FinTech and AML Regulations: A look at the year ahead

Anti Money Laundering compliance in FinTech is a regulatory requirement in the majority of the countries in order to prevent financial crime including money laundering and terror financing. FCA, FINMA and AUSTRAC are some of the major regulatory bodies across the world and all FinTech companies have to abide by the laws, this session looks at what regulations are in place and what 2022 will hold.

Transcription

Leigh-Anne Moore:

Hello, and welcome back everyone. Thank you for joining us at FinCrime Global, where we’re about to start our very last session of the day. So our last panel today is FinTech and AML Regulations: A Look at the Year Ahead, and this will be posted by Pawneet Abramowski, founder and principal of PARC Solutions. Pawneet, over to you.

Pawneet Abramowski:

Thank you so much, Anne Leigh. I’m very happy to speak with an esteemed group of people today, and we’re going to be talking about FinTech and AML regulations, something that we already know, but some things that we’ll discuss and see how we can improve that in our sector. So I’m going to introduce our esteemed panelists, Devraj Basu, who is from the University of Strathclyde. And welcome Devraj Basu. How are are you?

Devraj Basu:

Very good.

Pawneet Abramowski:

Very good. And we also have our second panelist, James Rickett, and he is a practitioner and investigator, so we’ll get a really good perspective, both from an academic perspective and a investigator’s point of views. And of course I will also contribute from my lens, which is of consulting, practitioner, and academic, so it’ll be an interesting discussion. I look forward to having this conversation. Welcome, gentlemen.

James Rickett:

Thank you.

Devraj Basu:

Thank you.

Pawneet Abramowski:

All right. So let’s get started. It’s been a busy, busy, busy, busy time in the last few months and actually beginning of this year. There’s a lot going on from a regulatory perspective, and I will ask you, James, what are your thoughts? Globally there’s a lot of movement by regulatory agencies, different jurisdictions, really trying to focus on what they need to do to tighten up the AML regulations, and also the geopolitical situation certainly adds to a nice mix of what needs to happen.

James Rickett:

Yeah, thanks Pawneet, for… When I did say in the briefing before, ask the difficult questions, we’ve started the bar high, haven’t we? Look, it’s a really bizarre time at the moment in the AML world. The pandemic’s probably got a big influence on that because it’s accelerated a lot of things, especially in the FinTech space. A lot of regulations have had to come in very rapidly. And of course there are regulations around the world that are fast tracked because of what’s going on in Europe at the moment. I think it’s interesting, because a lot of the jurisdictions that are making a lot of effort at the moment on their regulation, the Malta and the UAE I’m going to call out as two jurisdictions. There have been some huge strides forward in their regulatory framework and the rules and controls they’re implementing, yet both in the last 6 to 12 months have ended up on a FATF gray list.

James Rickett:

It’s an interesting dynamic because now how good is good enough when you’re trying to devise a regulatory framework? And obviously interestingly jurisdictions have got their own vulnerabilities. And at the pace that regulations move, and again, from a practitioner perspective, or even from a teaching perspective, the better we become, the better the criminals get. It’s difficult, but that’s my opening thoughts. We continue to evolve and we’ve been accelerated into a regulatory change much quicker than all of us planned and was ready for, as a result that’s led to more vulnerabilities around the world.

Pawneet Abramowski:

Great, great point in highlighting UAE and Malta and many other jurisdictions that we really were thinking that perhaps have taken the right steps and are trying to expand on their regulatory regime to comply with global standards, but yet they have ended up on the gray list and certainly that doesn’t help, and what message does that send? So Devraj, from your perspective, FinTechs certainly are here to provide a solution, to accelerate things, to be able to leverage technology. So from your perspective, is it too much or is it too little or is it not not fast enough?

Devraj Basu:

Great question. Thanks so much Pawneet. From what I’m hearing, the technologies are out there, the adoption, though… Okay, so it’s all of the three that you mentioned. So the technologies are out there, there’s perhaps almost too much of the technology, because the adoption is where the whole thing seems to be a bit of a bottleneck. So just to give you an example with typologies, I think there is almost a consensus from everyone I talk to that data sharing would be really useful to establish better typologies, because as James said, the criminals are always one step ahead, that they’re always moving faster. So better data, better typologies.

