I am Numeracle’s Vice President of Trust Solutions, which is a role that addresses the challenges of using validated identity information to foster trust in communications and between service providers and regulators within the industry.
I approach my job by asking how I continue to push and develop the things I’ve learned or found useful. How do I continue to explore things I still don’t know? How can I learn from others to make an industry ‘guidebook’ or create a consensus for those who are also confronted with the same issues and struggling to connote trust and establish guidelines in a highly diverse and distributed industry?
I came into this role from a practical perspective. Previously, when working at Bandwidth, I was looking to solve how we could better vet and validate new customers coming onto the network to try and reduce fraud risks. At that time, I realized no guide or industry group had solved this problem yet and that I would need to make it myself from scratch with my colleagues.
We developed our understanding by working with experts in the industry and began piecing together the right things to review for customers and the things we cared the most about so we could identify customers most likely to represent a high risk. From there, I started with a manual human-reviewed team and was challenged with figuring out how that could be scaled and applied to more customers quickly. That’s where my interest in trust solutions as a topic and as a need in the industry began.
Gathering and validating more information about your customer can serve various business goals that you wouldn’t necessarily consider related to KYC. Know Your Customer encompasses a broad category of helpful information, not just in risk mitigation but in making sure the right products are being sold to the right customer or making sure that you correctly forecast revenue from a customer, etc. It comes down to how you can better serve your customers to accomplish business goals.
We should view KYC not just as a punitive or law enforcement-style investigation for finding customers harming our networks. Instead, we should view KYC as the actions you can take to understand your customers, reduce your levels of risk, and provide a better customer experience. I quickly discovered that collecting KYC information is highly valuable not just for our fraud mitigation team but for every internal team at the company. It was valuable for the sales team and the customer service managers, and it was incredibly valuable to the product team and company leadership.
Whenever service providers typically run into situations where you can grant something on an exception basis, and a leader has to decide what to do in the case of certain customers, a lot of the actions that those leaders perform leading up to making those decisions are KYC. They’re looking at who the customer is, where they come from, their intentions, and what they do on the network. All of that overlaps with KYC.
Rather than trying to stop customers from coming onto the network, KYC’s value is in enabling decision-makers to make more informed decisions about where to lean in and support a customer versus when to wait or ask more questions for further verification.
Telecom is challenging because the nature of businesses that operate in communications is incredibly diverse, making it hard or impossible to create one set of standards that fits all kinds of businesses in this industry. So rather than advocating for a specific set of standards, we should turn towards a risk-based approach of enabling companies to chase outcome-based standards rather than setting specific ones on their business that may not make sense.
The other challenge in standardization is that service providers are so disparate in what they offer, their size, and their resources. Standard practices for a large company in the telecom space may be prohibitively costly or problematic for a small business. We have tiny service providers operating in this space that cannot implement a standard on the same scale, or they would go out of business. We must carefully consider whether it’s our goal to have those providers go out of business and make communications more like power utilities or banks in terms of start-up costs or whether we want to create a system that allows those smaller providers to comply and continue to operate at their size.
Besides the standardization of guidance and requirements amongst a diversity of service providers, the other major challenge is the environment of fear and uncertainty that many service providers are operating in, preventing them from collaborating more openly with other service providers. They don’t communicate what they’re doing for KYC with each other, much less try to come together on a set of standards and best practices.
From my experience working with KYC information, there is a lot of resistance to being specific about the actions they’re taking out of fear of being labeled a bad actor, being the subject of regulatory enforcement action, or being judged. When there are no clear standards, you don’t know where you stand compared to your peers, and you don’t necessarily want to be the first to be open about your KYC processes. We need to find a way of reducing that fear and uncertainty from getting in the way of collaboration between providers.
I suggest having enforcement agencies and large service providers at the forefront in encouraging cooperation between providers regarding KYC, understanding that there is no catch or and that things like how to check a business registration don’t carry any competitive advantage. This isn’t a way of getting you to tell us what you’re doing so that we can tell you that it’s wrong. We need people on the frontlines who are developing these processes, and we should be able to collaborate on those things and talk to each other.
