Compliance Demystified: A Beginner’s Guide

In today’s fast-paced digital world, where every transaction leaves a digital footprint, the importance of compliance can’t be overstated. But what exactly is compliance, and why does it matter to your business? At its core, compliance involves a series of steps and checks designed to ensure businesses operate within legal and regulatory frameworks. This not only applies to financial institutions but any business that deals with customer data.

In a rapidly evolving digital landscape, understanding the intricacies of compliance has never been more critical. Compliance is an extensive field that encompasses various practices and procedures aimed at ensuring businesses and individuals adhere to regulatory standards and prevent illicit activities. Here’s a deep dive into the multifaceted world of compliance, simplified for beginners.

Nansen ID

Here are the 7 main essentials:

1. CDD (customer due diligence) or Onboarding: The process of collecting and evaluating customer information during the onboarding process — including:

• KYC — know-your-customer (and know-your-employee, know-your-passenger, etc),
• KYB — know-your-business (plus, UBOs, ultimate beneficial owners, and executives here are subject of KYCs too)
• KYCC (know your customers’ customers) — for FIs (financial institutions), especially BaaS and correspondent banks
• risk identification in compliance involves categorizing clients based on their geographic location, industry, and other factors that may elevate their risk profile

2. EDD (enhanced due diligence — RFIs, requests for information: any additional information, documents and evidences: additional, mostly manual as for today, questions to understand reasons or nature of action)

• if\when high risk customer (or if SAR — suspicious activity report)
• high risk: by geography (Russia, etc) or by industry (crypto, cannabis, etc)
• a critical step that involves verifying the identity of your customers and to prevent fraud is ‘source of funds, source of wealth’
• ‘source of transaction’: it’s about constantly comparing the information received during onboarding with ongoing transactions to spot anything out of the ordinary.

3. Ongoing compliance, or AML (anti money laundering) and transactional monitoring (80% of compliance crime could be catched only during EDD and ongoing compliance, real ML-specialists are smart enough to pass any onboarding requirements,

• but value here is to create CDD on such level to make further investigation faster and better “trackable”). Compliance is about better management of your risks, rather than an unrealistic attempt to create an ideal system to recognize good and bad persons, and good and bad transactions.
• permanent comparison between, first, information received during onboarding about Sender, second, current ingoing\outgoing transaction (amount, currency, reason), and third, about Recipient
• requirement to re-verify all answers and documents provided during onboarding (expired, changed, blacklisted): monthly, quarterly, annual, every 2–3–5 years
• (part of EDD regarding AML) SAR (suspicious activity report, mostly for FinCEN) — new (changed) information about onboarded person or company, suspicious transaction by quality (reason for transaction or recipient) or quantity analysis (size or amount of transactions)

4. CCO, Chief Compliance Officer (and Compliance team: onboarding, EDD, AML specialists) — behind every compliance framework is a team led by the Chief Compliance Officer, tasked with ensuring the organization stays on the right side of regulations.

5. Compliance Policies (documents about possible clients, potential risks and risk covenants, rules and procedures regarding onboarding, SARs, offboarding and “data cemetery”)

• Risk segmentation (of potential clients)

6. Compliance education (of everyone within the company related with potential compliance risks)

7. Compliance audit (could be internal, but better — external)

Ribbit Capital’s new research: [digital] “banks may be best situated to become issuers of reusable…

Nansen.ID, for instance, focuses on streamlining the CDD process, with plans to expand into KYB, KYCC, and more sophisticated monitoring solutions. It’s a testament to the evolving nature of compliance solutions, leveraging technology to make due diligence faster, more accurate, and less intrusive.

In the context of compliance, identity verification goes beyond just knowing who someone is. It encompasses everything from biometric data (like fingerprints or retina scans) to documents and even social connections. The challenge is to create a system flexible enough to accommodate the diverse ways identity can be established and verified.

Rather than viewing compliance as a necessary evil, forward-thinking companies see it as an opportunity to build trust with their customers and differentiate themselves in the market. By managing risks effectively, they not only avoid penalties but also enhance their reputation and customer loyalty.

How could World ID be better? Or at least useful

KYC: The Multifaceted Nature of Who We Are in the Digital World

In the ever-evolving digital landscape, the concept of “digital identity” has become increasingly complex. It’s not just about who we are online, but how various elements come together to create a unique digital persona. Let’s delve into the different aspects that constitute our digital identity:

‘Truth’ often depends on the Hypothesis, which dictates your risk tolerance

1. Physical Attributes: The Biological Passport (My body says who I am)

• Facial Recognition: While highly popular, it’s not foolproof. Changes in appearance, plastic surgery, or having a twin can affect its accuracy.
• Fingerprint Recognition: Not everyone has discernible fingerprints, posing a challenge.
• Eye/Retina Recognition: This method excludes individuals without sight.
• Voice Recognition: Ineffective for those who are mute.
• DNA Recognition: Although unique to each individual, privacy concerns and ethical implications come into play, especially with open API platforms like 23andMe.

2. Documented Identity: The Paper Trail (Documents say who I am)

• Our identity is often tied to official documents: Passports, visas, and various certifications.
• These documents provide a “collective image” including (potentially changeable) parameters like name, date of birth, gender, and nationality. (Media and background checks, presence/absence of criminal records, negative news: FBI, Interpol, OFAC, etc.)
• Signatures, both physical and\or digital.

