Skip to the main content.

5 min read

The ever evolving data challenge for effective Customer Due Diligence

Highly regulated institutions face many challenges now that there is an increased need to “know” their customers. Typically, companies need to go deeper and broader with onboarding, monitoring and AML investigations, driving up completion times and often requiring a need to focus on quantity over quality. Technology has begun to play its part to drive innovation with these operations, but itself can be limited by a number of factors, including data.

When it comes to data, high risk jurisdictions (and therefore high risk customers) often come with complex challenges too. Gaining access to reliable, accurate and up-to-date content on lesser-known entities and individuals is difficult. Added to that, the task of translating multiple local languages and determining the relevance of local data sources can make a difficult task seem like an impossible one.

We spoke with Arachnys’ VP of Strategic Accounts, Mike Cerillo about what he sees happening at some of the world’s largest and most regulated institutions in the current climate, what firms are doing to address these issues, and what areas leave room for improvement.

How has Coronavirus affected the financial crime space from your perspective?

Mike Cerillo

Mike Cerillo, VP of Strategic Accounts

Beyond the most obvious effects that are common to all sectors, I think one of the most interesting things in our space is that in many ways it is a micro-reflection of the financial crime landscape over the last decade or more. The initial shock of regulation in the wake of the financial crisis created short term behaviours in the banking industry, where achieving regulatory compliance to avoid fines was a mandate “at any cost”. Once initial stability had been achieved, typically via increased headcount as the path of least resistance, there was space to try and address KYC and AML challenges with a longer term view. Now global organisations are continuously looking to reduce headcount with efficiency and effectiveness in mind, as well as the introduction of technology.

In a similar way the shock of coronavirus necessarily led to some short term reactions from global organisations as they tried to cope with an unforeseen set of circumstances. Combined with a sudden halt to face to face meetings, communication between customers and vendors was initially adversely affected, which of course from our perspective was completely understandable.

However, now that the situation has become more normalised, and given the practical and logistical constraints that the pandemic has catalysed, we have actually seen a reversal of that behaviour in the main as global organisations see an opportunity to focus on technology as a solution to operational processes that are still sub-optimised and harder than ever to perform effectively. It’s quite possible that innovation through technology may actually accelerate as a by-product of Coronavirus.

So how can regtech vendors best serve financial institutions in the “new normal”?

This was already happening before Coronavirus, but in my opinion the last couple of years has seen the market become much more crowded, and as such regtech vendors have become more realistic and willing to work together for mutual benefit with mutual customers.

Previously, a smaller number of vendors were competing to sell unilateral solutions in an immature market, which meant that messaging was often very similar and solutions were hard to define accurately from between customer and vendor. Given that large organisations were facing new problems and struggling with the buy vs build dilemma at the same time, this created problems in the customer-vendor dynamic because, just when large organisations acknowledged the need to adopt technology to solve their challenges, they were also becoming sceptical of it.

Now, I think all regtech vendors appreciate the need to be part of the solution rather than the only solution, which lends itself to an API-first approach on our side in support of a “buy and build” approach from the banks perspective. Moreover, regtechs are more willing to partner and play to their individual strengths now, which should be reflected in more targeted messaging and ultimately a bit of clarity from the buyer’s perspective.

In general I think both buyers and sellers in this market have learnt to understand both the pace of change and the size of the problem, which is leading to better solutioning all round. What this requires of course is trust and openness, which I also believe is improving but always has room for more!

What data can institutions rely on with regards to customer due diligence (CDD) analysis and research?

From a data perspective companies will approach CDD in multiple ways depending on the use case, but the overriding ambition remains the same…How can I get the highest quality data with the least amount of effort to best understand the risks to my customer base?

This applies to both internal and external data, and innovation is being driven in both areas. We concentrate on external data, which for onboarding and periodic review in particular means helping customers access independent sources and premium content providers to validate customer information. For Corporate Investment Banking basic entity information is enriched with data and documents from local corporate registries, stock exchanges and regulatory websites first, with any remaining gaps plugged via reputable secondary sources. Accessing the data is one challenge, but orchestrating and organising it in a digestible way also matters.

In the wider investigative space, such as transaction monitoring investigations and enhanced due diligence, institutions will also use premium content providers, which are good but tend to be much stronger in English language and Western media content. Use of these services is suited to certain jurisdictions and use cases, but sadly there are still a lot of holes to plug for organisations with a global customer base.

As such, almost every large organisation will use a search engine such as Google as well, and usually much more than they would prefer. Google clearly has the widest net and the best search algorithm on the market, which is what makes it the default alternative, but it has a lot of drawbacks for risk-related research precisely because it wasn’t built for it. SEO, fuzzy-matching and localisation techniques are just some of the factors that make Google excellent for casual browsing, but really frustrating for the financial crime investigator.

As well as false positives and “noise”, trusting the signals you find through Google can also be a pain. One primary issue is the reliability of the content. Politicians and other high-profile individuals will pay to whitewash online content or bury bad news stories so they are harder to find. We’re also seeing a big presence of fake news outlets. The amount of content that people have access to with Google is huge, but the ability to verify it as independent and reliable is very challenging.

All of this means that often you are not getting a true and fair view of your customer, which in turn raises huge issues for investigators who are trying to find what’s not obvious, or what’s not on the first page of Google. You have to independently build a knowledge base of reliable sources and target those.

Finally, what trends do you see for the industry going forward?

In-line with the above and the quest for quality of data at speed, I think banks in particular, but in time all organisations, will continue to want to rely on google less for risk research and lean into specialised risk-relevant data sources. At the same time corporate registries are becoming more accessible and technology providers are committed to improving the quality of all available data using a variety of techniques and AI to enrich, sort and orchestrate knowledge into a single intelligent entity view. As well as helping organisations understand their customer risk “at a glance”, this should also support horizontal data use and re-use across large organisations as they strive to operate less in silo’s and more from an entity centric perspective.

Even more importantly perhaps, automation and integration are key goals across the board as institutions look to achieve real-time monitoring of customer risk inside their own architecture. As a nod to the pace of change we spoke about, a good example of this is in the KYC space. A couple of years ago we were providing technology to control and guide analysts through the KYC process in a way that augmented the effectiveness of large teams, but now the whole industry is driving towards full automation and Perpetual KYC which will significantly reduce headcounts and completely take the manual work away from analyst’s fingertips