Large banks around the world each spend as much as US$88 million a year collecting and storing data from corporate clients — information they are obliged to gather in order to comply with anti-money laundering (AML) regulations. Yet this activity brings no competitive advantage.
Most corporate banking clients are small and medium-sized enterprises (SMEs) working with between one and five banks. In Germany, for example, SMEs account for almost all corporate banking relationships. These companies must regularly share the same information, which is often publicly available, with each bank they work with, but in various formats. The largest companies account for a very small proportion of the overall market, but typically work with between 30 and 50 banks and have to provide the same regulatory data to all of them.
AML and “know your customer” (KYC) regulation is expanding, and compliance with these laws is being more closely monitored by companies around the world. Meeting these regulatory obligations adds cost at a time when banks are continuing to struggle to improve profits in an environment of low interest rates. Banks that share compliance data would reduce their financial burden in the same way they already do when they use specialized shared services such as Visa’s payments service and credit ratings from agencies such as Moody’s. There is no benefit to multiple banks doing the same thing in slightly different ways.
We believe banks could greatly reduce the cost — and time — involved in collecting, storing, and reviewing regulatory client data by creating a shared data utility. Using our assessment of the German corporate banking market, we estimate that:
Anti-money laundering and ‘know your customer’ regulation is expanding, and compliance with these laws is being more closely monitored by companies around the world.
Banking regulators are generally supportive of the use of data utilities for this purpose, and these entities are already up and running in the U.S. and South Africa. Banks in some other countries, including Singapore and Germany, are developing their own models.
We believe there is an opportunity for banks to reduce their compliance costs even further in the longer term by connecting regional and national data utilities. These utilities would then act as clearinghouses for data, i.e., clearing and conducting the exchange of required regulatory data among banks in different jurisdictions.
Abu Dhabi: In 2018, the emirate’s Financial Services Regulatory Authority ran a proof-of-concept project for a KYC data utility.
France: Société Générale in 2017 initiated a project — known as Clipeum — that will allow companies to upload KYC documents. It so far reportedly involves Allianz, Commerzbank, Banque Postale, Bpifrance, Crédit Agricole, Euler Hermes, Natixis, UniCredit, and investment manager Tikehau Capital, and is set to go live in 2020.
Germany: A group of Germany’s biggest banks, working with Strategy&, PwC’s strategy consulting business, has developed a concept for a data utility. The concept has attracted the attention of banks and regulators in other countries including France, Switzerland, and Austria.
Guernsey (Channel Islands): PwC worked with authorities to set up a data utility for identifying and verifying corporate client data during the on-boarding process. The utility also carries out continual screening to meet KYC requirements for Guernsey’s financial institutions.
Hong Kong: A KYC data utility for Hong Kong is being developed by a private company after having been initiated by the Hong Kong Association of Banks in 2017.
Nordic countries: Six banks in the Nordic region announced in May 2019 that they are setting up a joint venture called Nordic KYC Utility to conduct customer KYC checks. They are: Danske Bank, Swedbank, Handelsbanken, Nordea, SEB, and DNB.
Saudi Arabia: The Saudi Arabian Monetary Authority has initiated the idea of a KYC utility, which differs from the approaches in other regions because it includes retail as well as corporate clients.
Singapore: A centralized, regulator-driven approach toward creating a KYC data utility was initiated by the Monetary Authority of Singapore in 2017.
South Africa: A utility that supplies KYC data on corporate clients to banks is already operating, set up by Refinitiv, formerly part of Thomson Reuters, and a group of local banks.
United States: A group of banks and investment firms created a utility called Clarient to manage the data of entities involved in brokerage transactions. It was acquired in 2017 by Thomson Reuters.
The need to save costs when it comes to collecting and maintaining data makes the creation of data utilities a compelling priority. Indeed, we already see evidence that some regulators have been called upon by banks to support data utility initiatives.
The banks involved will need to respect the highest principles of handling sensitive data, because trust is essential among corporate clients if the utility is to work well. In particular, banks should refrain from attempting to monetize required regulatory data.
Ultimately, each jurisdiction will come up with its own approach to how data utilities are established, taking into consideration effective governance, secure data standards, and other issues. But we see national utilities and their data standards as the start of a bigger move toward regionalization of data utilities and standards and, eventually, perhaps a global solution — although this will depend heavily on the extent to which regulators can make progress on making cross-border harmonization of rules and data standards a reality. One result would be a more holistic view of data, allowing regulators greater visibility in the fight against money laundering and other financial crimes. And that clearly will benefit everyone.