In our new white paper, The Digital KYC Paradox, Fourthline explores the steps enterprises can take to avoid the costly consequences of falling short on compliance.
- Banks and fintech companies face exceptionally high requirements for the quality of their KYC and AML processes
- In response to these requirements, financial enterprises are increasing their use of technology solutions in the ID&V space
- Benchmarked data shows that these ID&V solutions typically represent 3-5% of the overall cost of compliance
- The bulk of the costs and challenges lie in the back office: where manual processes are error-prone and expensive
- Applying end-to-end automation and a holistic dataset will lead to more efficient back-office processes and more sustainable costs
The quality challenge: the true costs of falling short on compliance
In an August 2021 study, governance and risk consultancy Kroll concluded that the 994m USD in fines handed out in the first half of 2021 were imposed due to the same procedural shortcomings that regulators have been highlighting since 2015 around due diligence on new customers, management of AML measures, monitoring of suspicious activity, and ensuring compliance.
- The amount of money laundered globally each year is estimated to be between 715 billion EUR and 1.87 trillion EUR
- Financial crime compliance cost the world 180.9bn USD in 2020 and is expected to reach 213bn USD in 2021
- 45 AML penalties were imposed globally in 2020, totaling 2.2bn USD
Claire Simm, head of financial services compliance and regulation at Kroll, told Financial Times:
“The value of fines has surged as regulators impose tougher penalties, continuing to send the message that despite any obstacles, enforcement remains a top priority."
In recent years, regulators have shown that they are willing and able to crack down aggressively on banks that fall short of their expectations. Broadly speaking, regulated financial institutions are expected to (i) have effective procedures in place; (ii) consistently follow such procedures; and (iii) have an audit trail to prove it.
The digital KYC paradox
With the rise of fintech and the forced digitization of traditional banks, the industry has very rapidly shifted to mobile-first. This has led to an equally rapid jump in client expectations for those who want to be able to open a bank account anytime, anywhere, on any device and get results in real-time. This has led to a plethora of tech companies offering digital ID&V solutions allowing clients to snap a picture of a government-issued ID or take a selfie. These solutions deliver a UX the client is looking for as it is a superior experience to having to visit a bank branch in person.
However, despite delivering a massive improvement for clients, these point solutions have not led to a decline in staff involved in manual processes. In fact, quite the opposite has happened. Companies are offering digital ID&V solutions to keep up with an increasingly mobile-first industry - but their back-office processes are actually becoming more complex and more manual because of the amount of people needed to ensure the new digital systems are compliant. For instance, ABN Amro tripled its compliance workforce to 1,000 from 2013 to 2019. Six months after, it doubled to 2,000. Last year, the bank disclosed that their overall costs are expected to reach a high of 5.3bn due to increased regulatory requirements and AML costs.
In many instances, one out of 10 bank employees now work in compliance. It’s no surprise that with mounting pressure to slash costs, banks are actively looking for ways to become more efficient.
- "A huge number of people were hired in 2016 and 2017, says Nordea co-founder Mikael Bjertrup. But job cuts are continuing, as it’s simply too expensive to leave most of the work to humans rather than algorithms." He also says beefing up automation will improve the quality of the work.
- Danske Bank cut over 1,000 jobs in 2020 in an effort to reduce costs. “One of the areas where Danske can cut is in anti-money laundering. While Danske faces an increased amount of tasks in this area with new regulation and will want to make sure that nothing is missed, it should be possible to start automating many of the procedures and thereby cut staff.”
A recent report by McKinsey points out two further relevant considerations.
- “In just a couple of months, customers’ adoption of digital banking has leapt forward by a couple of years. Such a jump in adoption opens the door for banks to turn digital channels into real sales channels, not just convenient self-service.”
- “Reducing costs is not a new goal but the imperative to act is much stronger than it was a few months ago. Banks will need to contemplate cutting gross costs by between 20 and 35 percent, which translates into 20 to 30 percent net savings after reinvestments in crucial areas such as digital capabilities. Getting to the next stage of digital sales and operations is likely to remain the largest overall cost lever.”
It is clear why banks need to improve the quality and cut costs in compliance leveraging technology. ‘How’ remains the question. To answer that, understanding the true cost of compliance is vital.
