This article is part of Kyckr’s new Future of KYC Compliance series, which interviews leading industry professionals and thought leaders to learn more about the trends that will shape the future of KYC compliance.
The following is an interview we recently had with Brad Elbein, Partner & Government, Regulatory and Compliance Practice Co-Chair, Culhane Meadows.
What’s the current state of KYC compliance?
BE: Large, wealthy entities with a lot to lose either in reputation or in fines and civil penalties—are actively complying. The smaller and more skeletally-resourced an entity is, the more they tend to do the bare minimum. It seems to be generally believed in both civil and criminal law enforcement that it is these mid-range entities who are the most likely to be targeted by wrongdoers: they are well-positioned enough to have resources worth stealing and small enough that they are unlikely to have industry-leading security procedures. This means that the entities who are outside the “large, wealthy” category are likely to need KYC compliance attention most.
How has KYC compliance evolved over the past 5 years?
BE: Remember that KYC, in its earliest stages, began as an anti-money laundering effort for financial institutions. But there were other streams of what we now recognise as “KYC” regulation arising: the Red Flags Rule administered by FTC, for example. These streams coalesced to some extent in the Customer Identification Program under the Patriot Act. KYC has continued to evolve since. The information required of customers and required to be reported by businesses has expanded. The kinds of entities tasked with inquiring and reporting have expanded well beyond financial institutions, and the number of regulatory procedures has expanded. And as I note below, KYC has expanded beyond a law enforcement duty to become a business opportunity.
How has KYC compliance changed in the midst of COVID?
BE: I know of no changes in KYC compliance … yet. That doesn’t mean that the health compliance problems of addressing COVID and the catastrophic consequences of not addressing it will not lead to more regulatory demands. For example, I could see a scenario in which the federal government decides that it must mandate testing for the virus, then mandate vaccinations, both of which would require surveillance. Both could be viewed as reasonable from a public health perspective, though the substantial privacy and other legal issues would be implicated. But then, that information will have to be tracked and verified and provided to other health and medical authorities. Who knows what will happen from there, good or bad?
What are the top trends shaping the future of KYC compliance?
BE: The most significant trend is that, in the best traditions of capitalism, KYC regulation has become a great business opportunity. Businesses that hated having to obtain and report this information to law enforcement have now realised that “knowing their customer” opens opportunities for them. A KYC effort helps them broaden their relationships with customers. Additional information about business associates is so valuable that these efforts will undoubtedly continue in the future.
What’s the future of KYC compliance?
BE: It’s not hard to believe that KYC will continue to expand, both in law enforcement and commercial/consumer areas. In the law enforcement and national security world, demands for information seem to grow exponentially. No “new standard” of what information is enough, ever remains “enough.” As we see from the recent hack by state actors, serious new threats are evolving to take advantage of the troves of data held by government and businesses that are seen as the lifeblood of our information-based economy. Additional law enforcement and national security KYC compliance requirements are easy to foresee in this context. Whatever one thinks of the danger of a “national security state,” it’s not hard to see that the world is a dangerous place these days; nor is it hard to see that our defenses are insufficient. In the commercial/consumer arena, the expansion will likely be equally energetic. More and more, consumers’ and businesses’ interactions will be experienced as mere parts of the whole world of their activities.
For example, I made a warranty claim today on a particular consumer product. There is no doubt in my mind that if the vendor were a sophisticated entity in a high-value market, they would run a “verification” or “validation” scan at my first contact. That information would place my request in the "gestalt" picture of every possible factor that might be relevant to their response. They would know who I am and what I do, my income level, my credit score, my history of warranty and insurance claims, my purchasing habits, maybe my health status, and on and on. That information could well inform their decision about whether they would honor my warranty repair: they’ll know that I’m a compliance lawyer and litigator with a national firm in Atlanta who has a background in consumer law. That might suggest a different business decision to them than if I were someone less likely to be trouble.