In an effort to reduce money laundering and the flow of terrorist funds the government has saddled banks with know your customer (KYC) regulations. While the purpose for gathering this information is noble, the burdens of these rules are forcing banks to extremes to gather this information—and it’s making a lot of treasury and finance professionals uncomfortable. Practitioners obviously want to comply with regulations, but are the banks going too far here?
 
Financial professionals are struggling with KYC compliance, as evidence by discussions at the latest meeting of AFP’s Treasury Advisory Group (TAG) and the 2015 AFP Annual Conference. Treasurers are becoming increasingly frustrated with how much is being demanded from them, especially considering that the banks are often asking for more than the government requires them to.

“This has had consequences for many global corporations,” said Sassan Parandeh, CTP, global treasurer for ChildFund International and a member of TAG. “We see a much more heavy-handed approach in terms of enforcement. We are asked for things that we have never been asked for before.”

Members of AFP’s Board of Directors have also expressed frustration with KYC. “This topic has been a burr under everyone’s saddle for a long time and is worsening—moving from an inconvenience to a borderline invasion of privacy with some of the personal information that is requested,” said Bobbie Eiseman, CTP, president of Comcast Capital Corporation and vice chairman of AFP. “It is an issue that impacts many sizes of corporations along with members at all levels.”

Now, with the recent terrorist attacks in Paris and other parts of the world, one would have to assume that the scrutiny is only going to intensify. As our members have told us, when you enter into operations in high-risk countries, your bank will likely deem you high-risk. But now, with terrorist activity in Europe, it’s quite possible that expanding into even traditionally low-risk countries could change your risk profile substantially. If I’m a bank and I’m doing business with someone who has operations in Belgium, perhaps now I’m going to ask for even more information from my customer.

At the very least, KYC is not going to get any easier. Financial professionals are therefore going to continue to spend copious amounts of time providing their banks with document after document just to prove that they’re not aiding terrorists or funneling money for drug cartels. That ultimately results in practitioners having even less time to focus on their job duties.

Eiseman explained that banks have requested her passport, driver’s license, mother’s maiden name, social security number and copies of her utility bills. “One bank even requested a letter of good standing from my personal bank,” she said. “Frankly, I am not sure what more can be requested, although it is a question I am afraid to ask. The more countries a company does business in, the more bizarre the requests sometimes become.”

In addition to being burdensome, providing all of this personal information also puts treasury and finance professionals at risk. Although banks typically have strong security, they are far from immune to data breaches, as evidenced by last year’s hack of JPMorgan Chase, which resulted in the theft of 83 million customers’ personal information. The federal government is also not secure, as we observed when more than 21.5 million people were compromised during this year’s breach of the U.S. Office of Personnel Management (OPM).

With hackers so easily finding their way into these systems, why would anyone want to hand over their social security number and passport information? Not only is your privacy being invaded, but your personal risk is skyrocketing thanks to these regulations. After all, not only are many individuals being forced to provide personal information to multiple banks; they have to provide it in multiple forms to the same financial institution. “We actually see that the same information being asked for multiple times by various offices of the same bank all around the world,” Parandeh said.

Each time treasury and finance professionals have to hand over this data, they’re just creating another opportunity for it to be stolen.

The bottom line: many treasury and finance professionals are subjecting themselves to an invasion of privacy, while opening themselves up to more personal risk. For these individuals, this is a lose-lose situation.

So while banks should be empowered to thwart terrorist financing and money-laundering, there needs to be some prudence and consistency applied to minimize the burden on corporate employees. These are people simply trying to do their job, and they shouldn’t have to sacrifice their privacy or their personal security to do it.

This article originally appeared on LinkedIn.