Security & Fraud

Brighterion CEO: Why It’s Time To Break The AML Fraud Prevention Tech Rules

Money laundering Reemerging

There is much to be shocked by in the unfolding Danske Bank money laundering scandal, such as the simple amount laundered through the Estonian branch of the Denmark-based bank — $234 billion at current count, roughly the size of the entire Danish economy — or the fallout from the event, including the bank’s CEO Thomas Borgen stepping down in connection with the scandal and investor confidence evaporating. The bank’s share price has taken a bludgeoning as well, with its stock price down 43 percent since the beginning of this year.

However, as Karen Webster noted, perhaps the most surprising outcome of the investigation is just how long this money laundering debacle managed to carry on. Despite receiving multiple warnings from various sources over the years, she noted in her Monday Conversation with Akli Adjaoute, founder and CEO of Brighterion, that Danske Bank’s Estonian money laundering issue carried on for eight years before journalists exposed the story and forced the bank to act.

 

“How did things go so wrong, for so long?” Webster wondered.

Adjaoute noted that there is probably no satisfying answer to that question. Danske Bank’s problems are the biggest and most obvious at the moment, but they point to a much bigger, more puzzling issue that is affecting the financial services industry broadly. The question is why, after years of hearing about legislation and bank efforts to curb money laundering, we keep hearing about these scandals in the global news?

The answer, simply put, is that the technology being used to fight money laundering is not up to the task. The time for rules-based systems has past, and the time for artificial intelligence (AI)-based systems — or, as Adjaoute said, “the real AI” — is here.

Making Results Match Efforts

There is nothing fun, pleasant or enjoyable about being caught up in what Adjaoute described as “an [anti-money laundering (AML)] nightmare.” It’s expensive, time-consuming and extremely costly. Banks are working quite hard, day and night, to avoid finding themselves in the middle of one, he noted.

“All of these institutions are spending billions and billions, and billions, of dollars on compliance and AML, not to mention a ton of time and talent that goes into this,” Adjaoute told Webster.

For all that spend and effort, he added, banks don’t seem to be doing much better with AML. Instead, they are drawing fines from regulators and taking on massive damages. Why?

According to Adjaoute, the rules-based systems they are using are “pretty much useless.” They’re good at generating false-positives that take time and money to run down, but “have zero capacity to detect any changing threats.” What that means in practical terms, he noted, is that banks’ AML technology will spit back 8,000 alerts per day that are nearly impossible to address, while missing hundreds of actual threats that escape the confines of the rules it was trained to follow.

In a modern risk environment, Adjaoute said, that is a senseless way to approach the problem because the threats aren’t static. Criminal organizations are constantly developing new ways to take on systems, with the express intent of outsmarting the rules engine. These aren’t tiny one-offs, Adjaoute told Webster. They are highly sophisticated, well-capitalized crime rings that are recruiting Ivy League talent to think of new approaches to get around the rules most systems are using to screen for fraud.

Regulators like rules-based systems because they are familiar with rules, but those systems are ill-equipped to fight the fraudsters who know how to play the game using our own rules. Rules don’t work because they haven’t been effective at stopping the waves of money laundering that bank scandal after bank scandal is revealing. Instead, he said, they cost banks billions in fines, and even more in reputational damage.

The goal going forward, he told Webster, is “thinking AI-based systems,” designed to bring down the false-positives and spot emerging fraud patterns in real time. That means designing AI to apply flexible logic to situations — and to “think a bit more like a human being would” when it encounters something that looks unusual, or a pattern with other suspicious behavior.

Those systems, he noted, produce observably better results, as they drop from 8,000 alerts per day to a much more management — and often more actionable — 200 alerts.

The Power Of Transparency

While Webster agreed that a system with a logic engine, trained to use logic to spot fraud, versus a rules-based system would be an obvious improvement for financial institutions (FIs), she wondered if it could have really helped in a situation like Danske Bank’s.

After all, regulators warned Danske in 2007 of potential worries in Estonia, a concern JPMorgan Chase echoed six years later in 2013 when it cut its relationship with Danske. People inside the bank reportedly attempted to make the issue known to management throughout the eight-year period, but none of that made a difference until 2015 when media began to focus on the story.

Even if there had been better systems in place (systems that used unsupervised-learning AI), it seems other issues were at play in Danske, noted Webster.

Adjaoute agreed, but pointed out that a better system might have made it much harder to turn a blind eye to a big problem like $236 billion-worth of laundered money. Clarity is a big advantage when one is trying to spot bad behavior, he noted.

“The old system [is] generating 8,000 false reports a day, and that means that the fraud teams are unable to handle the reviews they really [need] to,” Adjaoute explained. “If they had a better system, the patterns would have emerged much more clearly and started that conversation much earlier. ‘Real’ AI can make the problem so obvious that it becomes really impossible to try to hide it or push it off.”

Though Danske Bank “knew”  or was warned  about what was going on, it needed the data it was looking at to show the fraud so clearly, that the bank had to act on it.

New Technology For Regulators

More than helping banks get ahead of their AML issues (before they become a $25-trillion-dollar problem), Adjaoute noted, an AI-based system can help banks remain compliant on a global scale — something that is not attainable without an automated process.

“If you think about just [over] the last 10 years, the number of rules in the global system has exploded, with thousands upon thousands of new rules added each year,” Adjaoute said, adding that it amounts to millions of pages that banks have to read, understand and with which they must comply.

Moreover, he noted, the staffing and spending requirements to keep up with the pace of global regulatory change, jurisdiction by jurisdiction, is becoming unwieldy. One large bank with which Brighterion is working went from having about 1,700 compliance-committed staff on the payroll in 2007 to having over 7,000 by 2017. On average, banks at this point can expect to dedicate about 5 percent of their total budget to compliance — and this pace is not sustainable.

“I think regulators are beginning to understand that technology must step in to help here. I think that is why we are starting to see a turn toward digital compliance,” he said.

Not everywhere yet, but in major markets (like the U.K., the U.S., Singapore, Germany and France), regulation is trending toward digitization and automation powered by AI and machine learning, Adjaoute told Webster.

What’s Next

The world still has a bit of learning to do when it comes to AI because the term gets affixed to all kinds of things and becomes just another buzzword. Fraudsters use some version of AI, Adjaoute noted. Moreover, for regulators, the term can be scary because media reports tend to link AI to the concept of “deep learning” and algorithms that make determinations without any sort of transparent or explicable rational.

“That technology is dumb as a stone and can’t explain anything. And to a regulator, anything that looks like a black box and can’t be explained can’t be used for compliance,” Adjaoute said.

He added that regulators who understand that real AI can actually explain a rationale for why it does what it does. Plus, real AI can now point to a pretty successful track record — for keeping the homeland safe, and for detecting and preventing financial fraud. AML is more complicated, he noted, but AI’s proven strength is in noticing and tagging abnormal behavior, and making it apparent in real time.

It’s a powerful capacity, he said, one that the ongoing hit parade of AML scandals suggests is more necessary than ever.

“A system with AI can stop adding new people to read rules,” he said, “and turn those people free to do better and more important work. And the reward comes when what you do actually works. That alternative is what we have now, where banks are collectively spending billions of [dollars] to fail.”

——————————–

LATEST INSIGHTS:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. Check out the latest PYMNTS study – The AI Gap: Perception Versus Reality In Payments And Banking Services

TRENDING RIGHT NOW

To Top