January

Outsourcing KYC is a good way for banks to safeguard their continued regulatory compliance and control spiralling costs, explains Toby Tiala, Programme Director, Equiniti KYC Solutions

In a bid to combat money laundering, market manipulation and even terror funding, the rising tide of conduct-based regulations continues to challenge banks globally. The cost of compliance – and non-compliance – is steep. The average bank spends over £40m a year on Know Your Customer (KYC) processes yet, in 2016 alone, bank fines worldwide rose by 68%, to a staggering $42bn.[1]

A double squeeze

Resource stretched mid-sized banks, in particular, are having a tough time. As regulators up the ante they are creating an operating environment increasingly conducive to fines. To cope, banks are expanding their compliance resources to mitigate their risk of transgression. Those with resource limitations are, therefore, the most vulnerable.

They are right to be worried. Since 2008, banks globally have paid a staggering $321bn in fines. Earlier in the decade, high profile money laundering and market manipulation cases caused the level of overall fines to skyrocket. After a brief period of respite (when governments and the Financial Conduct Authority backed off fearing industry suffocation), the fines have been steadily creeping back up. This time, however, big-ticket fines have been replaced by a far higher number of smaller penalties. Put another way, the regulators are now tightening a much finer net than before.

A bank’s ability to profile and identify risky customers and conduct enhanced due diligence (EDD) is critical to ensuring compliance with anti-money laundering (AML) law. This is no trivial task. Major banks are ploughing expertise into their KYC and creating proprietary systems dedicated to meeting the new requirements. Mid-sized banks, however, don’t have this luxury and are challenged by the need to beef up their resources. Applying regulations like AML4, PSD2 and MiFID II to complex legal entities like corporates and trusts is a convoluted business.

New focus

A large proportion of regulatory fines result from high-risk customers slipping through the cracks, usually stemming from ineffective beneficial ownership analysis, customer risk rating or EDD. This is especially common in complex entities with numerous ‘beneficial owners’ – something that has brought these individuals into sharp focus. A beneficial owner in respect of a company is the person or persons who ultimately own or control the corporate entity, directly or indirectly. Conducting KYC to effectively identify high-risk beneficial owners of complex entities is skilled and complicated work, to say the least.

Nowhere can the new focus on beneficial ownership be seen more clearly than in the EU AML4 Directive, which recently came into force, in June 2017. This directive is designed to expose companies with connections to money laundering or terrorism, and decrees that EU member states create and maintain a national register of beneficial owners.

Big impact

The growing focus on beneficial ownership is having a clear impact on banks’ relationships with their trade customers. According to research from the International Chamber of Commerce,[2]  40% of banks globally are actively terminating customer relationships due to the increasing cost or complexity of compliance. What’s more, over 60% report that their trade customers are voluntarily terminating their bank relationships for the same reason. That this could be evidence of the regulations working will be of little comfort to banks that are haemorrhaging revenue as a result.

The UK has already formed its beneficial owners register but caution is advised. The data quality still has room for improvement and the regulations make it clear that sole reliance on any single register may not translate into effective AML controls.  Mistakes – genuine or otherwise – may still occur but automatically checking these new beneficial ownership registers is a clear step forward.

The key for mid-size banks is to zero in on what will both enhance their KYC procedures and deliver clear and rapid visibility of high risk entities. Once established, this will enable them to manage their own risk profile, together with their customer relationships, and minimize the negative impact on their revenues.

Highly complex KYC and EDD activity can severely inhibit the onboarding process for new customers, often causing them to look elsewhere. The deepening of these procedures is making matters worse – it can now take up to two-months to onboard a new client according to Thompson Reuters[3], with complex entities usually taking the most time. Large banks have proprietary systems to accelerate this process but, for mid-sized banks, this is a serious headache; not only does it extend their time-to-revenue from corporate clients, it can also turn them away entirely, and lead them straight into the hands of their larger competitors.

