(PODCAST) KYB – A business verification and onboarding conversation

Listen to the first episode of the DataSeers series on everything about payments, data, AI, and FinTech. The DataSeers Chief Seer Adwait Joshi and Tom Hunts, Director Market Planning – Business Risk Management at LexisNexis Risk Solutions are talking about how to avoid common mistakes during onboarding, best practices to adopt, how the COVID-19 fraud cases could have been prevented, and more. Listen to the podcast and get the answers you need.

The series are moderated by Shae Gentile. The episodes are produced and edited by Bobbie Dimitrova. Let us answer your questions in our upcoming episodes. Share them in the comments section below or email us at info@dataseers.ai.

Shae Gentile: Welcome to our series “Everything Related to Payments.” Joining us today we have our guest, Tom Hunt, who is a Director of Market Planning and Risk Management at LexisNexis® Risk Solutions. We also have Adwait Joshi who is a Founder and CEO of DataSeers which is a company focused on helping FinTech and Banks in Taming the Data Demon®. We offer platform as a service that assist with reconciliation, compliance, fraud, and analytics. First off, Tom, I waned to ask you what brought you to LexisNexis® and specifically why did you choose to focus on KYC (Know Your Customer)?

Tom Hunt: I have been with LexisNexis® for about 10 years now. Prior to that, I spent about 20 years at the Commercial Credit Bureaus. For me, it was a really interesting role to get into at LexisNexis because they have so much more better figures and so much more different sorts of activities. They are not just like the traditional Credit Bureau trying to answer the question: “Are we going to get paid and when?”. They are looking at all kinds of things about business entities and people behind them, and really to help your customers understand who those businesses are to start with. How long have they been there, do they own any property, it is a much broader landscape than just: “Are they going to pay me on time”. For me it was an exciting challenge. At that time, when I joined LexisNexis®, they were really just beginning to kind of getting into the commercial space. Lots of activities around consumers, compliance, collections, around individual people but they were just the various sort of front end. To be a part of that, to kind of drive that growth over the past decade has been a lot of fun. As it relates to Know your Business in particular, that is a space where I think we can have such dramatic impact on a client’s business, just in terms of helping them automate solutions, to automate processes, and to really help them find businesses that would otherwise be really, really difficult for them to even just onboard. Even if they were doing it manually. Never mind how much time that takes, but just being able to do it, being able to find those companies that are out there and bring them on board. It really helps to drive commerce, and helps those small businesses get access to capital and get access to expertise that they otherwise wouldn’t probably get access to.

Shae Gentile: Adwait, what is your relationship with LexisNexis?

Adwait Joshi: The relationship began with HPCC really and if you look at what we do as a busines and what LexisNexis® does as a business is very similar. We capture different types of data; we assemble them together and then we provide value back to our clients. Lexis is focused on public data and information around individuals that is publicly available, we are focused on private data, transactional data, and fraud data where somebody maybe exhibiting a behavior that is fraudulent. We have to collect a lot of data from a lot of different pieces and bring it back together. If you look at HPCC systems, it is pretty much the base of what Lexis is built on and it is also the base of what DataSeers is built on, makes perfect sense. Using HPCC systems, it also makes a lot of sense that we integrate with Lexis. Maybe some of our customers may require services that Lexis offers. If you provide a single interface, a single API interface into our application and we can do everything from onboarding, ongoing, account closure, Escheatment, that is the true account lifecycle. So, you don’t have to go and work with multiple vendors, you work with one and we are the ones who partner with the best in the industry in the back side. It is great relationship, we love it, and there is lot more to happen in the short future here.

Shae Gentile: Straight onto onboarding. What common mistakes do people do during onboarding?

