Fintech has produced a flurry of innovation in recent months, from new payment platforms to robo-advisers, coloured coins to smart contracts and more. While these applications have the potential to deliver financial services faster and more securely, they come with their own financial crime and compliance challenges. Running parallel, some in the fintech sector are also working on tools that could potentially reshape key compliance processes, is always a daunting task.
Transcription
Virginie O’Shea:
Thanks so much rejoining us back at FinCrime Global. Just a reminder that you can register for additional sessions using the menu bar on your left. You can view those on demand even if you’re not attending live. And I’ll encourage you to please keep asking questions of our panelists using the live chat feature. We had quite a few questions in our last session, so I encourage you to keep that up through the rest of the day. Our next panel session is titled What Next for FinTech? What’s on Offer Presently and What Does the Future of FinTech Hold for Fincrime Professionals? It’s going to be hosted by Chris McAteer, Senior Compliance Advisor at SIX Digital Exchange. Over to you, Chris.
Chris McAteer:
Thanks, Virginie. Nice to meet everyone. Happy to moderate this panel. So good morning, good afternoon, good evening to everyone. It’s a huge pleasure to introduce to you our panel. I will allow them to give more detail on who they are and who their background is, but first, just a few words about our panel today. As Virginie mentioned, we will be talking about FinTech. We’ll be looking at the history of it a little bit. We’ll talk about what’s next. We’ll talk about the differences between traditional FinTech and crypto. I think we all know that FinTech started as a back office process that we had in banks and has evolved into a wide variety of technological interventions.
Chris McAteer:
And there’s a lot of FinTech funding, a lot of VCs interested in new products, but at the same time, lots of regulatory hurdles that these FinTechs are having to face before introducing their products. So here to talk about the wild world of FinTech and all the innovations are Aidan Larkin and Sujata Dasgupta. So welcome both of you, and please, if you want to give yourself a quick intro and tell us where you’re at currently and a bit about your background. Go ahead, Aidan.
Aidan Larkin:
You’d like me to go first? Thanks so much, Chris, for the invitation to speak. My name is Aidan Larkin. I’m the CEO and co-founder of Asset Reality. I’m a former criminal investigator, and we build solutions to help private and public sector companies navigate what you mentioned, as sometimes is the sort of wild west of this new emerging crypto market, and helping FinTech companies as well understand where the regulations start and stop, what is international best practice, what is possible and what is practical as well.
Aidan Larkin:
So I’m going to talk to you today about some of the practical examples of things that we’re involved in, things that we’re doing, and just talk also about the international landscape and particularly what has been happening in relation to sanctions and other things and the crypto markets and the effect that has on FinTech. So thanks very much for inviting me here today.
Chris McAteer:
And Aidan, I think you have some experience in the movie business, do you not?
Aidan Larkin:
Movie? No, well, we do talking heads bits on the different… There’s a rumor that we might be involved in an upcoming Netflix documentary on crypto assets, but that’s about the height of it.
Chris McAteer:
Oh, so a little bit of insights there. We get the early scoop. Maybe we can have the scoop afterwards. So Sujata, can you tell us a little bit about yourself and your background?
Sujata Dasgupta:
Sure. Thanks, Chris, and hello, Aidan. It’s wonderful to be back at this edition of the FinCrime Global, as we call it now. I am Sujata and I head the global advisory for financial crime compliance at Tata Consultancy Services. I am currently based in Stockholm, in Sweden. I’ve had a career spanning over two decades now; it’s 22 years to be precise. And during this period, it started from the time when the 911 attacks actually triggered the whole shift in the financial crime compliance space. That’s where I started my FCC journey when I was myself based in New York at that time.
Sujata Dasgupta:
And through these 20 years, I’ve worked extensively in the areas of KYC sanctions, anti-money laundering, fraud, across various industry segments. I started with a bank, then I went to IT services, now I’m into consulting. And this has taken me to seven countries across US, UK, Europe, and Asia. And I am so looking forward to this discussion today and I’ll focus primarily on FinTechs, the financial crime threats that they’re facing now, the kind of technology that they’re using, which is helping them as well as in some cases where it’s also proving to be a challenge, and what’s next for FinTech, as Chris announced in the topic today. So looking forward to the discussion.
Chris McAteer:
Sounds good, Sujata. And I hear a congratulation is in order for having won the Risk Professional Award of ’21 last year, or the Women in Tech and Data Award. So that’s great. Congratulations on that.
Sujata Dasgupta:
Thank you. Thank you. Thank you. That was last year. So yeah, it would be nice to win another one this year as well, but let’s hope.
Chris McAteer:
Well, you keep growing and learning and reaching for higher. That’s great.
Sujata Dasgupta:
Thank you.
Chris McAteer:
Thank you. So, Aidan, I want to start with you. If you want to maybe just set the scene by explaining to us some of the FinCrime threats that’s really unique to FinTechs, and how they might be different from traditional financial institutions given their operating model.
Aidan Larkin:
Yeah, I definitely think there’s a natural sort of convergence of the digital asset space in FinTechs as well, that just cannot be ignored anymore. And there is this, it’s the old the Spiderman code: with great power comes great responsibility. There is certainly an expectation for FinTech companies now that they can’t… I think if you’re an established institution, I’m going to be slightly controversial and say I think they’re often forgiven a little bit more for moving a bit slower. And we’ve seen, if we look at as a comparison, if we look at the digital assets space where there is this expectation that we’ve seen fines being levied against FinTech companies that the banks, for example, would get away with.
