Martin Rehak, founder and CEO of Resistant AI, discusses how artificial intelligence (AI) can lend itself towards the fight against money laundering
The Fintech industry’s rapid growth and use of new technologies to meet the rise in demand for online services has brought with it increased levels of cyber crime. Criminals have taken advantage of the benefits digital banks offer to access money, launder illicit money and fund terrorism worldwide. The growth in technology for blockchain and digital payments provides new opportunities for criminals to launder funds at faster speeds and larger scales than they might have been able to previously. According to UK Finance, criminals stole a total of £753.9 million through fraud in the first half of 2021, an increase of 30% compared to H1 2020.
With the huge amounts of data that Fintechs process, it’s no mean feat to detect potential money laundering activities using manual processes. But as fast as financial services adopt AI and automation to scale, fraudsters are matching – and surpassing them – in sophistication.
The Dark Web: a cyber crime bazaar where data is a hot commodity
Mike Schuricht, leader of the Threat Research Group at Bitglass, a Forcepoint company, discusses the role of stolen data in cyber crime over the Dark Web. Read here
Fintech anti money laundering (AML) challenges
Traditional financial institutions have had years to build out their AML programmes, gradually adapting to the increasing regulatory demands. Fintechs are playing catchup and trying to scale their resources and technology in line with demand for their services, whilst remaining compliant with regulations.
Digital banks need actionable insights fast to develop and improve their own AML/Countering the Financing of Terrorism (CFT) frameworks, but they face some key challenges in maintaining AML compliance. In 2021, the Financial Conduct Authority (FCA) announced that they were investigating Monzo for potential non-compliance with AML/CFT regulations, which should be a signal that there is increased focus on Fintechs.
Firstly, their reliance on online banking leaves them vulnerable when approving an account or transaction, needing proper risk assessment measures. Then there’s the amount of data which needs processing, and at pace, which comprises many types of data – from IP and geolocation data to other personal data obtained from apps and digital devices. The amount of data is hard to sift through to surface actionable, relevant, and timely insights – especially when current compliance processes are typically repetitive, data-intensive tasks that lack efficiency.
Besides the constraints imposed by convenience and the digital nature of their services, the fintechs also have smaller, leaner teams and budgets – yet must comply with the same regulations as bigger banks for AML/CFT. They also face similar licensing requirements, to obtain a licence through the Financial Conduct Authority (FCA) or partner with a licensed bank.
Foundations for an effective AML compliance framework
Understanding the risks
It’s vital for digital banks to be aware of the most prevalent financial crime typologies, to anticipate how criminals will exploit them. These include money mules, where individuals are recruited to move funds, knowingly or unknowingly, as part of a money-laundering scheme. Smurfing, meanwhile, is moving large sums of illicit money via lots of smaller transactions.
Others include fraudulent accounts, when an account may undergo a change in name, identity theft and account takeover fraud, where stolen identity information is used to establish accounts or take over a legitimate account. Fraudsters often use deepfake technology to impersonate someone, for instance AI-generated voices and altered videos and images. Social engineering can be used to manipulate someone to reveal sensitive information or take action. Tax evasion is also of particular concern when doing business with customers who open accounts in a foreign jurisdiction.
Digital banks operating in the UK must comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs), and use guidance provided by the Joint Money Laundering Steering Group (JMLSG) as a blueprint for their risk-based AML/CFT strategies. It’s vital Fintechs incorporate robust risk assessment measures during customer scoping and onboarding stages to avoid missing red flags in the approval process. It’s equally important to factor in a future-proof strategy and ensure continued assessment of the customer base.
Create and integrate tools that are scalable
Scalable technology solutions are the only way for digital banks to avoid compliance gaps, reduce operational vulnerabilities and power safe growth. As a digital bank expands into new markets and starts offering new products and services, its customer base will evolve, as will the AML/CFT risks. Choosing scalable and adaptable technology solutions offers flexibility to scale effectively.
With digital banks’ data growing rapidly, the key to scalability is automation. Fintechs need to know where best to apply this, and equally where applying it might weaken compliance teams’ detection abilities to spot suspicious behaviour. Finding the right blend of technology and human expertise is essential.
Using AI to drive efficiencies in operational hotspots
Deploying the right technology as early as possible in the life of the digital bank is critical. The sooner banks start collecting and surfacing the data they need, the sooner they identify risks with greater speed and accuracy. Modern AI techniques can efficiently sift through the vast troves of data collected across diverse bank departments, effectively replacing the manual investigative work. This allows the modern bank to investigate literally every transaction that happens in a split second, specifically in these areas. Banks can also test and optimise alert thresholds and familiarise themselves with typical suspicious behaviour. AI solutions can enable automation of these compliance processes, including:
- Onboarding and identity verification: Verification checks and KYC measures are vital to know your customers are who they say they are. Banks must understand how to contextualise the relationships between individuals and business entities to identify AML risks with high accuracy at the earliest opportunity. This could include using digital identity verification, including biometric data and scans of official documents. As some fake documentation appears highly realistic, additional measures, such as a video KYC check can be adopted. It’s worth banks considering the value in slowing down onboarding to minimise the risk of speedy, and inaccurate, approvals. By introducing layers into the initial scoping process, banks will be a step ahead.
- Screening and monitoring: Digital banks also need to screen customers accurately and efficiently against international sanctions and watch lists. They must also have the ability to identify and monitor changes in the status of politically exposed persons (PEPs) and any of their relatives and close associates.
- Transaction monitoring: This is important to monitor and understand the transactional behaviour of customers to ensure it is in line with expected behaviour. Consistent high vigilance for suspicious activity is essential, like unusual transactions completed at unexpected frequencies or volumes or transactions involving high-risk jurisdictions.
It’s a constant juggling act to deliver a seamless digital user experience while complying with AML/CFT regulations, but with a blend of scalable AI and other technology solutions, digital banks can deliver highly optimised AML processes.