The compliance mindset
Many customers perceive compliance as a black & white area. In practice, this isn’t always the case; there can be many shades of grey. In this short article I describe how we, at Lerex, work closely with our customers to eliminate, reduce and overcome the impact of any compliance issues.
One of the steepest learning curves I see for Lerex’s new customers involves compliance. This is not surprising, since formal compliance is not an area that most people encounter in their day-to-day life.
The most common mental hurdle to overcome is that people tend to interpret “the rules” in a binary way; yes or no; black or white.
In reality, most of “the rules” we have to comply with in the implementation of pre-paid payment cards are written using a principles-based approach which allows room for, both, interpretation and mitigation.
In practice, the likelihood of an event taking place, the magnitude of its negative impact and measures taken to minimise and manage the risks are all taken into account before taking a final decision.
At Lerex, the steps we take to arrive at decisions about compliance and risk include:
1. Data collection:
With our clients, we collect as much data as possible to form a complete view of the situation. This includes the scenario we’re directly faced with, but also its periphery, the actors and their behaviours.
KYC, KYB, PEP & sanctions lists, adverse media, common fraud patterns; these are all tools you can and should use to build those data points.
2. Use our joint expertise, experience and processes:
Some scenarios might bring risks but, together, we might be in a good position to mitigate them. Perhaps our customer understands the specific industry inside out, maybe we at Lerex have seen a specific situation many times before, understand its risks well and know how to contain them, or to minimise their likelihood.
Being objective and realistic about how well you understand the underlying risks and how well you can mitigate them is important. And pooling our resources can be invaluable.
3. Residual risks and mitigation:
Once we understand the situation and how our joint experience will help tackle it, we are then able to drill down on the residual risks (the ones we cannot mitigate through our experience and current processes). We need to understand how severe risks in this category are and what can further be done to reduce or eliminate them. A change in processes might be required, or making sure we gather additional information, perform more regular checks, etc…
Once residual risks have been identified and discussed, we should then have a clear picture about the final state of the situation. How many risks are left, how severe are they, and how well can they be mitigated.
Based on all these answers, it usually becomes a business decision whether to accept the situation or decline to proceed any further.
We also think it is good practice to involve relevant suppliers and/or the regulators in this final step; being as transparent as possible will always be beneficial.
Going through our process means the outcome is rarely black or white.
I like to use the analogy of red flags. A business might be comfortable with one or two red flags if it feels they are small and can be mitigated. But, as the data collection process continues, more red flags might be discovered which could ultimately lead to a big issue, and perhaps even a refusal to engage in that business activity.
Alongside a very transparent approach, what compliance officers will expect from businesses is a deep awareness of their own risks, and a strong mitigation framework to be put in place.
Interestingly, many customers we see are doing exactly the right thing in looking at their business objectively and trying to identify and mitigate their risks, often engaging expert professional opinions on those. Yet, when it comes to compliance, they often feel nervous and worry they are not doing the right thing.
Zero risk businesses are extremely rare, so having gone through the process, it is not necessarily an issue that some risks remain. What is important is to be transparent and objective about their likelihood and impact, and to have taken remedial steps where possible.
When onboarding our clients, a lot of our time is spent on this subject so, as a customer, you don’t have to have all the answers. If you feel in the dark about compliance, we’ll be able to help you find the light at the end of the tunnel.
Compliance is here to help in making sure you’re not caught off-guard, it is not something to be scared of as long as you’re happy to be transparent and have a responsible approach.