KYC and due diligence procedures remain one of the most costly regulations faced by Luxembourg’s fund industry and the overall financial sector businesses.
This is despite it being a decade and a half since global law-makers put in place rules to fight money laundering and terrorism financing.
A challenge for all
Banks, investment funds, family offices, insurance companies, holding companies, service providers, and the rest all face a daily battle to comply with KYC/AML-CTF duties and assure that clients are not using the financial system for illegal activities. Making a mistake or having laxly procedures could be corporate suicide.
KYC regulations also make it harder and more expensive to serve clients, the vast majority of whom have no criminal intentions. It is frustrating for clients and sales teams that a range of identity documents are required when on-boarding each new customer. This time-consuming, labour-intensive process is complex and prone to error, particularly in a major international financial centre like Luxembourg with clients from across the globe.
Waste = Potential savings
It is ironic that many Investment Funds have to make the same checks on the same clients. Often this results in each of the counterparty having to supply the same information several times. These would include, amongst other information, proofs of identity and addresses for individuals, and certificates of incorporation and memorandums of association for corporates. By way of illustration of the complexity and cost, more than sixty documents and data points can be required by asset managers related to KYC for each investor.
The good news is that where there is waste, savings can be made. For example, a recent report of Deloitte* pointed to the potential for cutting €180M costs, by correcting inefficiencies in KYC handling and due diligence.
KYC utility: a game changer
A mutualised KYC utility is a promise for a faster and economical solution. Such centralised utilities come in many forms, and have been helping the financial services industry to be more efficient and accurate for decades. Stock exchanges, and clearing and settlement houses are long standing examples, where market players share information for mutual benefit through a trusted central counterparty. These bodies also encourage the harmonisation of standards and procedures, further encouraging efficiency and lower costs.
Sharing data by individual and corporate clients in a highly secure centralised utility would work in a similar way for KYC. Not only would players no longer have to conduct duplicate tasks in-house, but sharing data would improve quality, as a more rounded picture of each client could be created. Changes to international watch-lists of criminals, terrorists and politically exposed persons would be taken into account once for all by the utility. This information would prevent firms on-boarding the inappropriate people, and alerts would warn of a change in an existing client’s status.
Costs down, accuracy up
Accuracy would increase as costs fall. As well, financial industry players would cut the risk of inadvertently breaching fast changing rules. Communication with regulators would also be improved as systems are aligned and reporting automated. Businesses could focus more on their core activities of serving their trusted clients. Regulators and governments would appreciate the greater efficiency in whole industry.
Complexity would be reduced too as the web of connections is streamlined. For example, if ten businesses are each working with the same ten clients using point-to-point connections, each of the ten businesses would request documents from the ten clients. This would involve sets of documents being shared 100 times. However, with a universally trusted central counterparty, the number of communications would be cut to 20, as documents only need to be sent to the utility.
Moreover, a utility will have the resources to be highly innovative, such as through the development and use of cutting edge FinTech.
For example, tailor-made algorithms are needed to search huge in-house databases, while trawling for publicly available information. New technologies are rich with promise, but few individual companies have the size and reputation necessary to fully unlock this potential.
Several KYC utilities have emerged around the world, but none addresses the specific needs of the Luxembourg Fund Industry.
Nowhere else is so focused on international markets, meaning that systems in Luxembourg have to cope with multiple regulatory regimes, different standards, and a range of languages.
Luxembourg’s regulatory environment is also unique and requires specialist treatment.
Assessing the Fund Industry appetite
A KYC utility for the whole fund industry sector in the Grand Duchy is being discussed by a workingroup of local market players under the coordination of Fundsquare. This innovation should take care of the execution of rules related to know-your-customer, know-your-customer’s-customer, and know-your-distributor. At its heart is required a complete document repository. This will enable a seamless exchange of information about the probity of each client between relevant actors. It will make life easier for investors, as they will only need to prove their good standing once, with the central utility.
More, to provide full benefit for the sector, a centralized market utility should add value services such as a risk rating engine to add context to the information. This will speed the due diligence process during on-boarding, and give real-time updates of changed circumstances of existing clients. Processes that could be accommodated include customer identification, initial risk assessment, due diligence and other forms such as on-side and the know your distributor checks, risk scoring, reputation risk management, AML/CFT country risk assessment,… It could also facilitate straight-through-processing of regulatory reporting.
