It’s estimated that it now takes two to six months for new domestic and international bank accounts to be setup due to know-your-customer (KYC) requirements. This holds up business transactions, M&A, and cross border trade. And guess what, treasurers? It’s about to get worse, thanks to a new rule by the Financial Crimes Enforcement Network (FinCEN).
It’s no surprise that KYC and the new FinCEN rule dominated much of the conversation during a series of AFP roundtables with treasury executives in New York, Chicago and Kansas City.
The Financial Crimes Enforcement Network (FinCEN) updated the Customer Due Diligence (CDD) rule, effective May 11. In addition to clarifying and strengthening existing due diligence requirements, the rule adds a new requirement for banks to verify the identity of natural persons of legal entity customers who own, control and profit from companies when those organizations open accounts.
When a corporate opens a new account, they will have to submit Social Security numbers and copies of Photo ID and passports for their employees, board members and shareholders. That’s personally identifiable information (PII), and a huge liability for a corporate. It opens up the question about how the data sent to the bank is being stored, who has access, and for how long. In the age of the data breach, this is exactly the type of information corporates don’t want to have on hand for long.
Secure email for exchange of documentation is often utilized by the banks. But it has proven to be very burdensome for many, due to the login aspect and may not be a good long-term solution for turning over this type of information.
Furthermore, coordinating this information across one platform at the bank is a challenge. Multiple systems are used for demand accounts, FX trading, trade finance, trust and custody, etc. So that’s even more opportunity for something to slip through the cracks.
Banks will be repapering accounts to validate signers. Many AFP members see this as an ongoing project. Signers should ask their companies for credit monitoring services from a third party in relation to providing SSNs on behalf of the corporation.
There are some exceptions to the CDD rule. If you are a publicly held company listed on a public exchange, you may be exempt, per FinCEN. Nevertheless, the banks themselves often won’t be satisfied with this and will still request additional PII. As we learned several years ago during a sit-down with representatives with FinCEN and AFP Treasury Advisory Group, oftentimes banks will go above and beyond what FinCEN requires for KYC in an effort to make sure all of their bases are covered.
Meanwhile, there are other questions around KYC in terms of the General Data Protection Regulation (GDPR) in Europe, which also takes effect this month. For those who don’t know, GDPR aims to give citizens more control over PII by giving them the ability to demand that companies “forget” them.
After it takes effect, how are European banks going to handle KYC information? Will U.S. banks that have EU clients have to make sure bank account signers are now removed when asked?
GDPR also has implications for corporates as well. As experts noted at the recent MRC Dublin conference, while machine learning is all the rage right now, companies operating in Europe will have to find ways to anonymize the data they are amassing on their customers if they want to use it in the future.
So, in conclusion, here are three things corporate treasury professionals should be thinking about going forward:
- The CDD rule forces U.S. corporates to turn over PII to their banks. You need to be able to secure that data for as long as it is in your possession.
- How you transfer that data to the bank will also be key; it needs to go through a secure channel.
- GDPR raises a lot of questions about how KYC will be handled in Europe, and there aren’t a lot of answers right now. So if you have operations in Europe, it’s important to keep an eye on this as it develops.
For more insights, subscribe to the monthly Inside Treasury e-newsletter from my company, the Association for Financial Professionals