As mentioned, certification and business registration entities currently occupy a crucial role for the proper functioning of companies. They cause the registration of the main information of each society, generating with it a general database with basic information.
Most of the information available to these entities is obtained, in the Colombian case, from the records voluntarily made by the people of their companies, such as notification addresses, subscribed, paid, and authorized capital, corporate purpose, legal representative, among other information, which, although it is highly relevant, is inadequate to fully understand a company and all the activities it carries out, as well as different asset movements.
This lack of information creates the possibility that insurers may provide their services to companies whose assets may be made up of illicit money. This occurs from having inadequate knowledge of the client and lack of a large public database that guarantees transparency in the actions of the different market participants.
In this context, it is proposed as an alternative the obligatory nature of financial and accounting information, including income, expenses, and profits that must be registered in a single business registry, thereby seeking a KYC and AML. Thus, the corporate governance of insurance companies can be based on such records to have the well-founded and sufficient knowledge in insuring a respective client, preventing fraudulent activities and identity theft, and improving the internal compliance of each company.
A single business registry with sufficient information results in in-depth knowledge of the different clients of the insurance companies, taking into account their accounting history and income origin. This translates into an adequate KYC that facilitates better data treatment for AML policies based on RegTech, which are consolidated and capable of carrying out specific actions aimed at preventing fraudulent activities.
It should be noted that, in addition to the implementation of the Single Business Registry with sufficient information, the decisions to adapt it must be implemented within each company, also taking into account the adoption of RegTech tools.
For the implementation of the proposed Single Business Registry, it is important to know some aspects that the legislator must consider for the consolidation of a project of such magnitude. In this sense, a regulation that enables interoperability between the different registration systems present in a country is necessary so that an exchange of information is carried out, reducing costs for entrepreneurs while increasing the quality and updating of the data for the knowledge of the interested parties.
In the case of a country like Colombia, different registration systems have specific functions. There are records for merchants and records for natural or legal persons who intend to carry out contracting processes with the state. In this case, it would be necessary to have a regulation that would enable interoperability between these information systems, enabling the transmission of information. Additionally, the legislature must analyze the possibility of a consolidated system where interested parties can consult the information in the registers without having to go to each one individually.
Additionally, special emphasis must be placed on the legislator at the time of its regulation concerning the information that can be considered sensitive. Although greater publicity and transparency are sought to guarantee the KYC and AML, the monitoring of the personal data protection policies of each state must be considered to have an appropriate regulation that only represents benefits for the market participants.
Based on the above, RegTech promotes good corporate practices in compliance management and improves the results of regulatory compliance. In this sense, it enables the ordinary fulfillment of tasks, reducing operating costs related to the performance of daily tasks in a company.Footnote 22
Given the importance of RegTech’s application, Christopher Woorlard, Director of Strategy and Competition at the Financial Conduct Authority—the regulatory body for financial services in the United Kingdom—identified several uses of RegTech that can be highlighted in this case, which, when in tune, may result to the proper functioning of RegTech tools in compliance with the objectives set:
Facilitates compliance of companies with legal requirements, such as reports, documentation, among others.
By promoting efficiency in compliance, it is aimed at closing the gap between the intention of the regulatory requirements, their subsequent interpretation, and the effective implementation within a company.
The implementation of RegTech tools simplifies and helps companies to manage and exploit existing data, facilitating the best decision-making and finding in real time those who are not following the regulations.
Finally, the author points out that technologies and innovations give rise to more efficient regulation and compliance processes.Footnote 23
For RegTech to function properly in areas such as KYC and AML, which are the most structured applications to date in financial companies, proper data management must be had, implementing structured data under provisions and rules, using mechanisms such as predictive analytics and machine learning, which help identify inside information, threats and information that may be suspicious and related to fraud and financial crimes, as well as the use of privileged information and misconduct, all of which are collected through data exchanges in the network, such as telephone calls, exchanges in emails, commercial transactions, among others.Footnote 24
As the authors Tom Blutler and Leona O’BrienFootnote 25 point out, for the proper management of KYC and AML, a traditional approach of technologies has been used that seek to transform and map the regulation of legal provisions through rules in software codes. However, this can create a solution called “black box” since violations of the regulation may be presented by the client that are not encoded in all its variables. That is, the commission of a certain conduct may be codified, however, there is not only one way to commit it. Hence, when coding it, it generates multiple existing combinations which cannot be entered in the code for the same act, thus some fraudulent behaviors could not be properly avoided.
In this sense, Nizan Geslevich PackinFootnote 26 says about the problem, “it requires a carefully tailored design of the technology, a joint effort of the regulators and the private sector, and some shifts in corporate thinking.” Therefore, the application of technological tools should not be carried out in isolation, but in tune with the entities and the needs of the private sector and insurance companies.