Tom Hunt: There is a number of pitfalls when it comes to onboarding commercial entities. Think about a small business. Often times the information surrounding that small business is fragmented all over the place, there maybe information that’s connected to the business owner’s residence, there may be information that’s connected to the operational address, they may be using their social security number as a tax ID of the company, they may decide to just habitually calling themselves something that’s slightly different and, when they apply to open an account, all of their records have a different business name or a slightly different business name. And you see all that kind of things all the time. When we work with clients around setting up and onboarding type of process, KYB process, the first thing that we like to do with them is just some really comprehensive testing. How’s this all going to work? If we have a good test data to work with, we can then build strategies around that test data, we can kind of know how everything is going to play out in terms of production. So, that’s number one. Number two, when you start to think about, when we start to work with some of that test data, often times they get very excited because we’re telling them that they are going to be able to onboard these clients, these customers of ours without a human being haven’t to touch anything. Yes, well Gosh, how often can we do that. Well maybe 75-80% of the time, you can do that. Which to them is kind of unheard of a lot of times, just being able to sort of automate a workflow that way. The operational guys get really excited about that but then the compliance folks feels like we hand them the keys to the Ferrari. And the compliance folks coming behind and say, you can never take that out of the second gear. Because they will say things like “we have to verify the tax ID of that business”. That’s just not realistic with that kind of data because we do the best we can with that kind of data. We’d like to think that we have more verifiable tax IDs than anyone, apart from the IRS, but to have a rule that says “you got to do that” in every case just makes it really, really difficult. Finding the right strategy, finding the right balance, not coming, and approaching that situation like you would in those manual environments, is critical. Just being able to understand what is it that they are really trying to do, we are trying to form a reasonable believe that we know our customer, and we are trying to create a process that is consistent across our business and that we can document how it is that we came to know that customer. That means, maybe if we’re going to automate these situations, like in any circumstance that you may automate, think about a simple metaphor like having a fireplace vs. having a furnace. It’s different. How you operate that is just different. Trying to retrofit all those same rules that you used to have in a manual environment, doesn’t always work. Some of them workout just fine but others – don’t. You’ve got to bring a new mindset to that. You got to test, you got to understand how the testing performs, and then you got to bring a different sort of mindset. At the end of the day, what you end up with is a process that is automating the maximum amount and creating the least amount of friction for your customers except for that friction is really necessary. There’s something that doesn’t look right here, there’s some fraud markers that are being triggered here, there’s something else that just doesn’t make sense, that’s not lining up and so in that way we have a program that is automated as much as we can, but that has integrity that can stand up to fraud attempts, that could stand up to audits from compliance officers, and thigs along these lines. What we are really striving for is to strike the right balance.

Adwait Joshi: I have a follow up question there. Do you ever get asked by the compliance departments to justify a decision that was made by the engine? Or if you are validating some information, do they come and ask you where did that information come from, and what do you do in those cases?

Tom Hunt: Frequently we get those questions and sometimes we have to roll up our sleeve and just dig into the data. Sometimes it is fairly intuitive in terms of what’s happening, how come this verified when it doesn’t quite match what we sent on the input. There is some fuzzy logic that may be at play there, or we get questions like: “Is this the legal name of the company?”. The way that we approach that is, there could be a lot of names that are all legal. We have to look at what is going on with all that and help understand the nature of what they are dealing with. Sometimes we have to go back and sort of recreate what actually happened here and how did this actually verify or why didn’t it verify in some cases. But that is just a matter of digging into the data and digging into the logic of our systems and they calculate different values and thigs like that. Usually those can be pretty enlightening experiences for our clients. They come to know their customers’ data better, they come to know the tool that they are using better and have an appreciation on how we have made decisions along the way. We have a logic in our system whereby if you give us the right address, business name, city, and state but the wrong zip code, we are still going to be fine with that. We are going to tell you that that looks great. Or, if you give us the right zip code but the wrong city and/or state, the zip code is going to overwrite. We are going to say, yes, that looks fine. So, we have had clients that are saying, well you are telling us that this is verified but we gave you stuff that is wrong, how can you do that? And we always come back and say, that is part of what we are here to do, help you overcome limitations, ambiguity and typos and those kinds of thigs, and what we are saying to you is, our best understanding if the regulation is you have to form a reasonable believe that you understand who your customer is, and so given that, you’ve got all of this other stuff that’s right and you’ve got that little part that’s wrong, what we’re saying is, OK, that’s not unreasonable. That is not unreasonable to make that assumption. You may disagree and we may give the mechanism to say, we are not going to allow those through, if you want to stop those, that is fine. But we built our system to anticipate those kinds of issues in the incoming data streams and so we do not have to stop them.

