The KYC Headache Worsens: An Examination of the Onboarding Process

KYC/AML requirements are only becoming more complex for a variety of reasons, not least of which is that there’s no standardization across jurisdictions, or even among regulators in the same market. But slowdowns in the onboarding process mean loss of money and increased reputational risk—and potentially hefty fines if it’s done poorly. Technology can help, but there is still a long way to go. By Rebecca Natale, with additional reporting by Anthony Malakian

Like a dinner party when the clock strikes midnight, the know-your-customer (KYC) space is thinning out. First Bloomberg decided to exit the space and wind down its KYC business—in its entirety—and then Refinitiv scrapped its KYC-as-a-service offering, though it is still fully invested with its other KYC products. There’s a reason for these decisions: KYC is hard, there are a lot of players in the space and the profit margins can be thin.

But banks and buy-side firms are still desperate for help.

Here’s how a compliance executive at an asset manager with more than $750 billion under management put it: “One of the things I’m being asked for right now from one dealer is the middle names of board of directors of two of our clients. I’m like, ‘You have to be kidding me—you trade all over the world, in all different types of instruments with these two clients, and for this particular type of trade you’re asking for middle names?’ So now I have to go out to a pension client and say, ‘I need the middle names of your board of directors.’ It’s ridiculous.”

To be fair, that’s an extreme example, but it lays out the hindrances involved when it comes to the onboarding process for trade agreements. The manager says that on average, it takes four to six weeks to run KYC onboarding for an International Swaps and Derivatives Association (Isda) agreement, and six to eight weeks for a futures agreement.

The main challenges can be boiled down to continually shifting regulations, little transparency between sides during the process, and technology’s struggle to play catch-up. This is why there are still plenty of vendors staying in the market and looking to pick up clients as others leave the space, including IHS Markit, Dow Jones, LexisNexis Risk Solutions and Bureau van Djik, among many others. Even with the tools that are populating the space, it still requires a lot of manual effort and time.

“When you have thousands of clients like we do, that can be painful—it’s a constant, ongoing cycle,” the compliance executive says.

As a result, firms tend to just take the “easy” route and throw bodies at the problem, rather than look at the challenge more holistically, says an operations professional at a tier-one bank.

“No one in senior management wants to talk about this stuff and everyone gets annoyed by it, but the bottom line is that we’re all bitching and moaning, but you have to get this stuff done,” the operations professional says. “The main problem is that they answer [the onboarding challenge] by just throwing bodies at it rather than looking at it from a root cause analysis standpoint and saying, ‘What can we bring in? What technology can help with this?’”

Money Left on the Table

Pain can intensify when requirements vary from dealer to dealer about what they want in KYC as well as anti-money laundering (AML), though there are differences. Some of them can be satiated with articles of incorporation, a W-9, a Common Standard Reporting (CSR) form and a resolution that states the client can trade a swap or a foreign exchange (FX) instrument, especially for more regulated entities like US mutual funds. But some dealers ask for unique pieces of data, posing some reputational risk for managers, and leaving clients frustrated and asking, “Why didn’t you give us this before?” Not only does it slow an already snail-paced process down, “it’s embarrassing,” says the asset manager source.

If you can’t bring in a client, well that is loss of revenue right off the bat. If you’re bringing in $100 million on July 1, and we say that we need two more weeks, that’s loss of revenue.

Compliance professional at an asset manager

“I’ll make it simple: This one client, you’re onboarding to 10 Isda agreements and three futures agreements, and also to another 10 master securities forward transaction agreements. So you’re having these conversations—now multiply those 23 conversations by say, 10 or even 20, because you’re usually onboarding multiple accounts,” the asset manager says.

On top of that, firms can know for months in advance that a new client is coming in, and the whole time that client is sending in a slew of documents to try and beat the curve, but until they sign an investment management agreement (IMA), it’s more or less yelling into the void.

“That’s part of the documentation we would have to provide to a dealer that shows we have authority,” says the source. “Until that IMA is signed, we can’t onboard them because we have no authority.”

The dilemma forces them to sometimes call in favors, an action not favored by either the asset manager or the dealer. Absent a signed IMA, the onboarding process can’t begin, and money is being left on the table.

“If you can’t bring in a client, that is loss of revenue right off the bat,” the asset manager says. “If you’re bringing in $100 million on July 1, and we say that we need two more weeks, that’s loss of revenue. Also, it’s really a loss of a client relationship and client confidence. We really, really don’t like to do that at all costs.”

Get ’em In, Get ’em Going

That’s where the vendors come in. The asset manager’s firm has signed on with IHS Markit, which, in May, released its Onboarding Accelerator tool as an add-on to its web-based platform, Counterparty Manager. It is API-enabled so users can log in with their Counterparty username and password, and be able to connect to any of their internal data or workflows. The dashboard setup of the Accelerator allows both sides of the deal to monitor in real time the status of documents. On the flip side, a client can also see where, when and if a snag in the process occurs—though usually, it’s a given that one will occur.

In order to jumpstart onboarding between clients and broker-dealers, says Brittany Garland, director of product management at IHS Markit, clients would have to submit an amendment letter to umbrella trading agreements already in place between the asset manager and the bank, and in turn, negotiate a new legal agreement every single time. This happened on a weekly, if not daily, basis, she adds. That’s when IHS Markit decided to centralize its approach, and allow a new account to be added to an existing trading agreement, and from there, adopt the legal terms set forth in the umbrella trading document.

“We thought if we provide the ability for this amendment letter to be sent across to the banks, we can tie in all of the pieces that we’ve built out,” Garland says. “So when the bank comes in to complete that amendment letter, they’re going to kick off their KYC process.” From there, further checks can start turning the wheels—credit due diligence, tax validation, regulatory obligations, operational setup—before sending back the legal amendment letter to the investment manager.

The asset manager says they find particular use in the Request for Amendment (RFA) tool by shortening turnaround times for broker-dealers that are using the tool with them.

“We’ve kind of used that turnaround time as leverage to twist their arm to get them on the tool—we’re not saying we’re not going to do business with you, we still want to use you as a dealer and a trading counterparty, but if you get on the tool, you are certainly going to get business faster,” the asset manager says.

With the same goals in mind—that is, shortening the time frame it takes to open an account while reducing the amount of manual labor involved—other vendors have different methods to end the madness.

‘Some Dimwit Auditor’

Having spent a couple decades as a federal agent, and through leading large task forces in New York monitoring money laundering and human and narcotic trafficking, Daniel Wager has found himself at home in the KYC space as vice president of financial crime compliance at LexisNexis Risk Solutions. He says the point of the process is simple: “Who cares about knowing your customer to be intrusive and invade your privacy? That’s not the point. It’s to differentiate between the good people and the bad ones, and to speed the good ones in, keep the bad ones out and prosecute that.”

But that’s not how all the players see it. The barriers to solving KYC’s onboarding problems are numerous. First, regulators don’t want to set a standard that constitutes full compliance. In fairness, it makes sense.

Most banks in the world are still a very long distance from a unified view of a customer.

Daniel Wager

“No regulators will go on the hook and say, ‘If you do this and this, and check these boxes, you’re done. You have no exposure or liability,’” Wager says. “You, because of your geography, [and you’re a] big bank, have a different requirement than [this other bank] because of its geography, and the bank … only does US-dollar payments and settlements.”

The source at the tier-one bank agrees with Wager’s portrayal of the regulators, and takes it a step further.

The different regulators approach KYC “on an almost on a case-by-case basis. They might go to some random broker-dealer and say, ‘You’re not doing this right and you need to get this form,’ and then that broker is chasing after that form because some dimwit auditor came in and said, ‘Oh, maybe you should be getting this for your audit as well.’ … It’s very arbitrary, in my opinion, because you don’t know what the rules are.”

Lack of regulatory standards is what ultimately led to the downfall of the 2014 Markit–Genpact deal, an effort by Citi, Deutsche Bank, HSBC and Morgan Stanley to standardize KYC data for financial institutions, says Wager, who signed onto the deal when he was at HSBC. The same challenge contributed, in part, to Singapore halting its attempt to produce the first government-backed KYC utility in the world last year.

Second, commercial interests are at play. Banks are reluctant to share anything with their competitors, let alone information that might highlight good prospects. It’s one thing to centralize the process of sharing corporates’ documents being asked for by multiple banks, he says, but it’s a whole other ballgame to ask that banks dump their client information into an easily accessible environment that reveals who has how much wealth at play.

“So the goal of compliance efficiency often runs headlong into client possessiveness and commercial interest,” Wager says.

Third, and perhaps most deeply rooted, is that banks have yet to form a utility within themselves, first.

“Most banks in the world are still a very long distance from a unified view of a customer,” Wager says, adding that a typical large bank can have up to one or two dozen different systems-of-record across their product and service lines. It takes an inordinate amount of time at a single bank to log into, for example, 16 systems and determine where its relationship with a person sits, not to mention having to do the same for several other clients in a single day.

“Is this the same person who’s had the student account with us for years the same one that just opened an investment account with a different address?” Wager says. “They didn’t include a middle name, but the date of birth is the same. Let’s just verify that. That’s the disunity that occurs inside every major bank, day in and day out. So how are you going to achieve a single view of an entity among banks that themselves don’t even know how many relationships they have with those?”

The bank source—whose group does not use LexisNexis Risk Solutions, but is unsure if other segments of the bank use the vendor—agrees with Wager’s assessment: “You can do a trade that is allocated to one to, maybe, dozens of accounts. Each of those accounts needs documentation from a broker level. Why is it that our bank doesn’t just have that information in some custodial way, sort of the way that everybody has their standing settlement instruction (SSI) alert in the Depository Trust and Clearing Corp.’s (DTCC’s) Omgeo?”

Even on the buy side, this is a problem. The compliance executive at the asset manager has been trying to convince senior executives to invest in building an internal, uniform, shared platform for KYC that would bring together this information across the organization, but as always, there are more pressing IT issues that need to be addressed first.

“I think it would really benefit us immensely if we did have an in-house tool, firm-wide, that people are using. Unfortunately, we don’t—I can’t seem to gain the right ownership within the firm. It would be so cool if we could do this automated by sharing from tool to tool, or from [our firm] to a dealer directly, but we don’t have that right now,” the compliance executive says. “I would say that it’s eventually going to come to the point where managers like us are going to have to do it because the challenges in the different jurisdictions of what is needed—they’re so different across jurisdictions—that eventually we’re going to have to have a standard and have this stuff available.”

So for the time being, it will be the vendors looking to fill the gap, potentially by using new technologies.

Making a Prediction

Guy Harrison, general manager of risk and compliance at Dow Jones, has been in the space long enough to know the last would-be rescue was workflow, where vendors are using new technologies to create a “faster mousetrap” and coordinate between banks’ internal teams and customers. But now the tide is turning, as banks and vendors alike turn to artificial intelligence and machine learning (ML) models to harvest information. However, those techniques leave, or maybe create, one more hurdle to jump.

“Once you detangle that information, how do you identify the risk and draw out the relevant pieces you need for onboarding?” Harrison says. “We’re seeing a lot of these AI and ML companies pop up. We have over 200 partners that we work with on a regular basis at Dow Jones Risk and Compliance, and I think a lot of them, frankly, are failing to live up to the hype.”

The cost of getting these things wrong is simply too high.

Guy Harrison

Harrison sees the parade of AI as more of an enabler at this point because the problem, for him, is in the data. If they’re not processing high-quality data, that generates false positives or negatives, and that generates losses.

“The cost of getting these things wrong is simply too high,” Harrison says. “And the cost of correcting it, if you look at what big banks are spending on remediation activities these days, is enormous.”

But there is hope that as machine learning matures—and these techniques are already making advancements in other areas of the capital markets, such as for surveillance, risk modeling, customer-relationship management and portfolio optimization—these algos can better help firms be proactive in the KYC process, says Bill Hauserman, senior director of compliance solutions at the Moody’s Analytics-owned Bureau van Dijk (BVD).

He says BVD is looking to build on a trend that is gaining in popularity in Europe right now: predictive analytics. Spurred by the notion of control leverage—the idea that the cause of financial and other crimes are beyond who directly owns how much stock, but rather who might own the person who owns the stocks—predictive analytics on companies and the people who run them could be KYC’s saving grace.

Transcrime, the joint research center on transnational crime and partner of BVD, did some analysis recently, in which it used predictive analysis to estimate the likelihood of certain companies to be sanctioned. “That’s where the world is going—where it’s not about the activity after; it’s about the predictive modeling on the front-end,” Hauserman says.

The problem is that invisible risks and digital traces can only be mined from unstructured information, Hauserman says. It’s “the ultimate weapon,” but it’s not here ... yet. The year 2024, Hauserman predicts, will start to see intelligence technology begin to hone its capabilities in the predictive realm.

“KYC is massive, and then you have all these [other things like] anti-bribery corruption, trade compliance, and all these other subsets of the due diligence spectrum, and each of those have that predictive nature,” Hauserman says. “If you could, with onboarding, paint a profile of how likely a risk is to happen in your transaction side, which is where the actual crime happens—it doesn’t [happen] just because they have a profile—then you’d be able to monitor transactions from those individuals in a much more efficient sequence.”

Banks that have already begun to get a handle on this method have driven their false positives down from 90% to a fraction of that, Hauserman says. “That’s how good the technology is as long as you have the right data. That takes out probably 80% of the waste in KYC today.” This can include, for example, asking for the middle names of an entire board of directors.

Although there are protocols and safeguards against financial crime in place, the hunt for more solutions is on, and the remaining players in the space will have to save up their stamina. As the asset manager put it, “We’re always chasing something, and it seems to be by default.”