November 10, 2022

Diligence Investigate: Know Your Customer

“Hey, can you check these guys out for me? I’m thinking of partnering with them and need some more information.” 

“You have business data, right? Can you tell me about this guy? He says he runs a small investing company but I’m not sure.” 

This is how Diligence started – pretty much everyone knew we were gathering public business information at a fast pace and were making noise about “hidden connections.” That was all they needed to guess we could get them an edge in their investigations.  I probably had demo’d the Bubbles to them at some point and gave the impression we could get anything (we actually can, but I didn’t have full proof of that yet in early 2016).   

These started as onesie-twosie requests for friends, and a pattern quickly emerged. The companies they were asking about were typically small operations, maybe a sole prop or a side hustle run by a junior investment banker - with no typical business registration. It’s especially hard to find info on these shops, there are often no websites or tax registrations either. Bigger firms were known and you could find them with a simple Google search or a check with the SEC. 

But these ones? Digital Silence. If we could just get at these firms, I could see a product forming out of this. 

And, it did. This is Diligence Investigate. And here’s my intro to how it works for Know Your Customer (KYC) efforts. 

Exhausting, on the road to Exhaustive 

Everyone who does business has a digital exhaust (tip of the hat to you Shaun D., I still use that term!). So eventually even hidden companies will show up. It might be transactions that become open data, a licensing board, a membership in a business association, or a twitter reference. If you’re doing business in the digital economy, chances are you’re leaving a public trace. And those are the links we started following. 

Given enough time and enough data we approached our early concept of Expanded Investigations for the digital age. Find it all, link it together, and model it to find who you’re looking for: who’s risky or rewarding, who’s in need of further review before engaging. 

And the good news? The same approaches used to find links for small companies are really good at finding hidden connections for large companies, too. 

Expand Your Search (or, the Myth of the Single Source) 

One of the first things we talk with customers about is the need to broaden your search. Pick any global data provider (including and ask them:  what’s your hit-rate? You’ll get a range of figures from 80% - 95%, and a lot of caveats. That’s natural to anyone in the business - there is no complete database, and no such thing as a perfect hit-rate. That’s one reason why nearly all companies we work with use multiple data sources. 

Observing what our early customers did to resolve investigation cases, we found this common approach: 

  • Search our primary provider 
  • Get everything we can find (names, other companies) and search the provider again 
  • Go to our secondary (and tertiary) provider and search each of the things we found until we find enough info 
  • Google it to fill in gaps 
  • When needed, escalate back to the business to ask for manual input 
  • Make a report, noting what you found – and take a reasonable risk decision based on the info you didn’t find. 

Now, this process can generally satisfy requirements but it can be SLOW. As in, an average of 30 minutes for a simple case slow.  And you might still have gaps in the results. And you’ll often pay a premium price for the sources. 

We know that certain sources have specialty focus areas, whether that’s by geography, type of business (public/private/certified), or even business category. If you’re working in a certain sector like manufacturing or licensed professionals you may well find a source that meets most of your needs most of the time. But if you’re doing work across sectors, in multiple geographies, you really need to do this instead: 

Query as many sources as possible. At the same time. If there’s an innovation we’ve brought to the market with Diligence, it’s this – we look at every source in parallel (sometimes in series if the customer requests a “waterfall” approach). That brings as much data possible back to the investigator for quick triage, allowing for an instant view of the big picture. The issues pop out instantly, and you can make a decision to move on or dig deeper. 

A broad search case with public and private data, some names and sources redacted.

In the case above we found 14 sources with references to the company. All were searched at the same time to bring back the complete picture of the company. This search included: 

  • 5 Federal sources 
  • 3 Proprietary sources 
  • 2 Internet sources 
  • 2 Paid Third Party sources via API  
  • 1 Global Sanctions Open Source 
  • 1 State source 

At this point, the user has spent about 1 minute triaging the information to get to a “Pass.” TBH, this record could probably have skipped the 2 paid sources but the customer’s process still has validation steps with the provider. No issues on our side as we connect with most of them today but the customer will likely find ways to reduce some paid calls in the future. 

Scoring Using Standard Frameworks 

Many companies follow a certain regulatory regime for investigations based on the industry or country they’re in. It’s been a great learning experience for us to map these protocols to the types of data available and the risk tolerance of the companies we work with. We enjoy providing road-tested approaches based on client work in similar industries like Banking (FinCEN), government contractors (SEAD 4 review of Security Clearances), and global finance (EBA). Another example of many here: 

Red Flags for Cannabis 

Given the number of jurisdictions offering or contemplating Cannabis licenses there’s a growing need for investigations on companies in and surrounding the sector. There are still banking, professional service, and insurance companies that are avoiding this market because of the additional review requirements and the patchwork of regulations between State and Federal governments in the US. We’ve enjoyed making this process a bit simpler to conduct for our clients. 

The Bank Secrecy Act Cannabis Guidance proposes a broad review of the related parties for an account involved in the sector.   

By using “the Bubbles” along with our customizable scorecard, a company can demonstrate review diligence and provide service to this emerging market.  A unique ability of the Diligence Investigate system allows for review of records on both the subject AND connected parties linked a certain number of “hops” from the target. 

The Diligence Investigate Scorecard is both a requirements artifact and an entry point for customer configuration within the system – useful for both Compliance Review and scoring updates.

Even though we’ve seen some of the common regulatory regimes, we know there are more out there. As a custom tool Diligence Investigate has a standard way to roll out new tweaks, filters, and process flows based on what our customers need.   

Large Volume Link Reviews – Focus on the Big Stuff 

One of the best things about having so much linked data at our disposal for Diligence Investigate is trend identification. We can do this once we understand the entities more deeply. We do a lot of assessment of “likely vectors” for fraud or red flags as a way to prioritize both investigations AND the use of paid 3rd party sources. 

For instance, here are the top medical fraud categories based on Medicare Alerts registered with the US Department of Health and Human Services, cross-correlated with specialty license data from the providers: 

  1. Diagnostic Labs 
  2. Home Health Care 
  3. Chiropractors 
  4. Dentists 
  5. Doctors 

If we’re just looking at the HHS data or sanctions lists, we don’t get the license information with the type of medical business. But add in the license information from a secondary source and you’ll figure out who these providers really are. If you’re doing bulk investigations on medical providers, you really need to know that the Blood Lab is 9x more likely to be hit with a fraud finding than the doctor’s office. Linked Data tells you that, and maybe those higher-risk categories are sent to the paid 3rd party source for secondary validation. Would be a nice savings strategy down the road. 

Wrap Up that Review, and Get Started 

We’ve learned a lot about the data and review side of the Investigations process over the past 4 years since the original DoDiligence launch. (There’s also a broader backstory about how we were able to get several competing providers into the same room for discussions on API access, scorecards, and which markets were ripe for this product. Suffice it to say that even tough competitors can end up as friendly companions on the journey towards better data.) 

I’ve saved the best part to the end – Diligence Investigate is both an online product and a White-label solution, so it’s available in both our own cloud installation and through partner relationships with high customization. 

And the data and scorecards powering the system can be used today via API to allow plugins to your own portal. We’re proud to have our data power some well-known workflow portals systems for KYC around the world. 

If you’re interested in speeding up your KYC process, let’s talk about which solution is best for your needs. 

Happy Investigating! 

386 St. Paul Street Suite 102
St. Catharines, ON L2R 3N2

2235 Sheppard Ave E SUITE 902B, North York, ON M2J 5B5

260 East Main St. #6000,
Rochester NY 14604

701 Ellicott Street,
Buffalo NY 14203

envelopemap-marker linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram