Artificial intelligence has already made a significant, positive impact on the financial services ecosystem and we can only expect this trend to accelerate in years to come. AI has the potential to radically transform businesses but only if they deploy it with appropriate diligence and care. A 2020 report by EY and Invesco anticipates that AI will expand the workforce in fintech by 19% by 2030 as the industry stands to be one of the largest to benefit from the efficiency gains and innovation the technology can bring through operational optimisation, reduction of human biases and minimisation of errors in anomalous data. Alex Housley, CEO and founder of Seldon, further analyses the recent changes in the role of AI and the impact it is set to have on the finance sector in years to come.
Talent Shortage Within FS
According to a report by Bloomberg, listings for AI-based jobs within the financial sector increased by approximately 60% from 2018 to 2019. This demand for workers with AI expertise is not only seen within the financial industry but across a variety of other professional sectors, such as e-commerce, digital marketing and social media. The jobs market has had little time to respond, resulting in a shortage in access to talent. A study by SnapLogic found that whilst 93% of UK and US organisations are fully invested in the use of AI as a priority in their business, many lack access to the right technology, data, and most importantly, talent to carry these goals out. This ‘skills shortage’ is a major obstacle to the adoption of AI in business, with 51% of those surveyed acknowledging that they don’t have enough individuals trained in-house to make their strategies a reality. Machine learning can offer benefits in many forms and different businesses have varying needs. There is no ‘one size fits all approach’ when adopting and deploying AI, which can make it a costly process for many organisations not equipped with the right tools.
Fortunately, there is ample opportunity to enhance the responsibilities of numerous roles within their organisation or let employees get on with more strategic work. SEB, a large Swedish bank, uses a virtual assistant called Aida which is able to handle natural-language conversations and so can answer a trove of customer FAQs. This means customer service professionals have been redeployed to focus on complex requests and their more meaningful responsibilities. Even employees currently working within the industry are looking to broaden their skills to become more versatile across new technology-driven roles. In particular, financial services companies are looking to upskill their data scientists and analysts. They have the base skill set required and can do tremendously well with the right engineering support. Deploying artificial intelligence within a business’s infrastructure means it can take care of mindless, repetitive tasks and free up employees to focus on other, more rewarding parts of the business, maximising automation and cutting costs.
There is no ‘one size fits all approach’ when adopting and deploying AI, which can make it a costly process for many organisations not equipped with the right tools.
Enhancing Fraud Detection
One of the biggest use cases of artificial intelligence within financial services is fraud protection. With the rise of online banking and the exponential growth of digital payments, banks have to monitor huge swathes of transactions for fraudulent behaviour. This huge influx of data points poses major issues for the human brain but actually maximises the effectiveness of ML systems. We’ve seen significant growth in the use of deep learning, with most major retail banks now relying on machine learning tools to recognise and flag suspicious activity. To keep up with the pace of criminals and comply with stricter regulations, service providers have to look beyond traditional methods and implement hybrid strategies built around holistic understandings of behavioural and anomalous data.
Indeed, research by AI Opportunity Landscape found that approximately 26% of funding raised for AI startups within the financial services industry were for fraud or cybersecurity applications, dwarfing other use cases. This number is expected to rise as fraud detection and mitigation continues to be one the highest priorities for customer-facing organisations as consumers increasingly hand over their data in exchange for services.
Better Serving Customer Needs
Financial services companies are increasingly leveraging artificial intelligence to deliver tailored services and products for their client base. For those banks mining data effectively, AI provides the ability to serve customer needs across multiple channels, and in some cases to grow operations at an unprecedented scale. Tools such as chatbots, voice automation and facial recognition are just a few of the ways banks are using AI to streamline and personalise the user journey for their customers. Importantly, consumers are increasingly literate in automated services and their expectations are constantly rising as the technology improves, meaning organisations must constantly adapt or risk being left behind.
[ymal]
Chatbots and voice agents are also able to detect and predict changes in consumer behaviour, giving feedback on each interaction with a customer. All the results from customer touch-points are shared across the organisation, ensuring decisions and recommendations involving a human or machine are more intelligent and precise. Over time, these analytics mean businesses can make real-time decisions with their customers in mind, boosting engagement and personalisation.
In order to detect customer data from online purchases, web browsing and in-store interactions, banks must have AI in place to collect the data and automate decision-making. By adapting these technologies banks can connect their data, amplifying their offering effectively across all channels.
Continuous Adoption of Artificial Intelligence
Artificial intelligence and machine learning have already enhanced numerous capabilities for the financial sector, improving recommendations, customer experience, and efficiencies via automation. AI will continue to dominate different parts of the financial sector, and the acquisition of machine learning and data science talent will become the norm. A recent survey from the World Economic Forum attests to this, with nearly two-thirds of financial services leaders expecting to be mass adopters of AI in two years compared to just 16% today.
