As much I want to focus on global events, news from Pakistan about banks failing KYC/AML & compliance keeps emerging. This screams about the incompetency of regulators in the country and what the institutions make of their policies. In my previous article, I tried to explain the rent-seeking behavior of employees due to using the age-old manual KYC methods. The irony is that most banks don’t bother to do it at all. This clearly tells why we are still listed in FATF’s infamous greylist.

The news that made me write again is of a Pakistani Bank that’s not only a trendsetter but a trend setter in branchless banking. The bank is owned by a sovereign fund, and is abused by its employees. Last week, it was investigating fraud of its employees for stealing 514 million rupees in loan frauds.

What shocked me more is the media coverage of this event; it only enhanced the branding of the company. Instead of focusing on the reasons behind the fraud, they focused on how much the bank is worth and how much equity it had. There was no mentioning of how such fraud can impact users’ (clients’) deposits.

But media is media — one can’t argue the fact that they are for-profit; they won’t show the details due to fear of losing ads from a giant.

Let’s talk about something that the media missed; it was reported that 14 employees created fake profiles to avail loans, exhibiting classic RENT SEEKING behavior. The amount mentioned is significant and begs the question that how come it was this easy? Their technique was so lame that it would easily rejected by any potential script on Netflix TV for a South Asian heist.

The answer is simple: the bank failed to introduce KYC/AML processes digitally. The bank didn’t bother to integrate mandatory digital identification. They were using a paper form that is extremely easy to cheat.

This puts a big question mark on the performance of regulators who earn big and do nothing. Just look at the number of penalties imposed by SBP on the country’s major banks. Hefty penalties make the banks toe the line, otherwise they ignore AML/CFT guidelines and focus on their profits.

In Pakistan, FI’s and Microfinance banks are using manual KYC process. Compliance officers are usually in cahoots with the frontline employees. Antique computers in banks are enough to understand the lack of seriousness in implementing technology. Compliance & anti-money laundering departments exist only because the regulators require these.

There is no framework on introducing digital KYC/AML procedures. If they are put in place, the banks will incur less cost. Also, the users could use mobile phones and laptops for their banking needs.

SECP is making some progress in defining AML/CFT procedures. SBP has tools in place but there is a clear lack of implementation. With NADRA’s digital identity in place, a smooth and enhanced customer onboarding is possible under strict rules, not only for banks but for officers found involved in rent-seeking actions. The banks using third-party RegTech and FinTech tools for identity verification & KYC/AML process can be availed to speed up onboarding cutting cost.

Considering the magnitude of this the bank needs to rebuild its goodwill. By putting in place strict guidelines and a swift plan can help prevent such events in the future.

The bank in question has been unlucky to get caught in the act; it’s a very common practice in Pakistani FI’s and firms , revealing to the world just enough that how flawed the country’s financial ecosystem is.