17
Audience: This document is intended for managers, directors and executives who deal with business customer compliance and risk. In particular, this is intended for those who underwrite, board, or monitor a portfolio of business customers will benefit from the contents of this white paper. A Complete Approach to KYC with Business Customer Intelligence Prepared by: Dan Frechtling, Chief Product Officer Jodie Ruby, Director of Marketing Steve Clendaniel, Director of Risk Consulting

A_Complete_Approach_to_KYC_With_Business_Customer_Intelligence (1)

Embed Size (px)

Citation preview

Audience: This document is intended for managers, directors and executives who deal with business customer compliance and risk. In particular, this is intended for those who underwrite, board, or monitor a portfolio of business customers will benefit from the contents of this white paper.

A Complete Approach to KYC with Business Customer Intelligence Prepared by: Dan Frechtling, Chief Product Officer Jodie Ruby, Director of Marketing Steve Clendaniel, Director of Risk Consulting

Contents Executive Summary ....................................................................................................................................... 1

The “Regulatory Olympics” ........................................................................................................................... 2

The Derisking Dilemma ................................................................................................................................. 3

Guidance Offered by Regulators ................................................................................................................... 3

Tools Currently in Use to Meet Regulatory Guidelines and Manage Risk .................................................... 5

What Common Risk Management Tools Miss .............................................................................................. 7

What is Business Customer Intelligence? ..................................................................................................... 8

Key Elements of Business Customer Intelligence ........................................................................................ 9

Ongoing Monitoring .................................................................................................................................... 11

How This Helps You Comply with Regulations and Avoid Reputational Damage ...................................... 12

G2’s Solutions for Commercial Banks ......................................................................................................... 13

About G2 Web Services .............................................................................................................................. 13

Sources ........................................................................................................................................................ 14

1

Executive Summary Anti-Money Laundering and Know-Your-Customer services form the fastest growing category of risk spending globally, with a five-year CAGR surpassing 18%1. With heightened regulatory uncertainty and rising regulatory pressure, financial institutions need transparency into their business customer, Third- Party Payment Processor and Third-Party Sender portfolios to better manage their risk. While existing tools such as identity verification and transaction monitoring can help, they miss hidden risks that are vital to effective due diligence and compliance programs. This whitepaper will explain these hidden risks, and how business customer intelligence can help financial institutions comply with BSA and AML regulations while maintaining and growing their sources of revenue.

2

The “Regulatory Olympics” The current regulatory landscape resulting from Operation Choke Point in 2013 has led to increased pressure and scrutiny for financial institutions that are scrambling to understand complex regulations while maintaining and growing their businesses. Operation Choke Point — an initiative launched by the US Department of Justice (DOJ) in early 2013 — targeted financial institutions that had commercial agreements with Third-Party Payment Processor (TPPP) and Third-Party Sender (TPS) businesses that were deemed by the DOJ to have a higher risk for money laundering and fraud. These businesses include payment processors, payday lenders, debt consolidation firms, adult entertainment companies and firearms dealers. Since then, regulators have advised banks to take a risk-based approach in assessing individual relationships rather than Choke Point’s “derisking,” or declining services to entire categories of customers, yet the effects of Choke Point’s derisking are still felt. Even before Operation Choke Point, the creation of the CFPB by the Dodd-Frank Act of 2010 not only added another regulatory body to the landscape, it changed the dynamics of existing regulators. Like an athletic team that has drafted a new player, the incumbents have found themselves sometimes competing, sometimes collaborating. The environment has been likened to the Olympics, where regulatory bodies find themselves competing both together and against each other for influence. A recent research study conducted by G2 Web Services of risk and compliance officers at mid to large-sized banks shed additional light on the situation. One participant indicated that regulatory pressure is unavoidable:

“This is the business we’ve chosen and these are the rules you must follow in order to be able to stay in the game. If we want to continue to grow and to prosper we have to get A’s on our report card in terms of compliance. If we get anything less than that they will shut down our growth. It’s not optional.”2

