12/04/2022 Alexander

The Broken State of KYC

For financial institutions, KYC (Know Your Customer) and AML (Anti-Money Laundering) protocols are set to prevent financial crime. Banks, fortune 500 financial firms, cryptocurrency exchanges, and credit unions are required by law to comply by verifying the identity of their customers while doing business with them.

While compliance with KYC and AML might help in theory in the fight against money laundering, financing of terrorism, and other middle-of-the-road financial fraudulent schemes, compliance challenges have also emerged. The lack of a standard streamlined compliance procedure with safety measures protects against data breaches has introduced more problems than solutions.

Simply put, there is limited incentive for users to participate in KYC plus; the ever-growing cumbersome nature of KYC and AML compliance has proven to be more costly than useful even as security concerns arise.

In the cryptocurrency and decentralized finance sector, these challenges increase with the emergence of new inventions that require flexible KYC and AML regulations. Here is a look at some of the main pain points of KYC and AML compliance measures.

Privacy Concerns

KYC and AML protocols are set by the Financial Action Task Force (FATF) and the U.S. Financial Crime Enforcement Network (FinCEN) as a set of offensive tactics designed to curb crime. However, rarely are the long-term effects of these tactics discussed. For instance, social security numbers, government-issued identity card information, birthdates, and addresses can be stolen from the centralised servers where they are stored and be used to rob innocent individuals and their families.

Even if the data is not stolen from the financial organisation that collects it, some of these organisations can sell that data to third parties without the user’s permission. The situation is made worse by the fact that users of financial platforms lack solutions and alternatives that let them opt out of personal data collection, therefore, leaving them no choice but to trust the companies that collect their personally-identifying information.

Security Concerns

The severity of data breaches is rising even as studies by cyber security firms show a dramatic increase in the number of reported data breaches since 2020. According to studies, out of 3,932 reported breach events in 2020, more than 20 breaches exposed over 1billion records of information to criminals. This comes at a time when fines that companies pay for data breaches are also on the rise. With rising security concerns, regulators are increasingly getting more serious about organizations that don’t properly protect consumer data. For instance, the General Data Protection Regulation (GDPR) allows EU data protection authorities to charge a fine of 4% of a company’s global turnover. As a result, concern about the security of AML/KYC data stored by vendors and clients is also increasing. Given the rising penalties, crypto exchanges and eCommerce platforms are increasingly becoming reluctant to store AML and KYC data.

Process Inefficiencies

Nearly 100% of treasurers report that responding to KYC requests is more cumbersome and challenging than it was half a decade ago. Meanwhile, financial organizations are reducing their clientele to avoid lengthy KYC and AML processes. Various financial institutions also have to reach out to their corporate customers and search for incomplete information and data across multiple sources, adding to the complexities of compliance. Given the inefficiencies of KYC and AML data collection, the process of onboarding new corporate customers continues to worsen as the average onboarding took more than 30 business days compared to 28 just three years ago. Also, to meet regulatory requirements, financial institutions have to present this data in multiple formats often through bilateral exchanges with regulators which is not only inefficient but also time-consuming and costly. Overall, the cumbersome nature of KYC processes inhibits customer onboarding, with studies showing a 50% drop in users during the KYC process.

Growing Fines

The past year has seen a majority of the world’s financial institutions get record-breaking penalties for violating KYC/AML compliance measures. The changing landscape of KYC compliance has seen regulators impose stringent laws as the KYC/ AML world continues to evolve.

With the advent of the global coronavirus pandemic, a spike in fraudulent online activities increased across the globe leading to a need for more rigid regulations. Regulatory authorities ranging from FinTRAC to FinCEN and even the FATF to mention a few, have introduced increased KYC compliance rules that some financial institutions have failed to comply with thus incurring costly fines.

Goldman Sachs for instance, paid over 11 billion in fines after 12 cases of AML non-compliance were reported last year. Westpac Bank in Australia paid a fine of $1.3 billion after breaching AML laws and failing to employ financial monitoring. While these are some of the highest fines historically associated with AML and KYC compliance in traditional finance, cryptocurrency companies are also not spared, with reports showing a record $2.5 billion in penalties charged to crypto-related firms since the advent of Bitcoin.

More Sectors Require KYC

Despite the challenges affecting AML/KYC, emerging innovation as is the case with cryptocurrencies, decentralized finance platforms, gaming, non-fungible token (NFTs), and so forth will require appropriate KYC and AML procedures. Therefore, given the varying characteristics of these sectors, regulators will have to formulate new flexible compliance measures that platforms in the above-mentioned sectors will comply with. For instance, NFTs (while popular at the moment) are currently facing a rising concern of money laundering. Already experts opine that this and other new markets in the cryptocurrency and decentralized finance space are ripe for money laundering and criminals are bound to take advantage of it. However, it is anyone’s guess how long it will take regulators to formulate KYC/AML compliance measures for these emerging industries.

Conclusion: A need for Better Solutions

Nowadays we are talking about mobile-first KYC or DID – decentralised identity. The main objective is to perform certain processes on mobile, prior to accessing any services that require KYC information.  Some players are already starting with some good ideas like Blockpass, Civic and Gatenox. Notably with Gatenox the idea is that a customer does onboarding once and use it many times, KYC is conducted on mobile and any crypto business, loan provider, NFT market receives this instantly and zero (yes, apparently it is the price), pre-kyced, pre-verified information. If this is the case, the process could become much more efficient why?

  • Businesses can accept only low-risk clients.
  • Documents can be perfectly prepared so there is no friction in the process
  • Mobile phones are becoming computers and can run neural networks to perform certain verification like liveliness checks, not once but many times. Mobile solutions also allow much more sophisticated checks like reading ID cards, passports via NFC, verifying the physical addresses with IP addresses etc.

KYC/AML laws and penalties have never been as strong as they are today. However, criminals will use any emerging technology to adapt to new regulations and rules. With emerging technological innovations, regulators and financial institutions need to work together rather than against one another to formulate flexible defensive tactics that protect all stakeholders.