THOMSON REUTERS ACCELUS. Know Your Customer (KYC), Kontrol Your Costs (KYC) and Keep Your Customers (KYC) happy

Transcription

1 THOMSON REUTERS ACCELUS Know Your Customer (KYC), Kontrol Your Costs (KYC) and Keep Your Customers (KYC) happy

2 Know Your Customer (KYC), Kontrol Your Costs (KYC) and Keep Your Customers (KYC) happy Background Consultancy companies are commonly engaged to redesign processes, improve effectiveness and seek out efficiencies. Thus when KPMG, the world s premiere Anti-Money Laundering (AML) consultancy practice stated that the present system of conducting remediation is not working, there is a need to pay attention and embrace change. The costs are rising in all areas, including the time spent by Boards of Financial Institutions wrestling with the increasing demands of regulation, nationally and internationally. At the core of the issue is customer due diligence (CDD) and Know Your Customer (KYC). In 1999, a Financial Institution in London was one of the first to undertake a large customer remediation project. Since then some Financial Institutions have carried out three remediations within the same business unit of the same, albeit bigger, customer portfolio. Albert Einstein said that insanity is doing the same thing over and over again, but expecting different results. So how can Financial Institutions change the outcome and secure better and different results? The repeat remediation model is no longer sustainable. Within their 2014 Global Anti-Money Laundering Survey, the KPMG partners insight posed the question, Why is there a continued need to fund large scale KYC remediation exercises? And the partners determined, We believe that senior management will continue to underestimate AML expenditure unless lessons are learnt from past mistakes. There is currently a significant global, legal and regulatory drive to enhance the KYC requirements for beneficial owners. This is an agenda that is being championed by the Financial Action Task Force (FATF). In the coming months there will be new laws and requirements in the US, EU and Australia. The FATF s next round of mutual evaluations will not only focus on technical compliance, against which there are varying degrees of compliance by FATF member countries, but deploy a new effective in practice assessment. At a recent banking conference in Florida Sarah Runge, a Treasury Department official who heads the U.S. delegation to FATF, made the following comment about the effective in practice assessment, stating Everyone is scared to death, I want to be very clear about this. The U.S. is scared, all the G8 countries are scared, in terms of this effectiveness measure. We set the bar very high for all of us. At the same time, driven by the efforts of the OECD and G20 s focus on tax, a growing number of countries are cooperating in the area of tax collection, leading to the signing of increased numbers of inter-governmental agreements (IGAs). The result is an increased regulatory and government focus on knowing who is behind legal persons.

3 The business of KYC now impacts upon many areas of regulation and is directly referenced within FATCA, the Market in Financial Instruments Directive (MiFID), European Market Infrastructure Regulation (EMIR) and Wall Street Reform and Consumer Protection Act (Dodd Frank Act). All of which has added to the KYC and CDD burden. This leads to more duplication of effort across the industry as Financial Institutions try to obtain from their end-clients the required documentation to ensure they meet each of their regulatory obligations. Ultimately this has an impact upon the overall efficiency and effectiveness of the collective AML efforts. Gone are the days of fines in the millions. Financial Institutions have paid enormous financial penalties for Anti-Money Laundering (AML) failures, which are now measured in billions. The multiple enforcement actions and increased regulatory expectations have resulted in a KYC maintenance schedule of 1, 2, 3; within which Financial Institutions review and refresh high risk customers every year, medium (standard) risk customers every two years and low risk customers every three years. It is not complex arithmetic to work out that in year six Financial Institutions will be required to review and refresh their entire customer portfolio. Thus, the time for change is now, as six years from now will be too late. KYC is NOT a Competitive Advantage In researching this area, a number of conversations have been held and are continuing with senior bankers. Feedback has been consistent and enlightening. They discussed the challenges of AML and established that not only did they have a lot of challenges and problems in common, but a lot of their customers were also the same. They determined AML, CDD and KYC were not competitive businesses, of course they determined they were essential, perhaps more so now, than was previously perceived to be the case. Now more than ever, these requirements are vital for the integrity of the Financial Institutions brand and recovering public confidence in the same. Repeat failures and fines for AML and KYC breaches are damaging the entire financial industry. Simultaneously, the failures are becoming a burden and distraction from a Financial Institution s core business. The front office is spending more and more time engaged in collecting documentation instead of spending that time interacting with customers and driving revenue and profits. Consequently these senior bankers are looking for a change, for innovation and a shift in the paradigm of KYC. They are looking for opportunities to incorporate enhancements which improve AML and KYC at the same time as refocusing relationship managers and front office staff. Duplication Thomson Reuters research has proven that a large number of end-clients do business with multiple Financial Institutions. These end-clients get varying requests for identity data and documentation from their financial advisers. This duplication of effort to collect similar information across the industry is wasting limited AML resources in many areas, but particularly in the area of KYC. Unsurprisingly, this frustrates end-clients and research has established that there is a requirement for a standard CDD process and even a central repository to maintain the legal entity s identity documentation which can be shared with Financial Institutions.

