.svg)
With the recent opening for business of the Nordic KYC utility under the brand name of Invidem, the spotlight rests once more on these interbank projects and their usefulness for the payment firms that use them when taking on new customers.
The United States pioneered the practice of requiring financial firms to conduct know your customer (KYC) exercises on customers that they wished to onboard in 1999. In the following years, the Financial Action Task Force, the world’s anti-money laundering standard setter, called for it as well, generally under the name of customer due diligence (CDD), a term invented by the Basel Committee on Banking Supervision in 2001.
KYC has always been costly, labour-intensive and inefficient, as firms typically ask their clients to repeat the same KYC processes over and over again. It can also be a pain point for customers who need to repeat the process every time they wish to open a bank account, apply for a credit card or other payment service. In many cases, they abandon their applications altogether.
The solution to this problem, often supported by regulators around the world, is a KYC utility. This typically takes the form of a software firm.
Almost all such utilities are designed for the use of payment firms, banks and other financial services. If one payment firm discovers a few disconcerting things about a prospective corporate or private customer, this can be shared with all other companies using the utility.
In some cases, by sharing a KYC record of a customer on the utility's "exchange" or platform, it removes the need for other firms to follow the same process again. Capgemini has calculated that this can save the firms up to half of all their KYC data collection costs, although such computations are tenuous.
The Nordic initiative
Invidem simplifies the handling of information because its participants have standardised the ways in which they handle KYC-related data — a costly and difficult task.
Six banks — Danske Bank, DNB, Handelsbanken, Nordea, SEB and Swedbank — founded the firm in 2019 as a reaction to the scandals that rocked the Nordics the previous year when it was discovered that Danske Bank's branch in Estonia had laundered the proceeds of crime for Russian oligarchs.
In a sign of the complexity involved in such a project, Invidem, which launched last September, missed its original go-live window of early 2021. Its founding banks hope that membership of Invidem might eventually lead payment firms and others that use it to standardise the processes that they use to onboard customers and update KYC-related information about them from time to time, a process known as "ongoing due diligence". The original CEO of Invidem, Fredrik Millde, told VIXIO that the system is now working well, but the firm itself declined to comment on the grounds of commercial privacy.
Learning lessons in Singapore
Singapore's quest for a KYC utility, however, met with failure. Its story is nevertheless instructive. In February 2017, the Monetary Authority of Singapore (MAS) began work on a KYC utility for financial firms that it wanted to base on the government's MyInfo digital identity platform, which contains personal data that citizens submit to it.
It looked forward to the new platform following KYC processes "on a centralised basis [using] government-registered information based on client consent". It also thought that the platform would simplify and automate participating firms' KYC processes and make compliance less burdensome and more efficient for them. It wanted the utility to centralise the collection and validation of KYC documents and the process of checking customers' names against sanction lists and other blacklists.
In July of that year, the MAS announced that "a number of banks in Singapore have come together to build a joint utility for KYC processes. Robust KYC processes are the front line of our defences and they are by nature resource-intensive.”
According to the MAS, the utility was to be a KYC platform for banks to strengthen the adoption of best practices for screening and onboarding. It was to free up resources and allow banks to focus on the more complex aspects of customer due diligence and ongoing monitoring.
“A well-designed utility can also offer efficiencies of scale and reduce the need for customers to provide the same information to multiple institutions," noted the MAS.
The regulator also thought that distributed ledger technology could play a part. It said in October 2017: "DLT brings about opportunities for a shared industry-wide KYC utility that can verify customers and transactions in a more efficient and robust manner.”
The regulator also noted that OCBC Bank, HSBC and MUFC had “completed a KYC blockchain project to reduce the duplicity [sic] of KYC processes. The killer app for DLT is really in cross-border transactions."
It also revealed a pilot scheme with several banks to enable customers to open bank accounts online using MyInfo. Application times sometimes fell by 80 percent, although it did not divulge the average time.
By November 2018, the MAS was proclaiming that it had integrated the proposed KYC utility with the banks’ infrastructure. It added, however, that the project was at an end.
"The economics did not work out. Our proposed solution was going to cost more than the savings that banks will get out of it, so we have decided to take a pause on the project. We tried, we failed, we will learn and we will do better next time."
To add some confusion to the proceedings, it referred to the project as "corporate KYC", despite the fact that the exercise relied upon MyInfo, which is a repository of personal rather than corporate data. At times the MAS has described MyInfo as Singapore’s shared consumer e-KYC engine.
The Association of Banks in Singapore’s (ABS) post-mortem report blamed several things for the failure, complaining that "this subject matter is much more technically demanding and operationally challenging than appears from a cursory analysis".
It has been asserted, however, that most KYC facilities fail for reasons associated with cost. Singapore’s project overshot costs in all three main areas of outlay: the fixed costs inherent in setting up the platform and integrating the various components; the migration of historical bank data into the utility; and the changes that the banks had to make to technology and workflow to use the utility.
Lastly, a KYC utility relies on customers consenting to the posting of their data on platforms visible to many firms; together with the usual run of modern data protection rules, this is a problem.
Keeping the end consumer in sight
Despite the multi-jurisdictional nature of Invidem, KYC utilities tend to be national in scope rather than international. The management consultancy of McKinsey, which has made a study of the phenomenon, believes that a utility that banks, rather than software houses, set up is likely to fare better than one that a software house sets up because “most KYC vendors can cover only one function of the KYC process”.
Despite the failure in Singapore, the consultants argue that a utility set up with the help and encouragement of national authorities is better still. After all, they argue, regulators and financial intelligence units (FIUs) are always destined to be the end consumers of the intelligence that the facility provides.
