By Jay Rao, Co-founder of KYC Hub.
The war in the Ukraine brought a slew of sanctions from across the globe, creating a spider’s web that continues to be recast, is both complex and powerful, and gets added to and changed all the time. What’s more, if any part of the web is damaged or has gaps, then its overall value and strength is compromised. And just as all spiderwebs are unique, so are the sanctions chains each company must build.
The integrity of any sanctions chain is built on its data, and that is where one of the key fundamental issues lies. While organisations such as the European Banking Authority (EBA), or any other national equivalent, might lay out guidelines for 200 different risk factors that should be monitored, they don’t necessarily state that every organisation follows that guidance. Our experience often suggests it is less data points, rather than more data points, that are tracked. And even then, if some of those data points include hard to find data, the likelihood is that there is more likely to be a data gap, rather than a doggedly tracked down data point. If, indeed, the data can be tracked down.
The simple truth is that some data is a lot easier to find than other data. For example, if you are looking for company data in the UK, it is a fairly simple process to interrogate the Company Register at Companies House. It is high quality data, clean and largely up-to-date. For other countries, this can be a very different proposition. There might just be very little data, if there is data it might well have gaps, and there might be no data at all on what, if any, associated entities there are.
Back to the Companies House register in the UK. It is a single, central database, whereas if we take the US, each state has its own register. It is much easier to find data on listed, large companies than shell or private companies. Most often such data searches for harder to find data are executed manually, although using a bot to search would be far more efficient and likely more successful.
The challenges can seem endless. As well as company data, sanctions require a lot of data about individuals and their associates. Again, this can be easier said than done. If you hold good company data, then it might be relatively easy to track how individuals are associated or not associated with companies. If we are looking at Bob in Company A, good data might flag that Bob is also associated with Jo and, depending on the sanction chain, we will be able to determine if that association requires further interrogation. With poor or gappy data, we simply might never even get to hear about Jo.
So, you need to be asking if your tracking solution is able to monitor millions of adverse media sources to discover potential risks using the latest AI techniques. Using AI, rather than more manual approaches, ups the game and offers the capability to perform enhanced due diligence for high-risk customers. It also provides a much more holistic view of customer risk.
Sanctions also change, they get updated, people and entities can just as easily be taken off sanctions lists as they can be added. The same person or entity can have different sanctions in different territories. A person might also be known by different names in different territories. Sanctions on the same entity or person will be enacted at different times by different countries and regulators. All of this needs to be tracked and kept up-to-date. It all needs to be updated in your systems and sanctions chain. Decisions are taken hourly, daily, all the time. It’s relentless.
The reality is that the number of data sources is enormous, data timing is all over the place, data scarcity is a fact of life, and somehow, it all needs to come together into a single place for each company, in its own unique way. One caution is that a lot of data solutions are point-in-time checks, so will only flag someone on a sanctions list at the time it is interrogated. This doesn’t reflect the changing nature of sanctions we’ve already talked about.
Better to ask the questions of whether the solution updates its data, say every 15 minutes, has an audit trail, and takes a dynamic risk-based approach. Does the solution also have the ability to use natural language processing (NLP) techniques to check unstructured data? What about the ability to leverage sophisticated image processing algorithms to analyse videos, match facial biometrics, detect spoofing and determine ID document authenticity?
Good decisions are based on good data – but we live in a world of known and unknown data gaps, a world swamped with lots of different systems and methodologies, and an unkempt swamp of spreadsheets. What chance does a company have to really know the quality of the data chain?
The answer of course lies in transforming the approach by using advanced technologies and techniques now at hand. Bots, NLP and other types of AI for tracking down the data, and AI for extrapolating the data and turning it into intelligence. Using technology to get a dynamic, real-time view of your customers, suppliers, employees, partners or any other entity of interest, you can discover those hidden connections and proactively manage impending risks. Can this be done now? Can light be shone on the data darkness? Yes, it can.
Subscribe to our newsletter
