By Samantha Sheen, AML Director Europe, ACAMS
12 July, 2016

A couple of years ago over Sunday lunch, a family friend told me about a problem she’d been having with her bank. This friend, we’ll call her Pat, had been a customer of the bank for 20+ years.

Pat showed me a letter she received from her bank. It said that her account had been frozen pending receipt of a certified photocopy of her passport. By way of explanation for the request, the bank stated that “the regulator was requiring that this information be collected”.

Pat went to a local solicitor to have a copy of her passport certified, for which she had to pay a “fee”.  Pat, a widow and retiree, lived on a limited income. Reluctantly, she paid the fee and then drove over to her local bank branch where her account was held and handed in the requested document.

Two weeks later, Pat received the same letter. Thinking this was a mistake, Pat called the bank’s customer helpline. Pat was told she would have to go and get another certified copy of her passport and send it to a KYC team in a different jurisdiction. While Pat contemplated what to do, she received the same letter a third time. Pat had had enough and complained to the local regulator.

Fortunately for Pat and other local residents who’d received the same letter, the regulator took action and called on the bank to account for these letters and the freezing of accounts.

The regulator found out that the bank, upon discovering that it did not hold current KYC for some of its long-standing customers, sent them generic KYC request letters. It presumed the regulator would expect it to halt activity on the accounts because they were “KYC deficient”. In its rush to send out the letters, the bank failed to communicate the initiative to all of its frontline banking staff.

Three things bothered me about this story:

(1) Pat depended on accessing monthly pension benefits paid into her account. There was no evidence that Pat posed any sort of elevated financial crime risk that justified freezing her account;

(2) Pat was doing all the “running around” to resolve the bank’s problem. She was put to unnecessary inconvenience at her own expense when her identity could have been verified in person by the local bank branch; and

(3) No one who Pat spoke to explained how the request related to the bank’s KYC requirements.

I was reminded of this story earlier this week when I read the FCA’s paper entitled, Access to Financial Services in the UK May 2016 Occasional Paper 17 (“Paper”).

Scope of Analysis

The research and analysis presented in the Paper underscores the complexity of the problem of access to financial services – primarily banking services – and the need for all stakeholders, such as government, banks, regulators and advocacy groups, to work collaboratively in finding a solution.

Once Again – Unintended Consequences

The Paper again echoes what has been heard in other recent reports released by the FCA about de-risking activities – that the unintended consequences of anti-financial crime (“AFC”) regulatory requirements have created barriers to banking services for certain groups.

Importance of Access to Daily Lives

The Paper notes the critical impact access to banking has on an individual’s ability rent accommodation, be paid wages, receive government benefits, and allow people to take responsibility for their own financial well-being. The Paper notes that the ageing population, in particular, is experiencing this as an increasing problem.

I was particularly interested in the Paper’s observations about how AFC requirements are applied can act as a barrier to access and how frontline banking staff can exacerbate this problem.

Stringency of Identification (“ID”) Requirements

It is suggested in the Paper that the way some banks implement KYC requirements can exclude individuals who apply for banking services when they cannot produce the required ID.

The ID required by most banks consists of a passport and driver’s license. However, approximately 9.5 million individuals in England and Wales do not have a passport. To complicate things further, the UK does not have a mandatory national ID card.

The UK’s AFC regulations do not limit the ID that banks can accept to the ones above. The UK’s Joint Money Laundering Steering Group’s (“JMLSG”) guidance identifies other types of ID that can also be accepted.

The Paper notes that each bank takes a slightly different approach to the ID it will accept. Some are more restrictive than others. Even though the JMLSG guidance makes it clear that measures should be in place to deal with individuals who don’t have standard ID, this does not appear to be happening in practice at all banks.

The Paper recognises that the reason for this may be banks’ overall reluctance to detract from traditional forms of ID seen as acceptable in the eyes of the regulators (i.e. passport and driver’s license). There may also be some other reasons for this. Some ID requirements may be standardised based on the perceived benefits of consistency – the less discretion that has to be exercised in deciding which ID is acceptable, the faster an application can be processed. Consistency may also reduce the risk of KYC requirements being breached due to human error.

The Paper suggests that all of this results in uncertainty for customers, and sometimes bank staff, about what forms of ID the bank can accept and what the actual regulatory requirements are.  The Paper rightly notes that this is made worse when customers receive conflicting information from different banks, or different staff at the same bank.

The Paper suggests there is a fine balance between AFC risks and ensuring access to banking.  The analysis undertaken suggests that applying a risk-based approach to ID rather than a single approach, would ensure that access is not being unnecessarily denied to some individuals.  However, the Paper would have benefited from further analysis around the impact that this approach might have versus the benefits perceived to be gained by adopting a consistent approach.

Lack of Transparency with Customers about Impact of AFC Requirements

The Paper explains that customers are often not clearly told (or told at all) about why they have been refused bank services. Like Pat, there are also instances where information is not provided about the reasons why certain ID is required, and if the required ID is not held, what alternatives are available. The Paper notes instances where frontline bank staff sometimes seem to reject some types of ID which are otherwise permitted under the AML/CFT regulations. The Paper suggests that these situations happen because some frontline staff are not trained sufficiently in this area.

Solutions – Honesty and Service with a Smile

Although this article does not cover all of the salient points identified in the Paper (see: https://www.fca.org.uk/news/occasional-paper-no-17), here are a couple of the proposed solutions, along with some of my own comments:

  1. As part of the AML training given to frontline banking staff, ensure that they can explain the bank’s ID requirements. If alternative forms of ID are accepted, staff should be able to explain what they are and how they can be obtained. Ensure that staff understand when and to whom cases should be referred when a customer has a problem like Pat did.
  2. Train frontline staff on how to help customers with ID issues with a “smile” (even over the phone). Some banks provide brilliant customer service around their products and services. How great would it be if this was also done when answering questions about KYC requirements?  KYC is not a “state secret”. Customers should be provided with complete and consistent information about both what is required and why. Just as individuals need access to banking services, financial institutions also need customers’ cooperation in providing the required KYC.
  3. Regulators may need to take a stronger stand on both compliance and over-compliance [my emphasis] concerning ID.  I suggest that it’s not so much over-compliance with ID requirements that’s the problem as much as banks’ trying to anticipate what the regulator expects to see. Instead, perhaps this could be improved if banks were able to really engage in a risk-based approach, and regulators reconsider how they might be conveying requirements and expectations around ID that conflict with this approach.
  4. Tell consumers why they have been rejected or why their account has been closed. This is a more challenging recommendation which requires further exploration. If frontline staff experience challenges explaining KYC requirements, further training and guidance would be needed on how to explain why a customer has been denied access to banking services.

While this article has not fully canvassed the many different issues and solutions proposed in the Paper, it does highlight some of them. While it remains to be seen how stakeholders will respond to the Paper, I am pretty sure that Pat would be pleased to see that she is not alone in facing some these challenges and that the regulator has been listening.