Technology shows us once that tech build for good people can be harnessed by bad actors. Experts talk about how criminals are operating, and what you can do about it.
As a system administrator for a financial company, I am often required to take compliance courses as part of my job to learn about system threats and appropriate procedures. One course I recently took covered money laundering (and I was pleased to see a car wash used as an example in the course, an obvious nod to “Breaking Bad”).
I learned that the process of laundering money involves three steps: placement, layering and integration. Placement is when the “dirty” money enters the financial system, layering is when the source of the money is concealed via transactions and accounting/bookkeeping manipulation, and integration is when the “clean” money is withdrawn or used, having been successfully sanitized.
Money laundering and technology go hand in hand, sadly, and I discussed the topic with industry experts Gudmundur Kristjansson, founder and CEO at Lucinity, an artificial intelligence-based anti-money-laundering solutions provider, and and Zac Cohen, COO at Trulioo, an online identity verification service.
Scott Matteson: How is technology being used for money laundering efforts?
Gudmundur Kristjansson: Money laundering begins when illegal sums are deposited in a bank, which triggers a complex sequence of banking transfers or commercial transactions (layering) that return the money to the launderer in an obscure and indirect way (integration). It can be challenging to detect because of the sophisticated layering techniques used to mask parties and layered transactions. The transactions move the money through layers of agents, companies and financial institutions, making their owners hard to identify.
As fraudsters get more sophisticated and evasive, so must anti-money laundering tools. Banks are spending around $40 billion each year on the fight against financial crime. But looking at the $2 trillion laundered each year, $40 billion pales in comparison. The only way to break the paradigm and, frankly, catch up is to harness the latest and greatest technological advancements.
Zac Cohen: Fraudsters have gotten more sophisticated in taking advantage of advances in technology and the burgeoning digital economy to perpetrate money laundering activities. Online marketplaces can be used to conduct money laundering since perpetrators can feel that their activities will go unnoticed due to huge transaction volumes processed on those platforms.
Developing technologies and the emergence of alternative finance have also been taken advantage of for nefarious purposes. For instance, cryptocurrency exchanges have provided a new avenue to launder money. According to Chainalysis, $2.8 billion in illicit funds were laundered in 2019, up from $1 billion the year prior.
It’s vital for exchanges to implement protocols that adhere to Know Your Customer and Anti-Money Laundering that shut out bad actors with nefarious intentions and safeguard legitimate users and enable them to transact safely and securely.
Scott Matteson: What are some signs or symptoms to be aware of?
Gudmundur Kristjansson: Money launderers are skilled at hiding in plain sight. Rarely a single transaction or actor is evidence of money laundering, but rather a network of interlinked transactions conducted between members of a money-laundering scheme. In this sense, the signs of money laundering become more difficult to detect through “rules” applied at the transaction level. At Lucinity, we employ graph technology and behavioral AI to detect illicit networks by analyzing many data points around actors, transactions and networks to draw out suspicious behavior commonly conducted by money launderers.
Analyzing multiple data points in context to the actor involved and his characteristics allows our bank partners to detect more complex crime and uncover illegal activity networks. This is necessary as launderers continually increase the sophistication of their methods.
Zac Cohen: For marketplaces, for instance, signs or symptoms of fraud that can point to money laundering schemes include unusual user behavior.
Additionally, synthetic identity fraud has become more prevalent as bad actors use leaked personal information from real individuals and combine it with fake information to make purchases or open credit cards.
Monitoring and documenting user behavior and then analyzing it with artificial intelligence and machine learning is important to recognizing nefarious activities. It’s also important to stay vigilant when it comes to verifying individuals online. For example, a user who can’t complete dual-factor authentication or has no other verifiable attributes that can authenticate they are a real person deserve further scrutiny.
Scott Matteson: Who is engaging in this activity and how successful are they?
Gudmundur Kristjansson: Over $2 trillion are laundered through the financial system every single year. Money laundering has become a lucrative criminal enterprise involving sophisticated actors that operate similarly to large transnational companies. The flow of money through the enterprise requires a series of layering steps that attempts to reinforce the legitimacy of funds by transferring funds through seemingly benign actors, such as law firms, merchants or individuals. Looking at the fact that less than 1% of the proceeds of money laundered through the financial system are caught, it is hard to argue against the launderers’ success. The way to move forward is to employ new technologies and make it harder and more expensive to launder illicit gains.