Combine and conquer

For these banks, outsourcing their KYC to a dedicated specialist partner is a compelling solution. These partners have agile, tried and tested KYC systems already in place, are perpetually responsive to the changing regulatory requirements and have highly skilled personnel dedicated to navigating the KYC and EDD challenge in the shortest time possible. Plugging into a KYC-as-a-Service partner enables mid-size banks to seriously punch above their weight, by accelerating their onboarding of new clients to match (and often beat) the capabilities of large banks, dramatically reducing their overall compliance costs and helping them get ahead – and stay ahead – of the constantly shifting regulatory landscape. This, in turn, releases internal resources that can be redirected in support of the bank’s core revenue drivers and day-to-day business management.

It is clear that the regulatory squeeze is set to continue for the foreseeable future. Banks that have the vision and wherewithal to accept this notion and take positive steps to reorganise internally will not only be able to defend their ground against larger competitors, they may even turn KYC into a competitive differentiator.

Specialist outsourcing is fast becoming the norm for a wide variety of core banking processes. Few, however, are able to demonstrate as rapid and tangible benefit as the outsourcing of KYC.

Cybercrime is an ever-increasing risk for financial institutions. While the wealth management industry has thus far been less affected by major breaches than other sectors, wealth managers should be arming themselves with the right tools in the fight against hackers.

A DDoS attack is one of the biggest cyber threats currently faced by fintech companies. This ‘distributed denial of service’ occurs when cybercriminals flood a website with traffic in order to overwhelm it and shut down services. The very nature of their business makes financial institutions an obvious target for hackers; attacks are relatively easy to launch and smaller companies’ systems can be overwhelmed by them.

The motives for these attacks can vary but might include demanding a ransom in return for stopping the attack, or as a diversion to tie up security staff while hackers carry out a more significant assault. The good news for smaller companies is that, unlike their larger rivals, they are unhampered by cumbersome legacy systems. Agility, innovation and collaboration are key to combating cybercrime, and small firms can harness the power of cloud-based DDoS protection services.

It’s all down to your capacity

These services have a huge network capacity so they can filter out large amounts of DDoS traffic without being overwhelmed. This allows legitimate traffic from customers to get through without interruption. This can also be used to intercept scanning activity. ‘Scanning activity’ is used by hackers to attempt to scan a company’s computer systems by sending traffic to its network in the hope of finding software with known vulnerabilities that can be exploited.

Criminals may also try to gain access through social engineering. This often involves emailing or calling staff and tricking them into believing they are talking to a fellow employee. A workforce that isn’t sufficiently trained to know what to monitor for when it comes to phishing emails or other malicious tactics can leave its organisation very exposed.

While social engineering methods pose a major cybersecurity risk for any company, these malicious techniques are theoretically a greater threat to larger organisations with bigger workforces that are harder to train and monitor. Nonetheless, firms of every size and scale should have effective training and processes in place to help mitigate risks.

Combat the criminals

Increasingly sophisticated tools are available to combat the criminal on the street trying to log into, for example, a victim’s online banking or investment portal. A large number of financial services firms now use ‘panic password’ technology to protect their clients, whereby you can enter a special PIN code (i.e. not your actual password) if under duress, that will automatically notify your security teams that you are being coerced. Further to this, the app will appear to continue to work ‘normally’, leading the attacker to believe that they are able to steal funds and transfer them to a particular account.

Another way in which providers can protect clients is via two-factor authentication. Many large financial institutions require some extra information in addition to a password to log on to a service, often a one-time password or PIN that is sent to the customer’s phone via a text message or generated by an app on their smartphone. Other companies offer dedicated security tokens that generate a shortcode on a built-in screen.

Two-factor authentication provides better security than a password alone because even if a hacker can guess a user’s password, they can’t use it unless they have the smartphone or security token as well. This type of technology is relatively low cost, making it perfectly feasible for smaller fintech companies to implement. And in a world that is seeing an alarming rise in the size and scale of cyber attacks, firms must take every step possible to mitigate exposure.

Dmitry Tokarev

Chief Technology Officer, Dolfin

Everyone has a digital identity that represents you as a unique individual. But, says Dr Michael Gorriz, group chief information officer at Standard Chartered Bank, that which distinguishes you in the physical world is generally irrelevant to how you are identified in the digital one

The challenge for banks, technology firms and governments is how to make it easier and safer for people to identify themselves online while allowing them control over and giving consent for use of their digital identity (DI). These days, you are asked to create a new login when you apply for each new service, so you potentially have to log in your details a few times a day and remember multiple passwords. A universal DI for everything would make life much more convenient.

Passports, driving licences, birth certificates – documents that identify us in the physical world will no longer be necessary. A business trip or vacation would be a seamless experience, where passport control may no longer be required, and banking services will be a breeze because of robust and trustworthy KYC (know your customer) processes.

Some governments have taken the lead as part of their development of digital economies. With Singapore’s MyInfo one-stop database of personal data, citizens can apply for government services or open a bank account without filling in multiple forms or providing supporting documents. India’s Aadhaar project provides a unique ID to each citizen so they have access to healthcare services, education and government subsidies. It is a key driver of socio-economic development and ensures benefits directly reach unbanked pockets of the population.

The role of financial institutions

Banks need to give their customers a seamless and convenient experience. That is why Standard Chartered has participated in pioneering DI initiatives such as PayNow in Singapore which makes peer-to-peer payment easy as it only requires your national ID or mobile number. The development of a universal identity system needs robust processes to recognise and authenticate a person’s data. The system also has to work for myriad institutions with complex, interconnected operations across different geographies.

Financial institutions including banks have traditionally performed the role of custodians of data and have established cross-border operations, so are well-positioned to support the creation of DI systems. Banks are also incentivised to collect accurate data because the viability of their business depends on it.

New anti-money laundering directives and KYC rules mean regulators expect financial institutions to maintain high standards for identity verification of new and existing customers. To that end, Standard Chartered has started a proof of concept with fintech firm, KYC Chain, to improve our client onboarding process. The project, which uses blockchain technology, can recognise and verify identities of clients in a reliable way. Blockchain allows entities independent of one another to rely on the same shared, secure, auditable source of information.

Who owns the data?

Any universal identity system should allow the ownership of personal data to lie with the individual, who chooses what information to share to gain access to services. Bblockchain, the distributed-ledger technology behind the digital currency Bitcoin, has been seen as providing a potential technology solution.

With about half of the world connected to the internet, having a DI is in some quarters regarded as a fundamental human right, because proof of identity is required to gain access to a range of services. Achieving a universal DI would have many advantages but making it work would require cooperation among financial institutions, governments, technology companies and more. The benefits in terms of cost, time and user satisfaction are so great that we are optimistic a comprehensive and holistic solution may not be too far in the future.

The concept of cloud is now firmly established among corporate decision-makers. But, rewind ten years, and the mere mention of cloud would have been met with a furrowed brow. Times have changed, and for many, the adoption process went from never, to maybe, to we need it now.

This main catalyst is that today’s world needs a new approach. For companies trading in complex markets like commodities, price fluctuations, increasing regulation and geopolitical uncertainty are the new normal. Add in increasing operational intricacy and an explosion in structured and unstructured data volumes, and it’s clear that a technology that enables precise risk management, scalability and data-enriched transparency is a must.

For firms exposed to these markets, the possibility of cloud has largely been dictated by the availability – or, until now, the unavailability – of solutions that offer the rich functionality they need.

Now, a truly enterprise-level trading, treasury and risk management cloud solution exists. Breaking down the siloes between these functions will profoundly transform the way companies respond to customers, manage risks and run their business.

Robust, secure and flexible

A cloud solution means less hardware to manage, freedom for IT teams to focus on value-added projects and the ability to match operating costs with business demands in a much more agile way. It means a platform that’s built to address today’s security challenges, with cloud operations typically offering much more robust, expert security than on-premise installations.

But the transformation goes much deeper. With a cloud solution that combines exceptionally rich functionality with vast, almost unlimited, computing power and extreme flexibility, traders and risk management departments are empowered. For the first time, the infrastructure can scale to meet peak demand, and scale back again. Firms have the resources to complete analysis of and report on, previously unimaginable volumes of data, faster, to understand current VaR or P&L, without relying on an overnight run based on yesterday’s positions. They’re able to manage volatility in real-time. And they’re able to act on accurate real-time views of risk and take full advantage of the opportunities presented. Actions that were simply a pipe dream until recently.

