When Edward Snowden is Right and ACAMS is Wrong, We Have a Problem
Recently, Edward Snowden went on record publicly bashing bank’s KYC efforts. He is right to do so. To date, KYC for most banks has been more about compliance and much less about context. Therein lies the problem.
In successful KYC efforts, including CIP, CDD and EDD, context is king. If the information you collect does not serve as a foundation for transactional monitoring relevance, what are you doing? That is the point that Snowden was making.
With the real-time monitoring capabilities that exist today, banks continue to struggle with building the right narrative on the customers that count.
Snowden’s comments stem from a check-the-box mentality that still exists at many banks. Banks have become far too worried about being compliant vs. adding context to their high-risk accounts. As a result, KYC efforts are a mile wide and an inch deep. That is a problem.
I get it; collecting BOV and CDD information on high-risk accounts will not catch the bad guys overnight. However, this critical information provides context to a continuing, developing customer story that may take months or even years to unravel.
Below are just a few takeaways that I pulled from the ACAMS webinar:
- Just follow the regulation (and nothing more) and SEE WHAT HAPPENS.
- Just ask for the information and take it at face value vs. trying to address this at the State (formation) level.
- There has been some nice “finessing of the rule” to work it sothat the certification form will be all that is needed.
- And my favorite…If you are doing more than the bare minimum, you are setting an additionalexpected best practice for the rest of us.
Banks have a responsibility to understand their customers. It is hard to believe we have been talking about beneficial ownership for 11 years, and banks are still in denial. Snowden nailed it: Unless you utilize a risk-based approach to actually determine who is high-risk and then perform Enhanced Due Diligence on those customers, the concept of a 5th pillar is a joke.
In the end, there is only one real question that needs to be answered to determine if you have a successful KYC program: Does the information I collected add context to the customer and the anticipated activity? Simple customers with simple anticipated activity need little context. Complex customers need more context and information is the tool that is needed to add context.
I understand that there are many who are lobbying for the CDD rule to only require a certification form from customers. I also understand that there are many BSA Officers who have already decided that the certification form will be the extent of their compliance efforts. For those who believe the certification form is enough, I have one question: Why would you be given two years to implement a certification form that can be downloaded and printed in 30 seconds?
History will prove these banks on the wrong side of history, and hysteria will set in once the first large scale CDD Remediation fine, penalty and consent order hits the press.
To download our CDD Implementation Road Map, click here.