Why did Tide sign up the Company Registry scam as an affiliate?

We reported yesterday that, if you incorporate a UK company, you are likely to receive a letter from “Company Registry” charging you £45. It’s a scam, and a large and well-organised one.

We’ll be naming and shaming the legitimate businesses who are facilitating the scam. The first is Tide – the FCA-regulated “all-in-one business finance platform”. Tide signed Company Registry up as an affiliate, and has been happily paying the scammers £50 for every “customer” they refer to Tide.

The scam

If you incorporate a UK company, you are likely to receive a letter like this from “Company Registry” (company-registry.org):

It looks like an official document – an invoice for a service that has already been purchased (“Pending”, “Complete activation”, “These are the next steps”).

The reference to a “COVID 19 New Business Relief Deduction” again gives the impression this is an official letter.

It isn’t. It’s a scam. More about that in yesterday’s report.

The link to Tide

A few minutes after registering with the scam website, I received this:

To my surprise, that link took me to a genuine new account page from Tide:

Tide is an FCA-authorised “electronic money institution” which offers business bank accounts from ClearBank.¹

What’s happened here is that Tide has signed up Company Registry an an “affiliate”, so Tide pays Company Registry £50 for every successful referral (the link in the company-registry email contains an “affiliate code” which Tide then tracks).

Tide says it’s easy to become an affiliate:

It appears to be rather too easy.

Tide’s initial response

We asked Tide for comment. It took them three weeks to get back to us with this statement:

“Tide maintains appropriate systems and controls to assess and mitigate risk associated with all Affiliate relationships, both at the onboarding stage and during the period of those relationships. If you would like to find out more we suggest that you speak directly to Company Registry LLC.“

How likely is it that Tide has “appropriate systems and controls”?

Most financial institutions have very sophisticated² “know your client” (KYC) and anti-money laundering (AML) systems to assess potential clients, suppliers and counterparties.³

But in this case, sophisticated systems weren’t required, merely one look at Trust Pilot⁴ or a Google search:⁵⁶

The obvious conclusion: Tide has either no controls over its affiliate relationships, or ineffective controls.

Tide’s subsequent response

We told Tide that their response suggested they weren’t taking seriously what was a significant AML failure by a regulated institution. We said we’d be asking the FCA to investigate their other affiliate relationships.

Tide responded with this:

“Our investigation is ongoing. Pending the outcome of this investigation the Affiliate has been suspended.“⁷

It’s not clear why an investigation should take three weeks, or why it was only mentioned after we queried Tide’s original statement.

The good and bad news

The bad news is obvious: Tide signed up an obviously fraudulent company as an affiliate without conducting even basic due diligence, and then paid (we assume) a large number of £50 referral fees to the fraudsters. This follows an unrelated recent report about apparent AML/KYC failings by Tide.⁸

But there is some good news:

• Tide can contact every customer that was referred by Company Registry, tell them they’ve been scammed, and suggest they request a chargeback from their credit card issuer.
• Tide must have conducted KYC on Company Registry LLC (the Arkansas company running the scam) before paying it referral fees. Tide therefore knows who owns the company, and how Tide was making payments to them, and can now pass this information to the police.

We’ll be asking Tide to confirm that they’re doing this. We’ll also be asking the FCA to investigate Tide’s due diligence processes.

---