You’re running, but not you don't know where to. Danger lurks in the digital shadows. Something big and ugly – possibly a compulsory audit by the Information Commissioner’s Office – is up ahead...
Keeping up with ever-changing compliance demands often feels like one of these recurring bad dreams.
Not only are there a growing array of regulatory acronyms coming at risk officers thick and fast, but he or she needs to ensure the company’s response to requirements translates in all regions where they perform business, whether one country or on a global scale. And all the while a determined and increasingly sophisticated band of online criminals are making it their business to find ever-more-ingenious ways to circumvent the solutions that the business has put in place.
It’s an ongoing regulatory nightmare that know your customer (KYC), compliance and risk management platform 4Stop aims to end. The company offers a complete, end-to-end compliance solution by aggregating more than 400 global premium KYC data sources and combining them with its proprietary, anti-fraud technology with real-time intelligence to provide a centralised global view of risk.
Every transaction is subjected to a multitude of various different data parameters to ensure its legitimacy, as well as off ering real-time anti-money laundering (AML) monitoring, customised alerts and quick filters. All of this enables 4Stop’s clients to streamline the process of submitting information to the relevant regulatory bodies in the regions in which they operate. It also gives them access to so that they can keep pace with requirements on a ‘plug and play’ basis through a single application programming interface (API), allowing them to future-proof their regulatory and anti-fraud requirements with zero touch on their IT department and resources.
According to 4Stop co-founder and CEO Ingo Ernst, the solution enables companies to ensure they are Fourth Anti-Money Laundering Directive (4MLD) and revised Payment Services Directive (PSD2) compliant at every customer touchpoint, including sign-up, logins, account updates and transactions.
It’s a platform very much for its time. According to leading research and advisory company Gartner, the governance risk and compliance market is projected to grow at a 13.4 per cent compound annual growth rate, to reach $7.3billion by 2020. Meanwhile, Ernst and Young’s Global Fraud Survey showed that 43 per cent of businesses thought the changing regulatory environment was their biggest threat – with the conundrum that if they focussed all their eff orts on meeting the growing compliance requirements, they would no longer have a business to worry about.
That’s precisely the problem 4Stop set out to solve.
It was founded by four visionaries from far-flung corners of the globe – Montreal, Germany and Latin America. All from banking backgrounds, they discovered they shared similar experience in risk and fraud management solutions, which often fell short of the challenges facing both financial institutions and businesses operating in the high-risk, high-volume financial transaction areas of gambling and foreign exchange. They decided to found the company to provide the solution they couldn’t find.
“We all had to work with a lot of different providers; the idea behind 4Stop was to bring all the solutions together in one platform with a single API. Now, legislation, including PSD2 and the General Data Protection Regulation (GDPR) in Europe, are playing into that, however, but we’ve been working together in the risk management and fraud industry for quite a while.
Anti-fraud, KYC and compliance has changed from mere threshold and deposit behaviour management to being driven by more sophisticated data insight – and the sheer amount of that data has grown tenfold in the last couple of years.
So, at 4Stop, we can have up to 2,000 data parameters for a single transaction. If you multiply that by millions of transactions per day or sometimes even per hour, it’s tough for global companies trying to achieve instant payments under PSD2, for instance, to stay on top. It’s an irony that, in an era of tightening controls, open banking has potentially increased companies’ exposure to risk. And yet it’s essential that they do stay on top if they are not to make thousands of customer accounts vulnerable to fraud.” States 4Stop CEO, Ingo Ernst.
Alvaro Kurth, CRO, adds: “When organisations transact globally in real time, the potential for fraud is a lot higher because organisations don’t have the ability to thoroughly review that volume and speed of transactions. Recently, of course, we’ve seen data breaches on an enterprise-wide scale. It’s no longer a case of them hacking one credit card. Criminals now will even use bank wires because they know it gives them access to the full set of customer data. To help our clients contend with this, we’re integrating machine learning and artifi cial intelligence (AI) into our technology.”
The increasing threat explains why 4Stop has made a number of significant new signings recently, including Ripple, the enterprise blockchain solution for global payments, in April this year, and the MiFinity e-wallet provider.
Ernst adds: “We work with clients in their vertical and regulatory framework for today, as well as looking at where they want to go tomorrow so that we can advise what they will need to comply with. We ask things like ‘do they need to do an electronic verification as part of their strong authentication?’ and ‘what kind of risk management and customer verification does their risk-based approach entail?’
We can use the platform to look at different countries and verticals with the client and advise them that, under regulatory framework A, for example, they should verify their client in this manner, whereas under regulatory framework B there’s less emphasis on compliance, or more verification is needed.
That would normally entail working with an additional solution provider whose development queue might be backed up for the next six months, so they have to wait to expand into that new territory. 4Stop gives them confidence that they are within the regulatory framework and auditable as such.”
4Stop does this partly by forging vital links with complementary providers.
"We’re a young company; we’re not claiming we’re perfect, but we have integrated more than 400 data sources already and we’re averaging two to three new data sources with every release we make. We constantly have our ears and eyes open in the industry, finding fantastic providers that work with us, which enables us to off er very strong value to our clients."says Kurth.
In this way, 4Stop hopes to help firms focus on the true meaning of regulation – protecting and better serving customers.
“There’s always that catch-up race between industry, innovation and regulation,” says Ernst. “The last of those might be seen as a headache by firms that ask ‘why do we now have to do all of this?’ and there’s no denying there’s an impact on business that is not positive. There’s lots of regulation to catch up on in an environment that’s moving incredibly fast. But in the long run, it’s the customer who is the focus – he or she ultimately needs to know where his or her data is going and what’s being done to it; that it’s secure and, ultimately, that they’re still in control of it.
We aim to help those companies that don’t want to change their whole business model so that it’s focussed on compliance,” says Ernst. “We allow them to continue to focus on their core strengths and expanding, while ensuring full compliance with the auditors and regulatory frameworks they are operating under, wherever they are.”
So, how exactly does 4Stop achieve that in, for example, the context of PSD2 in Europe?
“PSD2 covers a lot of different areas but we focus on strong authentication, client verification and KYC,” says Ernst. That includes vetting third-party suppliers to ensure that, when onboarding their data, companies don’t bring a Trojan horse into their system.
Firms need to consistently stay on top of their clients’ behaviour within their platform, not only at sign-up but also once they start interacting and transacting. This is where we bring together document-based ID checks with a live video call, address and device ID checks and much more, all based on the requirements our client needs to comply with. That’s all backed by our transaction monitoring, to be able to track client behaviour in real time and make sure anything suspicious or out-of-the-ordinary is flagged instantly." says Ernst.
“It’s having that hybrid of all of the data and verification needed for KYC and compliance combined with multi-faceted, real-time transaction monitoring in a single, plug-in platform and API that makes us different.”