A deeper transformation, not a pipe dream

From a finance perspective, cloud provides the springboard to shape how the business operates, by providing accurate data to the board to influence decision-making – data that has for too long been largely unavailable. This enables firms to develop strategies and carve out competitive advantages without being constrained by long lead times, or the costs and bureaucracy required to scale up their infrastructure and support capabilities. For the first time, chief financial officers (CFOs) can rely on the data they receive to get an accurate picture of cash flows and liquidity when it’s needed. Treasurers can shift their focus towards the annual capital allocation process, earnings and capital at risk. All of this makes it a far more strategic function.

Ultimately, the need for agility, scalability, security and flexibility will only be met through cloud deployments. In the near future, on-premise alternatives will struggle to deliver what a modern firm needs, and in a very short time, companies will have to search far and wide for reasons not to move to the Cloud.

By John E. O’Malley, CEO, Openlink, in conversation with Marco Scherer, Head of IT, Uniper

Sub-Saharan Africa is, today, the second fastest growing region in the world– and home to some of the most exciting emerging markets on the planet. These emerging markets, combined with frontier markets of equally great potential, “present a future cross-border trade and economic environment that could, one day, emulate Asia in diversity, opportunity and growth,” says Vinod Madhavan, Group Head of Trade for Standard Bank.

Efficient, effective and sustainable trade structures and technologies are central to achieving this vision for growth – and also for alleviating the poverty that still grips many parts of the continent.

Economically excluded populations can be rapidly included in meaningful economic participation by growing sustainable and inclusive domestic, regional and global trade value chains. Trade has the potential to drive inclusive growth in Africa by leveraging new technologies – especially in information – able to link sustainable African industries with a new generation of global consumers.

Now has never been a better time for Africa to sustain growth by taking charge of its own growth momentum, by rapidly expanding the continent’s internal and cross-border cash, trade and securities capabilities. This will, deepen local capital markets, enabling the development of sustainable, diversified and inclusive domestic economies through cross-border trade.

To achieve this vision, however, the information that Standard Bank has access to, across its 20 markets shows how important it is that legislators get the cross-border and policy basics right. At the same time, Africa’s financial institutions should look to developing the digital and sustainability solutions necessary to leverage the continent’s potential.

 Cross-border 

Cross-border integration (of production, supply and markets) through trade, drives the rationalisation of standards, the efficiency and growth of markets, and the diversification of economies – naturally.

Creating the financial markets that allow this evolution to happen is critical for Africa to successfully claim a greater share of global productivity – and the trade networks that support these.

 Progressive policy 

Africa will not, however, realise the benefits of regional and global trade without, at the minimum; liquidity, access to capital, progressive foreign exchange regimes, and clear tax systems. Being supported by; rational infrastructure, agile labour policies, relevant education and efficient customs and excise rules coordinated by regional trade bodies, will free Africa to expand growth internally – while continuing to attract foreign investment.

 Digitisation 

From a cash, trade and investment services perspective, Standard Bank is seeing a lot of evolution in digitisation being driven by our clients and their customer. As the various players in the client ecosystem – i.e., producers, suppliers, service providers – push the bank’s clients to adopt cheaper, more digital, technologies. The bank’s clients also expect the bank to be able to operate and deliver across these platforms.

Our clients continue to search for operational efficiency (especially in a largely paper intensive trade finance business) and hence we expect to see increased adoption of digitisation and digitalisation in trade (across the physical supply chain, the financial supply chain and the documents chain). Technologies such as Blockchain naturally lend themselves in realizing benefits from the digitisation of financial supply chain and documents chain (that secures the documents legal transferability while drastically reducing delays in couriering etc.).

Keeping close to clients, especially in Africa where mobile and other such digital solutions are evolving independently – and often ahead of the rest of the world, places Standard Bank in a position to observe these evolutions first hand – and then evolve solutions that support these digital needs.

Getting this right requires a culture without a territorial or parochial view of innovation and technology an innovative culture completely at home with the democratic and universal culture of today’s digital consumer, client, customer or business person.

 Sustainability 

Since the competitive management of trade information, in the modern age, includes end-users being aware of how sustainable products and services are developed and delivered, businesses also need to develop clear, transparent and fair procurement and production environments – that are sustainable over the long term says Mr Madhavan. While the growing importance of sustainability in business and trade is a challenge in many parts of the world, in Africa the shift to sustainability presents the continent with a myriad of opportunities to develop new, clean and efficient industries – from the ground up.

