KYC: Continuously monitor business relationships

6 min read
Jun 11, 2024 8:58:36 AM

KYC: Continuously monitor business relationships

Know your Customer (KYC) is one of the central compliance processes in the financial world. As soon as a suspicion of money laundering at a bank becomes public, this quickly worries its customers. If large sums of money are withdrawn as a result, the financial institution can get into serious difficulties and this leads to bad publicity for the bank. In addition, the bank may be targeted by the banking supervisory authority, which may impose fines or severely restrict business activities by imposing strict conditions.

This is what KYC is all about

Know your Customer processes, or "KYC" for short, are used to identify and check existing and new customers on the basis of legal requirements relating to the prevention of money laundering. The aim is to combat white-collar crime, terrorism, money laundering and other criminal activities.

The legal basis in Switzerland is the Money Laundering Ordinance of the Swiss Financial Market Supervisory Authority FINMA. In Germany and Austria, the EU Money Laundering Directives and national laws such as the Money Laundering Act (GwG) apply. In principle, every company is obliged to carry out KYC, regardless of its sector. In the case of credit institutions and insurance companies, KYC is primarily used for new customer business. Before a new customer can open an account, a legitimation check must be carried out by KYC. This involves obtaining information about the customer's identity, business model and cash flows. KYC checks are generally based on sanctions lists. These are published either by states and communities of states such as the EU or corresponding ministries.

The sanctions list check is mandatory

In order to conduct business in compliance with the law, a sanctions list check is essential. It is the central measure in KYC. However, it is by no means an option, but an obligation that every company must comply with. While the failure to submit balance sheets and annual financial statements results in restrictions by the tax authorities, no one checks whether KYC has been carried out. Only when a suspicion of money laundering becomes public do financial institutions such as the banking supervisory authorities become active.

If sanctioned persons, companies or organizations receive financial resources or goods, this has serious consequences. In other words, any financial institution that neglects KYC and fails to comply with sanctions lists is taking a major risk. The sanctions range from high fines to prison sentences. This primarily affects managing directors, but also export managers. Added to this are the financial risks for the company itself.

This is why the sanctions list check is often neglected

The review of sanctions lists is carried out as part of due diligence checks. During these audits, individuals and companies are analyzed for financial, legal, tax and economic circumstances. A distinction is made between new business relationships (onboarding) and long-standing business partners (ongoing). 

Failures in KYC and sanctions list checks almost always have the same cause: companies shy away from the immense administrative effort that regular checks entail. This mainly affects existing, long-standing business contacts. The number of sanctions lists issued by states and international organizations is constantly growing and the lists are constantly being updated. If audits are only carried out on a random basis, the risk of undetected suspicious cases increases.



From the field: N26 and the challenges of KYC implementation

No one is immune to getting the wrong business partner. It happens again and again and is often discovered far too late. In most cases, the initial damage has already been done. The only thing left for the financial company to do is to limit the damage. This ties up valuable human resources. This is what happened to fintech N26, for example, which initially launched as Number26 in 2015. From the outset, Neobank focused on the needs and wishes of a young and digitally savvy clientele. After receiving a full banking license in 2016, Number26 changed its name to N26.

Digital banking on the smartphone is at the heart of N26's business model. Unlike conventional banks and savings banks, which were late to jump on the bandwagon, N26 is a purely digital project. Cost-intensive branch banking was never an option. This allowed the bank to offer attractive conditions for interest rates and fees from the outset.

Rapid growth and sudden turbulence

N26 experienced rapid growth after its launch in 2015. It took just under three years to reach the threshold of one million customers in summer 2018. The NZZ announced it back in June 2019: "Soon N26 wants to take on the Swiss banks". Switzerland was added as the 26th market in September 2019. After another three and a half years, in January 2021, the bank already had seven million customers worldwide. Problems with financial supervision began this year and growth started to stutter as a result.

It became known that the bank had reported numerous suspected cases of money laundering late. According to N26, there were fewer than 50 cases in 2019 and 2020. Although this may seem minor given the bank's large number of customers, the banking supervisory authority is taking consistent action. Every suspected case must be reported to the responsible department within 72 hours, which means a considerable amount of work for the banks. If these reports are not made, considerable penalties can be imposed. For a young and successful company like N26, this had a noticeably negative impact.

In the crosshairs of banking supervision: penalties and growth brakes

The consequences of the past failures were not long in coming. The German banking supervisory authority Bafin imposed a fine of 4.25 million euros on the smartphone bank. The shortcomings in money laundering prevention in June 2021 were reason enough for the regulator  Bafin further threatened the neobank with conditions for new business.

And is taking the threat seriously. Specifically, the Bafin requirements stipulated that only 50,000 new customers per month were permitted. However, these restrictions did not apply to Germany and Austria. A painful brake on growth for N26, as the bank was currently in a phase of expansion. The bank then had to decide how it would implement these restrictions in the other 24 markets.

The German banking regulator did not intend to punish N26, but to discipline it. The bank should therefore pay more attention to KYC before accepting new customers without verification. The timing of the announcement of these requirements was extremely unfavorable for the smartphone bank, as it was about to launch a new financing round. Despite the hurdles imposed by Bafin, the bank managed to raise 780 million euros from investors.

KYC neglect - an expensive lesson

The neglect of compliance regulations such as KYC resulted in drastic penalties from the banking regulator. What is particularly surprising is that the bank received a grant of 700,000 euros from Investitionsbank Berlin back in 2016. This money was to be used to advance the development of systems for the automatic detection of attempted fraud. Obviously, this project was not implemented as planned.

According to its own information, the company, which was valued at up to 10 billion euros after this financing round, had already implemented a large part of the measures required by Bafin. For example, 25 million euros were already invested in the fight against money laundering in 2021. 

In general, the neglect of KYC & Co is attributed to the bank's rapid growth. Resources and attention were primarily put into expansion rather than comprehensive audit procedures.



Conclusion: Designing comprehensive KYC checks efficiently

When you enter into new business relationships, you must first thoroughly check the new partner in accordance with a KYC onboarding process. However, you must also subject existing business relationships to ongoing checks. There is no prescribed method for checking sanctions lists. Nevertheless, it is essential that you take on this important task in order to identify suspected cases of money laundering or other convicted offenses at an early stage and report them conscientiously.

With the large number of sanctions lists and the frequency with which they are updated, these checks, assessments and decisions made, as well as their audit-proof documentation, are extremely time-consuming. In most cases, they can hardly be managed manually. Automated solutions for screening and monitoring your business relationships are therefore extremely helpful. They enable you to carry out all KYC-related checks systematically and efficiently. This not only minimizes compliance risks, but also actively protects your company from potential damage and legal consequences.

For this purpose, Pythagoras Solutions has developed solutions such as the Partner Screening, which you can use to continuously monitor your business relationships for risks. With the KYC compliance solution from Pythagoras, all regulatory requirements and guidelines are consistently adhered to. This means you avoid risks, save time and can concentrate better on your core business.


Stay informed.

We always keep you up to date with news, important information, helpful tips and valuable articles.

Get Email Notifications