4 A move to a centralized, supported CDD and KYC managed service will facilitate the sharing of both data and good working practice. Working together, Financial Institutions will be able to operate within a structure and framework which meets with regulatory requirements and simultaneously reduces overall costs. Remediation and Continuous Monitoring The frustrations with remediation projects, are that they take too long (often several years), costs are disproportionately high and all too often, as soon as they are finished, high risk records are already out of date. As a consequence, there follows a need for yet another remediation project, causing further disruption to end-client relationships. It is akin to painting the Sydney Harbour Bridge, save for the fact that scientists recently created a new paint with a life span of 25 years. If only there was a 25 year KYC solution. Absent to a magic paint, Financial Institutions are seeking to embrace a hybrid solution which combines an element of ongoing monitoring, a scheduled periodic refresh and an event driven review. This approach will enable the industry to more proactively review their end-clients for changes in their risk profile which may generate further analysis. Working together, Financial Institutions can minimize their operational risk associated with Money Laundering (ML) and Terrorist Financing (TF). The Solution Continuous monitoring and event driven reviews of data and information are core competencies which exist with information companies. These types of solutions require considerable resourcing in terms of employees, global operations and data. Thomson Reuters, through its multiple assets as one of the world s largest business to business information companies, is able to address all of these requirements in an efficient and effective KYC managed service called Accelus Org ID. Drawing upon Reuters media services and thousands of news sources from around the world, Accelus Org ID can apply ongoing (daily), negative media monitoring to all high risk clients and related parties (directors/ partners, identified corporate shareholders and beneficial owners). Simultaneously, Accelus Org ID can identify and react to trigger events, such as a change of a customer s ownership, control or status (publicly traded to delisted, regulated to unregulated and low risk country to high risk country) which require a review of a customer s KYC information and/ or documentation. Further, the Service can address elements of other regulations which relate to KYC, e.g. the MiFID requirement that all customers are classified according to firm type. Importantly, Accelus Org ID can implement a process which ensures all customer records on the service are periodically updated, thereby eliminating the prospect of a costly remediation project, which ultimately may have minimal impact in reducing a Financial Institution s exposure to AML risks.

5 Collaboration All of this has culminated in Financial Institutions seeking to change the way they do CDD. The Financial Institutions are looking to industry leaders to work together. They are looking to compare and contrast CDD and KYC policies, procedures and processes in order to develop a common policy and standard. They are looking to engage with regulators in order to establish and resolve concerns and to focus the collective efforts in the areas of risk identified by the regulators. Significantly, customers of the Financial Institutions, the corporations, asset managers, and alternative investment funds want their concerns and challenges, in meeting the multitude of requests for CDD information addressed. Many members of this client community have come together and this is the first time they have had the opportunity to influence the other collaborators. Their input has informed regulators as well as Financial Institutions. A huge shift in industry practice can be achieved by bringing together these collaborators, and aligning AML efforts, leading to reduced duplication and the more effective and efficient deployment of the collective finite AML resources. This then allows Financial Institutions to focus more on identifying and managing ML and TF risk and less on AML risk (the risk of non-compliance). This change of approach will undoubtedly produce very different and improved results. Cooperation The common standard and common policy drafted by Accelus Org ID and the build partner Financial Institutions who are helping to shape this KYC service, addresses legal and regulatory requirements which apply equally to all of the Financial Institutions and impact their end-client in the same way. The logic of the standard approach is a simple one which unifies and simplifies the KYC requirements for the end-clients. Accelus Org ID, as the KYC managed service provider, allows a model of one for many through which an end-client is able to provide a single set of KYC data and documents which can be made available to multiple Financial Institutions with whom the end-client holds a relationship. By applying a common standard, collecting and screening the same data and documentation, a consistent outcome is achieved with each legal entity. Regulators can be assured that stakeholder Financial Institutions are receiving a consistent quality record of the end-client, enabling the bank to conduct proper review and due diligence. Coordination Central to the development of the policy was the countering of money laundering risks in a consistent and constant process. It is not solely a matter of taking the KYC processes out of the Financial Institutions, rather it is about enhancing and improving the processes. To facilitate this objective, in 2013 Thomson Reuters purchased GoldTier, a proven customer on-boarding platform which is used by a number of major global Financial Institutions.