3. Social Endorsements: Our Community’s Voice (Others say who I am)

• Social guarantors (akin to credit references), vouch for an individual’s character or skills (employment references).
• Legal professionals like notaries, lawyers, witnesses, lay judges and auditors also play a role in certifying identity (and they need to verify you too).
• List of closest relatives (for visas),
• Media and background checks (presence/absence of criminal records, negative news): FBI, Interpol, OFAC, etc.
• My business says who I am (presence in shareholder registers of different companies, plus who else is in those registers as your social environment).

4. Digital Footprint: The Tech Trace (Contacts say who I am: who responds to this phone, address, email — that’s me)

• Contact details like phone numbers, email addresses, and physical addresses.
• The digital fingerprint of our devices (IP/MAC addresses).
• Knowledge of login credentials.
• Challenges include the “one-to-many” nature (one person having multiple emails, phones, etc.) and the potential for device or key loss.

5. Personal Affirmation: The Self-Declaration (I say who I am, and what kind of person I am)

• Affidavit-style questions under oath assume truthfulness until proven otherwise, covering a wide range of personal history and beliefs.
• Video calls are becoming a standard for identity verification (and liveness check), offering real-time interaction and ensuring the person’s immediate presence and freedom from coercion.

In this era, digital identity is a patchwork of biological traits, documented evidence, social endorsements, digital footprints, and personal affirmations. As technology evolves, so does the complexity of identifying and verifying an individual in the digital space. The challenge for businesses and regulatory bodies is to navigate this complexity while ensuring security, privacy, and ease of use for individuals. The future of digital identity lies in finding a balance between technological advancement and ethical considerations, shaping how we define ourselves in the digital world.

Compliance is sexy, and Arival knows it

Diverse Use Cases of Compliance Across Industries

1. Banking. Opening a bank or insurance account goes beyond just knowing who you are. It’s about ensuring you’re not involved in money laundering, tracing the origins of your funds, and understanding the purpose of your transactions. Requirements include basic personal details, professional background, guarantors, and accounts in other banks or tax statements. This is accompanied by background checks, transaction monitoring, and regular audits.
2. Telecommunications. When issuing SIM cards, there’s a need to mitigate security risks by identifying who, when, and where a SIM card was activated. Basic personal information and identification are required.
3. Healthcare. Booking a doctor’s appointment or undergoing medical tests requires identifying both the patient and the doctor, along with consent for the collection, processing, and storage of biological material.
4. Housing. Renting a property involves risk hedging (financial stability) and ensuring the safety of other residents. This involves basic queries and credit ratings. For purchases, the source of funds is often scrutinized.
5. Education. Admissions to schools or universities entail security considerations. This includes verifying personal details, employment and education history, social references, and sometimes additional details like race, religion, or veteran status in certain countries.
6. Employment. Employment requires comprehensive identity verification, including past employment and education, social references, family affiliations with government bodies, criminal history, and willingness for background checks and drug tests. Hiring a nanny, driver, or cleaner also demands identity verification to ensure safety and trustworthiness.
7. Visa Issuance. Visa services like VFS Global and TSL Contact collect and transfer applicant information to embassies, covering family background, travel history, financial stability, and affidavit questions. But all this information is absolutely non-reusable at the moment — every time you fill out the same forms and answer the same questions.
8. Airport and Hotel Check-ins. Airlines verify if a passenger is wanted or poses a security threat, while border controls confirm the individual’s entry. Hotels ensure guest safety by requiring personal details and passport copies.
9. Online and Offline Services: Dating services (Tinder, Bumble, etc), Airbnb, Uber, and age-restricted services all require identity verification for safety and legal compliance.
10. Marriage and Divorce: Verification of individuals in marriages and divorces, including presence of a third verifier and legal jurisdiction, is crucial.
11. Legal Agreements and Arbitration: Notarization of agreements and arbitration involves verifying the parties involved, the witnesses, and the terms agreed upon.
12. Business Formation: Company creation requires verification of each shareholder, director, and employee.
13. Wills and Estates: Verification of the testator, executor, beneficiaries, asset list, and jurisdictional considerations are key.

Fintech no more: correspondent banking is still an untouched niche

The implementation of compliance spans across various sectors, each with its unique requirements and challenges. From personal to professional, transactional to legal, the digital identity serves as a crucial tool for verification, security, and trust in our interconnected world.

The pivotal role of compliance in the realm of digital identity is often overlooked. For any identity system to truly come to life, it must first be accepted. This acceptance is not just about technology adoption but involves navigating regulatory landscapes and understanding the end-user experience. Without this, the most innovative digital identity solution remains inert.

Compliance is an integral part of doing business in today’s global economy. By understanding its components and staying ahead of regulatory changes, companies can navigate the complexities of the modern market with confidence. As solutions like Nansen ID demonstrate, technology plays a crucial role in simplifying compliance, making it more accessible for businesses of all sizes.

Identity verification is a cornerstone of compliance, encompassing everything from biometric data to official documents like passports and IDs. The goal is to create a comprehensive profile of a client, incorporating various aspects of their identity, activities, and affiliations. Today’s digital world presents new challenges and opportunities for compliance. With technologies like blockchain, digital banking, and online platforms expanding rapidly, compliance frameworks must adapt to ensure security, privacy, and adherence to regulatory standards across all digital transactions.

I initially invested in and advised the KYC startup BASIS ID (which has since been acquired and is now under ZignSec) and A.ID, a compliance-as-a-service company (also acquired). Four years back, as the founder and CEO, I set up Arival Bank (arrival of a rival), a compliance-centric fintech. ArivalBank.com serves as a digital bank catering to high-risk international clients under a US banking license. Owing to its compliance milestones, Arival is included in the FinCEN innovation group.