Devraj Basu:

However, there is no framework for data sharing. So while the technologies are out there, and we can talk about federated learning and homomorphic encryption and… That’s just all getting thrown at us. The technologies are advancing by the day. Without that policy framework in place, I mean somewhere like the UK, I think the entities, the large SSes will not be confident enough to be able to share the data and understand it. So I think that there’s that gap in the middle, and that probably something needs to be done in the policy space.

James Rickett:

Devraj, can I ask [crosstalk 00:06:42], and I’m sorry to interrupt.

Pawneet Abramowski:

No, no, no, please.

James Rickett:

You said something, and I think… But when we’re talking about data sharing, with the holy grail of preventing money laundering, whether you’re a FinTech, bank, insurance firm, real estate sector, data sharing is all about giving tangible data that you can do something with. And I always say this to people when I say, “Why don’t we stop money laundering,” first things that people say are, “Well, I don’t want to be fined. I don’t want to go prison. I want to protect the reputation.” Not many people say, “Actually, I want to save lives and I want to stop terrorism.” And the way we do that is through data sharing.

James Rickett:

But we have a wider problem, and again, this is where FinTechs might be able to… As more people migrate to them, and we might see some sanction entities starting to use them to maybe try and circumvent some of the rules that might lead to some money laundering. Let’s use Europe as an example, I think last year or 2019, you forget what you year it is now don’t you, after two years of being locked at home. Million SARs filed in Europe. 500,000 from the UK, 300,000 from the Netherlands, and then the rest made up of a number of other jurisdictions. How can we take data and do anything tangible with it when simply we’re filing suspicious activity because we are worried about all of the other issues and then the ethical part at the end. What do you think to that, Devraj?

Devraj Basu:

I think those are great points. The NC is sitting on half a million SARs a year, so for example, to your last point, why are SARs being filed? Are they being filed because of exactly all the things you’ve said? Or are they being filed because… So maybe a better structure of SARs, and I think there are startups that are looking at this to design better SARs where there’s perhaps more a consensus on what constitutes suspicious activity, and then better analytics that are available to analyze the typologies arising from these. I mean, they’re all sitting with the NCA, which we all know is fairly understaffed. And it’s difficult to get actionable intelligence from this. So I think most of you probably understand it’s not better than [inaudible 00:08:52]. The whole thing is how to get actionable intelligence. But to your point as well, James, I mean… Exactly. The idea that doing this, this is more about doing good than it is about ticking a box. I think that’s where changes in policy starting from the very top could help as well, to orient in that direction.

James Rickett:

I saw some from the New Zealand regulator, actually, they’d reverse engineered this and what they were doing, they were going back to the regulated sector saying, “Brilliant work filing all these SARs. You’re filing a lot of these, I think, for tax evasion.” And actually they went back to the firms to say, “These are not necessarily the indicators that you’re looking for.” So actually the volume was there, but it was quality.

Pawneet Abramowski:

Leave it to New Zealand to lead in that, like they did with the pandemic, with their efforts there. I’ll add something else to your metrics that you just shared. United States filed 3 million… FinCEN received 3 million SAR filing. What do you do with 3 million? And just like you said, Devraj, FinCEN is not staffed at the level that that they should be, like any government agency should be, that’s working and using this to action on the intelligence that’s being shared by the financial institution. So there is this massive amount of information, data, and defensive SAR filing.

Pawneet Abramowski:

I’ve been on the inside in financial institutions. You sometimes are just like going through the motions of filing the suspicious activity report because you just don’t want to take that chance. You want to be able to… “I’m going to send it in and make sure that they have it and the law enforcement and the intelligence committee, whatever they want to do with it.” So there’s a lot of analytics that needs to happen at that level, and that puts a lot of burden on agencies that are not necessarily staffed in the way that we expect them to be. So what are your thoughts on that? How do we use the data and data analytics to help our law enforcement agencies that can help you at the end of the day perhaps develop new typologies and new direction, kind of like the example of New Zealand.