Acquiring the right talent to drive machine learning and AI in organisations will remain a challenge as innovation is focused in different areas and new technologies are being implemented. In lockstep with this will be the constantly evolving regulatory landscape surrounding adoption of AI in financial services as each side races to match and often contain the other. However, the multiple benefits that come from implementing AI and machine learning are clear, and it will be a key area of focus and growth for businesses within financial services over the next decade.
Yet last year, according to industry specialist GBG, over 18,000 fraud attempts were made against each UK retailer on average during the period between Black Friday and the January sales.
Sarah Whipp Head of Go to Market Strategy at Callsign argues that during busy periods such as Black Friday and Cyber Monday, businesses are under pressure to balance the fraud with customer experience, but they must be careful not to let the latter slip.
At the same time, banks have to foot the bill when it comes to a majority of this type of fraud, so they have a vested interest to not let their retail customers to get complacent when it comes to security.
Given the incredibly high volume of transactions over the coming weekend, and indeed the whole festive period, often merchants will accept that fraud will be higher than usual. However, they are often willing to take the hit because it will be worth it for the extra business as long as there is no long-lasting reputational damage. Indeed, the financial costs of fraud are now borne by banks as well as merchants and Black Friday fraud is a growing challenge for financial institutions.
This is set to change next year. With Secure Customer Authentication (SCA) coming in for merchants in 2021 they may be well advised to make hay now with a lower security bar. In the future they will need to make sure they have trusted merchant status and that they manage their pricing to take into account of SCA exemptions to have a premium user experience. Next year, merchants need to partner closely with issuers (banks) to manage this situation.
3D Secure could throw another spanner in the works for banks whose customers are online retailers that use it to avoid chargebacks. It can massively complicate treatment strategy as the payments are verified by the likes of Visa, Mastercard Secure Pay and Amex Safekey, therefore the liability is mainly with the card issuers and banks.
To deal with the issue, merchants should use agile IT systems to their advantage. For example, if a retailer’s system has the functionality to modify fraud appetite policy dynamically (including adding in extra fraud checks), then they may want to lower the bar initially to gain the maximum number of sales. Then, if they were to spot a high degree of fraud attempts they could ramp up prevention measures on the fly. Of course, the impact on the customer and the risk of possible reputational damage needs to be kept at front of mind at all times.
From the characteristics of MITC fraud arrangements to the tangible damage that such schemes can cause, below Jérôme Bryssinck, Head of Government Solutions at Quantexa, talks Finance Monthly through the options for fighting VAT carousel fraud.
Europol believes that missing trader intra-community (MITC) fraud (usually known as ‘VAT Carousel’ fraud) costs authorities around €60 billion annually. MITC is a highly sophisticated form of fraud which can be carried out due to the way that pan-European legislation means cross-border trade may be carried out VAT free. Due to the complexity of the schemes, MITC is hard to fight, and entire legal businesses frequently become unwitting participants in the carousel. Innovative technologies and new policies must be used to tackle this fraud robustly.
What is MITC fraud?
By its nature, the EU trading bloc enables the converging of regulations and standards and the removal of barriers to international export, in order to make trade within the bloc simpler and less expensive. MITC fraud works by taking advantage of the EU legislation around cross-border transactions- traders receiving services or goods from an entity in the EU do not have to pay VAT, as intra-community transactions are VAT exempt.
To create a ‘carousel’, a criminal will create or buy companies to acquire goods (let’s call them Company A in this example). These companies will next buy goods from a company in the EU (Company B). Company A will then purchase goods from Company B, with no VAT being due. Company A will then peddle these goods to a different company (Company C). This company could be a legitimate one, or a company managed and set up by the criminals. Here, VAT will be added to the sale price. Since the goods have been sold domestically, Company A must legally declare the VAT it has included on the goods, and pay this to HMRC. In the case of MITC fraud, though, Company A will vanish, and the VAT will not be paid. The goods will then be passed through many other companies which function as a buffer so as to complicate any potential investigation. Next, a company (Company D) will send these goods out of the EU and reclaim the VAT that was not in fact ever paid to HMRC. This loss of tax revenue negatively affects the provision of crucial public services for the country including education, policing and healthcare, and also increases the tax obligations of honest taxpayers.
[ymal]
How MITC fraud is being fought
Because millions of euros worth of goods are traded daily, it is hard to identify illegal activity amongst so much legal activity. Combatting VAT carousels is made more difficult by the way that member states need to coordinate across separate national borders. The data needed to investigate MITC fraud criminals will commonly be stored in different forms and will be owned by disparate regulatory or government bodies across the EU. In many cases, ‘carousels’ will already have dissipated by the time authorities realise criminal activity has occurred, allowing the criminals to remain unidentified and the money to have already been lost. Those seeking to fight MITC fraud are therefore unlikely to be able to act to prevent such crimes from being carried out.
