A more sustainable AML

With the ever-growing cost and regulatory burden on the global financial services industry, banks cannot afford to overlook their anti-money laundering (AML) and know-your-customer (KYC) lapses. Yet, the picture hasn’t changed much from the heavy US$ 8.9 billion fine on BNP Paribas in 2014[i] to the recent US$ 70 million penalty on Citibank in January 2018[ii]. AML and KYC related lapses continue to make news headlines.

This is a strong indication that global banks haven’t reached an optimal state in creating robust AML and KYC related policies and systems. The current response in the financial services industry has been centered around tightening AML and KYC policies – emphasizing the concept of de-risking by adopting overly stringent KYC policies that impact customer acquisition and profitable businesses and relationships,[iii] and compliance workforce expansion, which increases their operational costs and poses sustainability concerns to senior management[iv].

Given the concerns over sustainability and effectiveness of these reactive responses, financial institutions are now starting to explore more proactive ways to increase their efficiencies and reduce costs through innovation and adoption of emerging technologies. This has led to financial institutions’ growing interest in, and partnership with, regulatory technology start-ups – known as Regtechs.

Regtech solutions leverage technologies such as cloud computing, machine learning, blockchain and advanced analytics to help banks reduce physical infrastructure and automate manual processes, ultimately making financial institutions more efficient and effective in complying with regulatory controls to combat money laundering and terrorist financing.

With a myriad of Regtechs providing solutions to help financial institutions better manage AML and KYC risks, this article will delve deeper into how Regtechs are contributing to shaping a sharing economy in the AML industry, where an inclusive ecosystem consisting of banks, customers, regulators and third-party service providers contribute and collaborate across borders to make the process more efficient and effective as a whole. In particular, we will introduce blockchain-powered Regtechs that have been gaining heavy traction in the industry along with a more novel Regtech that adopts a futuristic approach to address financial crime issues in an entirely different way.

Shared Utilities – from separate to single identities

Traditionally, a customer did not have an online identity that is independent of the organization that is providing products or services to the customer. Each organization has its own identity systems and the barriers between these systems mean that each individual may end up with hundreds of online personas each with its own identifier and attributes. Currently, banks’ KYC processes require every customer to provide separate information to every financial institution they deal with. These complex and often redundant processes keep the KYC maintenance costs high and create pressure to extend the infrastructures.

To ease the burden on both banks and their customers, several solutions based on a shared utility model sprang up, offering a pay-as-you-go service to banks that allows customers to upload the required information and documents to one single and secure portal that only authorized institutions such as banks and government authorities can access. This means that all the necessary identity information for client on-boarding is available to banks in one central and secure location. SWIFT’s KYC Registry and Thomson Reuters’ KYC as a Service are two examples of shared service-utility models.

However, these solutions have one key risk of being a single point of failure as all customer information is stored in a single database. Shared identifiers, like browser cookies, allow personal information to be accumulated and correlated behind our backs. Ongoing hacks, such as the recent Equifax hack[v], convincingly show that big centralized stores of personal information pose serious security concerns.

Blockchain applied to KYC Solutions – from centralized to decentralized

The serious security concerns posed by centralized databases makes one question the use of centralized databases and wonder if there are more secure ways to maintain shared utility solutions. The answer lies in one of the most promising technologies, blockchain. Blockchain is set to transform the compliance landscape. With the emergence of the blockchain technology, Regtechs such as KYC-Chain and Cambridge Blockchain (both Accenture Fintech Innovation Lab graduates) have created platforms that remove the third parties by allowing the customer to take ownership of their personal data from data submission and validation based on checks by independent trusted parties, to granting access to different financial institutions with full transparency on the access rights and usage of the information.

