The value of utility
Compliance never has been the most glamorous area of banking and is often viewed as a considerable burden. For years, financial institutions have poured investments into the front office, equipping traders with the latest and best technology. Now, following increased regulatory pressure, compliance is gaining importance and as a result, back office automation is on the rise again. The real potential for automation lies not in traditional business processes, but in shared, automated utilities such as Swift’s KYC Registry and the Depository Trust and Clearing Corp’s (DTCC’s) Clarient.
In the years following 2008, financial regulators began to introduce legislation that put the onus on banks to more closely monitor risks associated with credit, liquidity and counterparties. Emphasis was put on reporting (often in real time) and on proving compliance with regulations. This meant back offices needed to be improved, but often the initial response was to throw manpower at the problem. Employees were allocated, budgets assigned, consultants and specialists hired. But this wasn’t necessarily the most efficient approach, says Jon May, formerly of Goldman Sachs and now chief executive at KYC.com, a joint venture to standardise processes and centralise operations.
Documentation and data are areas “ripe for automation”, says May, as many financial institutions continue to input data manually. Investments that have been made haven’t necessarily paid off and May argues that sharing costs via a utility approach can be more cost efficient.
KYC.com is a joint venture between Markit and Genpact that enables buy-side firms to post documents related to know your customer (KYC) regulations. These documents can then be accessed in a standard format by sell side-firms. Users include BNP Paribas, Citi, Deutsche Bank, HSBC, Morgan Stanley and UBS; 1300 buy-side firms and corporations have registered.
May joined the venture in January from Markit, where he is still a managing director. He believes that standardisation is one of the major prerequisites for the industry to become more efficient. “In the past if you were an asset manager and you had five new funds and 20 participating brokers, then you had 20 different standards,” he says.
A similar impetus is behind Swift’s KYC Registry, which was created by Swift to address counterparty due diligence. The initial focus was on correspondent banking but the Registry will also include funds distributors and custodians. The KYC Registry is intended as an industry-controlled utility. “Automation is a relatively marginal benefit in compliance,” says Luc Meurant, head of banking markets and compliance services at Swift. “The game changer is not automation. It’s the creation of utilities.”
Meurant says there are 1.3 million relationships between 7000 correspondent banks on Swift; around 150 relationships per bank. Each of these participants asking each other the same set of questions is very inefficient. As banks are undertaking similar activities, many of which have no competitive benefit, a central utility for counterparty management and sanctions screening makes sense. “Banks can get huge savings from improving the consistency of information,” says Meurant. “The two important points about the KYC Registry are that the data is user-provided and user-controlled. So a user can decide who sees its information. This information is also checked for completeness and accuracy by Swift.”
The KYC Registry is accessed via a Web platform, on the basis that sharing and storing data are free but additional services are available at “a low cost”. Utilities are a good solution for areas that are universally recognised as non-competitive such as compliance, says Meurant. Compliance budgets are significant and therefore the more money financial institutions can save, the more they can invest in areas that deliver competitive differentiation.
Other observers point up that utilities can be especially effective when combined with other tools, such as outsourcing, off-shoring and investment in new businesses. May believes lower-margin industries have lessons to teach the financial industry. The pace of change in financial services and the emergence of financial technology competitors have opened the doors to collaboration between financial institutions and third-party specialists.
At Goldman Sachs, says May, outsourcing was part of the solution, but only “one string to the bow”. Automation can shine a light into complex processes, identifying where a line has been crossed and when investigation is needed. However, he adds, there always will be a manual touch point. Automation is part of a larger set of tools that includes industrialisation as well as outsourcing where appropriate to places such as India and the Philippines.
While automation may be desirable from a risk control perspective, some participants argue that since 2008 there has been a gradual shift away from automation as a tool for adding value to a business. Instead, the focus has moved to automating simply as a means to enable financial institutions to deal with the waves of incoming regulation. That can be a problem – particularly if firms are forced to direct resources away from innovation and the core business proposition.
“Many firms have done very little investment in recent years and what they have invested has been mostly on compliance. I believe over time that inevitably makes those firms less competitive,” says José Placido, head of client development and strategy at BNP Paribas Securities Services.
Another problem is that smaller firms often benefit less than larger firms from automation drives prompted by regulatory demands as they cannot achieve economies of scale. Eric Werab, director, product portfolio management for financial crime risk management at Fiserv, says greater efficiency is beneficial for the bigger financial institutions, but for the smaller ones the benefit is “often not there”. Wherever possible, it is better that automation is part of a wider strategy rather than a box-ticking exercise, he argues.
Automation is not a “silver bullet” and will not “automate problems away”, he adds. Business process and control are very important but issues will remain unless a financial institution also addresses core business processes. “When it comes to operational risk and technology, if people want to do harm, even the best controls can be subverted. Automation helps, but the firm has to be committed to change for it to work,” he says.
A related issue is the relative investment in the front office versus the mid- and back-office functions. There may be little point in investing in a powerful front-end, if the rest of the business is unable to follow up and deliver on the promises initially made to customers. Gregory Derderian, vice-president, banking and financial services at Genpact, says the challenge for banks is to invest across the front, middle and back offices. Data and analytics support origination at the front-end, but the middle and back offices must be able to support this. Automation must be done on an end to end basis.
Derderian cites the example of a friend who recently made a business trip to the US, only to find his card transactions declined. Following a phone call with the bank, he was promised that it would be fixed. However, the problem was not fixed – leading to a repeated cycle of phone calls to the bank which lasted nearly a full working week. Following the experience, the friend decided to terminate his account and switch to another bank. “There was clearly a great front end, but the back office was not connected and so they were not able to follow through,” he says. Such a scenario will lose a firm business, especially as financial services firms are now being challenged by newcomers who don’t have the legacy technology, and who focus on customer experience.
Even utilities should be approached sensibly and should not be used as an excuse by financial institutions to let standards slide or think that they have outsourced a business problem, such as KYC or sanctions screening. According to Placido at BNP Paribas, that would be a risky move in itself.
“CLS is a good example of a utility – it removes risk and cost through efficiency,” he said. “There’s a cost of complying with heightened transparency requirements and we see a lot of discussion of sanctions utilities. But the regulator looks to banks to do their own homework. You’re not outsourcing the responsibility; you need to have your own house in order too.”
There are also complex problems to be solved. For example, an obscure sanctioned security could be a component in a much larger, non-sanctioned product – and there is in any case no universal agreement on which entities and countries are sanctioned. Placido believes that automation should be extended far beyond KYC, to include greater efforts to help with depository requirements and collateral obligations.
“This is not just about us complying, because our clients are asking about it too and expecting us to assist with forward planning,” he said. “It’s very costly and complex for them to comply with regulation in areas such as KYC, so using utilities make sense, but for us we have to help them to comply in all these other as well.”