Here are some of the highlights and key topics of debate from the second and final day of FinCrime World Forum.
1. The AI debate- how do we get it to work effectively in fincrime?
To what extent can Artificial Intelligence (AI), and other technological capabilities, be the “ultimate weapons” in tackling financial crime?
This was the key question across two FinCrime World Forum sessions this morning.
“There are indeed high hopes that AI will transform KYC and AML processes by reducing costs, producing a high number of false positives and improving reports to law enforcement agencies…it’s unclear however the extent to which these solutions have been delivering against expectations” said Patrick Craig, EMEIA Financial Crime Technology Lead, at EY, setting the scene.
Panellists agreed that AI is a powerful tool but each of them cautioned against overreliance on it and said it should be used alongside other tools and techniques.
“Just because an analyst says there’s nothing to worry about doesn’t mean there’s nothing to worry about in this data”, said Martin Marklewicz, founder and Chief Executive Officer of Silent Eight.” So, when you are thinking about building a product you have to think about using AI and machine learning as tools in your toolbox”.
Crucially though, said Marklewicz, AI has to be used in smart way, and not slapped across the whole problem you are trying to solve.
This was echoed by other panellist who agree that AI has to be used with other data and techniques.
“You have to have an engine that stitches together your internal data with external information from corporate registries and reference information” Alexon Bell, Chief Product Officer of Quantexa, explaining how network analytics can be used with a “little amount” of AI to connect the dots in investigations. “AI is ultimately a powerful tool but to realise the benefit it has to be used as part of a wider toolset.” says Sebastian Drave, Chief Data Scientist at Harbr
Drave said that getting a critical mass of data for the AI to work with is crucial for a “completeness of view”. He said this “allowed us to transition towards acting against collective criminal enterprise as opposed to individual entities within it”.
Marklewicz explained how AI can be used to understand and improve decision-making around investigations.
For Dr Janet Bastiman, AI can help spot patterns that humans, biased to see what they want to, may miss.
She cautioned however that AI decision-making has to be explainable.
“What you don’t want is a system that is very good at spotting things but can’t tell you why. So, you have to have traceability and explainability of why something is highlighted by AI” she said. She said you therefore can’t just really on risk scores from AI, you need to understand why it arrived at the score it did.
2. Concern over fraud and cybercrime in the pandemic
Naveen Vasuveda, founder and Chief Executive Officer at Cybertree Paradox opened a session on the Cyber-Fincrime Nexus and the impact of Covid-19 with a statistic about the amount of money lost to cybercrime and fraud since the pandemic begin, including £28m lost in the UK.
The other panellists though did not accept this figure and said the real number would be much bigger.
Shelton Newsham, Information Security Director at NBS, said fraud is “significantly under-reported” due in part to “psychological impacts, embarrassment at falling for certain crimes”.
For Newsham, the pandemic has changed the behaviour of people. “The criminals haven’t really changed what they do, businesses haven’t really changed what they do but the victim’s priorities and behaviours have changed, and what are we doing to help?” he said.
Vladimir Krupnov, Threat Intelligence Lead at Revolut, gave his thoughts on how to respond to new threats, including social engineering fraud techniques, in the pandemic ”We have to be very flexible, see that we need to set up an escalation process to tackle the spread, to set up the remediation and to make sure it won’t happen again”.
Newsham also talked about how to guard against third party risk in terms of cybersecurity and fraud. He said “I would say [you need] a legal basis within contracts around where certain components shouldn’t come from, or at least if they do, there’s a certain level of due diligence and security checking around that.
3. Britain’s illusion of corporate transparency shattered
One of the major highlights of Day Two was Graham Barrow’s remarkable presentation about the 2020 Beirut explosion.
“It’s such a powerful story” Graham Barrow said before he told his tale revealing links between the Beirut ammonium nitrate explosion, UK shell companies and sanctioned individuals in former ISIS-held territories.
