News Article


Risk & compliance 2.0: a better way to avoid dishonest business partners by Alan Norton, head of intelligence at Graydon UK

By CreditMan Wednesday, September 30, 2015

Every year an increasing number of companies fall victim to fraud. It remains a serious problem in the UK: companies running into trouble because they get involved with dishonest business partners. It’s a pity, for a risk and compliance policy that combines a data-driven approach with human common sense could help to prevent this.

The role of the internet
In recent decades, the internet has undoubtedly provided for strong economic growth. For example, it makes it possible to search for the cheapest suppliers, within and beyond the national borders. But at the same time, the internet has also created a completely new way of doing business - a way that gives more and more scope to fraudsters and dishonest businesses.

In the past, companies did business only with local suppliers that they knew personally and that they visited in person. If such a supplier tried to con them, they knew exactly where to find him. Today, we are far less fortunate in that respect. Trading increasingly takes place on a national or international level, via the internet. As a result, there is often no face-to-face contact at all between business partners. The dark side of the internet coin is therefore that you no longer know who is behind an organisation, so the risk of dealing with a dishonest business partner has become considerably higher.

Out with the old risk and compliance
It goes without saying that this increased risk of fraud calls for a new approach to risk and compliance. So far, risk management in many companies still takes place manually. The company’s own employees check all new customers. They are screened manually for creditworthiness, payment behaviour, corporate structure and so on. This is not only a very time-consuming and, therefore, expensive process, but it also seldom leads to the most structured and objective form of screening.

Often, in the old model, only new customers are checked for the risk of fraud. Today, however, this is far from sufficient. After all, defrauders usually first try to win trust, by placing a small order and completing the order in accordance with the agreed contract. It is then afterwards that a larger order follows, after which they disappear into the sunset. It is therefore no longer enough to only screen new customers: a new, integrated risk and compliance approach is essential.

In with the new
A risk and compliance policy 2.0 is the answer to the changed business world in which companies find themselves today. This new approach combines a quantitative approach with a qualitative approach. In other words, it combines the power of a data-driven method with the common sense of the company’s own, specialised staff.

Quantitative approach: acceptance policy and regular reviews

The quantitative approach in the risk and compliance process consists of two parts:

  • Acceptance policy: new customer relations

Via an automated process in which different sources (Companies House, the internet, data from banks and insurers and reports from data providers) are consulted, a check of all new customer relations is performed. What are a company’s activities? Is it creditworthy? Have dubious matters in the past been detected? Is the company located at a ‘risk address’ where many companies have already failed?

Via this automated process, a distinction is made between new customers that show little risk of fraud and customers that show a greater risk of fraud.

  • Regular review: existing customers

It is also strongly advisable to check all existing customers for their fraud risk. This starts with a zero measurement, in which a check is conducted of each business partner in the same way as for new customers. The customers are then classified according to a particular risk profile. The company itself draws up the guidelines for this. For example, a choice can be made to divide the business partners into three groups: low risk, average risk and high risk. How often each group will be screened is then decided internally.

On the basis of this quantitative check, an important selection can be made on which companies would be best to deploy specialised external partners. Only the companies that deviate from the standard require further investigation (see the qualitative approach).

Qualitative approach: the power of common sense
After the quantitative check comes the qualitative check. The companies that have not ‘survived’ the automated screening are investigated in more depth, in order to determine whether the increased fraud risk is correct. By working in this way, you ensure that your staff can concentrate fully on what you employed them for: to detect the real fraudsters. But what exactly does this qualitative approach involve? In short, it is where the common sense and energy of the risk and compliance staff is utilised to the full. They are instructed to search for the reasons why a company differs from the standard. Why has it changed address so often? Why does the manager anxiously try to remain anonymous? Why was the annual report filed twice?

The only way to answer questions of this kind is to discuss them with the companies concerned. Call them. Make an appointment with them. Only then will you really find out how things stand and be sure that you are not dealing with a fraudster.

Where there is ‘smoke’
In today’s business world, the old adage of ‘where there is smoke, there is a fire’ rings true. It is therefore imperative that companies deploy their best employees where smoke can be detected. For it is in these files that there is a high chance that fire will also be found. Identifying fraud might be likened to looking for a needle in a haystack, but with an improved approach to risk and compliance, the majority of that hay mountain can be eliminated right away.