Glossary of Acronyms AML: Anti-Money Laundering – A set of procedures, laws or regulations designed to stop the practice of generating income through illegal actions. BSA: Bank Secrecy Act – Government legislation created to prevent financial institutions from being used as tools by criminals to hide or launder money by requiring banks to provide documentation whenever clients deal with transactions that involve large sums of money. CFPB: Consumer Financial Protection Bureau – A regulatory agency charged with overseeing financial products and services that are offered to consumers. FFIEC: Federal Financial Institutions Examinations Council – Formal interagency body empowered to prescribe uniform principles, standards, report forms for federal examination, and make recommendations to promote uniformity in the supervision of financial institutions. FinCEN: Financial Crimes Enforcement Network – A network administered by the United States Department of the Treasury whose goal it is to prevent and punish criminals and criminal networks that participate in money laundering.

3

Another participant explained that changing regulations regarding third-party relationships creates increased pressure:

“In an ever changing regulatory environment, especially TPPP being newer (the question) is, are the regulators going to change their requirements? I think there’s a black hole in banking, especially with examination, whereby examination procedures and guidance say one thing, but we’re also held to best standards and practices.”3

Despite the current environment where guidance can sometimes be ambiguous, financial institutions are expected to follow BSA and AML guidelines for KYC, both for direct customer relationships as well as for Third-Party Payment Processors (TPPPs) and Third-Party Senders (TPSs). The consequences for failing to follow this guidance can be severe, and can affect any size of financial institution. Headlines are full of cautionary tales from banks in recent years that have fallen short in their Know Your Customer (KYC) programs, some resulting in hefty fines such as $4.9 million to CommerceWest and $1.2 million each to Plaza Bank and Four Oaks Bank.

The Derisking Dilemma As a result of Operation Choke Point, over 50 subpoenas were issued to payment processors and the banks they do business with, creating a shockwave through the industry4. Fines have been and continue to be issued as mentioned earlier. As a result, many financial institutions have severed relationships with TPPPs and TPSs in an effort to reduce their risk and exposure to regulator fines as a risk avoidance reaction. In doing so, these banks are cutting themselves off from legitimate sources of revenue that can fuel business growth.

Guidance Offered by Regulators

To address this systematic derisking of TPPPs and TPSs, the OCC and FDIC promote a case-by-case review of businesses by financial institutions, rather than eliminating entire categories from portfolios. According to Barbara Hagenbaugh, deputy to the chairman for communications at the FDIC:

“… the Federal Deposit Insurance Corp. encourages supervised institutions to take a risk-based approach in assessing customer relationships, rather than declining to provide banking services to entire categories of customers without regard to the risks presented by an individual customer or the financial institution's ability to manage the risk. That means that FDIC-supervised financial institutions that properly manage customer relationships and effectively mitigate risks are neither prohibited nor discouraged from providing services to any category of customer accounts or individual customers operating in compliance with applicable laws.”5

KYC: Know Your Customer – Regulations requiring banks individually verify a client’s history, risk, and financial position. KYCC: Know Your Customer’s Customer – banks requiring clients to discover their client’s history, thus gaining further insight into entire hierarchy. TPPP: Third-Party Payment Processor – Bank customer that provides payment services to customer and other business entities; TPPPs often use commercial bank accounts to conduct payment processing for their clients. TPS: Third-Party Sender – A third-party service provider considered a Third-Party Sender when there is an agreement with an ODFI or another Third-Party Sender to originate transactions and also has an agreement with an originator to initiate transactions into an ACH Network on their behalf; a Third-Party Sender is a subset of a TPPP.

