The United Nations Office on Drugs and Crime estimates that US$ 800 billion to US$ 2 trillion is laundered through worldwide financial systems each year. That is an astonishing 2%-5% of global GDP.
The fight against money laundering and other financial crimes is a never-ending battle. No sooner have financial institutions got to grips with one tactic, than the criminals have moved on to new methods and alternative strategies.
The rise of the digital economy during the Covid pandemic has opened new avenues for financial crime and the perpetrators have been quick to exploit them. Often financial institutions are hampered by outdated legacy systems and software which make it hard to comply with revised and new measures which are introduced to reinforce AML frameworks. The criminals, by contrast, are not bound by such compliances, are nimble and can adapt quickly.
In this ongoing fight against financial crime, financial institutions must stay ahead of the myriad of ways bad actors are trying to infiltrate their systems. Increasingly, innovative technologies such as advanced analytics, AI and ML have become the ammunition deployed by banks to bolster their frontline defence.
To mitigate challenges posed by such crimes, financial institutions are increasingly looking to AI and ML to help them get the upper hand – to harness the potential of advanced analytics.
Most financial services companies are aware that AI is getting faster and cheaper and offers smarter ways to tackle financial crime. For example, AI can scan enormous amounts of data and identify patterns, behaviours, and anomalies faster than any human can. It can analyse voice records and detect changes in emotion and motivation that can give clues about fraudulent activities. AI can investigate linkages between customers and employees and alert organisations to suspect dealings.
Financial institutions all around the world are looking at better ways to stay ahead of the bad actors and keep the robustness of the entire ecosystem. Singapore, as one of the major financial hubs, has worked together with the regulatory agencies in the fight against financial crimes like money laundering and terrorism financing (ML/TF). Regulatory authorities and law enforcement agencies are keen to tap public-private collaboration and catalyse the effective use of enabling technologies to prevent criminals from abusing the financial system.
This points to the question: How can financial institutions take advantage of the tools and techniques available now while preparing themselves for what the future might look like?
The Fraud and Financial Crime Day held on 08 April 2022 was aimed at imparting knowledge on how Singapore financial institutions can accelerate the adoption of cutting-edge technologies like advanced analytics, artificial intelligence, and machine learning to fight the ever-evolving financial crimes.
Contending with the growing threat of fraud
Kicking off the session, Mohit Sagar, Group Managing Director & Editor-in-Chief acknowledges that the pandemic brought significant changes in culture and perspective. More people are getting online for work, shopping, information, news entertainment and getting financial transactions. This increased the attack/risk surface astronomically, allowing bad actors scores of openings and opportunities.
In the digital age, the implications of financial crime against banks and other financial services institutions are accelerating rapidly, Mohit notes. In 2021, global online fraud attack rates grew by a staggering 223%.
Of course, organisations, enterprises and government agencies ran many awareness and education campaigns. This had some effect and impact. But while education is important, and organisations (financial and others) deploy ways to mitigate financial crimes, the fact is that criminals also update, upgrade and improvise to counter these measures.
To manage the risk, the government and banking industry must come to get together to ensure that they can cope with the volume of crimes, he asserts. Fraud prevention now represents one of the biggest areas of concern for the financial services industry and is likely to have bigger ramifications in the coming years. There is the fraud that goes undetected, impossible to account for and assess.
Yet, institutions are not giving technology the amount of attention it should be given. As criminals become more sophisticated, it is imperative to explore technology that can help with the issue.
Digitalisation presents opportunities and challenges. Technology as a tool is a two-edged sword capable of swinging both negatively and positively. The same thing could be said for financial crimes cases. While technology serves investigators and prosecutors in their fight against crime, it has also given criminals an easy way to carry out fraudulent practices.
Closing his address, Mohit strongly recommends organisations look for specialists to partner with. “Let the experts do what they do best,” Mohit urges. “It not only allows the best systems and infrastructure to be put in place but also frees up the organisational workforce to focus on driving growth.”
Harnessing technology to manage financial crimes
Alex Kwiatkowski, Director, Global Financial Services, SAS spoke next about the role of AI/ML in dealing with financial crimes.
SAS is the founder of analytics and has been working with data since 1976. In the context of financial compliance, financial crime fighters are there to protect banks and customers from the nefarious acts of criminals.
