Financial compliance is not a mere checklist for entities to tick off. With it comes the expectation that the companies fulfil the intent behind the regulatory obligation to mitigate the risks that come with money. There is an obvious gap between the intent and the results — financial compliance is ineffective when not applied properly.
Considering that the increased usage of online financial channels has led to the digital exploitation of regulatory and technological gaps (case in point— Western Union), compliance has been the one topic where everyone agrees on strengthening it.
Know your customer (KYC), know your business (KYB), and customer and enhanced due diligence (CDD and EDD) are just a few of the compliance practices encapsulated in anti-money laundering (AML) regulations. To reduce the possibility of money laundering and to ensure compliance with the company's policies, all consumers, whether they are individuals or businesses, must complete the KYC/KYB/AML steps before they may obtain the desired financial service.
Know-Your-Customer – A tedious experience
Regulatory compliance affects customers and businesses alike, but for this discussion, let's focus on customers. Studies show that 48% of money service businesses feel that KYC/AML compliance is a barrier to innovation. Complicated and often tedious KYC procedure checks compel clients to abandon the financial onboarding process. Research shows that 68% of users have given up on their financial onboarding applications in 2021, costing businesses their potential customers.
Additionally, KYC relies on manual input and review, which means there is an inherent risk of including "bad data." While larger institutions may be able to identify those, smaller businesses may lack the internal capacity to do so.
There are valid objections against continuing the onboarding process. However, identity theft and privacy issues were the primary reasons for avoiding KYC follow-up. The most relevant problem with KYC is its incompatibility with GDPR, particularly the ability to have one's personal data erased. Financial institutions are legally required to acquire, process, and keep client data in accordance with KYC standards and financial compliance regulations were drafted with privacy rights in mind. Simply put, unless otherwise stipulated by law, anti-money-laundering laws and their associated procedures take precedence over individual privacy rights.
Anti-Money-Laundering – A negligible success
Studies observed that AML policies had less than a 0.1% impact on financial crimes. From 2010-2014, only 1.1% of illicit revenues were confiscated at an EU level from profits exceeding €110 billion, which is a negligible amount compared to the unconfiscated criminal profits. The AML system's low success rate can be attributed, partly, to misallocated resources, a point that was acknowledged even by Europol. Since 2006, Europol has recovered only a fraction of a per cent of illicit earnings.
Many mechanisms exist for misallocation, but EBA has recognised "de-risking" as one of them. De-risking is a common practice in financial companies where they stop serving customers based on their risk categories. It is a cost-effective substitute for the risk-based strategy (customer and enhanced due diligence, and ongoing monitoring), and it sees more widespread use than automated AML solutions.
While de-risking is a valid risk management strategy, it is not beneficial to the EU's long-term goals, such as financial inclusion, competition, and stability in the single market. In light of this, the European Banking Association has called on regulatory bodies to increase their dialogue with de-risking institutions and customers of financial services.
Financial compliance – An expensive solution
No doubt compliance is expensive -- the costs are far more than what is recovered, and ordinary businesses are penalised more often than the intended target entities. The cost of financial crime compliance was $117.5 billion across all financial institutions in 2020, and it shows no signs of decreasing.
Subpar AML/KYC training for personnel and a need to stay up with innovative technological developments are driving up compliance expenses. Almost two-thirds of a compliance budget is spent on new hire training, yet the skills are not followed up on or upgraded regularly. A majority of staff believe that company effectiveness would increase if all personnel received the same training on AML and risk management as their senior compliance professionals.
And then there are the escalating tensions among AML/KYC staff members. Fintech companies, particularly neobanks, face a higher rate of employee turnover than traditional counterparts. This is due to the increasing pressure on work environments, which is driven by numbers. For instance, employees, both at Revolut and N26, have complained about the company's culture of overworking their personnel and ignoring worker burnout. When compliance staff members' needs are ignored, the quality of their work and the effectiveness of compliance initiatives also suffer.
An uneasy balance?
It's easier to blame and slap huge fines on financial companies for non-compliance, but this does little to address the fact that the policy itself is flawed (e.g., Touma Foreign Exchange, whose fines have since been reduced under the UK's new penalty framework). This affects businesses of all sizes due to a lack of clarity on how to keep the two sides balanced. The biggest conflict arises when companies have to freeze suspicious accounts or transactions (even for insignificant amounts) without communicating with the customer.
An interesting example is that of Revolut, which disabled its automated AML system after it mistakenly blocked over 8000 accounts under a false positive tag. The AML system was later reintroduced after a fix, but the damage was already done on both sides. Their customers were left hanging, and the regulators were not satisfied either. More investigations were called over Revolut's security instead.
Newer fintech and payment models and challenger banks are directly affected by compliance regulations, but they are also in a better position to successfully combat money laundering. Newer fintech companies operate updated systems, and their products are simpler. Not to mention, newer fintech companies are also more customer-experience oriented. At the same time, new companies have shown a willingness to cooperate to combat money laundering.
Effective KYC/AML implementation requires identifying the gaps in the current compliance system. Our current financial compliance is long, complicated and expensive. The results are too little compared to the investment made in this industry. Good KYC/AML measures will focus on the cooperation of data and information between different private and public institutions, rather than introducing more compliance steps to the list to tick off.