Digital or traditional CDD, what route should you take?

When used and understood correctly, a digital electronic verification approach can enhance the authenticity, security, confidentiality and efficiency of conducting client due diligence (CDD). 

The benefits of using an electronic verification solution include but are not limited to the following:

• Deterrent to criminals

• Reduction in admin time

• Multiple live screenings of positive and negative sources

• Internal controls consistency

• Onboard clients who are not based locally 

• Record keeping 

• Monitoring and scrutiny

• Minimise reliance on human control 

Are there any dangers to taking a digital approach?  

The regulator will look within your practice-wide risk assessment to see that you have carefully considered using digital tools within your compliance processes. This interest means we must be aware of technology and its benefits. We must still assess whether it is a good fit for our firm, clients and risk exposure levels. 

The objective of technology is to equip our employees with the knowledge and information they need to support them, providing confidence and mitigating risk. But what dangers should we be aware of when implementing or increasing the use of technology within our processes?   

• Over-reliance 

• Unread or unreviewed results 

• Lack of understanding of the results 

• Cyber and data security 

• Privacy 

Electronic identification and verification (EID&V) tools should be sensitive to the above dangers. But you should consider how to mitigate these risks. An example of a control that could demonstrate mitigation is by dip sampling past files to check the accuracy, over-reliance and understanding.  

From experience conducting regulation 21 audits on behalf of law firms, it was evident that fee earners had obtained an electronic identification and verification report, but the contents of the reports hadn’t been reviewed. Fee earners are responsible for reviewing and interpreting the information. There is a requirement for consideration even when using electronic identification and verification; this responsibility cannot be outsourced. 

Another common downfall for firms is that within their firm-wide risk assessment, they have yet to make mention of the technology they are using. When incorporating electronic screening within your process you must develop an in-depth understanding of the tools used and demonstrate an understanding of the following non-exhaustive list: 

• Inputs to the system 

• Data sources used by the system 

• Outputs from the system and what they mean 

• How the system complies with the regulations

Traditional identification 

Traditional methods of undertaking CDD, specifically identification and verification of a client, predominantly rely on people. This often means that your processes are limited because they do not use multiple sources and databases of information.

With the new technology available, you must consider what you are missing by sticking with a manual approach and the potential risk this presents to you and your firm.  When comparing a photograph on a government-issued ID with an individual in front of you, or not as the case may be when the document is sent via email, you are solely responsible for judging that the identity document is genuine and that the person presents a true likeness to the image. Have you given the right training to your staff to spot fake documents? And is it worth the time when electronic tools are available?

Using technology, we mitigate the risk of human error in identifying and verifying an individual's identity.

People inevitably make mistakes, especially with the sophisticated ways in which baddies look to exploit professional firms. Some days we wake up and our eyes are keener than on others. Some days we have more time. 

When it comes to fraudulent documents, there are two kinds. We can all identify the obvious ones as fake (we don’t worry about those). The ones we worry about are the sophisticated fake documents out there. These are the ones trickier for the naked eye to identify, the ones the naked eye might not spot or recognise - the borderline ones. The National Crime Agency estimated that only 20% of fraud is actually reported.

There is an increased risk of obtaining an ID or proof of address document that is not genuine because of the technology available. Try a quick internet search for a ‘fake utility bill’ and see how many sites offer this. When you don’t see the original, you lose opportunities. You can’t feel the quality and thickness of the paper. The dangers of not incorporating technology into your compliance process leave your firm vulnerable to criminals. There is a risk of unexpected financial penalties, regulatory or internal disciplinary, criminal prosecution and material or reputational loss. These could be at the firm level but also individual fee earners.  

In the world we operate within, there are many factors that increase our vulnerabilities, such as;    

• High-quality fake identity documentation 

• Easy access to online proofs

• Clients are not who they say they are

• Clients who are not truthful

• The client is a PEP or listed on a relevant Sanctions list

• Difficulty evidencing controls 

• Staff that are not specialists

Summary 

When used correctly, technology is an excellent defence against money launderers and fraudsters and can save your team hours. 

Most professional service firms utilise technology to some degree. We can never outsource our ultimate responsibility, but we can support our teams in making the right calls and providing them with the correct information to help their risk assessment. 

Technology can play a massive role and demonstrate to regulators that we are doing all we can to reduce risk and place appropriate controls in our processes that are not reliant on a sole individual.  

Next steps

Balancing the idea and concept that fee earner responsibility cannot be outsourced, technology undoubtedly removes the burdens staff face daily. If you already use technology or are considering technology start your discussions considering these key points:

• How do your team/colleagues feel they could be better supported? 

• What do they think are the critical gaps? 

• Are your team/colleagues happy with the current process and how much time is this taking? 

• What is the internal product feedback?

• Are your clients satisfied and have you asked them for feedback?