If there’s one area where compliance officers in the financial sector need all the help they can get, it’s the Know Your Customer (KYC) regulations. Take just the example of Iran, until very recently the official pariah of the financial community because of its designation as a rogue state.
Perversely, it was much easier for the compliance department to deal with Iran when it was on the banned list, because practically no kind of financial transfer between a firm and the country was permitted. But now that last year’s deal over Iran’s nuclear program has resulted in the lifting of certain trade sanctions, it’s gotten more complicated.
It was only in April that the regime of the reformer Aung San Suu Kyi, now the de facto prime minister, effectively took over the running of Myanmar. Observers think she will have her own ideas about who should be on the list of companies banned for human rights violations
As banks and other firms in the Asia-Pacific region are discovering, the bad guys are exploiting the situation to launder money under the guise of conducting legitimate trade with Iran. Making things more complex, global regulators cannot agree on which Iranian companies are no longer sanctioned and which still are.
As Henry Balani, head of innovation at global compliance consultant Accuity, pointed out in a blog post earlier this year, confusion is rife with “corporates and financial institutions struggling to cope with ever expanding compliance programs to satisfy all aspects of their AML [Anti-Money Laundering] policies.”
The fight against money laundering eventually reduces to Know Your Customer regulations that are among the most difficult of the new wave of regulations to enforce. And the stakes are high.
Banks in Asia, as elsewhere, have been warned by the giant US clearing institutions that their US dollar-based accounts will face the scrutiny of regulators if they do business with the wrong people, even if done mistakenly.
Arms and the compliance officer
As a result, KYC due diligence now requires the compliance department to become expert in such specialist areas as the kind of goods that are being traded between Iran and counterparties, as well as the nature of the financing employed to fund these trades.
For example, they must be on the lookout for products or raw materials that can be used for military purposes. This is a tall order. It may presuppose a working knowledge of the application of physics and chemistry, among other disciplines, in the manufacture of arms.
Iran is still subject to so-called primary sanctions involving some of its state-owned companies. For practical purposes, that means American individuals and companies cannot engage with these proscribed organizations, although non-US individuals and companies can do so in certain circumstances.
And that’s just Iran. At an Accuity-organized compliance conference held in Singapore in March, participants were reminded of their obligations in relation to perennial rogue state North Korea and slowly rehabilitating Myanmar, among other countries on which global regulators are keeping a close eye.
So when is engagement not permitted? In cases of “aggregate ownership”, meaning when the beneficial owner(s) are on the banned list. It’s just another definition with which compliance officers must become familiar.
If anything, Myanmar poses more of a problem. Because of the country’s long-running corruption and other problems in banking, Singapore has become the default finance center for this former rogue state. Dealings are now allowable, but only under specific exemptions and licenses applying to individuals and companies.
However, the problem here is the true ownership of what are often significant companies in key sectors. Some of these firms may be in the hands of people who are on the watch list of the US Treasury Department’s Office of Foreign Assets Control (OFAC), because they have committed serious violations of human rights.
The only way to find out, explains Accuity’s Lara Macnamee, is to undertake a thorough and certainly time-consuming exercise in due diligence that aims to identify the ultimate beneficial owner. Only when the results confirm that the individuals concerned are legitimate can a Singapore-based company do business with them.
The arrival in Asia of two platforms – kyc.com, a service supported by Standard Chartered and Deutsche Bank, among others, and KYC Registry, a centralized depositary developed by bank messaging platform Swift – should accelerate the process of standardization
Yet, like much else in KYC, this may be changing as we speak. It was only in April that the regime of the reformer Aung San Suu Kyi, now the de facto prime minister, effectively took over the running of Myanmar. Observers think she will have her own ideas about who should be on the banned list – and her list may be tougher than OFAC’s.
In such an elusive environment, it’s obvious that all possible KYC data should be right up to date and preferably shared on common platforms. Yet until very recently the entire KYC task across Asia has been bedeviled by conflicting systems.
A recent survey by compliance service kyc.com suggests that more than 60% of financial institutions across Asia run mutually incompatible systems, a situation that has resulted in wholesale termination of customers and refusal of new ones for often arbitrary reasons.
“One of the biggest challenges in conducting KYC in Asia is the regional variation for cross-border compliance,” explains David Fleet, Standard Chartered Bank’s managing director of client onboarding and management.
But help is at hand. The arrival in Asia of two platforms – kyc.com, a service supported by Standard Chartered and Deutsche Bank, among others, and KYC Registry, a centralized depositary developed by bank messaging platform Swift – should accelerate the process of standardization.
Hong Kong and Singapore adopted kyc.com in February, for example, and other countries are following suit. Over 550 banks in the Asia-Pacific region already use Swift’s KYC Registry.
In addition to the formal regulatory agencies, the ever-vigilant Transparency International, the global coalition against corruption, is watching closely how KYC is applied.
Surprisingly, Australia is one country in the organization’s sights. In January the watchdog expressed its “grave concerns over Australia’s efforts to fulfil its commitments” in terms of money-laundering, citing the 2015 review of the Financial Action Task Force.
The powerful inter-governmental body warned that Australia remains an “attractive destination” for corruption-related capital, for instance in the form of finance pouring into real estate from across the Asia-Pacific region.
According to Transparency International, Australia has a “weak framework” for implementing the rules on beneficial ownership. Australia is not alone though – China and South Korea are also said to have deficiencies.
Still, all kinds of innovative solutions are coming to the rescue of compliance officers, the latest being a kind of do-it-yourself KYC whereby customers produce a “selfie” or a voice match as a means of identifying themselves online.
Australian verification specialist Vix Verify’s system, called greenID, already allows banks to confirm the identity of clients through customer-embedded biometrics and other techniques in a way that satisfies regulations relating to KYC, AML and Counter Terrorism Finance.
Next up: voice and face-matching technology. All the customer will be required to do is hand over a scanned image from their passport or some other ID and then follow up with a real-time selfie.
Anything that lightens the KYC burden will be welcomed.
About the Author
Selwyn Parker is an author of books on finance and business topics, a specialist in financial history, and regular contributor to newspapers and magazines, including Wolters Kluwer's financial services news. His latest book, The Great Crash, is a new history of the Great Depression that, among other things, explains the rise of regulation in the form of the SEC and related authorities.