behavior to the financial intelligence unit, according to the DNB.
The DNB does add that they’re noticing improvements in the banking industry. Several institutions are investing more in increasing their risk control. Nevertheless, the DNB’s critique is hefty, and it stresses the need to keep up these efforts by investing more in expertise and technology.
It isn’t only Dutch banks that have issues with due diligence. Ana Gomes, a Portuguese member of the European Parliament, said, “I fear that countries in Europe are oblivious to fighting financial crime.” Given the number of European banks that have found themselves involved in compliance scandals, this fear isn’t unfounded. The tone at the top was a problem at Deutsche Bank, where suspicious activities identified by compliance officers weren’t reported to the FIU—a common practice, according to a former employee quoted by the New York Times.
Authorities deliberately did not set Know Your Client (KYC) standards, out of fear that banks might comply only with the minimum requirements. This has resulted in confusion, unclear processes, and insufficient due diligence—though not from a lack of investment or effort.
Gatekeepers have an expensive job
The average bank spends $60 million per year on KYC processes, according to Consult Hyperion (2017). Yet banks are discovering that this investment isn’t enough to completely prevent financial crime. Knowing your client isn’t an easy task. Doing a thorough screening takes a pile of documents and an excessive amount of time. Clients aren’t always willing to accept the hassle.
Still, the fines for KYC failure make banks very nervous. In response, they have started to practice de-risking. This is a very well-known side effect of regulation—banks end up abandoning correspondent banks in small countries and remote or volatile areas. This has a negative impact on financial inclusion.
However, banks are now going even further in their attempts to decrease risk. They’re not just de-risking specific places; they’re also de-risking at the client level. Banks can decide to shun groups of potential clients in traditionally risky businesses, such as jewelry. As banks become stricter and stricter, more and more people will have difficulty opening accounts.
Banks aren’t happy about having to take these measures. It means that they are losing business. It’s also a moral issue—everyone should have the right to hold a bank account.
But banks could reduce risk and keep down the costs of customer screenings if they could share KYC results. The current lack of cooperation between banks means that the same person who’s denied at one bank can start a new onboarding process at another bank. If the second bank happens to have an extraordinarily high workload at that time, they may be less vigilant, and the client who was denied at the first bank could be accepted at the second. If KYC data were stored centrally, banks could reduce risk, time, and costs. When banks work together, they achieve better results when it comes to fighting crime.
Risk-averse data sharing
Unfortunately, laws like the General Data Protection Regulation (GDPR) make it hard to share confidential data such as the personal information needed for KYC procedures. Banks are nervous they might violate yet another rule and incur yet another fine.
However, GDPR doesn’t completely block data sharing. By using smart technology, banks can both share and protect their data. The BusinessForensics KYC solution lets banks search a database of clients that have been screened before. Personal information is shown only when a person has been flagged as high risk. At that point, a bank can view the data and decide whether the potential client fits the bank’s risk appetite.
Our privacy-by-design application makes sure that we know exactly which data contains personal information. We created a detailed authorization model that makes sure only specified officers can view personal data.
De-complicate the offboarding process
When a client decides to leave, or when the bank decides to offboard a client for de-risking purposes, it takes a major effort to completely offboard that client. Since banks don’t use one system, but rather multiple interlinked systems, offboarding usually means that someone has to go into every application and manually erase the client’s information. What often ends up happening is that data is left in some systems—perhaps ones that aren’t frequently used.
Under GDPR, individuals have the right to be forgotten. This means that companies need to be thorough in erasing personal data. So while banks emphasize de-risking as a way to avoid fines, their current processes and systems actually increase their risk of penalties. Using a set offboarding process and checklists can help ensure that every piece of data is erased from the bank’s records.
With the BusinessForensics KYC solution, banks can make the offboarding process easier. Our solution provides an overview that specifies the exact information that has been kept in each field of our database. Furthermore, the audit trail keeps a precise record of where every piece of data has been sourced. This makes it easy for banks to erase client data in the offboarding process.
The role of gatekeeper might be a hard one for banks to play, but if you invest in the right processes, partnerships, and technology, it’s certainly not impossible. BusinessForensics’ solution can help make your KYC compliance easier and less expensive by automating your processes. Send us an email at firstname.lastname@example.org or give us a call at + 31 168 479 038.