4

The FDIC, FFIEC, FinCEN, NACHA, and the OCC have all issued guidance for due diligence and ongoing monitoring of business relationships to address BSA/AML requirements regarding relationships with third parties, thus creating the added requirement to Know Your Customers’ Customer (KYCC). The expectation is that financial institutions know all of their customers, regardless of whether they have a direct relationship with them or if the relationship is through a third party. According to regulator guidance, financial institutions need to know the risk profile of their customers, TPPPs and TPSs when entering into these relationships, and also need review them on a regular basis to detect any changes that could impact their business customer portfolio. In addition, the financial institution’s risk assessments need to adjust to account for higher-risk customers so that the risk is properly managed:

FDIC FIL-127-2008:

“Account relationships with entities that process payments for telemarketers and other merchant clients could expose financial institutions to increased strategic, credit, compliance, transaction, and reputation risks.

Account relationships with these higher-risk entities require careful due diligence and monitoring as well as prudent and effective underwriting.

Payment processors pose greater money laundering and fraud risk if they do not have an effective means of verifying their merchant clients' identities and business practices.

A financial institution should assess its risk tolerance for this type of activity as part of its risk management program and develop policies and procedures that address due diligence, underwriting, and ongoing monitoring of high-risk payment processor relationships for suspicious activity.”6

FIN-2012-A010:

“Law enforcement has reported to FinCEN that recent increases in certain criminal activity have demonstrated that Payment Processors present a risk to the payment system by making it vulnerable to money laundering, identity theft, fraud schemes, and illicit transactions. Many Payment Processors provide legitimate payment transactions for reputable merchant clients. The risk profile of such entities, however, can vary significantly depending on the composition of their customer base. For example, Payment Processors providing consumer transactions on behalf of telemarketing and Internet merchants may present a higher risk profile to a financial institution than would other businesses. Telemarketing and Internet sales and RCC-related transactions tend to have relatively higher incidences of consumer fraud or potentially illegal activities.”8

FFIEC BSA/AML Examination Manual “The cornerstone of a strong BSA/AML compliance program is the adoption and implementation of comprehensive CDD policies, procedures, and processes for all customers, particularly those that present a higher risk for money laundering and terrorist financing. The objective of CDD should be to enable the bank to predict with relative certainty the types of transactions in which a customer is likely to engage... The concept of CDD begins with verifying the customer’s identity and assessing the risks associated with that customer. Processes should also include enhanced CDD for higher-risk customers and ongoing due diligence of the customer base.” 7

5

With the increased amount of focus and scrutiny being placed on KYC – and more recently on KYCC – many banks are being forced to allocate more resources managing regulatory requirements. A recent study by McKinsey found that senior executives spend about 20 to 25 percent of their time on regulatory matters11.

Tools Currently in Use to Meet Regulatory Guidelines and Manage Risk In the research study conducted by G2 Web Services quoted earlier, one participant described one of the key challenges of risk management as a “constant evolution of bad guys getting more sophisticated at a faster rate than we are.” In today’s environment of uncertainty, how are financial institutions managing the onboarding and ongoing monitoring of business customer, TPPP and TPS relationships? This same study revealed that banks are using the following types of solutions or processes:

We will explore these solutions in more detail here, including their advantages and disadvantages:

OCC 2006-39:

“Banks that engage in ACH transactions with high-risk originators or that involve third-party senders face increased reputation, credit, transaction, and compliance risks. High-risk originators include companies engaged in potentially illegal activities or that have an unusually high volume of unauthorized returns. High-risk originators often initiate transactions through third-party senders because they have difficulty establishing a relationship directly with a bank.

