The Ministry of Economic Affairs and Communications of the Republic of Estonia (MEAC) is developing cross-border services within the framework of the DIGINNO project for the Baltic Sea Region, including in the area of KYC. KYC (know your customer) as a topic stems directly from both international and EU regulations on anti-money laundering and combating the financing of terrorism (AML / CFT). Every developed country in the world is dealing now with this area.
On the Estonian side, the following parties are involved in the Diginno KYC project: MEAC (who is the lead of the entire Diginno project), the Ministry of Finance (responsible for establishing regulations for beneficiaries and regulations for the financial sector), an audit company, a trust and company services provider, major banks, a rating agency, virtual money service and virtual wallet providers, virtual identification developers, an IT development company, and others.
Similar workgroups are established in Latvia and Lithuania. It has been decided that the lead of the Diginno KYC international working group will be taken over from Latvia to Estonia and Rainer Osanik will be the coordinator of the international KYC working group.
The goal of the workgroup is to come up with a vision of how the KYC can operate across borders without unreasonable and unnecessary steps and actions. If you imagine, would it be possible for a person (client) to transmit his or her most common KYC data (e.g. personal data, place of residence, utility bill etc.) with the push of a button and for the accuracy of such data to be certified by the state (or so to say stamped by the state)? And can it be done cross-border so that countries recognize it mutually? It is already common to have e-invoices, we declare taxes digitally, there are data-exchange channels built for G2B and B2G, and data collection channels are there for collecting and exchanging existing information with the state. How can all this be used, transmitted, and exchanged for KYC? Or do we have other good and effective alternative solutions from the private sector that could be used more widely and internationally?
Within the Estonian Diginno KYC workgroup, we have agreed upon our KYC-to-be ideal vision (see below). We are currently working on reaching an agreement on the so-called Baltic KYC-to-be . We are also finalizing business canvas and we will soon start a feasibility study. However, as a result of this project, there is no real solution or product, but the purpose is to analyze whether the KYC could be done across borders and what obstacles it entails as well as what needs to be changed to make it possible at all.
In Estonia, the biggest problem for us is the lack of interest in the public sector and the notion that KYC is not a priority for the state. Rather, it is considered that the companies shall regulate and deal with such issues themselves and that the state only imposes general (often very harsh, absurd, and enormously resource-consuming) requirements, which are met under the threat of severe penalties. Unfortunately, we lack the regulation that allows exchange of KYC data already collected between obligated parties and access to data already collected in the national registers. In this respect, Latvia has made a rather big leap by making KYC as state priority and drafting regulation, data exchange standards, and standard questionnaires for financial sectors, allowing Latvian banks soon to exchange and collect from state registers KYC data free of charge. At the same time, Estonian business registers charge disproportionately high fees for each request made, and therefore, instead of making inquiries from the register by obligated parties, the customer is demanded to give the data to the obligated party.
KYC does not only concern the general identification of the person, but the obligated parties have a duty to follow business relationships, origins of the money, person's background, politically exposed persons (PEP), etc., which cannot be performed effectively without cross-border data exchange. Currently, there are no efficient methods to verify that the data and the statements the client reveals about him- or herself are bullet-proof true. If a person's risk patterns hint at his or her dishonest or unethical behavior, it is also a basis for declining a person's as a customer under the KYC rules. However, at present it is not possible to send or exchange such data across borders except for the so-called international blacklists that are publicly accessible.
Nowadays KYC is also increasingly used by non-obligated persons. Checking your business partner's background is a normal activity for all medium-sized and large businesses. For example, in order to know whether to sell goods in installments or to buy something with a prepayment, the reliability of the transaction partner is very important. Currently, only the data provided by the same transaction partner is used, but the accuracy and the legality of the data cannot be verified. The situation is even more complicated with cross-border transaction partners, as it usually involves also documents in a foreign language.
Cross-border KYC would significantly increase the reliability of transnational business and, on the other hand, prevent and help avoid cross-border financial frauds and misconduct. Often, small fraudsters move from country to country as grasshoppers, but due to the lack of transnational data exchange channels and platforms, the information about their past activities does not follow, which enables them to commit new fraud in the next country.
The KYC-to-be vision:
Harmonization of a minimum list of questions and documents that are needed to conclude KYC
An agreed normative, substantive, and data transmission (i.e. data exchange standard) framework under which service providers can create their services
Adopted cross-border (or transnational) acts/regulations to guarantee cross-border usage/applicability of such services
An ability to create a KYC profile, which consists of both automatically collected (query-based) and self-contained data (documents that cannot be obtained from national databases based on inquiries)
On the basis of existing and entered data, visual display of inter-dependency links between the person(s) and the company(s)
State confirmation (validation) of the data it has/owns (i.e. symbolically confirms their accuracy as these data come from national registers)
State acceptance of third parties (e.g. credit institutions, audit firms, etc.) to validate the information entered by persons about themselves (e.g. data about foreign beneficiaries)
An interoperable profile, which a person has already created, in all cases where obligated persons (or individuals voluntarily) want to carry out KYC. It shall be created on once-only principle. Other states accept the KYC data that is recognized by the first State (transnational agreements).
Background about Diginno project:
DIGINNO (Digital Innovation Network) is a project funded by INTERREG Baltic Sea Region 2014-2020, the overall aim of which is to accelerate the movement of the Baltic Sea region towards a functioning digital single market. Duration of the project is October 1, 2017 - September 30, 2020. The DIGINNO project focuses on expanding the opportunities of the ICT sector in other sectors of the economy, cross-border innovation in public services, and organizing cooperation among policy makers involved in digitalization related issues. One of the focuses of the DIGINNO project is the digitization of cross-border e-services in the G2B direction. The goal is to increase the volume of cross-border e-services and also to raise awareness of G2B cross-border e-services among public authorities, businesses and organizations. Also it aims to promote transnational cooperation by building a digital network of G2B cross-border e-services and developing example models.
For questions and thoughts, feel free to contact us
Rainer Osanik / Coordinator of Diginno KYC international workgroup