The RegTech Pulse

Lockstep Consulting - The Key Role of the Data Provider

LexisNexis Risk Solutions

This episode and the following description originally come from Lockstep Consulting's Making Data Better podcast.
 
A key actor in risk assessment is the data provider. These commercial operations aggregate and analyze the data produced by governments, enterprises, individuals, and even other data providers. All to feed today’s insatiable appetite for understanding who it is we are dealing with online.

In this Making Data Better episode, Steve and George are joined by Cindy Printer, Director, Financial Crime Compliance and Payments, at LexisNexis Risk Solutions. The company is a major data provider to government and enterprise; Cindy focuses her work on financial services firms and their need for regulatory compliance.

We discuss the granular nature of the data LexisNexis Risk Solutions offers its customers and the breadth of sources used to meet their needs. It’s astonishing.

Cindy makes the point, one we heartily agree with at Lockstep, that risk is specific, a concern for each individual entity and that the data required by each entity varies based upon its specific concerns. And that’s why LexisNexis Risk Solutions tunes the data services it provides to the industry segment and individual firm.

Sitting on top of such vast data resources and knowing the complications associated with deriving meaning from it all, LexisNexis Risk Solutions also provides analytical services that saves an enterprise from having to analyze the data itself.

This is a great conversation if you want to understand the data provider role, the scale of its operations, and its priorities. So take a listen.

DISCLAIMER: The information provided in this podcast is for informational purposes only and is not intended to and shall not be used as legal advice.  The views and opinions expressed in this podcast are solely those of the speakers and do not necessarily reflect the views or positions of LexisNexis Risk Solutions. LexisNexis Risk Solutions does not warrant that the information provided in this podcast is accurate or error-free.

Speaker 1:

The following episode originally appeared on Lockstep Consulting's Making Data Better podcast. You can find more episodes at makingdatabettercom. A big thank you to George Peabody and Stephen Wilson from Lockstep Consulting for hosting our own Cindy Prenter, for this discussion around the role of data providers.

Speaker 2:

Welcome to Making Data Better, a podcast about data quality and the impact it has on how we protect, manage and use the digital data critical to our lives. I'm George Peabody, partner at Lockstep Consulting, and thanks for joining us. With me is Lockstep founder, steve Wilson.

Speaker 3:

How are you, steve? Fantastic George, good to be here again.

Speaker 2:

I need a quick weather report, steve. What's the temperature down under the least of your part of it?

Speaker 3:

It's 7 in the morning and it's, let's say, it's 25 Celsius. So what's that about? 80 degrees, oh wow.

Speaker 2:

And Cindy's in Chicago, I'm in Boston. Yes, yes, cindy, I assume you're looking out at snow as well.

Speaker 4:

Cold temps and snow on the ground. So yeah, we won't see 80 for several months here, maybe July.

Speaker 2:

Yeah, exactly, exactly, all right, well, let's get started. So yes, cindy Prenter is with us Today. She is the director of financial crime compliance and payments at LexisNexisRisk Solutions. Cindy, thanks for joining us I'd confess, for joining us once again, which had to re-record this since I had a technical issue want to make this right.

Speaker 4:

Happy to be here. Yeah, thanks for having me back.

Speaker 3:

Thank you for Kaspela.

Speaker 2:

Yeah, for those of you who'd listened to us before, steve and I have a pretty hard focus on data quality and, as part of that and I know Cindy shares the same perspective that the risk owner, the party that's taking on the liability, taking on transaction risk, who, in the patch while of the identity industry, is called the relying party. They're consumers of data that Cindy's organization and many others provide and, of course, many of these organizations, many of our client organizations, also gather their own data sets. So we're really interested in talking about the breadth of data that Cindy has at her disposal to offer her clients at LexisNexusRisk solutions. So, but before we dive into that, cindy, why don't you, would you tell us a little bit about what brought you to risk and fraud as an industry and as a career?

Speaker 4:

Yeah, yeah, it's a great question. I suppose I always liked solving problems, solving mysteries, always sort of enjoyed watching movies or reading books that were mystery focused and not with any intent, but I really found myself as my career in Eval, putting that toward my career and using that now for the good of other people. Which really is what LexisNexus does, is we help organizations focus on making better risk decisions, better decisions around opportunities, by using data and analytics. So just by chance that I found myself using my personal interest in my career.

