KYC, know your customer, you hear the term all the time, but what is it? KYC is a set of mandatory standards requiring professionals to verify the identity, suitability and risks involved with maintaining a business relationship. In essence, it’s a set of regulations that pushes you to get to know your suppliers, your customers, and your banks.
In a recent webinar hosted by Kyriba and titled “Enhancing KYC Compliance,” Bea Salvidar, CTP, Global Payments and Treasury advisor for Kyriba, and Tom Hunt, CTP, director of Treasury Services, AFP, tackled this top-of-mind subject.
Corporates are the interlink
Companies are always going to have a relationship with their customers and their suppliers. There are multiple networks that, on day-to-day basis, you station through your treasury, your accounts payable, and your share services. You find yourself interchanging, different types of financial transactions and engaging with suppliers and customers to carry on the day-to-day activities. Some suppliers and customers will be domestic, and depending on your company, you may also have a presence in various countries around the world where KYC becomes a definitively important matter.
This topic is becoming a priority. It is important to make sure that everyone knows about compliance and what's at stake, and for all parties in the transaction to know who they're doing business with.
Growth in KYC
What are the influencing factors that spur growth in KYC? First, you need to know the requirements. The main requirement companies face is responding to bank requests, or verifying the identities of their suppliers and customers. How do you verify that the suppliers or the customers are who they say they are? Why is this important? Because financial transactions are interchanged through banks on a daily basis, whether you have five bank accounts or 300, it becomes very important.
The other primary requirement is verifying the identities of the suppliers and the customers with whom you do business. You have to make sure that they are who they say they are.
Factors in the growth of KYC include the switch from paper-based payments to e-payments, concerned governments, and the increase in cyber risk. Technology is enabling less paper and more electronic transfers. This is great for the company to be able to leverage liquidity in real time.
“Prior to the coronavirus pandemic, organizations were exposed to all types of cyber risk, and as corporates engage more in international cross-border transactions, it has become necessary to apply best practices to gain visibility of suppliers and partners,” said Bea Salvidar, CTP, Global Payments and Treasury advisor, Kyriba.
Government involvement stems from a desire to make sure your corporation is in compliance. This is very important in the prevention of money laundering. The growth in cyber risk has driven a lot of the money laundering. The Bank Secrecy Act is the main driver behind a lot of this along with the Patriot Act. With more and more banks under the microscope in terms of anti-money laundering, it's made it harder to open accounts and do businesses abroad.
KYC is a way for the banks to satisfy regulators' needs, in terms of documentation. Our banks are the protectors of our payment rails. They're an interface between the regulators and end-users to make sure that the transactions happening in our payment systems are valid and not money laundering, corrupt payments or cartel payments.
“Having a good KYC process mirrors having a good policy for cybersecurity protection inside of treasury,” said Tom Hunt, CTP, director of Treasury Services, AFP. “It's all part of a good audit trail. Treasury can partner with and help coordinate efforts to have the best practices in place around that.”
The constant KYC process
Treasurers are always looking to make sure that they're in compliance, but the test can be burdensome: onboarding, periodic reviews, confirm or update, and replacing expired data. A company must meet the requirements in two broad ways. First, they must comply with banks. Regardless of the number of banks you have relationships with, there's still the compliance factor where you need to verify the identity of your suppliers and your customers.
In addition, the banks will carry out periodic KYC reviews. Why is that important to you? Because as they carry out these reviews, guess who they're going to be reaching out to? Companies need to meet their own obligations.
Another thing companies need to ensure is that they're not paying an entity or individual that is subject to financial crimes. An example of this would be receiving payment in breach of anti-money laundering regulations. Companies may not be able to rely on their banks. Yes, they can ask their banks, but it may be more complicated. You have to be very, very careful that you know who you're dealing with, that you know your supplier or your customer. Some companies perform due diligence on their own customers to ensure compliance with anti-money laundering regulations.
It’s a matter of being vigilant in terms of knowing who you're paying, who you should be paying, and internally having open channels of communication all the way up to the CFO. It protects the company. More and more companies are putting that type of process in place, and it's proven to be very effective.
Banks are definitely your partners here, but it’s ultimately up to you to know your suppliers and your customers.
