One of the biggest risks to banks is over-exposure to individuals, or related groups of individuals, who themselves are over indebted and therefore represent an existential credit risk to the stability of the entire bank.
In order to mitigate this risk, banks in the EU must comply with Article 394 of the Capital Reporting Requirements (CRR), which requires them to report their large exposures, and loans of over €1 Million, to the local regulator (e.g. the Bundesbank in Germany) on a quarterly basis.
Here is where graphs and identity (or “entity”) resolution can help. In identity resolution, a graph is a data structure that connects entities (nodes) through relationships (edges) to help identify when multiple data records actually represent the same real-world entity, or highly related entities.
Let’s focus on the individual loans here, as we have covered large exposures and “connected clients guidelines” previously.
Large Loan Reporting
When the local regulator receives information about loans of over €1 Million to individuals, it compares the data from all other lenders to look for individuals who may be over-indebted to more than one financial institution, and then reports this information back to the lenders. This data is also transmitted from the local regulator, to the European Central Bank (ECB) and the European Banking Authority (EBA), where the same exercise is performed, so that individuals with large debts across the EU are known to all.
This means that the banking authorities themselves are conducting identity resolution. In a large body of customer data records (e.g. ~1400 banks in Germany regularly sending data), with similar but non-exact record attributes (e.g. name, address, date of birth etc), the regulator must identify which two or more records from different sources belong together in one identity, to establish their total-indebtedness.
Deutsche Bank Example
Let’s look at a simple, hypothetical example representing Deutsche Bank in Germany and Austria and a customer that has four different accounts:
Firstly, you can see that each bank has a different format for storing the customer record data: e.g. Name vs Forename + Surname; Birthday vs DoB. That is the reality of real-world data across large organisations.
Nevertheless, using identity resolution techniques, these customer records could be linked together as belonging to the same person (a so-called “identity graph”) based on 1) name variations that follow standard patterns (Vincent van Gogh vs. van Gogh, Vincent), 2) consistent date of birth (albeit in different formats), 3) consistent contact information over some records.
The Risk for Banks without Identity Resolution
So while the central banking authorities are actively conducting identity resolution on the data sent to them by thousands of banks, the problem for the individual banks is when they do not do the same with their own customer data.
A bank, such as Deutsche Bank, may have many business units, or group companies across different countries. Since it is difficult for a bank to keep unified profiles of their customers, it is quite possible that a bank may have unknowingly given several sub-million euro loans to an individual, the sum of which is over €1 Million and hence should be reported. As the bank does not know that they have given so much credit to one person, they never report the individual - creating a credit risk not only for the bank itself, but for other banks that may also have lent money to this individual.
In the above Vincent van Gogh example, none of the individual loans are over €1 Million, so this individual’s total indebtedness might never be reported to the authorities, when in fact his total indebtedness is €1,360,000. Even if the German side of Deutsche Bank knew that their three Vincents were the same person, the Austrian division might think that they have a customer with a relatively risk-free credit of only €120,000, who would therefore never be reported to the authorities.
The solution to this would be for the bank to use an identity resolution solution, like Tilores, where the connections between customers in different business units can be established and the customers with >€1 Million credit easily identified.
Whether this was a persistent system, continuously updated in real-time, or a system that is run once a quarter and then wiped clean would not really matter. What matters is fast, and accurate data showing which customers are related - without the bank having to do more than press a button to ingest some data.
Fancy a €100,000 Million Fine?
That’s how much a bank has to pay as a fine if they fail to notify the relevant authorities about a customer with cumulative loan exposure of >€1 Million. That means a simple identity resolution failure - the inability to link the same customer(s) over multiple business units within a banking group - could get very costly. A strong justification for investing in sophisticated identity resolution technology.
