KYC: Continuously monitor business relationships

Know your Customer” (KYC) is one of the central compliance processes in the financial world. As soon as a suspicion of money laundering arises at a bank, this quickly worries its customers. Subsequently, if large sums of money are withdrawn, the financial institution can find itself in serious trouble, leading to negative publicity for the bank. Additionally, the bank might come under the scrutiny of banking authorities, which may result in imposing fines or severely restricting business operations through stringent regulations.

Through Know Your Customer processes, abbreviated as “KYC,” existing and new customers are identified and verified based on legal requirements related to the prevention of money laundering. The goal is to combat economic crime, terrorism, money laundering, and other criminal activities.

The legal basis in Switzerland is the Money Laundering Ordinance of the Swiss Financial Market Supervisory Authority (FINMA). In Germany and Austria, the EU Anti-Money Laundering Directives and national laws such as the Anti-Money Laundering Act (GwG) come into play. In principle, every company, regardless of the industry, is obligated to conduct KYC. For credit institutions and insurance companies, KYC is primarily applied in the context of new customer business. Before a new customer can open an account, a verification process is carried out through KYC. This process involves gathering information about the customer’s identity, business model, and financial flows. The foundation of KYC checks typically consists of sanctions lists, which are published either by states, international organizations like the EU, or relevant ministries.

The sanctions list check is mandatory

To conduct business in compliance with the law, a sanctions list check is essential. It is a central measure within KYC. However, it is by no means an option; rather, it is an obligation that every company must adhere to. While failing to submit balance sheets and financial statements leads to restrictions by the tax authorities, there is no active oversight of whether KYC has been carried out. Only when a suspicion of money laundering becomes public do financial institutions, such as banking authorities, become active.

If sanctioned individuals, companies, or organizations receive financial funds or goods, this has serious consequences. In other words, any financial institution that neglects KYC and disregards sanctions lists is taking a significant risk. The sanctions range from hefty fines to imprisonment. Those primarily affected by this are company directors, as well as those responsible for exports. Additionally, the company itself faces financial risks.

The reasons why the sanctions list check is often neglected (H3)

The examination of sanctions lists is carried out as part of due diligence checks. During these assessments, individuals and companies are analyzed for their financial, legal, tax, and economic circumstances. A distinction is made between new business relationships (onboarding) and long-standing business partners (ongoing).

Shortcomings in KYC and sanctions list checks almost always have the same root cause: companies are hesitant due to the immense administrative effort that regular monitoring entails. This primarily affects existing, long-term business contacts. The number of sanctions lists issued by states and international organizations is constantly growing, and these lists are continuously updated. If examinations are only conducted on a random basis, the risk of undetected suspicious cases increases.

From the field: N26 and the challenges of KYC implementation (H2)

No one is immune to encountering false business partners. It happens repeatedly and is often discovered far too late. In many cases, initial damages have already occurred. The financial company is then left with damage control as the only option. This consumes valuable personnel resources. This was the case, for example, with the fintech N26, which initially started as Number26 in 2015. The neobank from the outset focused on the needs and preferences of a young and digitally savvy clientele. After obtaining a full banking license in 2016, Number26 rebranded as N26.

Digital banking on smartphones is the core of N26’s business model. Unlike traditional banks and savings institutions, which joined the digital trend relatively late, N26 is a purely digital venture. Costly branch banking was never an option. This enabled the bank to offer attractive interest rates and fees right from the start.

No one is immune to encountering false business partners. It happens repeatedly and is often discovered far too late. In many cases, initial damages have already occurred. The financial company is then left with damage control as the only option. This consumes valuable personnel resources. This was the case, for example, with the fintech N26, which initially started as Number26 in 2015. The neobank from the outset focused on the needs and preferences of a young and digitally savvy clientele. After obtaining a full banking license in 2016, Number26 rebranded as N26.

