The amount of money laundered by foreign criminals is estimated to be as high as £100 billion a year and unlawful tax avoidance costs UK taxpayers as much as £2.7 billion ($3.5 billion) in lost revenue, according to Transparency International.
For financial institutions and payment companies, knowing who your customers are (KYC) is growing in importance. Furthermore, the study estimates that the single biggest cost burden on financial organisations is complying with new Anti-Money Laundering (AML) requirements – writes Joe Bloemendaal, VP of Sales EMEA at Mitek.
I believe the issues around KYC are only going to be exacerbated in 2017. New regulation will expand the scope and the scale of penalties, with punitive costs likely to increase. Conversely, institutions will continue to ignore the benefits of digital KYC and instead wrestle with manual customer due diligence processes that are both inefficient, expensive and error prone.
AML Regulation Today and Tomorrow
The 4th EU Anti-Money Laundering Directive – known as AMLD4 – was ratified by EU Member states in early 2013 to better align EU-wide AML and Counter Financing of Terrorism (CFT) law with international standards set out by the Financial Action Task Force (“FATF”). The directive came into force in June 2015. It was designed to remove any ambiguities in the previous legislation and improve consistency of AML and CTF rules across all EU Member States.
AMLD4 is set to be superseded by AMLD 4.1 in June this year. What will change?
Simply put, it increases the frequency with which financial institutions will need to conduct Customer Due Diligence (CDD) checks. It also increases the scope of the regulation with prepaid cards, virtual currencies and payments to high-risk countries now subject to the new regulation. And finally, failure to comply with CDD rules brings the risk of substantial fines.
The Digital Imperative
At last check, Thomson Reuters claims the average institution spends in the region of $60 Million (about £47 million) per year ensuring it adheres to Know Your Customer and Customer Due Diligence (CDD) checks. Some institutions are estimated to spend more than $500 million annually on KYC and CDD compliance.
The cost of CDD is so exorbitant because institutions are placing too much reliance on inefficient and error prone manual processes both in branch and online:
- In branch – There are significant costs associated with document checking and archival. Processes involve hidden costs such as the time spent by staff performing checks, the need for staff to receive specialist training, and the need to employ compliance specialists
- Online – For applications performed online, customer-entered details are checked against other third party sources. These checks have a high failure rate, as high as 30%, due to data quality issues and thin data files if a customer has recently emigrated
Aside from the high costs, exiting approaches are opening institutions up to risk due to the high failure rates. And as we’ve discovered with AML4.1 getting it wrong is both costly and damaging. These new rules will result in much higher fines when serious failures on compliance occur.
Digital approaches would dramatically reduce operating costs as well as improve accuracy. After all, people cut corners and can be manipulated in ways that technology cannot.
Despite the costs and risks there maybe something bigger at stake here: digital transformation. Institutions across the globe are looking to increase return on equity and provide a better experience to a growing base of digital savvy, mobile first and loyalty adverse customers.
If banks are to become truly digital, the last thing they should be doing is start a customer relationship with a manual, analogue experience.
Do eID Schemes Offer a Solution?
Electronic Identification (eID) schemes are now seen as key enablers to better secure cross-border electronic transactions. AMLD4.1 offers eIDAS, the EU’s regulatory standard on eID, as a route to efficient digital onboarding, and eIDAS has already been adopted into law and the central interoperability infrastructure put into place.
However, individual countries are not required to be ready to accept other country eIDs until 2018. More importantly, there is no firm timetable for when countries need to get their scheme in place. The lack of a mandate raises questions over both coverage and viability. It is also not clear how or when eIDAS will open to allow the private sector e.g. institutions to access compliant digital identities.
Realistically it will be five to ten years before eIDAS is widely available to the private sector.
For digital onboarding, there is a gap between what AMLD4.1 requires and what eIDAS provides both in terms of timing and suitability for digital channels, especially mobile.
This gap can be and is being addressed using mobile technology that is already in most consumers’ hands. Smartphone cameras are now so high-spec that they can be used to scan documents and take photographs of the user. Advanced image processing can be used to verify the authenticity of the document. ‘Selfie’ photographs can even be combined with verified passport data to confirm that the individual using the mobile device corresponds to the identity document presented.
This approach has any number of benefits beyond what being readily available. It allows KYC and CDD to be tightly integrated into existing digital channels, rather than wrench consumers out of them. It removes the costs and errors associated with manual processes. And by using advanced machine learning techniques accuracy can be greatly improved and the risk of fraud, and therefore fines, dramatically reduced.
Several fintech upstarts including TransferWise and Revolut are already widely adopting this strategy and there is a danger that traditional institutions can be outmanoeuvred by more agile and forward-thinking organisations.
Unfortunately, my prediction is that most institutions will fail to embrace digital KYC for yet another year.
Many institutions lack the imperative to act given complex organisational structures and legacy systems, coupled with the new regulatory obligations ranging from the 2nd Payment Services Directive to ring-fencing for capital requirements. Thus, they will hold off making additional investment and will continue to lose ground on fast-moving competitors.
In 2017, a clear majority of KYC and CDD processes will remain manual, expensive, error prone and certain to increase the risk of fraud and corresponding fines. More acutely, customer on-boarding will be incongruent with digital transformation, severely impacting the adoption of new digital services critical to institutions’ competitiveness and ultimately their success.
With stricter legislation waiting around the corner, inertia equals more risk which is why I’m predicting AML related fines breaking the four-billion-pound mark. I hope for both the industry’s sake and that of consumers that I’m wrong.