Bettering our defences
Technology must be leveraged more effectively to empower tax departments to proactively tackle MITC fraud. A priority is to speed up the sharing and analysing of data at a European level. Data analytics technology should be used to better comprehension of the broader context of each individual company, so that tax departments build a bigger picture of the trades that are being carried out.
Technology must be leveraged more effectively to empower tax departments to proactively tackle MITC fraud.
Such technology would be able to identify anomalies and red flags, such as if a company with an annual turnover of €200K was able to order €2 million’s worth of goods. Under an improved system of data gathering and sharing, VAT information would be collated and interpreted by machines, and AI would be utilised to create risk models that would help improve the accuracy of identifying anomalous results. This information could be shared with a case handler, who would be able to act more swiftly to investigate criminal activity.
As well as this, each EU Member State needs to improve their operational and analysis capabilities. The pace at which each state reacts to the flagging of anomalous results needs to improve if action will be taken effectively. At present, many member states do not have the technical means required to enable them to bring together external data. Some member states must also grow the amount of information they are gathering from traders. VAT receipts, for example, could be collated in a machine-readable format which would improve data collection.
Next steps
VAT Carousel fraud has so far proved difficult for EU Member States to combat. If we are to prevent criminals benefiting at the expense of the taxpayer, we will need a pan-European, multi-pronged approach. The amount of information gathered and collated about company and trade accounts must increase, and we also need to make use of innovative technologies which will facilitate the garnering of actionable insights from the vast amounts of data collected. Only by enacting such a systematic approach will be truly be able to tackle this crime.
Chief executive of Westpac, Brian Hartzer plans to step down next week after the bank was sued by Australian regulators for an alleged 23 million breaches of counter-terrorism and money laundering regulations involving $11bn worth of transactions.
Controversy has also risen surrounding the $2.7 million payout Hartzer will receive, as confirmed by Westpac last week.
BBC reports that the majority of the infractions involved late reporting of overseas transactions, and the Australian Transaction Reports and Analysis Centre (Austrac) claims it has also linked several of the transactions to "child exploitation risks". Westpac, also the oldest bank in Australia, allegedly failed to monitor the accounts of an Australian convicted sex offender who had been sending money over to the Philippines.
The bank’s chairman, Lindsay Maxsted has rejected the notion that more board members at the bank should be axed and
The Australian government has described the reported breaches as “very serious” and the Labor opposition spokesman, Jim Chalmers, says the failures of Westpac are "nothing short of disgraceful.”
The protocol is designed to make sure that during a transfer, the name of the recipient exactly matches the name on the account receiving the funds. Intended to give greater assurance when it comes to transactions, CoP helps users to avoid directing payments to the wrong account.
It was then announced in 2019 that the name checking service would be delayed until March 2020 at the earliest. But given the security implications, Chris Stephens, Head of Banking Solutions at Callsign, asks: why has the deadline been pushed back?
After a consultation with groups in the industry, The Payment Systems Regulator (PSR) deemed the expected implementation deadlines “unachievable”. However, with the personal details of consumers at risk, banks are searching for various ways to address fraud to keep their customers secure. This is especially important given that in 2018, a total of £1.20 billion was stolen from the banking industry by those committing fraud. Justifiably, there has been a great deal of worry that this delay will leave consumers at risk of fraud. But many people are questioning whether its introduction will really help to reduce fraud levels, and if there are any other measures banks can be put in place to keep their customers money safe and secure?
Buy Affordable Paintings online in Dubai, UAE, USA and UK. Paintings, Art Rentals, Art Exhibition and Art Prints with Art Smiley. Sell International Arts Online. Get Connected to International Art Gallery, Artists & Art seekers.
While it seems like a logical way of combating bank fraud, putting the CoP scheme into practice will probably only work to a certain degree. A fraudster’s natural reaction to any such regulation is to improve upon their current skillset and work out a means to bypass the new security infrastructure and regulations. In the context of CoP, all a fraudster would have to do is set up a new account in the victim’s name to give the victim further confidence that they are transferring money to a “secure account.”
[ymal]
Another problem that can potentially arise is the idea that customers will become complacent when it comes to security due to the belief that CoP provides them with another layer of protection. Even though CoP will absolutely protect customers against crimes such as authorised push payment fraud, the scheme could leave them vulnerable to more advanced types fraud which are of far higher value.
In addition, almost every bank would have to implement CoP for it to be successful. While the decision to implement the scheme is down to each individual bank, The Payment Systems Regulator has said that Lloyds, Barclays, HSBC, Royal Bank of Scotland, Santander, and Nationwide Building Society, which together account for about 90% of bank transfers, must all have their CoP schemes up and running by March next year. Banks that don’t sign up to the scheme would automatically become targets in the eyes of fraudsters as they won’t need the details of the bank account to match the name of their intended target. Therefore, there would have to be a more collaborative approach from banks for the implementation of CoP to work.
