Test

Since 2002, lenders have been aware of the importance of Know Your Customer (KYC) and the associated Customer Identification Program (CIP) requirements. As COVID-19 has changed procedures and priorities for businesses and consumers across the board, it’s more important than ever for institutions to ensure their CIP process includes ongoing monitoring of identity risk.   What is CIP?   Standard KYC programs include a Customer Identification Program to verify and validate identities along with due diligence to assess the risks associated with each identity.   CIP defines the process by which a business collects data to establish a reasonable belief that the identity is valid, and that the individual is eligible to participate in our financial system. While this process works in conjunction with other fraud mitigation tactics, they serve different purposes. A good CIP program emphasizes the customer experience, regulatory compliance, cost control, and smart growth. Fraud mitigation focuses on ensuring that an eligible identity is being presented by its true owner, rather than as part of a scheme to acquire goods and services with intent to default on repayment obligations.   Businesses who focus on solely on fraud mitigation rather than complying with KYC and CIP regulations run the risk of potential harm to business reputation, and of course, financial penalties. Fenergo found that as of the end of 2019, global penalties for AML and KYC non-compliance totaled $36 billion.   CIP vs. Fraud Mitigation Many financial institutions equate a CIP program with efforts to mitigate fraud. It’s understandable, as both processes include emphasis on the accuracy of an identity as it’s presented by a consumer. It is assumed that only the true owner of the identity would possess the detailed information necessary to meet CIP requirements and therefore would not likely be committing fraud.   There was a time—prior to large scale thefts of stored information, personal details shared through social media and other behavior changes that made personal information very public—when this would have been true. Unfortunately, those days have passed and even an amateur criminal with limited experience and resources could find current, accurate identity information for sale online, information good enough to pass the CIP test and be considered a legitimate consumer.   The real challenge is that when they go through CIP, many real consumers may inadvertently provide true information that doesn’t meet the verification standard. This is a result of consumer lifestyle changes outpacing the sources of data used to verify the information they’ve provided. It makes sense; in most years roughly 13% of American adults change their address. New homes, job changes and changes in marital status impact a large number of people every day. Adding to the confusion—it’s life’s changes that prompt people to borrow and purchase. The result is that many of the people that are more likely to fail CIP verification are the very people trying to legitimately access financial services.   The result is that CIP verification often isn’t a challenge for those intending to commit fraud, but it can be for genuine consumers.   The challenges of CIP In a recent internal study, Experian reviewed the ability to pass a standard CIP strategy that assessed the accuracy of the name, current address, date of birth and Social Security number provided by a large sample of consumers. We then compared legitimate consumers to those later confirmed to have been identity thieves impersonating a victim. Consistently, the identity thieves were at least as proficient at passing CIP as their true-consumer counterparts.   In a second step, we applied a fraud score that looked for identity theft by assessing the past uses of the identities, their consistency, velocity and many other characteristics unrelated to the accuracy of the data. The difference between CIP verification and a fraud risk assessment was striking. Across the entire range of fraud risk, the percentage of records that passed CIP verification remained the same.   That said, CIP still plays a very important role in risk mitigation. In fact, CIP and fraud prevention are inextricable in financial services. Just as a CIP verified identity can still be fraud, a record that may appear to be low fraud risk may not pass CIP. Since both processes have existed side by side for nearly two decades, each presumes that the other is in place and both are necessary to detect and prevent fraud.   Striking a balance   CIP verification and fraud mitigation strategies are both necessary and important to protecting assets and the broader financial system from fraud. It’s important to leverage a layered approach where both eligibility and risk are assessed, and next steps for verification include resolution of identity discrepancies alongside verification that ensures an identity is not being misused for fraud.   Experian can help you confidently verify customer identities, understand and anticipate customer activities, and implement ongoing monitoring. If you’d like to set up a review of your current strategy or learn more about how we can help you with CIP and fraud mitigation to strengthen your ability to know your customer compliantly, let us know. Contact us