Aidan Larkin:
And I think there is this expectation, and particularly against this sort of geopolitical position we’re in with sanctions that the big challenge now for FinTechs is to be able to be very, very aware of what is going on globally and implement solutions much quicker than some of them are. There’s often, we find, companies that will use the likes of the arguments that there’s a lack of clarity around regulations around certain things. But what we’re noticing is the ones that are getting it right the most are the ones that are being very proactive. And they’re using the tools because the tools are out there and we know that the industry is awash with very, very good examples and good tools from basic money laundering and compliance tools, right up to the crypto tools.
Aidan Larkin:
And I think where some companies are getting it wrong is that they’re thinking that they’re not a crypto company, whereas digital assets, it’s just the next logical progression. So we’re seeing now, we see regular law firms, regular accountancy firms, we see FinTech startups coming in now realizing that they have a compliance screening issue because a particular client who has used digital assets a year ago, and that immutable footprint, if they get it wrong and they onboard this client, or they onboard this business, even if it’s not in their lien, crypto or digital assets, I think there is a lack of awareness about how badly wrong it can go and how much of a trace there is. So I think that it’s pretty tough for FinTechs at the minute because they seem to have not a lot of clarity about what’s expected, but a really high expectation that they should just get everything right, and all of the time.
Aidan Larkin:
And I think it’s only going to get harder with things like Biden’s executive order, and, for example, on crypto and digital assets. Apple introducing an integration with new crypto companies like MetaMask. It’s just becoming more and more mainstream. And I think people need to start decoupling this: there’s crypto companies and there’s digital assets companies, that if you’re a FinTech company currently, you are going to encounter digital assets and those additional compliance burdens at some point in your journey, whether it’s client-led or it’s business-led. So I think it’s a tricky space, but on a positive note, all the tools are there, all the solutions are there and there’s a lot of companies that are getting it really right at the minute. And those that aren’t are sort of risking the wrath of penalties and probably sanction-related regulation problems if they don’t get it right.
Chris McAteer:
Yeah. Certainly there’s a lot of learnings and knowledge sharing that has to take place from the moment that the Financial Action Task Force, for example, sets a new rule or regulation or adapts its recommendations, and then that trickles down into national legislation. And then you have to then have the entire value chain of compliance become familiar with the new national laws and regulations, then implement it into processes, develop tools to be able to implement that. That takes some quite some time. And I know that you’ve talked a lot about crypto. That’s really one of the areas that you’re focusing on right now, but Sujata, could you maybe give us the other side of the coin? In the traditional financial crime space, what sort of threats are you seeing and what are some of the new challenges facing FinTech with regards to the financial crime space?
Sujata Dasgupta:
Yeah. Certainly. So I heard Aidan talking about the virtual asset space. My experience has been primarily in the fiat world. So I see, you both were discussing as well that FinTech initially started as more of an enabler, but then some of the FinTechs also started getting banking licenses, as we know, across the globe, there are so many. So they have also become financial services companies as well, but they’re still very different from the traditional banking, as we know; traditional financial institutions. And the advantage or the success criteria of these FinTechs have been, one, that they focus heavily on customer delight. The customer experience is fabulous there, as we all know. It’s entirely digital. So these are the success factors, but some of these are also causing some financial crime-related threats as well.
Sujata Dasgupta:
For example, as we know, traditional banks have very stringent onboarding norms, which started earlier, it was more of physical. Now, during COVID, they all moved to digital, but then there is a stringent mechanism of onboarding a customer and that is why it takes so long. Whereas in FinTechs, you cannot expect that long. The turnaround time is barely a few minutes or probably less than a minute. So in order to make the processes seamless, frictionless for the customers to experience the best, I think a lot of it focuses on the customer experience itself. And that is where there are certain weak links where criminals can exploit these vulnerabilities. Because it’s accessible, it’s fully digital, so you don’t need to meet somebody in person because these are only click-based, not brick and mortar-based.
Sujata Dasgupta:
So there can be vulnerabilities in these onboarding processes in the various products. For example, traditional banks may not allow certain products without doing an enhanced due diligence, certain high risk products, whereas it may be much easier to get it on the FinTech platform. So these are just examples. I’m not saying every FinTech has these gaps, but these could be some of the gaps where criminals would exploit these vulnerabilities. The second is about the speed: the speed in terms of speed of onboarding, speed of transactions, services. Anything that you want to do on a FinTech platform is much more speedier. And again, this becomes a loophole which criminals want to exploit because the speed of moving money, if it’s faster in a FinTech platform, criminal money would move much faster in a FinTech as compared to a traditional platform.
Sujata Dasgupta:
So I think these are some of the inherent strengths of FinTechs, like the customer experience, the speed of services, but then in a way, criminals also exploit these technologies. They are very tech-savvy. They exploit these vulnerabilities, and then they introduce themselves by stealing identities and nobody’s there to check them. So they can open multiple accounts to multiple FinTechs, transfer money seamlessly. And it’s all cross-border now, so from one FinTech, you can transfer money to another FinTech in completely different countries. And that is how money can move to high-risk jurisdictions as well. So I think these are some of the new FinCrime threats that probably some of the FinTechs may be facing.
