Assessing know-your-customer vulnerability
There has been some concern on the part of both financial institutions and financial gatekeepers, that know-your-customer regulations would ultimately mean that huge amounts of money will have to be spent in the exercise of due diligence on every customer and in every transaction. This is not true.
We start with the understanding that no matter how good one is and how careful we are, mistakes will be made and something will eventually slip through. As unfortunate as this is (and often disastrous, as the resource-rich agencies such as CIA and FBI can attest), there is no way to close all avenues. What we can do, however, is have procedures in place that, when observed carefully, will prevent someone’s slipping through who could have been filtered out with reasonable effort.
With know-your-customer procedures, as with all risk management, you want to take action where there is risk – risk equating to likelihood times cost. Put simply, if the cost of a failure is not high, then the risk cannot be high, and thus the cost of exercising due diligence should be appropriately low. As an example, this editor recently needed a hundred dollar bill to give as a present to a child for his birthday. The bank at which the five twenty dollar bills were exchanged required a full-page form to be filled out. We have not seen this in any other bank. On a guess, this bank is drowning in paper, which will hinder compliance efforts against those who actually do present a danger. Their misdirected – but well-intentioned – efforts open them to the possibility of real losses.
You need to determine where you face risk that is sufficiently high to result in serious consequences to the company, and to devote the bulk of resources to that issue. The non-financial equivalent is the stealing of pens: While the probability of someone taking a pen from the office is high, most serious businesses would not devote as much effort to protecting pens as to protecting laptops. Our view is that know-your-customer procedures should be addressed with a similarly common-sense approach.