Devraj Basu:

So quite interesting. So I helped convene a [rectech 00:11:11] forum, and one of the first papers in that forum was exactly this. So the idea of a data utility… So the ideas are fairly clear… To point what you and James have said about how to do it. The question is how it’s convened and where it sits and how it’s staffed and all of that. So we have some ideas about the structure of such a setup, which I think basically builds on everything you’ve been saying. But I think that’s a crucial point. It would have to be set up as a public utility, as a public good, perhaps held at arms length from everyone, from the FSCs, from government, maybe overseen by government, but a common good.

Devraj Basu:

But we know how hard that’s going to be. But something like that. The technology’s certainly there, and therefore, just to say on the technology front, things like federated learning mean that the data never has to leave. So this is not a data lake model. This is a model in which… This is model exchange rather than data exchange. So there are a number of things that make this more feasible. But I guess there’s the whole question of how you set up a public good entity.

James Rickett:

I think just to add, again, to your point Devraj… I’ve got two thoughts. Three. Two and a half. Let’s agree on two and a half. So first one is what I’ve said, and that’s the approach, and also the UK NCA do that as well, so if there are any viewers from there, I read the news like that comes out every month on the SARs. They’re doing a lot of collaboration, and the key here, public and private sector collaboration. So if you know you’re not getting any more resources and any more money, go to your regulator, your intelligence unit and say, “Look, we want to give you actionable intelligence so you know that if a SAR lands from us, that it’s a quality.” The second one, and very controversial, a SAR tax, but we maybe won’t dive into that once today, because that would upset a few people.

James Rickett:

But the third element that I was thinking about, and this is where the element around FinTechs is, where I think, really exciting. What you’ve got is you’ve got all this history and years of learning and watching the financial services industry in different parts of the world make the mistakes. So you’ve seen what’s happened, what’s gone wrong. Some of them knowing this and many of them unknowingly. I’m not here to have a bank bashing exercise. I don’t think that’s very fair. So what you have is you’ve all the history and all the opportunity to learn, you’ve got some individuals that are super bright and super intelligent and eager, and now the tools are out there that they can harvest data in a way that a tier one financial institution hasn’t been able to.

James Rickett:

And people say to me, “James, is my job going to be replaced by a robot in 5, 10 years time?” No, actually. A robot’s going to be your best friend, because if you can teach that robot to walk and talk and do everything so it can think for itself, transaction monitoring, customer due diligence, actually, as an investigator, by the time it lands to you, it’s the juicy stuff, it’s the bits that we want to come to work for and stop. So super exciting time. And the key thing is here FinTechs are still going to be impeded by the same regulations and the same controls, but there’s an opportunity to learn from what has happened. And if more organizations were actually willing to say, “You know what…” And maybe this is something for the Wolfsburg Group to think about. What went wrong? And this is what we did. Don’t make the same mistake. And it’s full circle. It comes back to your point on sharing, data sharing, intelligence.

Pawneet Abramowski:

I think we learn from history. We should learn from history and not make the same mistakes. Make new mistakes, but certainly not repeat the ones that have not helped. I mean, look we’re in 2022 and we’re still talking about money laundering being a crime that bleeds into so many different sector. Our focus is financial services and FinTechs certainly are are facing the same challenges with the same regulatory regime and the policies the way they are. So certainly while they’re trying to be innovative and they’re trying to provide solutions to the market, with their fast and efficient ways of providing banking services or financial services, they’re still facing the same challenges.

Pawneet Abramowski:

I want to ask this. I know that in the last few years, some of the Scandinavian nations have started to collaborate and started to build this KYC utility that they will be sharing amongst each other. What are your thoughts on that, and is that the new way of perhaps doing… I mean, that’s in small pockets, that’s only in small number of organizations, but could it be something that helps us look at and start to implement in other places, maybe, in incremental steps?

James Rickett:

Well, I guess if you set a really strong standard in a region like the Nordics, and the Nordics… I spend a lot of time speaking with AML and compliance professionals there. If you make really, really good strong controls, that’s good at two things. And money launderers are just going to say, “I’m just going to go somewhere else, because I can’t get my money in there, or finance my potential terrorism, because the controls are really good.” The flip side to that is a criminal will also know, “If I can find one chink in that armor and get the money into that jurisdiction, it’s basically clean now, isn’t it?”

