Regulatory compliance - Many of you probably recoil in response to these two small but significant words. While compliance isn’t dominating the news as it did a few years ago, it is still an issue that organizations struggle with on a daily basis. Compliance is difficult because there is no indication that the number of regulations will ever decrease. And it is highly unlikely that compliance will ever be a simple, nonintrusive matter. Because these efforts don’t easily translate into traditional business benefits, such as cost reduction or revenue enhancement, compliance is often viewed as a burden on the resources of an organization.


However, organizations are increasingly finding that compliance initiatives offer unexpected advantages to improving business processes. One example pertains to regulatory watchlist compliance and how it can help organizations better understand customers.


Watchlist Compliance


Wachlist compliance is an initiative with very broad corporate influence. A watchlist is a file that contains information on suspect individuals, organizations and countries with which it is unlawful to do business. Those on the list can be individual criminals, terrorists or fraudsters, as well as criminal organizations, terrorist groups and nations that sponsor terrorism or criminal activities.


Watchlist compliance is much more than a single regulation. It covers a number of regulations that essentially have the same requirement - ensuring that organizations do not do business with suspects on these lists. The USA PATRIOT Act as well as the Know Your Customer and Anti-Money Laundering provisions of Basel II and Sarbanes-Oxley are among the most notable of these regulations.


The main process of watchlist compliance is easy, at least on the surface. Organizations are required to compare customers and/or transactions to watchlists and report any suspicious activity. For example, if a bank wants to grant Steve Smith a loan, they must first compare Steve Smith’s name against any number of watchlists. If Steve’s name is absent from these lists, the bank can presumably loan him the money. If, however, Steve Smith is on one of these lists, the bank cannot loan him the money and they are required to report their interaction with him to the appropriate authorities.

While this may seem like a simple, straightforward process, it can be time-consuming and difficult to manage. Part of the complexity stems from the way organizations manage their data. Traditionally, companies have added new IT applications to cover each business function, with each business unit or division often running independent systems. This leads to classic silos of data, which can complicate any enterprise-wide data-driven efforts.


In the event that a prospective customer’s name matches a name on the watchlist - or seems to match - does that mean this individual is a criminal, terrorist or fraudster? Not necessarily. In this day and age, few names are truly unique. At this point, you have to go beyond the name itself -comparing addresses, Social Security numbers and so on. This is not an easy feat considering the varying formats of data - and the disparate sources of data you may have to track.


What Can Be Done?


There are several steps organizations can take to help ease the regulatory burden. The most critical step is to invest in a compliance solution with two components: robust data quality capabilities and sophisticated identity management. The data quality technology helps build a more standardized, uniform basis of customer information. This high-quality data can then be matched against watchlists using identity management tools.


The identity management component determines if customers listed in different sources are, in fact, the same customer - and intelligently integrates customer information from multiple applications and databases. With identity management, companies can flag potential matches within the IT infrastructure and isolate the best data from the various sources.


The next step is to take this identity management approach and apply it in real time to transactional data. After the initial data quality efforts, companies have consistent and accurate data within their customer databases. This process has developed a type of “business logic” at the data level for standardizing and matching information across business sources. Organizations can apply those same rules to new transactions - and uncover any that fail to meet compliance guidelines.


It is important to note that there are a variety of solutions available and organizations should select an identity management tool with flexibility to ensure that the technology can fully support business needs and requirements. Organizations with a large compliance oversight staff may want to set the rules for identity matching much looser to “cast a broader net.” Those with a lean staffcan continually refine the match rules to hone in on only the most spurious matches. The flexibility allows organizations to configure technology to meet needs as they evolve.


Tools in Action


The combination of data quality and identity management has been used to solve some complicated compliance issues in a variety of industries. One of the first industries to fall under strict guidelines was financial services.


One financial services firm instituted an internally-developed watchlist technology soon after the USA PATRIOT Act regulations were established. The solution provided ways to catch questionable transactions automatically, but compliance staffhad to manually sift through transaction logs to confirm that transactions were valid.


Because the system relied heavily on human intervention, it didn’t scale to meet the demands of a growing customer base. As the company added new sources of data - and acquired new companies and their legacy databases - the financial services firm found its watchlist compliance efforts reaching critical levels.


Over time, the deficiencies of the existing system caused the organization to struggle to meet section 314(a) of the USA PATRIOT Act – the regulation that requires all financial services companies to report account holders and customers to the U.S. Treasury Financial Crimes Enforcement Network (FinCEN).


The company chose to switch from the manual-driven process to a system that used data quality and identity management capabilities. With the new method in place, the organization got more accurate matches throughout the process. By reducing “false positives,” the compliance staff became more efficient. More importantly, the financial institution was confident that it was complying with section 314(a).


Moving Forward


Compliance is often seen as a barrier - a hurdle that must be overcome. However, as with any challenge, it presents opportunities. By implementing data quality and identity management, organizations not only create an effective risk management program - they build the foundation for better data management practices throughout the enterprise.


For years, enterprise applications have been promising a unified customer view, but the proliferation of systems has led to more confusion about the customer base. In fact, marketing and customer relations executives are struggling to understand even the most basic questions: Who exactly are our customers? Which customers are we trying to target? Who are our best customers? Which customers represent our best opportunities?


Uncertainty about who customers are can severely compromise efforts to build stronger relationships. In today’s competitive marketplace, if customers don’t feel valued, they will take their business elsewhere.


One of the emerging methods for managing and integrating customer data uses the practice of master data management (MDM), or intelligently aggregating all details about an entity (the customer, in this case) into one master reference file. The master file can then be fed into other applications. As a result, a salesperson using a customer relationship management application sees the exact same product codes and descriptions as a logistics manager views in an enterprise resource planning system.


A variant of MDM is customer data integration (CDI). As the name implies, CDI attempts to centralize authentic customer information from all applications, databases and customer touch points into one data source. By bringing the best information about customers to the surface, CDI strives to deliver consistent, accurate and reliable informationregardless of the originating application. The benefit of CDI is that the data itself – not the applications – is the focus. Each business unit can view the same information about customers, which improves support and service across business functions. Perhaps more importantly, companies can continue to use existing applications. A CDI approach doesn’t require reconfiguring the entire IT infrastructure to gain a better view of customers.


Consistent, accurate and reliable information about customers is a necessity for efforts such as customer outreach and customer retention. It is even more critical for any initiative designed to uncover questionable transactions with known or suspected criminals.


By combining data quality and identity management concepts, organizations can gain insight into the transactions customers are making - and what compliance staff needs to monitor closely. Without this technology, watchlist compliance is much more difficult and imprecise.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access