Category: Nieuws

Businessman in time management concept

Set an alarm to prevent problems

T

he headline of this blog seems like a no-brainer for entrepreneurs, but if you think about it, you realize that in practice little is done with alerts, or notifications as we call them within Noctua.

If the alarm doesn’t go off in the morning, there are all kinds of consequences, including arriving late for work, delayed appointments and possible delays. This underlines the value of alerts or notifications built into the Noctua software. It keeps the organization sharp and therefore alert and active.

Of course, an organized Know Your Customer (“KYC”) process is still essential in addition to the alert function. An alert or notification is nothing more than giving the go-ahead for additional research. Thorough research is only possible if a qualitative process has been set up for this.

What are notifications or alerts within the Noctua software and where else can this be used? Three examples.

Example 1. Relationship management and ISO standards

ISO 27001 and 27002 have a separate chapter devoted to relationship management (customers and suppliers). Logical moments for customer or supplier contact are from the ISO standards, change of ownership, change of management, relocation or filing of inability to pay. In practice, however, this is often not noticed or noticed late and sometimes not at all.

“ISO relationship management alerts”

An alerting system can therefore be a very useful obligation within the ISO standard. An interesting example for an alert is for not filing annual accounts, while one is obliged to do so. This is indirectly included in the valuation of the creditworthiness of companies, but in many cases this is only seen when it is too late. Not filing the annual accounts or not filing them on time is often a signal that something is wrong. Time for the account manager to take action or, for example, to adjust the payment conditions with the customer.

Conclusion, having a software system with alerts on specific changes in the Chamber of Commerce is good for obtaining and maintaining an ISO standard and at the same time adds something useful to the business and protects it.

Example 2. Alerts for Industry Pension Funds

The Dutch industry pension funds (“IPF”) must report this to the Dutch UWV (UK: Jobcentre Plus Office) in the case of a bankrupt company and submit a claim for the pension contributions not paid by the employer. The importance? If the employer owes pension contributions to a pension provider on the basis of a pension agreement concluded with the employee, the pension contributions for no more than the year immediately preceding the date on which the employment contract was terminated by the trustee will be reimbursed by the Dutch UWV.

Setting an alert to the companies affiliated to the IPF prevents bankruptcy bypassing the management of the IPF and ensures an adequate response.

Example 3. Municipalities and money laundering

Criminals in the Netherlands do around € 13 billion of money laundry  annually, according to research by Utrecht University. https://www.banken.nl/nieuws/22016/jaarlijks-wordt-13-miljard-witgewassen-in-nederland

The Promotion of Integrity Assessments by Public Administration Act (so-called Bibob legislation) was established in 2003. The aim in the Netherlands is for municipalities, provinces and ministries to assess the integrity of holders and / or applicants for permits and subsidies. For example, the permit for a catering facility is always checked by the municipality.

Alerts are essential here, in the event of changes of ownership it may be that criminal organizations take control of the company and thus enable money laundering, for example.

Conclusion

The Noctua software offers an active and dynamic setting of alerts within the software. We see two types of alerts: a dynamic and an active alert.

Dynamic

When performing a survey by the user of the software, a red sphere is added to one or more of the found entities. This means that certain conditions set within the software are met. There may be something wrong, the user is automatically alerted. This dynamic mechanism replaces many searches so that the researcher can conduct research efficiently.

Active

An active alert has two variants:

  1. An alert is sent to one or more investigated entities and a signal is issued if there are changes in the structure of shareholders, management or address. This can optionally be linked to PeP (Politically Exposed Persons) and sanction lists.
  2. Some sources pass on their updates, these are captured by Noctua, matched to an investigation and that also leads to the sending of a signal.
With the alert functionality of Noctua you prevent fraudulent activities in the future!

Coronavirus Covid-19 background - 3d rendering

Impact Covid-19 on KYC in perspective

T

he Covid-19 pandemic has a strong impact on the economy and the way people work. Working in the office is not recommended by the government and it looks like this will continue for a while. Work continues unabated and it has been busier since the lockdown was lifted. In many cases, working from home appears to have a positive effect on the amount of work done per employee (no traffic jams, little distraction). Many companies have now realized a transformation, whereby employees permanently work from home.

The transformation to working from home makes technology that facilitates working from home (without compromising on quality) favorable. Especially with something crucial like KYC! A Software as a Service (SaaS) solution is then necessary.

Noctua and working from home

A big advantage of Noctua; the software against fraud and crime, is that working from the browser is fully facilitated. No special application or software is required. This makes working from home very easy. Log in and work!