James Rickett:

So the principle and the concept’s brilliant, but it can’t be a regional issue. It needs to be a global approach. And the UNODC have been trying for a number of years now with their initiative go AML, but it needs buy in, and I think from memory, and I stand to be corrected, I don’t think the US and the UK, who of the biggest financial centers in the world, are on there. And it’s back to the same rule. You are only as strong as your weakest link, and as a money laundering, international approach, and I love the FATF, we’re impeded because of the different interpretations over the risk.

Pawneet Abramowski:

You’re absolutely right. From a global financial perspective, yes, most everything settles in the US dollar. UK is a strong player in that sector, as a post Brexit too, certainly. And EU, of course, is an important contributor. But they all need to walk the same walk and be part of the same team. And I know from from actual practice, the US didn’t necessarily comply with the FARF regulations up until the customer due diligence rule just got rolled out in 2018. So that was almost many, many, many years later after the fourth money laundering directive, the third. So many efforts had been put in place to have your KYC requirements be standardized and the US was always falling behind.

Pawneet Abramowski:

So it really does show that everyone needs to be marching to the same beat. And as far as the academic sector and utilization of research and information by financial institutions, as well as FinTechs, like I said, that are really trying to make an effort to provide something different in the market. What are you seeing? You said you start you have the forum there, your initial paper, focus on data and building these types of bridges and connections. How can we do it differently? We look at 2023, 22 is almost at the halfway point.

Devraj Basu:

Yeah. I mean, just to say the model for the paper was in fact In Fidem and the KYC utility in the Nordics, but then I echo all the points that James is making. So I guess maybe to build on that, the academic side of it would be prototyping. So yes, a data utility type model seems quite useful, but that only works if people buy in. So you need to have coalition building around that. And then you’ve got technologies like federated learning, which encourage coalition building, but that’s only really going to work if the coalition’s fairly strong. So I guess the role in that sense, to bring it around to saying earlier, of academia would be to prototype, maybe showcase best practice, but then that would, at some point, have to translate into policy that would then have to be, as James was saying, global.

Devraj Basu:

But Some maybe clear guidelines could emerge from all of this. For example, just say data sharing is good and it can be done in such a way so as to be privacy preserving. So one of the biggest issues around that is of course privacy enhancement. But the technologies are quite mature at the moment. So you could expect to get a lot more of that. So follow best practice and all of that. So broad, perhaps, technology agnostic guidelines, clearly, suggesting that the role of data sharing could be really helpful in all of this, and illustrated with prototypes which could be built with some private public partnership involving academia. But even that would need to be funded. So you’d need to have good funding to get that off the ground. And then hopefully that could be adopted as best practice.

James Rickett:

Data’s an interesting one, isn’t it, and accessing it because we all have our own views and beliefs around sharing of our data. Some of us in the room might have social media accounts that might be locked, some might have it open. Who is willing to allow their data to be shared from a wider financial crime perspective, because I guess the view is if I’m not doing anything wrong, I’ve got nothing to hide, so why do you need to see that? I think going back to the angle around FinTechs again, I guess where the real value is, and is what I guess excites me even more, many of the major AML fines that we’ve seen over the last 5, 10 years, it was the big one, wasn’t it, that got talking, and I guess a lot of people into their careers that are probably watching this, was HSBC 10 years ago. The 1.9 billion.

James Rickett:

Since been superseded by many other fines. We’ve seen now lots of fines distributed. Outside the gambling sector is a big one that’s seen a little. And there’s a theme. The theme always is lapses in CDD, lapse in customer due diligence. Where I think it’s pretty cool for a FinTech is that you are removing a big, manual process. And what you are essentially can do is you can ship KYC forms in real time. So I know banks do it anyway. We correspond with banking or high risk on [pepto 00:22:10] or whatever, but what the FinTechs can do is they can start with a really strong data pool at the outset because if you don’t give us the information, you just go somewhere else, and that’s somewhere else will be another FinTech who will apply the same level and standard.

James Rickett:

So again, we criticize ourselves a little bit too much, and I know there’s a lot of data out there saying we’re not doing enough in money laundering. And we’re not, but we are trying very hard and we are constantly learning. And again, the data that’s been captured by FinTechs, maybe there is a big role to play in maybe educating other firms, other sectors, the vulnerabilities, but still a long way away, of course.

