The rise of the One-Stop-Shop

Quick thought: Have you looked at the Uber app lately? It used to look like this…

Photo by charlesdeluvio on Unsplash

Now, you’ll see something like this (March 2022)

Uber-connected in 2022

While the UX may not be for everyone, that’s not what we are highlighting here — it’s the journey that Uber took (or did the journey take an Uber?) from a ride-sharing service to a what-you-see-is-what-you-get (WYSIWYG) all in one service that is truly an interesting case study in strategic growth.

As I begin to think through this new reality, my mind invariably goes to our customers @Unit21Inc.

What if we applied the same principles to risk and compliance?

Unit21 was originally built with a mission to empower risk operators to take control of their controls i.e., manage their risk and compliance programs using a flexible no-code interface for constructing rules. Over time and with iterations, the service is beginning to take shape as a bit of a Swiss army knife in the space…

Why’s this a thing?

While the Uber example doesn’t directly lend itself one to one with a risk and compliance platform, the benefits do line up quite similarly;

In the above example, the Uber app allows me to…

• Get a cab from point A to point B
• Order food for pickup or delivery
• Order groceries
• Rent a car (for self-transportation).. All with a few taps from one app.

It is Uber’s play for strategic growth, shaping the customer’s perception of their brand — of movement being their lifeblood. Movement of people, goods and services, all under one umbrella!

Closer to home, PayTM, for instance would be a case for taking the experience too far — they’ll probably even sing me Happy Birthday if I scroll long enough..

PayTM karo…. but kya karoon?

How is this relevant to Risk and compliance?

Today’s customer base in the $214B/year space of risk+compliance is ever evolving, especially as the world moves toward Fintech ubiquity.

Every company will eventually become a fintech company — Angela Strange, a16

In that backdrop, the stats for fraud-related regulatory fines make for grim reading — a 33% increase in 2021 alone, with just identity fraud accounting for $56B in 2020. With new-age fintech customers in mind the, needs and use cases for risk tools such as Unit21 (while being a no-brainer) can still significantly vary from customer to customer.

Therefore, the only way to ensure that our customers have access to a scalable solution is through effective integration, ingestion, classification and utilization of the following types of data:

• Customer data (data they programmatically or otherwise provide to us)
• Third-party data (data we ingest through vendors/ service providers)
• System data (data we present to our users)

While we’re at it — who are our users?

In my mind, an oversimplified view leaves us with two user personas in Risk and Compliance

• A ‘configurator’ — that writes the rules/risk thresholds and defines organizational workflows; could be an admin, a risk manager, a compliance officer etc
• A ‘consumer’ — an individual that consumes data from our system; usually an agent or analyst

Infrastructure to enable risk and compliance

In the space of risk and compliance, having a tool that caters to every problem is infinitely difficult. Platforms like Shopify have relied not only core infrastructure to get businesses off the ground, they’ve also abstracted data and services from a huge selection of vendors. That is what is required for Risk and Compliance infrastructure — one of data enrichment for our customers, typically fintechs in varying stages of product evolution. Each of these companies could use one or all of our services in the following ways

• Bring new users into their product or platform using a robust and flexible onboarding journey using Identity verifications;
• Monitor transactional and event (such as logins, interactions) activity at sign-up and throughout the end consumer lifecycle. Build expressible, custom transactional risk models catered to any thresholds deemed necessary by their risk teams;
• Create and manage case escalation workflows for surfacing suspicious activity/ suspicious account signups to one or more levels of hierarchy;

Building a Case through data

• Use pre-ingested Identity risk signals (such as an Address Risk Score) to combine with event and transactional data for sophisticated rule building and case management.

All of these, in a risk and compliance infrastructure.

A key output of risk and compliance infrastructure should be to enable customers to spend less time on dashboards, and more time focusing on their core offerings and competencies, enabled through infrastructure that is scalable, automated and one that supports on-the-fly modifications.

What use cases are supported?

1. Custom operational rule models with customer data and third-party information; Our term for this is ‘Data Modeling’ — the ability to use one or all three of the above types of data to build scalable models for detection, flagging and reviewing suspicious and/or anomalous activity;

Transactions, unified

2. Link analysis to map out correlations between entities, and easy, one-click Enhanced Due Diligence (Enroll entity into a Block list, re-run KYC checks, enroll into ongoing watchlist monitoring, etc)

Correlations made easy

3. Reporting suspicious activities to regulatory bodies such as FinCEN

Reporting the anomalies

In conclusion, Fintechs need to prioritize compliance early in their growth process, and choose tools that grow with their needs. To enable a mutually beneficial strategic growth curve, risk and compliance rulesets need to be continually ahead of the curve — an effective way to do so would be to take a leaf out of Uber’s book — become an essential everyday service first, and then an industry-defining one-stop-shop for all things risk and compliance.