Keep Your KYC Basic, Not Complex
Marty Byrde of “Ozark” money-laundering fame would be licking his lips. Board directors, fund management executives, and compliance teams should be nervous. The perfect storm of financial euphoria and new technologies is upon us. Behind the giddy headlines, there is a dirty truth; fraud and money laundering thrive in the following current conditions:
- Financial markets hitting daily record highs.
- Retail investors are making lots of money.
- There has been a significant increase in new technologies and new financial products eg. SPACs, cryptocurrencies, NFTs, fractional shares, blockchain, etc.
- Trading platforms are welcoming millions of new clients every week in a FOMO (fear-of-missing-out) frenzy.
- Levels of margin(debt) being employed by investors are at record highs.
- A massive increase in payment platforms. Mobile/contactless payments, e-wallets, neo-banks, investment apps, etc. add an extra layer to the global financial plumbing system.
Investor curiosity is driven by the risk of missing out but also a pandemic-fuelled YOLO justification - that’s “you-only-live-once” to the pre-Twitter cohort allowed an AZ or J&J vaccination jab(!). Financial institutions will naturally be curious too. What’s not to like about shiny new products and technologies to bring to market? Yet the stampede to offer the latest ETFs, crypto funds, NFTs, and SPACs raises a more fundamental question for financial businesses.
Who exactly are you dealing with?
Recent financial implosions would suggest the relative sophistication of the product was not the culprit. Instead, it was a failure to fully understand the status of the client counterparty (KYC) or the ultimate beneficial owner (UBO) exerting control over the assets/trading instruments. The cost of failure in the following two debacles currently stands at $12 billion and rising…
- The collapse of Archegos Capital was not caused by the total-return-swaps (TRS) instruments used by this relatively unknown family office. The lending banks simply did not know Archegos owned (with borrowed money) so many shares in a small number of companies.
- The collapse of Greensill Capital was not caused by the innovative supply-chain finance derivative products/funds sold by Greensill and purchased by intermediaries like Credit Suisse and GAM. The investor funds simply did not know that there was an out-sized beneficiary of this funding that was experiencing liquidity issues.
Regulators Have Focused Efforts On The Basics
The EU implemented its 6th Anti-Money Laundering Directive (6AMLD) in June 2020 which further expanded KYC and UBO obligations on businesses dealing in financial assets. In particular, the scope of liability for individuals and legal entities (advisors, partnerships, etc) has been extended. The penalties are also increasing – see the recent whopping €480m fine for ABN-AMRO and the £37m penalties for Commerzbank.
The regulatory bar will continue to be raised and demonstration of compliance will be critical. Legacy on-boarding systems dependent on manual processes and team spreadsheets are not evidence of increased effort to mitigate risk. The digital reality is that the deployment of smart technology solutions with clear evidence of workflows will be critical to future regulatory audits. Verification of ownership is a key process in understanding counterparty risk and requires real-time/current declarations by authorised signatories.
Manual processes are prone to error and frustrating time delays as workflows are usually fragmented. Companies and liable individuals need to consider upgrading UBO identification processes to demonstrate risk mitigation and send a positive compliance signal. As an illustration of single work-flow efficiency, UBO Service's portal solution is a robust one-platform process with a transparent audit trail which is captured in the following graphic:
Is Your KYC Process Up To Date?
The question for any board director in a financial services operation today is how does your current process graphic look? Then think about the regulatory drumbeat growing louder and louder each quarter. In recent months quarterly board papers will no doubt have highlighted the following domestic and international developments:
- The EBA has launched a public consultation on revised money laundering and terrorist financing risk factors, as part of a broader communication on AML/ CFT issues.
- The 6AMLD Extension of Criminal Liability to legal persons: While previously only individuals could be convicted for committing financial crimes, this has now been extended to include legal persons (eg. companies or partnerships) and comes with strict sanctions.
- Ireland enacted the 5AMLD in April 2021 which puts pressure on “designated persons”.
- The Criminal Justice Act 2021 creates new types of 'designated persons' for virtual asset service providers, letting agents, tax advisers, and high-value art dealers. A designated person must not engage in a business relationship until the beneficial ownership information is obtained. For example, cryptocurrency firms now have to satisfy the regulator that they have sound AML and CFT policies.
- The UK government has enacted the Global Anti-Corruption Sanctions Regulations 2021, giving the country powers to sanction individuals and entities involved in serious corruption around the world.
- The Anti-Money Laundering Act (AMLA) of 2020 seeks to address issues relating to the use of anonymous companies by improving corporate transparency - The Corporate Transparency Act (CTA). In addition, the intergovernmental Financial Action Task Force (FATF) has changed some guidelines, whereas the UK is now pursuing the Sanctions and Money Laundering Act of 2018.
Money & Liabilities, As Always, Focuses Minds
The quantum of penalties imposed by regulators through 2020 was eye-catching. Global financial institutions were fined a total of $5.4 billion for non-compliance with AML, KYC, data privacy, and MiFID (Markets in Financial Instruments Directive) regulations.
For the fund management industry, there is a double-whammy of risk. In addition to the firm’s KYC and UBO obligations regarding the client company which controls/owns the fund or product, it must also check the identity and control of the monies invested in the product. Be prepared over the coming months for board directors in the fund management eco-system to be asking plenty of questions about risk exposure to new banking channels, technologies, cryptocurrencies, and commercial advisory relationships covered by the new regulatory legislation. Risk discussions might be initially triggered by increased industry complexity but mitigation actions will ultimately address a less complex challenge.
Knowing who controls your customer remains a fundamental risk consideration. Not just for the company, but potentially a director too. Lack of supervision or control by a “directing mind” in a financial organization that experiences money laundering activities now qualifies (under 6AMLD) business leaders to experience penalties themselves.
It's Basic, Not Complex
And…there is one final consideration for financial management teams. The industry is already under cost and revenue pressures so new markets and products are critical for survival. It is reasonable to expect blockchain technology and digital currencies to be a part of our financial future. Now spare a thought for Nat West who has taken the decision to turn away corporate customers who accept cryptocurrencies in their own business operations. This decision, on the face of it, looks like a complexity risk decision. But perhaps it is far more basic than that. Nat West was the subject of criminal proceedings for AML failures launched by the UK’s Financial Conduct Authority (FCA).
Financial firms can’t afford to miss out on new markets and revenues. So, for business leaders, there is one fundamental step to know right now. Without KYC and UBO processes fit for digital purposes, there are NO new products on the horizon. It’s basic, not complex.