With the growing number of data sources and changing regulation, compliance teams are under incredible pressure and scrutiny to implement the most thorough due diligence process available.
They are frustrated by the tools at hand, which are actually growing increasingly ineffective due to recent changes such as the “Right to Be Forgotten” rule.
We’ve already established in a prior post that Google isn’t a sophisticated research tool for compliance teams. It’s easily manipulated and fraught with false positives that require compliance team members to chase endless paths leading them in the wrong direction.
What may surprise you though, is the number of people who countered that argument by saying, “Well, we’re more sophisticated than that, we primarily use watchlist databases to assess our risk.”
This, unfortunately, does little to reassure anyone that your compliance assessments are thorough and timely. Just as a Google search provides you a one-point-in-time view of a possible risk, the watchlist database approach is riddled with challenges as well. How is the watchlist created and maintained?
The reality is that large groups of humans try to maintain these databases, but it’s a struggle for them to cover even a fraction of content that’s being published every day. The sheer volume of data they try to review and number of steps they take to try and control quality naturally slow updates.
Other consideration must be given to the successful lawsuits and requests made to have entities removed from these watchlists. This was occurring even before the “Right to Be Forgotten” legislation, which now makes it even easier for an individual to petition that information be removed if it is “inadequate, irrelevant or excessive.” This means that real terrorists or other bad actors might come off of watchlists when they should absolutely be flagged as high risk.
Generally, to avoid too many legal battles and controversy, being placed on the watchlist is the result of an actual conviction from a court of law. So what does this mean? The data on that watchlist is nowhere close to being real-time. In many cases, it could take years for a case to work through a legal system and for a verdict to be issued. Then and only then will a change be made to the watchlist. Can you really afford to wait that long?
No doubt, this is a complex challenge and it’s also error prone — at banks, KYC for onboarding is often done in duplicate to cut down on high error rates, and even then often requires a review process, making these traditional approaches even more inefficient and costly.
Ultimately, what is required is a blended approach that scales appropriately to the level of risk. Investigative cognitive computing is now capable of this approach, allowing for the combination of watchlists, open web research, deep web sources and other premium content as well as internal sources. And it is capable of going shallow – doing a relatively simple screen — to going far further, when appropriate — discovering related entities and chasing down possible leads.
While some readers might be worried that robots are replacing human jobs, I would argue that’s not the case. What is happening instead, is that the cognitive computing platform does the time-consuming job of sifting through an extraordinary amount of available information, chasing down leads, marking off obvious false positives and flagging any possible risk issues — all while your team sleeps. When the team returns to the office in the morning, they can do what they were truly trained to do — assess potential risks to make better, more informed decisions.
Dan Adamson is the Chief Executive Officer of OutsideIQ, a company that develops investigative cognitive computing, including DDIQ, to address today’s growing compliance requirements. He can be contacted here.