KYC compliance: Understanding KYC verification costs

March 23, 2022

Digital onboarding is more than the start of a relationship. How it is done affects whether customer like and trust you, and how much of their money and time they spend with you. Cumbersome and disjointed approaches driving inconsistency across the collection and verification of required "know your customer" (KYC) data can pose an extreme challenge for financial services industry. 

During the onboarding process, customers experience and judge all the things they value most: convenience, personalisation, the brand, security, and service. It's the moment when they say to themselves, "this is what it's going to be like with this company." Employing efficient and effective ways to undertake meeting KYC regulatory requirements is vitally important in remaining competitive, not excluding legitimate or good customers, and doing what is needed to protect communities. 

There are many disjointed processes to meet KYC compliance requirements. This fragmentation creates higher costs across offerings and a poor user experience, resulting in new customers abandoning applications in droves preferring challenger banks or fintechs that offer a faster, more seamless experience. 

This fuels a need to balance efforts by employing the right amount of data compliance checks to verify customers without letting it become a cumbersome and time-consuming burden that fuels abandonment rates. When this balance isn't stuck and banks get it wrong, the consequences can be dramatic as we've seen in many highly publicised AML failings in major institutions. 

So, what is KYC exactly? 

KYC is the process employed by a bank to ensure it knows the identity of the customer. 

Today this likely involves identity verification using identity documents and background data sources to both establish who the customer claims to be and then taking steps to confirm that the customer is actually that same person. KYC compliance is performed during onboarding to financial services but does not stop there. Banks are required to ensure that they "know" the customer for the lifetime of the financial service in question. This includes detecting and confirming when a customer's circumstances change, such as when they move for retail customers. For business customers, it also includes changes of ownership of control. 

KYC is also a key element of AML and Counter-Terrorist Financing (CTF) compliance. It is the foundation on which the rest of AML is built. If you don't "know your customer" then you cannot assess whether there is a risk of you facilitating criminal activity. 

For good reasons, regulators have been tightening the screws by strengthening KYC requirements. As we've shifted more commerce to digital channels, these requirements are essential to:

  • Counter criminal activity
  • Prevent fraud
  • Ultimately protect society

Changing requirements create numerous pain points impacting both banks and their customers. While some of these pain points are around manual processes still around today, many others contain disjointed services creating complex workflows and hefty development repercussions. A critical decision now lies in choosing the right identity verification platform. 

Why is KYC so hard?

There is no silver bullet solution that works for all customers. To know your customer, you need to take them through the process that establishes and verifies their identity. For some customers, this could involve them presenting identity documents and leveraging credit bureau data. For others, this may not work - particularly for people without an established credit history, good address, and beneficial owners in other countries. 

Making the process work seamlessly at the point of need can be difficult. Suppose someone wants to borrow money to buy a car they have just taken on a test drive. Gone are the days when a person is willing to wait to get their financing. We live in an era that expects real-time KYC compliance reviews to provide services instantly. 

The liabilities associated with KYC include the risk of fraud and penalties for non-compliance, which has often left banks feeling that they need to do it themselves, controlling the processes as far as possible. This has resulted in great fragmentation and duplication of costs. For a bank to be open to using KYC from somewhere else, the risk of non-compliance and fines need to be outweighed by the benefits of doing so. 

Further complicating the regulatory landscape, AML requirements vary from country to country. In Europe, AML regulation is derived from a series of directives which are then interpreted and transposed into local law, which is then enforced by the country-specific regulator, following specific country guidance. This creates complexity for regulated organisations operating in multiple countries as they need to build localised processes and customised solutions for each country in which they operate.

The complexities of KYC do not stop there. In response to evolving financial crime threats, regulators need to continually review, and where necessary, extend the scope of KYC regulation. 

Ever-evolving scope of KYC
KYC includes a series of directives targeting money laundering and terrorist financing, each of which refines and adjusts the approach taken in various countries. These have progressively increased the number of organisations that are in scope and types of services for which KYC process applies. 

The number and extent of checks have been increased too. Enhanced Customer Due Diligence (ECDD) is required for customers from a recently expanded list of high-risk countries. The requirement to identify, verify and continuously monitor the Ultimate Beneficial Owners of legal persons including trusts and trust-like entities, especially where the UBOs are domiciled in blacklisted high-risk third countries or offshore tax havens, creates challenges for KYC programmes. 

What does KYC cost? 

KYC compliance cost

INTERNAL COSTS
Internal costs will include the KYC processes themselves as well as all the activities required to ensure the bank remains compliant. This includes compliance staff employed to monitor transactions, deal with alerts, work cases, phone customers, deal with false positives, and so on. 

The costs, especially around staffing with trained AML professionals continue to rise considerably. The waves of regulation hitting financial services have placed compliance officers in great demand resulting in additional recruitment and substantial pay rises. 

The cost of KYC does not stop at onboarding. Regulated entities are obliged to perform ongoing customer due diligence. This involves monitoring financial transactions for suspicious activity. It should also include responding to changes to the customer's circumstances (e.g. change of beneficial ownership for a business customer) that could indicate an issue. 

Established banks often have the additional headache of needing to re-verify existing customers who are not onboarded correctly in the past. 

EXTERNAL COSTS
External suppliers remain an essential part of the KYC identity verification programme. Credit bureaux and background data sources have been essential points of reference to corroborate the identity claims made by prospective customers, as well as providing inputs to ongoing customer due diligence processes. The availability of credit data varies between country. 

SANCTIONS
Along with the internal and external costs, there is a constant risk of sanctions on financial institutions that do not meet regulatory requirements. 

The cost of getting KYC verification wrong are substantial with the risk of financial, reputational, and personal cost. The specific sanctions for AML failings are determined by each member state but are expected to be extremely punitive and highly damaging to the financial institution concerned. 

Many European countries have seen regulators taking an aggressive stance. The UK Financial Conduct Authority (FCA) continually intensifies its regulatory enforcement strategy by the adoption of 'dual track' AML investigation practices, i.e. "investigations into suspected breaches of the Money Laundering Regulations that might give rise to either criminal or civil proceedings", apart from substantial fines issued to some banks in recent years for failing to comply with AML requirements. 

Sanctions are not the only risk, of course, KYC verification failings are likely to result in fraudulent activity resulting in financial loss to the financial institutions. For example, according to UK Finance in their 2021 Half Year Fraud Update, card ID theft still accounted for £11.5 million in the first six months of 2021. This occurs when a criminal user fraudulently obtained payment card or card details, along with stolen personal information, to open or take over a card account held in someone else's name. This is precisely the type of fraud KYC has fought against. In 2018 card ID theft was £47.3 million for the year. 

LOST OPPORTUNITY
Perhaps the biggest concern for banks should be the lost business when customers abandon applications for financial products because the KYC verification processes are too cumbersome. Within the last several years, providers of KYC technology have multiplied exponentially, making it harder to choose the right compliance tools for products. 

There is a marked difference between the onboarding processes of traditional banks and neo- or challenger banks. These challenger banks are completely focused on simplifying the user experience and removing friction whenever possible. 

How choosing the right KYC partner can help? 

Implementing and configuring the right KYC compliance identity verification solution isn't easy. It can quickly become a difficult part of creating a customer onboarding journey. Every regulated business has unique compliance needs in practice, yet often purchases white-label solutions that cannot fully adapt to business requirements in one territory let alone across multiple regulatory jurisdictions. 

Multi-layered id verification and KYC platform that is customisable while also minimising development cost and time to live is critical. Regulatory compliance is just one benefit of well-executed identity verification. With the right platform in place, financial institutions can more easily meet evolving demands of their customers while building foundational trust with customers.