Under this scenario, there must be an agreement and joint effort between the companies interested in the application of RegTech tools to improve their compliance in relation to KYC and AML and both public and private entities, such as, in the Colombian case, the Chambers of Commerce and DIAN, where they were able to unify the information to a single database, which by implementing tools such as predictive analytics, AI, among others, facilitate the prevention of the commission of crimes and provides sufficient knowledge for companies before carrying out the respective hiring or underwriting.
In addition, the legislator must also consider whether there are limitations for each entity to transfer its information. In this sense, it is necessary to analyze the total legislative panorama of each country to determine the extent of the integration of registers. It is not a question of the elimination of a particular record, since each one seeks the satisfaction of specific objectives, but of a consolidation of information that is complete, updated, and truthful, based on the existing data.
One of the main problems for a correct implementation of the proposal is the proper handling of the data, as it does not only refer to a few of them but to big data, that is, “data that contains a greater variety and that is presented in increasing volumes and at a higher speed.”Footnote 27
Among the main challenges that regulators faced and that the Single Business Registry that arises could have is the management and processing of the big data. However, it is at this point where the different regulators must work in tune with FinTech and Insurtech tools, determining not only the information that is considered relevant for its adequate treatment in line with the proposed objectives, but also the ideal means to collect it, such as through the expansion of the necessary information in the Single Tax Registry, or that which is registered at the time of the renewal of the Commercial Registry or other existing registry systems in the country. For this, regulation is necessary that not only guarantees the implementation of the appropriate tools, without limiting them, but also flexible to the changes necessary for proper operation.
In this sense, an adequate management of information resources and the data themselves is a potential agent of change and transformation for KYC and AML, which paved the way to the introduction of the concept of Know Your Data (KYD), since it is not only a matter of the insurance companies having an incalculable variety of information in their bases, but of the proper use given to it. Therefore, if this information is in the hands of the industry at a general level, efforts in the fight against laundering can be strengthened while reducing certain compliance costs and guaranteeing regulatory compliance of companies.
In this way, by implementing the Single Business Registry for insurance companies, with the goals that have been previously noted, compliance is achieved, which means acting in accordance with internal rules, regulations, laws, and procedures. Thus, when it is indicated that a company is compliant, this means that it complies with the regulations that the regulatory bodies impose, depending on the activities undertaken by it.Footnote 28
For its fulfillment, it now depends to the respective body of each entity responsible for making decisions to implement the information in the Single Business Registry after it has been created, to prevent money laundering and obtain sufficient internal controls for normative compliance and its specific purposes.
The importance of the proposal is given because having an adequate RegTech through a Single Business Registry facilitates the KYC, which provides security on the legality of the clients. However, this has an important precedent in the Financial Action Task Force (FATF), which in 2007 published an important document that addresses market risks, how these should be managed efficiently, as well as the mechanisms to establish minimum due diligence parameters with the client.Footnote 29
Aside from sufficient documentation as support and presence in the registry where insurance companies have access to, it is important to bear in mind that adequate KYC policies must contain the following:
Customer acceptance policy
General identification requirements
Specific identification issues such as: trust accounts, corporate vehicles, business presented, client accounts, political persons, clients not present, and correspondent banking
Continuous account and transaction tracking
Risk managementFootnote 30
In this sense, both banks and insurance entities implementing RegTech policies must seek to sufficiently know the identity of their clients, control the activities they carry out, and take into account their account information to determine the transactions that are not within their normal business or those that are expected for the type of client or account. In this sense, the KYC is a necessary element in risk management and control, and it is essential that it is supported by compliance evaluations and internal audits.Footnote 31
Finally, as an additional aspect for a possible RegTech implementation in the insurance area, in 2018 the IV International Congress of Insurance Law was held in Colombia, where the Financial Superintendence of Colombia, the body in charge of regulating the country’s the financial market, announced that it will launch three tools that aim to promote and seek to facilitate innovation in the financial system, namely:Footnote 32
The hub, which acts as a meeting point for entities so that those interested in the FinTech sector can exchange information.
“La Arenera,” which through a control environment and in real time, facilitates the development of products, technologies, or business models.
Finally, and with special relevance for this work, the aim is to implement RegTech, aiming through its use, by the Superintendency, to streamline and optimize internal processes in regulatory matters, thanks to the use of technological developments.
By implementing RegTech tools, the Financial Superintendency, in tune with the chambers of commerce, could exchange their information and generate a complete source of information that can be consulted by those interested. Thus, not only would it provide companies with an adequate KYC, the same superintendence could also more efficiently exercise its supervisory function, seeking compliance with the regulations by all insurance companies.