Browser based access

Via the browser there is access to the databases and the software, which are in the Cloud, based on the SaaS principle. Of course, the software can be installed on your own servers, if they are connected to the internet.

All actions of the user are registered and the obtained data is saved. This information is separate from the report being drawn up. The data on how the information was obtained (the searches and actions) is information that is often missing in a report, but it can be decisive in a legal conflict.

Example Belgium

We Dutch look from our Dutch perspective, but what does this mean from a Belgian perspective?

The banking landscape in Belgium is different than in the Netherlands. In Belgium, personal contact is more important, a cultural difference. The result is that there are more offices and employees at the Belgian banks to support personal contact. Covid-19 therefore has a greater impact in Belgium:

  • bank staff have to work from home
  • clients conduct business online without personal contact

The consequence is that the reduction in offices and staff that started in 2007 has now accelerated in Belgium.

Law of the braking advantage

Belgium has the most bank branches per capita worldwide.

The law of the dialectics of progress applies here. Belgian consumers are forced to do business online in this Covid-19 crisis. The 12.2% decline of the Belgian economy in the 2nd quarter of 2020 therefore does not apply to e-commerce. This offers the Belgian banks the opportunity to automate faster with proven software, which has passed the experimental phase. The latest IT resources can be deployed to facilitate working from home. 

The rapid turnaround, because the innovations are already available in other countries, will mean that Belgian banks will become more profitable in the relatively short term.

The Dutch situation

Now is the time to take action in the Netherlands (and maybe also in the UK). There may be a technological advantage, but not everyone has their affairs in order. The KYC process is often not set up as a whole, with the result that there is no flow within the total research. Dividing the research into independent units that each do their part, so without a central location of registration has serious disadvantages:

  • Not efficient
  • Difficult to get all the data together
  • Legal evidence is missing (audit log of the entire process)
  • Difficult or impossible to carry out the research via home work

The KYC process should be set up sequentially, with most of the research being robotic. The ‘high risk’ cases trickle down to a part within the software (formerly department / unit), which is designed for in-depth research. If there is a high degree of urgency, it must be possible to work on 1 file with several employees, all from their own home workplace. All this is possible with the current technological state of affairs.

Working from home is a necessity for now and in the future, so arrange that properly. For example with Noctua!

Gold bitcoin coin

Is the Bitcoin really anonymous?

For Noctua, the complete Bitcoin (“BTC”) database is available with all transactions from the start. The advantage is that it allows a simple and deep search for the flow of transactions and the IP addresses from which they took place.

Background Bitcoin

The design of the BTC protocol was the result of libertarian anarchist ideas. Confidence in the financial world had fallen sharply in 2007, which caused BTC to take a strong wind. The developers of the protocol made it accessible.

Government control is lacking, BTC and other alternative coins are not under the supervision of central banks. Abuse by central banks is therefore not possible, is the underlying thought of the developers.

Of the many new possibilities that the BTC offers, the accessibility is the most discussed. The fact that anyone can create an account without an identity check for minimal costs is unique. The moment other currencies are exchanged for digital bitcoin, the buyer’s account number is known. This makes the bitcoin pseudo anonymous. However, this is difficult to determine.

The (pseudo) anonymity means that criminals make extensive use of BTC to launder money and carry out cross-border transactions.

Supervisory authorities and central banks (e.g. the Netherlands Authority for the Financial Markets, the European Central Bank and the Chinese central bank) have long warned against the use of BTC for speculative purposes. Research into the transaction patterns at BTC shows that BTC is mainly used for speculative purposes by private individuals and not as a payment method.

Advantage of the Bitcoin database.

A practical example: the police have confiscated a computer or mobile phone from a suspect of criminal activity. The account has BTC addresses as well as transactions from BTC. These BTC addresses can be loaded into the Noctua software to find other connected persons, partners of the suspect. The transactions do not disappear from the BTC ledger, so tracing is still possible years later.

Other databases?

There are other databases on the internet that contain information about BTC transactions, however the search is laborious and the information poor. Examples:

  • https://www.blockchain.com/nl/explorer
  • https://live.blockcypher.com/btc/
  • https://btc.com/

These databases offer much less than Noctua in terms of research features and relevant information. It is also not possible to perform advanced queries on the database (complete transaction structure of an address), so that suspicious patterns may be discovered in order to reach a conclusion.

What does our BTC database consist of?

In bullets:

A copy of the full BTC ledger with all transactions.

