Apollo Investment Management

A modest proposal with respect to Kafka
Reducing the costs of KYC documentation

A giant problem

The US imposition of FATCA is estimated to have imposed costs on financial institutions in other countries of the order of US$200 billion (a figure reported to originate from one of the big four accounting firms), or possibly over US$1 trillion. It is believed that even the US costs exceed US recoveries. One hopes that the US Government Accountability Office is monitoring this: meanwhile good questions are asked by bloggers. If we accept even the lower figure of US$200bn for the costs to foreign financial institutions, the tax hit to those countries from the lost profits would be $50-80bn - a huge multiple of the gross recoveries in the US.¹

At present the review process is so time-consuming that some banks are refusing to open new corporate accounts, or charging upfront fees in the thousands of dollars which customers are unaccustomed to paying and small businesses may be unable to afford.² In a further twist on 'Kafka's costs', foreign professionals taking up employment in the UK now find it difficult to open bank accounts there.³

Not usually mentioned are the costs to the customers, which I suspect are a large multiple of the costs to financial institutions. If this is correct, we can multiply that loss of profits, and the resultant loss of tax revenue to foreign governments, many-fold. The banks issue demands for hundreds of pages of documentation, often on an 'urgent' basis that requires productive activity to be subordinated to a scramble to meet their unilateral deadlines, lest accounts be frozen or closed (which may happen anyway). We collect the hundreds of pages, take them all for certification, and courier the package - and have learned to keep copies, and proof of delivery, as the banks then apparently lose it, or declare that 'information supplied was incomplete' without ever specifying what was incomplete (I am told that this claim may be an excuse for concerned regulators), and the demands are repeated over and over again.

I suspect that one problem is inefficient filing of documents. HSBC staff in Hong Kong tell me that all documents are scanned on receipt, and the paper promptly crushed. (Several people of dour demeanour have become bizarrely animated about the word 'crushed', and repeat it with great frequency and disconcerting glee.) It then appears difficult for the bank to relocate any document, although sometimes the impossible is later achieved. (To avoid any misunderstanding, we have great sympathy for the bank's employees, who often appear to be soldiering on in difficult circumstances.4) We guess that the documents may be batch-scanned into unindexed multi-paged megafiles, perhaps without checking that all pages are recorded or clear, and that it is easier to claim that documents were unsupplied than to search for them on screen.5

A partial solution

The duplication of effort is crazy. Much of the information demanded is standard. Some of it never changes (eg a company's Certificate of Incorporation), or changes rarely. There are surely more efficient ways of verifying, storing and accessing this data. There is an opportunity for financial institutions to slash their costs, and for any IT company that can build a shared system with the requisite trust. The initiative could be taken by any entity willing to ensure a suitable structure and persuade other financial institutions to buy in.

Ironically, aspects of US documentation may point the way. Forms such as W-8BEN and W-8BEN-E, once mastered (which often caused months or years of grief)6, are standard, and self-certified, and usually required only in electronic form - so can be loaded onto a website, with a URL supplied in response to any request.

Other KYC documents are often requested in hard copy, with original signatures of a professional from various categories (bank officials qualify), and are then reviewed by each institution. I propose a system in which each document may be certified and approved by a bank or other licensed financial institution, once - and in most cases, once only. Each document would then be filed sensibly on the system, labelling the entity (registered name, registration number) or person, document type, date of document, identity of the FI certifier, and date of certification.7 Each document would then be visible to the approving institution (or to certain divisions within it, as agreed), and to the entity or person concerned. Each document could then be shared by the entity or person with any other financial institution, by providing a URL (similar to sharing with Dropbox, but with the addition of secure certification by the FI). That financial institution should be allowed to rely on the certification by the first: if it wished to inspect the original document again it could do so, with the new certifying entity and date also recorded on the system. (This would ensure that changing information may be kept up to date, and take care of doubts about the reliability of AML systems at any specific FI.) Most documents could then be reviewed properly once, rather than over and over again, saving time and costs for customers and FIs alike, and freeing up time for more productive tasks.

The ability of the entity or person concerned to review the data, ensure completeness, and forward the links, seems crucial. SWIFT has a KYC Registry intended to cut costs by sharing data, but it can only be accessed by banks, fund distributors, and custodians, and no official at any such institution has ever mentioned it to us. HSBC was reportedly involved in the design of the service in 2013, but cannot apparently keep track of documents even within single business units in Hong Kong, let alone tap the 'massive efficiencies' then envisaged.8 Opportunities are clear, and requirements urgent. Financial institutions and their customers all need a better solution.

Claire Barnes, 6 May 2016

The bigger picture (postscript 8 May)

Several early readers of this article have noted that KYC documentation is only a small part of the growing bureaucratic mountain. I agree - but while most of us have no influence over the mountain, some of our readers may be able to move this particular rock. That would provide a breathing space to many of us, and allow us to dream about tackling the mountain. Surely worth considering?


  1. My thanks to Antonio Foglia for the tax point.
  2. HSBC Malaysia told a colleague that they are now closing existing corporate accounts generating less than RM 500,000 per annum locally or US$1 million globally in revenue to the bank - no small businesses there! However, this is not explicable by KYC costs.
  3. Thanks to my colleague Shing for explaining this Catch-22: no bank account without residential address proof, but how to rent/buy without bank account?
  4. The Battle of Stalingrad comes to mind.
  5. This does not however explain their seventh demand in five months for a copy of my passport ID page, a single-page... scanned in person by my diligent, helpful and long-suffering relationship officer, who did her best to ensure that the sixth demand was the last, eight days before despatch of the seventh.
  6. And some unwarranted confiscation, if names were shortened in one box but not in another, UK or Great Britain written instead of United Kingdom, or...
  7. Documents routinely requested of individuals include: passport, proof of address, and a variety of FATCA and CRS documents. (The latter need to be standardised: the current confusion is causing each institution to generate its own forms, with individual employees cutting and pasting in extra items: much unnecessary effort, and further confusion.) Documents routinely requested of companies include: Certificate of Incorporation, Memorandum and Articles, Organisation Chart, Register of Directors, Register of Shareholders, n years audited financial statements (provision should be made for changing year-ends, eg FS201603, FS201612), licences if any, FATCA and CRS documents - plus KYC details on directors, and some shareholders, which to avoid duplication should link to files created for those individuals/entities. Provision should be made for other categories of documents, and for document-by-document (not batch) control.
  8. Postscript 19 May: apparently the SWIFT KYC Registry costs US$3,000pa plus $120 per request, and contains only data on Qualified Financial Intermediaries, which is often available more efficiently elsewhere. No competition there!

Previous reports:
Home Investment philosophy Fund performance Reports & articles *What's new?*
Why Apollo? Who's Claire Barnes? Fund structure Poetry & doggerel Contacts