6 Drawing together all of these capabilities, technologies and expertise, Accelus Org ID is now able to bring to the wider financial services community of Financial Institutions and end-clients, an efficient, effective, and improved CDD and KYC process. This will eradicate the remediation model, embed a timelier and consistent review of end-client records, and will ultimately reduce costs and strengthen the AML framework within stakeholder Financial Institutions. The FATF has publicly stated that within the current regime, effective in practice is central to their AML assessment process. A number of KYC experts have determined that the repeat remediation model is not only insane, it is inefficient and most certainly not effective. The FATF has also asserted that there is a need for improved engagement with the private sector, such that their door is open to Financial Institutions, Accelus Org ID and others, including the end-clients. This presents an opportunity for these groups to work together, to influence the debate and to bring about change. The Proposal Accelus Org ID has identified and implemented a common platform and policy which can be used by the two communities to facilitate the efficient and effective collection, distribution, retention, and continuous monitoring of KYC information and documentation. Through Thomson Reuters, Accelus Org ID has a presence in over 200 countries, which can be leveraged to support and facilitate the collection of customer KYC documents and records. Working within a number of strategic global centers, employing experienced analysts and researchers Accelus Org ID can call upon more than 60 languages and local expertise in 240 countries. Combining the functionality of GoldTier, in conjunction with the data operations and information managed by Thomson Reuters, Accelus Org ID is able to apply a consistent and constant form of ongoing due diligence which enables Financial Institutions to focus more resources upon higher risk customers. Accelus Org ID will obtain a legal entity s documentation directly from primary sources, in particular, official company registries and other primary public data sources. Thus, the integrity and provenance of the customer data and records is at all times assured. When necessary, end-clients will upload information and documentation into a secure portal. At all times end-clients will have ownership and control of their data and documents. As and when end-clients initiate new banking or trading relationships, they can permission additional Financial Institutions to have access to their information and documentation. Through a further secure portal the Financial Institutions connect the customer data to their own systems, all the while the sensitive information and documentation is protected. Accelus Org ID will facilitate a process of one to many, through which the customers will provide documents to the central repository from where they will be disseminated to many Financial Institutions. The scheduled periodic refresh, within the 1, 2, 3 model will be enhanced by monitoring, and event driven refresh will be managed and controlled within a robust structure and process.

7 The responsibility for compliance with applicable AML laws and regulations will, at all times, remain with the Financial Institutions. Accelus Org ID will ensure that Financial Institutions have the right to audit its processes. The aggregation of data within a central repository will enable Accelus Org ID and Financial Institutions to identify hitherto unknown risks and connections, such as nominee parties and accommodation addresses. High risk customers and related parties will be constantly screened against negative media reports within Reuters media and thousands of news sources from around the world. The Outcome Over time senior managers and board members will be better able to control ML & TF risks, the changes will engender regulatory confidence, and launderers will find it all the more difficult to set up new relationships with Financial Institutions. The FATF will likely conclude that this new CDD and KYC model is effective in practice. The nightmare scenarios of year six will not materialize; corporations, asset managers, and hedge fund clients will benefit from an enhanced experience. As the risks within CDD and KYC reduce, regulators will themselves be able to refocus their own finite AML resources upon higher risks.

8 THOMSON REUTERS ACCELUS The Thomson Reuters Governance, Risk & Compliance (GRC) business delivers a comprehensive set of solutions designed to empower audit, risk and compliance professionals, business leaders, and the Boards they serve to reliably achieve business objectives, address uncertainty, and act with integrity. Thomson Reuters Accelus connects business transactions, strategy and operations to the everchanging regulatory environment, enabling firms to manage business risk. A comprehensive platform supported by a range of applications and trusted regulatory and risk intelligence data, Accelus brings together market-leading solutions for governance, risk and compliance management, global regulatory intelligence, financial crime, anti-bribery and corruption, enhanced due diligence, training and e-learning, and board of director and disclosure services. Thomson Reuters has been named as a category leader in the Chartis RiskTech Quadrant For Operational Risk Management Systems, category leader in the Chartis RiskTech Quadrant for Enterprise Governance, Risk and Compliance Systems and has been positioned by Gartner, Inc. in its Leaders Quadrant of the Enterprise Governance, Risk and Compliance Platforms Magic Quadrant. Thomson Reuters was also named as Operational Risk Software Provider of the Year Award in the Operational Risk and Regulation Awards For more information, visit accelus.thomsonreuters.com 2014 Thomson Reuters GRC00957/3-14