Most of us who have opened accounts with multiple banks would have wondered at some point of time couldnt this process be made simpler? Cant we submit our identity proofs and other requisite documents just once, and have banks and financial institutions share it among themselves? This will surely save us the hassle of submitting these documents over and over again?
The Know Your Customer (KYC) initiative mandates all banks to conduct comprehensive due diligence while onboarding new customers, and periodically checking customer details while managing ongoing relationships. Each bank has to manage its customers identities and transaction data as part of the due diligence process; customer documentation forms the backbone of anti-money laundering (AML) compliance. The task is repetitive, both for banks and customers, but there is no workaround for this – one has to submit KYC documents to each bank that one wants to have a relationship with.
Emergence of Shared KYC Registries
The banking fraternity has, for long, mulled over the idea of a shared KYC registry. This is a database that stores standard KYC data and documents of a customer onboarded at one bank for future use by another, that is, when the customer wants to transact with some other bank. This shared utility model would contain all customer information in a single repository, which can be shared among participating financial institutions, either locally or globally, depending on the registry model.
Recently, several such registries have emerged across the globe, like the SWIFT KYC Registry, Markit|Genpact KYC Services, and Clarient Entity Hub (cofounded by DTCC and six other banks). While SWIFT focuses strongly on due diligence of correspondent banking relationships, Markit|Genpact Services are based on a framework that constitutes data and documents of all legal entities to comply with KYC and AML regulations, including the Dodd-Frank Act, FATCA, MiFiD, and EMIR. Clarients shared KYC utility is mainly designed for a niche segment of investment managers, hedge funds, corporates, and broker-dealers. In India too, the government has authorized the Central Registry of Securitisation Asset Reconstruction and Security Interest (CERSAI) to host a central KYC registry in order to improve customer due diligence, pursuant to the Prevention of Money-Laundering Act, 2002.
Envisioning the Operating Model for a Shared Registry
While every shared registry will be based on a unique model, a common high-level framework for consistency and coherence must be envisaged. Such a framework should comprise:
- a central sponsor for overall control of receiving, storing, safeguarding, and retrieving online KYC records of customers of member financial institutions,
- a central registry or a repository where all KYC forms and documents will be stored, and
- participant financial institutions who wish to be members of the registry
Members would need to set up an access system with the registry, and share new or existing customer KYC forms and documents.
Customer consent would be required for sharing KYC documents with other participants of the registry, as the documents contain personally identifiable information (PII) or sensitive personal information (SPI). A unique customer registry ID will have to be generated for each customer once the documents are saved in the repository. This will be used for subsequent onboarding processes at other banks. See what the Securities and Exchange Board of India (SEBI) has been envisaging.
Shared registries hold great promise for both, the financial institutions as well as their customers. However, given that this concept is in a state of infancy, the operating model is still evolving and certain hiccups are bound to be there. For example, the maintenance of KYC and account information of entities (i.e. non-individuals) could be a daunting task, as they generally have multiple authorized signatories, who change frequently. So, the registry should be agile and flexible enough to capture the changes immediately, as new accounts opened with outdated information may hamper a banks risk management efforts.
Ushering in a New Dawn in Customer Due Diligence and Anti-Money Laundering
Shared utility is not a new concept in banking, especially in the risk and compliance space. Since the emergence of credit bureaus in various countries over two decades ago, they have become strong support systems for lending, mortgage, and cards businesses in financial institutions, providing customers credit scores and related information to financial institutions to help them evaluate and approve loan applications. Credit bureaus like Equifax (UK, USA), SCHUFA (Germany), Experian (Japan, South Africa, USA), Dun and Bradstreet, Veda (Australia), and CIBIL (India) help loan providers manage their risk in the credit lines of business and enable customers to secure credit quicker, and on better terms.
KYC poses a huge administrative responsibility for banks and financial institutions, as part of AML compliance, for entering into any new relationship, as well as maintaining existing relationships. A shared KYC registry might just be the solution to streamline this process, bringing about operational efficiency and reducing the time taken for customer due diligence.
In addition to minimizing the cost and effort involved in customer onboarding, a shared KYC utility will also help financial institutions ensure timely compliance with regulations like the US FATCA (Foreign Accounts Tax Compliance Act) and OECDs CRS (Common Reporting Standards), with all customer data available in a single repository all being part of their AML compliance procedures and efforts to combat terrorist financing.
Looking Ahead: Blockchain for KYC Shared Utility
Blockchain, the technology underlying Bitcoin, has so far been used for payments in virtual currency, with each transaction verified by its network nodes and recorded in distributed public ledgers. This technology is now being explored for securely sharing KYC data and documents in digital format across banks and financial institutions that wish to participate in the network. The strength of the blockchain technology lies in its distributed database, making it extremely secure and safe from tampering.
The concept of blockchain based shared utility for KYC is still very new, and it might take a while for both financial institutions and regulators to accept this as a standard compliance platform. There are so many open questions around the modalities what would the utility look like, how would the documents and forms be stored, how would access to such data be controlled, how would the validation process work, and so on. But with its inherent strength of foolproof encryption of stored data and documents, blockchain- is touted to be the next big thing in the KYC and AML compliance space. What do you think?