As ACFCS ushers in 2018, we are talking with experts across the fields of financial crime compliance, investigations and technologies to find out what were the biggest trends in 2017 and what you should be ready for this year.
We asked these questions to David McLaughlin, the Chief Executive Officer of QuantaVerse, a compliance technology firm using artificial intelligence to boost the monitoring and analytical capabilities of financial institutions and corporations.
He noted that banks, and companies writ large, will likely have to worry more about the rising specter of cyber attacks and the increasing liability of anti-money laundering compliance professionals, who, in some cases, must sign their names to attest the accuracy of data, transaction systems and outcomes.
McLaughlin also made a claim some might find surprising: that with the right machine learning technologies, and teams at the helm, financial crime compliance teams could be revenue producers, rather than cost centers – allowing banks to re-risk, instead of de-risk.
How? He believes compliance teams armed with AI can allow their institutions to expand into new areas with a broader confidence that any bad actors will be caught – allowing the bank to move into areas previously unappealing to their risk appetite.
Here is an edited transcript of the conversation between ACFCS Director of Content, Brian Monroe, and McLaughlin.
What do you think were the biggest financial crime trends in 2017 and why?
I will take a contrary view that what you might hear. But you first need to break the question down into two parts. The first part of that is what is the criminal doing? In that area, one trend in 2017 is cybersecurity.
We heard a lot about cyber, a lot of instances of cyberattacks, specifically account takeovers in the cyber financial crime space and about stealing money or committing some sort of financial crime. Account takeovers and application fraud, communally was a big driver for folks in 2017 and it will continue.
The other answer to what were the trends in financial crime in 2017 relates to not just the criminals themselves, but pulling back and taking a look at the numbers: $1 trillion in bribes, $2.5 trillion in money stolen and laundered through the financial system. The means nothing has changed. We are still getting the same bad results.
So after all of this huge amount of investment in financial crime compliance, there is just a huge amount of crime going uncaught. I think that when it comes to money laundering and financial crimes, I believe the story out of 2017 is the greater conversation about why isn’t it changing. Why aren’t the slopes of these lines changing?
Another interesting development is in artificial intelligence (AI). Now, you can’t pick up a paper without it talking about money laundering, AML and AI. Three years ago, talking about this subject was like pushing a boulder uphill because it was not a part of the conversation.
How did the industry respond to those vulnerabilities, regulatory focal points or criminal tactics?
I think from the regulatory side, what we saw is the beginning of the ramp up of the individual accountability side of the enforcement equation. For instance, an example of that was FinCEN’s $250,000 individual penalty against the former compliance officer for MoneyGram. You also saw DOJ extend its FCPA pilot program.
Now, that is not in any way exculpating offenders or in any way letting them off the hook by self reporting. There is still individual liability for the person engaged in the reporting and the person responsible for the compliance program, the compliance officer. Authorities are finding those folks, that is something you saw in 2017.
The numbers are not great, but you saw a number of $10,000, $30,000 and $50,000 fines against individuals and bars from the industry for a number of years. Going after individuals is one way regulatory bodies are focusing on this and scaring individuals into compliance.
Also in 2017, you didn’t see a whole lot of huge fines. The Western Union penalty was among the largest [at nearly $600 million]. There were no $9 billion penalties, like BNP. But it seemed like there were a lot more smaller fines. The trend of more non-banks getting fined in greater numbers, but the fines not being as large, could keep up.
In New York, you see that coming into play with focus on individual accountability by [Department of Financial Services (DFS)] requiring a compliance officer or board to sign off on reports they are giving to regulators, called rule 504. If I am a compliance officer in New York and also seeing the federal government go after more individual accountability, I am scared. I would be a little concerned. That means if you sign this, and if the regulator finds something wrong, they will hold you individually accountable.
In 2017, there was also a bigger focus on Data. I think there is that emphasis, a process emphasis, around with data is going in to the transaction monitoring system, what the system is doing and what is coming out. The question is: are the processes in place to do that.
On this issue, I am a little different. Because compliance professionals should also be asking what they should be doing. Sometimes, we can lose track of what we are supposed to be doing – and that’s finding financial crimes.
Yes, you put in a process, an audit program to do it and reports and regulators. All that process stuff is great. But the only way a chief compliance officer can protect themselves is to find crimes.
But if law enforcement traces crime to your organization, they don’t care about process. And regulators will jump in on that crime. What folks can’t lose sight of is we need to do a better job of changing the focus on process and find these crimes, find the false negatives and lower the costs of investigation.
