Improving customer risk assessments to drive a competitive advantage.
More and more companies need to complete formal customer due diligence, and other compliance and risk assessments. Whether it is an ecommerce marketplace embedding financial products, or a major retailer introducing Buy-Now-Pay-Later, or companies supporting B2B payments: in each case, companies need to make robust and replicable customer due diligence and monitoring, often in an automated way.
At the same time, customer expectations continue to increase. FinTech – both consumer and business facing – have revolutionised the consumer experience. People are used to sophisticated personal finance apps with exceptional consumer experiences. If anything, the pandemic accelerated this: customers expect to be able to do everything online, taking advantage of the latest technology; and, having experienced that, they are very unwilling to return to the slow, manual, document-driven process that characterised many traditional compliance and risk processes.
However, at its core, these processes are largely unchanged. Making an assessment requires evaluating the data you have from an applicant, and the data you can access from external sources, and evaluating that outcome according to your policies. The key to making better decisions lies with having more and better data; and for compliance and risk professionals, the great news is that the latest fintech innovations are helping to unlock and activate more data than ever before.
Compliance and risk professionals will be familiar with the data sets they typically use in the course of making a decision.
In the first place, they are required to assess the “validity” of the applicant. In the UK, the FCA requires every financial provider to carry out a “Know your customer” process, although they do not dictate what checks should be carried out. Instead, each company will have its own policy to evaluate each applicant against – although at a minimum they must check anti-money laundering lists and will want to perform some sort of identity and address verification.
In many jurisdictions, lenders will need to assess “affordability” (what the applicant can reasonably be expected to afford). Again, there is no fixed formula for determining this, but the types of data that would be used to make that decision would include things like bank transaction analysis or accounting analysis.
Finally, lenders and insurers will need to perform a credit check, to understand a customer’s willingness and history of servicing their loans and obligations. In fact, credit reports are a tremendously rich source of financial data – particularly for lenders belonging to a Reciprocity network – and they are often used as a “source of truth” to verify other data, particularly customer-provided data.
However, there are also numerous other data signals that a compliance or risk professional might want to use: after all, more data makes for better decisions! For example, when lending to a small business, you might prefer to extend credit to companies with better customer reviews, as that indicates a more satisfied customer base. These public and alternative data sources are often very useful in linking together different data sets and helping to screen out ineligible prospects sooner.
Innovative new technologies continue to unlock and activate these additional data sets. A great example is Open Banking, which provides a digital means for a customer to share their bank transaction data, superseding manual statement processing. We’re seeing start-ups focusing on making payroll data available; and in the near term we expect other data sources, such as tax data, to be accessible too. There is a steady stream of new entrants unlocking and activating previously sealed datasets – so many, in fact, that keeping up is a challenge in itself!
In the UK and Europe, we’re fortunate to operate under the aegis of GDPR. Widely hailed as the gold standard of data governance legislation, GDPR has brought greater clarity to how data is accessed, shared, used, and managed. In the customer due diligence world, the guiding principle is consent: individuals provide their consent for you to use their data to make a decision.
This provides a great rule of thumb for thinking about different data types. Public data sources not requiring consent can be used freely to enrich and augment any customer-provided data. Data that requires consent is typically used to verify the data that you already have. As a rule, these verification data sources are more expensive too.
At Sikoia, we use this exact same framework ourselves. In fact, we think of three levels of data: enrichment, verification, and score:
When making a compliance or risk decision you may need to use data from across these different levels: you will want to gather as much additional data as you can, verify that the data you have is correct, and (in a lending scenario especially) score the risk of default.
However, a moment’s thought about the need for user consent (or involvement) and the potential cost of accessing each record – not to mention the need to follow best practice when accessing credit bureau data – shows that it is not just a question of requesting all this data at once and trying to get the most value out of it. Equally as important is the ability to orchestrate this access to be as efficient and as user-friendly as possible. Decisioning professionals typically talk about their “waterfall” and how they sequence and optimise their data requests; at Sikoia, we also think of “tiers” of functionality that use different levels of data to match different levels of scrutiny.
For example, consider an on-boarding process. At an enrichment level, you can access public sources to see that an applicant isn’t on a sanctions list and works for who they say they work do. Using Open Banking, you can verify this further by checking their bank transactions for evidence of a salary or other income; and leverage the bank’s on-boarding processes to augment your own. Finally, a credit bureau can be used to check all the data that the applicant provided. Performing the necessary checks is relatively straightforward, the key is orchestrating access to the relevant data sources to meet those policy requirements efficiently and with minimal user friction.
More and more companies are having to implement formal counterparty risk assessments, whether that’s customer due diligence of full credit decisioning. Fortunately, new providers are unlocking existing data silos, making it easier for companies to access the data they need to make competitive decisions. But this just surfaces a new set of challenges for companies to deal with, particularly how they keep on top of innovative suppliers – and how they can preserve a great customer experience. It’s companies who use a single unified data layer, that allows them to orchestrate these processes and extract the maximum value out of each individual data source, who have been able to turn their decisioning into a competitive advantage, and who will win this race.
If you find onboarding, monitoring and risk assessment processes to be inefficient we can help.
%20(2).svg)