An in-depth study conducted by LexisNexis of AML, compliance and risk professionals across five European markets - France, Germany, Italy, Switzerland and the Netherlands - estimates that the true cost of compliance is roughly 83.5bn USD annually. While costs vary by country, labor resources broadly constitute an average 74% of compliance spend. Meanwhile, KYC programs account for the largest portion of compliance spend - around 40% compared with 15% going towards suspicious activity monitoring.
Although improving business results and reducing risk are the key drivers of AML compliance for financial institutions in these countries, the study concludes that financial institutions are simply not seeing these results in full due to the sheer cost of AML compliance and impact of regulations on productivity. Tackling these cost and productivity challenges in compliance therefore calls for better quality sources of information and a rebalancing of AML cost components.
Benchmarking based on a comprehensive Cost of Compliance model
Over the course of 2020, a group of banks and fintech companies offered their input on a granular cost of compliance model for a study by Fourthline. This contained a step-by-step aggregate of the cost elements (both technology and manual processes).
This benchmarking data allowed for a thorough analysis of the cost base of an end-to-end bank grade onboarding. It showed that most banks and fintech companies leveraged point solutions specifically for ID&V and for AML screening.
However, the data also indicate that in order to meet the increased scrutiny of regulators on the quality of CDD files, both banks and fintech companies had to build large teams. The primary activities of such teams consist of investigating flagged cases (e.g. potential hits on sanction lists), performing additional quality checks, risk scoring, and reporting. Fourthline found that an average 90% of the compliance cost base of a traditional bank and 70% of the compliance cost base of a fintech company consists of manual checks.
The complexity and duration of these manual checks increases due to the lack of centrally available data. This is particularly true for traditional financial institutions like banks and insurers. For example, many banks will operate one dataset for KYC, another for AML, and a third for Fraud, as these operate as separate departments. In AML screening, often only the name of a client is used as input. This can lead to a ton of potential hits, which need to be investigated. This could be massively simplified if the KYC data was taken into account as that includes information like date of birth, place of birth, and residential address, all of which make it easier to rule out false positives.
The main findings of Fourthline's benchmark study include:
- Many Financial Institutions (FI) leverage point solutions for ID&V. Most FI's use numerous third-party vendors for different parts of the KYC process. For example, a bank might use four different vendors for data collection (ID&V), AML watchlists data provider, AML watchlist screening, and Proof-of-Address.
- High costs are especially associated with manual investigations on watchlists hits and flagged cases.
- FI's are having difficulties storing customer data in a central location, often as a result of legacy IT systems.
- As a result, most FI's use different databases for ID&V, AML and Fraud investigations, increasing complexity and costs.
Improvements can be achieved through:
- Being brutally honest about the actual overall cost incurred. Just one single desk in a large bank can cost 100,000 EUR in overhead spending before even hiring someone to sit there.
- Leveraging a single dataset throughout the entire client due diligence cycle.
- Workflow optimization: combining data in different stages of the process. Using a single third party for all steps of the process will hugely increase efficiency.
- Looking at digitization and automation for the end-to-end process rather than just the client facing front end.
Achieving a high-quality and sustainable Cost of Compliance
As the quality of compliance increases and its costs decrease, three megatrends are starting to emerge.
Firstly, a deeper understanding of the build-up of existing processes is emerging, making it simpler to pinpoint quality and cost bottlenecks. Using a benchmark model of industry data can be a helpful starting point and a great way to challenge internal teams on the efficacy and efficiency of the status quo. Secondly, building a resilient data superset implies retrieving and storing more data points on each client and being able to access the same dataset throughout the lifetime of a client. Building a holistic dataset that is available across departments will hugely improve efficiency problems in the back office.
Leveraging an end-to-end third-party KYC/AML vendor allows for a holistic view on the customer, not only improving efficiency at the point of onboarding, but also throughout the customer lifetime. Historically, the approach has been to take a snapshot of a client at a given moment in time. This data is quickly outdated and often becomes lost within the (legacy) systems of financial institutions. In a continuous KYC process, organizations build up a clearer picture over time, using each interaction with a client to recurrently link account holders and account users. This ultimately helps address the spike in financial crime driven by money mules and phishing attacks.
As regulators tighten their grip and digitization continues apace, banks and financial institutions are set to face new and unique challenges on a scale not seen before. By expanding automation and implementing a holistic data approach, organizations can ultimately transform their KYC efforts and unlock significant untapped value for their clients.
Find out how your enterprise stacks up against our cost of compliance model. Reach out to a Fourthline risk and compliance expert today.