Banks Prove Willing to Band Together Under KYC Pressure

The Society for Worldwide Interbank Financial Telecommunication took a gamble in late 2014 in asking banks to pledge information about themselves in the spirit of improving Know Your Customer compliance.

With about 2,000 of its 7,000 worldwide correspondent bank users now signed up, it is turning out to be a pretty good bet.

The interbank messaging and communications cooperative launched the KYC Registry with the goal of creating a centralized repository that maintains a standardized set of information about correspondent banks required for compliance.

The industry is typically very possessive and proprietary about data, so getting banks to upload their data into the registry voluntarily, and to give other banks permission to view it, perhaps indicates banks are embracing the idea of banding together for the sake of staying compliant, said Paul Taylor, head of Americas, UK Ireland and Nordics compliance for Swift.

"We were heartened to see the level of collaboration; we had some trepidation upon launching in 2014," he said. "But I think now banks are much more willing to collaborate and work together on financial-crime topics."

The roughly 2,000 financial institutions currently using the registry represent 191 countries. Taylor said Swift has ambition to bring on a similar number of institutions in 2016. In the last two months Swift has announced that the banking associations of Panama and the Caribbean had signed on to the registry. This is part of an effort to reach out to more banks in developing economies to join the registry. It is also looking to bring on more banks in the Middle East, Africa and emerging Asian countries.

The registry comes along at an opportune time for U.S. banks, as regulators are increasingly focused on compliance, said Ross Delston, an attorney who specializes in anti-money-laundering laws.

"One area of particularly high concern for U.S. regulators has been correspondent banking, specifically with foreign correspondents," Delston said. "There is an expectation that banks have an enormous trove of data on the banks that they do business with."

Delston said the information that regulators are expecting banks to have about their counterparts would include the ownership of the institution, its regulatory standing and its level of compliance with various anti-money-laundering laws.

As the registry grows, Delston says, there could be long-term unintended problems from the existence of such a database, especially given Swift's place in the industry. Essentially, banks could become too reliant on the registry for their due diligence needs.

"Given the authoritative nature of Swift in its normal realm, [the registry] could have the effect of banks thinking that they've done their KYC responsibilities when they've checked the Swift database," he said.

Still, the registry's momentum shows that banks are figuring out that they need to work together to battle those who aim to attack the banking system, others say.

"Banks have recognized that not only is sharing data beneficial to everyone, but at the rate at which fraud and financial crime — in particular, cybercrime — is occurring, anything that promises to help is worth exploring, if not participating in," said Ron Shevlin, director of research at Cornerstone Advisors. "Even if it requires the sharing of data."

The cooperative will be recruiting more big banks to join the registry in 2016, too.

"We already have many large banks, but we want to continue to encourage bigger banks to use the platform," he said. "It's actually more of an undertaking for bigger banks; they have a large number of systems in their environment. Typically smaller institutions have all their data in one place, so it's easier for them."

While Taylor acknowledges there is "sometimes a concern in data sharing, and for the right reasons," he said he is hopeful more banks will see the potential that collaboration has in fighting financial crime and sign on to the registry.

One aspect helping adoption, Taylor said, is that banks that upload their data onto the registry don't have to share it with every other institution on the registry; only counterparties they trust.

"It's up to each institution to electively share with the counterparties they trust," he said. "It's not just available to all and sundry. It's one thing to just put your data on the system, but also banks need to share the information. The good news is we are seeing that."

Delston worries that banks may be selective with the information they provide to the database; they could leave out things that make them look bad.

"The process of voluntarily disclosing information, while that can unquestionably be useful, raises the specter that the disclosing bank could be overly lenient in the way it discloses information that could be seen in a bad light," Delston said. "As we know, self-disclosure is at its heart an honor system and we know that honor systems often have a way of breaking down."

Swift says it has taken steps to prevent such a scenario. In an emailed statement, the company said it validates data submitted to the registry to ensure accuracy and since institutions need to be members of Swift to participate in the registry, it knows where banks are sending and receiving payments messages. Essentially, it knows when a bank has left something out and would deem such an entry as incomplete or invalid. 

Robert Barba contributed to this story.

For reprint and licensing requests for this article, click here.
Bank technology Compliance Law and regulation Cyber security
MORE FROM AMERICAN BANKER