Synonymous with complexity, costs and client friction, know your customer (KYC) procedures weigh heavily on the financial sector, which is why there’s interest in centralising them. In Luxembourg, this longstanding issue resurfaced just before summer, following the announcement of .
The Luxembourg Bankers’ Association (ABBL) aims to , tackling regulatory barriers in the process. , CEO of Lhoft, also sees momentum building for this centralisation.
Where does Luxembourg stand in terms of shared KYC procedures?
Nasir Zubairi: Nothing has been widely adopted at this stage. That said, we are seeing progress, especially with solutions like i-Hub, which are starting to gain traction in the retail banking sector in Luxembourg.
Why hasn’t i-Hub become the go-to solution for all players in the market?
i-Hub initially targeted the retail segment. The five banks that are shareholders (Post, BGL BNP Paribas, Spuerkeess, Banque de Luxembourg, and Bil) are at various stages of implementation. So, the solution works for the retail sector and, to some extent, for corporate banking. However, there are now different needs and requirements for investment funds and private banking, for instance. A solution that could broadly meet the needs of all these institutions would be ideal.
Could that solution be i-Hub, which continues to accumulate losses?
It’s not up to me to say. , a strong personality with a solid track record. A lot of effort is being invested in this project, which remains central for the five involved banks, especially Post. I am therefore very optimistic about the near future: progress is already underway, and more will follow. Overall, the efforts around i-Hub show that positive things are happening in Luxembourg.
What’s preventing a single KYC solution from being adopted?
The main obstacle with any KYC solution remains the issue of liability. For example, if a third-party technology solution like i-Hub fails, it’s the financial institution that bears the responsibility, not the technology provider.
The ideal solution would be one recognized by regulators as the central KYC platform.
How can this be addressed?
The ideal solution would be one recognized by regulators as the central KYC platform. This would transfer liability to the third-party solution, allowing financial institutions to breathe easier. Until we reach that point, the market remains fragmented because each institution has to trust a third-party solution, which takes time and energy and can complicate interactions with existing internal systems.
Would you say the obstacles are both regulatory and technological?
Absolutely. The technological and regulatory aspects are now intertwined, which presents the main challenge. The technology must integrate with the existing systems of financial institutions, which are all different. On the regulatory side, it’s about proving accountability, showing compliance with processes, and adhering to requirements such as Dora (Digital Operational Resilience Act). Institutions need to be absolutely sure that the KYC technology they outsource is reliable and compliant. Extensive testing is necessary to achieve that level of assurance.
Is there a concern that shared KYC could lead to the disclosure of compromising information regarding money laundering to competitors?
Often, we lump together AML and KYC, but AML involves a distinct set of processes. KYC is a static assessment of the risk associated with a person or entity, while AML is an ongoing process. A person might pass a KYC check but later engage in fraudulent activities or money laundering during their relationship with an institution, which would then require continuous monitoring. Transactional monitoring is absolutely critical.
What about the risks of data loss?
Using a centralised or shared system always carries such risks. Under the General Data Protection Regulation (GDPR), customers must be assured that their data is kept private and secure according to their requirements. However, with client consent, sharing data can also save them time and energy.
For instance, an investor in an alternative investment fund must go through several KYC and due diligence processes. If they have the ability to share their data in a secure environment to avoid repeating these processes with each new subscription, this represents a significant advantage. Any large-scale system that shares data between institutions carries risks, but we take these risks every day with cloud-based or software-as-a-service (Saas) solutions.
The real challenge lies in the risk associated with using third-party solutions.
From what you’re saying, the issue is not the lack of adequate solutions on the market…
Indeed, there are many good KYC solutions, such as i-Hub and those from Proximus and Finologee. The real challenge lies in the risk associated with using third-party solutions and integrating them into existing systems, while ensuring that institutions comply with the growing number of emerging technology regulations in the EU. As a result, there are considerable costs and risks involved.
What’s the next expected development?
The next step will be to develop and expand these solutions to cover other sectors of financial services in Luxembourg, such as asset management, which has very specific needs and for which nothing concrete yet exists. i-Hub has shown interest in this direction, but other solutions could also be adapted for Luxembourg.
Solutions like EuroDAT in Germany and Wecan in Switzerland, for example?
Absolutely. They have been explored. Some solutions have been relatively successful, while others have failed, such as the highly publicised project in Singapore that didn’t work as planned. In Scandinavia, a project announced several years ago has still not come to fruition. It’s a complex field: we have stories of both success and failure. The needs and models differ depending on the jurisdiction. It’s also about clearly identifying the needs and requirements for a ‘one-size-fits-all’ model that could be as efficient as possible.
KYC is considered a major obstacle to the profitability of European banks. Can we say it’s a competitive disadvantage for Europe and Luxembourg?
In terms of money laundering, both the US and Asian markets operate under the Financial Action Task Force (FATF) framework. However, it seems to me that the situation is more complex in Europe. This also stems from a lack of innovation within institutions. I believe that in Europe, we are behind Asia and the US when it comes to the effective use of technology to manage these costs. The regulations are what they are--we can’t change them overnight. So, we need to find ways to address them, and the only way to manage that is through the effective use of technology.