The last two years have shown that institutions need to prepare themselves with technology that will allow them to mitigate the impacts of a major disruptive event. “COVID-19 was a playground for the criminals, capitalising on vulnerabilities during digital transformation to different modes of operation to work in different ways. While financial crimes are not new, the pandemic accelerated and exacerbated the situation.
Besides the adoption of technology, Alex emphasises that managing financial crimes will require processes – the way technology is wielded to solve issues – and people – having the skills to address the problem.
“AI may be prevalent, but it still requires a human to decide on the application,” Alex opines. “Moreover, people are important in the implementation of responsible AI and processes.”
In conclusion, Alex believes that AI, ML and robotics play a huge role and will continue to play a significant role in the future. In financial institutions, speed in decision-making is key to reducing the number of false positives and letting through legitimate transactions. Through technology, Alex asserts, institutions can find the ability to provide seamless service to customers and ensure that criminals continue being inconvenienced.
Role of KYC in Anti-Money Laundering
Karthik Prabhakar, Lead Advisor – Know Your Customer Centre of Excellence, ANZ spoke on the importance of KYC as a baseline and understanding ways to leverage technology to devise solutions in Anti-Money Laundering.
“KYC is the line of actual control – the first line of defence in the fight against financial crimes,” Karthik opens. “it is the cornerstone of an effective AML policy.”
He explains that the purpose of KYC is to ensure that the customer is “who they say they are.” He observes that COVID-19 amplified existing risks even as new risks are continually emerging. In such a scenario, existing controls no longer work and must be re-examined.
Consequently, the are several challenges that present themselves:
- The need to design newer controls
- The need to leverage better and faster technology
- Uplifting capability
- Navigating through regulatory reform and change
- Focus on business
- Balancing costs and providing a return to the shareholders
For Karthik, the possible solutions can be arrived at when various stakeholders come together – government, tech, and end-user – to meet the challenges.
Government (Legislative reform)
- Stronger legislation
- Consistent timely legislation
- Modern legislative framework
- Easy to implement but robust standards
- Inter-governmental collaboration
End-users
- Develop robust risk and control systems
- Identify emerging risks
- Industry collaboration – share information & intelligence
- Ethical business practices
Tech
- Adherence to standards
- Ethical tech that balances commercial needs with privacy and security concerns
- Easy to use, easy to implement and scalable solutions
- Cost-effective
In closing, Karthik echoed Mohit’s assertion that technology needs to be implemented to meet the new challenges presented by increasingly sophisticated criminals. The changes brought about by the pandemic have increased the incidences of financial crimes, which require close attention. For institutions to stay on top of their game, they need to strengthen their AML strategy, he concludes.
Power Talk / Interactive Discussions
Following the presentation, Mohit moderated an interactive discussion, featuring panellists, Karthik Prabhakar, Lead Advisor – Know Your Customer Centre of Excellence, ANZ; Kelvin Tam, Regional Head of AML Technology – Asia Pacific, HSBC; Kenneth Koh, Head of Industry Consulting, APAC, SAS; Christopher Tan, Partner Revenue Acceleration Director – APJ, Intel.
The first poll asked delegates what their key challenge was in preventing financial crimes. Delegates were fairly evenly split between legacy systems (30%) and criminal innovation (27%). The rest went with the complex compliance landscape (17%), evolving financial landscape (17%) or other unlisted issues (9%).
One delegate believes that legacy systems are unable to cater to the complex landscape and there is a need for a better system to adapt to innovations in financial crimes. “Making sure that we have the right tool and system is paramount,” he opines.
On that note, another delegate recognises that it takes time for institutions and people to adjust to changes. There is a period of getting familiar with new systems and processes.,
Ahmed agrees that dealing with legacy systems is a big challenge for people across the board. Institutions need to be agile in dealing with emergent risks, he believes.
Kelvin added that the financial landscape is constantly evolving – there is an increase in payment channels. With the pandemic came a radical change in behaviour by consumers. That means that bad actors can tap into the new channels. Further, he points out that legacy systems are not able to keep up with the rapidly changing rules of compliance.
Kenneth added that the growth of financial institutions also makes detection more difficult. New challenges are taxing the first-generation fraud management solutions, placing pressure on systems.
