With increasing complexity of compliance regulations and consequent fines from Regulatory Authorities – as well as an increase in fraud and money laundering – organisations across gambling, finance, insurance, and the legal sector, among others, are having to carry out more enhanced due diligence (EDD) checks. Unfortunately, with manual processes, this has meant they have had to hire more analysts, have seen their costs pushed up, and their profit margins squeezed further. Software that can help with the enhanced due diligence process is crucial. However, with numerous EDD software solutions in the market, it can be a problem to know and understand which one is best for you. In this article, we pick apart the core elements of a successful enhanced due diligence investigation so you can better evaluate a software provider’s offering.
Enhanced due diligence (EDD), as the name suggests, is a necessary step when it has been confirmed that simple due diligence isn’t enough. Due diligence, and then EDD, can take many forms, and needs to be done for different reasons. For example, industries regulated by the Financial Conduct Authority (FCA) have Know Your Customer (KYC) compliance requirements as a result of anti-money laundering regulations and directives stemming from UK and EU legislation. In other cases, there aren’t legal obligations to carry out due diligence and EDD, but still compelling moral, reputational, ESG and economic reasons. For example, businesses will want to vet suppliers against modern slavery issues, exposure to possible bribery, and to discover general trustworthiness / business viability data.
Whether you are carrying out EDD for compliance purposes or to simply understand more about a supplier, there is a common thread: enhanced due diligence is an investigative process that requires you to aggregate data across multiple data sources, filter it, organise and analyse it, then prepare reports that justify your decisions. Software helps to do this more efficiently; however, if a software platform only helps store results, send reminders to do investigations, create risk management rules to use in your search but, leaves you having to do all – or most – of the actually data gathering, filtering and reporting manually, it means it is only a case management system, and is just one part of the puzzle. You need to look for a solution that can actually automate the investigation process.
Different data sources provide different insights into individuals or businesses that can be used to evaluate and discover hidden risk. For example, if an individual was flagged for making a number of large deposits, reviewing their LinkedIn profile and job title might suggest that they shouldn’t have access to these sums of money, but open source intelligence might reveal that they recently received an inheritance. Similarly, if they gambled over a certain limit and it is necessary to check their affordability, that person’s home postcode might suggest that they cannot afford the amount they are gambling, but financial data might reveal that they are in fact a high earner.
Besides the incredible number of commercial data sources available from businesses like LexisNexis or Experian, there are consented sources, consumer and open source. In fact, in many regulated industries recommended best practices suggest that an EDD compliance investigation should now include open-source data, as well as data from third party providers.
The Gambling Commission Compliance and Enforcement report states:
“Open-source information is an important element of an affordability framework because it is a parameter to consider when setting benchmark triggers that will drive early engagement with customers.”
In summary, as multiple data sources are essential for EDD and manual aggregation is error prone and time-consuming, any solution provider should have the capability to offer automation across multiple disparate data sources.
Every investigation is different. For most large businesses their decision making relies on data from upwards of 7 or 8 different sources in order to assure themselves that they have applied the correct level of professional due diligence. Therefore, while you should not only look for a solution provider who can automate over multiple datasets, you should go a little further and ask if they have a data agnostic approach to the data sources they aggregate.
A data agnostic approach means that they are not limited to a fixed number of data suppliers but will work with you to ensure all the data you need for each and every kind of EDD investigation you do is aggregated and can be automated. This way you maximise the amount of automation is your investigation and can get increased operational efficiency.
If it is the latter, you may find that you can indeed have seamless automation across their datasets, but then have the time-consuming headache of trying to integrate crucial information from other sources manually.
As we mentioned, multiple data sources are key to any investigation because each of them reveals different information. But searching different datasets is just one part of an EDD check; aggregation and analysis of the findings to detect links between entities across the different results, is equally important.
It is imperative, therefore, that, rather than just allowing you to set up workflows on each data source as a silo – in effect act as just a portal – any automation solution is able to carry out automated aggregation and data collation across all your data sources, whilst also visualising the associations between the entities and reveal hidden links. In other words, give you a unified, holistic view of your EDD subject and eliminate the need to spend the time to manually read through each set of results to identify links.
When you carry out enhanced due diligence, it might be that there is a “smoking gun” that can be found from a search. However, an investigation is a complex and expensive matter and so it is likely you want to instead take a risk-based approach. In industries which are regulated we have confirmation that this is the recommended way – the Financial Action Task Force (FATF) expects that a risk-based approach for AML checks is used, rather than a tick box approach.
Any software provider should therefore offer the ability to set up sophisticated risk assessment rules. But for a rule to successfully assess risk, it has to be able to do so other multiple datasets as one, as each data source will have its own impact upon a risk profile. If not, and your risk assessment workflows can only work on each data source individually, it means you will have to do all that scoring work manually.
As part of compliance requirements, you need to present a report with evidence to support your decisions.
You should therefore ask yourself if a solution provider can automate report preparation in a standardised fashion with all activity logged to the appropriate standard. If this investigation might result in legal proceedings before the civil or criminal courts, you will need to have heightened levels of auditing capability governing the data sources interrogated, the person conducting the search and on many occasions the grounds for processing the data.
In more complex investigations, it is likely that you will need to follow up on possible links between entities and build out a trail. Integrating that additional information into your original search can be extremely difficult, but crucial to your EDD check. Ideally your provider’s solution will be responsive and scalable enough to allow you to automate that process, offering the tools to update your results seamlessly – in real-time – and get visualisations of the impact of your new variables on your overall investigation. This may be the ability to conduct follow on searches linked to the earlier findings, or it might be the need to monitor ongoing changes for that particular business or person.
We all know that EDD investigations are exceptionally time-consuming and a burden for your analyst team. Any solution provider will tell you their solution is best, but how much time can they give your analysts back to focus on decision making? This is the key measurement.
If you’re in doubt as to how much efficiency a provider might bring, challenge them to provide you with a free pilot or ask to speak to their references. Many tools sold in the UK were not built or designed with UK legislation in mind. As such make sure to check with you InfoSec and Data Protection teams prior to processing reports on your client base to ensure that you know where the data is coming from, how it is being stored, how long it will be kept for and what can be done with it if any part proved to be inaccurate.
While the real savings and efficiencies lie in their ability to offer a genuine aggregated automation experience across all your chosen data sources, there are other questions you might want to ask:
Knowing how to choose the right technology to help create operational efficiencies and gain better insight for your EDD checks and investigations can be complex and confusing, especially when there are many software providers in the market. However, you should ask yourself the question: Does this help me complete an investigation with as few, or ideally without, any manual processes? If you don’t get a satisfactory answer, you should be looking elsewhere.
Synalogik’s software platform, Scout®, is a one-of-a-kind automation solution for EDD compliance checks and investigations. Scout® integrates Synalogik, internal, open source and out-of-the-box most 3rd party data providers, allowing you to seamlessly automate search and reporting across all the datasets you use, not just the ones included from your existing solution provider. Our 3rd party integrations include Equifax, W2 Global, LexisNexis, Creditsafe, TransUnion, and many more.
In addition to our third-party integrations, Synalogik offers a comprehensive package of our own data, enabling greater insight and the capability for organisations to discover risk, meet compliance needs and protect themselves from fraudulent actors more quickly and cost-effectively.
In 2022, we secured a Series A investment from Bill Currie and former Tesco CEO Sir Terry Leahy and, among other awards, the Queen’s Award for Innovation. Our current customers include Hasting Direct, Entain, Betway, BetVictor, Buzz Bingo, AIG, Marble Arch insurance, and the Insolvency Service, among others.