Chris McAteer:
So Sujata, you focus really on advisory, and Aidan, your trainer pack’s in [inaudible 00:14:00]. What are some of the things that you recommend your audiences or your clients on how to stay abreast of the changing threats and new types of innovations that the criminals might be using? We all can Google, but what are some of the best practices you encourage your MLRO or your compliance officer first line on how to become familiar and stay on top of changes?
Aidan Larkin:
From my perspective, I think that it is an incredibly complex ask, because you’re right, things change so quickly and there’s not particularly objective sources often. And we see that it is the sort of click-bait side, looking for FinTech companies in the UK, for example, had a sometimes often strained relationship with the FCA around getting registered as a crypto business. And this is repeated all around the world and governments were bringing in regulations. And as Sujata had mentioned, the risk is always because things can be done at scale, and when it goes wrong, it can go spectacularly wrong for victims. And if you’re the MLRO in the middle of all of this, trying to balance external venture capital money that wants you to do more things bigger, faster, and more automated, and at the same time, you’re trying to almost control the crowd and try and sort of build those things in, I think that where we see a great source of value is just around education and awareness and using those sort of informal groups, for example.
Aidan Larkin:
So one example in my world is the CFAR Network, in a way, a complete not-for-profit organization of different companies that have come together to share best practice in crypto fraud and asset recovery; professional services firms, law firms, and the like have come together. And I think the industry in the sector should do that though these aren’t just BD opportunities for people. I think that companies being able to share, “We had a near miss with this last week, and this is what we’ve done to shore things up.”
→ SEE ALSO: FinCrime World Forum
Part of the Digital Trust Europe Series - will take place through May, June & July 2022, visiting five major cities;
Brussels | Stockholm | London | Dublin | Amsterdam
Get to the edge of the financial crime debate at FinCrime World Forum.
Aidan Larkin:
I think that is incredibly valuable because when you look at the likes of these larger regulatory arguments, you’re going to have very subjective media headlines, that if you’re an MLRO, what we want to be turning here, it’s quite complicated. And I think the greatest value, what we see, is that it’s when people in businesses and FinTechs are sharing the… Obviously, your background with exchanges, I mean, the UK has an exchange working group where the different MLROs and heads of the exchanges from a compliance point of view will come together once every couple of weeks and just share, “We’ve seen this scam,” or “We’ve seen this issue,” or “We’ve seen this and we fixed this, and this is how we did it,” on a no names basis.
Aidan Larkin:
I think things like that have a really, really important… As we get to a more increasing, less human touchpoints, more automation, more… We’re all going to be sort of run by robots and AI in the years to come, I think that probably the most important part for FinTechs is having those interpersonal relationships with other companies and other businesses and not being in a silo, because that can sometimes be the thing that allows you to swerve a potential landmine if someone else has already navigated it.
Aidan Larkin:
Because I don’t think, unfortunately, there’s any other quick fix. I mean, you say, you’re going to see these regulatory updates, you’re going to see things pushed down. But what tends to happen is the information that’s pushed down internationally doesn’t come with an instruction manual and you’ll still have your own lawyer telling you, “What do you think?” If you apply to any regulator in the crypto space, the first question you get asked is, “Do you think you need to be registered?” Well, you’re asking [inaudible 00:17:53] the regulator. They said, “Well, what does your lawyer say?”
Aidan Larkin:
My lawyer doesn’t know any more about this than you guys do. But there often is that, and it’s a proceed at your own risk. And you go, “But how can I do that if I have no metrics to set it against?” And so I think that’s where in those informal networks I do think should be… Because ultimately if things go horribly wrong and you’re forced to defend your actions, if you’re able to say 16 other companies in this jurisdiction does it exactly the same approach as we do, that’s a very powerful tool, but hopefully people don’t need that. But I think the interpersonal networks within companies are really a useful resource.
Chris McAteer:
Yeah. I can only echo that. It’s time that sometimes we don’t always want to prioritize because we have so many deliverables with our client and we’re not paid to sit on a board or to participate or chair a meeting, or prepare a presentation for some crypto association or contribute our thought leadership to a paper. But it’s really those opportunities where you’re exchanging views and you’re strengthening your network. Because ultimately if you have a risk or you have a concern or you don’t understand something, you always want to go to someone you trust and someone you can expose yourself to and say, “Hey, I don’t understand this. I don’t want to spend $5,000 to ask my lawyer a quick question. What do you think and how are you dealing with that?” And you need that trust network to be able to sort of open that up. Sujata, how has that been for you?
Sujata Dasgupta:
Again, I’ll keep comparing the traditional banking with the FinTechs here. So traditionally, as we know, the banks, they’ve always had these three lines of defenses. And banks have been the most regulated. I mean, banks and financial institutions, I think, among all industries, the BFSI segment has been the most regulated. And as Aidan was mentioning that there’s always a new regulation, and how do you know which one applies to you? How do you implement it? How do you actually execute those? And how do you know that you have done the right thing? So all financial institutions, they have had these three lines of defenses, the first being the operational, the ones who operate what is actually to be actually the regulators want. The second line is the compliance function, or the compliance office in any financial institutions.