Before a bank engages in high-risk ACH activities, the board of directors should consider carefully the risks associated with these activities, particularly the increased reputation, compliance, transaction, and credit risks. The board should provide clear direction to management on whether, or to what extent, the bank may engage in such ACH activities.”10

Onboarding

- Identity Verification

- Manual Credit and Asset Searches

Ongoing Monitoring

- Transaction Monitoring

- Manual Spot Checks

NACHA Third Party Senders and the ACH Network (2nd Edition) “Due diligence is key to mitigating risk when engaging in a banking relationship with a Third Party. Procedures should include gathering and evaluating information and relevant documentation about the Third Party. Enhanced due diligence procedures should include:

Background checks on the Third Party and its principals using independent public databases

Background checks on a representative sample of the Third Party's clients

Review of the Third Party's website

Internet research and website review of a representative sampling of Third Party's clients.”9

6

Identity Verification The benefits of Identity verification solutions include:

Compliance with core BSA/AML guidance for due diligence and enhanced due diligence (EDD)

Compliance with the CIP rule of the Patriot Act

Visibility into the identity of the individual completing the application, including the ability to flag invalid social security numbers

Overall, using identity verification is a good standard practice for effective KYC programs. However, there are some gaps in these solutions:

They are most effective when the information being disclosed can be verified

The solution is only as good as the database that is being used to verify the information

Fraudsters are able to outmaneuver identity verification applications in a number of ways

Fraudsters may also prey on certain banks that only perform cursory investigations

So, while regulators acknowledge identity verification as a necessary component for KYC, it has some limitations that demonstrate the need for other tools.

Manual Credit and Asset Searches The benefits of credit and asset search tools include:

Consolidation of many data sources to determine the financial health of a prospective business customer during onboarding, allowing the financial institution to access a variety of data points to evaluate a potential business customer

High regard from regulators since the underlying data comes from what they consider to be credible sources

Ease of performing and integrating these searches into existing onboarding processes

While these searches are valuable and provide helpful information regarding the financial health of a prospective business customer, there are several shortcomings to these tools:

While the information gathered by these data sources provides details on principals, it may lack business customer historical information which can reveal important details about the prospective business customer’s risk profile

Since analysts are needed to review the outputs of these searches and analyst experience can vary from person to person, the outcome of these reviews can be spotty

Such searches are not easily quantifiable, making the process difficult to repeat.

Transaction Monitoring Transaction monitoring solutions have several benefits including:

Compliance with key regulations including OCC’s CFR 21.11 & 2013-29, and FDIC’s FIL 44-2008 & FIL 3-2012

The ability to detect behavior indicative of some fraud and money laundering activities

7

Data science capabilities that allow quicker detection of anomalies

Alerts that can provide evidence of suspicious activity or outright fraud

The ability to separate suspicious transactions from normal transactions for further review

Clearly, transaction monitoring solutions play an important role in a financial institution’s KYC program. However, they do fall short in a few areas:

They are most effective after fraud has struck

They miss leading indicators of fraud that can provide a more complete risk profile of the business customer

These solutions are vulnerable to fraudsters who can split their transactions (aka load balancing) across several banks in an attempt to outsmart banks’ systems

Manual Spot Checks Manual spot checks are commonly used in the ongoing monitoring of a bank’s business customer portfolio and are useful in the following ways:

These processes are easy to start and modify – particularly if the number of business customers being reviewed is low

The reports are simple to explain to auditors since they do not involve many technical processes

Despite the simplicity of the processes and reporting, there are several complexities in utilizing manual spot checks.

It is more difficult to detect the nuanced changes than can take place in a customer’s business that could raise its risk profile and trigger a more in-depth review

Manual processes take more time and additional employee resources

There is no automated scoring associated with these checks, which slows the monitoring process

The solutions described above all have benefits to KYC programs. At the same time, they miss vital aspects of KYC which need to be considered for a robust program that helps banks reduce their regulatory burden, decrease uncertainty, and make faster onboarding decisions.

What Common Risk Management Tools Miss One main type of risk that the tools described above miss is hidden customer risk. This includes direct evidence of illegal activity, past indicators of fraud, and compliance violations. It also includes links to illicit customers, criminal fraud rings and hidden websites, all of which can drastically change the business’s risk profile. Additionally, these tools miss a business customer’s use of multiple financial institutions, which could also indicate a higher degree of risk. The second main area that these tools miss is automation, namely scoring, which turns the above risk indicators into actionable numbers that can greatly improve the speed of onboarding decisions. The ideal score is based on a combination of past business customer history as described above, but also

8

uses data science to predict the likelihood of future fraud and compliance violations. Automated scoring leverages technology to greatly improve onboarding and ongoing monitoring processes.