Speaker 2:

It's nice when those two things line up, isn't it? It's kind of fun. So Orient is a little more thoroughly, then, into what LexisNexus does, and especially the risk solutions group that you're part of.

Speaker 4:

LexisNexusRisk solutions in particular, does help organizations make better decisions in two ways both identifying risks for their organizations, but also identifying opportunities. And we do that to use some of your words, george, from earlier through our depth and breadth of data that we provide, as well as our advanced analytics and in the risk solutions group. I'm part of the financial crime compliance group in particular.

Speaker 2:

Help me understand who are your customers, particularly in your organization.

Speaker 4:

Sure, we have a wide variety of customers across financial institutions, so that would be banks, that's credit unions, that's just some of the financial services organizations that are out there, as well as corporates. So we service both financial institutions and corporates. We have a wide coverage geographically. We're really in 180 countries, so I think we're a little we're everywhere, george.

Speaker 2:

Before I turn it over to Steve and I bet you, this question has lots of answers. You know, I have one vision of you as a provider of raw data that is consumed by your enterprise, your large customers, who then take it in and analyze it themselves, versus what I would think is a significant amount of value add on your part where you're doing the analytics and saying to your customers this transaction, this particular interaction, this identification suggests you should be careful or go ahead and approve it.

Speaker 2:

You know, where is it the right question to ask you? Is there a balance between those two in terms of what you're seeing your customers asking you for?

Speaker 4:

Yeah, absolutely. We've made our legacy by way of data and so we've been providing this very rich data for nearly 40 years at this point and through evolution of our own business today and for many years now. But the difference between just being data provider to now is we offer solutions as well. Those solutions are pieces of technology, for example, screening, screening solutions so watch the screening solutions that help identify risks for organization, and then also it's how we deliver that output from that, and that kind of comes to that analytics piece. Is what does that mean? There's data, there's a solution to ingest that data and then there's output. So for us, it's that output is going to look a little bit different for every organization. So we have organizations asking for only data, but we have organizations that also look to us, recognize us as a leading provider of those analytics and also of those technologies. So we really have our customers using any variety of the data, the analytics and the technologies.

Speaker 2:

So that you can tune it based on what they're asking for.

Speaker 4:

It's all about the tuning, george, it is yeah.

Speaker 3:

So Sydney? That brings us to sort of design thinking. A lot of what we're doing in our work is trying to work out how to make data better. What are the questions that you need to answer about data? You've already used language around solutions and the let's call them information products that you have. Tell us more about the dialogue. What's keeping your users up at night and what are they asking for you or from you in terms of your feature set and your information products?

Speaker 4:

Sure. So at the heart of it, it's very, it's integral. It's key that the data our customers use and look to us for is credible and reliable. So they're looking to us to ensure that what we're delivering to them is reliable data, it's coming from a credible source. So, regardless of the problems our customers are having, it all starts with that credible and reliable data. But, that said, in the risk solutions space and financial crime compliance area, more specifically, keeping our customers up at night is regulatory compliance. The regulatory landscape has always been dynamic. It's always been a top concern. But in recent years, given the changes due to geopolitical events, technological advancements, various innovations, our change, the pace of change, the rate of change of regular regulations is at its utmost highest, and so for our customers, it has always been a concern. But it's almost risen back to the top, as one of the primary concerns is assuring that compliance, and that all starts with the data, the credibility and the reliability of the data.

Speaker 2:

How do you prove that? Casting no aspersions. But just because it comes from your company, you source it from somebody else. Clearly, how do you guarantee that provenance? How do you guarantee? The credibility, the currency of the data.

