A EX LISTED Company Secretary writes...
Is your Company Secretariat team responsible for your KYC & UBO requests and if so, how do you manage these? We are currently responsible for these requests and feel that the demands are increasing in number and taking up an inordinate amount of time. Currently requests are emailed to a group Co. Sec. inbox but we are looking into a better way to manage this. Suggestions to improve processes welcomed!
We have a similar issue. The volumes of KYC requests is so significant. We have opened our legal entity database to Group functions. They still come to us for various requests, certified extract charts etc. We have explored options including outsourcing (cost is approx 4 staff salaries so unfeasible); automation but cannot find a reasonable solution. I know some providers offer to convert your mailbox to a self service portal, but the cost is extortionate. Also keen to understand how other companies are managing this.
Can’t really add any suggestions to improve, as I find (fortunately) that the volume of requests isn’t too great so each can be dealt with without too much hassle. Obviously, the process for responding, and the policy on what information is made available, is proceduralised to make it as efficient as possible.
My only other suggestion, which is a rule I’ve applied all my long career as Co Sec, is to be rigorous in pushing back and challenging whether the request actually needs to be replied to. Some companies and organisations just ask for information to which they are not entitled and which may be public domain anyway. Thereby (hopefully) reducing the volume of requests to be dealt with.
We are a small head office and in our case it is a combined effort CoSec/Treasury. CoSec provides the information as the custodian of the data and personal details of directors and Treasury manages the relationship with the banks, challenging their requests when possible.
This is a challenge where there is no Compliance Officer/Team. We have an entity management portal to which colleagues in Group functions have access meaning they can complete KYC forms themselves and send to the Secretariat for checking, which we encourage. We restrict access to personal information in line with GDPR. We also record UBO registers by entity and use the portal’s compliance monitoring tools to flag when something needs to be renewed- different jurisdictions have different requirements. We have it set to flag when changing entity appointments to remind us the UBO registration needs to be updated.