Payments messaging firm SWIFT announced on Tuesday (Feb. 12) that it will now allow corporates to join its KYC Registry in an effort to facilitate the sharing of data between companies and their banks.
The move targets one of the largest pain points of Know Your Customer (KYC) compliance for businesses and their financial institutions (FIs): the complexity linked to corporations that use multiple banks across multiple jurisdictions. SWIFT noted that these cases present KYC challenges because data exchanged between all these parties is often incomplete or out of date. SWIFT’s KYC Registry offers entities a unified platform through which they can upload and share standardized KYC data.
“Corporate treasurers cite KYC as one of the top three challenges they face in their bank relationships,” said SWIFT’s Head of KYC Compliance Services Marie-Charlotte Henseval in a statement, noting that the addition of corporates to the KYC Registry “will extend them the same advantages, with a standard agreed [upon] by the community and a secure platform enabling efficient data sharing.”
Indeed, researchers have found evidence that companies are struggling to manage the growing weight of KYC, anti-money laundering (AML) and other financial regulatory compliance demands.
The mesh of AML and customer due diligence processes that make up a holistic KYC compliance strategy can add administrative burdens, slow down onboarding times for corporates and their banks, and expose businesses — including small ones — to the plethora of non-compliance risks.
International Monetary Fund (IMF) estimations pointed to a total money laundering volume of $2.1 trillion across the globe, with billions of dollars in fines issued by regulators against banks and corporations. Increasing sophistication of money launderers and other financial criminals has led regulators to introduce even more stringent KYC and AML rules, too.
Reports in CNBC last week shed light on one way criminals’ money laundering tactics are evolving.
According to the publication, bad actors are flocking to the gig economy, and services like Uber and Airbnb, to launder money. Advertisements on the dark web promote opportunities for Uber drivers and Airbnb hosts to partake in the scam, in which a criminal pays the gig worker for a job that was never completed via a stolen credit card. The worker — an Uber driver, Airbnb host or otherwise — then repays that criminal.
The tactic allows criminals to launder money processed through these gig economy platforms, with evidence of this practice going back at least two years.
Trustwave SpiderLabs VP of Security Research Ziv Mador told the publication that the cybersecurity space needs to take a closer look at what cybercriminals do with their funds after a successful cyberattack, and how they launder money.
Gig workers themselves face legal risks as a result, too, according to an Uber spokesperson.
“One reason it’s enticing to the real driver is they think, ‘at least I’m getting paid for driving a route that I’m normally driving anyway,'” he told the publication. “What they don’t realize is it’s not just defrauding Uber or our platform; it’s wire fraud. It’s serious legal liability for the driver.”
However, the tactic exposes companies like Uber and Airbnb to massive KYC and AML non-compliance risks as well. Reports said Uber first took note of this money laundering scam in China, while collaboration with U.S. law enforcement led to 13 arrests in New York in 2017.
Another spokesperson for Airbnb said the company “takes its responsibility as a participant in the financial ecosystem seriously, and has developed sophisticated models, systems and processes to detect and prevent all forms of misuse and illegal activity.” The company added that Airbnb deploys its own compliance and security controls, and collaborates with FIs, regulators and law enforcement “to spot new trends in potential misuse and illegal activity, and share information to combat illicit activity.”
According to SWIFT, that sharing of information between companies, banks and other relevant parties is an essential component of KYC and AML compliance — and one of the most challenging, too.
“In an era of constantly evolving regulation and [KYC] obligations, both corporates and banks seek to simplify the maintenance process of exchanging KYC data,” SWIFT said in its Tuesday announcement. “With data often disseminated across multiple sources, incomplete or out of date, banks have to repeatedly follow up ad update information with their corporate customers.”