Pawneet Abramowski:

Yeah, you’re right. I was just going to add, you’re right. Certainly I think a lot of the tier one large institutions, the money center banks and all of the different jurisdictions certainly have legacy systems issues. To your point, Devraj, about data lakes, that that’s the old model. And that really is a burdensome area that financial services have to deal with. And that’s where the FinTechs really come in, and they’re really technology accepting. They are starting from the ground up in building something that would be a great customer experience. And I think that you see that. I mean, all the financial institutions do say they want great customer experience.

Pawneet Abramowski:

That’s sometimes where the challenge is, it’s only on the outside, but behind the scenes, there’s still a lot of manual elements that take place. Whereas FinTechs are, “Right, we’re going to make this automated all the way through. So we have to not have the same challenges.” So a lot of the FinTech people that work in those organized are people that have transferred over from financial services, they saw a problem and they’re trying to solve that problem. Devraj, you were about to say something along the lines.

Devraj Basu:

Absolutely, just echoing your point, James. Yeah, I mean, starting with KYC. So if you look at some of the trends there, from what I’m seeing, what we’re seeing as well, the trend was PKYC or perpetual KYC. So KYC’s seen as a little more static, whereas AML is seen as a lot more dynamic, but maybe this thing in the middle, this PKYC, can bridge that gap, and certainly you can start it from that place. So maybe James is suggesting that’s the place to start. That would be the other place to start. Whereas maybe a public utility or public good kind of thing would do something that could use cutting edge data analytics to try to get more sophisticated typologies. But those are only going to be as good as the data provided. So there’s, I think, a case for both, yes.

James Rickett:

There is also a very, very strong argument here to say that data isn’t everything. And I say that because there are lots of typologies… Bringing this back to what you mentioned earlier about a lot of typologies around things like wildlife trafficking, human trafficking, migrant smuggling still rely on the knowledge and the experience of an individual. Now, I know that’s diverting slightly away from our perspective on regulation, but actually the very first FATF recommendation sets the entire tone, risk based approach. So there isn’t one way to do this. There will be different risks that manifest from different situations. Data’s critical, but experience and knowledge is key. And there’s some great resources out there and documentaries available now. And I think people are more aware. You have things like Netflix to thank for things like that. I always operate in the mantra that if you’re doing something in your firm, is it going to end upon Netflix? That’s a rule. Don’t do what you’re about to do. And I don’t think it’s so much of the big organization, but certainly the smaller ones.

Pawneet Abramowski:

I’m glad that you mentioned the other types of typologies that rely on human experience, and I think you mentioned something earlier, James, that there are people that are thinking that, “Are robots going to take over my job? Is artificial intelligence going to take over what I do?” And I think your response is spot on. And I’ve actually rolled out artificial intelligence based solutions in financial institutions, and they really make things efficient. So as human beings, you want to use analysis, you want to spend your time doing the good, meaty work rather than doing the widget pushing.

Pawneet Abramowski:

So this allows for the beneficial use of technology, and the other sectors that you’re talking about, whether it’s gambling, whether it’s human trafficking, whether it’s wildlife trafficking, whether it’s art market, all of those sectors require a human element of skill set and understanding the complexities that come with those types of issues. So Devraj, on that front, as a as you see from a research perspective, does that help that it’s not just solely focused on one type of typology. But there is a complex element that comes from those typologies that have to be underscored with a level of detail that is important to recognize.

Devraj Basu:

Oh, absolutely. I couldn’t agree more. I mean, for example, in the sort of workflow that we might in envisage, the subject matter expert around whatever crime it is would have to be involved at all stages. What the model does… I mean, essentially looking for needle in a haystack. So what the model does is gives you certain alternatives and said, “Might it be this, might it be that?” And then the expert would need to come in and say, “Well, maybe we shouldn’t focus there, because…” From an understanding of the data and the whole process. So this isn’t a kind of… I see this as an integrated process where the subject matter expert has to be involved at all levels. And it’s only going to work if they are. Which is why, I suppose, in the public good utility, you’d want to focus on a few typologies to begin with. A few specific problems.