Sujata Dasgupta:
And that is where all these new regulations, like Chris, you were mentioning that there are these global regulations coming to national regulations, and then that they have to be transposed into the institution level. So this compliance function is the group which transposes this national law into the institution’s policies. So they are the ones who update these programs, the policies, create the standard operating procedures. So that’s the compliance function. It’s their responsibility to ensure that every new regulation is adopted by their institution. And then there is the third line, which is their internal audit function, which has to see, again, that everything that’s recognized as a policy is actually implemented by the first line. So the third line, that’s the internal audit, is actually ensuring the compliance; what has been created by the second line is executed by the first line.
Sujata Dasgupta:
So that is how the three lines of defense work traditionally. So that has been a set mechanism in the larger financial institutions. Now, coming to FinTechs, as I was talking to you, there is a lot of confusion about what applies to FinTechs, what does not. If they have banking licenses, well, it’s settled, but if not, then what applies to them? So that is a confusion. And that is where I agree with Aidan that they have to have their own networks and those networks would, of course, include those: the public institutions, the private institutions, the lawyers and all of that. Because they have to figure out, if at a later date, there is some regulatory penalty they cannot say that we were not aware, though there are confusions, there are ambiguities in a number of regulations in several countries.
Sujata Dasgupta:
We don’t know whether they apply to the FinTechs or not. We don’t know whether they apply to the regtechs or not. But then the best thing is of course have their own three lines of defense if they don’t have it already, because I have not seen that FinTechs having all these large scale infrastructure on a compliance function, a third line. First line will of course be there, but the second and third line, whether all FinTechs have it, I’m not sure. So probably that is one way of dealing with it. The other ways is all the public and private networks, as you both have been discussing as well.
Chris McAteer:
Absolutely. So we’ve touched a lot about crypto, or we have talked about crypto and the difference between traditional financing and in the title of the description of this panel, there was buzzwords like colored coins and smart contracts. Aidan, maybe could you enlighten for the audience that’s not so much familiar with distributed ledger technologies or blockchain technology what are colored coins and how might smart contracts come into the foray in terms of supporting financial crime prevention and compliance?
Aidan Larkin:
Yeah. I think it goes back to what we mentioned earlier on about trying to stay abreast of things. And just on that though, on the last point, there’s over [inaudible 00:22:48] mentioned, there’s over 50 countries around the world that still have no regulations in digital assets or crypto spaces. So those FinTech companies that are operating, I couldn’t agree more to the sense of there’s no… I mean, basic money laundering, risk mitigation, you don’t need to wait for special digital asset rules. If there’s a suspicious transaction, it’s a suspicious transaction. So you won’t be able to hide behind, “We didn’t have a particular piece of legislation or a rule.” Fundamentally, if it comes down to someone is involved in terrorist financing or anything else, you won’t be able to hide behind the fact that there wasn’t a specific niche piece of law or legislation.
Aidan Larkin:
So I think some companies are getting it wrong and operating quite at a high risk. But I think that this brave new world that we’re now seeing, we saw the British Chancellor, Rishi Sunak, getting an NFT prepared at the Royal Mint, [crosstalk 00:23:41] trying to deflect from the catastrophic economy right now. Let’s mint an NFT. And then you’ve got government ministers standing beside super yachts [inaudible 00:23:53]. It’s extraordinary times. It reminds me of the Roman coliseums, entertain the masses while the wildest problems over here, hold up something shiny on the other side. I think that with NFTs and these new… Again, it was my initial point. I think we’re making a mistake by having it considered as a niche sector.
Aidan Larkin:
I think that if you are in FinTech, it is an absolute inevitability that there will be interactions with digital assets of some description. You may not actually deal with NFTs, you may not actually deal with certain tokens and smart contracts, but if the UK comes out with a central bank digital currency, or a version of a stable coin, you will be dealing with it, it’s as simple as that. And I think that now would be a really good time for companies, if they’re not already involved, to have a basic awareness around digital assets and how it affects them. And it goes back to a lot of the points that Sujata talking about where with this, because there’s a massively interesting opportunity, there’s a really good economic opportunity. We see regular law firms coming to us that they’re not crypto law firms, but they have a customer that is restructuring their business affairs and maybe that top co is connected to an exchange.
Aidan Larkin:
So all of a sudden they have to have some sort of capacity around understanding the business model that it operates with and what is possible and what’s not possible, what questions you would be expected to ask, what’s an unreasonable request? Because ultimately, it always comes down to the old tax inspector days, it’s back to the reasonable man test at court. When there is no legislation, what is reasonable for you to do? What is expected that you could do? And I think that FinTech now has so many incredibly clever and automated tools that there’s not much hiding space because someone else is probably already doing it. And when we see, you don’t need to understand or be a gemologist to understand why diamonds have a value; they have a value.
Aidan Larkin:
I think there is an obsession right now with digital assets that people are diving into distributed ledger technology and trying to understand blockchain and trying to understand why NFTs have a value and why crypto assets have a value. And to be quite honest, it’s like this platform we’re using of video conferencing. I couldn’t explain to you the complexity of the technical infrastructure that takes place that allows me to sit in a hotel room in London and speak and come out the other side with everyone those are dialing in internationally. And I sometimes think that with digital assets, there is this obsession where people are trying to dive into a level of granular detail that is not necessary. And the reality is there’s enough companies and enough people out there to help you navigate that space. But I think that people are missing business opportunities.
