Crypto industry to shape KYC offerings?

This article deals with Crypto players as payment service providers and their potential impact on the Know Your Customer (KYC) industry. KYC services are about client onboarding decisions based on risk flags, client identity data, and structure. The right understanding of counterparty risk results in risk-based evaluation cycles. Will payment processing providers in the financial industry and the Crypto industry deal with similar challenges?

The potential impact of new players is determined by legal frameworks and legal interpretation.

Introduction to European framework:

The European regulatory drive is the European Parliament. Who is more frequently amending its money laundering directives?

The European 3rd Anti-Money Laundering Directive (AMLD III) was published towards the end of 2005. Later, the 4th (AMLD IV) was published in 2015. The 5th amended [MM1] Anti-Money Laundering Directive is planned for 2020; it deals explicitly with Crypto players. The 5th AMDL targets a European public register of companies including a record of their ultimate beneficial owners as a primary goal. This creates a centralized account information data center connected to the corporate ownership register in order to provide a high level of transparency among all involved parties.  This ambitious undertaking faces challenges in defining inner-European technical standards.

The European and American justice departments tend to have a stricter interpretation of the current law, creating harsher rulings. For example, the latest 2018 rulings stress awareness towards potential structural weakness in compliance processes in companies. The Dutch Bank ING agreed to pay €775M penalties for compliance failures.  ING was admitting errors in its policies to stop financial crime by not having an overall understanding of beneficial ownership, payment structure and noticing of unusual transactions in some client accounts. Structural weaknesses have enabled clients with origins in Iran, or Cuba to wire payment settlements to the U.S. banking systems.

Against this backdrop of emerging players in Crypto payment, foreign exchange services and their technology-driven growth rates add a new dimension to Regulators and Justice Quest.

In summary, the responsibility of public authorities’ to carry out law enforcement and national security policy tasks will shape the level of transparency for customers being served by less regulated payment organizations. The Cryptocurrency industries, including trading platforms, create a new class of risk exposure since many risks are yet to be identified. For example, the Canadian Exchange, QuadrigaCX, was shut down when the founder suddenly passed away and the access codes, which only he had access to, were lost. Nevertheless, the Crypto industry is likely to become a solid component of the financial service industry for obvious reasons. In some emerging countries, access to banking services is available to one in three people. As a result, a market is created for Crypto service providers as banks fail to satisfy the banking demand in emerging countries.

In addition, there is a challenge for the finance industry in understanding a very technical environment regarding their clients and competitors. The risk evaluation of different client types who emerge from Crypto sector is a complex challenge.

Crypto exchange bureaus start growing as the number of Cryptocurrency types increase. This adds additional pressure to the customer identification and proof of identity processes.

Mining platforms such as Blockchain or Coin Wallet deal with similar roles such as exchanges for Capital Markets. These two market places differ strongly in terms of daily audit needs towards clearing, or business continuity management. All these challenges are framed by not fully defining the regulatory technical standards.

In theory, the Crypto industry should stick to compliance standards very similar to those of a typical financial institution. In principle this is:

Some players such as Ethfinex’ Trustless claim that a complete KYC process may not be necessary as each transaction is recorded on-chain and is tamper-proof. Virtual currency platforms and companies offering electronic wallets for Crypto-currencies such as Bitcoin, Ether or Ripple are explicitly mentioned in the 5th Directive. This means that there will be clearer AML requirements for the emerging Crypto industry.

Many Crypto companies appear to be start-up companies rather than financial industry players. While often there is great enthusiasm for technology and scalability, there may be at times a lack of understanding for compliance requirements.  Ultimately, there may be a cultural challenge for such technology companies to create a culture of compliance.

Outsourcing the KYC functions to a third party is an alternative option. In this way, organizations of all sizes can rely on professionals to manage their day-to-day compliance risks. On the one hand, outsourcing does not provide companies with clearance to their compliance obligations. On the other hand, third-party support could increase control of risk and compliance processes.   A complete set of customer records, including risk flags and sanctions checks, can help to support the customer’s onboarding decisions. On the surface, there is no difference whether the record file is compiled by a third-party vendor or the in-house KYC team. The company’s final onboarding decision could be based on:

• Solid infrastructure for the KYC process
• The ability to carry out appropriate controls
• Risk exposure:
  • Confidentiality
  • Integrity
  • Availability of customer data including property

The ultimate decision to onboard a client remains with the company and not with a 3rd party provider. However, a 3rd party provider can provide data collection and 3rd party risk check services in order to support decision making.

Audit findings often require an immediate review of the client records by the Bank´s KYC onboarding teams. This adds additional demand to the KYC service.

I expect to see an increasing demand for KYC services with more frequent monitoring and review of customer data by the banks, in addition, an increasing demand from Crypto players who also require KYC support.

I have analyzed the given situation to come to the conclusion that standardizing client data records will remain the biggest challenge to meet the growing demand in the KYC space!

Disclaimer

The author disclaims any and all liability arising from the use of this document and does not guarantee that any information contained herein is accurate or complete.  The opinions expressed in this publication are those of the authors. They do not purport to reflect the opinions or views of the employer.

Connect:

• [email protected]
• www.linkedin.com/in/tobias-hartmann-b30baa14a 
• https://www.xing.com/profile/Tobias_Hartmann4/cv
• https://www.youtube.com/channel/UCJ3x5_z_XTtODOD66XJkGjA/videos

Sources

Cmp.: T. Bock, D. Matthews (Jan-2019) Thomson Reuters Regulatory Intelligence – Expert Analysis: Enterprise-wide risk assessments have never been more important.

Cmp.: A.Hamilton (Jan-2019) bobsguide.com – blog: Challenger banks vulnerable to AML-savvy criminals. Feb-19 

Cmp.: N.A. (2019): bitcoin.com – blog: Why Some Crypto Companies Consider KYC and AML Compliance Unnecessary.

Cmp.: V. Marria (Sep-2018) forbes.com – blog: The EU’s 5th Anti-Money Laundering Directive: What Does It Mean? Feb-19

Cmp.: T. Sterling, B.H.Meijer (Sep-2018) Reuters.com – BIG STORY 10: Dutch bank ING fined $900 million for failing to spot money laundering. Feb-19