Keeping under the radar is one of the key strategies of a fraudster. The longer that a crime can go undetected, the better. This mindset is leading to techniques such as ‘silent fraud’, whereby fraudsters steal smaller amounts to avoid alerting to the fact that a crime is taking place. As fraud methodology changes, regulations are updated to reflect this. For example, FinCEN has proposed a reduction in the threshold whereby a financial institution must collect and share information on suspicious transfers with authorities, from $3,000 to $250.
The war of attrition between fraudsters and financial institutions (FIs) is adjudicated by the regulators. Keeping up with the ever-changing fraud landscape and techniques employed to launder money is an ongoing challenge. As the 2020s unroll, certain key AML compliance trends stand out. Here is our view of what the main drivers of AML compliance will be in the near-term and what is available to help banks manage these compliance challenges.
5 key trends in AML regulations and technology
Cybercrime is never static: tactics, processes, and people are forever adjusting to new drivers. These drivers include technologies and behavior with regulations morphing to close gaps. Below, are outlined five areas that are likely to have a big impact in the world of financial fraud in the coming years:
Regulations and pressure from all angles
The change to the threshold for suspicious transfers is an example of how the pressure on banks and other FIs is increasing. Change can be good, but it is challenging. Changes that impact how the operations of banks work, cause disruption and upheaval. Those changes need to be reflected across the board, from paperwork to technological structures. Banks have already been through a major operational change because of Covid-19 and Work from Home mandates. This looks set to continue with around 75% of investment banks planning to continue home working, permanently. This upheaval is exacerbated by pressure from changes to AML compliance, regulations, in the U.S., particularly, being in a state of flux in the last months of 2020 and into 2021.
The US National Defense Authorization Act for Fiscal Year 2021 (NDAA) has a wide-reaching impact on anti-money laundering (AML) regulations: The changes that the NDAA brings into play will affect regulations including the Bank Secrecy Act (BSA). Banks and FIs will be required to fit with the new mandate that includes “The Money Laundering Control Act of 2020” (MLCA) - incorporated as a title within the NDAA. The MLCA strengthens the US government’s anti-money laundering requirements and how the financing of terrorism is controlled (AML/CFT). A fundamental area affected by the MLCA is how information is shared among the agencies that govern and administer AML requirements. An extension of the MLCA is to modernize the Bank Secrecy Act (BSA) and other related laws to respond more appropriately to new and emerging threats. The MLCA also has a remit:
“Encourage technological innovation and the adoption of new technology by financial institutions to more effectively counter money laundering and terrorist financing”
The act has expanded powers and capabilities by creating two new subcommittees. These working groups will explore technological innovation with a focus on information security and confidentiality.
The result of the regulatory upheaval, along with changes in working patterns and consumer behavior, is creating a perfect storm of pressure on the banks. Banks and FIs must be prepared for the shift to more rigorous AML regulations. The right type of technology can help to alleviate this pressure. A report from BCG into the global risk landscape and banking states:
“... By using AI, machine learning, and other advanced technologies and practices, they (banks) can improve bank steering; deliver predictive, real-time insights; and execute faster and more efficiently. Yet success requires a willingness to see disruption not as a threat, but as a lifeline.”
Putting in the right structures and technology to deal with these changes will help to ensure that FIs and banks handle the challenges of change, seamlessly.
Who are you?
Identity verification is where the buck stops. AML regulations are designed to manage risk, and risk-based identity verification has delivered the Know Your Customer (KYC) process. KYC is a starting point for AML compliance, but verification is not a one-stop-shop. As consumer behavior changes, and as new fraud tactics arise, the use of verification requires a more fluid and real-time approach. For example, during the Covid-19 pandemic, the use of Card Not Present (CNP) transactions increased because of social distancing and stay-at-home orders. The result was a 30% increase in CNP fraud during Q2 of 2020. Running in parallel, account takeover attacks accounted for 54% of all fraud events in 2020.
As the regulatory restrictions tighten the noose around the currency batch of fraudster tactics, new ones will appear. Traditional rule-based AML platforms are unable to adapt quickly enough to counter new vulnerabilities and entry points, especially as financial ecosystems become ever more complex and multifaceted across multi jurisdictions and organizations. A system of ‘zero trust payments’ will require the use of intelligent technologies that can use the flexible and dynamic nature of machine learning and deep learning. These smart AML solutions can self-learn new ‘good’ consumer behaviors and use these models to help spot anomalous patterns and events, even as the fraudsters change their tactics.
The customer is always right
Consumer and organizational behaviors continue to change the goalposts of global financial systems. Banks innovate around consumer behavior to offer better customer experiences. In doing so, new vulnerabilities appear. Regulations come along to try and deal with these vulnerability gaps. A prime example is the recent FinCEN Files debacle. The resulting FinCEN “Final Rule” pushes the onus of customer due diligence (CDD) back to the bank. By placing the customer first, banks have focused on the customer experience. In doing so, new channels of attack have opened as multi-channel interfaces with banking systems have become realized. The move to excellence in customer experience is a vital part of modernizing banking. AML compliance is still required, however, no matter what channel a customer uses to interact with a bank. To maintain compliance and keep a great CX, the AML checks must be done seamlessly and without impacting the user journey. The multiple, real-time checks that are required to perform AML checks could impact this user experience. However, self-learning, machine learning-based AML solutions can provide robust, fast, and accurate checks, in the background, and in real-time.
What about those Ultimate Beneficial Owners (UBO)?
Expanding on the KYC/CDD side of AML, beneficial ownership has become a hot topic, especially considering increasing TBML issues, where the obfuscation of business owners adds a layer of complexity to AML checks.
In the EU, the Anti-Money Laundering Directive, version six (6AMLD), to be implemented by financial institutions by 3 June 2021, broadens the definition of money laundering. The directive also improves the transparency of beneficial owners.
Beneficial ownership is another focus of the U.S. NDAA, with a requirement to report beneficial ownership at the time of company incorporation. This will affect a wide range of companies. The data on beneficial owners must be supplied to a registry at the Treasury Department’s Financial Crimes Enforcement Network (FinCEN). This register will be used during investigations and is hoped will prevent the use of shell companies for Trade-Based Money Laundering (TBML). This focus on beneficial owners in the NDAA opens a raft of new requirements that will percolate through laws such as the BSA.
Saved by the machine
Money laundering has brought out the innovative side of fraudsters. As supply chains deepen and connectivity widens, fraudsters use whatever means they can to circumvent detection. This often results in new and improved systems to launder money across complex webs of interaction, processes, and people. A 2020 FATF-Egmont report into future trends in TBML states:
“The report notes the continued occurrence of third-party intermediaries, often as part of the financial settlement process. These third-party intermediaries, linked to the OCG, PML or terrorist financier, can quickly integrate into the transaction chain, creating additional distance between their activities and the TBML or TBTF scheme.”
The mountain of documentation that flows along with the goods and money is adding to the difficulty in detecting trade-based money laundering. Financial analysts need support from intelligent TradeTech that uses AI-enabled technologies to help unweave these complex relationships that shore up TBML. EastNets wrote about how these AI-technologies can be used to decipher the paperwork and locate the fraudsters in our post “Smart Ways to Combat Trade-Based Money Laundering”.
Managing compliance and keeping on the AML path
The AML regulatory landscape is almost as fluid as the fraudsters who take advantage of our financial systems. The business of money laundering is increasingly hidden behind the complexities of cross-jurisdiction data sharing, and expanding supply chain ecosystems, ensuring compliance with AML regulations is not easy.
The perfect storm is brewing, transaction volumes are increasing and financial criminals turning to new avenues of exploitation. FIs and banks can no longer rely on manual investigation; there is just too much data. AI-enabled AML tools turn this situation around by using a data-driven approach to compliance. AI tools are used to generate actionable insights and alerts that dive deeply into the obfuscated TBML and payment networks. Smart fraud detection tools help an overloaded compliance team manage the regulation requirements whilst mitigating risk. AI empowers compliance, working in unison with human analysts, to unravel this complicated regulatory and money laundering landscape.
Eastnets Crime and Compliance suite helps you detect and block money laundering and suspicious activity. Learn more.