Devraj Basu:

I mean, thinking of something like money mules, for example. Get law enforcement involved in that, you try to understand that and work with that. It’s incredibly complex, but I guess this would be more along the lines of prototyping, as I was saying, and getting some best practice ideas. But absolutely no, no. You don’t want to suggest that data, pushing a button and setting a model loose is going to solve anything. It won’t. It might actually make things worse without having the right subject matter expertise, those right subject matter experts involved.

Pawneet Abramowski:

So along those lines, I’m going to pose this to both of you, Devraj and James. We’re getting questions as well, so we want to weave those questions in. So we’ve talked about typologies. How do you standardize them across different jurisdictions, different regulatory and foreign policy preferences that are prevalent in jurisdictions? So how do you go about standardizing them? What’s your thought on that? James, I’ll go to you first.

James Rickett:

I guess they kind of are already, because when you file suspicious activity reports, you have to select typology. Is the typology list right, is it extensive? And I guess the typology is one thing and reporting the typology is something, but I think the right question is probably more the high risk indicators. So if we see this, what is it likely to be? Because remember, unless we have anyone from an intelligence unit, our obligation is to file suspicion, but that doesn’t make it to say that a criminal offense has actually happened. So I guess there’s two parts. In a sense, it already is standardized. It’s just that new typologies emerge and what we need to focus on is understanding the high risk indicators or the red flags to spot the typology. And then the typology will obviously be picked up by the intelligence unit.

Devraj Basu:

Exactly. So what data driven models would do is give you some measurements of risk, but I mean, yeah, give you risk measures. But again, that’s only as good as… I mean that would require the subject matter expert to be able to interpret all of those. But maybe another thing, if I might, this is more about maybe transaction monitoring, the kinds of things that we’ve been saying, but there’s another maybe more financial intelligence perspective, which is where you’re trying to trace a pattern of transactions through from maybe an individual who you know to be high risk, and that’s a different sort of model, those are more graphical models, which do chains and all of that. So maybe that’s another area of… That’s not quite a typology, I suppose, but that’s another risk based indicator as who’s linked to all of these, to say, maybe a given individual.

James Rickett:

I think if I’m either a leader in a FinTech firm or I’m coming to be a compliance analyst or an investigator, what I need to be thinking about is… I believe that there is… People are really, really good at spotting stuff that’s unusual. Generally we’re very good, and humans, we’re quite weird creatures because we look at something, and I do this all the time…. I don’t know if anyone sits in a restaurant or a bar, a cafe and just watches people and you think, “That person that walked past, they are weird.” And it’s the same with transactions are CDD. Well, they’re probably looking at me thinking, “Why is he staring at me and thinking the same thing.” But it’s the same issue. We are really, really good at saying, “That’s suspicious. We’ve got to do something about it.”

James Rickett:

Where I think there’s a real area we need to focus on is training an education and actually being able to do differentiates what is genuinely suspicious and what’s just unusual, and they will then help us have a better grasp and understanding of true financial crime typologies. My evidence behind that is the SAR data that I spoke about earlier on. Clearly we’ve not got something right. And it’s just about maybe coming back to basics. So again, bit of a full circle point on that.

Pawneet Abramowski:

I agree with you. Learning, training, and being able to… Look, everyone has their own quirkiness, just as in our behavior, in person or outside, we carry that out into how we do the transactional activity with our financial institute. How do we use product and services? And taking in one of the questions that we received, we have a lot of people going to FinTech or a neo banks or entities that are not necessarily regulated at the same level as the regular financial institutions. And they’re offering really interesting products and services. Perhaps there’s a gap in the sector, so they’re addressing that gap. How do you find that customers can protect themselves? How do they ensure that this is a non-regulated entity? How do they ensure that they’re being served well, and not necessarily from a regulatory perspective being taken advantage of?

Devraj Basu:

I suppose, maybe on this point, as you said, with education, maybe giving them a set of clear, maybe typologies in that sense about what might be expected from a financial institution… I mean, if you look at a lot of what’s going on in this space in general, in crypto sort of space, customers aren’t really being told what they’re getting in a number of cases. So I guess it’s about customer education and what should you expect from such an institution. But part of that is also defining what the institution is expected to do. I mean, does a customer see a neo bank as a bank or not? Or have they been sold as a technology company?