Download the recently released AFP Treasury in Practice Guide: Navigating KYC Compliance, underwritten by Kyriba, which examines the three factors that have led to a growth in KYC requirements on companies.
Coping with bank KYC requirements
It can be challenging to keep up with the different requirements across banks. Why? Because each bank interprets the rules differently, as does each state, and each country. The forms for each bank are slightly different. And some banks may ask for certain pieces of personal data or for overly detailed financial transactions, especially if it is not in the public domain, that could be challenging for anybody in treasury or the KYC department of your organization, to be in compliance with. More generally, the slight differences and requirements mean that even an experienced corporate practitioner would not be confident that all the information has been provided. This is one of the key challenges with different requirements.
“What's ended up happening is that you can have two different banks, but the KYC requirements for opening an account might be slightly different,” said Hunt. “The regulations are all the same, but the banks’ interpretations of protecting themselves and the payment rails are subject to their interpretation.”
The banks won’t go through and identify anybody with a beneficial ownership interest in it, which means the signatory, or the officers on the certificate of authority, are subject to much more scrutiny as a result. Going back 10 years, it was very uncommon to be asking for passport photos, but now we don't even blink an eye. Banks are even asking for utility bills to provide proof that the entity exists in the domicile in which it’s listed. “It's bordering on somewhat of a ridiculous requirement, but banks want to protect themselves, to protect the payment rails, and protect themselves from the regulators putting more emphasis on the end-users,” said Hunt. “Ultimately, it’s up to the treasury department to conduct a balancing act between what is fair information and what is essential to opening the accounts and conducting business going forward. It’s driven more paperwork toward the corporate end-user to validate who they are, unfortunately.”
Being in compliance also means dealing with different update schedules from your banks. There is a lack of standardization across the banks because there is not a 100% mandate of how they have to standardize with the process. Your bank could come to you and ask for periodic updates, and each bank has their own KYC update schedule, so just imagine if you have relationships with five banks, that could mean five different schedules to comply with. And if your company's growing through mergers and acquisitions, all of this can become a challenge.
“I think we're coming back to a place where we were 10 years ago where the requirements are getting more stringent. The fines are very steep for noncompliance. In a meeting that we participated in with assistant treasurers, it was voiced that the KYC problem is not getting any better. If anything, it's becoming more burdensome,” said Hunt.
Reasons for the lack of standardization include security concerns — if there is a standard process, would that make it easier for criminals to surpass the system? Plus, there's no financial incentive for banks to harmonize their requirements. Compliance is costly for banks, and no bank has a competitive advantage.
The issues corporations face when coping with KYC requirements include:
- Choice of bank(s): in some locations, companies might have limited options, and if you’re dealing with a smaller bank, this could mean slower standards to adhere to.
- Control of company data: most of the data required would be in the public domain, such as annual reports, financial statements and ownership structure. One type of company that faces unique challenges with this are private health care companies.
- Control of personal data: this has to do with making sure that all of the personal information of the company officers is in compliance but also secure, that it's not compromised.
- Managing specific local regulations: in addition to meeting the banks’ requests for information, treasurers also need to comply with local regulations, such as those required by the IRS.
So, how do you manage the issues? Start with the following five steps.
Manage your bank relationships. One way to reduce KYC compliance costs is to know your bankers, talk to them, maintain those relationships.
Try to understand each bank’s requirements. If you know their requirements, you have a better chance of aligning with them, that way you aren’t surprised. Set limits on what you are prepared to provide internally to the banks. If they request something that you don’t want to provide for privacy reasons, ask them to justify why they need it.
Know your data. Try to reduce the time it takes to gather the data requested and consider ways to streamline your system using technology.
Track your compliance requests and responses. If you don’t use a specific software to automatically do this, then manually keep records of what information has been requested by each bank and the responses that were sent. Consistency is key to making sure you’re in compliance. It’s also helpful in case anyone ever comes back to you and says you have a KYC violation.
Try to anticipate update requests from banks. If you have multiple banking relationships, determine whether you can combine the data into one process rather than responding to each request as it comes in.
Effective KYC protects your business
- Supporting the procurement process.
- Keeping full and accurate records.
- Checking the sanctions list.
- Having a clear payments procedure.
- Continually reviewing your processes.