On Wall Street, you are only as good as your last trade.
In banking, you might only be as good as your latest customer’s reputation.
Sound far-fetched?
Consider Know Your Customer (KYC).
Now, let’s extend the links in the chain just a bit: Know Your Customer’s Customer.
A recent whitepaper by G2 Web Services, titled “Why Reputation Monitoring Matters for Strong KYC,” found that manual searches for consumer complaints and negative news about banking customers has its limits. Automation can make a proactive approach to risk monitoring a bit easier.
In an interview with PYMNTS, Jane Hennessy, head of External Alliances at G2 Web Services, noted that for entrenched financial services players, a captive customer base can suddenly not be so captive anymore, and reputation matters in an era of increased regulatory scrutiny.
“Financial institutions do not want to lose their franchises,” she told PYMNTS. Upstarts, marked by speed and technology, have been nibbling at traditional banking relationships with consumers. As a result, banks have become aware of their reputations, whether based on customer service or product innovation (or both) as a key point of leverage in keeping (or losing) customers.
Here’s the rub: Just as consumers pick and choose among the banking services they want, comparing and contrasting what’s on offer, finding the right fit for them, so too can (and must!) financial firms. There may not be safety in numbers. That is, banks shouldn’t fill their customer base with just anybody.
Picking and choosing customers? What bank would turn down business? “You need to turn a careful eye and establish what your risk tolerance is,” Jane Hennessy argued. Some banks are conservative, and others will take more risk. In addition, they must be careful they do not have businesses in prohibited categories — “which we wind up finding all the time,” said Hennessy of G2 Web Services, which offers solutions geared toward complaint-monitoring and news-monitoring.
A prescription, of sorts, would be this: Banks should observe what their customers are doing, what their customers’ reputations look like and if there is news about those customers that might warrant a closer look. All of this is what the bank examiners will be monitoring too … eventually.
There are certain red flags that might be early indicators of risk. “We find that declining reputation of the company, when you are seeing lots of complaints, is often a leading indicator of fraud,” said Hennessy.
Other red flags can be triggered by a bank finding out in what businesses customers are really engaged. Banks must be mindful of the fact that often firms operate in multiple businesses, and banks can inadvertently misclassify customers.
“Misclassification? Chalk it up to not asking enough questions,” said Hennessy, or perhaps the bank is in a hurry to get an account open, in place and on the books. This can happen even when a prohibited category list is in place. She offered the example of a firm categorized as a hardware firm. “When I think of hardware, I think of hammer and nails,” she told PYMNTS. But this firm was “blatantly selling high-powered, military-grade weapons online. Not what was in the bank’s tolerance and risk profile.”
Or a firm that was classified as a catering business and certainly was serving food — but at an adult entertainment venue. Then there is the pet store selling not just puppy chow online, but marijuana too.
“You really need to get down and dig down deeply into what that company is doing, not only when you onboard them, but what they are doing on an ongoing basis,” she cautioned PYMNTS. The digging may reveal that it’s not the bank’s customer that’s the problem … in fact, the risk may lie with the customer’s customer.
A bank using a payments processor for payroll may be “on the hook” for that processor’s customers.
This is not to say that KYC becomes KYCC with 18 CCCs down the line. There’s a fairness factor involved here in vetting who is doing what. And, further, some regulations are taking shape that make such oversight easier. As an example, Hennessy noted the recent debut of NACHA’s third-party sender rule, which took effect at the end of September. The rule mandates that financial firms originating ACH transfers must identify and register their third-party sending customers with NACHA.
The Consumer Financial Protection Bureau (CFPB) also has its value as a risk-monitoring source, she commented, as do state and local government agencies. Further due diligence comes with the Financial Crimes Enforcement Network’s (FinCEN) beneficial ownership rule, which, in 2018, will mandate that banks verify who owns the companies in their customer bases.
Banks running due diligence would do well to move beyond standard practices and embrace robust and technologically automated solutions. Hennessy told PYMNTS that “I talk to lots of bankers, and they will say, ‘Oh, I sit and Google all day long.’ They will also say, ‘I do not really know what I am looking for.’”
“That hardly smacks of efficiency,” she noted, when trying to size up risk within a bank’s customer portfolio. “You really need skilled people,” Hennessy said. Against that backdrop, G2 employs (and deploys) data scientists, algorithms and machine learning to conduct such research efficiently. The ideal practice is to run the data and have a human pair of eyes in place to weed out false-positives.
“Data is only as good as the source, and you have to take a holistic approach and dig down,” she said.