Most matters pass through a small number of verification checkpoints. Often, these are each handled by a different system: identity is confirmed at onboarding; source of funds is assessed shortly after; and then a risk assessment is completed and filed.
Months later, when the money is due to move, payment details are exchanged, checked manually or by Confirmation of Payee (CoP), and authorised.
Each of those checkpoints is useful on its own, but unless they’re feeding into the same source of truth and being verified against each other, they’re a lot less coherent than you think.
The verified identity and the start of the file is not holding up the payment at the end.
The two layers—identity and money—exist in separate systems, with separate audit trails and separate logins.
And it’s that gap that creates the risk.
The point of failure
The most common point of failure is at the intersection between instruction and completion. For instance, when:
- a client is verified at instruction, but their bank account details for completion are taken later, and often insecurely by email.
- a risk profile flags a politically exposed person, but the payment instruction is still processed against a beneficiary record without re-screening.
- a vendor’s solicitor reissues bank details a week before completion, but the firm has no automated way to relate that change back to the original verified record of the seller.
While these are not catastrophic on their own (indeed, this kind of friction is par for the course with any multi-tool stack), they are nevertheless key vectors for payment diversion fraud and sanctions breaches.
The check has flagged everything it needs to, but the gap between that and payment has left the door open for unforeseen risks.
End-to-end verification
Kord is built around a single client record that follows the matter through.
The same verified identity captured at onboarding becomes the anchor for the payments that flow into and out of the file, also via Kord.
Source of funds, client and matter risk assessment, and payee details are linked to the same record and visible on the same workflow.
And when a payment is set up, it is verified against the original identity layer; not just the name on the bank account, but the underlying client record, the PEPs and sanctions screening, and the matter risk profile.
The same verification standard can be applied to third-party payees before funds are released.
Meeting regulatory expectations
The SRA, and in due course the FCA, is asking firms to show how risk-based decisions were made, evidenced, and acted on throughout the matter.
Doing your due diligence only at the start of the relationship isn’t enough.
A single, continuous record makes that demonstrable, and easier to defend.
For clients, agents, and lenders, the experience is far simple, too. That’s because it’s just one process, with one identity, and one record. The firms that build their practice on that kind of continuity will ultimately become far easier to grow, and far harder to defraud.
Get in touch with Kord to find out more.