“This ammonium nitrate was being shipped between Georgia in the Caucasus to Mozambique in Africa on a Moldovan-flagged Panamian-owned vessel with a Russian captain on behalf of a UK company” said Barrow, stressing the cross-border nature of major financial crime.
Barrow revealed how he used Companies House information, plus search tools on addresses, to unearth links between Savaro Ltd, a shell company in the UK and a web of other shell companies, with links to sanctioned people, including one associate who had previously been sanctioned for buying ammonium nitrate.
He said: “I’m certain there’s a highly sophisticated network …I have identified 100,000 companies involved in this network. They have bank accounts, right across Europe, lots of which in secretive locations, and they will sell access to this network for anyone who wants to mask themselves or their funds”.
For Barrow the tale illustrates the importance of corporate transparency and weaknesses in the UK system.
“This is problematic, hopefully people are sitting here thinking ’hang on these are UK companies, we can’t do business with sanctioned individuals”, Barrow told the FinCrime World Forum audience.
He revealed that criminal networks often have use shared addresses for different companies.
“You get concentrations of addresses in networks even if you have companies spread across the world.” says Barrow saying that complexity, which launderers like, needs control.
He went on to describe how easy it is to set up companies in the United Kingdom and have existing directors, or proxies, of other companies become the director of them.
“You can create 1,000 UK companies for £12 and have your two much more expensive companies in the Seychelles register with Companies House as the director for all of them,” said Barrow.
“So you’ve now got 1,000 offshore companies but they look like UK companies, that’s the attractiveness of the UK”.
4. Some hard-hitting messages from FATF’s David Lewis
David Lewis, Executive Secretary of the Financial Action Task Force spoke in a pre-recorded interview that was shown to FinCrime World Forum attendees this afternoon and he had forceful messages for the fincrime community.
Lewis said: “We have lost connection with the reason we are all trying to do this. It is about reducing the harm caused by crime and terrorism”, he said.
When reflecting on the performance globally of jurisdictions he pulled no punches,
He said: “There is no country getting a good result on supervision, there is no country getting a good result on preventative measures and then I would come back to a lack of political support and understanding, which I think comes from a poor understanding and focus on risk”.
But what about FATF itself? Is FATF really equipped to help make a difference?
Lewis said that the taskforce, which has 200 nations represented in one form or another has strnegths.
He said: “It is truly an inclusive body and that’s its strength, because it means when we can create standards, we create them with the views of everybody involved. It also means they tend to be the lowest common denominator.”
Lewis also revealed that FATF is looking at ways to compare nations through the use of horizontal thematic reviews. “So for example, we pick a new area, like cryptos or virtual assets, or an area where there’s a systemic failing like transparency of beneficial ownership, and we evaluate all the countries at once”, said Lewis.
Lewis added that he is saddened that some nations political leaders appear to be more motivated on financial crime by the impact of getting blacklisted or grey listed, rather than being “primarily driven” by the importance of tackling the harm that crime does to “societies, to populations and their economies.”
Lewis was asked what would make the biggest difference to combating financial crime, and he reverted to his key theme.
“We need to make it real for people, let’s stop talking about compliance, the ultimate aim isn’t compliance with regulations it’s about stopping crime and terrorism”.
5. What should the future of compliance and risk management look like?
A major theme of FinCrime World Forum today centred on the future shape of compliance and risk management.
Michael Rasmussen, aka the “GRC Pundit”, shared his vision of a move from away from a tick box approach towards a more holistic risk management culture.
He said: ”When you are given a check list you don’t have to think about compliance so much”, adding that there needs to be a focus on accountability and not just responsibility. He also added that engagement on policies and training and awareness are needed to re-enforce risk management culture in an organisation.”
Later in the day a panel discussion centred on “making compliance work” with much discussion about how compliance teams can communicate with other employees to implement measures to be effective,
“I think communication is key here…[that] people understand why we are asking for things - that we are not just the fun police…” Frankie Dowling, Head of Compliance of Amaiz said, on the importance of reminding people why compliance is important in AML. “You could be enabling human slavery” she added. Dowling also said compliance teams have to be open and approachable.
