The Association of Banks in Singapore has published a report detailing the core design decisions, achievements, challenges and lessons from the recently-shelved KYC utility project.
Recently, a two-year long project to develop a centralised KYC utility in Singapore was put on hold, after costs surpasses expectations. The project was undertaken by an industry steering committee comprising domestic and international banks in Singapore, reporting to the ABS (the Association of Banks in Singapore).
The ABS has published a report to share the knowledge it gained from the project, intended as a reflection on the problem it was trying to solve and the key decisions around which similar projects are likely to pivot. The report also discusses the trade-off options associated with these decisions.
According to the report, the project was aimed at creating a centralised utility capable of performing end-to-end KYC tasks in respect of corporate customers, mutualising each such record in order to reduce duplication and to prevent criminals exploiting information asymmetry between institutions.
Core design decisions
The report outlines the core design decisions and the rationale for these decisions. For instance, a centralised design was chosen due to a lack of maturity in decentralised technology, as well as considerations around latency and immutability, which could be problematic in cases of operational error or intentional misrepresentation by criminals.
The approach to focus on the corporate client segment was chosen in what appears to be a balance between the less operationally intensive retail segment, and the more operationally challenging private banking segment, for which significant effort could be expended on ‘source of wealth’ corroboration.
Additionally, to realise operational efficiency through the mutualisation of customer information, the project included a detailed exercise to harmonise KYC policy standards and operational processes across participating banks. This was considered important because of varying KYC practices at banks, reflecting complex decisions around factors such as existing platforms, group-wide policies, risk appetite and regulatory commitments, among others.
Other design decisions included keeping customer interaction with the banks rather than the utility, an ownership model where banks would not have ownership in the utility, and considerations around adoption strategy.
According to the report, one of the key achievements of the project was the “unprecedented collaboration” between the public and private sector, which helped to identify the key data fields for KYC and define “golden sources” of data for mapping, The work to harmonise KYC policies at banks may in future prove beneficial for risk mitigation even in the absence of a shared utility, it said.
The utility project also helped to define a consensus approach to appropriately allocate liability to banks contributing data (upstream) and those using it (downstream). The project also saw the development of proforma solutions for issues such as bank secrecy, data privacy and data ownership, and identified a particular screening engine which was “was sufficiently differentiated both in terms of higher matches and lower false positives.”
Despite its achievements, the project was assessed to be unviable, as the proposed solution was projected to cost more than the savings banks would achieve. The majors costs were attributed to the utility setup costs, the operationally intensive migration of historical bank data into the utility, and the costs associated with changes to integrate the utility into existing workflows.
There were also significant concerns around cybersecurity, given the volume of customer information that would be held in the centralised utility, as well as further cost implications around operational risk, given that data would be populated from different sources of different quality resulting in a need to “deconflict” the data.
“It is self-evident from this report that significant priority was given to design choices which represented a highly ambitious ideal,” the report said, adding that “more agility in governing the interaction between design and cost could have helped”.
The report also notes that systems and workflows at banks are “optimised for maximum standalone efficiency and regulatory compliance”, and changes to these systems are an expensive proposition.
“Any KYC Utility project will benefit from the learning that it is in many ways more expensive to try to bring such divergent processes together, than it is to keep them apart,” it said. Though not fully analysed in the project, a modular approach could be feasible and “have a materially beneficial impact” on adoption.
The report ends with a call to action for the industry, asking whether a better approach to the KYC problem exists that can achieve a more sustainable business case for such a utility solution.
The full report is available here.