Adwait Joshi: So basically, what you are telling them is: “Welcome to the world of AI.” We are looking that you are making a mistake, but we know that it’s just a common mistake and it’s not something that you should really fail them on, they are going to make those corrections and send back the corrected information to you.

Tom Hunt: Right. And again, technically, you are right. We are telling you something is good. We also let you know that there is an error that you might want to correct but we are not going to fail that inquiry just for that.

Shae Gentile: That leads into our next question. Is there a best process when it comes to onboarding?

Tom Hunt: There is and, I am biased, but I think we have it. A: We are going to look at a business entity and up to five people simultaneously. When we are talking about wanting to verify the folks that are representing themselves as the beneficial owners of this business, we can look at them all together and tell you whether or not there is people that are connected to that business all in a single API call. We’ve also recently built out different modules where you can add on. Ok, maybe this is a lending platform , once someone is verified you want to get a credit score on them as well. OK, we can add the credit score to that process as well, so it’s all done at ones. The more that we can do in a single pass back and forth in a single call, in a single API call, we think the better. Not very long ago in order to verify the business and the person was all separate calls, and no link between the business and the person. Today we ca do business going against all our sources letting you know whether or not they are good at the Secretary of State, as well as verifying them and all that kind of information comes back all at ones. And what it really enables is an automated workflow that you can make decisions and checking a bunch of boxes at ones as opposed to having all of these separate calls that you have to make.

Shae Gentile: What about beneficial ownership? How do you establish that?

Tom Hunt: In the US it is hard because if you want to own a company in the US anonymously, it’s not very difficult. It is so easy to create structures that the person cannot be found. What the regulators have determined around this is that the Financial Institutions (FIs), the regulated FIs actually don’t have t verify the status of that person. What they do is the FI’s are required to ask that individual who the beneficial owners are, they attest that, the FIs essentially can take their word for the fact that they are in fact beneficial owners, and then they have to verify these individuals. What we do is we go a little bit further than that, we are scanning all of that information that we collect on businesses, we are getting it from over 10,000 sources and it’s coming all the time. In an average day there are 2,000 million updates to all these files, it’s a constant living breathing animal. When you ping against that database in a moment in time, what we do is interrogate that information to see, ok, we have got an inquiry here, we are trying to verify Tom’s auto body and we see that Tom Hunt has been suggested as an authorized representative of that company. Oh, yes, we see Tom Hunt in a Secretary of State file, we see Tom Hunt in the USS filing, there’s a business license here that we see Tom Hunt’s name on, we see Tom Hunt from the Commercial Credit Bureau as listed as an officer and his title there is owner. We see all that information so we are able to come back to you and say we think that Tom Hunt is likely an owner or at least an employee of this company, we can say that with a reasonable amount of assurance, if he weren’t, he wouldn’t be in all of these places, in all of these different data records and sources, so that’s how we do that.

Adwait Joshi: One thing that I have seen, especially if the people want to conceal a company, and you are right, if someone wants to conceal a company in the US, they can, they very well can. There are new industries that are popping up especially around cannabis. Where there is a dispensary, and it is a legal dispensary. A lot of people are trying to come up with a way to identify the dispensary I am looking at is legal or it is not legal. It might be doing business right in front of you, that does not mean that they are legal. Because there are so many things that happen there, so the person that is leasing that building may be leasing it with some other purpose and running a dispensary there. There’s so much complexity when it comes to that part of data. It is almost is like a rabbit hole where it keeps on going and going. How do you solve that issue?

