Is it time for Financial Institutions (FIs) in Australia and New Zealand to start thinking seriously about a Trans-Tasman Know Your Customer (KYC) utility?
With examples around the globe gaining momentum – e.g. Swedbank being the latest partner to join the Nordic KYC Utility, now known as Invidem, and the ongoing planning for a Pacific Islands KYC utility – the idea has an increasing chance to take hold.
What is the Nordic KYC Utility?
Invidem, scheduled to go live later in 2021, is a joint venture between DNB Bank, Danske Bank, Nordea, Handelsbanken and SEB, with Swedbank coming on board in July 2019.
The aim of the Nordic utility is to address the spiralling cost and inefficiency of the KYC and Customer Due Diligence (CDD) process.
The aim of the Nordic utility is to address the spiralling cost and inefficiency of the KYC and Customer Due Diligence (CDD) process. It will accelerate the customer onboarding process to realise revenue streams sooner and spread the growing cost of compliance in an ever-changing regulatory landscape.
Targeting mid and large size corporate clients, the service will be free of charge for customers while providing an improved user experience.
Underlying the deployment of the utility is a drive to strengthen financial crime prevention across the Nordic region, following a series of reprimands for lax controls and weaknesses in combating said crimes.
What are the benefits of a Utility?
The scale of cost for KYC and CDD in Australia is significant. There’s an average annual spend of US$28mm to onboard new customers, and US$47mm to maintain them.
The bulk of this cost is generated by the need to manage internal policy documents and procedures to protect against increasingly frequent and complex regulatory rule changes.
With the creation of a utility, financial institutions (FIs) simply pay to access KYC data directly from the utility, gaining an up to date, standardised and regulatorily compliant customer profile. This allows FIs to achieve significant savings which can be reallocated to reduce costs to customers, improve services, or simply absorbed by the FI.
For customers, the experience is streamlined requiring them to provide KYC data just once. This is particularly useful for the multi-banked. It makes the onboarding process easier and faster, reducing friction in accessing financial services. The utility also reduces barriers for customers moving to alternate FIs, another significant benefit.
The “KYC once” approach under a shared utility is therefore an attractive proposition, benefiting both the FIs and customers.
Unfortunately, the utility is not outsourcing to the standards expected by financial institutions, it simply facilitates the purchase of a standard customer profile
Happy Days?
Unfortunately, it’s not the panacea everyone is looking for. The utility is not outsourcing to the standards expected by FIs, it simply facilitates the purchase of a standard customer profile.
Two key challenges remain:
- FI’s still need to consume the data, and carry out any specific additional KYC to meet their internal standards and risk appetite; and
- Accountability for anti-money laundering (AML) and financial crime risk remains with the FI, rather than the utility.
Are there other models apart from a utility?
Invidem takes a centralised approach, having created a utility to capture, maintain and publish CDD data to the FIs. However, there are two clear alternatives:
- A de-centralised approach: Data is captured by participating firms, each adding a layer of detail when new information is identified and released as a new version to the participants. This structure lends itself to distributed ledger technology with blockchain encryption, using different decryption keys to differentiate between contributing FIs or subscribing FIs.
- A digital passport: Data is managed by a third party, which issues a digital passport to the customer and a decryption key to those subscribing to the service.
Neither of these offer the scale of efficiency presented by a utility, however they represent alternate opportunities to reduce expenditure or for a data vendor to create new revenue streams.
What are the barriers to getting a Trans-Tasman utility up and running?
If the utility model is the best approach for the Trans-Tasman market, Lab49 believe the following technical & regional challenges would need to be addressed:
Regulatory Approval
Regulatory approval and alignment for a utility will be required from both sides of the Tasman Sea. Whilst the Trans-Tasman Council on Banking Supervision indicate there is a willingness to co-ordinate activity and deliver a seamless regulatory environment, their published objectives are to share data between themselves, not the FI’s.
Collaboration between the Financial Institutions themselves
There are numerous examples of collaboration between the big four Australian banks, including Beem It and New Payments Platform. However, there are far fewer examples of Trans-Tasman collaboration, even within the same FI groups.
While appetite for collaboration exists, there are concerns. Are the potential savings a large enough incentive to start discussions? Will the utility meet FIs’ standards and mitigate risk to an acceptable degree? And can regulators be convinced that the utility will meet financial crime and counter terrorism financing commitments?
What would you need to make a utility work?
Several key components are required:
- Data sourcing: A tool to capture data from publicly available sources and other third parties. This tool needs to be triggered by the onboarding FI.
- Regulatory rules & case treatment engine: A platform to consume regulatory rule books (and changes to these) and convert them to capturable customer data sets. Preferably, the utility could persuade regulators to adopt machine-readable rulebooks for digital consumption.
- Case Management Tools and Processing Engine: A platform to manage customer interactions, capture customer data and trigger questions for enhanced due diligence (where required).
This is where the utility’s AML credentials are earnt: Can the FI determine a customer’s financial crime risk profile from the data the utility is selling? Does the data enable the FI to plausibly explain a customer’s activity in light of what has been captured about that customer? And is the financial crime risk of doing business with that customer within the FIs risk appetite? - Detection engine: A system to consume publicly available information and compare against existing customer data to determine when a customer has changed behaviour or activity; and whether these changes materially alter their financial crime risk.
- Distribution platform: Secure distribution to the FI at the point of CDD being completed, periodically, and whenever a change has been detected irrespective of whether this has resulted in material change in risk.
Gaining customer consent to share data, while ensuring the utility meets both Australian and New Zealand consumer data standards and the secure encryption of data between parties are critical for the success of this model.
There are also a number of other considerations. Gaining customer consent to share data, while ensuring the utility meets both Australian and New Zealand consumer data standards and the secure encryption of data between parties are critical for the success of this model.
So, back to Scandinavia. What does the initial Invidum service offering look like? The initial release will involve around 200 data attributes. This represents around a quarter of the data required to support initial due diligence and the in-lifecycle processes for customer profiles. A detection engine is not expected to be available until the second half of 2021. Therefore, there may still be time for a Trans-Tasman utility to lead the way with the first complete solution.