Know Your Customer (KYC) due diligence has become an integral part of the financial system. All customers of financial institutions, whether they are private individuals or legal entities, such as corporates, are subject to comprehensive KYC processes. These are aimed at ensuring that banks understand each customer’s business profile, their financial activity, and the potential risk exposure they represent with regard to money laundering (AML) or financing of terrorism (CFT). However, as each multinational corporate is painfully aware, such KYC processes differ from bank to bank and, even more so, from country to country. This lack of harmonisation puts a significant financial and operational burden on all market participants that are active across the European Union.
The problem is caused by diverging regulatory requirements for KYC processes across Europe. Despite ongoing guidance and regulatory efforts at a national and pan-European level, corporate customers and financial institutions serving them across Europe are still faced with a multitude of country-specific KYC requirements, which hinder both partners from introducing uniform and efficient, let alone digital, KYC processes throughout Europe. The existing fragmentation prevents corporate customers from providing one consistent set of KYC data and supporting documents to their European banking partners, and multinational banking groups from managing AML and CFT risks through aligned and efficient digital EU/EEA-wide KYC processes. This fragmentation comes with high costs and many lost opportunities, both for the bank, which cannot efficiently automate or standardise its controls, and for the corporate, which is faced with additional and time-consuming KYC requirements, when it wants to expand its business activities across the EU or diversify its banking relationships internationally.
Best practices and specific regulations also dictate that banks must reconfirm all customer data on an ongoing basis. This imposes a significant burden of cost and effort on each institution, which can only be recovered through profitable (corporate) customer accounts – potentially increasing direct or indirect account management charges. To address this problem without reducing the resilience and quality of AML controls, financial institutions must be able to automate certain elements of the KYC due diligence process and limit the assignment of human experts to higher- or high-risk due diligence situations, which require deeper scrutiny and manual risk assessment. This can only be achieved if automated KYC data verification and monitoring processes can be applied consistently, both to domestic and pan-European customer relationships.
In early 2021, the Euro Banking Association (EBA) invited its member institutions to assist in the creation of a KYC Expert Group (KYCEG). The core objective of this group of KYC experts was to identify pan-European misalignments in respect to KYC data requirements and any obstacles that hinder or restrict the introduction of cost-efficient automated KYC data collection and monitoring processes. The key questions that the group was trying to answer were how to standardise KYC data collection and how to improve or change the current approach to ensure that these data could be verified continuously and efficiently going forward.
To find answers to these questions, the KYCEG conducted a detailed analysis of pan-European KYC data requirements and the relative importance of each data point used in the KYC risk assessment process. Upon completion, the KYCEG recommended the publication of a Common Baseline Classification Standard (CBCS) by the EBA in January 2022. According to the experts, the CBCS includes all data points that are relevant to identify and effectively managing AML low-risk corporate relationships anywhere in Europe. If adopted as a standard, the CBCS would enable low-risk corporate customers to create a single KYC information file, which would be suitable input for all its European banking partners and thus significantly improve the efficiency of the KYC process for corporates as customers.
During the second phase of the analytical process, the KYCEG identified areas in the KYC data verification and monitoring process in which more alignment and harmonisation at a pan-European level could lead to significant process improvements and cost savings for all parties involved.
At present, significant operational deficiencies are caused by the lack of a harmonised European approach to identifying the ultimate beneficial owner (UBO) of a corporate customer, and the current severe limitations faced by financial institutions or data service providers when they require access to commercial business registers and/or UBO transparency registers to verify corporate customer data. Today, KYC analysts who need to verify client data against official commercial registers are faced with language barriers when accessing some foreign registers that still do not offer an English language service. Registration requirements differ between countries, regional access restrictions may apply, and paywalls restrict access to legally required data. Despite all attempts to harmonise the setup, access to and content of official registers across Europe, financial institutions are not able at this stage to access some registers located in another EU member state. If language, content, and access to official registers are not harmonised across the European market, the data verification process will remain a highly manual process, and hence costly and inefficient.
Furthermore, there is also no consistent EU-wide approach to encourage official registers to provide open-data files or any other type of machine-readable data to institutions that have to consistently monitor corporate customer data for changes, even between periodic KYC review dates. These misalignments and limitations not only invite systemic risks but also increase the cost of regulatory compliance and hinder the evolution from static-date-driven (periodic) KYC towards far superior risk-based trigger-event-driven (perpetual) KYC processes.
The analysis of the KYCEG and its findings and recommendations have been summarised in the recent EBA publication ‘Data Verification for corporate-to-bank KYC in low-risk situations’. Some of the recommendations, for example, the acceptable age of a document used during the KYC due diligence process, will require regulatory adjustments by some EU countries to align with the rest of the EU. Others require goodwill by official registers to align data structures and access mechanisms across Europe. For example, the KYCEG recommends the introduction of a harmonised EU-wide access mechanism that would enable financial institutions to access any official register, ideally through an interconnected portal, without any additional registration requirements at a national level.
This editorial was initially published in the Financial Crime and Fraud Report 2023 which dives into the captivating world of fraud management, digital onboarding, and financial crime in the financial services industry. You can download your free copy here.
Thomas Egner is Secretary General of the Euro Banking Association, where he supports over 160 member institutions in pursuing a pan-European vision for payments. Prior to this, Thomas was responsible for defining and developing clearing and settlement strategies at Commerzbank. He represented this bank in the EPC and the German banking community in SWIFT and ISO committees as well as on the EBA CLEARING Board.
The Euro Banking Association (EBA) is a practitioners’ body for banks and other service providers. We foster dialogue and experience exchange amongst payments industry practitioners towards a pan-European vision for payments. The EBA has over 160 members from the European Union and across the world.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now