Data automation vendor Openprise announced support for the EU General Data Protection Regulation (GDPR) which goes into effect on May 25th. The new Openprise Data Orchestration Platform capabilities provide “visibility, control, and access management inside and outside of a company, without the added complexity of traditional compliance solutions.”
The GDPR specific functionality “controls the flow of EU data out of your company” via “fine-grained data filters and permission roles,” and flags leads and contacts which are subject to the GDPR even if the records lack country flags. The firm performs checks based upon emails, IP addresses, phone numbers, and non-standardized country fields. Both standard and custom fields in sales and marketing automation platforms are GDPR validated. Openprise maintains an audit trail and logs records which have been processed by partners.
The firm noted a Catch-22 in GDPR regulations. Enriching records that lack country designators may require enrichment from non-compliant datasets, violating the law. By utilizing data from within the record (e.g. domain, phone numbers), Openprise avoids violating the law in order to support the law.
“The vast majority of US-based companies are woefully unprepared for GDPR, and this new set of regulations has teeth. We’ve heard from our customers that they want a central control point to help maintain compliance with GDPR. Openprise’s position in the MarTech stack as the conductor that manages the movement and processing of data across systems puts it in a unique position to serve as this control point.”
Openprise CEO Ed King
The GDPR is broadly written to cover data held by non-EU companies, even those without operations or sales staff within the EU. Penalties can be quite high, reaching up to 4% of revenue or €20 million, whichever is greater.
“What’s so critical about GDPR is that it affects companies everywhere in the world, whether they have a presence in the EU or not, and unlike many other regulations, this one has teeth,” says Allen Pogorzelski, vice president of marketing at Openprise. “If you’ve got EU citizen data in your databases, you’re subject to GDPR regulations. U.S. companies that ignore these regulations do so at their own peril.”
This summer, Openprise launched a Data Marketplace to assist with ingesting and normalizing third-party B2B and B2C data. Amongst the platforms supported are Salesforce, Marketo, Eloqua, and Pardot. The Data Marketplace, part of the Openprise Data Orchestration platform, includes built-in rules to ensure data are properly onboarded. B2B Partners include Zoominfo, InsideView, Orb Intelligence, Synthio, Salesgenie, and Dun & Bradstreet.
European company research firm DueDil rolled out a set of enhancements spanning list building, list analytics, compliance validation, and their API. DueDil’s products are used for sales intelligence, company research, and onboarding Know Your Client (KYC) / Anti-Money Laundering (AML) compliance checks.
DueDil added four Ownership search filters to assist with targeting firms with concentrated shareholdings “ripe for takeover.” The new screens include Total Shareholding Count, Individuals Count, Companies Count, and Shareholder Name.
The firm rolled out interactive lists which build upon their list capabilities. “Interactive List Reports offer a unique way of mapping whitespace and identifying new prospects, based on high-performing segments identified in a List Report,” said Product Marketing Manager Sam Hockley. “By accessing a customer list in Report view, common traits and trends are visualised, and the characteristics of quality customers can be easily identified.”
Users can now view any List Report segment in Advanced Search, surfacing the companies and related criteria. Users can drill down on segments to research anomalies or focus on size brackets within the list. The functionality can also be used to display similar companies while suppressing the original list, providing a tool for expanding the pool of ABM candidates.
Both the browser and API now support compliance checks including Politically Exposed Persons (PEPs), sanctions, fraud warnings, and adverse media. These checks are part of standard KYC / AML onboarding steps. The Adverse Media Check includes Gazette Status (receivership, shuttering a business) and County Court Judgments. Politically Exposed Persons lists identify government officials and close family members to flag funds which could be related to bribes, kickbacks, and money laundering. Sanctions lists flag individuals associated with terrorism, trafficking, and money laundering.
“Conducting these checks with DueDil allows businesses to identify any and all linkages of corporate ownership and associated individuals. As a result, when a check is run against a specific entity, that check can be extended to all of these related parties, returning any flags or sanctions across the entire group. Advanced datasets reveal the ultimate beneficial owner of a business and enable checks for PEPs and any sanctions levied against a business,” said Hockley.
DueDil performs KYC/AML checks against both businesses and individuals. People checks are performed in conjunction with Callcredit.
DueDil also recently launched API support for webform auto-population and enrichment.
On May 25, 2018 the EU General Data Protection Regulation (GDPR) goes into effect, creating data privacy and security concerns for firms both inside and outside of the EU. The GDPR covers both companies that provide goods and services to EU residents and those that are part of the value chain. The regulation covers all individuals domiciled within the EU, regardless of where the company is headquartered.