KYC-Chain has taken a step forward on their vision of transforming the KYC process. It has created an end-to-end digital identity solution by launching SelfKey, which by utilizing blockchain-based distributed ledger technology and a series of cryptographic protocols, aims to empower consumers to entirely own and manage their own identities and share only necessary information to other parties without the need for intermediaries – a concept the founder calls “Self-Sovereign Identity.” The vision of SelfKey is essentially to create an entirely digital ecosystem through the application of blockchain, whereby individuals and organizations can exchange identity information directly with other individuals and businesses securely and efficiently. In the context of KYC, the SelfKey ecosystem has the potential to be a decentralized version of “Facebook” – but the persona is fully and independently verified as true by qualified entities such as notaries public, public utility enterprises and government agencies – where one has complete power and ownership over her unique digital identity and is able to use it as a sole digital profile to sign up for an entire array of financial, corporate and immigration services currently requiring traditional means for sign-up, such as visits to the bank or sharing documents with multiple banks at multiple times. For organizations, the potential benefit is even greater. Through a company digital identity profile created by linking shareholders, directors and secretaries’ identities, and with authorization of each individual identity owner, organizations can seamlessly request multi-level verification and prove multiple ownership levels and complex corporate structures, which is currently time-consuming, difficult for them to prove and for relying parties to validate.

Yoti is another example of a Regtech focusing on an end-to-end digital identity platform. This UK-based technology company allows the user to take a selfie and a picture of their identification document with their smartphone and upload them to a free mobile application. Once the information has been verified, the customer can use their profile on Yoti for anything that requires identity verification, such as setting up a bank account (provided that the company requesting identity verification partners with Yoti). Since the customer’s Yoti profile has been verified, the bank does not need to go through the usual KYC process and can leverage the KYC done by Yoti. While the Yoti system is currently not utilizing blockchain technology, the company recently demonstrated a proof-of-concept on powering digital identities via a more advanced evolution of blockchain technology called Hashgraph. The company believes that Hashgraph is more apt at handling requirements of a truly global identity platform with an even higher level of security, speed and cost effectiveness and is a much advanced blockchain technology.[vi]

It is not yet clear which digital identity platform will become mainstream in the next few years, but in contrast to the data stored on the centralized shared utilities, the immutability of distributed ledgers provides banks with a far more reliable source of truth for customer identity and background that can easily be audited for changes.

These new digital identity solutions offer four key benefits to banks:

Potential to significantly shorten the client-onboarding life cycles, thereby improving customer journey of opening bank accounts and subscribing to additional products; Improved ability to monitor and detect suspicious activities based on the verified and reliable KYC data; Reduce KYC operations costs; Effectively navigate the data protection and privacy regulations as these platforms inherently provide customers full control of their own identity.

An alternative approach to tackle financial crime

While these newly emerging blockchain-related solutions address the key pain points for banks and consumers during customer onboarding process and the latter’s subscription to products and services, the challenges facing financial institutions in minimizing the AML and counter-financing of terrorism (CFT) exposures don’t end there. The conventional approach of relying primarily on KYC and collecting maximum amount of customer information to identify the risk of and thus prevent money laundering, terrorist financing and other financial crimes has proved to be inadequate. Banks that would like to counteract such inadequacy by sharing transactions and customer information with each other are bound by the client confidentiality and data protection rules, which tend to make inter-bank collaboration for AML/CTF purposes practically impossible, particularly at cross-border level.

However, with the recent wave of Regtech solutions, start-ups began to rethink the entire issue and have come up with novel solutions. FutureFlow (another Accenture Fintech Innovation Lab graduate), a London-based start-up, has developed a solution that allows banks to understand and assess suspicious movement of funds in and out of their banks and beyond, without having the need to focus on the ultimate identity of users or customers. By using advanced analytics and a patent-pending approach, FutureFlow assigns identity to each unit of electronic money which allows them to monitor the movement of electronic funds between multiple parties and banks without running into any customer-information sharing or privacy related hurdles. This signifies a “qualitative” shift of approach from “know your customer” to “know your customer’s money.”

Tagging a shareable identity to units of money allows anonymized information sharing among banks, to a level of detail that is sufficient to enable banks to see the destination or origination of funds and if any other parties in the transaction journey have been marked as suspicious by any other bank. This concept of “cookies for money” can eventually generate commercial value for the member banks. FutureFlow solution puts any given entity in the context of other entities around it to reveal non-linear relationships which are often obscured by multiple intermediaries within a chain of transactions. As such it is capable to expose the networked patterns of monetary flow among multiple customers of a given bank, or potentially multiple banks. The wealth of information about the movement and usage of money, that is not being captured anywhere currently, can serve as a tremendous foundation for identifying, analyzing and effectively countering money laundering and terrorist financing.

