By Idan Keret, Chief Customer Success Officer, ThetaRay

All evidence suggests that many changes made during the Covid-19 pandemic will endure. Legacy banks and financial institutions that were forced to digitize in order to survive Covid now face associated challenges. With much of their data in the cloud and a significant proportion of their workforce operating remotely, they are more vulnerable to financial crimes than ever before.

Since the start of the pandemic, financial criminals have found increasingly innovative and daring ways to profit from a rapidly changing online business environment for which most businesses were not adequately prepared. Legacy AML systems created for the pre-Covid reality were programmed using predetermined rules that no longer apply. In order to tackle the new reality and the new wave of financial crimes, we need new systems, built from the ground up.

Unbiased AI is the answer. Because it is intuitive, adaptable, and acts much in the same way as human intelligence, it can learn normal patterns and spot suspicious behavior in any environment without needing prior programming. In the complex world of AML, where it is virtually impossible to anticipate what tactics criminals will dream up next, unbiased AI will ensure secure banking and financial services in the digital age. So much so that even regulatory bodies are jumping on the bandwagon.

Irreversible changes

Covid forced banks into what Deloitte coined “a digital arms race.” Traditionally an industry rich in face-to-face interactions, banks began to spend billions on digital transformation to move in-house services online. In reality, Covid only precipitated a trend that had started prior to the pandemic.  83% of Generation Z consumers (born between 1997 and 2015) had expressed frustration with traditional banks and financial institutions before the pandemic and declared themselves as actively seeking alternatives. Since Covid, boomers (those born between 1946-55) have joined the fray becoming the fastest-growing demographic in the online banking space. Once customers have experienced the convenience of a digitized banking environment, they are unlikely to return to the old ways, even after the crisis is over.

As fintechs rapidly gain market share, traditional banks are continuing to innovate, recognizing that they must prepare for a future where most of their services are digital and much of their data will be in the cloud.

It’s a jungle out there – the rise in financial crime 

Real-time payments and app-based banking are great news for customers, but they are a headache for the banks. Sophisticated criminal groups take advantage of new technologies and rapidly-changing conditions to carry out increasingly daring and complex schemes. The financial services sector is 300 times more vulnerable to cyber-attacks than any other industry, and  74% of banks and insurers experienced a rise in cybercrime since the pandemic began.

The following factors further exacerbate financial crimes in this sensitive era:

FinCEN breach

The recent FinCEN breach supplied criminals with a goldmine of information to inform their nefarious practices. The leak exposed over 2,500 classified documents that banks had sent to the US authorities between 2000 and 2017. The contents of these documents included classified information about suspicious client activities. Unfortunately, the contents were leaked to Buzzfeed News, from where they were widely distributed throughout the world, revealing many of the international banking system’s most closely- guarded secrets. The more insider information criminals have, the easier it is to find new ways to breach banks’ security protocols.

Remote working 

According to IBM, 54% of organizations required remote work in response to Covid. Remote workers must access sensitive information from their personal devices – something that security systems were not designed for. Since the change to remote working happened so quickly and unexpectedly, many companies did not have the time to institute effective cybersecurity policies that deal with the weak points resulting from so many employees working from home.

BaaS 

The rise of banking-as-a-service (BaaS) has forced legacy banks to open up more application programming interfaces (APIs) for fintech and third-party app development. Banks and fintechs are increasingly granting third-party providers and fintechs access to their infrastructure and consumer data to develop new digital services. This gives criminals yet more potential access points to sensitive banking data.

Cyber-attacks on the rise

All kinds of cyber attacks on financial institutions have increased since the start of the Covid-19 pandemic:

• Ransomware attacks: up 35%
• Phishing attacks: up 35%
• Mobile malware attacks: up 32%
• Insider threats were up 29% since 2019
• Large-scale data breaches: up 273% in the first quarter of 2021
• Nearly 1.4 million reports of identity theft were received through the Federal Trade Commission (FTC)’s IdentityTheft.gov website in 2021
• Over 23,000 victims under the age of 21 fell victim to online scams in 2020, up 156% from just over 9,000 in 2017.

A broken system  

The rising level of online and financial crimes that are not intercepted reveal that something in the old system is broken. Most banks use some kind of AML solution but, as these systems were not designed for the current reality, there are flaws and inefficiencies which make them unfit for purpose.

Out with the old – Why first-generation AML systems are not up to scratch

AI and machine learning are dedicated to making computers mimic human intelligence using data and algorithms to find ways to let computers “learn” and perform tasks without being explicitly programmed to do so.

Harnessed in the right way, AI and ML can detect suspicious behavior more reliably and faster than humans can, freeing up time and reducing the burden on personnel. Using these technologies will help to clean up an industry that has become a principal target for cybercriminals, making it safer for institutions and customers and providing a stamp of assurance that the institution that deploys the solution has the capacity to deal effectively with financial crimes.