Aidan Larkin:
Back to my first point, we have law firms that come to us and say, “Someone was about to pay for something or buy a house and we’re not a crypto company.” You don’t have to be a crypto company. If they have made money on Bitcoin four years ago and all of a sudden they have converted that into fiat and now they’re using that fiat for something else, you still have a basic responsibility under the money laundering regs for source of funds. So you still need to be able to do that initial check on how that wealth originated. And too many companies are astonishingly just shutting the door to these types of inquiries and being afraid of it. So I think that companies are closing themselves off to this new world that is not going anywhere, because we see this now. When you’ve got government ministers talking about the strategy, when you’ve got presidents in the United States talking about we are going to do this, it’s an inevitability that digital assets are going to be part of our everyday life.
Chris McAteer:
That’s right. Yeah, absolutely. So that was just the bell. I think that means we have five minutes left, or 15 minutes left.
Aidan Larkin:
We have a lot of questions coming in.
Sujata Dasgupta:
That was my door, actually. I’m not opening.
Chris McAteer:
Oh, that’s great. Because I thought, oh, there’s so many things I want to talk about still. No, it can’t be almost over. I think you’re absolutely right, Aidan. It’s a challenge for companies who are wanting to interact with people who’ve dealt with crypto to not be afraid of that and understand how to adapt their traditional anti-money laundering due diligence to crypto, so understanding what they have to do. But I think the key message in a lot of the training that I give is just always that it’s 90% similar, if not identical. There’s just a few areas, like you mentioned; source of wealth, source of funds, that may differ. So if somebody wants to buy a home and because they’re a quick crypto millionaire, and you’re doing a research on the source of funds or the source of wealth, then you obviously have to look into blockchain, but there’s a lot of blockchain analytics companies that are out there that can support with that.
Chris McAteer:
But it is a hurdle to become familiar with that. There’s more and more people who have become familiar with that landscape and who offer training, who offer advisory services on how to make that gap. And so it shouldn’t close the door. And on the flip side, there’s a lot of crypto companies, as you correctly mentioned, that believe that they’re out of the scope of regulatory obligations for AML due diligence, because they feel that they already centralized, or for whatever reason they don’t feel that they are subject to, but rightly so because regulations are global, even though they may not have a national landscape specific applicability of their AML legislation to their business, they still should anticipate that at least in the next few years, either the national legislation will be modified to be updated to the AML requirements of the FATF and/or they will have to, from a reputational perspective, build in the processes for due diligence in their crypto space, even though at the moment, they may not have a strict regulatory requirement.
Chris McAteer:
Sujata, flipping back now to the financial crime space, what do you see are some of the next generation technologies in the FinTech space? And what are you most excited about? And what do you see might be some of the big innovations that will really help the banks and other financial services to reduce processing time, onboarding time or other kind of gains?
Sujata Dasgupta:
Sure. So these FinTechs, they have the advantage that they’re not saddled by legacy infrastructure. So they all started, I think, five years ago or when this whole FinTech revolution started. They had the advantage of starting on an advanced technology platform itself. So I think that’s basic, so we will not talk about any legacy debt that they may have. So while they have all started on this digital technology, our focus now is towards how can these technologies be enhanced in order to improve the financial crime risks or the threats that we were just discussing? So, as we know, digitally, the onboarding for FinTechs is all digital, so there is possibly no human intervention, unless it falls into some exception queue or something. Otherwise, it’s seamless, it’s all digital. Now, we were also talking about how identity thefts and stolen identities can be used in the digital onboarding world.
Sujata Dasgupta:
So because there is no human interaction in the process, now, smart identification and verification is getting mainstream where most FinTechs are possibly using these dynamic biometrics, liveness checks, facial recognition, all of these are getting mainstreamed into your onboarding platforms itself. So the stolen identities will not help because there is a liveness. So the person who is onboarding has to either speak or make some movements or do something to prove that the person who is onboarding is actually the person in front of the device’s camera as well. So those kind of smart identification verification tools are coming in. The adoption is also growing. Then, because the timing is so less, it has to finish, say for a retail customer, everything has to finish in less than one minute. So there is a competition among FinTechs, who is doing it faster?
Sujata Dasgupta:
Is it 30 seconds? Is it 50 seconds? 55 seconds? So what happens is this gives very little time for a thorough due diligence of the customer. One minute is very less time. And because we know that FinTechs are not using humans to do this process, it has to be, again, triggered by additional technology, if we have to do, within this time period, if we have to do this enhanced due diligence, a thorough risk assessment, which means that they have to employ further advanced technology, which means adding in entity resolution, adding in a network discovery, adding in alternate data sources. So if they’re just using one data source for, say, identifying whether he is a PEP or a sanctioned entity, what more additional details can you get in? Can you get in adverse media information? Can you get in… Like, we now have the IC idea; the investigative journalists also publish a lot of information.
