Read on and learn what companies can do to adapt.
How are Know Your Customer (KYC) obligations changing and what are the implications for companies?
Neil Isherwood: We live in a rapidly changing environment in terms of money-laundering, where criminals, fraudsters etc are always finding new loopholes to exploit, so KYC rules need to constantly change to keep pace with this.
Trade barriers, sanctions and an uncertain overall economic situation present compliance teams with challenges they are struggling to overcome. Fines for KYC failures surged by 50% in 2022 alone, with one bank facing penalties of as much as €2 billion for failing to adequately combat money-laundering.
In the EU and UK, businesses required to undertake customer due-diligence are called “obliged entities”. In addition to traditional financial services, the EU is expanding this definition to include businesses such as crypto-asset providers, top-flight football clubs and dealers in luxury items, all of which can potentially be exploited by criminals seeking to move illicit wealth.
The EU’s latest AMLD6 directive widened the definition of money-laundering to include offences that result from a “lack of supervision and control”, as well as imposing harsher penalties.
Some firms that are now considered obliged entities have yet to fully grasp their need for robust KYC processes that determine beneficial ownership and the ultimate source of funds. Even when they do, it can be difficult to access the data needed to know their customers.
Last year the European Court of Justice ruled that making public the beneficial ownership of companies posed a risk to individual privacy.
What are the main challenges in the context of KYC?
Neil Isherwood: Even where the data is available, finding an efficient and automated way to access it ican be very difficult.
The information is often split across various national company registries, most of which require a small payment to access. Older and larger companies often have cumbersome manual processes to achieve this data collection, running the perennial risk of that data falling into silos.
There is also the huge problem of false positives, which occur when a legitimate individual or transaction is wrongly flagged as a potential risk. These false positives must then be checked manually by human analysts, often a slow task given that one individual can be listed many times in company registries as a director, shareholder, or significant controller, with each submission stored as a separate piece of information.
It is this issue of false positives that provokes the most emotional response from our clients - they feel overwhelmed by the complexity of disambiguating one name from another.
How can companies overcome this challenge?
Neil Isherwood: At Dun & Bradstreet we advocate a risk- and profile-based approach that leverages external data. For example, we use biographical information to determine whether one “John Smith” is likely to be the same as another “John Smith”. Once we know that, it allows us to trace the links between John Smith’s various companies, ensuring that clients need not repeat the KYC process every time they encounter the same person.
Likewise, our D-U-N-S® Numbers are unique identifiers that distinguish between similarly named companies and support the reduction of data silos between workflows and functions across a business.
material discrepancies".
The traditional KYC process is usually a periodic review. Most obliged entities use a one-year, three-year or even five-year cycle. Much can change in those kinds of timeframes, for instance the recent sanctions on Russia and associated economic volatility. As such, long reporting cycles can mean the entire due diligence has to be repeated from scratch. What are the benefits of perpetual KYC?
Neil Isherwood: Perpetual KYC (P-KYC) takes a proactive, data-based approach. Changes in company records are flagged so the client can make a KYC decision based on that single change, almost in real-time. If John Smith comes onto a company board, and he is found to be unconnected to sanctioned or politically exposed persons, and is not the subject of adverse media, the relationship retains its green KYC status.
This also prevents the spikes in due -diligence that are common in multi-year cycles, and merges the steps needed to understand who runs, controls and benefits financially from a company.
Ultimately, P-KYC means significant savings in terms of costs, time and the avoidance of lost business. Speed of onboarding is a competitive differentiator for financial services firms when it comes to attracting new business, and there are some big differences between how quickly this can be achieved by new challenger banks when compared with older institutions. Some digital-only accounts can be opened with just 24 clicks and 2 days, compared to 80 or more and 30 days at older institutions.
So why doesn’t every company use it?
Neil Isherwood: In some cases, there’s an inertia that stems from an unwillingness to re-think systems and workflows. It may well be that a certain part of the process has been centralized, whereas the preceding parts sit within different functions. Therefore a particular department may not own the entire onboarding flow and thus cannot control or improve it without larger cross functional agreement. Clients can also be a little unclear of screening providers’ relative strengths and weaknesses in what has become a crowded market.
And how do you think integration with environmental, social and governance (ESG) data changes things?
Neil Isherwood: Increasingly, clients need to know how their value chain is performing in terms of ESG factors, particularly carbon emissions. It’s become part of the general risk assessment. From our point of view, it makes sense for Dun & Bradstreet to be a one-stop shop that can help our clients with the full panoply of risk assessments they need to conduct, including ESG.
Indeed, data more generally is critical for businesses to understand not only the risk profiles of their customers, but also the opportunities for maximising the potential of the partnership and generating value.
Stay compliant with real-time monitoring, eliminating the need for periodic reviews. Discover streamlined compliance and accelerate third-party risk management with D&B Risk Analytics Compliance Intelligence. Optimise your compliance processes by combining unrivalled UBO data coverage with a policy-led risk engine. With highly configurable workflows, D&B Compliance Intelligence offers real-time KYC monitoring. Swiftly verify, assess, and monitor entities, including beneficial owners.