Why multi-sourced third-party data is key for detecting and preventing financial crime
To support UK banks in better detecting and preventing Financial Crime, we have been conducting extensive market research to understand how UK firms are being exploited by criminals globally.
UK companies are considered around the world to be trusted, and the country is widely believed to be a low-risk jurisdiction. As such criminals have been capitalising on the credibility UK registered firms offer and the anonymity they give criminals, hiding behind complex corporate structures.
With UK companies being readily sold ‘off the shelf’ around the world or, for those willing to spend a few minutes setting up a company online, the £12.00 cost for incorporating a UK registered business offers little deterrent to criminals, or indeed pranksters willing to demonstrate the ease at which the Register can be manipulated1.
To quantify the extent to which the Register may have been compromised, we have already conducted the following analysis.
In just the last three years we have observed a 116% increase in businesses connected to EU defined high-risk third countries (those countries most commonly associated with Financial Crime), rising from 19k in 2019 to 40k in 2021.
In the last decade we have witnessed a doubling of UK businesses where there are no UK based directors (35k in 2011 rising to 70k in 2021).
To illustrate the ease at which the Register can be manipulated, the below example shows a real new company where the director, Mr ‘Mac The Knife McMillan’, has registered Helios Investco Capital Limited, with Wandsworth Prison as the correspondence address. You may note that his occupation is a Gangster.
Whilst this example of Register manipulation is clearly a joke, many company formations we are witnessing have far more sinister intentions.
The criminals often start by stealing a residential address. This address is then recorded in Companies House as the Registered Office Address for the newly formed company.
Before 2016, there was very little UK citizens could do if their home addresses were stolen, however, when the Companies (Address of Registered Office) Regulations 2016 was introduced, new measures were born to protect citizens from criminals stealing residential addresses to set up newly incorporated businesses.
Now, if you receive a letter through the post saying you have set up a company and you haven’t, you can notify Companies House and they will default your home address to the Companies House registered office address in Cardiff.
The problem with stolen addresses
We have been monitoring these suspicious addresses since 2016 and we can see how the numbers have grown.
Around 3000 of these resulted in RP06 forms2 being filed in the past year, where individuals have taken out action to have their addresses formally removed.
Unfortunately, many citizens ignore the Companies House letters, and the true extent of this issue is unknown.
However, we have identified over 20,000 UK residential addresses where each one has over 100 UK firms registered.
The above diagram illustrates this growing trend, where residential addresses have a highly suspicious number of businesses associated.
One such stolen address was recently used to spoof one of the UK’s largest supermarkets. The brand name was subtly changed and used to set up a company at Companies House, using a stolen address. The occupant is now receiving up to seven kilos of post each day from disgruntled creditors chasing debt – a clear example that this is not a victimless crime and results in untold stress for the individuals who’s addresses have been stolen.
Sadly, it’s not just isolated addresses that have been stolen. We’re now seeing entire streets that have been comprised, where the criminals are sequentially stealing the residential addresses for each house on a given street and using these to set up fraudulent companies. The Times reported3 in November that in the past 18 months more than 100 companies have been set up by Pakistani nationals on a single road.
Perhaps more alarming, we’re now witnessing criminals stealing the credentials of the deceased. We have identified that 6,452 new incorporations exist today where the directors were already dead at the point of company formation.
What is becoming clear, is that those who use Companies House as a sole or primary means of verifying business customers exist, and are doing what they say they are doing, may be filled with some level of trepidation.
Looking beyond Companies House
To truly understand the risk of a business and its owners you need to look beyond Companies House. So, what other official registers exist in the UK beyond Companies House?
Additional sources may include:
- VAT Register
- Charities Commission
- Gambling Commission
- Financial Conduct Authority
We are also gifted in the UK with an abundance of data through Open Government License that facilitates the re-use of a wide range of public sector information free of charge. So, if you wanted to understand more about a customer who is operating a pub, consider using Licensed Premises data, if they are a restaurant, consider Food Standards Agency, if they are a Dentist, Care Quality Commission or a school, Edubase.
Whilst there is no single source of truth for any industry, multi-source data corroboration and verification can better identify misleading claims. If a customer is consistently presented against five or six third-party data sources, then that should instil a level of confidence.
Conversely, if we can see your customer has presented themselves across five data sources inconsistently or they are not appearing on the sources that they should, this should give cause for concern.
We have identified these key third-party data sources and aggregated them to enable the multi-sourced corroboration required to uncover hidden risks associated to a business or the people behind the business.
This article covers just a few examples we have available to illustrate current vulnerabilities. Never before has it been so vital that you adopt multi-source corroboration of your customers data and refrain from using only Companies House data in your Customer Risk Assessment.
How can we help?
With FinCrime becoming ever more sophisticated, it’s more important than ever that you know who you’re in business with. UK banks and financially regulated institutions are spending millions each year fighting financial crime.
There is a better way. Our approach blends the latest technology, data, and insight to deliver slick, automated financial crime prevention and remediation. It only requires manual intervention when the data calls for it, hugely reducing the time, cost, and effort involved.
Get in touch
To find out more about how Experian can help you uncover financial crime risks, contact us here.
Contact us[1]
Fakers, fast sign-ups and fraud: the crisis at the UK’s Companies House, The Guardian
[2] Apply to remove material about a director (RP06), GOV.UK
[3] ‘Burner’ firms are infiltrating innocent people’s houses, The Times