Sujata Dasgupta:
So FinTechs have to get a little more creative in adding more data sources in order to enhance their analytics and AI-powered technology. So that is one. I think that will help a lot with weeding out a lot of bad elements, not allowing them from entering the system in the first place. Then of course, I don’t know whether every FinTech is prioritizing the financial crime just as much as traditional banks do. I’m not sure if that is a priority for FinTechs, because FinTechs, as I understand, for them, the priority is more about customer experience, bringing out new products, new channels, how can they gain more market share? So probably financial crime compliance has to feature in among the top priorities. And in doing that, probably they need to install all these machine learning-based, AI-based technologies for further detection, investigation. Maybe some are already doing, but those who are not, they will have to invest a little more on those kind of technologies.
Sujata Dasgupta:
Also, we’ve heard a lot of online payment-related frauds. It’s because of the speed that I was telling you. An online transaction has to finish in, say, two seconds or 10 seconds or whatever is their SLA. Now, within that time, again, detecting an online fraud is very, very difficult. And that is why, again, they have to depend on new technology which will enable them to do real-time fraudulent risk detection scoring of that transaction, real-time treatment, that whether you want to block the transaction, whether you want to allow it, freeze the funds. All of this has to be real time within that, whatever, 10 seconds timeframe. So I think all of these new technologies will have to evolve so much in order for FinTechs to have that very strong line of defense for financial crimes. I just named the top three, but I think there could be several other new technology initiatives which can help improve the financial crime risk mitigation for FinTechs.
Chris McAteer:
I want to pick up on something you said. You referenced ICID and there’s a question, 13, that just came in, says, “What is the main difference between synthetic ID and stolen ID?” For some of the listeners that are less familiar, can you give us a little primer on ID?
Sujata Dasgupta:
Sure. I can do that. So stolen ID is when my identification documents, for example, my passport, my national ID, all these are stolen and these are used for onboarding in a different bank. So it would be my passport, my name, my details, my date of birth. So some criminal would be onboarding in a different, say, a FinTech or a financial institution, and would be onboarded as Sujata Dasgupta with all my details. So this is where my stolen identity is being used to onboard in a bank or a financial institution. Whereas, a synthetic ID is a combination of my stolen ID with some fictitious information. So it’s a combination, where my information is first stolen, my details are first stolen, and then, say, a credit history is created. So they would take some loan. So they would open an account in my name.
Sujata Dasgupta:
Then they would start taking a loan, a small amount of loan. They would pay that. So there is a credit history in that customer’s name, which is my name, of course, but maybe in a different country. So it’s a combination of the real stolen identity and some fictitious information. So there would be maybe some information posted on social media, creation of fictitious profiles in that name. So synthetic is something which is created, which is not real. So synthetic is created by combining the real information with some fictitious information.
Sujata Dasgupta:
And the purpose is to commit a much bigger fraud. So like I said, initially, you might take a loan of, say, a thousand dollars. You repaid very quickly, your credit history is super, and then you start building on that. So even though I’m not aware of what is going on, there may be pages in my name. There may be friends with some most influential people. Again, I’m not aware, but there is some criminal who is doing it. And then they go and probably max out a card in that name. So that is what a synthetic identity fraud is about, as compared to a stolen ID.
Chris McAteer:
Okay, great. I hope the person has… Now they have the full professional answer. That’s good. Aidan, I would be remiss if we didn’t get to pick your brain on your area of expertise, which is really the recovery of seized assets. I know that you’ve done some great there in establishing best practices and offering some training in that area. Can you give us an insight as to what are some of the best practices really for crypto asset recovery and seizure? Probably either at the national level or even at the corporate level, what are some of the things, what are the trends and what are some of the key messages from your side?
Aidan Larkin:
Yeah, happy to, and actually it hits on one of the questions we were asked about how the interaction of some countries having a legal view on crypto affects how FinTechs and companies interact with it. And I think there’s a misconception, waiting for countries to legalize or not legalize. It’s an asset category. It doesn’t matter. And I think there’s a misconception that I’m a UN consultant in a personal capacity. And we find new companies in law enforcement and regulators saying, “Oh, no, we haven’t decided what’s happening at a country level yet, whether it’s legal or not, are we doing an El Salvador? Are we going in an Indian direction? Are we going to do something and then reverse it and change it in the future?”
Aidan Larkin:
I think that’s a misconception for FinTechs. That doesn’t matter. It may affect something in the future, but that’s like guessing what the legislation is going to be in a year’s time. It doesn’t affect what you’re doing today. Today it’s around financial compliance risk and risk mitigation, and just using the conventional tools that you have. But in terms of crypto, we’re always keen to try and demystify it because crypto asset recovery and digital asset recovery is easier than any other category of asset.
Aidan Larkin:
There is absolutely no doubt about that. Because of the creation of these incredible blockchain analysis and investigation tools, as again, as an ex-criminal investigator, if I had a traditional financial crime case and the fraudster had moved money from the UK to offshore, for example, that’s a six to 12 months international mutual legal assistance request for me to try and get bank statements. When I get those bank statements, I’m then looking at the history and I’m saying, oh, it’s moved somewhere else. Another six to 12 months until I get that next piece of information.
Aidan Larkin:
Whereas when you see a large crypto hack take place or a crypto asset recovery case get kicked off, you’ll see all of the analytic companies on LinkedIn. Within hours we’ll untick everything that’s happened, because it is this immutable ledger. So when we think about it in terms of seized assets, we don’t do anything different than what we do with a yacht or a Ferrari or any other asset, because ultimately it is, in terms of the legislation globally, when you’re investigating crimes, it’s an asset class, it’s digital gold. So there’s nothing done differently, it’s still prepared in the same way. You still use analytic tools to trace and find the assets you’re going after. You still go to conventional court. You get a freezing order. You try and find if the assets are sitting in an exchange or they’re hosted somewhere else. So all of the actual recovery process is identical.
