TOTAL CAPITAL €7,064,235
PORTFOLIO €6,991,413
CAPITAL IN NEED €6,991,413

How KYC/AML regulations affect businesses and customers

Money laundering received a lot of attention due to the recent cases of high profile financial crimes. As new technological loopholes appear, both customers and businesses face increased risk if the security measures are outdated. Many businesses are implementing KYC and AML related regulatory measures to ensure security and compliance. However, these regulations have major impact on both the financial companies and their customers. Learn from our article what KYC/AML regulations are and how they impact businesses and customers. 

KYC incites a lot of negative reactions amongst customers. KYC or Know Your Customer is a process used by institutions to verify customers' identities before allowing them to use their services. It is the primary step for banks and other financial institutions for preventing financial crimes and money laundering activities. It may consist of the institutions asking their customers to provide IDs, addresses, and other documents the institution may find necessary. The objective of KYC is to ensure that their customers are not using the services for criminal activities. Knowing about a customer beforehand enables banks and financial institutions to manage the potential risks diligently. All financial institutions adopt KYC to work alongside the Anti-money-laundering department to prevent the financing of illegal activities.  

European legislation led the rest of the world to follow KYC and AML. The legislation, such as the AML Directive, the PSD2, the MiFID II and the GDPR, aims to combat money laundering through rigorous inspections, improve cross-border cooperation, encourage customer-centric banking innovation and emphasise combating payment fraud. Businesses are expected to comply without exception.

But it isn't easy to adhere to KYC and AML regulations without sacrificing some level of customer satisfaction. Customers want seamless, completely digital, and mobile experiences; they do not want to deal with all the gruelling policies regarding their data. Businesses know it, but they are obligated to follow the legislation nonetheless. If a customer does not wish to follow through, companies have no choice but to reject the admission. For the company, it is better to let a potential customer go than face lawsuits later for failure to follow KYC. 

1. How the regulations impact businesses

The AML Directive brought a thorough regulatory structure to AML. AMLD4 introduced a central registry and changed customer due diligence requirements. Financial companies were now required to take a risk-based approach towards their customers and follow those risk-based policies. AMLD5 extended the AMLD4 and specified Politically Exposed Person in more detail in the central registry. AMLD6 introduced a comprehensive list of AML offences with tougher penalties. AMLD and its amendments pushed most financial companies to examine their existing risk policies, which pressured risk and compliance teams to redesign their policies to comply with the directive. The new risk-based approach requires companies to put different rules to onboard low and high-risk customers. Failure to comply puts companies at risk to be double fined for a single breach. 

The MiFID II forced investment companies to be more transparent with their clients regarding their products and price, but they were also expected to know more about their clients, including their risk tolerance. As a result, businesses must now gather a considerably bigger quantity of KYC data during client onboarding, resulting in more data to process and customise customer journeys to match the new criteria. 

Companies had to consider GDPR requirements into KYC/AML procedures executing their clients' right to be forgotten, encrypting all information and complying with data processing. Due to the pervasiveness of data in today's operations, maintaining GDPR compliance necessitates considerable coordination among several departments, including legal/risk, IT, and marketing. It's critical to map out when and what data is gathered from consumers, storage, and access. Such installations and collaboration are not cheap. Sia Partners estimated the cost of GDPR compliance to be €16.7 million, with banks being the group with the greatest predicted spend. 

2. How the regulations impact customers

While companies face intense compliance measures from AML directives, customers and clients face restrictive and often tedious processes during their onboarding. Based on the customer's risk profile, they may need to provide additional documents, have their transactions delayed due to additional checks, and overall be restricted in their access and use of the financial institution's services. And while many financial organisations have implemented automated systems to reduce the KYC, the experience is still not as seamless as customers want. 

Lack of harmonisation in KYC compliance pose further problems for customers and clients when being onboarded to a financial service in another EU state. The requirements of KYC compliance vary from member state to member state. Financial companies in one member state may be satisfied with an ID document to comply with KYC, but another company in another state may want additional documents, some of which may not exist in their country.

The most far-reaching issue that comes with KYC is its conflict with GDPR, especially the right of data erasure. AML regulations require financial institutions to retain their clients' data for five years or more, depending on the local laws. Of course, what most people do not know is that article 6 of GDPR allows data collection and processing to comply with AML regulations. Article 17 of GPR further solidified that legal requirements take precedence over the right to be erased and the right to be erased will not apply until the legal period (5 years under AML regulation) ends. 

Onboarding a new client/customer is a difficult process marred by barriers, and it can cause disillusionment both amongst the customers and the businesses. Coupled with the unwillingness of the customers to share data, onboarding becomes unnecessarily lengthy and eventually ends up with data gaps. It costs business time and money to fill those gaps and there is the risk to lose a customer on top of the fines. It presses businesses between a hard place and a rock, and there is no choice but to let go off the potential customer. 

Last update: 04/03/2022

Other articles

Disclaimer: Some text on this website is purely for marketing communication. Nothing published by Quanloop constitutes an investment recommendation, nor should any data or content published by Quanloop be relied upon for any investment activities. Quanloop strongly recommends that you perform your own independent research and/or speak with a qualified investment professional before making any financial decision.