Knowing your customer (KYC) is only part of the battle in making sure payments — and just about everything else tied to a business — are secure. In fact, KYC is but one of a long string of acronyms on the checklist for businesses across verticals, and here’s another one: know your business (KYB).
KYB — in other words, knowing the business with which one is transacting — also takes center stage, especially in an environment in which companies are expanding globally.
In an interview with PYMNTS, Zac Cohen, general manager of global identity verification service Trulioo, said due diligence is crucial in an ever-changing environment, but where it often breaks down is through third parties. There’s a need for strong internal controls with a constant eye on compliance issues, which also shift depending on markets or business structures.
“Regulators ask the same exact questions, as do compliance officers, as do business owners, as do all stakeholders” when it comes to due diligence, he said. Namely, where are the gaps? What are the unknowns or inadequate business practices that are in place that could, without any ill intent, link a company with money laundering, terrorist financing or other nefarious activities?
“I’m always surprised by how the use cases diverge,” said Cohen of FinTech firms and financial services. But, in adopting what he said is a risk-based approach to transactions — where low-risk transactions do not get the same level of scrutiny as do high-risk ones — “you need to constantly be updating due diligence processes and have a flexible approach to ensure that you can manage the changing environment,” which may be changing due to external forces, such as new regulations, or concurrently, to internal forces tied to changing customers or new markets.
The due diligence gap widens where there’s a single mindset or mechanism that operates company-wide, where the methodology is rigid. That’s why technology is such a great addition “to that [risk] conversation, as it gives you the flexibility to approach those different challenges within [the] same business, but across different environments,” he said.
Compliance officers are no longer back-office individuals who simply check boxes, he said. Instead, compliance and risk teams are now front-office, C-suite-level, strategic decision makers in companies. The questions of what is being built and how is it going to work must be viewed through the compliance apparatus. When looking at how to solve problems in market strategies, Cohen explained, “You have to understand that what you need to do today might not be what you need to do tomorrow.”
Among its own customer base, Trulioo seeks to find “similar and congruent scenarios.” In these cases, when an account is opened, the company will want to ensure an individual or business is legitimate.
The idea of customer due diligence (CDD) is changing as businesses tap new markets. The evolution over the past five to 10 years has come to a point that, as Cohen put it, “I do not know of a single company that is not thinking … ‘Why don’t I take advantage of global customers as opposed to ones that are just in my backyard?’”
Consumers may take the globalization of payments — and the movement of money — for granted, but complexities are enhanced for businesses facilitating those payments.
“Baseline mechanisms to understand who you are dealing with are much more complicated and wrought with potential nefarious activity and fraud,” he explained.
The best ways to combat those pitfalls lie in having a single system that can control all facets of a company’s global compliance operations, said Cohen. When monitoring individuals globally, “you can use that data to constantly improve, and leverage machine learning and [artificial intelligence (AI)] for” how one detects fraud and verifies individuals.
But again, hypervigilance is key. There’s also the ability to mask corporations as an individual transacting with the intent to hide bad actors and actions. Nowadays, he said, there are micro-merchants and innumerable “new and nascent companies.” Robust due diligence understands exactly what a business is, if it is active, when it was created and “whether it is on any of the sanctions or watchlists.”
In anticipation of ultimate beneficial ownership (UBO) rules taking effect next year, it’s crucial to verify the owners of a company. Cohen said enhancing due diligence has its challenges — chief among them is gaining access to relevant data.
“Acquiring this information is very difficult,” he said. “If you put yourself in the shoes of a compliance officer and a business when a UBO structure lands on your desk, where do you start? It’s very difficult to find,” Cohen said. Compliance officers are often searching across multiple areas trying to piece information together. “Humans add a lot of strong value in terms of discerning what is risk and making those decisions” once that data is acquired, but there’s always room for mistakes.
Automating the process saves time and money tied to mistakes. That comes especially as there are UBOs that span countries, where the level of detail of information can vary, and “they are not walking into your bank branch,” he said. “These are not people you stare in the face,” since most interaction now is done in cyberspace.
Having data in one place means individuals can be defined through KYC and KYCC (know your customer’s customer) processes within the same platform and at the same instant, “instantly verifying in real-time that the information is accurate and exists is just an incredible leap forward to be able to process complex due diligence information.”
When a scenario has been graded as high risk, users of Trulioo’s offering can get the original documentation and, through machine learning, can standardize the information. That means they can easily review it to gather up the “nitty gritty details … it’s a one-two-three punch that allows our customers to review these types of information very thoroughly and quickly,” Cohen explained.
In fact, Cohen told PYMNTS that “knowing your customer is not enough anymore.” Shell companies, for instance, can be established to hide nefarious activities — “not always, of course, but it can happen.” Knowing who is in control of a company is, in effect, knowing with whom one will transact. KYCC is the highlight, as “it is hard to fathom how complex these structures can be.”
As for the environment at large, “we are going to see constant regulatory [environmental] change,” he said. “No one should ignore that, and nobody can know exactly which way it’s going to go. But intensity and scrutiny [are] rising. There are more checks to make, processes to be involved and the fines of noncompliance are just going to get more and more extreme.”