Stopping the Dirt

As the effects of the Fourth Industrial Revolution begin to be felt across business, there are hopes that AI can provide the means to support the battle against money laundering

It’s easy to buy into the buzz around the Fourth Industrial Revolution (4IR) technology. After all, its possibilities are mindblowing: many super-powered computers can do a lot more thinking, processing and data analysis than one human being, no matter how smart that person may be. Little wonder, then, why so many industry leaders are feeding the hype. ‘Right now, we’re at a tipping point in Africa’s development,’ writes SAP Africa MD Cathy Smith for the World Economic Forum on Africa. ‘We’re hurtling headlong into the Fourth Industrial Revolution, which has the potential to turbo-charge the socio-economic development of the entire African continent. In Africa, 4IR’s potential is limitless. Its technologies, like artificial intelligence and the internet of things, offer a new vision for economic growth, innovation, development and human wellbeing. It can solve a host of business and societal challenges, from providing better healthcare and basic services to creating more efficient governments, and helping businesses become intelligent enterprises that drive growth and prosperity.’

The financial services industry especially is about to face massive disruption. Digital identification systems, which are made so much more efficient through cloud computing and big data management, can – as Smith puts it – ‘play a major role in driving financial inclusion and addressing corruption through reduced fraud and leakages in social benefits payment systems. Once people have digital identities, they can do anything, from getting a SIM card to arranging a bank account or pension’.

4IR can also help the banking sector solve one of its biggest problems, and its dirtiest secret. The UN Office on Drugs and Crime estimates that as much as 5% of global GDP is lost to money laundering every year. That’s roughly the equivalent of $2 trillion, or the entire annual GDP of Brazil. …And it directly funds crime and terrorism.

It’s a reputational disaster for banks too. In 2017, Australia’s financial intelligence and regulatory agency AUSTRAC accused Commonwealth Bank Australia of 53 700 breaches of money-laundering laws; while last year Dutch bank ING Groep NV was forced to pay €775 million to settle an investigation into alleged money laundering and other corrupt practices. Meanwhile, Denmark’s Danske Bank recently found itself in the middle of a hugely damaging $230 billion Estonian money-laundering scandal, which has hit the bank’s share price and sullied the names of associated parties, including auditors EY and Sweden’s Swedbank AB.

To see where 4IR and its AI tools come into the picture, you need to go back to that single person and those banks of super-powered computers. There are various tricks that money launderers use to clean their dirty money. One way is to avoid trigger alerts. Cash transactions above a certain threshold amount are automatically reviewed by regulators. (In Australia, for example, AUSTRAC’s trigger alert kicks in at A$10 000.) To beat the system, you just need to keep your transactions under that threshold (say, A$9 500 at a time), and you’ll get away with it. In banking law this is known as ‘structuring’, and all it requires is a knowledge of how the bank’s trigger warnings work.

To add another layer of complexity, many money-laundering operations employ Smurfs. Named after the industrious little creatures from the children’s comic books, Smurfs are large groups of people who (wittingly or unwittingly) make multiple small deposits that are even more difficult for banks’ systems to pick up. Looking purely at the numbers, it’s incredibly hard to tell if a law-abiding client just received 100 deposits of R100 each for their R10 000 crowdfunding campaign, or if 1 000 Smurfs working with R1 000 each have helped a terrorist kingpin launder R1 million into the system.

Complicating matters further, according to Akli Adjaoute, CEO of AI company Brighterion, is that the number of alerts ‘generated by legacy security and compliance systems has led to widespread alert fatigue and endless false positives’. As he explains in an online op-ed, ‘research firm Ovum found that over a third of banks receive more than 200 000 security alerts every day. No human or team of humans – no matter how talented, experienced or devoted – can keep up with such a colossal pace’.

Further research by IBM found that more than 90% of the questionable transactions flagged in those security alerts turn out to be false positives – perhaps because it really is a law-abiding citizen’s crowdfunding campaign, or perhaps because a new customer shares a name with the terrorist kingpin. Whatever it is, each of those alerts has to be investigated. That’s why banks need armies of computers that can think and – crucially – learn.

A recent IBM white paper notes that when it comes to anti-money-laundering (AML) alerts, high false positives are the norm. ‘The reason for this is a combination of dated technology, and incomplete and inaccurate data,’ the report states. ‘Traditional detection systems provide inaccurate results due to outdated rules or thresholds, or peer groups creating static segmentations of customer types based on limited demographic details. Also, account data within the institution can be fragmented, incomplete and housed in multiple locations. ‘These factors are part of the reason why alerts and AML are key areas to apply AI, advanced analytics and RPA [robotic process automation]. The technologies can gather greater insight, understand transactional patterns across a larger scale and eliminate tedious aspects of the investigation that are time consuming and low value. In short, AI can augment the investigation process and provide the analyst with the most likely results, driving faster and more informed decisions with less effort.’

A separate report by Deloitte notes that machine learning algorithms can be taught to detect and recognise suspicious behaviour, and risk rate them accordingly. ‘For instance, machines will learn and focus on “bigger” risks while knowing when to omit non-anomalous transactions that do not present any risks as dictated by customers’ profile and behaviour,’ the report states. ‘The greatest opportunity for application is in the money-laundering and terrorist-financing transaction monitoring process. Traditional systems detect very specific typologies that can be circumvented. Furthermore, the results from these models contain more noise than “signals of risk” as the net is often cast wide in order to not miss a potentially suspicious activity. By relaxing rule thresholds to capture suspicious transactions that are closer to “normal” activity, there will inevitably be larger numbers of alerts requiring costly manual reviews to resolve. However, only a very small number of these alerts will result in suspicious behaviours requiring escalation.’

The discussion about money laundering – and 4IR’s potential to combat it – is a necessary one, because it’s a massive, worldwide problem. In SA, FICO’s 2019 Banking Survey found that the biggest driver of local banks’ financial crime strategies is concern for customers being the victims of financial crime, followed by damage to the bank’s reputation. There was, according to the survey, ‘minimal concern about regulatory fines’, with only 8% of SA banks concerned about changing compliance requirements. There’s a huge blind spot there, in which money launderers can – and do – continue to operate.

FICO VP of product development Gabriel Hopkins underlined the issue at the fourth annual FICO Forum Africa, held in Cape Town this past July. ‘Since 2011, there has been a robust discussion about the need for convergence in managing fraud while adhering to the regulatory environment within which financial institutions operate,’ Hopkins told delegates. ‘The reason why this has been a difficult goal to attain is that fraud and regulatory compliance functions are separate within institutions, and use separate technology platforms. This is now starting to change.’

That change, increasingly, is being driven by a more holistic financial crime approach, and powered by 4IR technologies such as AI and machine learning.

This article first appeared in JSE MAGAZINE