Anti-Money Laundering (AML) , Cybercrime , Finance & Banking
New Approaches to Solve the Age-Old AML Problem
How Banks Are Using Behavioral-based Controls and Detecting Malicious AccountsEveryone knows it is best to tackle a problem at the source. In the world of cybercrime, this is an accepted fact. Stop the criminals, stop the money laundering. It is a simple way to frame the problem, but the traditional ways of tackling it continue to fail across the industry.
Today, most banks focus primarily on transaction monitoring to detect money laundering. By definition, the approach is reactive as the moment a transaction is executed, the bank is already a step behind. It is like trying to navigate by looking in the rear-view mirror and completely missing the turn up ahead. At best, a bank needs just one transaction to act upon, but usually it will be several. It is well-accepted in the industry that transaction monitoring has major flaws, but huge regulatory fines have left no other option.
The current situation for addressing money laundering is also costly. Data from the U.S. Government Accountability Office (GAO) estimates that banks spend an average of $15 per new account on due diligence requirements and between 0.4% and 2.4% of operating expenses to address AML compliance. This makes sense when considering the AML/CTF programs in place, including Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) at onboarding and screening customers against long lists of PEPs and sanctioned people. When customers become active, there is Ongoing CDD, like transaction monitoring. Then, there are the large teams in place to support these processes. Legacy transaction monitoring controls rely on old rule-based systems leading to high false positives that keep these teams at work. The outcome: current AML processes are creating a huge operational burden.
The Forgotten Gap: Detect Money Launderers Before They TransactIt is logical to try to optimize transaction monitoring as that is what we know best. Can advanced controls or better rules lower false positives? Can machine learning assist analysts in making faster and smarter decisions when handling alerts? These are good and valid thoughts, but even a perfect transaction monitoring system will always detect money laundering after the first transaction, leaving banks stuck in a reactive cycle.
The other option is to shift to looking at account opening. CDD is becoming more scrutinized and EDD is executed more often, leading to increased friction and a lower genuine customer conversion rate. Yet, it is obviously not effective as we still suffer from money laundering. Criminals are clearly able to get through.
New ideas need to be considered to solve the problem. There is a detection opportunity being missed in what is a forgotten gap – the time between account opening and the first transaction. Money launderers carefully nurture their accounts. They are “matured” like good wine. The older the account is, the better, or in this case, the more trustworthy. Additional accounts are acquired from unwitting customers where criminals use legitimate businesses and convince unknowing victims to participate. From time to time, the account is checked to ensure it is still open and functioning. Before being used, the account is handed over to the money launderer.
These are only some examples of behavior that can be detected in online channels. Money launderers - and criminals in general - behave distinctively different from genuine customers. Using behavior to detect malicious accounts is highly effective, and there are numbers to prove it.
Several global banks are using behavioral biometrics to find malicious accounts proactively: before they transact. The number of accounts detected differ per bank, but it is not uncommon to uncover over 1,000 per month. Using behavioral-based controls has been extremely precise in detection, with up to 96% accuracy rates and identifying malicious accounts in 92% of cases before traditional AML and transaction monitoring systems alert the bank.
Remove the Means, Remove the ProblemWithout accounts, money laundering is impossible. A large Australian bank noticed this when they started hunting down money mules, using behavioral detection methods in their online channels. Eliminating mule accounts early helped the bank reduce fraud levels by 70%.
Your question might be, “That’s fraud and money mules, what does that have to do with money laundering?” Well, there is not an easy answer to that question, and the only way to answer it is if the high-risk accounts are kept open to see what they are up to. BioCatch data shows that 40% of the accounts are used for cashing out from online banking fraud, and the other 60% are used for money laundering.
It could be that the accounts harvested later are sold to fraudsters or money launderers, and that the destiny of an account is not decided at birth but rather later in life. The bottom line is that both fraudsters and money launderers have the same level of professionalism and experience that makes their behavior vastly different from genuine customers. Regardless of the story behind it, the data shows one thing clearly – AML can stay ahead and no longer needs to only be looking back.