Standard Bank, as one of the two African banks signatory to the Equator Principles on sustainability in banking and finance, is acutely aware of the opportunity that the global sustainability movement offers Africa. Standard Bank is also the only Africa bank currently involved in the Sustainable Trade Finance working group constituted by ICC (International Chamber of Commerce, Banking Commission).

Getting sustainability right is likely to place Africa at the epicentre of a new global trade in sustainable products and services. This will have profound implications for growth and inclusiveness on the continent.

Standard Bank is ideally placed to help Africa achieve this vision by deploying its technological, policy, market and human insights – built up over 154 years and now present in 20 markets – in the development of a cross-border trade environment that drives inclusive growth and effective global competition in a rapidly changing global environment.

Vinod Madhavan, Group Head of Trade, Standard Bank

Amit Kumar is Senior Principal with Infosys Consulting.

Most success stories around Robotic Process Automation (RPA) are larger than life: cost savings of 60 to 80 per cent, projected ROI in three digits, or turnaround times that go from days to minutes. But there is a flip side to consider: 30 to 50 per cent of initial RPA implementations fail.

In the financial services industry and in other industries, the reasons for the underwhelming performance of RPA range from lack of scalability and excessive reliance on IT to inadequate preparation to unrealistic expectations and short-term thinking. Also, a big problem is that enterprises often choose the wrong processes for automation.

Still, the financial industry is understandably excited. According to arecent global study, 33 per cent of major enterprises, and 44 per cent of banking and financial services companies, have committed serious investments in RPA within the next two years.

Implementing RPA in large financial services organisations takes careful consideration and diligent planning. The following is a list of top ten tips for selecting processes for RPA to help guide financial services organisations to successful implementations:

1. Assess processes consistently across the enterprise: rather than shopping for use cases at random, enterprises should employ a standardised, “top down” process hierarchy to assess the right candidates for automation.
2. Estimate effort accurately: enterprises should base their business case for RPA on current and accurate data on the effort, number of steps, and manpower needed to complete different processes. This assessment relies significantly on inputs from process subject matter experts, and would also benefit by factoring the results of time and motion studies, activity based costing, and average handling time/ effort analysis.
3. Minimise process variation: a number of RPA implementations go over budget and miss deadlines because processes vary so greatly. Financial services organisations should address that by mitigating the usual causes, such as multiplicity of systems and interfaces; variation in the extent of process centralisation across different country operations; proliferation of country-specific processes shaped by legal or local requirements; and lack of standardisation in the formats and processes employed by different vendors.
4. Build a solid business case: broad brushstrokes and gut feel have no place in process selection. Rather, the decision should be grounded in a comprehensive business case, which takes all costs, benefits, complexities (e.g. number of systems, data types etc.) and risks (e.g. legal, regulatory etc.) into account.
5.  Factor in other strategic technology and business programs: large organisations have many simultaneous digitisation initiatives, which may impact some of the processes selected for robotic automation. It is vital to take that into consideration before going ahead with RPA.
6.  Think end-to-end: in RPA, the sum is greater than the parts. When assessment is conducted in silos, a process that occurs in or draws data from two or more functions is in effect treated as two (or more) separate processes. This is suboptimal from an automation standpoint. For example, a key process called balance sheet control is part of the financial controller’s domain. However, to make up the balance sheet account totals, the process needs transaction data from other functions, which is sent to the finance team for reconciliation. An organisation trying to automate ledger “proofing” without an end-to-end view will automate only the activities of the finance function, leaving all the feeder activities in the other functions to be performed manually or automated in a separate exercise.
7. Measure complexity, so you can manage it: since no two RPA use cases are of the same complexity, enterprises cannot base their calculations on general assumptions. They should create a continuum of activities that are graded by complexity to assess feasibility and decide priorities.
8. Include solution analysis in process assessment: after assessing the complexity and nature of a use case, the organisation should analyse the various solutions available to identify an appropriate toolset. This has a direct bearing on the business case since implementation costs and timelines vary by tool.
9. Review and redesign: walking through a process will help to identify its pain points. The enterprise should then try to determine the “dominant root cause” of each before proceeding to redesign the post-RPA process. For instance, are pain points caused by policy and procedure, organisation design, or poor error detection.
10. Perform assessment in “sprint” mode: often, organisations try to complete the assessment and identification of use cases in a single iteration, which creates a long gestation period until implementation by which time the opportunity might have stalled or the process itself might have changed. There is also a risk of misinterpreting or dropping information required for the implementation. The ideal approach is to take up RPA in “agile mode” – maintaining a process backlog that allows the development team to plan for the next few sprints as well as account for any feedback from the previous iteration.

