Corporate Treasury KYC & AML Issues and Approaches

Commentary

The full report (16 pages) is available to paid subscribers: Enquire here.

We all know there are two certainties in life: death and taxes. If you work in corporate treasury, it seems there is now a third certainty: KYC. Like taxes, it seems you may be able to mitigate the problem – but you can’t eliminate it. All treasurers understand it has to be done: they are anxious to make it as painless as possible.

We did this peer call because KYC seems to be less prominent than before: it no longer seems to be headline material in the specialised press or at treasury conferences. Is this because the problem has been solved, or is it because treasurers are resigned to their fate, and have stopped complaining vocally?

The answer is very much the latter. This was, in fact, a very vocal call – and well attended. Disappointingly, most of the complaints are exactly the ones we recorded two years ago when we last discussed the topic. The discussion gives the impression that most banks have decided this is something where they can hide behind regulations and force their clients to comply, whatever the problems and cost – the full report is very informative. They do not appear to feel they have a duty to make compliance as low cost and painless as possible.

Unsurprisingly, this has led to the situation where KYC is now a criterion in bank evaluations: some participants are beginning to fire banks for being unreasonable. The problems are all too familiar:

• Lack of consistency: banks ask for different information, even within the same bank.
• There seems to be a race to find new things to require. Sometimes, this is in response to a new regulatory requirement – but often it is internal, and not transparent. 
• There is no single tool or depository which has received industry wide acceptance. The tools which exist are not well utilised – some participants use SWIFT, or other depositories, and find that some banks are reluctant to go and collect documents there.
• At least one bank has developed its own upload portal – but participants often found they could not access it. The bank did not seem to be anxious to address these issues.
• Often, banks ask for information they already have, or which is available publicly.
• The requests for personal data are becoming more and more intrusive: several participants reported being required to submit information about signatories’ parents.
• In an attempt to improve the efficiency of their operations, banks have often centralised KYC processing. In some cases, this leads to nonsensical results: one bank requires signatories to provide utility bills, but then refuses to accept them if they are not in English. The same bank requires passport copies to have the personal address on the picture page – ignoring the fact that most countries do not include this information in the passport.
• The requirement to provide passport copies and utility bills is often in conflict with personal data protection laws, especially in Europe. Also, a lot of sensitive personal data ends up being transmitted and stored in unencrypted e-mail applications. While the US is generally behind the curve on personal data protection, it appears they are about to introduce new regulations which will cause significant issues.
• Scheduling is haphazard. Banks regularly produce onerous and intrusive data requests with a two week deadline. They do not appear to be able to provide a calendar for these requests, or adhere to it when one is provided. Even where there is a cadence after which documentation needs to be refreshed, this too often seems to come as a surprise.
• Banks often threaten to close accounts if the information is not provided within the deadline – no matter how unreasonable that deadline is. No participant reported a case where this threat was actually carried out – but one actually took this as an offer, to the bank’s consternation (see below). 
• In many cases, participants are able to get unreasonable deadlines and requirements amended. While good news, this causes a lot of frustration, as it shows that requirements are released to clients without being fully vetted – and not all relationship managers are able to make changes happen.
• One bank – Citi – was mentioned as having centralised KYC management to a single global location, with the result that all flexibility to maintain customer relations has been lost.
• Latin America was cited as being worse than most other regions.

So, what is the good news? There is some:

• Most treasuries are becoming quite organised. Many have a dedicated department to handle this.
• If no external repository is used, this department maintains internal repositories of what needs to be provided. They usually insist on handling all KYC requests, and firmly push back on any request for which there is no clear regulatory requirement. One participant described this as preventing the banks from bullying local staff. They also require banks to use existing data, such as the SWIFT repository.
• These teams also proactively establish a schedule with their banks, and require the banks to comply. This is relatively effective in eliminating the two week deadline issue. The SWIFT repository issues reminders when documents are about to expire.
• Increasingly, participants are making ease of handling KYC a criterion in deciding which banks to deal with. More than one reported a case where it had caused them to terminate a banking relationship.
• One participant reported that they now systematically have a Plan B – a backup bank to go to if KYC issues get out of hand. They reported that, in one case, a bank threatened to terminate the relationship in a country if they did not comply with an unreasonable request. When they instructed the bank to go ahead and close the account, there was a startled reaction from the bank’s HQ, which was not at all aware of the situation.
• Participants frequently praised their relationship managers for their efforts to resolve, or preempt problems. JP Morgan in particular received a lot of praise for how effective their relationship managers were in handling KYC issues.
• Most of the participants who do not yet have an internal IT system for handling KYC are considering installing one. Some use the KYC capabilities of their TMS, but these do not usually meet all requirements.

AML (Anti Money Laundering) was discussed, but it was less of an issue than previously. This may simply be due to a different set of participants, but it does seem that the treasury teams have become more adept at recognising in advance the kind of (entirely proper) transaction which is likely to set off AML alarms in banks, and get ahead of the issue. Constant sanctions screening for denied parties, coupled with regular employee training, have also helped.

Bottom line: on the one hand, it is disappointing to see that KYC continues to be a major source of workload and frustration for corporates. Going through the list of complaints – it is long – most banks have made little to no progress in how they handle it. There is only one conclusion: they do not see this as a major issue in their customer relationships, so they can continue to generate unreasonable demands, and do little or nothing to standardise requirements and depositories. Some major banks are even centralising KYC processing, with the effect – intentional or otherwise – that the process becomes even more rigid and inflexible.

On the other hand, a lot of corporates are becoming more professional in their approach. In addition to organising their own systems and repositories, they are becoming more structured in their pushback on new and unreasonable requests. For the first time, we heard clear indications that ease of doing KYC has become a factor in how banks are assessed – and bank relationships are being terminated for being too difficult to deal with.

It is only once banks feel that failure to address the issue will cost them business that the situation will improve. 

JP Morgan was consistently praised for being willing to work with their clients to improve the situation – though their record was not 100%. BNPParibas were also mentioned as improving, Standard Chartered and Barclays received positive comments. Citi, HSBC and Santander were recorded as not being helpful, and not necessarily moving in a positive direction.