Why thinking like a criminal is the only way to build your technology effectively
Financial crime is big business. Analysis estimates that there is anywhere between two and four trillion dollars’ worth of illicit funds in circulation globally at any time. The scale of the global financial system means that maintaining absolute oversight is a truly herculean task. With approximately 1.2 billion transactions taking place daily, it is incredibly difficult for fraud investigators and compliance officers to determine which of those are legitimate, from those that are associated with nefarious activity. Creating further difficulty is the speed with which transfers are conducted. A normal bank transfer takes place within fragments of a second, making it very easy for criminal activity to go unnoticed.
- Read the latest issue of Gigabit
- Building Customer Trust – Cybersecurity in CSR Programmes
- Line acquires Korean cybersecurity firm GrayHash to aid fintech growth
- Blackberry acquires AI cybersecurity firm Cylance in 'biggest ever' acquisition
Reflecting the difficulty in tackling white collar crime, financial institutions have invested significantly in compliance, with anti-money laundering measures alone resulting in a global industry spend of around eight billion dollars in 2017. Much of this spending has led to the rapid deployment of assistive technologies. However, these efforts have been to no avail, with only an estimated 0.2% of the illegitimately derived capital in circulation ever being recovered. Evidently, a new approach is needed.
In the realm of cybersecurity, organisations are increasingly employing hackers to improve their digital security solutions. These individuals are paid to try and compromise network infrastructure, reporting back to the organisations with any vulnerabilities discovered. By adopting the mind frame and tactics of criminals, organisations can design defensive measures with them in mind, proactively defending against future attacks. This tactic should be emulated by financial institutions. They need to understand the mindset of the criminals to make marked improvements in the fight against white collar crime.
The current technological solutions
Despite the gargantuan sums of money now spent on compliance, there is still an overwhelmingly strong argument to suggest that the focus has been on regulatory compliance rather than the prevention of criminal activity. The reactive, sequential way in which compliance technology has been designed and implemented attests to this. Incumbent Transaction Monitoring Systems (TMS’s) are calibrated to detect basic rules and scenarios which are well understood by the criminals. The groups engaging in financial crime at any kind of scale or significance are extremely intelligent, making use of incredibly sophisticated tactics and complex webs of relationship and corporate structures. They will avoid the simple mistakes that the systems are looking for. Furthermore, with the sanctions for missing an instance of financial crime being significant, TMS’s are often set up to cast the net wide, resulting in a vast number of alerts with false positive rates well in excess of 99%. This often causes a large backlog of alerts, leading to investigations being outsourced to armies of process-driven investigators.
Outlook of a fraudster/money launderer
To truly combat money laundering, the role of a compliance officer must change. At present, the role is tooled toward ensuring that an organisation is compliant, with the technology being reflective of this. This results in an approach which is akin to box checking.
For a money launderer, the pressures are entirely different. For them, the price of failure could literally be a life or death matter. Resultingly, their task is one which is never ending, and they are constantly devising new and ingenious ways to transfer the funds. The best money launderers possess significant expertise about the financial system in which they operate, and as such understand the best methods to progress without attracting attention. Some specific vulnerabilities that they may seek to take advantage of include an unsatisfactory moral philosophy in a company, substandard levels of training or supervision, and inadequate internal controls and technology.
Re-tooling technology to help: Joining the dots
To address the more pressing money laundering risks, banks need to take a different approach, one that can interpret and risk assess these complex webs of activity then present them assembled and prioritised for investigation. Money launderers are not transactions; they are individuals. The existing TMS’s are (by their very name) transactional and, therefore, unaware of the true context.
A new approach is required that combines data from both inside and outside the bank to understand the true context surrounding individuals and businesses, as well as the relationships between them. These systems need to be AI and Machine Learning enabled so they can easily spot the complex patterns left by the criminals in the data.
The current system for tackling financial crime is incredibly inefficient, with less than a percent of illicit flows currently in circulation ever being recovered by the authorities. Contributing to this is the pressure placed on the banks, which results in them prioritising compliance over actively stopping financial crime. To truly stem the tide of illegal money, we must see an attitudinal change, one which acknowledges the methods and tactics used by criminals. This will be driven by new technology that can understand the context of all the data in order to think like the criminal.
- Being your own data security expert in the absence of 2FAData & Data Analytics
- Riyadh to host 5th ed. of Gulf Congress on Cyber SecurityCloud & Cybersecurity
- Darktrace advances AI to proactively protect organisationsAI & Machine Learning
- Cyber experts SANS Institute praise Apple's Lockdown ModeCloud & Cybersecurity