As we have previously stated*, The proliferation of so-called reputation damage, or reputation restoration, companies has caused a sea change in traditional compliance due diligence. One can no longer trust the Internet to supply the necessary negative information about compliance targets, employing ordinary due diligence procedures. How on earth did this happen ?
Though reputation damage repair has been available for some time, its previous clients were Fortune 500 companies, or financial institutions, that had taken a hit, due to some instance of misconduct, regulatory action, litigation, or other adverse event. Unfortunately, this has now changed.
Criminals, corrupt PEPs, and other bad actors have learned that these reputation damage firms can actually conceal the website information they most want to hide from public access, whether the potential viewers are prospective victims, partners, regulators, or law enforcement agencies. Generally, these companies utilize such methods as:
(1) Enrolling their clients in a wide range of social media websites, and posting positive information about them therein.
(2) Creating what I call fluff websites, containing photographic, news, or other irrelevant content, totally unrelated to their clients, to load up the first ten pages of anyone's search results.
(3) Posting bogus blogs, or other content, using their clients' names, but posing as others with the same name, to totally confuse the parties searching for their client. How can you now be sure that any negative information you find does not belong to the other John Does who have websites ? This is clever disinformation, what we call confusion to the enemy.
(4) Dumping large numbers of inane postings on the web, to drive any real data far to the end of your web search. Most Internet searches return by relevance, and lazy web-searchers rarely access the final pages.
(5) creating websites that favorably reference their clients, to humanize him in the reader's eyes, which is intended to potentially plant major seeds of doubt about the authenticity of any negative information.
(6) Posting information that raises the issue that the clients were charged with crimes for purely political motives, and not because they were culpable.
(7) Shooting the messenger; posting extremely damaging information, which is generally false, about all parties who have accused the client of criminal conduct.
(8) Placing libelous information upon legitimate websites that cater to complaints about misconduct.
(9) Hacking into authoritative sources, and dumping negative information about the clients' adversaries or whistleblowers, into it.
Therefore, your ordinary due diligence searches have a real chance of failing to return the negative information that is out there, and since your commercial-off-the-shelf database did not have the client listed, due to his minor status, you admit the individual as a bank customer. In truth and in fact, he is truly a career financial criminal, with arrests on the other side of the world, but you did not catch it.
You have two choices:
(1) Use the alternative method** that I suggested in my previous article, or
(2) Increase your investigative level to enhanced due diligence for all targets. frankly, I doubt that you have either the budget or the staff to conduct this, and even if you do, your directors may not agree to the increased costs, and expanded use of staff.
Thus, in my humble opinion, it is time to change the way that you perform due diligence, lest you admit financial criminals clever enough to have engaged a reputation damage firm early on, to deceive you, both now, and in the future. Watch yourself here, and discard routine due diligence compliance, lest you miss catching someone you cannot afford to onboard.
*If your Due Diligence target used a reputation restoration company, Turn the Beat Around
**Check for Risk
For further reading:
Alert: Reputation Restoration Firms are Altering Legitimate Content