Tom Hunt: I would say it is hard. We probably do not do that perfectly. What we do better than anyone else is connect people to businesses with all of those sources, and all of that linking technology that we use to resolve both person and business entities. Let us unpack that for a minute. We start each day just on the business side with about 80 billion records. If we are to create a unique business profile for every unique set of data every profile whatever there is some variation within that data, we’d have 450 million businesses in the database. That’s a ridiculous number because there are only about 30 million businesses in the country. That tells us that there is a lot of ambiguity, there is a lot of overlap, there’s a lot of variation around the same business. Same thing with people. We are going to be able to follow those people and those businesses. Just because you marched down to the Secretary of State, spin up a new LLC, doesn’t mean you get to evade your previous derogatory history for the past 20 years, because you reinvented yourself for a $120 at the Secretary of State office. We are going to make sure that what we are linking is connecting all of those dots on businesses and on people. And we take it at the next step further, really just over the past couple of years, we have always been able to do this at some extent, but we have really come a long way in the last few years in terms of being able to connect people to businesses and businesses to people. We’ve done that for a client, where if they give us a list of people, they’re going to send us a list of million people, and then we are going to be able to tell them for those million people here is how many of those people we have as owners or at least executives at businesses. Guess what, for the restricted industry kind of application, now we’ve got this guy who has a legal marihuana business but he also has these other three companies that may be he is moving money through. He’s got this other cash business, maybe he’s got three other restaurants that he owns. For our clients that have relationships with him and those restaurants they might not know that he also has this marihuana business here on the side. That’s part of how we help to make them aware that is through all that linking being able to say, this guy also owns these other four businesses. It may not even be marihuana, it may not be prohibited or restricted in any way, it may just be, we got a lot of exposure here to these three businesses that we did not really know we are connected to the same ultimate relationship.

Adwait Joshi: It’s funny, I’ll mention this, that we always talk about money laundering and one of our advisers, who is actually a LexisNexis® employee, Arjuna, always mention that for our employees watching the show Ozark should be considered educational material.

Tom Hunt: I remember when that show started and was thinking this is a show about my work life.

Shae Gentile: In the wake of COVID-19, we know about all the fraud that happened, how do you think this could have been prevented?

Tom Hunt: I understand it. The Department of Treasury, the Government was really in a panic that there’s all these people, there is exodus of people just leaving on offices, and setting up working from home, and what’s going on to people. People are afraid to go to restaurants, they are afraid to go to bars, they are afraid to go anywhere, and it gets really, really hard. Respect the idea that our gov wanted to try to just inject some capital into our economy and instead of sending people to unemployment, they say hey, “Let’s just keep everyone on a payroll, let’s protect that payroll, let’s subsidize that payroll, even though you are not working, you are still going to get paid, or maybe you are not working as much, we are not going to let people go.” I respect that and we were in a big hurry to kind of get that going but haste make waste. What ended up happening was the requirements for applying for that loan were very, very thin and the risk for fraud were entirely taken off by the government. So, the banks, the folks that are approving these loans, they didn’t even have much skin in the game, they didn’t even have anything to lose, they didn’t have any due diligence they needed to really apply. They needed a sort of look so they can make sure that you really do have employees, and that you really were a business, as of February 15th but beyond that it was really easy if you could create documents that are forgeries, or you could somehow get through the filtering process seemed to us to be pretty thin. We did do, and I suspect that, on the back side of this there going to be some audits, and some regulators that are saying “Hey, wait a minute, what happened here, you guys have a lot more fraud than other folks do?” There may be some really difficult questions. I sort of imagined at some point there is going to be row of financial services companies answering questions to congressmen how you let this happen. I hope that maybe we can help prevent some of that. I think that what we saw, I am sympathetic toward the idea of lets just try to get this money out, but maybe if there were few more fraud checks here and there it could have done a lot to stop some of that or prevent some of that.