AI and ML are also good news for regulators who are increasingly exploring the usage of these technologies for themselves and recommending them for the industry as a whole.  As far back as 2017, The Head of Financial Crime at the UK Financial Conduct Authority (FCA), Rob Gruppetta highlighted AI’s potential to prevent financial crime and to improve anti-money laundering processes. Regulators are themselves adopting AI solutions to prevent financial fraud, detect and combat money laundering and terrorism financing, improve techniques for risk assessment and prevention, and make regulatory reporting more robust.

Flaws in rules-based AI systems 

Most of the AML solutions on the market today are rules-based. While they can undoubtedly churn through high volumes of data and flag up any problems faster and more reliably than a human can, this doesn’t mean they are effective at raising alerts for all kinds of financial crimes.

Significant shortcomings in the rules-based approach include:

Not sensitive enough

Rules-based AI will only flag up the problems they are programmed to spot in the rules that are fed to them at the start. For example, a typical rule might say, “any transaction over 10,000 USD should raise a flag.” While all the transitions that meet this criterion will be reliably raised, the system will completely miss smaller transactions, which may also be fraudulent.

Much of the fraudulent activity in today’s online environment includes repeated events involving small amounts of money. To try and capture these crimes, the system needs different rules. The same goes for other criteria, such as blocking transactions to certain countries, using customer data to select accounts for additional monitoring, and categorizing merchant accounts based on prior transactions.

In all these cases, knowing what to “tell” the system to capture every suspicious event and transaction is complicated. More so because criminals constantly try to reinvent and upgrade their approach to make themselves undetectable to AML systems. Many of the rules-based systems currently used were not designed for the current reality and the added layer of vulnerability in cloud-based digital banking. This means that many financial crimes fall through the net and are not detected.

Too sensitive

In a bid to try and capture more fraudulent activity, teams managing rules-based AI may be tempted to add more and more rules to the algorithm. This creates the opposite problem where too many alerts are generated –  the most widely used AML solutions in banks today raise as many as 95% false-positive alerts. Each alert must be investigated in case it is genuine, which means employing personnel dedicated to carrying out these investigations.  Much of their time and effort ultimately leads nowhere as so many alerts are false.

Banks today generate 400-600 times the volume of alerts than they did before the pandemic.

Hackability

It is not difficult for a determined criminal to work out the underlying rules that form the basis of the most commonly-used AML systems and find ways around them.

A changed and changing world

Most rules-based systems were created for the pre-Covid world and do not consider new realities (e.g., the mass shift to the cloud) or the fact that the fundamental behavior of the market has changed. As all kinds of cyber crimes have proliferated in the Covid era, it is clear that these older systems are no longer fit for purpose. They are based on logic and training that seeks to identify patterns that are no longer relevant. To have any meaningful utility going forward, rules-based models would need to be re-written, retrained, and recalibrated, which will be expensive and heavy on resources.

Fortunately, there is a better way.

Start with a clean slate 

To protect themselves in the post-pandemic reality, banks must recognize that banking of the future will be conducted primarily through web and digital channels and AML programs must be adapted to meet this change. This will undoubtedly involve modernizing technology and adopting new solutions.

Given the expense involved in recalibrating and redesigning rules-based AML systems to suit the new reality, it doesn’t make sense to rewrite legacy programs. Especially as everything might change again in a few years.

What’s needed is a much more versatile AML system – one that can adapt to current realities, whatever they may be.

Introducing intuitive AI 

A new branch of AI, known as intuitive AI, is presenting itself as the best solution to a rapidly evolving world. Intuitive AI is the result of years of academic research, and while not explicitly formulated for AML systems, its characteristics make it especially suited to the task.

Intuitive AI is based on unsupervised machine learning, which means that the way it processes data is unrelated to predetermined human rules and suppositions. Instead, it analyzes large chunks of data and “learns” for itself what is “normal” in the dataset. Because it derives its conclusions from the data itself and not from any information fed into the system by a human being, it can spot fraudulent activity much more reliably. What’s more, it can effectively adapt itself to changing realities. All it needs is the data set, and it will make its own conclusions.

Results speak for themselves 

The results of this technology in practice are staggering. Used in detecting money laundering, 95% of the alerts raised were genuine. Even better, these systems highlighted suspicious activities that a rules-based system could not detect because the crime scenarios were unfamiliar and could not have been known to the rule-makers.

Where to next?

Financial crimes are on the rise, especially in this new era of digital online banking. The best thing banks and financial institutions can do to protect themselves against fraud is forget about the past. What’s needed is a fresh approach to new problems and a new system that can cope with current (and future) realities. The solution already exists in the form of intuitive, unbiased AI, and the results achieved by these technologies in the battle against online fraud is incredible.

Innovation can be costly, and it can be a headache, but failing to innovate in a competitive and dangerous climate could be much worse. The new breed of AML tools can integrate with legacy infrastructure and allow banks to benefit from highly accurate fraud detection and virtually zero false positives from the get-go. The best practice is not to become paralyzed by over-analysis and inaction and start exploring these new solutions today.