Speaker 4:

We've been sourcing data for 40 years, so our processes are highly structured, highly standardized. So, in short, we know what good looks like because we've proven it. We've proven it to ourselves, we've proven it to the industry. So we know what good looks like. So, as we analyze new data, aspects of data, we have a process for testing that and we have a process that we don't vary from. It's a proven process, and one of those steps is always comparing it against what good looks like. We have the benefit of knowing what good looks like, and so we're able to just constantly test, constantly compare. We have access to a lot of sources of data, so we don't have a problem passing on a source of data. We deem it to be unreliable, uncredible. But even if it's reliable and credible, maybe just not good enough up to our very, very high standards.

Speaker 3:

We are obviously preoccupied with fakes. Not to be too negative, we think that the data industry is full of good things, but given the prevalence of fakes and given people's concern about deep fakes and generative AI but consumer level, fraud has always been around how do you know who you're dealing with? Further up the food chain, with a lot of your sources and a lot of your clients being enterprise people, do you see fakes at that level? Do you have a lot of issues with, let's say, fidelity or genuineness of enterprise customers and data sources and so on?

Speaker 4:

Certainly our customers do. They're the ones that see the fake data. They are experiencing those very overt efforts to disguise identity, to present an identity person or an entity as something other than who they are. When someone wants to fake who they are, there are ways to do that, and so we have a constant goal of hoping our customers sort through that fake data. And that's a lot about the relevancy of the data, what's important to organization A versus financial institution B, so on and so forth. And so that comes with those analytic value propositions that we have, some of the technologies that we offer, and that is a little bit different for each organization, but we absolutely help our customers see through that fake data because it's very real.

Speaker 3:

And so the dimensions of quality that your customers are looking for. It changes from customer to customer.

Speaker 4:

It absolutely does. Yeah, each of our customers is serving a different industry, you know, or different industries. Some look like the other, but whether your financial institution coming and operating in a highly regulated environment, or a corporate, maybe not as tightly regulated, however serving a riskier customer base, what they're looking for, what I risk identifiers and what's important to those different, you know, organizations based on the profile of who they're serving, the regulatory environment that they're operating in means they're focused on different aspects of the data. So it's our goal and our objective not just to provide a product to a customer, but provide a solution like get to the bottom of what, what is their problem, and then work towards solving that problem.

Speaker 3:

It's so fascinating because we're in one of the tightest regulated, let's say, financial services. We're in one of the most tightly regulated sectors of the world and you'd think the things are uniform, and yet we deal a lot with KYC. Know your customer. Everybody does KYC differently, yes, and they've all got their own concerns, their own risk management habits, their own settings. It's fascinating how much diversity there is in a tightly regulated space.

Speaker 4:

It absolutely is, and every customer base looks different from your peers customer base and there is opportunity to leverage, leverage practices, leverage content. I've got a lot of talk now about data. Consortia is sharing data across organizations that might be anonymized, however, there are still indicators that can be shared. But the reality is, while there are practices that can be shared, the end of the day, it's really important that each organization is focused on what matters to them. It's not only about doing what your peers are doing benefit from that but you must be focused on your own organization and make policies and processes tailored to your organization.

Speaker 2:

I love that you're pointing at that, because it really underscores the historical failure of federated approaches that have hope to, for example, apply standardized data sets and processes for know your customer on board.

Speaker 1:

Yep.

Speaker 2:

Where you know the risk profile of one bank is very different from the bank down the street.

Speaker 4:

Yeah, never mind the credit union Right. Yes, and those standardized processes are our minimums. They should be looked at as minimums. This is what you must be doing, but there is more to do now, based on your risk appetite, your customer base, so on and so forth, what your particular problems are that you're looking to solve. So it is important to have standardization, but those are minimums and should be viewed that way.

Speaker 2:

I can imagine that you have a lot of data that actually endures for years and years and years, right? Someone's address or maybe their phone number or their social security number and birth number. But I think that's a good thing, right, those are generally close to life. Everyone has them Lifetime, Lifetime thanks. Just to drill a little bit, is there data that changes frequently that you guys have a hard focus on or you think you're particularly good at monitoring?

