It seems relatively easy to register a new company these days, but who validates the data entered is correct and stays accurate over time?
The multiple company repository databases held across the world play an important role for governments to govern trade and for other institutions looking to adhere to key regulatory obligations, such as those under Anti-Money Laundering (AML) statutes and requirements. Today the quality and accuracy of such data and who governs transparency, continues to be up for debate.
For businesses, navigating the complexity of this setup remains a daunting reality. Data now ricochets across organisations of every industry, often in real-time, and increasingly underpins decisions and strategies. Its sheer volume offers companies the chance to transform their operations for the better. Unfortunately, danger lurks in those data stacks.
Is the data accurate? Where does it come from? How has it been stored? Can it be analysed and reliably used? Questions abound and are not always easy to answer – something that Neil Isherwood knows all too well.
As Compliance SME & Sales Strategy Leader at Dun & Bradstreet, his has been a career steeped in the intricacies of information management and integration, risk mitigation and innovation. It’s also given him a front row seat for data’s evolution into a key asset that is now pivotal to all phases of a business lifecycle, especially for compliance functions.
“The data we get our hands on at Dun & Bradstreet comes in all shapes and sizes,” he says. “We get structured data in many feeds, which might be easier for us to consume, but a lot of information still isn’t digital. For example, annual financial accounts can still come as scanned copies that have to then be converted into data – and there is often a lot of work needed to standardise, cleanse and link it in order to draw valuable insights from it.”
He goes on to say that many organisations frequently have to use technology and solutions to turn detective – being told ‘x’ is the shareholder of a business is not enough. “We have to learn where that shareholder is, where it is located, and which record we link it to in terms of our data,” he explains.
Such activity often falls under the purview of ‘Know Your Customer’ (KYC) – the money laundering guidelines that require banking and other regulated professionals to confirm the identity, suitability, and risks involved with maintaining a business relationship. In other words, KYC is the process of verifying someone is who they claim to be – and its scope and importance has grown significantly in recent years.
So, who are you, really?
Many financial institutions or entities that deal with third parties have had to intensify their focus on KYC, extending it out to knowing their customer’s data, their business and their investments, to name a few. While he cites the impact of recommendations from organisations like the Financial Action Task Force, Isherwood also believes this shift reflects what is going on in the world around us.
There’s been numerous leaks where corruption, kleptocracy and money laundering have been reported on much more widely and just generally, people are starting to understand the harm it does to the economy
“There’s been numerous leaks where corruption, kleptocracy and money laundering have been reported on much more widely and just generally, people are starting to understand the harm it does to the economy,” he observes.
“So I believe it’s a case of it becoming so much more prominent that public opinion shifts, whereas previously it was kind of a hidden away secret that no one really knew about. Now, people are starting to say they are really big problems – where did the money go? How did it flow through London? The political environment now has to respond because people are much more concerned about it.”
This, he believes, has all contributed towards broader societal changes which have elevated the risk of reputational damage for organisations becoming entangled in such activity. “It’s being less accepted that this is the way businesses should operate,” he says.
We’re now having conversations with corporate businesses that are much more advanced and are in the same realm as financial institutions; people specifically wanting to know what the money laundering directives mean and so on. They are becoming a lot more sophisticated and are catching up with the financial sector
UBO sightings
A key focus of international anti-money laundering and anti-terrorist financing is UBO legislation, which is designed to uncover the person – the Ultimate Beneficial Owner – who is the ultimate beneficiary when an institution initiates a transaction. Under such rules, banks and corporations need to reveal the UBO’s identity for any of their business transactions but progress, shall we say, has hardly been uniform.
Take the US, for example, which Isherwood fears is lagging behind other countries. “Its Corporate Transparency Act (which formed part of the 2020 Anti-Money Laundering Act) is a tacit acknowledgment of the need for a register,” he says. “So we will create one but no one can access it unless you’ve got legitimate grounds and consent. But I’m hoping they are on the same journey as the EU and at some point they will decide to make their UBO register open.”
Then there’s the European Union’s Directives. Back in 2016-17, the 4th Anti-Money Laundering Directive required EU member states to set up their own UBO registers by 2017. Its implementation was left up to individual member states and Isherwood says their approach foreshadowed that of the US in many cases. “Lots of them dragged their heels, and then we saw them agreeing to create one but to make it private – which kind of defeats the object,” he says.
By contrast, the EU’s 5th Anti-Money Laundering Directive, which went into effect in January 2020 (and was swiftly followed by the 6th directive late last year) focused heavily on greater UBO transparency, with Isherwood describing it as affecting the “nitty gritty” of how the registers are built and their effectiveness.
“If we take the UK as an example of “openness” specifically, it has created a PSC register (People with Significant Control) and made it open, accessible and free,” he says. “We can contrast that with other markets where they have ticked the box in the most basic sense, but often it’s the manner with which their register has been built and implemented that decides whether it is useful or not.”
