GRC Red Flag Interview: Matt Van Buskirk of Hummingbird

The mission at Hummingbird is straightforward: to fight financial crime. This is done by building technology that financial institutions can use to dive into suspicious patterns that they see on a daily basis.

Their service is designed to enhance anti-money laundering (AML) and counter-terrorist financing investigations; reduce cumbersome paperwork, provide insightful analytics, and enable collaboration for compliance professionals and law enforcement agents.

A regulatory futurist, Matt is a vocal advocate for the development of open-source and interoperable software solutions for the regulatory space.

Prior to launching Hummingbird, Matt was the director of compliance at Circle.com where he oversaw its regulatory function from pre-launch to its international expansion.

Hummingbird has now partnered with ING’s GRC Orchestrate, an entity that offers the market a RegTech platform similar to an App Store to both find and consume pre-validated RegTech solutions.

We spoke to Matt recently to learn more about Hummingbird and its work with the ING Orchestrate project.

 

Q) Could you give an overview of Hummingbird itself? What problems are you solving, and how do you fit into the ING Orchestrate project?

Matt Van Buskirk: Hummingbird is a modular case management platform. We are aiming to become the human interface for anyone that needs to sit down and work an investigation of any kind, whether it’s AML, fraud, or even some other areas outside of the AML space, and consumer protection as well.

We’re big believers in modularity and interoperability – it’s one of the primary reasons why we focus on case management as an interface layer that can sit on top of a collection of transaction monitoring, KYC, or any other vendors that our customers want to use.

The platforms that try to do everything tend to not do anything particularly well. And I think the Orchestrate vision here, in which Hummingbird fully believes, is that if we can all build on an interoperable standard, then banks and financial companies can pick whatever providers are best for their specific risk profile and the geographies they operate in, as well as for their business model.

Hummingbird can work together with Openfin, to create an interface layer for the work to get done with that data.

 

Q) What is the main role played by Hummingbird?

Matt Van Buskirk: I tend to think of it as helping to distribute the burden of the work needed to piece the best possible programme together.

If you are a large bank and you want to put together a comprehensive solution for your anti-money laundering programme, and you want to work with RegTech companies to do it, you’re probably going to have to pick ten different companies that specialize in  the individual components you need since none of them can fully meet the needs of a large bank on their own.

Once you have picked the best-in-class providers for each component you need to figure out how to integrate and piece them together into a comprehensive whole – that is a very significant engineering effort, and it’s probably going to take multiple years.

Using the Orchestrate approach here, all ten of those companies could do an integration to a single standard. Then the bank has to only map to that one standard, and the engineering work is divided amongst all 11 companies so it can happen much more quickly.

In particular, this approach will enable the bank to be much more agile. If any individual component isn’t meeting their needs, it doesn’t mean a two-year implementation period to try a new replacement since they can just rip and replace.

This will also help promote all the RegTech companies as it allows them to compete based on how effective they are, and not on how difficult it is to extract them once they’re implemented.

 

Q) How does Hummingbird make organisations more efficient?

Matt Van Buskirk: Up to our current stage, Hummingbird has been very focused on efficiency as the primary goal. Consider the people who need to sit down and actually do this work in the AML space: there’s been a study by PwC that’s indicating that they’re spending up to 90% of their time pulling information from up to ten or more different systems, spending a lot of time context-switching and copying and pasting into work papers.

It’s one of the reasons why I think we’re not very effective at actually capturing financial criminals – the UN is saying we’re catching less than 1% of financial crime globally. So, for all the people that are sitting down and doing this work, they’re not spending a lot of time actually conducting investigations. They’re basically doing a lot of prep work just to get the information into a format they can work with, then they have time constraints once they have the information gathered that prevent them from truly diving in to unravel the pattern. Furthermore, they need to make decisions rapidly, and that means they can’t always make decisions as well as they would like.

I think one of the biggest promises for an early win for Orchestrate that Hummingbird can contribute to, is the standardisation of all this data – enabling systems like Hummingbird to ingest all of the information needed for an analyst to make a call very quickly, and present a comprehensive set of contextual information the moment they sit down to review the case.