What is Business Customer Intelligence? Business customer intelligence provides a wealth of information that commonly used risk management solutions miss. In this case, “customer” refers to business customers of a financial institution. While identity verification provides knowledge of the risk profile of the individual applying to become a business customer of a financial institution, business customer intelligence provides foreknowledge based on the customer’s prior actions. And while transaction monitoring provides sight into past transaction activities, it lacks the foresight to predict the likelihood that fraud or compliance violations will occur, which is where business customer intelligence plays a powerful role. Business customer intelligence combines a large historical dataset of business information, industry expertise, and data science to give financial institutions a comprehensive view of the risk associated with a business. This dataset, known as the Business Data Map, combines over ten years of business customer data collected through partnerships with acquiring banks and card networks with 3rd party data sources such as watch lists and high risk business categories. This powerful database is then used to predict future business customer violations through data science, critical information needed during customer onboarding. This database is constantly updated and expanded as millions of business customers are scanned and evaluated monthly, allowing financial institutions to receive alerts when changes in their portfolio occur as a result of fraud, reputation changes, or other reasons that indicate a changing risk profile. The bottom row in Figure 1 illustrates the functionality in current solutions for onboarding and ongoing monitoring. Business customer intelligence leverages this functionality and combines it with leading indicators listed in the top row of Figure 1 to generate the highest utility for risk management programs.

Figure 1

Business Customer Intelligence

9

Key Elements of Business Customer Intelligence

1. Business customer intelligence finds hidden connections: Years of historical business customer data backed by data science to find links between customers gives financial institutions a much deeper understanding of the risk profile of any customer they are trying to onboard. Figure 2 shows a random sample of this database with websites that have had content violations in the past. Each purple dot represents a violating website and each green dot represents a business customer that has sold its products through that website.

In the bottom left the green “flower” shows many business customers selling illegal products through the same website (figure 2a). Using this intelligence, a financial institution could decline a new application from a business customer engaged in this activity.

By contrast, the business customer in Figure 2b has been using different websites to sell prohibited products. The next time an application from this business customer comes through using a new website, the financial institution can use this information to reject the business customer.

Finally the business customer in Figure 2c seems to be directly related only to one violating site. However, graph analytics determines that he is potentially connected to a large cybercriminal operation. These examples illustrate the power of historical business customer risk information and how it can impact important onboarding decisions.

2. Business customer intelligence enables predictive modeling: An extensive database of

historical and current data, combined with 3rd party data sources, can be a powerful tool used for predictive modeling of key business customer behaviors. Knowledge of these behaviors helps financial institutions obtain a more robust risk profile at onboarding. Examples include hidden connections to undisclosed online businesses, past fraud and content violations, and connections between individuals and businesses. Examples of 3rd party data sources are blacklists (PEP, OFAC, NABP, etc.) and whitelists (MPAA, NABP, etc.). Data Science takes all of these sources and then predicts the likelihood that the business customer will exhibit risky behaviors in the future such as committing compliance violations or fraud. Figure 3 illustrates the power of this predictive capability. A UK Bank was able to limit fraud to 2% of the average loss by using customer business intelligence based on historical data:

Figure 2a

Figure 2c

Figure 2b

Figure 2

10

3. Business customer intelligence can yield instant quantification: The large dataset described

above comes to life with an instant score that allows financial institutions to clear low risk business customers who score “green”, decline high risk business customers who score “red”, and perform deeper investigations

on business customers who score “yellow” (Figure 4). With reason codes explaining how the score was calculated, a financial institution can see what is driving the score and can make decisions to clear the business customer or not, based on its risk tolerance. There are important advantages to using this solution for business customer onboarding. First, it greatly decreases onboarding time, in some cases up to 93%12. Second, it can be integrated via APIs into home grown or third party vendor platforms, enhancing existing processes. Finally, financial institutions can choose to get up and running more quickly by accessing a portal to generate risk profiles on prospective business customers. Ultimately this allows financial institutions to make their processes repeatable, scalable and easier to explain to auditors and examiners.