You will take so much risk off of your plate in solving the false negative problem. That is an issue that is not talked about that much. Even if you look at AI and Machine learning, nine out of 10 vendors are not talking about how to solve the problem.
What else do you think financial crime compliance professionals, regulators and FIs should be doing to better detect and prevent financial crime?
There are all sorts of layers to that question. As to the least granular, that is the culture question, a leadership question. In your institution from top to bottom, from the board down to those on the street, are they doing the work? Have they committed to: we are here to find crimes and protect our organization That is a cultural leadership question. That is also an important piece to get buy-in across the org.
Tactically, if you look at a list of 100 things organizations are not doing from a technology standpoint, it is not engaging the use of AI and machine learning. Those types of techniques and technologies have proven that they can find things that existing transaction engines missed. I have seen it here at QauntaVerse.
That includes things like identifying [North American Industry Classification System (NAICS)] codes and looking at types of companies that do business together. By using the technology, it can analyze transactions and conclude there is a transaction going on between two parties that it has never seen before.
Having that as a flag can cause the machine to go out and learn more about the parties it has not seen before to determine if the transaction is legitimate or not, such as determining if there is no economic validation about the transaction.
There are hundreds of those types of capabilities that only a machine learning type of technology can bring to the table. It’s nascent right now how the industry is using that technology.
What is an example you have seen using these technologies?
In just one example, we saw a transaction between a concrete company and a seed company. That is very powerful. In another example, a red flag was the flow of funds. In that case, the technology identified money flowing in the wrong direction between a casino and a computer manufacturer. There was no round tripping. None of the normal things to flag a transaction.
The flows looked normal, the sizes and velocity, but it was flowing from the computer company to the casino. Even if the casino bought a lot of equipment from the casino, the money should be flowing the other way. The system never saw the transactions flow that way before, so the alert was triggered.
There is also another really interesting example of this technology: alerts from evidence that there is no transaction. With existing legacy transaction engines, they look at existing transactions and existing entities.
But sometimes you can identify risk from a lack of information. That would include no transactions, such as between fishing vessels in Southeast Asia that don’t have payroll payments. That could be indicative of human trafficking and that the fishing fleet is using slave labor.
For instance, you see revenue coming in and transactions tied to fuel bills, but no existing payroll that matches what the fleet looks like. That could mean something illegal and illicit is going on. That lack of something that doesn’t exist, but should, is something this kind of technology can identify.
What do you think will be the big issues to tackle in 2018?
One area that could be big is using [initial coin offerings (ICOs)] to launder money or obfuscate fund flows. As ICOs grow, you will see a lot of fraudsters and criminals using ICOs as a way to launder money. Part of that is because it’s not clear if ICOs are securities, and if not, the regulatory oversight is not the same. We are going to see ICOs addressed from a financial crime perspective. That will be something that hits the headlines in 2018.
Lastly, do you have any tips to help banks maximize resources and better keep their teams strong in a time of tight budgets?
One of the first things is for the people running these financial crime compliance teams to realize that they, in a way, are a double hit to the bottom line – the first is the cost center of having a lot of people and the second is the de-risking of customers that are driving revenue.
I think what these organizations need to do figure out is how to use this technology to have a positive impact on bottom line in of the bank.
The biggest example of this is de-risking. If your compliance team is telling management they don’t need to de-risk because they can keep the bank safe. That means the bank can operate higher risk geographies and business lines and compliance doesn’t have to de-risk because that team is so good at finding criminality.
In that scenario, you have compliance telling the bank if you go into a market, I will find the bad guys and you can go into business with the good guys. Now, the compliance officer can say I am adding to the bottom line and adding value. That is also why I mentioned the issue of false negatives. If you solve that problem, which AI technologies can, then everything good happens.
About the subject:
David McLaughlin is CEO and founder of QuantaVerse, which uses data science and artificial intelligence to help institutions better identify financial crimes. He spent six years as a naval officer, starting in 1986 as an Ensign in the U.S. Navy and attending flight school in Pensacola, FL. McLaughlin is a graduate from the highly regarded TOPGUN program, and completed a combat tour in the Persian Gulf where he was awarded the Distinguished Flying Cross and two Air Medals for bravery in combat. Prior to founding QuantaVerse, David held senior executive positions with IPR International, NES Financial and SEI.