By Mark Gazit, CEO, ThetaRay.
25 cents used to be a pretty big deal. In 1938, a quarter an hour was the minimum wage! It was also the price of a movie ticket, and could fill up a car with a few gallons of fuel. But today? Most people won’t even bother picking a quarter up off the ground.
Financial crime likewise used to be much different. Back in the “Bonnie and Clyde” era, banks were still being held up at gunpoint by masked robbers hoping to get away with a bag of cash. But today? It’s far less likely that criminals will risk being arrested or shot by trigger-happy guards during robbery attempts. Why would somebody go through the trouble of knocking over a local community bank when he can just sit at home and hack his way into the largest financial institutions in the world?
Modern Bonnie and Clydes wonder: Would anybody miss a quarter?
Okay, a single quarter stolen from an individual customer’s checking account isn’t going to result in a bank being forced to close its doors for good. It’s equally probable that the victim wouldn’t notice their loss. But what if a bad actor were able to bypass the bank’s fraud detection systems and steal a quarter each from tens of thousands of accounts? Or millions? The damage would start to add up.
The reason it’s possible for a bad actor to accumulate so many micro transactions and still be very efficient on the back side is because financial crime is now financial cybercrime. Machines installed on the other side of the world can be used to literally run hundreds of millions of attempts in a short period of time.
At some point, even if customers didn’t notice, the bank would start to become wise to the plot and stop it. Unfortunately, there’s a problem at hand that’s much larger than the theft itself: What if the hacker is using the stolen money to finance human trafficking, terrorist activity or some other nefarious cause? Now, not only is the bank responsible for funding some of the worst possible crimes against humanity, but it has opened itself up to heavy legal sanctions and regulatory fines up to ten times greater than the amount stolen. Worst case scenario, the institution could be prohibited from making transactions altogether.
Could it really happen?
This isn’t a far-fetched scenario. In 2012, HSBC was fined nearly $2 billion for its lack of proper anti-money laundering (AML) defense and supervision. Drug cartels had been laundering money through the bank for decades — $880 million worth! The 2018 “Cartel Bank” episode of Netflix’s “Dirty Money” documentary series brought the story to the larger public, and HSBC is still working to recover its reputation.
A more recent example involves Australia’s Westpac, which was cited for breaching AML laws a staggering 23 million separate times. An investigation described the organization as “indifferent towards compliance.” Westpac had been warned of potential compliance failures, but either did not take them seriously or simply ignored them. The money was ultimately linked to countries deemed “high risk” by regulatory boards and, even worse, to convicted child sex offenders. If Westpac executives had realized the nature of these transactions, they surely would have done more to prevent them. But now it’s too late, and they are paying for it. Australia’s financial crime watchdog, Austrac, is seeking fines of $14 million per transaction. That adds up to $322 TRILLION. Westpac is also now facing a class-action lawsuit.
Finally, if those two examples aren’t depressing enough, there is the case of Aivar Rehe, the former head of Danske Bank in Estonia, who committed suicide after his branch was the center of a money laundering scandal.
How can it be prevented?
So yes, a quarter stolen or laundered by the wrong organization could put a bank in grave danger. But the good news is that advanced types of AI like artificial intuition can help prevent those events that human beings and traditional detection systems find difficult to identify. Artificial intuition in particular involves machines that can mimic the way that very experienced investigators work – even on 25 cent transactions. This creates a new world where this type of scheme becomes much more difficult for cyber criminals to conduct successfully, because banks can easily identify them.
Even the financial regulators understand the dangers of machine-based financial cybercrime and its ability to cause potentially catastrophic events. They are now encouraging financial institutions to use new technologies such as artificial intuition to combat AI-based crime, warning that banks will no longer be considered faultless in money laundering cases, even if they’ve met the legal definition of “compliant.”
It’s time for the industry as a whole to step up and embrace the technology that is at their fingertips, rather than continuing to rely on antiquated methods of fraud monitoring and compliance maintenance. If not, who knows which bank will be the next one connected to the cartel or facing a trillion-dollar fine?