Speaker 4:

Data changes all the time. It all changes, quite frankly, even if someone doesn't. Someone's social security number is what it is, someone's birth date is what it is, but people move, they take new jobs, they get married, they get divorced, they have children. Gosh, we really took a step back and thought about all we each did individually in the last month, let alone the last 12 months or the last couple of years, if you recorded all those data points and changes in your life. Data is changing constantly and so our organizations are in you've. You've come into George, you've come into that, and KYC or CDD, customer due diligence, and, of course, I've mentioned regulations, sanctions, various watch lists. So that's a lot of what our customers are focused on is what are the changes in regulations themselves? But then how? What does that mean for the data that I now need to be aware of and track and ensure that I'm constantly maintaining it to be accurate enough to date?

Speaker 2:

You've got a real breadth of data available to you. I mean just a little little. Look at the acquisition history that Alan Harris has done fairly recently and you bought an email edge and ID analytics and fly real and others. Each of those companies have been focused on a particular problem set. Do you bring that data in and make it available to other subsidiaries within your organization? The more data, the better. Is sort of the default supposition on my part.

Speaker 4:

Well, now you've just complicated the question, george.

Speaker 4:

Yeah, that a whole new dimension to the question. In the first instance, when we're analyzing a business for acquisition, for example, it absolutely needs to lend to the question. It needs to lend to the core of what we do. That's coming back to improving the decision making ability on risks and opportunities, if there is opportunity to share that data within the organization in a highly sensitized way. We have parts of our organization that, for example, work with governmental agencies. That's a very secure bubble. Nothing goes into it. That isn't very highly monitored.

Speaker 4:

So that would be sort of like a random situation when we say no, but, for example, I'm in the financial crime compliance group and then we have our fraud and identity group. Absolutely, that's a group that's tracking a lot of digital activity or digital identity footprint, for example, mobile device, laptop, any kind of apps on a phone. So there is opportunity for financial crime compliance to marry our physical identity, our data, physical identity data, with that very digital identity data and provide a significant value to our customers. And so that's an example of where we do. We do share information. It's anonymized in most instances, you know, kept in, maybe like even a data clean room, and so access to it might be tightly monitored. So it's done in a very secure way. But where we find opportunity and we're always looking at that of how can we provide a better outcome for our customers then we will find take that opportunity to share information or data within our organization.

Speaker 2:

Since this culture of ours is becoming largely digital, I imagine you anchor a fair amount of your analytics. Going forward is when the kid gets their first mobile phone Absolutely.

Speaker 4:

Absolutely. I mean, think about what age now do children? I have nieces and nephews and I think they're like eight and 10. They don't have their phones yet with cell service, but they have iPads and so they're using those you know devices, and they have a digital footprint. Someone out there knows they're online.

Speaker 4:

Yeah, they're online and so that's really an opportunity for benefit to some of our customers. And then that's maybe a child and at that age, but even someone that goes to college let's say, bump up the age a little bit that doesn't have a credit card yet, but they do have this digital footprint. Well, how do you provide credit to someone who doesn't have credit, like it's got to start somewhere, may not have a parent to co-sign for them? This is where some of the data were able to use and turn that around and actually provide a situation where customers can can really provide a great opportunity for someone young that only has a mobile digital presence.

Speaker 2:

I've seen similar kind of decisioning in developing markets, where the metadata around how a mobile phone is used, for example, that actually provides good information with respect to is this potential customer Going to pay their bill on time?

Speaker 4:

Yep risky or not risky Yep.

Speaker 2:

Right which got even got down to. Does this person charge their mobile phone on a regular basis or does?

Speaker 4:

it run out of power and they have to reestablish them yeah Never charge it to 100 percent, George, that dies down the battery earlier than it needs to.

Speaker 2:

I'm guilty of that. That just means I just don't move around very much.

Speaker 3:

So that reminds me of that sort of modern parenting experience that certainly most of us had had without teenagers, like financial literacy, and I remember encouraging, against my best instincts, my teenagers to start thinking about credit cards and getting into the system and having a credit rating before it's too late, I hope these days, I mean, some of that stuff gets creepy, george, but these days there's certainly got to be better data available to make credit scoring for teenagers as they grow up, but that you know.

Speaker 3:

Segue to privacy Cindy, our privacy business at Lockstep has got to do with design thinking and we ask people to think about what. Do you really need to know about people to deal with them? That sort of identity Privacy is like what is the least amount of information you need to know about somebody to still deal with them. And these days in your industry there's so much natural drive and selection pressures to know more and more, so there are some interesting tensions there. Can you talk to us all about how your business looks at those tensions? To minimize data and yet minimize data in the interest of privacy and yet get the sort of precision that your customers need for risk management?

Speaker 4:

It's not about more data, more data that's going to enable me to make a better decision, a more accurate decision. It's about looking at the best data, the relevant data, and I used that word earlier. I don't want more data, I just cut through the noise. I want to see the data that's important to me, whether that's alias data, someone trying to master identity, or whether it's we use that fake data, or whether it's the real data. I do want to see that all.

Speaker 4:

I want to have the capabilities, the analytics to poke through what the fake data is, get to the good data. But I want to know that fake data is out there as well, because now I can identify that person as risky. But too much data and I'm not going to know what to do with it. For us, we have an approach, we have a scoring methodology. It's called the Exposure Index and it's something that we've created and it's something that we enhance. Even open source data, like a watch list data, we enhance it with this exposure index that tells an organization how relevant is this Steve Wilson record to the Steve Wilson that's in my database? Are they the same Kind of common first name, semi-common last name?

Speaker 1:

There's a lot of us.

Speaker 4:

Yeah, in even George Peabody. That might be a common name. Mine is not so common. Yeah, it's poking through that. What's relevant to me? That's one of the value ads that we provide, but also really important for our customers out. There is something very, very valuable to them.

Speaker 3:

We know about the enormous burden compliance burden, reporting burden that banks have at the moment. I've recently heard that compliance cost has tripled in the last 10 years for business in general and it's worse than that for financial services and banking. This is all about data, isn't it? Suspicious matter reporting, AML obligations businesses need to be really sharp in the way that they test for suspicious matters and detect suspicious matters. What's the state of the art from your perspective, Cindy, about the signals and the products that help people detect suspicious matters and so on?

Speaker 4:

It's a great point because, regardless of what data you're looking at and really you're going to be able to identify suspicious data, if it's entity related Something specific like that KYC data, that CDD or customer due diligence data, whether that be on an organization, if I corporate or a person it's really utilizing that entity data and looking at behaviors of that data. Does this look normal? What's normal? I'm a college student. Am I going to Taco Bell and 7-Eleven using my money and transferring funds digitally, or am I transferring money and then out of Cuba or something?

Speaker 3:

Some of this is just like it's context, isn't it? It's context, normal varies from one customer to another.

Speaker 4:

That's exactly right. It's the data. It's how you analyze that data. Again, this comes back to a little bit of common sense what makes sense for my customer base? That's where we see that variation from business to business.

Speaker 2:

I've worked on push payments quite a bit in my past life. I'm super interested in the problem of authenticated push payment fraud. Of course we're seeing that lots today with scammers tricking people to send money to them. Yes, Cindy, it really intrigued me to see that you are offering a service here called Confirmation of Payee, which I saw that title, I went. This is really interesting because a lot of these payees are bogus or they're certainly scammers who are actually controlled a legitimate bank account. I'm very curious of what it is that the Confirmation of Payee does.

Speaker 4:

Yes, what you're referring to is a solution that focuses on detecting authorized push payment fraud. It's that fraud, of course, being the key part. You even mentioned it. It's authorized. Someone is originating that payment and saying I want to send this payment to George Peabody but, by the way, someone is posing that they've taken over your name, but it's really their account number on the other end. So they've represented themselves. That's one situation. Or they've just represented themselves as charitable organization, playing on the good heart of someone in society that agrees to send their money and turns out it's a scam that's not going to charitable organization. No text write off for you.

Speaker 4:

We offer a solution that matches. It basically validates the identity of the intended receiver and what it does is it matches account information. So this is always. This solution focuses on bank account to bank account, so account to account. It doesn't involve its digital payments, but not credit card payments, and it's all around verifying who is receiving. Is that person says who they are the owner of that bank account on record, so there's a check that happens in the background with our solution. It's called Validate and Safe Payment Verification. It's an API, it is seamless to the sender and it's typically a corporate who would license it and they've installed this API in their payment process and they're just running it in the background. It happens in less than two seconds but what it does is it stops a bad payment before it's ever sent. The situation of authorized push payment it's someone's authorized it and they're liable for that money. Like that poor victim never gets their money back.

