How to test a business idea

I’ve been talking recently with a company about the definition and creation of a new product. It didn’t take long for the standard questions to arise: Who are we building for? What value will we bring? How are we unique compared to others in the market? Do the revenues justify the investment?

Sometimes people know exactly what they want to do and where they need to go, other times we are all following a hunch and need clarity on direction. Irrespective of the entry point, time to look at the toolbox and pull out the Business Model Canvas as a successful tool to structure the thought processes and discussion.

The Business Model Canvas 

The canvas is taken from Business Model Generation, one of the Strategyzer series of books. These books are an incredibly useful resource to help provide direction in business and personal thinking. They are easy to read and not expensive. Just buy them! The cost of getting something wrong will always be significantly greater than the investment in something that will move you towards your goal.

The Business Model Canvas is a tool to guide you through the steps required to define the properties of a new product, service, or business. It is not perfect (the boxes are rarely the right size and certainly in the wrong order for me!), but it makes you think and as with any tool of this type is a significantly better starting point than a blank sheet of paper!

You can download a template from the Strategyzer website. If you want to work interactively with a team and complete it online mural also have a template on their site. In certain circumstances, it can be worthwhile creating a tailored version of the canvas. I’ve adapted it twice, once to simplify and focus the content for a large product portfolio review by a group of product managers, and once when considering platform business models. I’ve also applied the canvas to the definition of internally focused products, without an external customer.

You can build the canvas in an order you like. My tip when starting is to focus on the customer first (Customer Segments), then your Value Proposition and then how you think you’ll actually make money (Revenue Streams).

The Lazurus Hei$t

Excellent and well worth a listen, The Lazurus Hei$t, a new BBC World Service podcast, tells the story of the Bangladesh Bank robbery and the attempted theft of a billion dollars by the North Korean-linked Lazurus Group. The tale has it all, financial and personal impacts of the Sony Pictures cyber-hack, state sponsorship of cyber-crime, the creation of counterfeit currency that’s almost better than the original, hacker hotels, hacking of payment systems at Bangladesh Bank, the movement of 500kg of cash from bank premises with faulty CCTV, laundering of funds through an unregulated Filipino casino system, Japanese links to the North Korean leadership dynasty, abuse of the charity sector, and more casino mayhem in Macau.

A fantastic plot for a fictional movie, if the story wasn’t true.

One somewhat ironic take-away from it all (in a Scooby-Doo style) is that they would’ve got away with it if it hadn’t been for those pesky sanctions filters. A reported $1 billion transfer from the Federal Reserve Bank of New York, on behalf of Bangladesh Bank, to the Philipines based Rizal Commercial Banking Corp (RCBC) was never sent as the transfer to the branch location in Jupiter Street in Manila hit an OFAC SDN sanctions entry for “Jupiter“, an Iranian vessel. Another $20 million was stopped by another sanctions filter hit at Deutsche Bank against a spelling error of “fundation” where the hackers had tried to direct the funds to a, not entirely legitimate, nonprofit foundation in Sri Lanka.

Sanctions filter hit rates can be really bad, and often as poor as 1 in 20, that is one in every twenty transactions stopped for review when the filters are badly built or misconfigured. Of those hits, only a tiny fraction, less than 1%, are ever then reported as illegitimate transactions to regulators, so most of the work done by sanctions teams is wasted effort.

So the unanswered question “inefficient sanctions filters, a blessing or curse”? Well in this instance sanctions filters saved the day but more typically they are just creating cost and inconvenience for legitimate customers. Fixing and streamlining the poor quality of sanctions filtering is long overdue. It would remove cost, improve compliance, improve the speed and certainty of payments, and lead to a better customer experience.

And as to stopping those fraudulent payments, that’s the role of fraud prevention tools – not something detected by accident!

EBA consults on a new central AML/CFT Database

On 6 May the EBA published details of a consultation on the creation of “Regulatory Technical Standards (RTS) on a central database on anti-money laundering and countering the financing of terrorism (AML/CFT) in the EU”.

The EBA has faced significant criticism in the wake of supervisory issues that emerged from events at Danske Bank. At the start of last year, it announced a new legal mandate that establishes it in a new role to lead, coordinate and monitor the financial sector’s fight against money laundering and terrorist financing across the EU. They published a factsheet on the strategy and approach.

Taken from EBA – Anti-Money Laundering and Countering the Financing of Terrorism, Feb 2020

The new consultation is part of work to create a key tool as part of the new EBA strategy. To establish and keep up-to-date a central database with information on AML/CFT weaknesses that competent authorities (CAs) across the EU have identified in respect of individual financial institutions.

Information sharing, either public or private, relating to financial crime is always a good thing but the focus here seems to be misdirected and could lead to further pressure on banks and FIs without the desired effect of risk reduction. As such the priority seems to be an attempt at fixing the supervisory failings, without turning the spotlight on the supervisors themselves, when it should really be focussed on improving the financial crime compliance outcomes.

It is obvious that competent authorities across the EU, and FIUs globally, should do more to coordinate their efforts to combat financial crime and that information sharing is a key enabler to do this. It is also clear that the assessment of institutions plays a significant role in ensuring safety and soundness – we are only as strong as the weakest link. But, if the technical specifications described in the consultation paper are anything to go by, this new database will just create a further stick to beat the banks with rather than real risk reduction.

NCA – Annual Threat Assessment

The National Criminal Investigation agency has just published its annual threat assessment.

A very interesting report full of facts and figures and some lovely info-graphics. Strong evidence this year of Covid-19 playing its role in the changing landscape of crime and a clear demonstration of how quickly criminals adapt.

Many insights make depressing reading. Over £12bn of criminal cash generated annually, the scale of money laundering in the hundreds of billions, money mule activity, cyber-crime, ransomware and crypto-asset laundering on the up, child sex abuse increasing due to lockdown and increased online access, fraud at £3bn …

Sometimes though bigger numbers aren’t always bad. Here’s two that I’ll take as positives:

  • £172 million was denied to suspected criminals as a result of defence against money laundering requests (up by 31% – see the SARs Annual Report for detail);  and
  • £982 million of potential financial sanctions breaches were reported in the year ending March 2020. A 3.7 times increase from £262 million in 2018/2019.

Two indicators that firms are doing a better job in relation to financial crime compliance. More reports, more investigations, more disruption of criminal gangs.