To illustrate his point, he says that many countries have taken different approaches which even technology hasn’t helped streamline.
The way UBO registers have come in has not necessarily been harmonised. They are physically different, and so too are the data structures and access methods, with some charging fees and others not
“So you have to compare the ‘we have a UBO register’ with the reality of how effective it is for getting the information you want, and crucially for operations, how useful it is for getting that information efficiently and automatically.”
The danger is that given that compliance teams in any industry often lack sufficient resource to manually identify, collate and attempt to validate key information, erecting barriers in the process will lead to further delays and inefficiencies.
House move
In the UK, Companies House is the registrar of companies, responsible for incorporating and dissolving limited companies, registering company information and making it available to the public.
Under the current rules, anyone can register a company with whatever details they want about the company. These details are never validated upon registration or checked for accuracy over time, yet key AML regulations requires Financial Institutions to perform Know Your Customer checks and fulfil UBO requirements which use this data.
In recent months, media reports have highlighted why transparency and validation have become big concerns, with one example of 30 fake banks being registered in one street in London’s Belgravia. The government is seeking to take steps to eliminate such issues recurring and crack down on economic crime. Its newly published white paper aims to do just that by strengthening Companies House’s powers so it can better tackle fraud and help provide a stronger foundation for boosting enterprise. Isherwood is a fan of the planned approach.
“I think the proposed reforms will really help,” he says. “It sounds like Companies House has really listened. One of the phrases which keeps coming up about the reforms is the pledge that it will “no longer be a passive administrator” of company information and that’s the key thing – it will be an active gatekeeper and more of a custodian of reliable data.”
Previously, he adds, businesses from other sectors (other than Financial Institutions) were at something of a disadvantage if they didn’t understand the key terminology, and it was easy to misinterpret the processes – but the changes will help address these challenges.
“What they’re proposing, in terms of having the ability to query the information, will definitely help,” he says. “You’ve got to be able to trust what’s on the register otherwise it leaves companies between a rock and a hard place – they themselves are held to a high level of data accuracy yet have to use a public register that isn’t held to that same level, despite it being the official source. I don’t think anyone expects it to be perfect overnight – the transformation programme is going to take at least five years – but I think it’s moving in the right direction.”
Turning to technology
Nevertheless, five years is a long time – especially as these reforms were first mooted back in 2019. It seems pertinent to ask, then, for his views about how technology can be used to make the lives of compliance professionals easier in the meantime. For Isherwood, it all comes back to activating the data in some shape or form. “It needs to be stored in a way that makes it easy to get at it and it goes back to using technology around the people and entity resolution,” he says.
It’s against this background that SymphonyAI Sensa-NetReveal Digital Intelligence and Dun & Bradstreet have teamed up to help accelerate and enhance compliance and customer onboarding. Under the new agreement, seamless integration of Dun & Bradstreet’s data and analytics with BAE’s Sensa-NetReveal platform offers customers of both companies enriched and extended information, arming investigators with a holistic view of customer risk to support fast, accurate decisions.
“There are many new providers of technology and we’ve seen technology solutions do a really good job of being able to churn huge amounts of data,” adds Isherwood. “Using the network context also brings an extra dimension of accuracy – looking at what businesses individuals preside over or own, and are there any links? A lot of the time this context really enhances what you can do with the data. From a Dun & Bradstreet perspective it helps us ‘cluster’ all those people together and we’ve also seen that sort of technology used within banks to fight financial crime.”
Another key aspect, he adds, is when you start to overlay transactions. “Putting that extra context really helps us analyse the data – whether that be transaction flows around the world, or whether it be different individuals,” he says. “It helps us gain a consolidated view of a person and all the roles they play in different businesses.”
Horizon scanning
So, what does the future look like for company repositories and UBO regulation? Isherwood believes that for the time being UBO registers are likely to need other sources to augment their powers and impact.
“It’s not that it doesn’t add value, it’s just that on its own it’s not as powerful as when we aggregate and ingest multiple sources,” he says.
Because UBO registers are still siloed – at least for the time being – there is a need to look at them from multiple angles to better understand the real picture of who is behind a company
Looking further afield, he goes on to express the hope that different markets start to look at common definitions and actually start to pool their data together, rather than having national boundaries. “Ultimately, we need to ensure that companies consuming verified data aren’t faced with the dilemma of two countries claiming to have verified data with discrepancies – but this is a long time off.”
He’s quite right. If too many countries have verified data in different locations, it comes down to the quality of the data and the various verification steps. Another addition, then, to the ever-changing regulatory wish list for compliance professionals – anyone looking for a quiet life should look elsewhere.
Greater expectations around transparency, a shifting regulatory backdrop and the cascading impact of money laundering are helping transform how organisations see and use company information from central repositories. Charmian Simmons sits down with Dun & Bradstreet’s Neil Isherwood to discuss how data and company repositories can help address economic crime