Speaker 2:

So your service might. For example, if a fraudster or a scammer has gotten a hold of well, they've got a legitimate bank account. You're checking as to whether that bank account matches up to the name of the scammer?

Speaker 4:

Yes, Yep Matches, so owner on record matching with that bank account and there are a couple other checks that are happening because keep in mind that the sender is also still validating identity and our solution does also that it validates the bank and the address and some of those other data points that are just really important to be accurate to make a payment but also make sure it's going to the intended recipient.

Speaker 2:

I'm curious are any of the customers who are actually using the service? Are they giving a thumbs up to the sender to say is past, our checks Go ahead?

Speaker 4:

No, it's really the opposite. When it doesn't go through, they're going back to that sender to say, by the way, we didn't send this payment, it was being sent to an unintended party. And it's saving that sender money, but also the entity who's also sending the money not just the originator, but the originating entity. There's a lot of money involved in these failed payments and these fraudulent payments, so it's doing a couple of things. It's not just about saving money, it's about stopping fraud, it's about detecting and preventing fraud.

Speaker 2:

That's fraud today. Let's wrap up with a little discussion about what you're seeing as the future of fraud, and particularly with respect to. I'm always curious how are regulators possibly keeping up with technology, with the evolution of fraud, now that we have? Obviously the poster child of this concern is generative AI. That's got to be high on your work schedule.

Speaker 4:

It is. In fact, we recently issued a company-sponsored statement couple statements, but a company-sponsored statement on our use of AI, and we take it very seriously. There is some form of AI that has been used in some of our products for years, but this generative AI in terms of a regulated space is something that must be used in a very, very measured way. We realize there are benefits to it and we realize it's going to get used in some of our solutions over time. I'm not here stating it will or won't, but it's certainly an aspect that LNRS recognizes and that we look into and we're answering to. We want to provide the best solutions for our customers that may or may not involve AI over time.

Speaker 4:

There are other ways for us to advance our products. Things like I mentioned earlier, this consortia, just consortia of data, that sharing of data across businesses and industries, across customers, across your peers. So there's a very real opportunity there. That's just another way, not an AI-focused way, but another way where advancement is happening. Regulators recognize the benefit of that, and so it's very much supported. Some of these are very much supported by regulators, and so we try to work hand in hand with them as the industry advances.

Speaker 2:

So let me be clear on that LNRS is actually actively supporting data sharing across organizations and making data networks available so that the experience of all of these parties can be pooled and I assume your analytics capabilities can be applied to enrich the overall result.

Speaker 4:

Yes, so that is happening in some aspects of our business, especially in some of our digital businesses, our digital data that we provide Anonymizing data, and it's always anonymized, it's always protected Data privacy. Data security is a number one concern for us, but there are some areas of our business where it is supported by our users. It's a contributory model, very aware of the fact that their peers are contributing data as well. It's anonymized and it's reshared out for the good of stopping fraud, of preventing financial crimes, terrorist financing, money laundering, and always for that goal of doing good.

Speaker 3:

That's great to see. We've always been struggling with what's essentially a tragedy. The commons haven't we? With siloed businesses, competitive businesses, understandably, the natural thing is to hold that data close, because data is like the crown jewels. But more and more willingness and more and more understanding of that need to share experience and know-how and intelligence that's so fresh it's good to hear, cindy. Thank you.

Speaker 4:

Yeah, things done in a responsible way can do a lot of good. It's always focusing on being responsible about that use and sharing of data.

Speaker 2:

Well, we'll leave it there, Cindy. Thank you so much for joining us on making data better and for coming back.

Speaker 4:

We're really Lovely to be here, John, and then I hope I get another opportunity.

Speaker 3:

Oh you will.

Speaker 2:

Yeah, let's do that we look forward to it.

Speaker 4:

That'd be great.

Speaker 2:

Thanks again.

Speaker 4:

Thank you Bunu Robbre you.

People on this episode