Increasingly stringent regulations around data privacy are adding another layer of complexity to banks' know-your-customer (KYC) and anti-money laundering (AML) programmes, according to an expert.
In an article for Finextra
, Henry Hilska, managing principal at advisory firm Convexity Solutions, noted that financial institutions (FIs) are already under pressure on the KYC and client due diligence front.
Inconsistencies in rules across different jurisdictions and the number of clients and transactions that many organisations have to handle makes regulatory compliance
extremely complex and demanding in many cases.
FIs also have to contend with the growing risk of fines and penalties for non-compliance.
"For large banks risk and regulatory compliance now accounts for up to 20 per cent of operating costs," Mr Hilska noted. "Compliance with these mandates is further complicated by additional and sometimes conflicting regulations."
Strict KYC rules require FIs to collect certain information about their customers, which demands additional compliance with data privacy laws and can also increase the company's vulnerability to cyber criminals looking to steal valuable client data.
Some regulations place a demand on organisations to continuously monitor their staff activity.
When it comes to meeting the various challenges of KYC, AML and data privacy compliance, one of the first steps for banks is to understand the rules in the different jurisdictions in which they operate. Some institutions may also have to address issues of fragmentation and silo working across the business, which might be the result of regional deployment or legacy acquisitions.
Mr Hilska noted: "The consolidation of business operations is often used to reduce operational redundancy. However, for global banks it is often necessary to maintain coverage in various time zones. Thus, a strategy consolidating teams to several regional centres with responsibility across all lines of business may be the best compromise."
He concluded that FIs looking to improve their efficiency in a complex regulatory environment need to take a strategic approach, looking at AML and KYC compliance in the context of regional demands and data privacy challenges.