Hopefully, that will mean that 90% of their time is suddenly freed up and they can devote much more effort to diving into the nuances of what they’re seeing.

So, I think that efficiency is going to be one of the very early benefits of this Orchestrate project. And then from there, we should be able to start getting a lot smarter and add intelligence and effectiveness as well.

 

Q) How does the overall Hummingbird strategy make your approach more effective, accurate, and thorough?

Matt Van Buskirk: Criminals are agile – there’s a gap between the good and the bad guys in terms of how easily they can access information and learn from each other.

Google the topic “Crime as a Service” (CaaS). It’s been a developing trend in the space where the more sophisticated criminals have figured out that it’s more lucrative and safer for them to build tools for other people who are less sophisticated to use. And then they don’t necessarily engage in the actual direct criminal activity themselves.

Ransomware is a good example of this. Consider the hack into the Colonial oil pipeline here in the US – the ransomware software that was used was linked to a Ransomware as a Service (RaaS) provider.

Think about how criminals operate across borders. In my prior role at Circle, we would go into the dark web and see people creating guides on how to circumvent our control structure that were being sold for Bitcoin on the dark web.

We live in a world where that information is freely available for every financial institution out there. Everyone on the good side is stuck with all sorts of very understandable restrictions on information sharing related to privacy and security and such. The restrictions exist for a reason but they are also an impediment to interdicting illegal money movements.

We need to be able to get on to a more even footing. And even in the best-case scenario a financial institution is probably going to have – if they have put together ten different vendors that are all very good at what they do – it’s unlikely those vendors are talking to each other directly.

So, the success of an investigation often relies on the analysts’ mind to roll up the information they have seen across all of the different sources and their memory of prior cases they have managed to create a complete picture.

If all these systems are all speaking the same language and can learn from each other, we’re going to have the ability for the human in this process to be presented with exactly the right information and context they need to make smarter decisions faster.

If we can do this we will really close the gap between where they are and where the criminals are in terms of coordinating with each other.

 

Q) How does this integrated orchestrated strategy in the Orchestrate project enable an agile organisation?

Matt Van Buskirk: It helps us share the load. If you think about major initiatives, like the sixth anti-money laundering directive in Europe or the anti-money laundering act of 2020 in the US, there’s going to be significant changes happening over the course of the next couple of years that the financial industry will need to deal with.

If you have a single provider that is covering all of it, they’ll just be buried by all the changes that they need to account for. However, if we have an ecosystem of specialists who are very deep in whatever their focus area is, they can bite off and tackle individual pieces of it. And then the bank buyer in this situation can benefit from the distributed effort of all of those teams. So, they won’t have to take it all on themselves.

 

Q) Where will Hummingbird be three years from now, and how will the Orchestrate project have helped?

Matt Van Buskirk: I mentioned at the beginning that we’re trying to become a human interface for investigations of all kinds. We’re trying to be as interoperable as possible with other providers so our customers can put together their ideal stack for their business model, from KYC, to transaction monitoring, to adverse media screening, etc.

We’re agnostic as to where the data and alerts come from – they can choose whatever is best for them, and we’ll roll it all up into a common interface to streamline their process. So far, we’ve been able to reduce the time required for our customers to do this kind of work by about 90%. But we’d love to be able to go from 10x improvement to a 50x improvement by helping them to really build their dream team of technology solutions.

It would be very difficult for a company like us to do that without something like Orchestrate, because we’d have to integrate individually with potentially dozens of other companies, which is a significant engineering lift.

So, if Orchestrate offers the potential for us to do the one-to-one integration with a common standard,  we can suddenly become interoperable with hopefully, in the future, hundreds of companies. That’s where I’d love to be in three to five years.

 

Q) Any final thoughts?

Matt Van Buskirk: Do a Google search for the Regulation Innovation Special Interest Group. It’s hosted on GitHub, so it’s easy to participate in conversations related to the Orchestrate project! The FinTech Open Source Foundation and the Alliance for Innovative Regulation are both supported and have links to it as well. And obviously take a look at Hummingbird as well!