While the decision to implement the scheme is down to each individual bank, The Payment Systems Regulator has said that Lloyds, Barclays, HSBC, Royal Bank of Scotland, Santander, and Nationwide Building Society, which together account for about 90% of bank transfers, must all have their CoP schemes up and running by March next year.
Regardless of when CoP will be introduced, there are other tools to help banking customers tackle fraud, such as dynamic authentication journeys, which requests that a user states why they are conducting a transaction and offer fraud warnings, that are very effective at preventing APP fraud. However, the logic behind these policies can be complex and they require constant monitoring in order to be kept up to date. Once the implementation of these dynamic user flows has been done, it also highlights the question about how the outcomes can be accessed by the third parties that leverage a bank’s Open Banking APIs.
To have any chance of reducing banking fraud, it’s crucial that financial organisations today use all the relevant information they have to generate a full picture of their customers. It is imperative that they utilise the data at their fingertips in order to safeguard their customers while still providing the seamless, friction-free service they demand. A customer’s digital presence will only be protected from fraudsters once banks look at all the elements of security as interconnected, rather than separate components.
By feeding data into a strong and dynamic policy manager that can be nimble and adaptive, banks will be better compliant and secure while at the same time provide robust user journeys that provide the right amount of friction when necessary. By having a more holistic approach to security, rather than focusing on single point elements, they have a far better chance of beating the fraudsters and allowing their customers to live their digital lives uninterrupted.
Below Marcin Nadolny, Head of Regional Fraud & Security Practice at SAS, explains more on the date push back and what this will mean for banks moving forward.
UK companies must be able to demonstrate that they are moving towards compliance from September 2019, but no enforcement action will be taken for 18 months. For the rest of the EU in general, the timeline is unchanged. However, national competent authorities have the flexibility to provide limited additional time to become PSD2 compliant (see the recent EBA opinion).
The big picture
But whichever country you’re in, it’s essential that companies recognise the urgency at play. In the new digital world, payment security is absolutely essential. The question now is not whether PSD2 compliance should remain at the top of the priority list. It’s how quickly companies can realistically achieve it. In a nutshell, PSD2 simultaneously massively increases the amount of financial data moving into banks’ systems while also making it mandatory that they run fraud controls on that data in real time.
As PSD2 ushers in the age of open APIs in finance, the traffic volume that payment processors will have to handle will be enormous. Consumers’ personally identifiable data will be at heightened risk, and we will observe increased malware attacks and data breaches via the newly created attack vectors. If businesses aren’t prepared for the change, it’ll be a fraudster’s paradise.
Is your organisation ready to cope with this new heavy traffic and identify fraudulent activities? It might be like finding a needle in a haystack. Fortunately, AI is coming to the rescue. Emerging technologies, such as predictive models, network analytics and anomaly detection, all have the power to increase your efficiency in finding and fighting fraud.
[ymal]
Real-time fraud detection
PSD2 is more than just a regulation. It’s the start of a major transformation for the payments industry. With the move to digital-first, open models, there’s an increased need to operate processes in real time – providing instant payments, for example – and that means that fraud prevention will need to move at the same speed.
Adequate anti-fraud protection is required by the regulation. Banks are expected to fill out certain tests as a fraud assessment, including reviewing behavioural profiles, checking known compromised devices and IDs, applying known fraud scenarios to transactions, and detecting malware signs. Analytics can help speed up detection, find suspicious behaviours and collate data points by ingesting new data sources. This builds a picture of "normal" behaviour against which banks can measure transactions.
At present, not all banks are applying all these anti-fraud measures. Some base their protection on simple rules and aren’t able to detect fraud in real time or stop transactions in progress. These abilities aren’t technically required by the regulator until PSD2 comes into effect. Real-time fraud prevention used to be a luxury – but now it’s a must-have. Banks must take the initiative to ensure they can detect fraud in process in incredibly short time frames.
Third parties enter the market
The other major change included in PSD2 is the arrival of third-party providers in the market. These nonfinancial companies, including GAFA (Google, Amazon, Facebook and Apple), e-tailers and fintechs, will be able to work as payment processors going between customers and banks. This means the banks have a much bigger traffic volume to handle and review for fraud. Legacy systems and processes simply can’t handle it.
In order to cope, banks need to have systems in place that are able to assess for fraud at huge volumes and in real time. Not only that, but transactions from third parties might come with limited contextual information. So, banks will have to enrich them with additional data on variables including digital identity, reputation and past behaviour.
AI applications will be essential to handle that ongoing enrichment at speed. Humans alone simply can’t process that level of information. So, it’s essential that banks invest in AI to augment the skills they have and lighten the load of compliance.
Managing the risk
The risk to banks posed by these growing data streams is not just in terms of payment fraud. There is also a heightened cybersecurity risk. New data flows and new payment systems present possible system back doors and new attack vectors that hackers will be quick to discover. By attacking third party infrastructure, malicious actors will be able to gain access to consumers’ personal data.
Addressing this problem is not the sole responsibility of the banks. But it highlights the level of risk associated with the increase in data volume and connectedness. Reputational damage and heavy fines are a very real possibility for institutions that don’t get their act together in time.
Compliance will require many changes to anti-fraud and customer identification processes. The technology required to handle this additional burden is out there. Banks must invest wisely and ensure they are fully equipped, whether next month or by 2021.
Yet according to PwC, this form of fraud is the second-most commonly reported economic crime in the world, ranking above bribery, corruption and even cybercrime. The question is – who should lead counter-fraud efforts? This week Finance Monthly hears from Laurent Colombant, Continuous Controls and Fraud Manager at SAS, to explore the ins and outs of procurement fraud.
Worryingly, businesses seem unclear on the answer. Our latest research report, Unmasking the Enemy Within, found there was no clear leader or common approach to procurement fraud prevention across businesses. Indeed, almost a quarter (23%) of business leaders have no clear owner assigned to the task or can’t say who is responsible.
Finance in the firing line
What’s not in question, however, is who’s held responsible for the damages that fraud inflicts. While CFOs might not be involved in day-to-day anti-fraud operations, they are frequently first in the firing line when procurement fraud is uncovered. In 2014, for example, Sino-Forest Corp CFO David Horsley was fined C$700,000 by regulators for failing to prevent fraud under his watch. Furthermore, he was permanently banned from being a public company officer or corporate director, and was ordered to pay $5.6 million to the company’s investors following a class action settlement.
While they are unlikely to coordinate fraud efforts single-handedly, 31% of companies place ultimate responsibility for fraud in the CFO’s hands - more than any other role. That’s hardly surprising, given that fraud has a direct impact on the bottom line, with over half of businesses (55%) reporting losses of up to €400,000 per year.
While we are not arguing that the finance department should be the command and control centre for anti-fraud efforts, it’s clear that the CFO has a crucial role to play in tackling procurement fraud. They are the ones who guide purchase decisions, who oversee risk management or audits and, ultimately, have the final say in what anti-fraud capabilities a company is equipped with.
Even so, it’s unfair to expect the finance department to shoulder the entire burden themselves. Just as IT security in the organisation is everyone’s responsibility, so too must accountability and responsibility for fraud be embedded throughout the workplace.
Invest for success - modernising the detection process
Yet there is much that the finance department can do to help uncover incidents of fraud – not least conducting regular audits. Around half businesses (46%) claim to hold regular internal audits, but many of these exclude procurement fraud from their remit. More worrying still, more than one in 10 (11%) organisations admit to either doing nothing to audit for procurement fraud or are unable to say what they do. A further fifth (22%) fail to audit for procurement fraud at all.
That one in three companies aren’t actively searching for procurement fraud, or don’t know what processes cover it, suggests a blind spot that potential fraudsters could easily exploit.
Finance needs to look at areas where existing auditing process are letting them down. When we look at how organisations deal with procurement fraud, 29% validate procurement applications manually while a further 30% rely on staff to inform them of any wrongdoing. Both carry a high risk of human error, potentially minimising or masking the true scale of the problem.
Ultimately, the buck stops with the CFO, which is why they should consider a new approach to auditing based on continuous and automated detection. This is only possible with a strong foundation of advanced analytics that assists investigators in pinpointing the needles in the haystack. A company’s ability to identify and prevent fraud rests, to a very great extent, on the good judgment of the CFO in selecting the right systems to prevent fraud from happening in the first place and deterring anyone with ill intentions.
Continuous, data-driven detection represents the best way to fight procurement fraud and identify errors, enabling companies to pre-empt signs of fraudulent activity rather than discover it after it’s taken place. This limits costs, saves time as well as reputation and prevents losses.
Yet only a small minority of organisations are using advanced analytics (14%) and AI (nine%) technologies in their anti-fraud efforts. The most common obstacle to adoption is the perceived cost of the technologies, but this could well be short-term thinking on the part of the CFO. While there is an upfront cost implicit in any implementation, an effective fraud detection tool will quickly make its money back in the losses it prevents and the monies it helps recoup.
The finance department should not be afraid to make the case for investment in the latest advanced analytics and AI solutions. Procurement fraud is too serious and too costly to make short-term capex savings in favour of the long-term ROI offered by analytics-enabled security. After all, the buck stops with them.
Here Syedur Rahman of business crime solicitors Rahman Ravelli questions the effectiveness of big fines and the likelihood of criminal prosecutions in the future.
Standard Chartered has hit the headlines for the size of the fines imposed on it on both sides of the Atlantic.
But behind all the big numbers and the column inches it is hard not to wonder if such a costly slap on the wrists is now being viewed by the big banks as nothing more than the cost of doing big business.