Devraj Basu:

I think there are quite fundamental category issues there, and this is where the role regulator… And it’s quite heartening to see what’s coming out with the FCA right now with the crypto assets and the consultation. The regulatory perimeter. And that’s really about customer protection, saying, “Is this a financial services institution, even though it might call itself something else, is it a financial services institution, and therefore these are the things you should expect.” And maybe not so much typologies, but clear rights. The Bill of Rights for the customer.

James Rickett:

Should we maybe saying [crosstalk 00:35:19]. Because the customer using this product or service that not regulated, there’s a reason why, and that could be an attractive return or a benefit. I think we’re getting to really murky territory, then we say, “Well, actually, Mr. Or Mrs. Customer, the accountability is on you because if it’s too good to be true, then why are you doing it?” And actually that’s not true because a lot of people through personal vulnerabilities end up referring to these. I read a story five minutes before we joined the session about a 17 year old boy who can no longer… He’s been declined a bank account everywhere, and that’s because he was a victim of being a money mule. He didn’t know, it was a smurf, the money was in and it was out. So he’s now blocked from opening up a facility. Now he’s having to go to these non-regulated centers, where obviously it puts him, was a young man, it puts him at a vulnerability of that as well.

James Rickett:

But we’re seeing this very pointless question that’s coming played out in the crypto currency space right now, and that’s because, my point, I’m not here to go into the technicalities of it, but a lot of financial institutions are refusing or even terminating the relationships of clients that are transacting in crypto currency. And I think that’s a big driver because of the complexities around fund source of wealth. I think the biggest driver is that firms don’t have an understanding on how to manage the risk. Some regulators, in fact, have actually asked for SARs to be filed every time an individual transacts.

James Rickett:

Now it could be a cynic can say, “Well, they may be building their own crypto asset that they want get the intelligence for,” but I think it’s a lack of understanding. So I guess this is maybe something for regulators to be proactive in. And Devraj, as you talked about the crypto space, and I know we spoke about the UK a few times, they have been very proactive in their approach to regulate and that’s great, but some jurisdictions are not. And I suspect and fear that the current environment with the sanctions, assets have moved around before sanctions have come into place are being perhaps [inaudible 00:37:30] to control. Then we venture into money laundering. So it’s a vulnerability in its own right.

Pawneet Abramowski:

You nailed it on ahead. And I think that de-risking is not the answer. I think that if there’s anything that we should have all learned from previous cycles is that when you de-risk a customer type, whether it’s a business, whether it’s an individual, or a group of individuals, a group of customer types, they just move along to another downstream, to another type of entity. And if that entity happens to be a non-regulated entity, now you’re just… Instead of putting things on the radar, as your earlier example, James, so that you have a visibility, intelligence, law enforcement, everyone has a visible line of sight into what’s going on. So there is no underground market that exists.

Pawneet Abramowski:

But just today I read that Germany just closed off Hydra, the largest dark money network exchange. That’s big, but it was flourishing for all these years. Why did it take April 2022 to shut it down? So it’s a question that, yeah, we can talk about typologies, we could talk about data sharing, but it’s a responsibility that everyone has. Existing financial system, the political regimes, as well as the innovators that are trying to change things. I think each one of them has their own lane of responsibility that needs to be accounted for. Go ahead, Devraj.

Devraj Basu:

I mean, just to echo James’ point. I mean, just to, again, put both your points together, I guess we have to differentiate customers along your classification of vulnerability. So I think there is a particular beauty, as James is saying, in the example he gave to protect a vulnerable customer. And I suppose the different duties of care, I suppose, very large accounts, it’s a bit like the way financial investors are regulated. I mean, hedge funds have barely any regulation because the idea is that people with a lot of money are free to do what they want with it. And I suppose the same applies here. But then it’s very different for a 17 year old. So I think that duty of care is something that everybody… Just as you pointed out, Pawneet, everyone needs to take very seriously, particularly innovators.

James Rickett:

Yeah, I think the interesting point about the hedge funds and things, and I guess what fills me with a little bit of hope is the amount of yachts I’m seeing seized around the world at the moment for assets and things. So maybe that loophole’s closing ever so slowly.