The next poll inquired on the use case that is the most likely to help organisations in the financial crime and compliance management space. More than half (55%) expressed that working with full datasets to analyse potential fraud would be the most beneficial. The rest of the delegates expressed that adjusting behavioural models to new fraud patterns with a low degree of latency (36%) and creating a data lake to help respond to regulatory demands (9%) are the most likely to help them.
In response to a question about the difference between creating a data lake and having full data sets, Kenneth explained that a data lake creates a data repository while having full data sets refers to all data and takes into consideration the quality of data used.
To mitigate financial crimes, Kenneth recommends the approach of examining the financial crime analytics lifecycle in three ways: Data: Data management and data quality checks; Discovery: Uncovering behavioural models and network link analysis; Deployment: Deploying the model to detect new forms of fraudulent activities
Mohit also added that data lakes also refer to specifically to the centralisation of data.
Karthik opines that a data lake is more useful for measuring fraud. To manage fraud, data needs to come from different sources, which strengthens the case for having centralised data.
The third poll asked about an organisation’s biggest compliance-related pain point. Delegates were equally divided between their limited ability to dynamically adapt through using machine learning and decisioning on the fly (35%) and the many ‘false positives’ that the AML system generates (35%). The remaining delegates selected poor or outdated data segmentation (10%), limited ability to detect hidden legal entities (10%), high cost and effort to adapt to new regulatory guidelines (5%), or little or no alert prioritisation (5%).
Kenneth shared that fraudsters are getting sophisticated and asked delegates to consider a hybrid model when it comes to fraud detection. This involves simultaneously looking at business rules, anomaly detection and social network analysis to create a hybrid model. “Having false positives is normal,” Kenneth explains. “However, with technology, it is possible to minimise false positives and increase the true positives.”
When asked about their organisation’s biggest pain point concerning data, half of the delegates (50%) consider coverage – collecting and compiling data globally – their biggest pain point. The remaining delegates were split between recency – data being up to date (31%), relevancy – data being stored in the right categories (14%) and others (5%).
Ahmed opined that reconciling the information is challenging because organisations have to collect data from many data sources. As such, he recommends the use of technology to help with data management. Christopher added that out of the data generated only a small portion is relevant and usable.
Combating money laundering through technology
Ahmed Drissi, Anti-Money Laundering Lead, APAC, SAS, spoke next on the use of technology and the best practices banks need to fight money laundering.
“How do we fight crypto money laundering,” Ahmed asks. “Crypto is fast becoming a mainstay; financial institutions need to understand the latest risk and how it will impact our customers.”
In reviewing the crypto market, he notes how events have been responding to this growth. “It took about 50 years to grow credit cards’ volume of payments from US$ 0 to US$ 14 trillion across companies and only 4 years for US$ 4.3 trillion in cryptocurrency payments!”
The initial response from banks was the de-risking of crypto because of cross border concerns, anonymity, and intermediaries. However, financial institutions are embracing Cryptocurrency Custodial Services in 2021:
- PayPal is adding crypto buying, selling, and custody features to “Venmo and select international markets”
- Deutsche Bank plans to offer crypto custodianship, trading, and token issuance services.
- BBVA Bank offers crypto trading and custody
- BNP Paribas offers security token transfers
He notes the following trends about the stand of financial institutions vis-à-vis cryptocurrency.
- FIs offering crypto services (i.e., Fidelity, Square, DBS)
- FIs providing services to Crypto Businesses (i.e., Signature, Provident)
- FIs Observing or not engaging with Crypto-Assets
Yet all the above FIs, Ahmed notes, face the risk posed by cryptocurrencies through their customers buying cryptocurrency. The challenge, then, lies in recognising the differences between money laundering and regular crypto exchange
He gave two examples of the risk that financial institutions face:
- Decentralised Exchange
Unlike centralised exchanges held on platforms and properly regulated by the same AML regulations, decentralised exchanges have No KYC, No SARs (STRs), No transaction monitoring, No registration and No record-keeping
- Risk of NFT
Money laundering for NFT can take the following process:
- Placement: Illicit actor purchases NFT with ill-gotten gains (e.g., ransomware, Dark Web)
- Layering: NFTs purchased and sold by and among illicit actors without limitation
- Integration: Illicit actor sells NFT, absent formal record or justification for the movement of funds
In a review of the Crypto Regulatory Landscape, Ahmed shares that in September 2020, FATF released a report on Virtual Assets Red Flag Indicators of ML/TF. That meant that for banks to detect any of the red flag indicators of ML/TF, they must be able to accurately identify and monitor all crypto-related transactions.