Standard Chartered has been ordered to pay a total of $1.1 billion by US and UK authorities to settle allegations of poor money laundering controls and sanctions breaching. It is paying $947M to American agencies over allegations that it violated sanctions against six countries and has been fined £102M by the UK’s Financial Conduct Authority (FCA) for anti-money-laundering breaches; including shortcomings in its counter-terrorism finance controls in the Middle East.
These fines had been expected. Standard Chartered said two months before the fines were imposed that it had put $900M aside to cover them. But this isn’t the first time that Standard and Chartered has had to pay out for its wrongdoing.
Seven years ago, it paid a $667M fine in the US. Like its latest US penalty, it related to alleged sanctions breaches. At the time, it also entered into a deferred prosecution agreement (DPA) with the US Department of Justice and the New York county district attorney’s office over Iranian sanctions breaches beyond 2007. That DPA would have expired by now but has been extended until April 2021 in the wake of the latest allegations.
Will this be the end of Standard Chartered’s problems and the start of a new allegation-free era? It is hard to believe so. But it is fair to point out that it is not the only bank to be hit by huge fines for wrongdoing and then be found to be repeating its illegal behaviour. Which is why it is hard to believe that fines are having any real impact on the way that some of the biggest banks function. If they are prepared to keep paying the fines and / or giving assurances about keeping to the terms of a DPA while reaping the benefits of breaking the law it is hard to see the cycle of behaviour changing.
Let’s be clear, any failure by Standard Chartered to abide by the terms of its DPA could see it facing criminal prosecution. And any bank’s weak approach to money laundering is now increasingly likely to be pounced on by the authorities. The Standard Chartered investigation was a co-ordinated multi-jurisdictional effort by the FCA, the US agencies and the United Arab Emirates. And while Standard Chartered’s full cooperation with the FCA saw it receive a 30% discount on its fine, relying on cooperation to gain a lesser punishment cannot be viewed as a safe approach.
The authorities around the world that investigate the activities of banks and other financial institutions are now more coordinated than ever. They have more legal powers than ever before and are unlikely to be reluctant to use them against those in the financial marketplace that come to be seen as repeat offenders.
There is no clear indication or evidence that the era of big fines may be about to pass or that the authorities are set to view convictions as a more effective deterrent to financial crime than hefty financial penalties. There may also be difficulties when it comes to corporate liability which, in the UK, requires proof that those involved in the wrongdoing are sufficiently senior to be considered the ‘controlling mind and will’ of the company.
But if fines continue to be ineffective in curbing the behaviour of certain banks it can surely only be a matter of time before the authorities rethink their approach to enforcement.
We are seeing an unprecedented shift in consumer spending habits. But this rapid growth is introducing new challenges. Fraud is rising, yet merchants are under pressure to deliver the seamless payment experiences that consumers increasingly demand.
Network tokenization is one of many technologies that online merchants are turning to in a bid to strike the right balance between high security and a frictionless buying experience.
But according to Andre Stoorvogel, Director of Product Marketing at Rambus Payments, we should not think of network tokenization as an optional add-on. Rather, it is a foundational technology enabling secure, simple digital commerce.
What is network tokenization?
With network tokenization, the payment networks replace a primary account number (PAN) with a unique payment token that is restricted in its usage, for example, to a specific device, merchant, transaction type or channel.
The question is, how is network tokenization different to existing third-party proprietary tokens?
The main (and crucial) difference is that network tokenization ensures that card details are protected throughout the entire transaction lifecycle. Non-network tokens don’t offer this end-to-end security, introducing weaknesses at various points for fraudsters to exploit.
Network tokenization also introduces improved credential lifecycle management to keep card details current, whereas proprietary tokens do not always have issuer permission to access and manage the underlying account data.
Finally, network tokenization opens opportunities for new, enhanced buying experiences across existing and emerging channels.
What are the benefits of network tokenization for online commerce?
To fully appreciate the unique value that network tokens bring to the payments ecosystem, we need to understand how they can address the key pain points for e-commerce merchants.
- Reducing the cost of fraud
We can’t get away from it. Online commerce has a fraud problem.
E-commerce fraud is growing twice as fast as e-commerce sales, with retailers set to lose $130 billion between 2018 and 2023.
We should not be surprised that one in two US merchants see fraud prevention as ‘an increasingly challenging task’. They are already spending $3.48 to combat every dollar of fraud (and this is set to rise with the global cost of fraud prevention increasing by 4% year-on-year).
And yet, the fraud rates keep on climbing. In a hyper-competitive industry where every cent counts, blindly throwing money at a problem is not a sustainable strategy.
The end-to-end security proposition of network tokenization significantly reduces the risk, and mitigates the impact, of malware, phishing attacks and data breaches. Put simply, tokenized card data is useless if stolen and for this reason, network tokenization should be the foundation on which a layered fraud management approach is built.
- Combatting false declines
Given the scale of the fraud challenge, merchants and issuers are understandably adopting a cautious approach. Transaction approval rates for digital transactions stand at around 85%, compared to 97% for in-store transactions.
This leads to a high prevalence of ‘false declines’, where a valid transaction from an authorized cardholder is rejected by the merchant. Often the cause is something simple, such as an outdated billing address, but the results can be incredibly damaging.
Globally, false declines cost merchants $331 billion. 66% of consumers stop shopping with a retailer after a false decline. Unnecessary declines outstrip actual fraud 13 times over. Most tellingly, US e-commerce merchants are losing a total of $8.6 billion to declines, compared to the $6.5 billion of fraud they are actually preventing.
Network tokens can increase approval rates to reduce instances of false declines. This is because card details are automatically updated and refreshed, making it less likely for an erroneous data point to raise a red flag. Also, tokenized transactions are inherently more secure so less likely to be viewed as risky.
- Enhancing the checkout experience
Despite the huge challenges posed by rising fraud, it is telling that 91% of merchants identify ‘minimizing the amount of friction introduced into the user experience’ as the main priority when evaluating their approach to securing payments.
Introducing additional friction into the checkout process, then, is a no-go. But as network tokenization reduces the value of the underlying sensitive data, it adds an invisible layer of security.
We must also remember that merchants want to focus on payment innovation, not fraud prevention. Network tokenization is more than just a security play, and can be used to enhance the buying experience.
For example, it enables consumers to see a fully branded card when checking out, rather than a mish-mash of starred credentials and the final four digits. This boosts recognition, familiarity and engagement.
It also enables payment details to be instantly refreshed when a card is lost, stolen or expires. Better still, it can enable consumers to keep track of where and when their payment credentials are being used. For example, card details could easily be push provisioned to merchant apps.
What is the industry roadmap for network tokenization?
Given the clear benefits, we are already seeing strong momentum for network tokenization for card-on-file transactions. And with EMV Secure Remote Commerce poised to debut in 2019, we can expect to see network tokenization extend to ‘guest checkout’ experiences.
There are options available for merchants and payment service providers (PSPs) looking to implement network tokenization solutions. For those with significant strategic resource, time and technical capacity, direct integration with the payment systems is an option.
Alternatively, for those looking to move quickly, qualified technology partners offer a fast-track to the immediate benefits of network tokenization (without the potential integration headaches).
Chris Laws, Global Head of Product Development, Supply & Compliance Solutions at Dun & Bradstreet, explains why the EU blacklist is an important tool to combat financial crime and will be welcomed by those responsible for the fight against money laundering.
The EU recently updated its anti-money laundering blacklist that names countries it considers to have deficiencies in tax rules that could favour tax evasion and anti-money laundering (AML) activities. The European Commission introduced the list at the end of 2017 and recently added ten new jurisdictions including United Arab Emirates, Oman and Barbados. The updated list has been rejected by governments within the EU, and now Brussels is being forced to review the list that was established to promote tax governance and prevent tax avoidance. The published objectives include ensuring transparency and fair tax contribution, and coupled with the 5th EU Money Laundering Directive, the list was viewed as a valuable tool in the fight against money laundering, helping to protect global organisations from the reputational and financial risk of illegal activity within their supply chains.
The recent debate comes after a year of high-profile scandals engulfed some of Europe’s biggest banks and Nienke Palstra, at campaign group Global Witness believes that “Europe has a major money-laundering problem”. While organisations such as the Financial Action Task Force – a group established 30 years ago by the G7 – were set up to combat fraud at an international level, previous list have excluded countries such as Panama, which recently hit the headlines relating to high-profile financial fiascos. With a rapidly changing landscape and increasingly sophisticated financial crime, having accurate information on country level risk essential to help businesses to identify potential illegal activity and take steps to mitigate exposure.
The Brexit effect
The UK’s National Crime Agency reported a 10% rise in ‘Suspicious Activity Reports’ (SARs) in 2018 compared to the year before, with specific money laundering reports increasing by 20%. The agency’s report came as London was accused of “acting as a global laundromat, washing hundreds of billions of pounds in dirty money from around the world” and the impending departure from the EU is likely to exacerbate concerns about illegal activity within the UK.
With continued uncertainty over trade arrangements post Brexit, UK-based companies looking at trading opportunities outside of the EU will need to evaluate the risk involved with working within other markets and complete comprehensive due diligence and take steps to ensure strict controls over transactions with countries flagged as posing increased risk. According to the NCA, Brexit will increase the number of opportunities for money laundering as foreign firms could potentially look to invest ‘dirty money’ in British businesses as EU AML agreements become increasingly uncertain.
Is technology the answer?
