AML / KYC refers to Anti-Money Laundering and Know Your Customer and there are two key areas of banking and finance that regulators have been focusing on for decades. Recently, US Regulators have been handing out some hefty penalties to financial institutions that fail to implement effective AML / KYC programs. My bank client had not been fined, but they also did not want to be.
It was an exciting project for me and one that stretched well beyond the 6 months it took to develop and launch the program. While I didn't know much about KYC when I started, I have learned quite a bit over the last seven years, and I think there are some ways ticket selling organizations could benefit from applying a little KYC. Some of those ways include; improved venue security, better control of ticket distribution, maximize sales opportunities, more efficient and effective customer support, and improved readiness for increasingly more strict customer data protection regulations such as the EU's General Data Protection Regulation (GDPR).
KYC for the ticket industry has primarily taken the form of Customer Relationship Management (CRM) software. Many ticket-selling organizations started using CRM systems years ago for season ticket sales or for development purposes for non-profits. Lately, organizations have the option to use either a ticketing system with built-in CRM features or have a software developer provide an API to connect their ticketing system to an Enterprise Class CRM such as SalesForce or Microsoft Dynamics.
Having CRM capabilities brings a whole new set of problems, though. Before implementing a CRM solution, you must determine what data elements you're going to collect and what data standards you are going to apply. Also, as new business requirements and government regulations evolve, your view of your customer data needs to be reassessed. Are your accounts going to have more than one contact? Are you collecting name, phone, and email for each contact? Can you determine which contact placed the ticket order and whether any of the contacts is actually attending? Although address data seems pretty mundane, you can't take for granted that your CRM has standardized country names, state names and abbreviations, or validates, phone numbers, addresses, or emails. Standardization is more than just keeping your data neat and tidy. Without standardized input for key data elements, marketing and demographic reporting can be somewhat compromised, but more importantly, you may find you are not able to comply with regulatory requirements for data accuracy.
Another critical area of customer data curation is handling duplicate accounts. Almost unavoidable in any CRM implementation, duplicate accounts can get created when you are importing accounts from lists or migrating data from legacy systems or from dispersed point of sale systems. Duplicate data harms your business in a number of ways. They distort your view of the customer, adversely impact customer service, and, in light of heightened data curation requirements, expose your business to potential non-compliance findings from regulators. Identifying, remediating, and preventing duplicates is a complex and thorny task to undertake. Fortunately, there are plenty of data cleansing services and software solutions on the market.
Recently, venues began to address the problem of "the unknown ticket holder" or what others call "Plus Ones". The problem is familiar: the average ticket order is somewhere between 2 and 3 tickets, but the sale is attributed to only one customer. The other one or two (or however many) ticket holders are just completely unknown. Some ways to get at the unknown ticket holder are 1) having the purchaser forward the seat assignment to the other attendees, who then are required register on the ticketing platform to get a scannable code for seating, 2) splitting the payment between the attendees (which will only work if the payment processor used to split the payments is integrated with the ticket system), or 3) WiFi services in the venue that require a user email to activate.
While all these methods help to identify the previously unknown attendees, they also can easily give rise to a fragmented customer data profile. This not only diminishes the business intelligence you might gain from the additional information, but also puts you in a position of liability with regard to the GDPR's "Subject Access Request" which requires you to disclose all the data you hold on particular customer; how it’s being used; what measures have been implemented to protect it; who has access to it; and so on. As you begin to integrate data on these "Plus Ones", make sure that data is incorporated into your organization's data integrity regiment.
Knowing your customer has always been a good business practice, but now, with new regulations such as GDPR coming on the books, and possibly more to come (thank you, Facebook!), it is becoming mission critical.