Given the rapid growth of digital technologies in financial services, the most effective way to defeat financial criminals today is to ‘follow the data’, says SWIFT’s Heather Lee.
Despite the old saying, the latest statistics suggest that crime really does pay. In fact, it’s one of the world’s biggest businesses. The World Economic Forum estimates that the proceeds from illicit activity account for between 2% to 5% of global GDP. That impressive performance puts the world of crime somewhere between Canada (10th place) and Germany (4th place) in terms of global economic power.
Unfortunately, less than 1% of that turnover is ever seized or frozen by law enforcement agencies. That places industry regulators and financial institutions under pressure to find ways to make it more difficult – if not impossible – for criminals to use commercial networks to move and manage their ill-gotten gains.
Combatting crime is a pricy proposition. But failing to take effective steps can also be expensive. Ernst & Young (EY) recently pointed out that more than USD 28 billion in fines have been handed down for money laundering and sanctions violations since 2008.
While many financial institutions (FIs) are struggling to contain compliance costs, they also face increasing customer expectations in terms of speed and convenience. The Covid-19 pandemic has accelerated the pace of digital adoption, especially in Asia Pacific where mobile penetration rates are high. Customer expectations are evolving to include banking experiences that are instant and personalised.
This has forced institutions to consider a trade-off between being cautious and potentially slowing down transactions, and being extremely fast but running bigger risks. It’s a fine line for banks to walk, and finding the perfect balance can be a delicate process.
Follow the data
People used to say that the key to winning the battle against financial crime was to follow the money. That’s still true … sort of.
Knowing who is sending and receiving money is still vital. On the other hand, given how quickly digital technologies are transforming the entire FI landscape, today the most effective way to defeat financial criminals is to follow the data.
This is easier said than done. Industry players and regulators face four major challenges when it comes to making the most of transaction data. They are:
- Data quality: Poor data quality is a significant source of inefficiencies, friction, risk and costs, both in payments and the capital markets. It also limits the adoption of advanced analytics practices which are hungry for access to high volumes of high quality data.
- Data accessibility: Keeping data locked in silos scattered across different banks, market infrastructures and data providers makes it extremely difficult to combine data sources, share insights and build aggregated and consolidated views.
- Data analytics: Real time analytics can enable the next generation of smarter, data-driven applications. Yet, due to a lack of skills or resources, advanced analytics remains inaccessible to a large number of players.
- Data protection and privacy: Increasing cyberattacks and new regulations designed to strengthen consumer privacy are turning up the heat on this already hot topic. It remains a primary factor inhibiting the kind of analytical collaboration and data sharing needed to support an improved, joint-industry response to threats such as cyber-security and financial cyber crime.
Quality always counts
In recent years, the techniques for detecting different types of financial crime have evolved in lockstep with the tactics of cyber attackers. Banks now commonly use a variety of solutions – from data analytics to research and information sharing – to detect phishing activity and identify mule accounts.
Furthermore, the adoption of the new ISO 20022 messaging standard will enable a single standardised approach to be used by all payment infrastructures. That will help to increase the quality of available data.
Making data both richer and more structured offers huge advantages in financial crime prevention, enabling institutions to conduct more precise detection. Increased accuracy also reduces the noise created by false positives, which is one of the biggest downsides and drivers of cost.
Of course, there are other inefficiencies which require a rethink or optimisation before institutions can move to a more instant and frictionless paradigm. But data quality is a major hurdle for institutions interested in improving compliance and laying the foundations for the advanced analytics required to fight fraud or detect money laundering.
What you need when you need it
Before you can use data to fight crime and ensure compliance, you first need to collect it from different sources and translate it from different formats. That includes data published by the regulators regarding sanctioned entities, and data about potentially suspicious accounts that may be shared by other financial institutions.
There is plenty of useful information out there, and timely access can prevent or detect a fraudulent payment before it is processed, or allow a payment to be recalled after it has been sent. At the moment, that data is still very much dispersed across the industry, so it can’t easily be leveraged for automation and real-time action.
Analytics in action
The third data element is analytics. Or, more accurately, making full use of the latest analytics tools to meet regulatory requirements and reduce the risk of crime.
For instance, new technologies, such as supervised or unsupervised machine learning, can add a new dimension to detection and prevention capabilities. Rather than simply being able to detect the known fraudulent patterns, such systems actually learn by themselves and adapt to anything unusual. This doesn’t mean that the traditional methods don’t work – in fact they are complementary.
Combining multiple approaches creates a better picture. The more questions you ask and the more analysis you do on the data, the more accurate the outcome.
While instant payments solutions have improved customer experience, they also highlight the need for more robust financial crime compliance measures as cyber threats become increasingly sophisticated. This is where the deployment of real-time analytics solutions, which allow for close to real-time detection of suspicious activity, come into play.
SWIFT has already rolled out Payment Controls – a solution that makes it easy to mitigate fraudulent attacks by detecting and preventing high-risk payments and supporting recovery. It combines real-time monitoring, alerting and blocking of sent payments with independent daily reporting.
Defending valuable data
Sharing data has obvious advantages. It is far more difficult to hide criminal activities like fraud or money laundering if the entire data pool is available to be scrutinised and acted upon. But enabling such free access also creates a new challenge – that of making sure all information is fully protected at all times.
Complying with data protection regulations means the financial services industry has to find and implement new ways to securely manage data during financial crime checks to safeguard personal information as well as sensitive transaction data. Without confidence in the safety and privacy of data, encouraging the free exchange of information among industry players is virtually impossible.
The regulatory environment around privacy and data protection is complex and it varies significantly across geographies. New privacy enhancing technologies could play a role and help facilitate industry collaboration without compromising the information of any individual or institution.
Cutting costs and accelerating innovation
The next few years will undoubtedly see significant investments being made to improve data quality, especially around the implementation of ISO 20022. Sitting squarely in the middle of the global financial infrastructure, SWIFT aims to play a key role in streamlining the exchange and consumption of data within the FI community. For example, we recently announced a strategy designed to transform payments and securities processing, retool cross-border infrastructure and deliver instant and frictionless end-to-end transactions.
Our goal is to build rich, ISO20022-compatible data services around these capabilities while ensuring backward compatibility with legacy formats. They will include pre-validation services aimed at detecting data quality issues early in the process, specifically around beneficiary details. In fact, some of these services are already available and making a difference for customers.
At the same time, SWIFT is making data sharing easier and faster by rolling out a library of API standards. Banks have traditionally offered their own distinct APIs. Not only do merchants and fintechs have to adapt to different data structures, workflows and security considerations for each API, they faced added complexity, cost and longer implementation time. SWIFT is working with the community to create standardised APIs that eliminate a lot of that overhead, and speed up the rollout of new services while reducing incremental investment.
In terms of analytics, SWIFT is working hard on moving from batch to real-time data collection, processing and distribution to support compliance in real-time transactions.
However, there is more to data-driven compliance than simply improving performance and cutting costs. SWIFT’s new approach will also accelerate innovation and pave the way for financial institutions to transact in an instant and frictionless manner with their correspondents and customers, whilst reducing their risk of becoming victims of crime.
Heather Lee is part of the Financial Crime Compliance Strategy team at SWIFT and has worked in the FCC industry since 2014