Zac Cohen: Money laundering is typically the result of individuals wanting to hide the source of their income, or that any income exists at all.
According to the United Nations Office on Drugs and Crime, the estimated amount of money laundered globally in a single year is 2% to 5% of the world’s GDP, roughly $800 billion—$2 trillion in current U.S. dollars.
Scott Matteson: What should companies be doing to address this?
Gudmundur Kristjansson: Banks have been put at the center of the money laundering picture by regulators around the world. There is a tremendous amount of ambiguity in regulations, and when that is compounded by legacy technology, banks are put in a difficult spot. Banks are trying. They are spending around 3% of revenues on the fight against financial crime, but outdated technology and legacy systems lead to a large part of that money being spent in vain.
Investigative journalists, such as the International Consortium of Investigative Journalists, have pointed out flaws in the system. These flaws can in large part be traced back to the lack of overview inside the banks. The technology to possess a central overview of customers from a risk perspective has not been available until now. Lucinity and Neo4j are changing that.
Zac Cohen: Regulations (and best practices) stipulate a variety of AML policies that aim to ensure appropriate due diligence on vendors, third parties and other stakeholders they intend to work with. Often it is most effective to work with a technology partner that specializes in helping organizations securely verify and authenticate everyone who is transacting on their platforms.
Scott Matteson: What sort of technological controls should be in place to protect against this?
Gudmundur Kristjansson: At Lucinity, technology is always at the forefront of understanding our clients’ most challenging problems. Financial institutions can utilize graph databases to find patterns and behaviors between transactions and quickly identify money laundering efforts. We use Neo4j’s Aura Enterprise product, which allows us to leverage the full power of native graph technology in the cloud to find and predict fraud patterns and deliver the latest analytical and AI techniques to our clients.
Scott Matteson: Can law enforcement or government do anything to assist?
Gudmundur Kristjansson: The U.S. anti-money laundering protections need to be overhauled. The recent FinCEN Files investigation triggered a slew of regulatory adjustments, and it appears change is forthcoming.
Significantly, the FinCEN Files provided a final push in Washington, D.C., for passage of a meaningful new law aiming at one of the most effective money laundering tools: anonymous shell companies. The legislation passed with overwhelming bipartisan support and required many of these secretive American companies to disclose who owns them and who profits from them. This legislation, named the Corporate Transparency Act, marks the most substantial revision to anti-money laundering laws since the Patriot Act in 2001.
Zac Cohen: Putting in place AML/KYC controls that verify individuals can help companies protect their user base and ensure legitimate activities are carried out with no disruption.
Most critical to these efforts is technology that helps identify an individual upon their initial interaction and account opening with the service provider. Today, this often happens via mobile devices, meaning organizations can tap into traditional identity verification tools as well as other fraud prevention techniques like geolocation data, device information, and direct connections to global mobile network operators.
Biometrics have become an important data point, as well. Taking a selfie (demonstrating you are who your scanned identity document says you are) is an important part of a robust approach to verification and authentication to combat fraudsters.
Scott Matteson: Where is this trend headed?
Gudmundur Kristjansson: One of the key trends in the fight against financial crime is a step-change in the conversation. Banks show a willingness for direct responsibility, showing investors, employees and customers that they take the problem of money laundering seriously and look at excellence in AML as a potential competitive advantage. Banks want to make money good.
Zac Cohen: Regulations are evolving, and they differ across jurisdictions, making it a challenging matter in an increasingly borderless world.
In the United States, the Bank Secrecy Act is the primary U.S. AML law. Adding to this, the Anti-Money Laundering Act 2020 was passed in the Senate in January 2021 with a full set of regulations set to be detailed by the end of the year.
The commonality is that these latest sets of reforms set to come into effect address advances in technology and involve stricter penalties for violations, among other measures.
In short, it’s critical for businesses to adhere to the AML requirements in the regions they operate in, but it’s also important to keep an eye on what compliance measures are being introduced in other geographies to understand best practices and stay vigilant.
Cybersecurity Insider Newsletter
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays