A KYC–AML utility: Driving scale, efficiency, and effectiveness

To address increased regulatory pressure and recent money-laundering scandals, the banking industry could benefit from a fundamentally different way of managing know-your-customer-anti–money laundering (KYC–AML) compliance. A shared utility for this purpose can reduce risk in the banking system, by improving both the effectiveness of KYC–AML processes and operational efficiency.

The approach enables financial institutions to attain a more complete picture of their customers’ behavior and greatly improves the detection of money laundering. Society, customers, and the banks all benefit, since better KYC–AML decreases the unlawful use of financial institutions, improves the customer experience, and greatly reduces costs for member institutions.

Since significant value is at stake, banks need to invest in getting the KYC–AML utility right. In the past, many efforts failed, stumbling over such hurdles as member consensus, project complexity, and data privacy. In our view, these barriers can be overcome by working collaboratively with regulators and advancing compliance though innovation and the most recent off-the-shelf technology. Banks can now capture the full potential of a KYC–AML utility by learning from past failures and incorporating the latest lessons.

Models for a KYC–AML utility

Three possible models for such a utility have emerged. Each has different benefits, depending on the legal operating model banks adopt.

  • Model 1: A static KYCAML data repository. This type of utility involves collecting and sharing of information among member banks. The static KYC data would include such categories as beneficial owners for corporates and up-to-date KYC information for retail customers. AML-related data could include customer blacklists, whitelists of reviewed and “safe” customers, the status of customers as politically exposed persons, the status of sanctions, and suspicious-activity or suspicious-transaction reports (SARs/STRs). Under this model, the utility allows a single onboarding platform to improve and streamline onboarding processes. Banks can obtain KYC and AML information for new customers through the utility rather than by asking them for it.
  • Model 2: A transaction-analysis AML utility. Such a utility consolidates encrypted transaction-level data in an analytical solution, thus enabling sophisticated transaction-monitoring and -screening capabilities across a much wider network of transactions. Banks so empowered will be able to reduce their AML risk significantly.
  • Model 3: A fully outsourced AML utility. This model helps member banks apply targeted solutions that improve AML operations and the efficiency of select AML processes. It involves operational units that undertake enhanced due diligence and investigations of customers of member banks.

All three models can benefit banks. The extent of the benefits increases with the level of information sharing in the system. The third model—a fully outsourced utility—would, however, probably need to be built in stages. Given the complexity of bank systems and requirements, the smaller steps would begin with the development of a data repository or a transaction-analysis capability.

Most KYCAML utilities have failed

Several private and government-led parties attempted to create AML utilities but fell short for three reasons: incentives for third-party utilities are intrinsically misaligned; overly ambitious designs can lead to costs outweighing savings; and compliance with privacy laws on data sharing have adversely affected adoption.

Third party–led utilities

Many AML utilities have been organized and led by third parties, such as technology or data vendors, rather than the banks. This model creates conflicting incentives between the utility owner and the participating banks: the vendor focuses on capturing revenue for ancillary services and products rather than value for the banks. Since financial investments in third party–led utilities are typically limited, the commitment and oversight of banks can be limited as well.

Another issue is that most KYC vendors can cover only one function of the KYC process. Hello Soda, for example, enhances due diligence by working considerations of the human element into automated decisions. Many vendors are thus required for one utility, creating inefficiencies for the banks. In addition, a third party–led utility may be turn out to be inadequate for banks’ purposes, as it is often developed with limited input from banks and regulators.

Trade-offs between design innovation and viability

Some institutions try to build an industry-scale solution right away, without proving the concept’s viability on a smaller scale by delivering tangible results quickly. The failure of these overambitious designs reveals that banks should never underestimate the difficulty of aligning processes across member institutions. Costs can quickly escalate if the scope of the project is not adequately managed. Without alignment, participating banks will be unable to gain traction in their utility effort. The time and resources expended will eventually overwhelm the common purpose.

For example, a bank-led KYC utility in Singapore faced unexpectedly high costs resulting from excessively ambitious design decisions. In addition to the utility’s setup costs, member institutions had to make significant investments to migrate historical bank data to the utility and to integrate individual banks into the system. The solution turned out to be more expensive than the anticipated savings.

Data-privacy regulation

KYC utilities raise significant concerns for banks about privacy and data sharing. Cross-border operations further complicate the legal requirements for data sharing, as banks are challenged to address the requirements of multiple jurisdictions. Furthermore, the experience of some KYC-utility projects has revealed that obtaining customer consent can be a major impediment to a utility’s adoption.

Critical factors required for a successful KYC–AML utility

Some KYC–AML utilities have demonstrated success or show promise. Regional US banks have lately worked together to create shared analytics capabilities for financial crimes. They have also created a third-party utility for risk management. An AML utility for information sharing has been set up in Britain (JMLIT, the Joint Money Laundering Intelligence Taskforce), and a KYC utility is being developed in the Nordic countries.

The broad experience reveal that a successful utility depends on five critically important elements: 1. creating a bank-led utility with early regulatory engagement; 2. focusing on the customer journeys; 3. taking a minimum-viable-product (MVP) approach; 4. deploying new technology, fintechs, and analytics; and 5. building investigative capabilities.

First, the utility initiative should be led by banks, with participating banks designing a solution tailored to their needs and focused on proving viability. The approach ensures that some of the critical hurdles to developing a utility are surmounted with the least difficulty. These hurdles include the creation of joint data standards and requirements as well as the satisfaction of privacy requirements. Given that the recipients of SARs/STRs are regulators and law-enforcement bodies, the initiative should include regulators as key stakeholders in the utility governance structure. From the inside, regulators will be better able to see the advantages of a utility, especially in terms of more accurate identification of suspicious transactions.

Second, the utility should focus on enhancing customer journeys. For many customers, KYC–AML processes are a real pain point. Banks can use the utility as an opportunity to start afresh, putting the KYC–AML approach in the context of a unique customer experience, researching customer preferences, developing ideas, and testing prototypes with customers and the business. In addition, the utility initiative can give banks an opportunity to standardize processes for onboarding and ongoing due diligence. These efforts will improve operational efficiency and ensure higher quality.

Third, the utility should take an MVP approach. This will remedy one key challenge for many utilities, which arises from trying to outsource disparate parts of the AML value chain. If banks are to prioritize investment in the utility, it must be able to create value for members within a year, or two at most. The lengthy agreement and development efforts required to outsource a large segment of the AML value chain forestalls that kind of value creation. The best way to ensure buy-in from banks is to develop an MVP that enables participants to align rapidly on use cases and to move quickly toward implementation. Fast deployment will show the utility’s potential value.

Fourth, where feasible, utilities should adopt off-the-shelf technology rather than develop their own IT processes and solutions. With the rise of fintechs, existing new technology can more than satisfy a utility’s needs, such as document ID scanning for a KYC utility. Member banks will benefit from highly sophisticated technology at lower cost, since the solutions will be shared. What’s more, given the scale of a multiple-bank utility, members can better deploy analytics by using machine learning to identify suspicious patterns, for example, or natural-language processing to facilitate completion of SARs. The utility will also be better able to monitor the market continuously for new capabilities.

Finally, the utility should create a strong, cross-functional team of knowledgeable experts from different fields, including legal, compliance, and fraud. Bringing in experience from many segments, this cross-functional team will be able to improve processes by adapting investigative techniques and procedures in the AML space.