4. Business customer intelligence powers a risk-based approach: With the depth of information that business customer intelligence provides – and the ability to obtain instant scores on prospective business customers – financial institutions can much more realistically adopt a risk-based approach to business customers, TPPP and TPS portfolio management. Rather than ruling out entire categories of business customers, the use of scoring system – with powerful data and data science behind that score – allows a financial institution to review each business customer on a case-by-case basis and avoid losing potentially lucrative relationships. This can also be achieved with TPPP and TPS relationships, particularly if the financial institution implements a KYCC program requiring business customer registration by the TPPP or TPS. As seen in the case study outlined below in Figure 5, a financial institution that was under an MRA (Matter Requiring Attention) from the OCC for inadequate KYC/KYCC policies was able to clear the MRA by establishing a formal TPPP management program by flagging high risk business customers.

Figure 3: Limiting Fraud Case Study

£655 (2%)

Average Losses:£33,000

Merchant X Losses Average Losses

Limited Fraud Loss

G2 Compass Score™

Figure 4

Figure 5: Example of Establishing a Risk-Based Approach to KYC

11

5. Business customer intelligence can be richly reported: Another powerful capability of business customer intelligence is that it can be used to create rich, actionable reports and dashboards. Some examples of these reports, such as those shown in Figure 3, include 1) a quick snapshot of a financial institution’s risk categories in its portfolio, 2) benchmarking data to understand how a financial institution’s portfolio categories compare with the broader industry, and 3) reports that show which categories are being cleared more often versus boarded, allowing the financial institution to better understand its onboarding process. This reporting can help to uncover new opportunities to fuel business growth.

Ongoing Monitoring Business customer intelligence is also used in the ongoing monitoring of a financial institution’s business customer portfolio. Ongoing monitoring is a critical role in risk management, as changes that occur in a business customer’s profile after onboarding could have a damaging effect on the financial institution’s portfolio. Businesses known as “shelf” companies or pseudo-legitimate sleeper companies may be formed with the intent to commit future fraud. This may occur as “bust-out” fraud by patient criminals or the future sale of the front company to a criminal entity. As mentioned earlier in this whitepaper, regulators have issued guidance around the ongoing monitoring of business customers for thorough KYC programs. Some examples of areas that should be monitored include:

Figure 6: Example dashboard and report center

12

1. Business Monitoring: After a business customer has been onboarded by a financial institution, it is very important to perform a periodic review of that customer’s business to ensure there haven’t been any material changes. Changes that could also lead to problems for the financial institution include changes in business classification, the sale of high risk goods or services, deceptive marketing practices, and changes in business models. A monitoring solution that detects and reports changes in these areas helps financial institutions identify these customers and take actions consistent with its risk profile.

2. Reputation: A negative change in business reputation is a leading indicator of a business customer’s potential liability to a financial institution. Many fines that have been issued recently could have been avoided if reputation monitoring had been incorporated into periodic portfolio reviews.

3. Fraud: Fraud monitoring and alerts can also help to weed out potentially harmful business customers from a financial institution’s portfolio. Financial institutions benefit from the network effect of information reported by their peers, which is used to notify them should they enter into a relationship with a business with a history or high likelihood of fraud.

Ongoing monitoring provides financial institutions with continuous protection against individuals and businesses who are actively trying to defraud the system. In addition, it provides a more proactive way for financial institutions to manage both positive and negative risk.

