(Anuroop Omkar, Director, Bridge Policy Think Tank and Aditi Jha, Consultant, Bridge Policy Think Tank)
This write-up finds its inception from the discussion at the Panel Discussion at the Symposium on ‘NBFCs & FinTechs in India: The Road Travelled: Way Forward’ in New Delhi on 19 November 2019 organised by Bridge Policy Think Tank.
In the second part of this two-part article on Central KYC system in India, we shall discuss the steps resorted to by the other countries to develop their KYC utilities.KYC Utility is a joint venture established by Financial Institutions(FIs), which centralizes collection, verification, storage, and sharing of clients’ data and documents to comply with each FI’s KYC procedures or have a common requirement decided by FIs.As a result of which the Customers are forced to provide their personal data repeatedly as and when they choose to open an account with a new bank or seek a loan. In this article, we shall look at how other countries utilize KYC in a more efficient and less cumbersome manner.
The Monetary Authority of Singapore has introduced a National KYC utility that covers all individuals with accounts in Singapore. The ‘MyInfo’ service is a personal data platform that contains government verified personal details for every account holder and is the foundation for this utility. Residents provide their data to the government once, and it then supports all subsequent online transactions. The goal is to link all FIs to this validated database, which will reduce redundancy and improve information quality. Singapore has the advantage of a very good national ID system and database, and the nation is highly digitally enabled. This utility does not address transaction the mandate of conducting ongoing customer due diligence; and hence that role is retained by the individual FIs.
The African Export Import Bank (Afreximbank) took the lead in bringing credibility in customer due diligence (CDD) and trust-worthy risk assessment of African corporates and FIs. This initiative brought about collaboration among FIs of several countries in Africa, and the region’s first shared KYC utility called MANSA was launched in 2018. Africa opened MANSA to global banks for reliable due diligence information on African counterparties seeking trade finance.Afreximbank is working with regulatory agencies, law firms and accounting entities, who help to validate the information on the platform.
Low-income individuals typically do not have much money and do not engage in large financial transactions, yet Customer Due Diligence (CDD) requirements are often the same for rich or poor. Mexico has implemented a tiered CDD system based on the size of a customer’s balance, the size and frequency of transactions. Below a certain level, the customers are not required formal IDs. As the size of balances and transactions increases, ID requirements also increase. In Mexico, this tiered ID system has eliminated the need to scrutinize some 80% of FI accounts.
KYC utilities could take advantage of this kind of tiered risk-based system to reduce costs and could improve customer tracking as they move up tiers. Governments can take a risk-based approach to determine which customer transactions are worth examining.
The attempt by European Union with the introduction of General Data Protection Regulation (GDPR) elucidates that the ownership of data is with the individuals and not with the FIs. In this case, the data are owned by the individuals, not the FI. The KYC utility would require an individuals’ permission in order to share their data.This kind of regulation might make utilities much easier to implement since existing incumbency advantage has been wiped-out with the stroke of a pen, and individuals need a better way to manage their identities across multiple independent databases—thereby creating stronger incentives to adopt a KYC utility.
Banks often struggle to maintain active, up-to-date customer files. Some banks do this well, but many are not able to do so. This is because many banks have legacy Information Technology systems built around product applications (deposits, loans, etc.), and not around customers. Many smaller banks face this problem, which in turn hampers their CDD effectiveness.
To resolve this, the Customers shall decide with whom they would share information, but all information shall be available in one place. The same shall make it easy to monitor for suspicious transactions. In effect, this would result in smaller banks outsourcing their customer file management to the KYC utility, which could greatly help these smaller banks.
As key takeaways from these examples, the Indian regime could adopt the following measures:
- On the model of MANSA in the African region, foreign entities looking to invest in India, may resort to the Central KYC system to find reliable due diligence information on Indian counterparties seeking trade finance. This model adopted by the African Region is unique as it has resorted to mechanisms in addition to technology to create a credible KYC utility by engaging lawyers and external agencies as well.
- On the similar lines as Mexico, India could also adopt a tiered KYC requirement of how often the on-going KYC is to be carried out must be determined according to their average balance, the size and frequency of transactions. This will reduce the over cost incurred for KYC procedure.
- To make the regime more efficient, various KYC utilities including under SEBI, IRDAI must be connected to a single platform. The collection agencies for these may be different but the data must have a single unique identification number for each individual, entity, person across all these KYC Registration Agencies.
- To present a more progressive idea, a mechanism could be created to reduce the cost of KYC procedures undertaken by smaller financial institutions. These Financial Institutions may be allowed to outsource these procedures to larger banks which have access to better technology. In addition to this, the customers must be allowed to share their KYC information with financial institutions that they wish to engage with. This consent must be sought explicitly and the mode of mobile or email OTP may be used.