Know your KYX

The global regulatory landscape has intensified scrutiny on anti-money laundering (AML) and Know Your Customer (KYC) practices. While these efforts aim to combat financial crime, they have created significant burdens for financial institutions. These institutions often struggle with complex regulations, data quality issues, and resource constraints, leading to challenges in effectively implementing and maintaining robust AML/KYC programs.








There is no gainsaying the fact that we live in times of very high geo-political sensitivity, and rampant fear over bad guys of all shapes and sizes, everywhere. Mounting global supervisory concern over “terrorism-funding” comes as an urgent overlay over resident angst about illegal flows of unaccounted and opaque money involved in drugs, weapons, sanctioned environments, and such other malfeasance that eludes the grasp of tax and compliance authorities … and, it appears, the financial system that facilitates all of it.

 

It is by now blindingly obvious to all businesses, big and small, in whatever part of the ecosystems of trade & service they play in, that their own niche of industry (or somehow they alone as a firm) is not in any way excluded from responsibility in regard to Anti-Money-Laundering or Know-Your-Customer …. you are covered under something somewhere for sure … USAPA (Patriot Act), OFAC, FATCA, PEP, FinCen, SEC, OCC, FINRA, FATF, OCIE and a host of other global regulators and acronymic strictures provide no rest for the wicked. Any attempt to find regulatory loophole is too aggressive, and quite bereft of basic business sense:  issues that come out of any incident and accident will be at least quite embarrassing and a big hit to reputation, even if not specifically illegal or ultra vires the laws & regulations. No respectable (or at least self-respecting?) firm today should want the risk that it be found wanting, and either subject to regulatory censure, media discomfiture or in fact an actual conduit.

.

The usual suspects, the banks (who are by now feeling very sad about their likability scores), do not of course claim any such. AML/KYC and related KYs have accumulated a history (even counting just the near-past) of trillions in suspect mischief, billions in regulatory fines and penalties, and millions in defensive people and technology constructs within Risk and Compliance, that at least hope to assuage the Regulatory beast, if not actually prevent, catch, mainm, or dampen such anti-social activity in the first place.

And yet, for all the bounties being expended, armies of people, millions of lines of code, big consultancies that have grown obese from the feeding frenzy … yet … this whole area reeks of exceptional incompetence, both real and perceived. Finance just cannot get this right. And yes of course, the reasons are all the good old déjà vu: the truly motivated bad guy will always slip through, the data sucks, there are too many false positives perpetually crying wolf, the analysis & interpretation of the bad data drains the system totally. There is also the form over substance in regulator-appeasement-endeavors that leaves everyone parched and pissed, there is more template and artifact than common sense and logical analytics, we don’t trust our systems so that after we have spent millions building or buying them we are unable to raise our right-hands when bellicose regulator or bemused auditor asks “are you sure”  … all prompting a perpetual soul-search and hand-wringing that would be laughable but for the lack of a laugh-ready audience, and anyone capable of throwing a stone.

Of one thing people are now sure, not least given the regulatory stick. Every firm and business needs a systematized program whereby it can confirm, validate, assert, and re-assert that it “knows” (as in really really knows) its clients, counterparties, brokers, vendors, borrowers, lenders, guarantors, employees, investors, owners, beneficiaries, law firms, service providers, intermediaries, lawyers, platform-providers, bankers, managers … indeed why would you make any exceptions to the purview of such diligence .. you must Know Your A, KYB, … KYX …. where X = A, B…. of your cohort universe.

As a sidebar, in this day and age, it actually is very likely that your counterparties will appreciate the focus. An analogy (limited) is when you experience relaxed airport-security, and wonder who else they let through so easily; and is that scary or what. The first party that objects or throws a tantrum to such a check, I say pull them aside, frisk like mad, file a Suspicious Activity Report, refuse to board. Who wants be in a club which lets people in that easily!

I am going to defer to a Part II, to outline my view of how to get KYX right – preaching only common sense and not some elusive higher-order intelligence. But there is no question that Regulators have the bit between the teeth on this but may well need to, not necessarily back off, but to sit down with industry in a conscientious search for what is doable and will be effective. All on Same Side.

And as for the much-maligned checkers … if you don’t know who your clients and vendors are, you don’t know your process (I have been laughed at many times for asking people if they have process maps), your data really sucks, your technology is obsolete and cannot handle the basics of analytics … if you cannot be sure that druglords and arms-dealers and smugglers and terrorists are not piggybacking off you for access, for stealing identities, entering borders, for laundering money, for facilitating their own parallel market and trade … errr, ahem, I mean, really, hmmm, should you be doing the business you do ….

And if an exit is the only “de-risking” you can manage, maybe that is in fact right