Brexit planning for banks and financial institutions triggers many KYC questions. From GDPR to protecting the client experience, what do they need to know about moving client records to a new jurisdiction?
- Banks are moving business units to different EU jurisdictions as part of Brexit planning, raising questions about how their KYC records are affected.
- Concerns include whether data privacy law GDPR will prevent banks transferring KYC records to a new jurisdiction, leading to the need to refresh client details.
- The managed service approach to KYC offers tools to streamline and expedite the refresh process, so that client touch points are minimized.
Ahead of the UK’s exit from the European Union in March 2019, many banks and financial institutions (FIs) are moving select business units to different jurisdictions to be closer to their European clients.
These moves raise a plethora of questions about the extent to which client Know Your Customer (KYC) records will need to be refreshed for existing clients in order to meet local requirements.
The moves also shine a spotlight on different strategies for KYC compliance within various jurisdictions.
Brexit planning and KYC
Brexit planning by banks and FIs is at various stages of execution, and we anticipate a range of different approaches.
Banks operating under regulatory supervision, or those that favor a conservative approach, may choose to completely refresh their client KYC profiles in line with their new local jurisdictions.
Some may elect to uplift their existing records to local standards without refreshing the underlying records. Others may opt for a risk-based approach and apply a combination of the two.
A range of issues will likely impact the final decisions and strategies employed by banks and FIs in their Brexit planning, including:
- The 5thAnti-Money Laundering Directive
The EU’s 5th Anti-Money Laundering Directive (5MLD) came into force on 9 July 2018, requiring member states to implement the new rules into their national laws by 10 January 2020.
But what are the implications for the UK?
Guidance from the UK Government indicates that during the implementation period (29 March 2019 to 31 December 2020), the UK will continue to be treated as part of the EU’s single market.
It will therefore be obliged to implement the 5MLD during this period, regardless of its imminent departure from the EU.
There is a convincing argument that adhering to EU Anti-Money Laundering (AML) standards after the implementation period will place the UK in good stead to secure a trade agreement with the EU after Brexit.
It is therefore most likely in the UK’s best interests to remain largely aligned with EU AML regulations post-Brexit.
The UK’s Financial Conduct Authority also reiterated in its 2018-2019 business plan that combating financial crime remains a priority. The implementation of legislation such as the 5MLD provides a sound framework for achieving this.
- Different internal standards
Even though the UK currently complies with legislation in force within the EU and will need to implement the 5MLD, each country and their regulators have a slightly different interpretation of how the rules are applied in their jurisdictions.
Financial institutions routinely uplift standards to satisfy these unique requirements. In some instances, differing internal standards may result in significant uplifts within some banks.
Many banks currently exceed KYC requirements within their own internal policies and procedures.
In other words, uplifts may be more substantial than strictly required by domestic AML regulations because the bank’s own internal AML and KYC standards demand it.
The impact of General Data Protection Regulation (GDPR) adds another layer of uncertainty, in that there remains a lack of clarity around the legality of transferring data.
Where banks have information relating to any specific client, they may be prevented from transferring this information to a new jurisdiction.
If they are unable to transfer existing information, they may need to refresh the client record in its entirety, once again suggesting that a more significant task lies ahead.
- “Future proofing” against regulatory enforcement
It’s unlikely that regulators in jurisdictions accepting new bookings will create additional barriers that would inhibit economic growth in their countries.
However, down the road, it’s not unrealistic to imagine a “look back” taking place on the strategy individual financial institutions took during this process.
Financial Institutions can leverage a variety of options to cost effectively, and without major client impact, review and refresh their client files to ensure a clean entry into new markets.
Banks must weigh that cost against the potential impact of regulatory enforcement down the line.
With recent actions taken by regulators in countries such as the Netherlands, we anticipate that financial institutions will not risk the reputational impact of failing to undergo a routine check of the client identity before making the move.
Protecting the client experience
Regardless of the approach any specific bank eventually selects, or is obliged to select, proactive preparation for, and a well-planned execution of, a potential KYC refresh of their existing clients associated with Brexit are crucial.
It is also imperative that the client experience is considered as part of this exercise.
The managed service approach offers tools to streamline and expedite the refresh process, ensuring that client touch points are minimized and operational efficiency is enhanced.
A single upload of KYC information to a secure online portal removes the need for clients to respond to ongoing KYC requests and offers a secure, efficient solution to updating material information when necessary.
Undergoing this cost-effective and client-friendly process will minimize the impact that potential regulatory action would have on the transition and growth of business in new jurisdictions.
KYC as a Service offers a global solution developed to simplify and streamline counterparty due diligence and the ongoing maintenance and refresh of KYC compliance records.