Aidan Larkin:
The difference is with crypto is that you have greater capabilities to do things faster and at scale, and you have this immutable ledger that leaves this wonderful footprint. So if you’re an insolvency practitioner or a lawyer, and this is the other side, is that it can also be the bane of your existence, because if you’re an insolvency practitioner, for example, or a lawyer investigating something to do with crypto, the information is there. So if you miss it, someone else is going to come behind you and say, you didn’t do this and you failed in your duties. If you miss something that you could have picked up in the onboarding process, it’s not buried in a file, it’s on the blockchain. And I think this is why everyone now with sanctions are realizing, are we doing business with someone that two years time is going to get unpicked by a federal investigator because it leaves this absolutely immutable footprint?
Aidan Larkin:
Again, I’m conscious of our time with a bunch of questions. So we have, I think, crypto asset recovery, seized assets. That’s all quite straightforward because then I can seize a billion dollars of crypto assets from a laptop. Whereas if you ask me to go and deal with a mega yacht somewhere, there’s much, much more moving parts associated with that. And that’s really good news for companies who are victims of financial crime as well, and the recovery prospects of actually tracking and tracing your assets if you’re a victim of a ransomware attack or a cyber attack, if you are victims caught up in a class action where fraudsters have programmatically tricked people to send them Bitcoin or false investment opportunity, or a Ponzi. Most crypto cases, remember, are Ponzi schemes underneath. It’s just frauds are using the latest technology, fraudsters are using NFTs because that’s where the attention is.
Aidan Larkin:
They’re using the DAOs because that’s where attention is. But we need to not make the mistake of calling it crypto crime or crypto fraud. If someone steals a watch, it’s not watch crime, it’s just crime. They’ve just stolen something from it. And I think there’s an obsession in the media to [inaudible 00:42:11] these things as crypto. It’s just, it’s the current… It’s like when we saw the gold price explode, I think maybe seven or eight years ago. There was this associated rise in fraud relating to gold and fraud and new investment policies linked to gold. It’s just where the attention is going. So I think the positive note is the art of the possible in crypto asset recovery is really high. Victims do stand quite a good chance, but it’s a tight drop, and if it goes wrong, it can go horribly wrong at scale.
Aidan Larkin:
And I think that’s why FinTech companies get picked on a little bit harder, because for all the reasons that Sujata mentioned. They have the potential to fix a lot of things that the old establishments didn’t have the flexibility to do, so the pressure is on them to demonstrate best practice. And one of the questions talks about lack of regulations. Well, that’s the challenge. We’re a FinTech company. We build new technology solutions for exchanges, for if a customer gets hacked, what is that user journey like? How do you protect that customer? How do they investigate the case? It’s for us in the FinTech sector to move to innovate and be audacious and try to build solutions. If we sit back and say, “Well, there’s no regulation on that,” that’s not good user journey, that’s not good customer service.
Aidan Larkin:
I think we have a responsibility to be proactive, where there is no legislation and take the lead to CFAAR Network Crypto Fraud and Asset Recovery. Someone has asked, there’s a LinkedIn group, it’s free. Anyone can join if they want to learn more information. You can just go into LinkedIn, type in CFAAR, and you can join the group. And that goes back to one of the other questions about Egmont Group, Gutenberghus. It is using those informal networks, I think, to share best practice is probably the best defense where there is no legislation or regulations.
Chris McAteer:
Yeah. And joining local industry associations is always a good one. I think we have just about two, three minutes left, so looking into your crystal balls, what are you… Just maybe one quick minute from both of you. What are you most excited about in the future of FinTech in terms of financial crime compliance? Sujata you want to start?
Sujata Dasgupta:
Yeah. One minute is very short, but I’ll try to keep it to brief, maybe one or two top things. One is CBDC is in many countries they are at very mature stages and we might see them being adopted or being implemented in the next few years. So from my view, I would be most interested to see how these CBDCs are actually getting integrated into the already existing digital payment ecosystems. How does that pan out? That is definitely something which I would want to witness in the next few years. The second we all discuss.
Chris McAteer:
Just so we’re clear, CDBC is central bank digital currencies?
Sujata Dasgupta:
Correct.
Chris McAteer:
It’s a national, government, fiat government digital equivalent on either private or public blockchain.
Sujata Dasgupta:
Exactly. It’s still a central bank currency, but not the fiat. It’s the digital currency.
Chris McAteer:
Yeah. Digital.
Sujata Dasgupta:
Yeah. And the second thing, which I think we touched briefly upon, of how public and private sectors can engage together in enhancing the financial crime risk and compliance mitigation. So there has been a call for stronger engagement, but probably one roadblock has been the data privacy issues. That is why they’re not able to share a lot of information amongst public institutions, law enforcement, and all of that. I think with the growth of privacy enhancing technologies, which is a workaround in that space, I’m sure privacy enhancing technologies will have a role to play in the next few years because we want collaboration, the PPP type of collaboration.
