One of the first steps in compliance is simply verifying the customer’s identity, according to Bert Friedman, vice president of compliance at Nearside. As a provider of small business banking products, Nearside supplies the data control and security that enables its customers to be verified when conducting transactions.
“The biggest challenge is ID verification: knowing who our customer is,” Friedman said.
The digital age has added to the complexity involved. In the past, opening an account with a financial institution (FI) involved face-to-face interaction. Now many account holders may not even know the physical location of their FI, and there may never be a physical interaction with the bank. In addition, with customers potentially operating in various regions, Nearside has to be aware not only of the requirements under federal law but also of what state laws apply to its customers.
Finding a Balance
Ensuring that Nearside can verify customers accurately requires managing multiple, overlapping databases, Friedman said. While that can lead to duplication, it helps to ensure against missing information. Even the most comprehensive single database may accurately identify applicants just 80% of the time, particularly when dealing with small businesses that may have only existed for a short time before seeking banking services.
Even then, Friedman said there is still a balance to be struck in terms of cost. Any system can be made tighter or more exact, but at some point, the degree of improvement is unacceptably small compared to the added cost.
“It’s always a trade-off, and I think the conversation isn’t static. It has to be an ongoing conversation,” Friedman said.
What is cost-prohibitive today may not be tomorrow as technology continues to evolve. In addition, a measure that may not have seemed necessary in the past can become necessary in the future as changes in the marketplace or in criminal behaviors shift the focus on securing services against bad actors. Nearside is constantly evaluating cost and efficacy to ensure that efforts are properly balanced, Friedman said.
The User Experience
Tim Wu, head of growth at Nearside, said organizations must balance security and compliance needs with the user experience. When working with small businesses, that goes even deeper than having a user-friendly interface. It also means ensuring that Nearside can meet customers where they are in terms of the platforms and software they are already using to run their businesses.
“Just giving them different options for getting us the documentation that we need to verify them in different ways is very helpful,” Wu said.
He explained that he has worked at companies in the recent past that still required some documentation to be submitted by fax.
“How often are you even anywhere near a fax machine these days?” Wu said.
Better Risk Mitigation Through Technology
Technology continues to help Nearside mitigate risk in a customer-friendly way even once the customer has completed the application process, Wu explained. Automated systems help look for red flags in customers’ transactions and behaviors, adding a layer of security in case anyone slips past the verification process. Such systems can be designed to examine data with a higher degree of finesse than humans can, yet manual intervention ensures that humans are always in control of the most important decisions.
Friedman said automation is significant in making large amounts of data manageable.
“It helps in just winnowing that firehose-worth of transactions down to at least a controllable flood,” he said.
Addressing Regulatory Lag
While technology is making compliance easier, it is also complicating regulation. As a former federal regulator, Friedman said he is very familiar with how slow regulation can be to catch up with technology — with regulation often being a decade behind, he said. That leaves a significant gap for companies trying to stay on the cutting edge. On the one hand, they have to mitigate against immediate risk, but they also have to anticipate future regulatory developments. Retooling systems can be costly if a company takes a mitigation path that falls out of compliance with future regulations.
Compliance is not just a matter of knowing what is but also one of anticipating what may be, Friedman said. Every company involved in financial services must be risk-based, and the risk profiles of two companies, even ones operating in the same space, may not be the same. As a result, compliance is a constant cycle of identifying, assessing, mitigating and monitoring risk.