According to Experian’s latest Global Insights Report, 38% of consumers expect to increase their online activity in the next 12 months. The report also found that consumers continue to have high expectations for their online experience, and businesses are re-imagining the customer journey to reflect that need. This January, Experian surveyed 3,000 consumers and 900 businesses to explore the changes in consumer behavior and business strategy pre- and post-COVID-19. As consumers have embraced life online, they’ve continued to emphasize their feelings regarding the importance of protecting their information. More than half of consumers still consider security to be the most important factor in their digital experience – the same experience they have such high expectations of. Business are acting in turn, with more than half investing in fraud detection methods or software to reduce friction in the customer experience. Digital transformation is also highlighting the need to: Manage regulatory compliance Integrate security measures Ensure access to AI models Attract and manage customers Integrate automation solutions Download the report to get all the latest insights into consumer desires and business behaviors, and keep visiting the Insights blog for a deeper dive into US-specific findings. Download report  

When I worked as a junior analyst for one of the largest credit card issuers in the United States, the chief credit risk officer required the development of a “light switch report” and strongly encouraged everyone in her organization to read the report every day. She called it the light switch report because every morning when she walks into her office and the lights switch on, she would read the report and understand what’s going on with the business. I took her advice and developed the habit of reading the light switch report every morning — for more than a decade while I was with the organization. I knew the volume of applications, the approval rate and the average line of credit of approvals. I developed an informed idea of how delinquency rates would look six months into the future based on the average credit score of approvals today. Her advice was valuable, and the discipline she shared helped me develop my skill sets as a junior analyst, a people manager and head of a retail business line. Performance reports are foundational and are one of the key elements of a sound and prudent risk management framework. Regulators require effective monitoring reports and provide guidance on report generation as part of its examination process. (Office of the Comptroller of the Currency. Comptroller’s Handbook, Retail Lending Safety and Soundness. April 2017. Page 15.) While supporting lender clients on strategy designs and development, I have an opportunity to review various performance reports. I’d like to take this time to reiterate some of the basic components of a good performance report. Knowledge of audience is primary. Good performance reports are tailored for specific audiences who can make decisions that will affect specific outcomes. Performance reports for day-to-day monitoring would be different from reports designed for executive leadership. Transparency and accuracy are required and when reports are designed in support of areas of responsibility, those reports become meaningful and transformative. Relevant metrics matter. Once you identify the report’s audience, the metrics you choose to appear in the report become the next important exercise. Metrics should be relevant and consistent with the audience who’s expected, upon reviewing the report, to make statements such as the business is doing well and stable, or corrective action is needed. For example, a report on the predictive power of credit risk scores intended for model developers will likely contain metrics such Kolmogorov-Smirnov (KS), Gini index or worst scoring capture rate. Such reports won’t include the average handling time of an application, which will be more appropriate for an operations team. Metrics become even more powerful for decision-makers when calculated at a segment level. I’m a big fan of vintage reports. They tell the story of current lending practices (e.g., approval rates, average loan amount, average booked credit risk score), and more significantly they often foretell future performance (e.g., delinquency rates, charge-off rates). These foresights allow analysts and managers to plan and develop strategies today to manage the future state. If approve or decline decisions use a dual score matrix, generate a report showing the volume of applications on the dual score matrix. It’s quicker to spot unusual distributions compared to expectations when data is presented at this sublevel. The benefit is swifter modification or new actions when needed. If statistical designs are utilized, such as test or control segments and champion or challenger segments, metrics calculated at these levels become insightful. They allow validation of a randomized process and support statistical analysis and statements. Timeliness of reports is critical. Some reports for operational or technology purposes require constant and continuous reporting. Daily reports are important especially when new strategies are implemented. Sometimes daily reports are far more relevant within the first two or three weeks of a new strategy implementation. When daily reports show stabilization and alignment to expectations, switching to weekly or monthly reports is acceptable. Most retail products are designed for review on a cycle or monthly basis. Monthly and quarterly reports are milestones and provide good health checks of the business. Don’t forget formats. If a picture is worth a thousand words, then use charts and graphs to display data and capture audience attention. We’re all used to seeing data presented in tables, but there are far more applications today that allow us to read reports with compelling graphics, trendlines and patterns that grab our curiosity and draw us into the story. I like narratives even if they appear as headlines on a report. Succinct comments show discipline and convey understanding of a report’s contents. Effective performance reports evolve as the business changes. Audience, metrics and segments will change, but the basic components provide general guidelines on developing consistent and relevant reports.