Sujata Dasgupta:
But where regulations are not very clear and we have these data privacy regulations across the globe, I think privacy enhancing technologies, which will use technology like homomorphic encryption or secure multiparty computation, I think, yes, I think these kind of tools will help in collaboration amongst institutions in [inaudible 00:46:04]
Chris McAteer:
Very well said. Fully agree on all those points. Aidan, how about you?
Aidan Larkin:
Yeah. I think that what we’re going to see now is we’re going to see some of the really big players coming in. And I think everyone, we’ve seen some of the questions about what are other companies doing? What are other FinTechs… Everyone’s sort of waiting with bated breath to see what is Apple going to do with crypto assets, for example? Classically with digital assets, there’s been a massive criticism of the industry of not doing enough for users when they’re victims of crypto-related fraud activity. If you have a hack and you go to one of the large exchanges, or you go to one of the large digital asset managers or platforms, quite often, I think, we’ve raced ahead so fast that we kind of forgot about the basic consumer protections.
Aidan Larkin:
We have Visa chargeback. Are we going to see something like that in crypto? We have insurance policies for your mobile phone and your laptop. Are we going to see that for personally held crypto assets? And I think that with those really big players coming in, plus the constant PR battle, I think whoever gets that right will reap the reward. And we do this with some of the large exchanges, trying to enhance the user journey, trying to use the technology and the tools to make it more likely for someone to not suffer a hacker, get their assets back. If you can be the company that allows people to interact with digital assets and feel safer, the really subjective human emotion of actually feeling safer. Like, my parents don’t use online shopping because they trust the infrastructure of the internet.
Aidan Larkin:
It’s because Visa will give them their money back if something goes wrong. We don’t have those safety nets in crypto. It’s one of the things we’re trying to develop in Asset Reality to make people’s life a bit easier if it goes wrong, because I think that will really help. And I think with Biden’s executive order and that rallying cry to say, we need to do better in the sector, it’s wonderful news, because it’s instead of demystifying the wild west, it’s a case of there’s really interesting technology here, how can we put it to better use so that everyone benefits from it? So whether there’s a CBDC, whether there’s new stable coin iterations, whether there’s NFTs from David Beckham and Snoop Dogg, all of these things are really good for the entrepreneurial ecosystem for FinTech companies to answer that sort of rallying cry. But let’s not forget this has gone wrong before in this traditional financial sector.
Aidan Larkin:
And I would hate to be sitting here in two years time saying we’re not getting disclosures right, we’re not getting crypto related SARs right, we’re not getting new consumer protection right. So I think as we race ahead, we remember the basics. And this does go wrong. People do lose money. People are victims of fraud. So I think the FinCrime professionals need to keep that ballast right and keep these companies on track that we always consider that there is a user behind all of this that we need to take care of.
Chris McAteer:
Absolutely. And I think all the innovations that will facilitate and bring automation and standardization to some of those processes may help to reduce the risk. And also the fact that now that post-COVID where we’ve gotten used to having more training and other types of learning institutions and services like those that you guys offer available at a distance, hopefully will reduce the barriers to getting access to high quality information and training and know how to implement those processes. So, unfortunately, we’ve come to a close, to an end to our session. It’s been such an honor, Aidan and Sujata, speaking with you. Thank you so much for joining us for the session today and donating some of your precious time and know-how to share with the audience. And thank you, audience, as well for your questions. I’m sorry that we weren’t able to answer most of them, but it’s certainly been a pleasure interacting with you today.
Aidan Larkin:
Thanks for moderating, Chris. You’ve done a great job.
Sujata Dasgupta:
Thanks. [crosstalk 00:49:46]
Virginie O’Shea:
Fantastic, guys. Again, lots of questions coming in that we didn’t even manage to get to all of them. So that’s, again, proof that we’ve had some wide-ranging discussions on lots of interesting FinTech topics there. Some of the big points made: everyone needs a basic awareness of digital assets. It’s a fast-evolving space. Lot of regulation coming in, it’s fast-evolving also. But as someone operating in the crypto space, you need to be very proactive in your regtech adoption work with the regulations we have already. 90% of them are probably applied to you at some point, though there’s going to be some specific crypto fin reg coming out. And there’s lots of ambiguities in what applies to FinTech firms, but make sure that you collaborate with your peers. Again, collaboration came up in that panel too. So lots of interesting discussions, and stay tuned as next we’ve got an exclusive presentation from our sponsor, Blackdot, entitled Connecting the Dots: How OSINT Can Improve Outcomes in Financial Crime Invest-
FinCrime World Forum
Part of the Digital Trust Europe Series - will take place through May, June & July 2022, visiting five major cities;
Brussels | Stockholm | London | Dublin | Amsterdam
Get to the edge of the financial crime debate at FinCrime World Forum.
FinCrime World Forum is a two-day in-person event taking place as part of the Digital Trust Europe series. The event will feature presentations and panels from thought-leaders and anti-financial crime professionals that are leading the way on how we can better, more efficiently and more effectively fight financial crime.
What’s Next For FinTech? What’s on Offer Presently and What Does the Future of FinTech Hold for Financial Crime Professionals?
- 1Currently reading
What’s Next For FinTech? What’s on Offer Presently and What Does the Future of FinTech Hold for Financial Crime Professionals?
- 2
- 3
No comments yet