GBG In conversation with Phil Creed

Phil Creed talks to Darnell Walker about the impact the increasingly sophisticated regulatory landscape is having on customer due diligence, AML compliance and onboarding.


I'm Darnell Walker I’m here with Phil Creed talking about KYC, AML and onboarding. Thanks very much Phil for joining us.

No thanks for having me pleasure.

So I guess one of the first questions I wanted to ask you today is what's high on the regulators agenda right now in terms of KYC, AML and onboarding in your opinion.

So the regulator has got a lot more sophisticated in their approach to AML, CDD and onboarding, now the regulators asking more probing questions such as your how does your scorecard work are using sort of facial recognition technology.

Do you understand how that works and another thing is who you use for PEPs and Sanctions checks and again, you know a bit of time ago you know just saying you did PEPs and Sanctions checks was probably enough or you said I've got an 80% fuzzy logic setting.

Now actually what the regulator wants from you now is to explain how that 80% actually works and do you test it and so I'd say, you know, the regulator is becoming more sophisticated and as such firms need to become more sophisticated if they’re not already doing so.

That leads me quite nicely on to you sharing your experience of

working with companies around the multiple matching or two plus two regulation?

What you are see now or what you’re seeing probably about five years ago come in was this sort of waterfall effect where firms were setting up and saying Okay. Well, you know, if you don't get your two plus two match against credit reference agencies say Equifax or whatever and then let's try the next one eventually you will of course pass that threshold.

The issue with that is and I know it’s an issue that you guys are trying to solve, is that actually the underlying data to this is probably the same and to get a true two plus two match the underlying data needs to be different and you need to understand sort of the provenance of that data.

And so I think what you guys are doing or trying to do is certainly welcome.

What are the implications of understanding the pass/fail, refer decisions you are seeing from maybe a more granular technical perspective?

I suppose the key challenge is making sure why the customers or the financial institutions are making these decisions.

We see a lot of startups, for example, go to someone like you guys and sort of implement the default scorecard on data and again, it's their responsibility to understand what that scorecard does and so you need to understand why it passes, why it refers why it fails there's no one-size-fits-all or this.

Through your 12 years of experience you must have seen the good, the bad, the ugly. So what would you say are the pitfalls that you've seen with companies when they set up their identity verification processes?

So there's probably two main pitfalls if I was going to articulate this.

If I am a Fintech company and l start up, what's my goal in life is to get

as many customers on with my businesses as humanly possible because that's what drives the value whenever I go back to venture capital firms

or whatever to get more investment.

I have got one million customers or whatever that's sort of what they put the value on and then they get that investment and then they focus on getting more customers but they don't focus on the ongoing compliance that's required for the customers that they already have.

So typically what we see is when these firms get five or six years old, there's a requirement that they should be like redoing KYC data on a risk-based approach, but for the sake of argument every year every two years, typically resource gets focused on getting new clients all the time and not maintaining their requirements on the old side.

The other issue is that these firms want to scale they start in the UK or Ireland or Europe and then they want to move sort of somewhere else or take over the world and that's fantastic but the data as you guys know, is it pretty good in the UK It's probably better in the UK than most other places.

However, once you go to Germany, Italy, it's just not as good, you know, or it's different and you need different procedures. So that's one of the key challenges that you’d see firms having.

What have you seen that’s worked well and you'd say that's the shining light and the beacon that others should be out there trying to follow.

Listen, with all the new technology, I think what's really really good, it's really customer-focused and so with everything that you see like Monzo's really easy sign up to. Tide is really easy for business customers so improving that customer journey is brilliant, that’s the purpose and that's why we're all here, to say like this is brilliant or this isn't brilliant.

I can only really talk with fundamentals of what people should be doing and should expect which is understand what your data is articulate that in your policies and procedures and make sure it meets the regulations.

That's what good CDD onboarding should look like in conjunction with making sure you give your customers a really good experience.

Well, Phil, I really appreciated speaking with you and thank you very much for the insight and the time that you've given us today.