While this solution can be readily deployed to large global banks to effectively monitor the internal movement of funds from one account to another in a robust manner, this solution will be most effective and a game-changer for money laundering problems if most of the banks in a country subscribe to FutureFlow’s solution. The viability and acceleration of this innovative solution requires an ecosystem where banks, regulators and policymakers are linked together effectively. As such, FutureFlow is further developing and testing their product as part of UK’s Financial Conduct Authority’s regulatory sandbox.[vii]

Putting these innovations in action

The innovations and developments in the KYC and AML landscape highlighted above are signposts that banks and financial institutions could finally put their focus back on activities that generate highest value for stakeholders and create a pleasant banking experience for their customers. To transit from a proof-of-concept to the full adoption of these innovations and to reap their benefits, there is still a way ahead with a multitude of hurdles that need to be overcome by various parties in the industry.

For many Regtechs, the issue is the extreme hierarchical and sluggish nature of most global banks, where mere socialization of any new solution could take months. It’s challenging for small start-ups to navigate through the complex organizational structures of the banks and reach the right decision-makers. On the other hand, banks face the issue of choosing the right partner from a plethora of innovative solution providers in the market. Regulatory authorities will be involved in the process as well, providing their point of views and interpretation of regulations and the regime applicable to the relevant KYC and AML requirements and their implementation. It is only with sufficient clarity from the regulatory bodies that banks and Regtechs could have enough confidence in adopting these new technologies. This is where consulting firms like Accenture can come into play and bridge the gap by pushing for a dialogue that includes all the parties involved to respond to these potential opportunities for change.

When it comes to the application of innovations to solve real world challenges, Accenture and other consulting firms and in-house innovation labs of some banks have been acting as matchmakers to address the dynamic needs of banks in a tailored way. With our FinTech Innovation Lab, Accenture is at the forefront of identifying and nurturing innovative start-ups, while our dedicated financial services consulting practice has the expertise to position these start-ups to effectively connect with the key decision-makers in global banks and put the innovative solutions in use to tackle the industry’s most pressing issues.

This article has been co-written by Avinash Kumar, Bess Lam and Simpson Lee.

[i] The New York Times, “BNP Paribas Admits Guilt and Agrees to Pay $8.9 Billion Fine to U.S.,” June 30, 2014.

[ii] Reuters, “Citibank fined $70 million for anti-money laundering compliance shortcomings,” January 5, 2018.

https://www.reuters.com/article/us-citigroup-fine/citibank-fined-70-million-for-anti-money-laundering-compliance-shortcomings-idUSKBN1ET25A

[iii] GlobeNewswire, “Money-Laundering and Sanctions Risks Not Being Adequately Prepared for by Financial-Services Institutions, According to AlixPartners Executive and Board Survey,” December 20, 2017.

https://globenewswire.com/news-release/2017/12/20/1267027/0/en/Money-Laundering-and-Sanctions-Risks-Not-Being-Adequately-Prepared-for-by-Financial-Services-Institutions-According-to-AlixPartners-Executive-and-Board-Survey.html

[iv] LexisNexis Risk Solutions, “Uncover the True Cost of Anti-Money Laundering & KYC Compliance,” June 2016. https://www.lexisnexis.com/risk/intl/en/resources/research/true-cost-of-aml-compliance-apac-survey-report.pdf

[v] The New York Times, “Equifax Says Cyberattack May Have Affected 143 Million in the U.S.,” September 7, 2017. https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html

[vi] Yoti, “Yoti and LedgerState showcase how next generation blockchain technology can transform the way governments handle personal data,” January 25, 2018. https://www.yoti.com/blog/yoti-and-ledgerstate-showcase-how-next-generation-blockchain-technology-can-transform-the-way-governments-handle-personal-and-data/

[vii] Financial Conduct Authority, “FCA reveals next round of successful firms in its regulatory sandbox,” December 12, 2017. https://www.fca.org.uk/news/press-releases/fca-reveals-next-round-successful-firms-its-regulatory-sandbox