Modern businesses rely on a web of trust; they need to trust their partners, suppliers, customers and various other third parties. Running checks on the entities who you do business with is a smart risk-mitigation strategy as well as a regulatory compliance requirement for many industries.
Criminals have developed numerous schemes that use fake companies to perpetrate fraud as well as expanding the scope of potential targets. After all, companies have the potential to deal with hundreds or even thousands of customers, so fraudulent companies can cast a wide net for their questionable activities. Some of these nefarious schemes include:
Sending out fake emails to try and collect information to enable theft
- Deceptive websites
Luring customers in with copycat sites to phish information
- Fraudulent merchant accounts
Setting up fake business accounts to either collect payment card information to sell or to run up charges
- Tax fraud
Create fake employees and receive refunds on their behalf
- Identity theft
Set up fake jobs to collect personally identifiable information to use to create fake credit profiles
Unfortunately, it can be quite easy to create a fake company as it usually involves simply entering registration information at a government agency and paying a fee.
There’s a growing demand to validate company information when doing business with a company. As more business transactions are conducted online, on-site visits are often impractical. With the ease of creating fake company records and profiles, the risk of fraud has risen. The risk is not only of financial loss but a reputational concern; who wants their business being connected to a criminal, or even worse, an organization linked to terrorism?
For regulated entities, such as Financial Institutions (FIs), having company information is a requirement for account opening. Depending on the jurisdiction and perceived level of risk this information includes:
- Location of the business
- Occupation or nature of business
- Purpose of the business transactions
- Expected pattern of activity in terms of transaction types, dollar volume, and frequency
- Expected origination of payments and method of payment
- Articles of incorporation, partnership agreements and business certificates
More jurisdictions are additionally requiring beneficial ownership information, such as in the EU under 4AMLD and in the US under FinCEN Final Rule. For situations that call for enhanced due diligence, additional information requirements are necessary.
The ideal standard is to have company data available and accessible through an online central register, such as prescribed in 4AMLD. A central register assists in ensuring the information is accurate and up-to-date, enables law enforcement to quickly gather necessary information and supports cross-border investigations.
Authentication of Information
However, while there might be requirements to collect company information, there are questions about the accuracy and validity of the information. For example, in the US FIs can use information supplied by the customer, as long as they have “no knowledge of facts that would reasonably call into question the reliability of the information.”
Other jurisdictions often only perform limited vetting on listings provided and have little or no investigative powers to check false filings. Without proper of listings, these procedures are open to misrepresentation and outright fraud. As anti-corruption organization Transparency International states:
Governments should resource and establish mechanisms to ensure that at least some verification of beneficial ownership information takes place, such as cross-checking the data against other government and tax databases or conducting random inspections.
This presupposes that registers actually exist and are accessible. In the EU, many countries still don’t have the systems in place, as required by 4AMLD. As stated in International Law Office, “Ireland, Greece, the Netherlands and Romania are still in the process of passing appropriate implementation measures into national law” and this is one year after the implementation date of the Directive.
As each jurisdiction has its own rules and systems regarding business registration, there are huge variations in the type, quality and format of information. Data is fragmented and inconsistent. Legal corporate structures with multiple layers of ownership increases the number of entities to be verified. Data is often kept in different, making it difficult to link data across repositories.
So, how does an organization verify a business entity before doing business with them? What can a business do to effectively check on a company’s veracity? Fortunately, there are companies that perform business verification checks on company information.
Previously, verifying a business entity was a low-tech and cumbersome process for both the financial institution and business entity. Business entities were required to submit official documentation to the financial institution, which was accepted as the record of authority for the business. For business entities that required additional due diligence based on the risk assessment performed, financial institutions would then carry out additional analyses, such as ordering official company documents from the official registry to verify accountholder-submitted information; identifying the ultimate beneficial owner(s), and performing a KYC check on each individual ultimate beneficial owner.
Real-Time Business Verification
Trulioo’s Global Business Verification service automates the entire process from information input through to register checks. As the information is in a computer-ready format, further analysis is also automatable; checking names of businesses against Anti-Money Laundering (AML) watch lists; parsing and analyzing ownership information to determine beneficial ownership structure; running the beneficial owners themselves through identity verification and AML watch list checks.
Using an automated approach to verifying businesses also enables adding other data to create more in-depth profiles. Integrating another data source into the system allows additional data analysis being run simultaneously, not adding time or complexity to the verification check. These additional data layers add to the identification, risk evaluation and vetting process, delivering a more thorough analysis and better protecting the business from risk and fraud.
Legitimate businesses need to have proper due diligence procedures that are still open to doing business online to foster growth and opportunities. With proper checks, businesses can build the necessary trust online to safely take on new customers, suppliers and third parties and continue to expand globally.