Even though it could have the potential to be a powerful tool, a central utility will not solve every question. The ultimate decisions about client acceptance would remain with financial professionals. Nor would it monitor transactions, and nor would it report suspicious transactions.
Different technology options
How in technical terms, might the KYC utility work? Existing technologies and systems would do the job well as many software companies already develop sophisticated tools. Using innovative systems, a utility would work much like a well-resourced compliance department. Constant cross-checking internally, with clients and with regulators would keep the information up-to-date and accurate.
Longer term, financial technologies (FinTech) will make the utility more efficient and effective. For example, online news from mainstream sources but also blogs and social media provide a host of information about individuals and companies. Not all this information is reliable, but best practice suggests this information needs taking into account. Tools are being developed that scour the internet for information about individuals, with algorithms then sorting this data. For most internal KYC departments, such tools are nice to have. but are perhaps too rich. A large utility, however, would have the necessary resources.
Digital ID potential
Beyond marginal gains such as these, FinTech promises major strides forward. For example, a digital identity is a representation of a person’s real-world persona in electronic format. Creating a system of secure, trusted and accepted digital identities would go a long way to solving the central KYC challenge of being sure that a counterparty is who they say they are. A customer-centric system would also open the way to creating a range of new, innovative services.
Digital identity assurance has been an aspiration for governments, regulators and the private sector for a number of years. After all, having a unified system would be useful in financial services, healthcare, national security, citizenship documentation, driving licences, online retailing, or even proving your age in a bar. Currently, internet users have multiple digital identities for each platform. Managing identities across applications and platforms is becoming increasingly challenging and cumbersome.
Digital ID assurance has become one of the main FinTech themes, and thus is attracting substantial R&D funding globally. Public authorities around the world have also sought to promote the idea in many countries,. However, few of projects have made progress beyond limited niches.
This is a deceptively simple basic idea, but the practicalities of creating convenient, quick and secure solutions are more complex. Privacy, data protection, security, consent mechanisms are at the centre of debates and technological challenges. Could a utility be the way to open the door for digital identity assurance schemes designed specifically for financial sector businesses generally, or Luxembourg in particular?
Blockchain game changer?
Blockchain could offer a solution for this and other financial sector data processing challenges. Blockchain technology was developed to power crypto-currencies, and increasingly is seen as a secure and tamperproof way to share any type of data. Distributed ledger technology (DLT) uses blockchains to track everything from ownership of assets through to identities. Anyone with permission can update and access data on the distributed ledger, with all users able to see who has changed what, when and by how much. Counterparties could keep these ledgers up-to-date in real time, without the need for an expensive third party.
However the blockchain is not seen by many ideally suited for KYC processing, while its contribution can be crucial while distributing funds and tracking “who own what”. Fundsquare is building expertise in this area with its FundsDLT project, working in partnership with local fund industry players including the consultancy KPMG and the technology firm InTech. They are researching and developing a way to ease the processing of transactions, payments and entitlements, as well as facilitating client on-boarding and KYC challenges.
Bold moves required
KYC was the forerunner of much of the regulation which has since engulfed the financial services industry. It has taken time, but the industry and technology is catching up with the scale of the challenge, and is set to transform the way these rules are dealt with. Moreover, utilities backed with the latest technology could help control costs as a new regulations and updates come on stream.
The next few years will see the fourth EU Money Laundering Directive (4MLD), the second Payment Services Directive (PSD2) and General Data Protection Regulation (GDPR). The latter could be particularly relevant to the utility debate. Instead of individual companies spending time developing their own digital identity modules, this could all be handled centrally.
Investors are demanding lower fees, and are putting the fund industry sector under greater pressure to deliver value for money. However, this is just when regulations are driving up costs. A new bold approach is needed. A mutualised utility would represent such a shift, with costs being shared and greater accuracy ensured.
* “Europe’s fund expenses at a crossroads” Deloitte
AGEFI Luxembourg, March 2017