Rethinking “know” in “Know Your Customer”

To keep up with increasingly stringent anti-money laundering regulations, merchant service providers are investing massive resources to create robust and comprehensive Know Your Customer programs.

The problem: Current KYC programs focus almost entirely on the physical, rather than the digital, aspect of an entity. In a world where nearly every organization has adopted an active online identity, current efforts are no longer enough, especially when it comes to ecommerce and mcommerce merchants— whose offline profiles are minimal.

Merchant service providers, including banks, need to be aware of the increasingly-pronounced divergence between current KYC analysis and the reality of the digital world.

Knowing digitally is different knowing

KYC regulations almost completely ignore digital identity—as opposed to physical identity.

Digital identity comprises websites, domain registrations, email addresses, URLs, social media footprints, content and images, payment page functionality, personal and corporate names, and much more. In the age of ecommerce, digital identities represent inseparable parts of core customers’ identities. Virtual identity means much more now.

The problem is, existing KYC procedures are simply not designed to delve into digital identity or examine what constitutes “knowing” in the digital world. As a result, merchant service providers are faced with stringent, yet increasingly inefficient demands when it comes to AML compliance.

For example, say a corporation that provides documents showing that it’s registered in the U.S. has a non-U.S. telephone prefix on its “Contact Us” page. Most KYC procedures would not even raise an eyebrow.

If the company’s domain is hosted offshore, and it uses an untraceable Gmail address for its primary contact, KYC teams wouldn’t notice.

In fact, even an actual line of business of such an online entity can easily slip through the cracks. A company can report and present initial evidence that it sells shoes, yet in reality run an entirely different and possibly illicit business—selling pharmaceuticals.

What makes this issue even more complex: While facing regulatory compliance, merchant service providers face tough competition and must also satisfy their customers, who increasingly demand quick onboarding. Lengthy and complicated screening can sacrifice competitive edge.

Transaction laundering: danger you don’t see

Within the broad scope of money laundering, a key danger for MSPs in the digital realm is transaction laundering. Transaction laundering occurs when an unrecognized business leverages an approved merchant’s payment credentials to process payments for products and services that the merchant service provider is not aware of.

To get an idea of the extent of the phenomenon, consider the following statistics:

• Transaction laundering accounts for roughly $155 billion a year, according to estimates.

• Of that, transaction laundering for illegal goods accounts for approximately $4.6 billion a year.

• There are roughly 270,000 potential transaction launderers selling goods and services that are unknown to MSPs.

And these estimates are for the U.S. alone.

Moving KYC to the next level

To improve the efficacy of KYC procedures and lower the liability and risk associated with transaction laundering, MSPs need to take their relationship with merchants up a notch. They need to get a full picture of digital identities of their customers and to know them and all their associated activities—in the truly digital sense of the word.

Here are some suggestions:

1. Expand your KYC program from offline to digital.

Obtain advanced cyber intelligence solutions that can allow you to discover the actual identity of each merchant and their true business activities.

2. Define each customer’s digital presence level.

Once you have a grasp of this, you can weigh their digital profiles against the traditional KYC profiles, and decide which merchants warrant further investigation.

3. Dial up today’s periodic KYC review procedures to digital speed.

The digital realm moves faster than the physical realm. Automatic review procedures should be updated to reflect this. A physical office may not switch locations every week—but a website can easily do so.

4. Don’t reinvent the wheel.

If your AML teams already have solutions for Customer Identification Program, ID validation, account opening workflows, data gathering forms, risk formulas and risk calculation, then establish new layers on top of these existing procedures.

5. Remember mobile.

Mobile is a huge part of digital commerce, with unique considerations and methodologies. Don’t leave it out of your KYC programs.

The bottom line

The same caution that MSPs apply to merchant onboarding needs to be extended to the digital realm. By adding a comprehensive digital element to physical vetting procedures—analyzing digital fingerprints as well as brick-and-mortar equivalents—merchant service providers can stop transaction launderers in their tracks.

About the author

Ron Teicher is CEO of EverCompliant, a provider of transaction laundering prevention solutions.