According to Forrester, the regulation has five key requirements:
If a firm has “regular, systemic collection or storage of sensitive data,” they need to hire or designate a Data Protection Officer (DPO). The function may be filled by individuals with legal, privacy, security, marketing, or customer experience. The International Association of Privacy Professionals (IAPP) estimates that the regulation will require 30,000 privacy officers. The DPO will need to work with security leaders with respect to identity and access management (IAM) and encryption. They will also be involved in purchasing decisions around CRM, analytics, and other platforms.
Should a data breach occur, firms have a-72 hour window for reporting breach details to the authorities and customers. The window begins as soon as the breach is detected.
Privacy must be built into any new projects with a “Privacy-by-design” philosophy. Forrester stated that “sustained collaboration between teams will be critical, so firms will have to establish new processes to encourage, enforce, and oversee it.” For example, privacy officers will need to review business requirements and development plans related to new apps.
Extraterritoriality places requirements on firms outside of the EU, making it a global requirement. Forrester notes that “a US-based data aggregator that collects and resells EU customers’ data to other business partners will need to comply fully with GDPR requirements, rather than simply meeting international data transfer rules.”
Firms will be responsible not only for securing data but providing evidence that they have implemented appropriate risk mitigation. Thus, a firm can be held in violation even if they have not had customer complaints or data breaches.
US companies are still obligated to comply with the 2016 Privacy Shield agreement between the US and EU. Forrester also warned UK firms to comply with the GDPR as lowering British privacy standards would only serve to complicate UK-EU data transfer rules post Brexit.
Forrester suggested that firms take a cost-benefit analysis to data instead of simply storing everything:
“Firms will learn to better assess the costs and benefits of records they process, store, and protect. They will progressively focus on collecting, buying, processing, storing, and protecting only the data that offers them the most value and will kill the rest.”
Forrester also suggested that privacy should be part of a firm’s DNA and some firms will integrate privacy into brand perception and the customer experience, providing a basis for competitive advantage.
Osterman Research conducted a survey of mid to large companies subject to the law to identify technology expenditure increases for GDPR compliance.
GDPR non-compliance costs are potentially very high with penalties up to the greater of €20 million or 4% of total worldwide annual turnover of the preceding financial year.
Recently, I had the opportunity to sit down with Artesian Solutions CEO Andrew Yates and discuss topics including artificial intelligence and risk tools they are integrating into their social selling service. This is the second in a series of interview excerpts I am publishing this week. On Monday, Andrew discussed Artesian’s 2016 entry to the US market.
Michael: You have recently begun to introduce AI capabilities into your platform.
Andrew: What we’ve done in our first incarnation of bot-driven AI is we’ve created something that we call an “insight agent” that, through an API into Salesforce, can build you a view of threats and opportunities within your pipeline. Which, in itself, is pretty damn useful; much more useful than a forecast report or a dashboard which is the way you see it in Salesforce today. Then we’ll lay out all of those deals by stage and value and overlay today’s new social and demographic context on top. That’s pretty useful.
With the latest release, we’ve created a bot which literally reads and interprets the news in relation to the stage of the sales process that you’re at. And, where it sees a particular trigger that has meaning in relationship to a particular stage, it flags that. Most organizations have implemented the concepts of sale stages when they’ve implemented CRM.
Typically, when I ask somebody, “how many stages do you have?” They’ll say, “between five and seven.” The system automatically builds you a view depending on how you’re implementing Salesforce, however many stages you’ve implemented and what you call them. Then what the bot does, is it crawls all over the news looking for things that could impact those opportunities at the stage they are at.
Let’s say, I’ve got a six-stage process where stage six is closed and stage five is a negotiation. Artesian’s insight agent finds out about a CIO who has left the business. The insight agent will notify the user that there’s a potential problem with the deal in their pipeline. The agent will tell them why there is a problem and how it’s been categorized. There’s half a dozen next-best actions that we bundle up with the insight as we deliver it. That’s our first attempt at taking the concept of machine-based learning and natural language processing, combining it with an AI bot, and trying to make that useful for customers.
We’ve introduced the ability for the user to customize their own topics, keywords, and trigger events. We offer a bunch out of the box, and we also wrap a managed service around it and easy implementation to every customer.
We’re also seeing a lot of activity in the “RegTech/RiskTech” arena with the growth of cybercrime and terrorism, and the sensitivity around regulation of any financial, FCA [UK Financial Control Authority] regulated [business]. There are regulations that organizations need to comply with. We’re increasingly being asked by our financial services customers, particularly the banks, to get deeper into being able to provide those capabilities inside of Artesian.
Organizations want to mitigate risks. They want to fall within the arena of whatever the regulation is and comply with the law, but they also want to exploit the technology as best they can to make sure they write the best business that they can. We’re doing some work at the moment in conjunction with one of our demographic data suppliers. What we’re looking to do is extend the capabilities in Artesian to provide some of the capabilities that our customers are asking for in the RegTech / RiskTech environment. We’re going to introduce risk agents. Risk agents look at the real-time present and it looks at the past. It specifically looks at things that are in-line with the regulations and also in-line with the stated risks that the customer has mapped out.
