Managing KYC & AML in Corporate Treasury

So, after more than ten years, where do we stand? Are things improving? Are we seeing an adoption of standardised data requests and central depositories? Or are banks still coming up with new requirements, and often repeating the same requests within their networks?

If anything, things are getting worse. Increasingly, companies are setting up dedicated internal departments just to handle KYC requests.

Data

• Data requirements still have not been standardised
  • Requirements vary by country
  • Banks do not accept that some information does not exist in all countries
  • There is inconsistency. The same bank will insist on an item in some countries, but not others
• New requirements keep surfacing. For listed companies, banks are increasingly requiring personal data on management and directors. This is an extension of the UBO (Ultimate Beneficial Owner) requirement for private companies.
• Some countries require notarisation and/or official translations of documents.
• Requirements for personal documents – passports, drivers’ licences, home utility bills – create friction with directors and senior employees, and often contravene data protection laws.
• Increasingly, though it was not raised in this call, these data requirements are being extended to non banking relations.
• Sensitive personal data is often transmitted by e-mail and stored in unsecured locations.

AML

• The number of payments being blocked for AML appears to be on the rise.
• Some participants have specific exemptions from sanctions rules – usually because their products are needed for health or humanitarian reasons.
• These exemptions still leave the problem of finding a bank willing to process transactions with sanctioned countries: most refuse.
• Several participants reported that reporting these – perfectly legal – activities in their KYC responses triggered further KYC obstacles and an increased number of blocked payments.
• Even intercompany payments within the same group are now coming under scrutiny.

Banks

• No bank received unqualified praise in the call. Société Générale, BNPP, HSBC and JPMorgan have been more helpful than others in some situations.
• Banks still make onerous requests with unreasonably short lead times, especially during holiday periods
• Banks are poor at sharing information and documents internally.
• Some participants have pushed back on this, with varying degrees of success.
• The RM (Relationship Manager) is key: a good RM will often prove valuable in managing requests and handling the most unreasonable ones.
• Unfortunately, it is often still necessary to escalate issues to senior levels in the bank – and some banks are not shy about going directly to senior people in the company. There is a lot of frustration with the amount of senior management time wasted on discussions which add no value.
• Participants have tried to use central depositories, such as SWIFT, or even address security issues by using password protected PDF files. Banks often simply refuse to use these tools.
• Sometimes, banks do little or no research: for financial data, one corporate simply directs their banks to the published financial statements, where most of the requested data is already available.

Organisation

• Many companies have accepted that this will remain a manual process, and have set up internal teams, usually in a low cost jurisdiction, to manage it.
• Does KYC belong in Treasury, or elsewhere – especially Legal? Most felt a lot of the data really comes under Legal, and should be handled there. However, only one participant has been really successful in getting Legal to take on this responsibility. In their case, Legal uses a document management tool (ONIT), which Treasury accesses. This was felt to be a good approach.
• Some companies have centralised KYC, while others have decided not to. The concern with centralisation is that it moves all the workload to group treasury; on the other hand, local teams often provide banks with information the Group prefers not to disclose.
• One benefit of a centralised team is that they are better able to track what has already been provided, or what is usually accepted, and push back.
• Some treasurers are concerned the decentralised approach leads to significant volumes of data being provided to banks, with no overall view.

Workflow Management

• Most KYC data requests are repetitive: the data has often already been provided to another bank, or is a re-submission of data from a previous year.
• It should be possible to refuse to provide the same data more than once, and to schedule reviews in advance. In practice, it often does not work this way.
• Some corporates now do their own workflow management, and tell the banks at the beginning of the year what they will provide, and when. Any requests outside that schedule will only be satisfied the following year. This approach improves matters, but is not always 100% successful.

IT Systems

• None of the central document repositories has really succeeded. Participants have tried SWIFT, but found that many banks simply refuse to use its central repository. One commented that SWIFT seems to have lost its enthusiasm.
• Some banks have their own bespoke systems. Some people use them, despite the multiple logins, but still find they need to get their RM (Relationship Manager) to re-direct local bank officers to the tool.
• Some banks are working on shared tools – BNPP and Société Générale have one. These were viewed as being helpful, but less than ideal:
  • They often require all data fields to be entered before the data is recorded and can be shared. If any field cannot be provided, or is against company policy, it can be difficult to proceed. Some people resolve this by simply entering “not provided” – the system seems to accept that, though the bank will still come back.
  • They typically do not provide differing levels of authorisations. This can make it difficult to delegate providing data to the local subsidiary without giving them access to the whole group data.
• Confidentiality and data protection remain issues.

Bottom Line

Whatever we think of it – and all treasurers accept it is necessary to monitor the use of bank accounts – KYC has so far resisted most efforts to impose a logical and streamlined management approach. The various tools which have been tried have had limited success, at best. To get banks to accept these tools and work with them requires an amount of senior management time and effort which few treasurers seem to be prepared to put into it.

So, where does that leave us? The trend seems to be to accept the reality, and set up a team to handle it, mostly manually.

To Access this Report: