The ongoing war against Financial Crime
The cost of battle
According to a March 2024 study published by LexisNexis, the annual cost of financial crime compliance in EMEA totals an eyewatering $USD 85 Billion with costs having risen for 98% of EMEA financial institutions. The study sets out the key drivers of the staggering increase, pinpointing to:
- Increasing labour costs,
- Increasing technology costs - both network / infrastructure and solutions (eg. Know Your Customer (KYC)),
- The continued emergence and evolution of cryptocurrencies, real-time digital payments, and AI technologies as tools for illicit activities, and
- Trade-based money-laundering and financial crime threats in the supply chain.
Of course, these are just the ‘business as usual’ costs. On top of these, are the significant fines imposed by regulators around the world for anti-money laundering (AML) control deficiencies. In its report on the global 2023 fines, ComplyAdvantage provides a sector breakdown:
- Cryptocurrency – $5.8 billion+ in fines
- Banking – $835 million+ in fines
- Gambling – $475 million+ in fines
- Trading and brokerage – $194 million+ in fines
The report also outlines the top 3 violations that led to the fines, which it lists as:
- Inadequate Customer Due Diligence/ Enhanced Due Diligence,
- Failure to uphold sanctions, and
- Not submitting Suspicious Activity Reports (SARs).
All of these are fundamental and basic AML controls, so what’s going on?
Some firms are finding their processes are creaking at the seams as they try to keep up with existing regulations overlayed with, for example, new sanctions requirements brought about by the recent and evolving geopolitical turmoil. This situation is exacerbated where firms are reliant on manual, dislocated processes, or where key processes (eg. transaction analysis) are run on spreadsheets. Circumstances are compounded further if, for example, a firm’s transaction monitoring solution churns out a steady stream of false positives leaving teams overwhelmed dealing with the ‘noise’ at the expense of identifying, investigating and effectively escalating truly suspicious activity.
Siloed RegTech solutions are impeding the ability of firms to detect and prevent increasingly sophisticated fraud. Data that is locked away in functional solutions – for example, KYC, payments platforms, trade surveillance – hamper the ability to see patterns of suspicious activity, or to make connections in seemingly unconnected activities. The recent case in Singapore where two Ultimate Beneficial Owners were convicted on 349 counts of market manipulation, deception and cheating financial institutions demonstrates the increasingly complex nature of criminal activity. Their fraudulent activity involved a web of 187 trading accounts held with 20 financial institutions in the names of 58 individuals and companies.
Clearly, criminals and fraudsters don’t need to adhere to regulations. And increasingly, neither do they work in silos. In fact, criminal collaboration is a growing trend with offerings such as ‘Crime-as-a-Service’ enabling criminals to provide specific services to other criminals to fill gaps in the latter’s schemes.
The recent LabHost arrests demonstrates that even criminals without technical skills can buy services off the shelf online and use them to defraud their victims on an industrial scale.
If financial services firms are struggling to get the basics right, how can they hope to detect and tackle increasingly sophisticated and complex criminal activity?
Financial crime – the many-headed Hydra
Fighting financial crime does feel akin to Heracles fighting Hydra, the many-headed serpent of Greek mythology. The myth tells that as each head was cut off, it was replaced by two others. Certainly, no sooner has the industry found a means of tackling one aspect of financial crime, another new typology or variant emerges to take its place.
The answer, and as Heracles discovered, is to adopt a multi-pronged approach.
Foremost, is the importance of human instinct. Underpinned by our knowledge of our clients and our business, nothing can replace the gut instinct that tells us that something about a transaction, or the way a firm is handling a transaction, isn’t right.
There is, undeniably, an increasing need for solutions that enable firms to bring together disparate data for analysis and to identify suspicious activity. Aligned to this, is the use of generative AI as a ‘co-pilot’ to existing RegTech solutions adding firepower to analysis (eg. sifting through the sea of false positives). Some firms are already using generative AI for SAR creation to enhance both the speed and quality of output.
In partnership with strong and effective controls, is the importance of having an effective escalation channel and robust governance to act on the concerns being escalated, thereby ensuring that swift and appropriate action is taken, and a SAR raised.
If we look at the UK FCA’s quarterly whistleblower reporting, the combined data from 2022 and 2023 includes approximately 50 cases tagged as ‘AML’ and ‘Money Laundering’. This is in addition to cases escalated over the same two years that are more broadly categorised as ‘Compliance’ and ‘Fraud’:
- ‘Compliance’ cases are in the hundreds - 362 in 2022 and 424 in the data reported so far for 2023, and
- Cases tagged as ‘Fraud’ are also in the hundreds with 106 cases in 2022, and 133 in the data published so far for 2023.
So, worryingly, the FCA’s whistleblower data tells us that, in some firms, personnel are not being listened to despite serious financial crime issues being raised. A strong focus on building and nurturing a culture that welcomes and embraces feedback, and speaking-up when issues are identified, is key to the health of firms, alongside that of the broader market.
Success lies in strategic alliances
As the war against financial crime continues, future success lies in the partnership of human instinct and curiosity, with turbo-charged technology solutions.
Firms must also have in place effective escalation and governance to capture concerns, coupled with a speak-up culture that encourages and supports escalations. However, as the FCA’s whistleblower data demonstrates, the industry still has some way to go.
Incidentally, if you are curious to know how Heracles finally triumphed over Hydra, the story sets out the gruesome details. It’s not for the faint hearted as the story describes how, after Heracles cut off each head, he cauterized the fresh wounds and – with the final head and for good measure – he buried it under a heavy rock. However, whilst he eventually triumphed, this was only the second of Heracles’ 12 labours. And, not unlike our hero, the fight against financial crime continues.