Despite the uncertainty, businesses can evaluate potential risks and limit exposure by implementing an efficient and clear risk management policy – and ensuring they have a transparent view of supplier and partner relationships. A robust compliance process is achieved through a combination of the right data and the right technology to support effective Know Your Customer (KYC) and Know Your Vendor (KYV) activities. A PWC report in 2016 looked at the ‘future of onboarding’ and suggested that technology provides a solution to accurate identification and verification, using technologies such as biometrics, blockchain and digital identification. The utilisation of artificial intelligence (AI) is increasing and can be a valuable tool to support compliance processes.
AI can be used to develop an informed and accurate compliance model, untangle an overwhelming volume of data and identify (and therefore reduce) false information in monitoring systems. Traditional tools and technology are simply not able to manage the increasing amount of data sources and the speed of change that artificial intelligence can process. AI systems can reduce the time spent on manual processes, allowing compliance experts to devote attention to more in-depth analysis of suspicious activity.
The ongoing fight against money laundering
The ever-increasing sophistication of criminal organisations and their ability to mask illegal activities poses a genuine challenge for businesses operating in high risk jurisdictions. It’s more important than ever to know exactly who you are doing business with and having access to details such as beneficial ownership and ‘People with significant control’ (PSC). With a recent survey suggesting anti-money laundering compliance costs U.S. financial services firms $25.3bn a year, it’s an expensive and very real issue that businesses need to take seriously.
Tools such as the EU blacklist can play a crucial role in delivering increased transparency to deter and identify illegal activity and to ensure an enhanced level of scrutiny of business relationships to mitigate risk. Using third-party data to complement a company’s existing data set can improve due diligence, and having the latest technology in place to analyse huge volumes of data could be key to avoiding exposure to regulatory fines and reputational damage.
In this Alux.com video we'll try to answer the following questions:
• Who is Elizabeth Holmes?!
• Who is Sean Quinn?!
• Who is Eike Batista?!
• Who is Bjorgolfur Gudmundsson?!
• Who is Allen Stanford?!
• Who is Bernie Madoff?!
• Who is Vijay Mallya?!
• Who is Adolf Merckle?!
• Who is Alberto Vilar?!
• Who is Manoj Bhargava?!
• Who is Olav Thon?!
• Who is Femi Otedola?!
• Who is Huang Wenji?!
• Who is Patricia Kluge?!
• Who is Ramesh Chandra?!
Below, Finance Monthly hears from David Worthington, VP, Payments at Rambus, on the growing obsolescence of cash.
According to the World Payments Report, compiled by Capgemini and BNP Paribas, the global volumes of non-cash transaction volumes grew by 10.1%, reaching 482.6 billion between 2015 and 2016. In addition, McKinsey’s recent Global Payments 2018 report highlighted an 11% growth generated by payments, which topped $1.9 trillion in global revenue.
A thread that runs through both reports, which helps to explain this combination of transition and growth, is real-time payments (RTP). How then are RTP – aka faster or instant payments – evolving around the globe?
Innovation in real-time payments
Many countries around the world are at various stages of implementing RTP, and challenges still remain.
In early October 2018, US Federal Reserve Governor Lael Brainard outlined the organization’s commitment to addressing current systematic issues limiting the growth of RTP. Summing up the challenge faced in markets around the world, she said, “faster payment innovations are striving to keep up with this demand, but gaps in the underlying infrastructure pose challenges associated with safety, efficiency, and accessibility.”
As a result, Brainard added, “we need an infrastructure that can support continued growth and innovation, with a goal of settlement on a 24/7 basis in real time.”
With established initiatives such as The Clearing House’s RTP system however, America is in a good position to accelerate adoption and implementation of faster payments.
Investment is not limited to America, though. Across the Atlantic, the TARGET instant payment settlement (TIPS) service has launched to increase the speed of euro payments in the European Union, settling payments in central bank money, irrespective of the opening hours of a user’s local bank.
In the Southern Hemisphere, it has now been a number of months since the launch of Australia’s New Payments Platform (NPP), and Reserve Bank of Australia Assistant Governor, Lindsay Boulton, has highlighted the government’s hesitancy to move services to the platform without it being firstly tested by industry. To encourage private sector interest in the scheme, a sandbox for developers to test APIs has been unveiled but there is clearly more work to be done.
But Capgemini is optimistic, expecting that NPP will drive non-cash transactions growth by not only enabling RTP, but also providing further value-added features.
Faster payments – faster fraud
These are just examples of two countries and global demand for faster payments is clearly going to grow. This growth, however, can provide the environment for increased fraud if new systems fail to learn from the problems experienced by previous implementations.
It is well known that where money goes, fraud follows. The ability to move funds quickly allows criminals to evade traditional checks like the identification of out-of-pattern activity, automated clearing house (ACH) block services and manual reviews.
There are various security approaches available to fight against fraud, but tokenization has already proved successful in protecting in-store and online card payments, with all the major payment systems, digital wallets and original equipment manufacturers adopting the technology.
By replacing unique sensitive information or data with a token, the risk associated with account-based fraud can be significantly reduced, fostering safe and secure RTP initiatives across the world.