A challenge that has always been an issue in communications and other industries is that we don’t have a great way of identifying service providers. The biggest challenge in the US is that many of the registrations companies are doing are at the state level rather than having a clear identifier at a federal level. That makes consolidating the identity of related businesses or parent companies challenging.
Many service providers aren’t skilled at parsing through related or parent businesses to ensure they understand who they’re contracting with, collecting payment from, and who’s responsible for the services. It’s a challenge in the United States that there aren’t great centralized IDs for related businesses and ownerships. Other industries, especially the financial industry, have tackled this via methods to identify related businesses and with partnerships to establish global legal entity identifiers. It saves businesses time and money from manually revalidating identities for every new business customer that gets added, confirming that someone has validated that information, and proceeding to the next stage in the customer’s review process.
This is a conversation that Numeracle has been a part of to figure out how we can give service providers greater access to validated company information so that all service providers can have an easier time performing KYC as it relates to their customers.
My first piece of advice is to start. Many get stuck trying to figure out precisely what they should do and become frustrated when there’s no guide or when they find something that doesn’t work for their business needs. Just start and put something in place. Even if it’s not perfect, it’s better than nothing.
My other piece of advice would be to start with leadership. Many companies mistake tasking a specific team member by putting together KYC processes. Business leaders often see KYC as a specialized thing, so they appoint someone who wouldn’t necessarily know where to start or how to implement it. The company’s leadership needs to decide why they need or want to establish a KYC program, what risks and problems they are trying to solve, what goals and requirements they are trying to meet, and what they are willing to do about it. These questions leave a lot of room for interpretation that has to be answered by a KYC group, and ultimately, the leadership of a service provider or business is responsible for what that KYC team does.
All teams must clearly understand why KYC is being established, why it’s crucial, and what’s being accomplished. That helps the KYC team understand the why behind its front-line decisions and create alignment across the business. Leadership should make it clear that all teams are responsible for contributing and complying with the goals of a KYC program, not one specialized team that sits on its own. Start at the top with company leadership to provide guidance and responsibility to all the teams, not one specific team, so that they can cooperate towards the same KYC goals.
When looking at business and service provider customers, people usually mean well. It can be easy for us to become jaded when reflecting on the times when we trusted someone and they broke that trust or had a negative outcome. It can be hard to continue to offer your trust and give people the benefit of the doubt. That’s why I come back to this idea of trust but verify.
If you give people the benefit of the doubt, you typically assume good intent. Still, you’re also there to identify risk factors, identify instances where it goes wrong, and change your processes if necessary. While we’re here to foster trust to reduce fraud and abusive networks, it’s also important to recognize that most are here just doing their job and trying to run a business. They’re generally not trying to give you a hard time. They’re just trying to do what they need to and provide their services.
If you’d like some more info or guidance on this subject, you can register for the in-depth webinar at the 2022 SIP Forum Enterprise Summit I’ll be doing on Friday, October 21st. Pierce Gorman and I are hosting the panel discussion and hitting some of the key reasons why enterprise identity is a cornerstone of communications trust, the challenges of establishing and applying a trust framework, and some practical recommendations on how those in telco can use KYC principles to improve their customer vetting practices.
A fun fact about me is that my passion growing up, and still is, is dance. I’ve danced for many years and have danced every style under the sun. It’s something I still do often and very much enjoy. And something I still do and still enjoy! It tends to surprise people in a business setting, but it’s a passion I pursue in my personal time, and I’m currently getting into yoga while I look for some new dance classes!
With a decade of experience in risk mitigation and customer policy creation, Sarah is an industry expert in trust solutions through her enhanced Know Your Customer (KYC) toolsets to drive digital identity innovation to enhance trust in customer communications. She works with enterprises, carriers, service providers, and industry organizations to find and build scalable solutions for validating identity in communications.
Sarah has a rich background leading fraud and risk teams in driving overall fraud and risk management strategies and customer lifecycle management. Her leadership on these teams helped create and manage usage policies and implementation strategies to ensure legal and ethical services for compliance with industry standards and regulations while promoting customer growth and innovation. Her work in support of the delivery of compliant traffic to minimize scam/spam or non-compliant messaging traffic and efforts to build trusted voice solutions give her the expertise to recommend KYC best practices for identity vetting and call authentication.