As banks’ efforts to reduce the cost and risk of meeting KYC regulations are falling short, it’s time to combine the best of existing approaches
For banks, finding a more efficient way to comply with anti-money-laundering (AML) and know-your-customer (KYC) regulations is a high priority, and with good reason: financial institutions are spending billions to keep up with stricter and ever-increasing amounts of regulation, fines and sanctions are on the rise, and clients are increasingly dissatisfied with KYC processes.
For corporate clients, prompts from multiple banks to update their data in similar, but not uniform, ways, make KYC/AML compliance an aggravating chore. The market lacks client-centric KYC solutions that would allow corporates to centrally control their data and provide access internationally to selected banks and their subsidiaries.
Regulators too are searching for solutions that will ensure banks comply with rules designed to stop organized criminals and terrorist groups funneling money through legitimate financial institutions. Most banks are playing catch-up to meet existing standards, while simultaneously preparing for new regulations. In Europe, banks are spending €19bn a year on AML/KYC due diligence operations and technology, our research shows.
Our solution for a new approach is a "best of breed" model that brings together the most successful elements of the expertise built up so far. Creating a trusted, multi-jurisdictional data network would satisfy both banks’ corporate clients and regulators.
While AML/KYC sanctions cost banks globally €6.9bn in the past (i.e. 2019), banks are spending many times more to remain compliant today. We estimate banks in Europe incur operating costs of €12bn a year on processes to ensure KYC compliance through periodic and event driven reviews. In addition to this, the technology spend of banks in Europe is around €7bn a year.
AML/KYC operating costs range between €200m and €400m a year at each of the larger international banks, while smaller banks and specialized financial institutions are spending tens of millions of euros each. Up to 80% of these operating costs are to carry out scheduled and event-driven reviews, with the remaining 20% coming from the cost of onboarding new clients and adding their data.
Cost and time really start to build up when it comes to meeting compliance obligations for multinational companies or corporates with complex ownership structures. According to data provider LexisNexis, banks spend as much as 47 hours carrying out the required tasks for each multinational or foreign corporate client. International corporate clients accounted for around 50% or more of KYC and AML operational costs in Europe’s five biggest corporate banking markets:
Banks have worked hard to improve their KYC processes and to remain compliant with new regulations. However, not one approach has yet yielded results that fully satisfy all major stakeholders – the banks themselves, their corporate clients and regulators. Costs for banks and effort for their clients are still high, cooperation between stakeholders low, and regulatory acceptance of new approaches has been mixed at best.
Most big banks have invested or are currently investing in their KYC operating model, including bringing in a centralized policy and guidelines, and harmonizing ways of working across regional hubs. This means having a global KYC policy with local operations (mostly) under their own control. This enables fast and efficient reactions to keep up with regulation and improvements in KYC processing capabilities and capacity to become even more efficient. We expect banks to continue to revise and invest in their global policies, as a way to harmonize and gain better control of their existing KYC processes, and also as a foundation for future KYC operating models involving third-party providers.
Banks have contracted external service providers to carry out specific KYC tasks and operations on their behalf, in a one-to-one service relationship. This has included taking over the full KYC process, providing excess capacity when workload on case reviews is high, or special cases that need to be remediated. We expect managed services to continue to be an important element of the KYC market, allowing banks to benefit from providers’ state-of-the-art technology, however managed services may also be used in platform or shared models instead of the current one-to-one service relationships with banks.
While managed service providers have a one-to-one service relationship with a bank, utilities serve a group of banks, making it an attractive proposition for pooling resources, sharing operations and data, and – most importantly – removing duplicated work at scale. Key enablers for utilities are a standard data model, together with harmonized infrastructure and operational processes, to serve banks’ overlapping corporate clients. Due to the high level of shared relationships between banks and corporate clients at a regional level, we believe regional utilities for KYC make sense. However, since we published our first report in 2019, utility models have continued to face headwinds We expect utilities to continue play an important role, especially for medium-to-large sized banks as well as in distinct regions.
Data sharing network
A KYC data sharing network enables the exchange of data between its participants, which may include banks, corporate clients, regulators, data providers, and multiple data utilities. Data sharing networks follow the idea of an ecosystem and can evolve from a utility concept. For example, if the model makes use of key capabilities of different participants engaged in the KYC ecosystem and as such connects utilities from different jurisdictions. Data sharing networks can then integrate different types and qualities of data from multiple service providers, such as public and commercial data.
Our research found that a multi-jurisdictional KYC network that connects banks, their corporate clients, and data, other service providers and potentially regulators is needed to solve the KYC challenge. Such a network would combine the trust and client relationship focus of current bank-internal KYC operating models, the efficiency and scalability of managed services, the focus on regional regulatory norms and a common standard that a KYC utility provides, and the multi-provider approach and flexibility of conventional data sharing networks.
The key success factors illustrated in our report will lead to a standard cross-organizational approach around the multi-jurisdictional network. Ultimately, the success of this model requires banks and corporates to use the network. It should be possible to connect ecosystem participants easily to allow for the network to provide flexible and comprehensive services tailored to banks and corporate clients’ needs.
Banks and other stakeholders have jointly explored many options and learned a lot over the last few years, but the KYC challenge has only grown larger and stakeholders are losing patience. We believe that making a radical change to adopt the multi-jurisdictional model will finally bring together the strands and create a network that realizes the full potential of the technology and services available.