With increasing complexity of compliance regulations and consequent fines from Regulatory Authorities – as well as an increase in fraud and money laundering – organisations across gambling, finance, and insurance, among others, are having to carry out more enhanced due diligence checks. Unfortunately, this has meant hiring more analysts, pushing up costs, and putting a real burden on profit margins. Technology that can help with the enhanced due diligence process is crucial. However, with numerous technology solutions in the market, it can be a problem to know and understand which one is best for you. In this article, we pick apart the core elements of a successful enhanced due diligence investigation so you can better evaluate a provider’s offering.
Enhanced due diligence (“EDD”), as the name suggests, is a necessary step when it has been confirmed that simple due diligence isn’t enough. EDD can take many forms, it may need to be done for different reasons, and even has several different names within different industries. For example, regulated Financial Services providers and gambling operators have “KYC” compliance requirements as a result of anti-money laundering regulations and directives stemming from UK and EU legislation. In other industries, there aren’t legal obligations to carry out due diligence and EDD, but other compelling moral, reputational, ESG and economic reasons. For example, in the insurance sector when validation and the potential for fraudulent claims needs to be risk assessed. In other situations, businesses will want to vet suppliers against modern slavery issues, exposure to possible bribery, and to discover general trustworthiness / business viability data.
Whether you are carrying out EDD for compliance purposes or to detect fraud, there is a common thread: enhanced due diligence is an investigative process that necessitates the need to aggregate, gather, filter, organise, and analyse data, then prepare reports that justify your decisions. To perform this task efficiently, software is required – whether it is data gathering automation software, data cleansing to filter out false positives or analytical tools to show you links between data sources – that help with this process.
A platform that helps store results, send reminders, create risk management rules to use in your search is valuable, but, if it leaves you having to do all – or most – of the above things manually, it means it is only a case management system, and is just one part of the puzzle.
Different data sources provide different insights into individuals or businesses that can be used to evaluate and discover hidden risk. For example, a person’s home postcode might suggest that a customer cannot afford the amount they are gambling, but their financial data would reveal that they are in fact a high earner. In the same way, an insurance claim might appear legitimate but then a search of Companies House might show that they recently had several failed businesses or an association with a company that is in fact the supplier of services in the claim.
Besides the incredible number of commercial data sources available from businesses like LexisNexis or Experian, there are consented sources, consumer and open source. In fact, in many regulated industries recommended best practices suggest that an EDD investigation should now include open-source data, as well as data from third party providers.
For example, the Gambling Commission Compliance and Enforcement report of 6th November states: “Open-source information is an important element of an affordability framework because it is a parameter to consider when setting benchmark triggers that will drive early engagement with customers.”
As multiple data sources are essential for EDD, any solution provider should have the capability to offer automation across multiple disparate data sources.
Every investigation and every business are different. For most large businesses their decision making relies on data from upwards of 7 or 8 different sources in order to assure themselves that they have applied the correct level of professional diligence. Therefore, while you should look for a solution provider who can automate over multiple datasets, you should go a little further and ask if they have a data agnostic approach to the data sources they aggregate.
A data agnostic approach means that they are not limited to a fixed number of data suppliers but will work with you to ensure all the data you need for each and every kind of EDD investigation you do is aggregated and can be automated. This way you maximise the amount of automation is your investigation and can get increased operational efficiency.
If it is the latter, you may find that you can indeed have seamless automation across their datasets, but then have the time-consuming headache of trying to integrate crucial information from other sources manually.
As we mentioned, multiple data sources are key to any investigation because each of them reveals different information about a name, phone number or email address. But searching different datasets is just one part of an EDD check, aggregation and analysis of the findings to detect links between entities across the different results, is equally important.
For example, if you are investigating an insurance fraud and searching for information around the claimant, victim, and the repairer ecosystem, you may find the car had been owned by them both before, that they live on the same street, that they attended the same school, or that there are similar directorships or addresses.
It is imperative, therefore, that, rather than just allowing you to set up workflows on each data source as a silo – in effect act as just a portal – any automation solution is able to carry out automated aggregation and data collation across all your data sources, whilst also visualising the associations between the entities – in doing so, allow you to join the dots and more easily discover hidden links. In other words, give you a unified, holistic view of your EDD subject and eliminate the need to spend the time to manually read through each set of results to identify the links above.
When you carry out enhanced due diligence, it might be that there is a “smoking gun” that can be found from a search. However, an investigation is a complex and expensive matter and so it is likely you want to instead take a risk-based approach. For example, it is not financially viable for insurers to carry out EDD manually on all their claims, therefore they will risk score based on certain criteria first before moving to EDD. In industries which are regulated we have confirmation that this is the recommended way – the Financial Action Task Force (FATF) expects that a risk-based approach for AML checks is used, rather than a tick box approach.
Any solution provider should therefore offer the ability to set up sophisticated risk assessment rules. But for a rule to successfully assess risk, it has to be able to do so other multiple datasets as one, as each data source will have its own impact upon a risk profile. If not, and your risk assessment workflows can only work on each data source individually, it means you will have to do all that scoring work manually.
Whether you are trying to meet compliance requirements or investigate fraud, you will be required to present a report with evidence to support your decisions.
You should therefore ask yourself if a solution provider can automate report preparation in a standardised fashion with all activity logged to the appropriate standard. If this investigation might result in legal proceedings before the civil or criminal courts, you will need to have heightened levels of auditing capability governing the data sources interrogated, the person conducting the search and on many occasions the grounds for processing the data.
In more complex investigations, it is likely that you will need to follow up on possible links between entities and build out a trail. Integrating that additional information into your original search can be extremely difficult, but crucial to your EDD check. Ideally your technology provider’s solution will be responsive and scalable enough to allow you to automate that process, offering the tools to update your results seamlessly – in real-time – and get visualisations of the impact of your new variables on your overall investigation. This may be the ability to conduct follow on searches linked to the earlier findings, or it might be the need to monitor ongoing changes for that particular business or person.
We all know that EDD investigations are exceptionally time-consuming and a burden for your analyst team. Any solution provider will tell you their solution is best, but how much time can they give your analysts back to focus on decision making? This is the key measurement.
If you’re in doubt as to how much efficiency a provider might bring, challenge them to provide you with a free pilot or ask to speak to their references. Many tools sold in the UK were not built or designed with UK legislation in mind. As such make sure to check with you InfoSec and Data Protection teams prior to processing reports on your client base to ensure that you know where the data is coming from, how it is being stored, how long it will be kept for and what can be done with it if any part proved to be inaccurate.
While the real savings and efficiencies lie in their ability to offer a genuine aggregated automation experience across all your chosen data sources, there are other questions you might want to ask:
Knowing how to choose the right technology to help create operational efficiencies and gain better insight for your EDD checks and investigations can be complex and confusing, especially when there are many providers in the market. However, you should ask yourself the question: Does this help me complete an investigation with as few, or ideally without, any manual processes? If you don’t get a satisfactory answer, you should be looking elsewhere.
Synalogik’s software platform, Scout®, is a one-of-a-kind automation solution for EDD checks and investigations. Scout is data agnostic, integrating internal, open source and out-of-the-box most 3rd party data providers, allowing you to seamlessly automate search and reporting across all the datasets you use, not just the ones included from your existing solution provider. Our 3rd party integrations include Equifax, W2 Global, LexisNexis, Creditsafe, TransUnion, GBG and many more.
As every customer has their own investigation requirements, it inevitably means that they end up using additional datasets outside of one single solution provider and any automation isn’t seamless. Our open approach means it is possible to have more complete automation across all your datasets, delivering greater efficiency and insight.