Should banks go alone in the fight against customer financial depredation? The answer lies in the multi dimensional collaboration that banks are ready to establish with their customers and with the banking industry at large on a per customer basis. Actionable
awareness of the customer, the customer's business and the ecosystem as a whole determines the level of success in bringing about a wholesome threat mitigation plan. KYC is often treated as a one-time activity and not as an ongoing exercise to maintain the
bank's consciousness of a customer, an important sliver of which can be used as a vaccine to protect the customer and in turn the bank's reputational existence. The KYC done during customer on-boarding just serves to introduce the customer to the bank. Ongoing
KYC is about knowing customers inside out by continuously watching their transactions to help the bank form its threat perceptions and keep them realistic. But this buildup of transactional profile needs time. What if the bank wants to activate protective
measures from the word go? Customer registration tools do not stress enough on the capture of primary control data that can be recorded during customer enrollment.
Banks are anxious to keep the client registration process within predefined time limits in order to quickly empower them to present payment orders. This is seen to compromise with the quality and depth of payment preference profile that gets created in the
client file. One of the evolving best practices is to assess profile strength at the end of the client emergence process. This is similar to password strength that is shared with a customer to help determine if the password provides adequate protection. On
similar lines, a bank can indicate to the client if the profile allows enough control parameters for the bank to be used in validating if payment orders are in alignment.
How much is enough?
How much of payment preference data should be collected during client registration? There is no definitive answer to this but with a little effort, payment disposition can be categorized into broad heads that can help the bank decide and even share with
the client, if the bank has gathered enough about the payment subscription profile in order for it to create specific early warning rules for the client. Some of the leading banks in this space effectively capture the following:
Payment schemes – FedACH, Fedwire, SWIFT, SEPA, BACS, FPS, CHAPS, others
Payment types – Credits only or even direct debits
Preferred channels of payment origination
Destination countries to which or from where payments can be sent / received
Preferred payment currencies
Amount range within which each payment item would lie
Counterparties to whom payments would be sent or received from
Payment File formats – Creating and linking proprietary or industry standard formats to the customer id with format version number with flags to indicate whether control total / check sum validations are to be enabled, knowing if the file would be encrypted
and if so what encryption methods would be used by the client. carrying hybrid payment types,
Purpose (s) for which a payment would be made
Payment Frequency in terms of how frequently would payment requests be made?
Peak days of the month for payment activity
Whether future dated payments would be originated?
Identifying a core minimum
It is important to expeditiously enable a new client for payment order presentment and hence decide what should form a minimum core set of profile attributes that the bank could start out with and capture. The client should be provided with the scale of
awareness that the bank carries on its payment disposition and how it can be bettered to ensure effective account protection. A clear agreement for profile enrichment would need to be reached with the client in order for the bank sales team to schedule additional
Check the conduit
Banks using customer on-boarding solutions grapple with the issue of ‘data scoop diameter’. This is in other words is asking how wide mouthed can the on-boarding solution be in order to feed client payment preference data into the payment processor. The
reference data store for on-boarding clients for payments business dictates how much of this data can be burrowed from the client. This also influences what goes into the interview sheets that the sales team would use while engaging a prospective client. Functionality
to add new data elements helps to make it a part of the customer payment preference profile expands the ability to write customer specific payment validation rules.
Data is dust if…
Data is dust if left still. This is true for banks that are constrained in using client payment preferences to interrogate the payment orders. Specialized solutions for fraud prevention should be given access to client payment orientation data in order to
maximize efficiency gains. Fraud rules can kick in early on in the life cycle of a singular or a bulk payment order by engaging the payment order(s) in a comparative analysis with client payment profile data to see if there are any deviations. On the basis
of severity of deviations the payments can be routed into an exception queue triggering client callouts. Client overrides could lead to updates to the profile. Banks should actively look to maintain client profile data to ensure that the rules are hitting
against the latest version.
With increased sophistication being brought in the area of threat monitoring, the thought of not monitoring all transactions for violations is increasingly gaining favor. Banks having robust criteria definition for risk scoring are exploring prudent ways
to not subject 100% of their payment volumes to arrhythmic heart beat checks. Similarly complex methods such as web crawling and web sucking for rich data mining around payment recipients can be selectively done to payments originated by customers scoring
high on the risk index or to recipients where the hit match confidence exceeds a bank defined threshold. Smart sampling without compromising the bank's risk cover is opening doors to cost savings.
‘When fears are common, join hands’ is relevant to the fight against financial injury. It makes ample sense for a bank to know views of other banks on a new client it is welcoming into its fold. Likewise any information that can be garnered around a certain
counterparty that a customer is enlisting with the bank can be invaluable. Partnering with other banks to compare:
- list of customers with a high risk index (This would say to the other bank... We are sensing these customers to be high risk, does your bank see them the same way?)
- list of counterparties that have been blocked (This would mean to say. Our bank has these entities that have been blocked by our customers for collections. Can you check if they are on your block list too?)
- list of customers with excessive number of returned direct debits (This would read. Here is our list of customers that have had excessive number of returned direct debits for the reason unauthorized debit. Do you have similar experience with them?)
could help reveal common entities that are viewed similarly by other banks leading to further enlightenment that can feed into customer dealings.
There is no final word no endgame in the fight for customer financial protection. Enhanced customer awareness is taking centre stage in the strategy of banks that seek supremacy in the battle against account takeover. These banks have trained themselves
to keep asking the question - Do we know our customers well?