Accordingly, FATF requires obligations to obtain, hold, and transmit required originator and beneficiary information associated with Virtual Asset transfers to:
- Identify and report suspicious transactions
- Take freezing actions
- Prohibit transactions with designated persons and entities
VASP Identity fields are also required by FATF:
- Originator’s name
- Originator’s account number where such an account is used to process the transaction
- Originator’s physical address or national identity number or customer identification number that uniquely identifies the originator to the ordering institution, or date and place of birth
- Beneficiary’s name
- Beneficiary account number where such an account is used to process the transaction
However, Ahmed also notes that there are emerging challenges for VASPs:
- The ‘sunrise issue’ staggered enforcement of crypto AML regulations
- Counterparty VASP Due Diligence
- Cybersecurity, privacy, and data protection
Ahmed shared some of the best practices in monitoring virtual currencies in the payment networks. A typical name-based system may entirely miss up to 70% or more of the crypto exchanges out there and up to 90% of the actual transaction volume.
Most open-source lists are incomplete, perhaps covering the top 100 exchanges, leaving out the other 600+ exchanges. Many exchanges do not operate a business under their popular name. He concludes that name matching is not sufficient to find all cryptocurrency exchanges, resulting in significant missed exposure.
For Ahmed, better red flag indicators of ML/TF are:
- Converting a large amount of fiat currency into VAs with no logical business explanation
- Potential crypto money mule or scam victims
- Sending funds directly to high-risk or sanctioned regions
- Sending funds directly to a wallet tainted by a sanctioned entity
- Direct and indirect transactions with dark markets
- Use of mixing services
In conclusion, Ahmed emphasised the importance of understanding the threats from cryptocurrencies because of their increasing preeminence. Fighting money laundering has become a complex challenge that requires intelligent solutions.
Power Talk / Interactive Discussions
After the presentation, Mohit continued with the interactive discussion, featuring panellists, Karthik Prabhakar, Lead Advisor – Know Your Customer Centre of Excellence, ANZ; Kelvin Tam, Regional Head of AML Technology – Asia Pacific, HSBC; Kenneth Koh, Head of Industry Consulting, APAC, SAS; Christopher Tan, Partner Revenue Acceleration Director – APJ, Intel.
The poll inquired about the events that are likely to drive change within the organisations of the delegates. Most delegates (69%) find the regulatory enforcement action is the driver of change. The rest of the delegates were split between the options of reputational risk (19%) and competitor threat (12%).
Although most of the delegates find the regulatory enforcement action the driver, Mohit suggests competitor threat as a driver, given that digital banks do not have legacy systems to navigate through nor have a perfect data set. For Mohit, they are the main disruptors of the financial system.
“The top ten richest companies today were not in existence 20 years ago,” Mohit states, making the point that the world is changing rapidly with digital currencies and the crypto world.
Kenneth believes that regulatory enforcement action is the main driver because both digital and traditional banks will be governed. The other two options can be affected by the regulatory enforcement action. He states that if a bank is fined for non-compliance, the reputation of the bank suffers.
The final poll asked delegates how concerned they are regarding money laundering risks associated with Cryptocurrency. More than half (59%) were extremely concerned, while the rest were moderately concerned (33%) or not concerned (8%).
Mohit believes that when crypto is legalised it will be a major concern.
Ahmed added that even if cryptocurrencies are not regulated, he urges institutions to take advantage of the time to understand how cryptocurrencies work to understand the risks. He also added that even if banks are not offering services, customers are still sending funds to exchanges and trading. In that regard, banks are still exposed to risks from cryptocurrencies.
Closing
In closing, Ahmed thanked everyone for their active participation in the discussions. He reiterated that the use of AI and Ml is crucial for institutions to mitigate financial crimes. Giving practical advice on what delegates could do on the journey, Ahmed suggests that organisations need to have clarity on the data that they need and the problem the organisation would like to solve.
AI and ML can improve efficiency and reduce false positives. He urged delegates to collaborate with partners through data enrichment on KYC, but also in managing cryptocurrencies. He encouraged delegates to reach out to him if they have queries on how they can incorporate AI and ML in their AML strategy.
