Entering the global marketplace presents a growth opportunity to many sectors of the US economy. Companies in the Transaction Processing sector recognize it and are contemplating, or actively pursuing global expansion strategies. This article highlights two of the unique challenges and opportunities these companies will face in non-US markets: availability, reliability, and veracity of consumer data, and compliance with privacy and consumer protection laws.

Entering the global marketplace is not for the faint of heart; It carries with it as many dangers as it does opportunities. I believe, the Transaction Processing industry global expansion will be similar to many industries where the early pioneers learned their lessons the hard way, by trial and error, but subsequent entrants used that knowledge to make their entry smoother, faster, and more successful. Having been involved as a manager, executive, or consultant with the international expansion of companies in the Logistics and Transportation, Telecommunication Outsourcing, Call Center Outsourcing, Financial Services, and Transaction Processing segments since the late 80's I have had the privilege of a front seat view of the flattening of the business world for the last 15 years. It is this perspective and experience I hope to share in this article.

In the U.S., Transaction Processing generally describes companies that use computer systems and networks to process transactions as diverse as payment reconciliation, background or credit reporting, airline ticketing, and credit card transaction authorizations. Each of these categories is enabled by some unique set of US characteristics that in the global marketplace are definitely different, not always available, or sometimes not even relevant. Two of those sets that will have a major impact on US based companies expanding to international markets are consumer data availability and compliance with laws and regulations.

Let's consider a typical risk assessment and credit granting transactions for a moment. It is a uniquely American phenomenon that an individual can walk into an automobile dealership, fill out a form, obtain financing, and, sometimes in less than an hour drive off the dealer's lot with a brand new, or previously loved, automobile just by presenting some basic proof of identification and authentication. When I host business partners or clients from other countries, this simple every-day transaction is one that absolutely confounds and amazes even some seasoned businesspeople.

This ubiquitous application of unique identification numbers (think Social Security Number), databases and database mining (think Equifax, Experian and Transunion), and risk modeling (think FICO and similar risk scores) along with the various real-time decision engines networks financial institutions use to access them (think Zoot or Transunion), is unique to the US. It is possible not only because of the advanced technology infrastructure we enjoy in the US, but also because of the existence of a universally recognized 9 digit Social Security number that can be used as the critical key to create a unique identification for most individuals. It is a standard process to use this unique ID to access data about them, including a variety of pre-computed credit scores, and automatically assess the probability of a loan default risk. We can evaluate the profile of Bill Jones who lives on 20 Market Lane Any town USA with a Social Security number of 111-22-3333 in real time and extend to him an offer for a loan for that automobile in minutes.

Now let's consider using that same technology or transaction processing model for assessing the loan-default risk in two of the world's largest markets outside the US , China and India . Consider processing a loan application transaction for Wen Li who lives in Beijing , China . According to one researcher, over 50% of all Chinese people use one of these nine Chinese family names and their variations: Chen- Chan, Lin, Huang-Hwang-Hwong, Li-Lee, Zhang-Chang, Wu-U-O-Oh, Wang-Wong, Cai-Tsai, or Liu. Another researcher calculates that by using 50 different family names you can name 90% of the population of China , or over a billion people. Add to the identification complexity the fact that even though there is a unique and universally accepted identification number for Chinese citizens, it is not widely deploployed. And criminal records are generally in the form of a police file is kept in a drawer at the local constabulary that can only be accessed with special permission by the local authorities.I am sure you get the idea. Now consider that in some parts of India the use of surnames is not a common practice - many people have only one name and use the name of their city as a last name in official documents - and Krishna or Kumar is a common name used by millions. Since there is no reliable national ID structure, one has been in the works for years but it is not widely deployed, the credit agencies operating in India today have to use a combination of identification keys such as passport numbers, voter ID, driver's license, etc. to provide credit risk data to financial institutions.

And these challenges are not limited to Asia . A common data structure for identifying individuals is unfortunately a challenge even in European countries where the information exists digitally. Take Germany for example. There, even though the Deutsche Bundesbank maintains a credit register that is, by law, populated with data from financial institutions in the country, in addition to a few private sector credit bureaus, there is no universal common structure to the data.

A company processing credit risk assessment transaction anywhere outside the US, has to consider and create unique identification models that can use and cross-reference a variety of disparate data sources, create and use risk assessment models based on inconsistent or incomplete datasets, and recognize that the process of handling these transactions may require manual intervention. There are a number of companies trying to accomplish that and the edge will go to the one that introduces a real functioning solution to the global financial institutions that will open the market for automated consumer lending to millions of people that these institutions cannot reach today.

Today's cross-border litigation has become the norm, countries impose monstrous fines to companies they view as violating their laws (see Microsoft vs. the European Union), and Sarbanes Oxley raised the cost of ignorance of litigation risk for US-based publicly traded companies to new levels. Today, compliance with the local laws is a critical component to the global expansion plans of any company.

