Are You Stuck in the KYC Beneficial Ownership Quagmire?
30 March 2017
In my previous blog, Global Spotlight on KYC Beneficial Ownership, I mentioned regulators around the world are issuing new or updated Know Your Customer (KYC) rules addressing beneficial ownership. While specific regulations vary by country/economic region, there are overarching recommendations issued by the Financial Action Task Force (FATF). In this blog post we explore the challenges you will face as you operationalize compliance with evolving regulations.
Do you have these challenges under control?
Now is a good time to revisit your KYC program to determine regulatory impact to your risk and compliance programs. Consider the following areas identified by the FATF as problematic:
- Data availability and quality – perhaps the single biggest problem facing us today
- Operationalizing compliance – avoiding overly complex and manual processes prone to human error
Data – Improving availability and quality
Perhaps your single greatest struggle is acquiring accurate, complete, and timely beneficial owner data. This is critical not only when establishing a new account, but also when trigger events occur requiring validation of information on record. If you haven’t established or reviewed formal procedures in a while, then this is ground zero.
Many regulatory regimes have or envision a national register to collect and make beneficial ownership information available. However, some jurisdictions have not yet established a national register. Here are some considerations for when a national register is not an option.
Third-party data sources
If you’re like most banks you rely heavily on third-party data sources – perhaps a dozen or more. Common third-party sources include private data vendors, search engines and affiliates.
Be sure to periodically assess the performance of your third-party sources. Evaluate factors such as coverage, accuracy, completeness and timeliness. A good way to test your data is to check beneficial ownership for an entity against two or three different sources. After this assessment you may need to decrease or increase your universe of sources.
Service-level agreements (SLAs)
At times data will become stale or a trigger event may make it necessary to refresh your data. For these reasons it is important to have clearly defined service-level agreements with internal parties, third-party sources and legal entities. Service levels should apply to initial data collection as well as ongoing maintenance. This will help ensure the integrity of your data, and is important for determining data accountability when necessary.
Operations – Reducing reliance on manual processes
Like most risk and compliance officers you probably work in a complex environment with many siloes between business lines, shared services and external parties. This creates operational challenges to collecting, aggregating and reporting beneficial ownership data. In addition to your organizational structure, differing geographies and technologies also create barriers.
Don’t make the mistake of taking a piecemeal approach to resolve these issues. If you don’t look at your program holistically over time you will develop a litany of manual processes, controls and workarounds. Let’s take a look at some of these operational challenges.
Who should collect beneficial ownership data? Consider the following two scenarios: new account opening and trigger events. It is common to have the line of business collect beneficial ownership data as part of the onboarding process. They will be incentivized to get the data in a timely manner to generate revenue. Should you take this approach, be sure to have the proper controls in place, such as periodic testing, to ensure staff is taking time to collect valid data.
Data updates due to trigger events warrant additional considerations For example, who is monitoring for trigger events? Are first-line employees motivated to refresh the data considering the account is already revenue generating? In some instances monitoring for trigger events and updating corresponding data may be more effectively managed by a centralized function. This centralized function would be responsible for interacting with national registers and other third-party data sources.
How is beneficial ownership data best collected? Standard data collection forms may be available from your regulator, for example, Certification Regarding Beneficial Owners Of Legal Entity Customers. If standard forms don’t suit your needs, develop a custom form. Develop the form in a way that it can be leveraged across different jurisdictions as part of your global program. Also ensure the form includes signature sign-off certifying data integrity.
Data aggregation and reporting
Who is responsible for aggregating and reporting beneficial ownership data? This should align with your collection process, line of business vs. centralized function. Regardless of which approach you use it should include clear audit trails for data collected to evidence compliance with agreed procedures. Retain all data collection forms and reference materials, along with chain-of-custody records related to data lineage evidencing data source, timing and review/quality controls.
Ensure procedures clearly document roles and responsibilities across all three lines of defense. All beneficial ownership forms and other program materials should follow consistent formats and be accessible throughout the firm rather than arranged as a hodgepodge of formats and storage devices.
Time to act is now!
Complying with new international standards and regional regulations will certainly increase your operational risk profile. For information on how Intralinks can help, please visit Intralinks for Regulatory Risk Management.
Read our white paper: Beneficial Ownership? Not if You’re a Bank!
Watch the webinar “Operationalizing Compliance: Improve Effectiveness While Reducing Cost”.
Todd Partridge is Vice President, Product Marketing at Intralinks. He has broad industry experience in the enterprise information management (EIM) space, with deep expertise in all trends and technologies related to information governance, enterprise content management, document management, web content management, business intelligence, team collaboration, e-mail management, and enterprise records management practices. In his previous role at OpenText, Todd held several global positions ranging from sales, marketing, product management, positioning and strategy.