Pawneet Abramowski:

Well, it’s only closing for the time being, I look at it that way. I hope it’s something that is practiced more regularly, because it clearly shows when there is a collaborative action taken, what are the results? You can actually achieve something successful. I mean simultaneously around the globe there has been an effort to seize those assets of oligarchs and individuals from Russia. So certainly it can be achieved, and it goes to our point of if there is a level of cooperation and understanding that jurisdictions around the world can benefit from have having adoption, having a typology and a message that goes out to the criminals, that it’s not going to be okay, that you use a financial system to to your advantage. Any closing thoughts? I think we’re coming to an end. So any closing thoughts. James, I’ll start with you, and then Devraj.

James Rickett:

Don’t give up. Don’t give up, seriously, because I think that we beat ourselves up about how little impact we might actually be making. Keep going. Regulations are there to support us, but be empowered to challenge regulations if they’re not working, be empowered to challenge our organizations. And I guess the final thought, maybe I’m being a little bit biased because I’m from the International Compliance Association, but education. Education will keep us developing. But there are also lots of great resources out there. Utilize everything. Network as well. And I often will, if I’ve got a problem, I might come to yourself, Pawneet or Devraj and say, “Look, I’ve got this issue. What do you think about it?” So collaboration. It’s an exciting time to be in a FinTech. It’s an exciting time to be working in the CDD KYC space. So yeah, keep going. Don’t give up.

Pawneet Abramowski:

Great. Devraj?

Devraj Basu:

I’ll just echo everything James said, maybe with a slight focus, again, on vulnerability, and maybe, as James also pointed out, [inaudible 00:42:42], that financial crime bleeds over to so many other areas of society. 17 year olds, unwitting money mules and all of that. So the notion of public good, just to echo what James said, to networks and collaboration, to share this information, to improve these techniques. And then particularly a duty of care, towards young, vulnerable customers who don’t then get shut out of the financial system, essentially through no fault of theirs. And data can help enable all of that. So again, just to say that data is the enabler and technology is the enabler, but ultimately what we’re trying to do is make the financial system safer and provide better services correctly. [crosstalk 00:43:24].

Pawneet Abramowski:

I echo both of your sentiments and certainly, look, knowledge is power. The more informed you are, the better you’ll be able to navigate as a consumer, as a contributor, whether you work the financial services sector, whether you work in other industries. The more informed you are, the better you will be. And the better you can ask questions that you may not agree with. It’s up to us to challenge, like you said, James, to what we don’t like. We all drive cars with licenses. If we don’t like something, we go challenge and laws are changed. Similarly, that’s the same premise that I use in the anti money laundering regulatory space, is it’s all there to help us. It’s not to hinder the business growth, the productivity. It’s to keep us in check and make sure that we use all of the tools in our toolbox. And I think that’s really important. Don’t be shy to ask questions. Don’t be shy to use what you can use. There’s a lot of good resources out there. So thank you.

James Rickett:

Don’t to scared make mistakes. Lean on policies, lean on your policy and procedure. If your policy and procedure isn’t right. How can I make it right? And in your organizations, don’t punish people making a genuine mistake. Educate them and celebrate and share it in your team to learn to do that as well.

Pawneet Abramowski:

Absolutely correct. So I want to thank you both, and we had a wonderful discussion and we thank the audience for sending us some wonderful questions that allowed us to have a very robust discussion on this. And this is not it. I mean certainly I think, like I said, we have a long way to go, but we’re heading in the right direction with all of the global cooperation that’s been taking place over the last few months, certainly, and I hope that continues in into the future. So thank you so much.

Devraj Basu:

Thanks for the one wonderful moderation, Pawneet.

James Rickett:

Thank you.

Laura Barrett:

Leigh-Anne, you’re on mute.

Leigh-Anne Moore:

Apologies. First time I’ve done that today. Big thank you to Pawneet for that excellent session, really engaging and interesting. So thank you so much to all of our panelists today and all of our amazing speakers. What a great day it’s been, and we are certainly leaving a lot more informed. Thank you to our sponsors, to Blackdot and TruNarrative, and we look forward to you joining us tomorrow for day two of our FinCrime Global event. Thank you very much.