An example of a new compliance environment for the transaction processing industry, is consumer data privacy and usage laws. In the US , there are published and well established rules and regulations around privacy and general consumer protection, such as the Fair Credit Reporting Act (FCRA) and associated other statutes. These laws provide a good - even though not perfect- legal framework that is fairly well understood and it generally covers both the companies legitimately collecting and utilizing that data as well as protects the consumers being affected by it. Unfortunately, the legal framework around consumer data protection is not always as clear, reliable, or well understood in many countries, sometimes even by local companies operating in those markets. That is not to say the local goverments are not actively involved. One of the chalenges is the rapid and continuously evolving legislation developed as their consumer market sophistication increases and not always at the same pace.

Take for example, the use of personal data for pre-employment screening purposes, or for criminal background checks by employers. In the US it is a clearly understood, accepted, and legally established practice that any data available on the public domain, such as court decisions, convictions, bankruptcies, etc. can be collected and consolidated by any company that wants to provide a service for entities legitimately seeking this information.

In many countries around the world that is not the case at all and making that assumption can be extremely costly to a US company. Forget the fact that many foreign courts do not make the information available in an online format; In some jurisdictions it is illegal for any non-governmental entity to even collect such data, let alone store it in a database and make it available to others. And even when the data is available and can be collected, the use of that data for employment decisions is limited by complex union and trade guidelines.

These laws are so varied and complex most global companies engage companies that provide pre-employment and background screening information for their international employees and their US-based foreign employees. Unfortunately, generally to reduce costs, many employer companies engage second-tier providers without realizing the risk they take. Because of the complexity of compliance, some second tier providers choose to ignore it and operate outside the laws of the country where they collect the data in and in clear violation of any number of international statutes regarding the transborder transfer of data on individuals. The major players in the US , such as ChoicePoint, invest significant amounts of money and make every effort to ensure the legality of the information they provide, and even they face the occasional legal challenge. Many second tier providers are generally small companies privately held and frequently staffed with retired law enforcement personnel. They and their similar in size partners in foreign markets play fast and loose with these restrictions and can put their clients at risk.

Unfortunately, when buying consumer data internationally, it is clearly a buyer-be-aware market. In certain countries in Asia , violation of these laws for the use of consumer data carries stiff penalties including incarceration of company executives involved in transactions. I know at least one HR executive that used a second tier background screening company who was detained and barely escaped a formal arrest and jail time when visiting a foreign country not too long ago. And that, because of the data collection practices his provider used to screen employees being hired for a new operation. In another case, a US company bought a database from a Latin American company, who provided all the proper representations and warranties on the legality of their database, only to find themselves being sued by that country's government for violating privacy and other laws regarding the legality of the data. I remember a particularly enlightening experience when working on a transaction with a database company in Easten Europe where their CEO, after several beverages at the local watering hole, admitted to me that over half the data in their database was provided illegally by prior members of the former secret police. Needless to say, the next day I booked a new flight to the US and advised my client to completely disengage from the transaction and pursue other partners in the region.

Companies considering entering the global marketplace to provide transaction processing services using consumer data, need to be do at least a couple of things. Obtain competent legal counsel with local knowledge of compliance issues and not rely on US consultants who gather all their info from public websites and have never travelled outside the US. Verify the information on any research report that is more than one year old. Scrutinize marketing information on websites, and challenge assurances from the company they are buying the data from if they are not backed-up by respectable legal or consulting firms. This is particularly important for any US publicly traded company because the consequences for its executives and directors arising from Sarbanes Oxley alone could be significant if they are found to have violated local laws, let alone sanctions and fines imposed by the foreign governments.

In addition to the legal challenges, the current anti-American climate is also feeding international executive and company paranoia about how US companies, or the US government, will use the data about their employees, customers, or citizens. Even some of our neighbors in the North have recently come up with some very unique requirements as it regards the collection and storage of Canadian citizen's data. Silly and a waste of resources as it might be, to satisfy a particularly large Canadian client, a company that used a central repository for their entire consumer data had to duplicate the system in Canada - from applications to databases - so none of the data on Canadian citizens ever physically left Canada .

Even though it is a myth the Chinese symbol for Crisis is made up of the words for Opportunity and Danger, the concept is still good. There are many opportunities in the international marketplace for transaction processing companies and the potential for those that capitalize on it is limitless. There are also dangers to those who enter it without being prepared and who do not understand and mitigate the risks.

Chuck Papageorgiou is the Managing Partner of Ideasphere (www.ideasphere.com), an executive consulting firm based in Tampa, Florida, from where he works with clients focusing on operational turn-arounds, strategic technology deployment, and M&A and outsourcing transactions on a global basis.