Why is KYC so difficult?

I have wondered for a long time now: why does every bank do its own Know Your Client (KYC)?

For a long time my technology brethren have told me they have solved KYC.

They talk about shared utilities, outsourced services, digital identities and more.

The solutions are out there, so why aren’t they used?

Lots of reasons, but one of the big ones is that  banks are fearful of giving control of KYC to a third party as it creates massive risk exposure.

A bank that is caught servicing clients viewed as suspicious by a government (any government?) could compromise the bank and its reputation.

We have seen this already all too often, and hence the reason why banks are ejecting clients from their books en masse (as blogged about yesterday).

This is the hammer to crack a nut, as banks should be able to manage counterparty risk more effectively if their counterparties had clear digital signatures which could be passported between institutions.

This is the dream ticket: KYC once, and then have it capable of being re-used repeatedly by any other institution.

That is why PayPal works so effectively, as they have outsourced KYC to the banks.

Verify you have a bank account and that’s the KYC done, as far as they are concerned.

So why not have a KYC process that is performed once and can then be taken anywhere?

That is what is proposed by KYC Exchange and SWIFT for corporates.

By managing the KYC process of getting the information from the corporate tracked and verified, this should create a trusted identity that the corporate can use globally.

But then the question arises: can we trust the data has been verified effectively by a KYC Exchange or SWIFT?

And that is the reason why KYC is so difficult.

Banks view it as a return on risk.

There may be a high cost of processing papers and performing checks, but the offset to that cost is the risk of non-compliance and the fines that go with it.

When a bank could face a one-off fine from the US regulator of $1.9 billion, as happened with HSBC, then the risk of non-compliance is far greater than the cost of processing.

This means that, even with the best technology in the world, it will be a long time before we see banks sharing KYC information as a shared utility.

Nevertheless, it is beginning and that is the beauty of the intentions of KYC Exchange and SWIFT: to create a shared data service of KYC information for counterparties.

A little bit like a BIC Code and an IBAN, companies and potentially individuals will get a KYC code in the future.

This KYC code will be their digital identity that can be passported across banks and across borders.

Is this really too much to dream?