Business
Potholes Encountered on Recent KYC and AML Journeys
Global Banking & Finance Review®
Company
By Rupert D.E. Brown, CTO Evidology Systems
Continuing attempts to improve Know Your Customer (KYC) processes and Anti Money Laundering (AML) controls would appear to be very fragmented and not done in collaboration with businesses and the representatives which must operate within them.
Target Organisations
Established UK High Street banks and their more recent “challenger” new entrants to the market seem to have focussed their efforts solely on creating new “sole trader” accounts. These accounts often promise a quick account onboarding process that can be completed solely on a mobile phone.
These new systems are almost fully segmented from their established customer base, especially small family businesses and not-for-profit organisations that may span several generations and have directors and authorised signatories dispersed throughout the UK.
Behind the scenes, some of the Big 4 High Street banks have been replacing their CRM systems as well as reviewing the commercial value of their business account base. To achieve this, they have made the decision to force their customers to completely re-enter their business details, including director and shareholding information that is electronically available from Companies House. A number of small businesses have gone through this process only to find that, once cut over to the new CRM system, statement addresses became completely garbled after decades without issue. This poor data quality has been reported to the FCA on many occasions, but it has yet to take enforcement action.
Companies House
Whilst Companies House has provided API access to its Director, Shareholding and Annual Return information for some time, it admitted in a Freedom of Information request earlier this year that it kept no records of which organisations were using its service or the growth/volume of usage. Small businesses who have complained to the High Street banks about problems with repapering and inconsistent use of Companies House data have received admissions from bank staff that their current usage of Companies House data is largely manual and sporadic.
Identity and Technology
Banks and Governments have placed significant faith in AI and Encryption technologies, particularly hoping that they will deliver much more concrete identity verification. But who can be a definitive owner of identity — commerce or the state? The new generation of KYC systems mentioned earlier have significant teething problems — users cannot be confident when they upload a passport scan from their mobile phone only to be told the file is too big, an occurrence which has happened to this author on more than one occasion. Disabled customers with mild cerebral palsy or early stages of Parkinson’s disease have significant problems keeping a mobile phone steady whilst a “live” camera picture is compared with a scanned ID photo.
Two factor authentication is inconsistently designed, implemented, and deployed by banks — many people these days have multiple mobile phones or replace them regularly due to damage or market/tariff churn. At least one UK high street bank has a synthetic password hash generator tied to a single device which entails a significant reinstallation process when the phone or SIM is changed. Another gives away a dedicated PIN generator device that is tied to a specific user with a sealed battery — what use is this if a business has multiple branches or the battery runs out ?
Longevity and Obsolescence
The Covid pandemic has been a significant catalyst for reducing cash transactions in all areas of UK society. It is now possible to buy a contactless payment terminal with a merchant contract for less that £20. However, the recent shutting down of the 3G mobile signal by most of the UK telecoms providers has rendered many of these devices and utility smart meters obsolete. How long should we expect the next generation of KYC and AML services based on mobile devices to last and what contractual obligations are in place to maintain them?
Mobile and Wireless Ubiquity.
As we enter the first full summer of outdoor events and festivals after the pandemic, the need for reliable contactless payments is still a challenge, especially for smaller organisations that rent venues and must rely on the availability of sufficient WIFI or mobile signal to enable electronic transactions. If we are really to achieve a cashless society, there needs to be both a measurable standard and certified/accredited testing regime to facilitate this.
In summary
KYC and AML proponents continue to place significant faith in technology, especially in a world of a highly mobile consumers and “always on” connected devices. However, in reality technology is the easy (and cheap) part of the KYC and AML journey — thorough service design, testing, operational resilience and rigour, coupled with proactive customer service, continue to need significant work.
KYC stands for Know Your Customer, a process used by banks and financial institutions to verify the identity of their clients to prevent fraud and ensure compliance with regulations.
AML stands for Anti-Money Laundering, a set of procedures and regulations designed to prevent criminals from disguising illegally obtained funds as legitimate income.
Two-factor authentication is a security process that requires two different forms of identification before granting access to an account, enhancing security against unauthorized access.
Data quality refers to the accuracy, completeness, reliability, and relevance of data, which is crucial for effective decision-making in financial services.
Explore more articles in the Business category
