Journal|||Behind The Scenes

Why We Built Compliance

Image of Eric Greenstein
Eric GreensteinProduct

On Monday, we announced our Compliance product to make it easier for companies to build and manage compliance and fraud programs. With Compliance, AML compliance and fraud prevention is built into payments from day one. Sign up for our early access program.‍

The Challenge

At Modern Treasury, our mission is to modernize money movement. We build payment operations software and make it easy for our customers to partner with banks so they can focus on their core product and customers.

Building a compliance and fraud program is a necessity, not an option. Companies building products to move money have avenues for fraud, and are subject to Bank Secrecy Act (BSA) regulations designed to prevent money laundering and terrorism financing. Banks require compliance programs to underwrite customers for transaction banking.

The issue is that setting up a strong compliance and fraud program is a complex task—one that can delay time to market. Compliance is not a core competency for most businesses, and it can be a headache to manage the continuously evolving federal, state, and international regulations. Companies typically integrate and manage multiple tools from disparate vendors for compliance and payment operations. This requires engineering work and leads to brittle systems prone to downtime. We have seen how navigating bank diligence can be a time consuming process, particularly when companies have not yet developed compliance programs.

The performance of compliance and fraud programs can greatly impact the bottom line. Companies face severe fines for money laundering and sanctions violations—the Financial Crimes Enforcement Network (FinCEN) handed out $1.6B in fines to 55 companies and banks in 2021 for violating them. We have seen customers become liable for hundreds of thousands of dollars of fraudulent transactions. False positives mean legitimate users cannot onboard to platforms, leading to lost revenue. Lack of automation results in time spent manually reviewing cases, a significant operational cost. Customers often face these issues because compliance and fraud projects are not prioritized relative to others that seem more central to the business.

We looked at what existed in the market and found no option that solves all the problems above. While some newer compliance solutions provide user onboarding and transaction monitoring, they are not tightly integrated with payments out of the box. We saw an opportunity to help customers get to market faster, maintain compliance, and minimize fraud, without the heavy lifting typically required.

The Solution

We have listened to our customers and developed a comprehensive compliance offering that is fully integrated with payments. Our product makes it easy to stand up a compliance program and get approved by bank partners, enabling companies to go to market faster.

Customers can focus on their core business and not on evaluating, integrating, and managing disparate solutions. With Compliance, add user onboarding and Know Your Customer (KYC) checks to an app within an afternoon and enable transaction monitoring for payment orders by changing one parameter on API calls. We will eliminate situations where companies face compliance violations or fraud because they have not been able to prioritize these critical projects.

User Onboarding

Under BSA / AML regulations, customers are required to make an effort to understand the identity of their users, implement risk-based procedures for customer due diligence (CDD), and ensure that customers are not on any sanctions watchlists. Additionally, user onboarding is the first place where customers can catch fraudsters who may be using a stolen or synthetic identity.

Customers first need to collect information about their end users, such as name, address, and tax identifier. We have built a user onboarding flow that can be easily embedded with a Javascript snippet, saving valuable developer time.

We run a wide variety of compliance and fraud checks and use hundreds of indicators to evaluate risk:

  • Database validations: Does the user information (e.g. name, address, phone number, email, SSN) match other records (e.g. from the SSN, DMVs, credit bureaus, telecom companies)? These checks can help find identity theft or synthetic identity fraud.
  • Sanctions and adverse media: Is the user on any government watchlists (e.g. OFAC / SDN / PEP), or have any adverse media hits? These checks help find any potential compliance violations.
  • Behavior biometrics and device intelligence: How is the user engaging with the onboarding form, what devices are being used, what can we learn from the IP address? For example, users copying and pasting their names into the onboarding form, evidence of device emulators or users changing devices between sessions, and VPNs are predictors for fraud.
  • Email validation: What can we glean from the email domain and email address? For example, new domains or evidence of similar emails being queried in a short amount of time are suspicious.
  • Phone history: What can we learn from phone records? For example, VOIP numbers, no activity, or activity coming from high-risk countries are indicators of fraud.
  • Bank history: What can we learn from the bank account records? For example, OFAC warnings or a history of returns are risky.

Risk is judged using a combination of machine learning and rules. We use data from many customers, which improves the accuracy of the underlying detection models. Customers can create rules to further tune their compliance programs, lowering false positive rates and improving automation.

If users are approved, Modern Treasury will automatically create counterparties. Customers can also use our onboarding flow without running compliance checks, enabling them to move money without storing any personally identifiable information (PII) on their servers.

We also have a robust roadmap of product features, including KYB, document and selfie checks, and improved integration options and customization.

Transaction Monitoring

Another core requirement of BSA / AML regulations is ongoing transaction monitoring to find instances of money laundering. Money movement patterns can also be used to detect account funding fraud, account takeover and payment fraud, and more.

We have built a transaction monitoring system where payment made with Modern Treasury can be monitored by changing a single parameter in an API call. This is an incredibly easy way to improve compliance and reduce fraud without needing to integrate another vendor.

Transaction risk is similarly judged using machine learning models trained across many customers. The rule engine comes with pre-configured rules, and the various signals used by the AI models can be leveraged to create additional ones. Before deploying rules to production, customers can test them in shadow mode.

In the future, we will enable customers to file currency transaction (CTR) and suspicious activity (SAR) reports to simplify workflows.

Case Management

While customers strive for as much automation as possible, there are situations where manual review is important. We have built case management capabilities, so reviewers can be notified about new cases, and use a streamlined dashboard to make quick decisions.

Case decisions are recorded in Audit Logs for inspection.

We are looking into features that will enhance case management and analytics capabilities, such as commenting, case tagging, and dashboards and reports.

Try it Now

We are delighted to share that Compliance is available as an early access release. To register, visit our Compliance page.

Share

Copied!