What that translates into is a service that is not only compelling in terms of customer acquisition, customer retention, and yield, but also compelling from a kind of, you don’t go to jail if you’re using Artesian because it’s doing the regulation and risk job for you as well.
Michael: When you say risk app, are you talking more about supplier risk, compliance risk, credit, reputational?
Andrew: There are 40 or 50 pretty big companies doing this thing already. What we’re talking about is company-centric intelligence, but also the people associated with that company and the intelligence that we’ll need to derive around whether something is risky or not. It could be the performance of a business. It could be some adverse news in relation to that performance. Or it could be that an individual who has a beneficial ownership, more than a 5% stake in a business, happens to be on a naughty list in terms of the PEP [Politically Exposed Persons] or sanctions.
At the moment, we have risk triggers in the opportunity view. They’re not compliance risk triggers. If you’re going to a client, they need to know about key beneficial ownership.
Michael: Is that part of the opportunity view or is that a new type of view?
Andrew: A new type of view. We have risk triggers in the opportunity view, but they’re not compliance risk triggers. If you go into a bank, they need to know about beneficial ownership, adverse news going back three years, PEP, sanctions, real-time alerts from stock exchanges. None of that is feasible within a generic instance of Salesforce.com in an opportunity view.
Michael: It sounds you’re looking to move beyond the sales and marketing teams to start to get to into things like onboarding, KYC [Know Your Customer], AML [Anti-money Laundering], PEP, and other compliance aspects that really go into monitoring of clients as well as the initial onboarding.
Andrew: Yes, if you go back to the whole customer curious mantra and deep relationship management, we like to say that we put the R back into CRM. We are all about that relationship.
The conversations we are having with our large customers would indicate we are on the right track with that.
The interview will be continuing over the next few days with discussions of what it means to be a “customer curious” business and how Artesian maintains a very high engagement rate amongst its users. Monday’s blog discussed Artesian’s 2016 entry into the US market.
Dun & Bradstreet unveiled a new Beneficial Ownership product to assist with client onboarding and back-book remediation of current customers. The service helps determine who are the ultimate benefactors of each transaction. Beneficial Ownership assists with legal compliance including Know Your Customer (KYC), Anti-Money Laundering, Politically Exposed Persons (PEP), and sanctions lists monitoring. Overall, there are around a dozen relevant regulations concerning beneficial ownership with different thresholds for research. By automating these checks, which have historically required manual research teams, Dun & Bradstreet is reducing time, expense, and risk (e.g. credit, supplier, reputational) while expediting the client onboarding process.
“Compliance teams are challenged to manage third-party due diligence, Anti-Money Laundering, Know Your Customer and tax compliance regulations through manual processes that can be costly and inefficient,” said Brian Alster, Dun & Bradstreet’s Global Head of Supply and Compliance. “By harnessing Dun & Bradstreet’s verified data with D&B Beneficial Ownership, the process can be easily automated to fast-track standard onboarding, helping companies relieve compliance burdens, and get back to driving growth.”
While family trees focus on controlling interest there are numerous legal reasons to look beyond controlling interest. These include onboarding and ongoing compliance (e.g. KYC, AML, PEP, sanctions) as well as company research relevant to conflicts of interest, supply chain risk, and vetting customers, partners, service providers, and resellers.
The new offering, which draws from the D&B WorldBase file of 265 million active and inactive company records, spans 62 countries and 71 million shareholders. D&B Beneficial Ownership is available through batch, real-time, and online access via the D&B Direct API or D&B Onboard. The service also delivers ownership change alerts and a visualization layer which displays a spider-web view of branches and loops of business structures. To assist with varying global requirements, users can query at different ownership thresholds. Both corporate and individual beneficial owners are assessed across 100 million plus connections.
With D&B Direct 2.0, API clients pass the company name which is DUNS Matched. The API then returns a detailed list of shareholders to the desired threshold including percent of ownership and loops (i.e. cross-ownerships).
Dun & Bradstreet collects shareholdings data from registered filings (mostly in Europe), direct research teams, and licensed data. Ownership data goes down to 0.1% ownership levels. Other compliance data includes PEP flags, sanctions lists (e.g. OFAC), and adverse media searches.
Beneficial Ownership intelligence is also important for companies with deep supply chains looking to prevent reputational risk and ensure a minimal level of ethical behavior amongst their subcontractors. Last May, Dun & Bradstreet launched a Human Trafficking Risk Index tool which helps firms avoid dodgy suppliers that may be using slave labor. The Human Trafficking Risk Index is the first in a series of “Responsible Business Analytics” products in their pipeline.