Information includes besides BTC address:

  • transaction hash
  • date BTC with two dates
  • The database is freely searchable: not limited like the “official sites”. These are web portals that also offer search options.
  • The BTC database is located on a local server. Example of what is possible: all amounts greater than a certain amount at a certain time, or transactions in a time frame. All transactions to and from an address. All direct transactions or up to x were deeply related to a BTC address
  • The database is updated daily
  • Historical value of the currency: this can be displayed to find out the Euro value of the transaction

Links are currently under consideration with Maxmind (a Massachusetts-based digital mapping company that provides location data for IP addresses) and Shodan (a search engine that allows the user to find specific types of computers connected to the Internet using various filters).

Noctua offers a standard solution for customization that meets every need.

Digital detective work builds trust

There is a lot to be found in the digital world: social media, the Chamber of Commerce, websites, press, bankruptcies and many other datasets that can be linked together. The bits and bytes fly around us, as it were. All this data forms an imaginary shell around the earth, from which an Open Source Intelligence (OSINT) tool can draw unlimitedly. It only becomes really interesting when this data is linked to local files of organizations. By making the right connections, this linked data provides valuable information.

Smartly linking open sources with local files offers an ocean of useful information.

The effectiveness of digital investigative work with a good OSINT tool is many times greater than traditional investigative work and can even no longer be ignored in our current society. Much research cannot even be carried out without automation. OSINT research is versatile, as a browser and a standard computer are sufficient to get the job done. That is why nowadays the government is increasingly demanding to take investigations into clients seriously. With the aim of preventing fraud, preferably nipping it in the bud. The terminology related to the “Know Your Customer” process is diverse and overlapping: COB (Customer OnBoarding), KYC (Know Your Customer), CDD (Customer Due Diligence, UDD (Urgent Due Diligence), EDD (Enhanced Due Diligence) and in these times QA (Quality Assurance) can be seen as steps within the total KYC process:

  • KYC-level 1: COB
    • Intake customer, where he undergoes an identification, global background check and also the risk profile is determined in addition to collecting news facts. This research can be highly automated and no highly trained employee is required to carry it out. Every customer undergoes this examination!
  • KYC-level 2: CDD
    • In-depth research into the background of customers and possibly companies with an elevated risk profile, naturally focused on risk (but also include the success stories for the commercial department). This is necessary when a customer belongs to the risk group and is done before doing business with the customer. Think about:
      • The creditworthiness
      • Money laundering
      • Financing crime/terrorism
  • KYC-level 3: UDD
    • Highly critical research in addition to the CDD, in which potential partners and sometimes the transactions are also vetted. With the aim of discovering risks that have passed KYC levels 1 and 2. The software allows simultaneous investigation of the same file. By working on the same research with several experienced researchers at the same time, results can be achieved extremely quickly and the importance of this goes without saying. This research can only be carried out by experienced researchers.
  • KYC-level 4: EDD
    • Completely comparable to the KYC level 3 research, with the difference that only one experienced researcher works on the file. So there is no urgency!
  • KYC-level 5: QA (Quality Assurance)
    • A good process contains a self-checking mechanism, which is especially relevant when the interests of an investigation are high. By randomly checking all levels, imperfections are discovered and the underlying software can be improved, or the instructions can be adjusted. Professional software also contains an alert function with which certain matters can be periodically monitored.

A KYC process implemented in the above manner is optimally designed. The studies are done properly and at the right time. Onboarding is fully automated, which means that the largest cost item is at least halved.

Fear of heavy fines and reputational damage is often the main motivation for financial institutions to start with a thorough KYC process. Understandable, of course. However, without this big stick, organizations would have to organize this process anyway. On the one hand to prevent them from being forced by the government, because high pressure then means that a solution must be found in the short term. Usually the cost item is higher than necessary and the result is far from optimal.

On the other hand, an organization obtains a lot of valuable information from the KYC process, with which it can optimally serve the customer and learn to understand it extremely well. Especially when the process is set up in such a way that the successes of customers are also included in the survey. It provides the commercial department with relevant, mainly positive, information with which to enter into a conversation with the customer. This leads to new opportunities and turnover.

Remarkable organizational structures can also give rise to a discussion and there are many examples to think of. Banks, insurance companies and other financial institutions will see an opportunity to polish their image with solid information and in this time where social media are leading in forming public opinion, it is worth gold.

Many parties may look up to setting up the above process as a mountain, but all levels can be set up with one and the same tool; Noctua – Open Source Intelligence.

Noctua offers a standard solution for customization that meets every need.

A Noctua KYC process implementation is easy to implement, easy to manage, saves costs and delivers high quality. With Noctua, KYC is one less thing to worry about.

Free to download: schematic overview of a complete Noctua KYC proces.