Words by Ben Jordan
Having exposure to risk management in numerous business sectors, verticals and jurisdictions over the past 20 years has been a journey of learning to play both good cop and bad cop with my professional thinking caps. The prolific statement "fraud and risk are like water – it follows the path of least resistance" is accurate. Governments, regulatory bodies, merchants, and financial institutions are essentially caught in a cat and mouse game with fraudsters – putting controls in place while understanding that in the dark there is an army of well-versed experts looking to exploit the next lucrative vulnerability.
My greatest mentor once told me "Everyone can have no fraud, but they won't be a successful business". This has stuck with me through the years. Whilst this is obvious, balance is key. If user experience suffers greatly from your controls in an online B2C environment, you lose money. If your controls are inadequate or ineffective, then the issues will only snowball as you become known in carding/fraud circles as a "weak target".
So, what has changed?
Both regulators and businesses have a much better idea of what risks are key to address. As a result of a reasonably unified best-practice approach being in place, customer understanding and a culture of KYC/EDD as a necessary evil for B2Cs have been somewhat established. A business peer who I heard speak at a conference, said publicly that close to 50% of his customers, in a Scandinavian market, actually provided their KYC documents before being prompted to do so. To the 2005 online business, this would be thought of as an unreachable nirvana. However, this is probably due in part to the ease through which the KYC process can now be conducted – if the process is easy and frictionless it becomes the norm. With the introduction of more stringent regulations, there are numerous global turnkey compliance providers that have been flexible in shifting with the regulatory and compliance environment and have worked with businesses to minimize abandonment due to their understanding of UX. Personally, I love to sit with new clients and map out their customer journey and help them establish the best-fit user experience for them to get their customers over this hurdle.
There is a disparity between KYC for banking and KYC for other businesses. The long and the short of it is that banks are perceived to have the right and have the trust of the general public to ask for sensitive data. Furthermore, people statistically rarely change banks – so there normally is a long-standing relationship and little churn. Someone once told me that less than 1% of customers who threaten to close their accounts follow through with it. Comparing this to iGaming, unless a client has a significant balance to withdraw, if they are very unhappy with a brand, I believe that percentage of change would be significantly higher. Factor in the prevalence of attractive sign-up bonuses for customer acquisition and you have a very migrant and fickle customer base. To summarize, players know they can migrate to more attractive brands/offers easily. With the lifetime value of a casino player being much higher than in many other online businesses, player retention is, as anyone who has even had meetings with a CRM team knows, vital. Savvy turnkey solution providers know this and have invested huge amounts of both time and money into user experience to minimize abandonment.
Cross-jurisdictional harmonization and AMLD4
Whilst there are some differences, for the most part, in the EU, we are all playing the same card game with some quirky house rules here and there. If you were compliant with the third AML Directive, being compliant with the fourth (after painstakingly reading through it) could be summarized very succinctly. It would require minimal operational changes and doing away with standardized due diligence. I am, of course, grossly over-simplifying this, but it shouldn’t have been a major staller for your business operationally. Each jurisdiction pretty much had the same interpretation save for a few markets who historically like being difficult.
Having a mostly harmonized format and approach facilitates entering new markets with a confident board and MLRO. This is a good thing.
Game-changer! Let us look at this at a high level: pretty much everyone has heard of Bitcoin/Cryptocurrencies. However, there is a gross disparity between those that have heard of them and those who understand what they really are. With a rising number of BTC/Crypto new-money guys shouting get-rich-quick advice from every parapet, it is not hard to see why many would have an automatic distrust. For every genuinely solid ICO, there are many trying to make a quick buck with little regard for future sustainability. However, those that do adopt are loyal, and in my experience, vocal advocates of decentralized currencies.
With many regulators still unsure of how to address and audit a decentralized ledger, it is my opinion that (much like what occurred in the early days of iGaming), the real big players out there will assist in developing the regulatory framework through establishing commercially viable procedures for them and the ideology, and then asking the regulators what more they should be doing. This understanding of social responsibility, before it becomes an operational show-stopper has historically worked well for those who were willing to invest in it before they had to – specifically in iGaming. This is an essential comparison as at the inception of online gambling industry, the same distrust prevailed and it was through the understanding of social and regulatory responsibility and the forethought of working with regulators to ensure best- practice approaches, that it has become a cultural norm.
The changing face of currency
Are cryptocurrencies going to replace Fiat in the near future? I was asked this question on a conference panel last year, and given my audience were crypto enthusiasts and I was speaking through my background in risk, fraud and compliance, I don’t believe my response was well received by many. Regulation has been sluggish for many reasons, and in turn, the market has gotten used to the idea that cryptocurrencies are free from due diligence.
When assessing key risk differences, the primary points of concern are, most likely, the same – money in, money out. Whether regulators decide the onus for due diligence lies with Crypto exchanges, Merchants, or both, having a provider such as Aristotle Integrity to ensure you future-proof your business with a turnkey, scalable solution is essential to safeguard you against punitive measures and ensures business continuity should the worst- case scenario come to fruition. There is a widespread belief that cryptocurrencies are anonymous. This is not completely true. Just because a currency is vaguely anonymous doesn’t mean your customer has to be. Just ask the Finnish gang that thought paying for their drug shipment in BTC was untraceable – although I don’t know the address of the prisons they are currently being held in.
Check out our latest events in the videos below: