For years now, regulatory compliance has been a headache for financial institutions. It is important that financial services have safeguards in place to minimise the risk of customers engaging in illegal activities such as money laundering. At the same time, it is no secret that setting the right process and collecting the necessary information is costly. Onboarding times tend to be lengthy and many businesses are still finding it hard to get access to financial products due to the extensive information requirements.
Compliance costs for financial institutions can be exceedingly high. A number of major financial institutions have reported that they spend up to $500 million annually on KYC and customer onboarding is currently estimated to take about 18 minutes per customer. Corporate customer onboarding on the other hand is even lengthier. The main reason behind these costs and time delays is that the information necessary to complete the onboarding, comes in an unstructured format and in some cases is not even digitalised.
Open Banking can help reduce compliance costs by streamlining the onboarding process through leveraging the power of connectivity and offering a more data driven approach to managing risk. The use cases that Open Banking can support include retrieving information about the basic details of the user (name, surname, date of birth and in some cases country of residence), validating their source of wealth, providing transactional data to support fraud analysis and bringing together a range of information sources that wouldn’t have been available to financial institutions before Open Banking.
It is important to note that no amount of information or technical support from Open Banking would substitute the entire functionality of a compliance team. Many onboarding and AML decisions will continue to rely on subjective judgements and the risk appetite of financial institutions. Regulatory obligations will still rest on the institution itself and companies in this market should judge if they have met their specific regulatory obligations to the highest degree. Open Banking should be seen as a tool to make more informed decisions and better understand the risk profile of the customer base.
How Open Banking supports KYC (Know Your Customer)
KYC is a due diligence process that all financial institutions are expected to undertake at least at the initial stages of their relationship with their clients. In essence, these are a form of background checks on customers, ensuring that they are who they say they are and that they aren’t insolvent or likely to engage in illegal activities.
Depending on the type of financial product that is being sold to the customer and the industry/country in which the customer is operating, there are three levels of KYC requirements. Ultimately, all of them aim to achieve the same objective - while the main difference is the level of information required from the customer in order to satisfy the appropriate due diligence:
- Simplified due diligence: this is applied to low risk customers. In its purest form, this can mean collecting the name, surname and date of birth of the potential customer. Within the EU, each member state has given its own interpretation of how this should look like and financial institutions should apply the guidelines given by local regulators.
- Ordinary due diligence: this is typically applied to low to medium risk customers. An example of low to medium risk may be customers that offer financial products, such as insurance. Ordinary due diligence is a more extensive fact finding exercise that can include amongst others the location of the business/customer, source of funds and national insurance number (where applicable).
- Enhanced due diligence: this is the highest level of scrutiny that is applied to potential customers. It typically applies to Politically Exposed Persons and businesses that operate in high risk countries or high risk industries. Such examples include money remittance and countries such as the Cayman islands.
At present, there is no standardised set of information that is either required by regulators or aggregated in a centralised database for any of the above scenarios. The implementation of a digital identity framework is necessary in order to streamline these processes across the board. This can only be delivered successfully through a collaboration of regulation and industry.
Regulators should aim to define a set of information necessary for each level of due diligence. Industry can then aim to develop a database that securely contains the necessary financial attributes for each consumer or business. Although the risk appetite for each financial institution will continue to be set by the institution itself, they can also decide whether they require additional information (on top of what is provided by digital ID), in order to meet their KYC requirements.
How Open Banking supports AML
Currently individual firms have a limited visibility of the overall activities of their clients (future and existing) - it is limited to the information firms can collect from the client himself/herself, publicly available sources. In turn, it means that AML obligations such as customer risk (re)assessment and transaction monitoring are carried out relying on these potentially unreliable sources.
Financial institutions have a limited view of the client's behaviour when the business relationship is initially established. The situation becomes even more complex when the client goes live and the financial institution has limited visibility of their day to day activities. The risk begins to increase exponentially. Using Open Banking firms could have access to a trusted source of transaction data, directly from any other financial institution storing data about a particular client.
Instead of seeing a fraction of the client's transaction history, firms would be able to have a comprehensive view of whom clients transact with, where their counterparties are actually based and what the transactional pattern looks like. The more comprehensive information a firm has access to, the more information that the internal transaction monitoring and fraud detection systems can analyse. This would make them more accurate in predicting fraudulent behaviour. Bad actors are becoming more sophisticated and knowledgeable so the scenarios that firms have been applying for years (which usually stem from the regulations, guidelines and best practices which are publicly available to all, including perpetrators themselves) may not necessarily best serve the original purpose. Because of the generic nature of the rules and data sets often applied by internal monitoring systems/algorithms across the industry, financial institutions receive unreasonable amounts of false positive alerts that serve no real purpose.
Therefore, firms are encouraged to apply automated, more client-specific transaction monitoring solutions, utilising additional tools such as machine learning. Using Open Banking, firms could collate a more comprehensive view of their client’s transaction history and not only be able to assess client’s risk more accurately, but create more sophisticated transaction monitoring frameworks to increase the quality of suspicious activity reports, which can then be submitted to the financial intelligence units.
In summary, Open Banking enables firms to access more data, which is the first step in unlocking a more consolidated view of client behaviour, which is vital in the fight against financial crime. In addition, better risk profiling can give firms more confidence to unlock new segments of clients, who would otherwise be limited or even denied access to certain financial services because of the previously perceived risk. Open Banking is undeniably one of the best ways for KYC/AML to innovate and become more efficient across the board.