Here’s an example of a large financial services company, which turned around an RPA implementation that was headed nowhere. The company’s shared services unit had run into serious problems with its robotics-led initiative, which had not operationalised even a single process yet. The reasons for this included wrong selection of processes, unrealistic cost saving expectations and a team that was totally unprepared for the job.

The company then with some help from external partner set out to define the right RPA demand generation model, compute the business case, design the post-implementation operating model and flows, and execute the project in agile mode. Thanks to this exercise, the unit now has a clear line of sight into RPA backlog and a sound business case. Having found the right RPA solution, it is now implementing several RPA projects and is on the way to meeting its cost saving targets.

Following as many of these tips as possible, financial services organisations should identify the right automation tool and partner to achieve their goals.

I do not pretend to be an expert in Distributed Ledger and Blockchain technology, however, I do see the huge potential in it. Although, in my opinion, currently only a select few can truly understand how the technology works and its applications, the same can be said about the internet, mobile phones and computers, back in the day. We live in an age where data is king and any move to protect that a good one, surely?

As mentioned, I do not hail from Silicon Valley and my first language is not Javascript. My job is to look and analyse investment trends and find ways to grow and protect my clients’ wealth. It is very apparent that over the last few years, cryptocurrencies like Bitcoin and Ether have been an increasingly popular ‘alternative’ to fiat currencies. It is very difficult to get the exact figures but I think it is safe to say that there have been more first-time investors, men and women who have never invested before, in cryptocurrencies than any other asset class. But do they really know what they are investing in?

The technology, and as a result, the currencies, were originally intended to form an easy way to make payments without the middleman taking a cut of your hard earned money. How long has it taken for that to fall by the wayside? Cryptocurrency exchanges are charging around 4% to buy and sell cryptocurrencies which is completely contradictory to why it was initially developed. And so begins other people making money off the back of new technology.

You may not be so lucky next time

I have seen my fair share of tech bubble bursts so am fully prepared for what is to come. I have experienced it first hand and I have to say, it is not pretty. I was one of the thousands and thousands of people who invested heavily in these new tech companies back in the late 90s and early 00s. I was also fortunate enough to have got out just at the right time because I was buying my first property. I know the signs and what I predict is a “Cryptocrash”.

The huge valuation of the currencies are not sustainable and with previous tech crashes, we have seen drops of around 90%. We have no reason to disbelieve that this won’t happen again. Mark my words – Cryptocurrency will be the next 2001 telco crash or the 2000-2002 dot-com crash. We are seeing the same symptoms – volatile spikes and crashes, huge amounts of money being invested, huge valuations. The fact that most savvy spokespeople and investors have all said that they do not know which way this is going to go should ring a few alarm bells.

Those in their 20s have never experienced a crash in the market before so they believe the hype and drive it up even more. You learn through experience in this game and the longer you go from a crisis the higher the number of market participants have never experienced a crash – this fuels the bubble further and means when the crash comes it will be much larger.

It doesn’t end with cryptocurrencies

It is not just cryptocurrencies, companies like Monzo and Revolut are developing pioneering technology but how long will they last? How long before the technology they develop is benefitted from by others? Ask Jeeves, Alta Vista, Lycos, AOL – same thing happened – the charts look almost identical to that of Bitcoin, Ether, Litecoin. The technology behind them was pioneering, however, other people benefitted from the development and where are they now?

We are living in very interesting times and are currently entering a behavioural finance phase driven by a herd mentality. This has the potential to be catastrophic but there will be lots of opportunities available. The real value and longevity is in the technology, not Cryptocurrencies. I predict the crash happening within the next 18-24 months. In the meantime, ride the wave but be prepared to cash out.

By Haig Bathgate, Co-CEO of Tcam Asset Management