Adwait Joshi: I second that because lot of what I have seen happening in the recent past is that the regulators are hitting these banks with due diligence, they are basically saying that you don’t have a good due diligence going on, you got to enhance it. That kind of brings me to the next question. We have floated this idea around our company, let us build an ultimate scorecard. Most of the FinTech companies that are starting today, want to be the new banks, want to be the challenger banks, or want to be the next biggest lending company in the industry. More and more younger people are getting involved in starting businesses. I saw a metric somewhere that said that if you are 30 and you haven’t sold a business yet, it’s too late. But you have all these young billionaires out there and they do amazing. But the question that comes is with this young age, also comes a little bit of inexperience of “I don’t know if I am onboarding the customer correctly”. As a business owner, if I were to start doing something, I want all the customers because that will mean I will make so much more money. So, I am going to let my door open, let everybody in, and just expect that nobody is going to steal. That does not happen. We have floated around this idea of an ultimate scorecard, can there be such a thig where something could be done, you just close your eyes and onboard this customer and there is almost a 100% certainty that it’s Kosher. The information is right, it’s not being sent by somebody else, I know it’s not going to commit fraud, etc. I wanted to ask you what your take on that is?

Tom Hunt: I love the idea and I think we will get there. As I start to think about the questions, and just sort of my framework, what are the answers that need to get answered in that process and how we can answer those questions with a minimal amount of friction for that customer that’s ultimately applying and step up that friction and there’s something that looks like it’s off. That’s what we are aiming at and so I mentioned earlier, talking about a ultimate sort of process for looking at the business, all of that information, looking at the people behind the business, looking for is there any connectivity between them, but to go further to say, you know what, that’s all maybe easy enough to fake because you can get a business name and address just by doing a Google search. It’s not that difficult. You can spend a little bit of time and can learn enough to pretend like you are associated with a business. It is not that tricky. We got to go further into where’s this transaction coming from, who’s this transaction coming from, are we comfortable with that, can this device that this transaction is coming from some way be linked to either the person or the business that reports to be applying. How can we be comfortable? Ok, they got the information right, but how can we feel comfortable that we are talking to the right person. Is there any evidence that this person’s identity has been compromised? So we look for things like is this a real business, is this a real person, we do or don’t see any connections between the business or the person but as it turns out this is a person that according to all this data that we have, apparently live in an address with 3.500 other people. Apparently that person has 75 SSNs, something is not right there. So, we look for those kinds of markers as well. Or we’ve seen this business and this person combination or some variation of this combination 175 times in the past four hours. That’s not normal behavior so we are looking for anomalies in velocity, in a profile, in relationships and connectivity, device and digital identity. So, what we are doing is working towards a model that incorporates all of that incrementally. Before we even collect any information, where is this device coming from. They say they’re coming from California, but they are really in China. Maybe it is enough to say, OK, we’re done, stop there, we are not going any further vs. OK that all looks good, they give us a little bit of information, everything flows through and we don’t do any fraud triggers, we don’t do anymore additional checks, everything looks OK, we just continue, everything sails through the happy path.

Adwait Joshi: One of the thigs that Shae asked earlier was what do you have to do with LexisNexis®. LexisNexis® has so may product lines, so many acquisitions. What companies like us are thriving to do is that there are hundred data points but the person who is trying to onboard does not know about all those, and at the end of the day he doesn’t care about all those. Do we really need to go and tell them, you need to use A, B, C, D or just say, “Don’t worry about it, send me your data, I will take care.” And that is the ultimate scorecard I was talking about. What we are trying to build is do not worry about onboarding just send me that data, we know where to go, if I need to check a device, I will check it, if I need to check a phone number, I will check it. You do not have to worry about it, you don’t have to send me multiple API requests. I think LexisNexis® is perfectly positioned to have all of those points, do have all of the data, maybe coming from different entities but that’s what we can connect those dots, and that’s why this partnership is so powerful in my eyes because we are at the front end, and all we are doing is tapping into the mothership for that information that is required.

Tom Hunt: What good does this do to have that information if you don’t have access at the moment when you need it?

Shae Gentile: Thank you for joining us.


Leave a Comment

Your email address will not be published. Required fields are marked *