The panel also talked about issues around relying too much on third parties. “You have to be able to understand the underlying factors and use the data to make a decision. ” Adrian Vickery, Head of Governance, Risk and Compliance at Knight Frank Finance
Vickery also stressed the importance of other employees feeling they can challenge the compliance team as this “might find a better way”.
6. Ending modern slavery - it’s all our responsibility
The spotlight session on modern slavery with Andrew Wallis, founder of Unseen, started with a hard-hitting video featuring an interview with a trafficking victim.
Wallis then followed this up by providing a “conservative” estimate that 40.6million people are in situations of modern slavery around the globe today in a trade worth $150bn per annum.
“We probably all grew up thinking the slave trade ended about 200 years ago. It didn’t. It carried on it morphed and changed” says Andrew Wallis of Unseen #FinCrimeWF “200 plus years ago you could identify the slave from the shackles they wore, what we see now are psychological shackles”.
Wallis described eloquently how globalisation has lifted people out of poverty while at the same time pushed millions into forced labour or exploitation. He said the criminals are ‘smart business people’ who use technological tools as a means of control to extract money and recruit vulnerable people.
He strongly criticised governments for a lack of enforcement of legalisation, the United Kingdom government especially and called for legislation that can work trans-nationally.
He said: “What drives this is the extracted profit model…as you push that price pressure all the way down the supply chain it creates the environment in which exploitation can take place.”
“If you want to know where the exploitation is taking place, follow the world’s supply chains. The tragedy is we don’t know where all these are ” Wallis said.
Ultimately though, Wallis’ big message is that we all need to play a part in reducing the demand that fuels this extracted profit model. He said the ending of the transatlantic slave trade followed the public refusing to buy produce that came from slave-owning plantations.
“Why does slavery exist? It exists because of our inaction. We’ve educated society to accept cheap goods, services and labour, so we are all complicit” he said.
7. The rising importance of social engineering and “human hacking”
Fans of psychology and behavioral science will have loved the final session of FinCrime World Forum.
Chris Hadnagy, founder of Social Engineer and author of Human Hacking: Win Friends, Influence People and Leave Them Better Off for Having Met You, explained how he became interested in social engineering, the art of influencing people to take actions that “may or may be in their best interest”.
I was really bad at coding, but I’m really good at talking to people, so I called people and asked them for the password…and I wanted to know why it worked” Hadnagy explained.
From using ‘validation’ techniques to prompt an airline staff member to upgrade him to first class for free, to deploying measures to gain access to a bank’s security systems, Hadnagy entertained the forum with anecdotes and examples of how hackers can exploit human vulnerabilities.
This could hardly be more topical, given the rise in fraud seen since the start of the Covid-19 pandemic.
And he set out some of the latest threats using social engineering techniques.
“The realism of these attacks have stepped up drastically” Chris Hadnagy on how scam emails now look “super realistic”, with good branding, perfect spelling, long-registered domains, “he said.
“We have seen an increase in smishing. They send you an SMS with a link on it something like Julie from HR, saying they need to install a VPN so you can work from home…attackers get access to your personal device”.
Hadnagy said that because social engineering works through exploiting brain chemistry, we are all susceptible to it, even he has fallen for a phishing email.
Hadnagy carries out adversarial simulations to test companies’ defences and then advises them on improvements they can make to mitigate the human factor risk.
For instance, he suggests companies “remove the barriers that allow empathy and compassion to be a failure point”.
Ultimately Hadnagy wants to see more collaboration between private organisations and government entities to create “more important and real security regulations and policies.
He also advocates greater awareness of the techniques used and said popular television shows have done this in the past. “Entertainment will get people to be aware of what these new attacks are and how they can be defended against” Chris Hadnagy said.
To watch FinCrime World Forum sessions on demand for free