How This Helps You Comply with Regulations and Avoid Reputational Damage As outlined at the beginning of this whitepaper, there are several regulatory bodies that have issued guidance for the onboarding and ongoing monitoring of business customers, both direct customers and those underneath a TPPP or TPS. Business customer intelligence enables a financial institution to take a risk-based approach to managing these relationships. With a thorough onboarding process that includes the ability to score a business customer’s risk profile based on its past history of fraud and compliance violations, as well as any connections to hidden businesses it may not have disclosed, the financial institution is able to make better onboarding decisions based on its risk tolerance. It is also able to have greater visibility into the portfolios of its TPPPs or TPSs. Similarly, establishing regular portfolio monitoring to detect changes in business practices, reputation or fraud gives banks the ability to make proactive decisions about their customer relationships. Integrating these tools into their existing due diligence and compliance processes gives banks the information they need to make decisions that ultimately help them comply with regulations, while providing them with robust reports for auditors and examiners. According to many bankers, regulatory risk is considered to be the single largest risk they face – even beyond cybersecurity risk and fraud risk. A comprehensive due diligence and ongoing monitoring program for business customers and third parties is paramount for effectively managing this risk. In addition to managing regulatory requirements, business customer intelligence helps banks avoid reputational damage which closely follows regulatory risk in terms of importance to financial institutions. Implementing a comprehensive KYC program that is in balance with the level of risk the bank is taking on will significantly help in lessening this risk category.

13

G2’s Solutions for Commercial Banks G2’s Solutions for Commercial Banks, comprised of G2 KYC Investigate and G2 KYC Protect, allow financial institutions to create a risk-based approach to managing business customers, TPPP and TPS portfolios with proactive due diligence and business monitoring solutions. This includes:

Unique transparency based on the G2 Business Data Map – the most extensive database of business customer risk and fraud history available, developed by G2 Web Services in partnership with major US card networks and global acquiring banks

An instant assessment from the G2 Compass Score®, which predicts the likelihood of fraud or compliance violations with 99% accuracy

Ongoing business customer monitoring, including changes in business classification, high

risk goods and services, business models, fraud alerts and reputation changes in your

portfolio

G2 KYC Investigate conducts extensive due diligence on business customers, TPPPs and TPSs prior to boarding, while G2 KYC Protect monitors business customers, TPPPs’ and TPSs’ for risk and fraud indicators. With G2’s Solutions for Commercial Banks, financial institutions can identify past risky behavior, leading indicators for future violations, and receive ongoing alerts when changes in their portfolio occur.

About G2 Web Services G2 Web Services is a leading global provider of business customer risk management solutions, including due diligence, compliance and fraud protection. G2 Web Services helps acquirers, commercial banks and other payment providers take on the appropriate level of risk in their business customer portfolios, while protecting against brand damage, illegal activity and noncompliance assessments. Contact us to learn more about how our Solutions for Commercial Banks can help your business: [email protected]

14

Sources

1. http://www.marketwatch.com/story/2014-spend-on-credit-fraud-risk-compliance-data-topped-usd19-billion-up-621---burton-taylor-2015-06-11

2. G2 Banking Research Study, March 2015 3. G2 Banking Research Study, March 2015 4. http://dealbook.nytimes.com/2014/01/26/justice-dept-inquiry-takes-aim-at-banks-business-

with-payday-lenders/?_r=0 5. http://www.americanbanker.com/bankthink/fdic-responds-banks-must-manage-client-risk-on-

case-by-case-basis-1073979-1.html 6. https://www.fdic.gov/news/news/financial/2008/fil08127.html 7. https://www.ffiec.gov/bsa_aml_infobase/documents/BSA_AML_Man_2014_v2.pdf 8. http://www.fincen.gov/statutes_regs/guidance/html/FIN-2012-A010.html 9. NACHA Third Party Senders and the ACH Network (2nd Edition) 10. http://www.occ.gov/news-issuances/bulletins/2006/bulletin-2006-39.html 11. http://www.bankdirector.com/issues/regulation/year-in-review-big-profits-but-big-regulatory-

fines-too/ 12. Link to compass case study

G2 Web Services, LLC