Digital banking on smartphones is the core of N26’s business model. Unlike traditional banks and savings institutions, which joined the digital trend relatively late, N26 is a purely digital venture. Costly branch banking was never an option. This enabled the bank to offer attractive interest rates and fees right from the start.

Rapid growth and sudden turbulence

After its launch in 2015, N26 experienced rapid growth. It took just under three years to reach the threshold of one million customers by the summer of 2018. The NZZ already announced it in June 2019: “Soon N26 wants to compete with Swiss banks.” In September 2019, Switzerland became its 26th market. After another three and a half years, by January 2021, the bank already had seven million customers worldwide. However, in this year, problems with financial regulators emerged, causing the growth to stutter.

It became known that the bank had reported numerous cases of suspected money laundering belatedly. According to N26, these cases amounted to fewer than 50 instances in the years 2019 and 2020. While this might seem insignificant given the bank’s large customer base, the banking authorities took a consistent stance. Each suspicion had to be reported to the relevant department within 72 hours, which imposed significant burdens on the banks. Failure to make these reports could result in substantial penalties. For a young and successful company like N26, this had noticeably negative consequences.

In the crosshairs of banking supervision: penalties and growth brakes

The consequences of the past shortcomings didn’t take long to materialize. The German banking supervisory authority, Bafin, imposed a fine of 4.25 million euros on the smartphone bank. The deficiencies in anti-money laundering measures in June 2021 were reason enough for the oversight. Bafin continued to threaten the neobank with restrictions on new business.

And it followed through with the threat. Specifically, the Bafin-imposed restrictions dictated that only 50,000 new customers would be allowed per month. However, these restrictions did not apply to Germany and Austria. A painful growth impediment for N26, as the bank was in the midst of an expansion phase. Subsequently, the bank had to decide how to implement these limitations in the remaining 24 markets.

The German banking supervisory authority’s intention was not to punish N26, but to discipline it. The bank was expected to pay increased attention to KYC before admitting new customers without scrutiny. The timing of these restrictions being announced was extremely unfavorable for the smartphone bank, as it was in the midst of a new round of financing. Despite the hurdles imposed by Bafin, the bank managed to raise 780 million euros from investors.

KYC neglect – an expensive lesson

The neglect of compliance regulations such as KYC resulted in severe penalties from the banking supervision. Particularly surprising is the fact that the bank received a grant of 700,000 euros from the Investitionsbank Berlin as early as 2016. This money was intended to advance the development of systems for the automatic detection of fraudulent attempts. Clearly, this initiative was not executed as planned.

According to their own statements, the company, which was valued at up to 10 billion euros after this funding round, had already implemented a significant portion of the measures demanded by Bafin. For instance, by 2021, they had already invested 25 million euros in combating money laundering.

In general, the neglect of KYC and similar practices is attributed to the bank’s rapid growth. Resources and attention were primarily directed towards expansion, rather than comprehensive auditing procedures.

When establishing new business relationships, you must thoroughly examine the new partner through a KYC onboarding process. However, you must also subject existing business relationships to ongoing scrutiny. There is no prescribed method for how you should conduct sanctions list checks. Nevertheless, it is essential that you undertake this crucial task to detect and dutifully report suspicions of money laundering or other convicted offenses early on.

Given the multitude of sanctions lists and the frequency of their updates, these examinations, assessments, decisions, and their auditable documentation are extremely time-consuming. Manual handling often becomes overwhelming. Hence, automated solutions for screening and monitoring your business relationships are extremely beneficial. They allow you to systematically and efficiently perform all KYC-related checks. This not only minimizes compliance risks but also actively safeguards your company against potential damages and legal consequences.

For this purpose, Pythagoras Solutions has developed solutions such as Partner Screening, which enable you to continuously monitor your business relationships for risks. Pythagoras’ KYC compliance solution adheres consistently to all regulatory requirements and guidelines. This way, you avoid risks, save time, and can better focus on your core business.