The webinar, titled "Fintech solutions – the Next Frontier" took place on March 23rd. This one-hour session was creatively inspired by the "The Good, the Bad and the Ugly” film, and covered the compliance journey from the first onboarding steps, through customer data handling and onto transaction monitoring. The purpose of the webinar was to take AML and risk & compliance professionals through new technologies available to them.
The session kicked off with Alexander Verhoeven, ACAMS Netherlands Chapter Co-Programming Director and Head of Compliance & Risk at Pay NL introducing the theme and the speakers.
A deep dive into identity verification
Representing Mitek Systems was Mitek Systems Director of Sales and Engineering, Paul Boskma.
A significant component of the onboarding processes is identity verification. This is your first encounter with "The Good" customer where your job is to determine if a submitted document is legitimate and belongs to that person. This important step will also determine the future accuracy of the following compliance processes.
Using technologies like facial biometrics, computer vision and other AI, you will be able to not only speed up the process but also increase its accuracy.
The verification process includes:
- Capturing evidence.
- Verifying authenticity.
- Proving real-world identity.
Systems based on AI technologies add another layer of security for high-risk businesses dealing with:
- high-value transfers,
- account setting change,
- sudden activity.
The Bad: Understanding the full picture of account takeovers
Emilio Rocchi, Senior Solutions Consultant Fraud & Identity at Risks Solutions at LexisNexis, presented the concept of account takeovers and best practices of identifying "The Bad" user.
Account takeover consists of five steps:
- Compromised customer data like data breaches, targeting internal staff members, phishing emails.
- Password resets when only partial login credentials were compromised. This forces the fraudster to complete additional verification steps such as the new device, more resets, recent successful login and more.
- Reconnaissance sessions when the fraudster learns more about the user (the location, Proxy/VPN, banking industry device or user's login habits).
- Details change - enabling 2FA on a later stage gives a better chance of fraudsters succeeding.
- Collected so far data allows fraudsters to complete the payment with a newly created beneficiary.
Collecting customer information and scoping contextualized user profiles helps to detect behavioural anomalies and prevent account takeover.
‘Good’ users often have different personas related to the devices they use, locations, credentials and more. Also, individual profiles and business profiles have different personas. To detect "The Bad" it is crucial to determine all variables, collect all information and connect all data points. By combining data network with machine learning and metadata, it is possible to stop account takeover before the payment is settled.
Detecting financial crime through transaction monitoring
Sentinels' Head of FC/AML, Faisal Islam, discussed common misconceptions around handling "The Ugly" cases during the last stage of the compliance process - transaction monitoring. This is where the customer was verified and remained the same persona throughout the relationship, but we learn that those might not be the right indicators of good transactional behaviours. Based on this current understanding, what has identified a “good user” does not always translate to a good transaction.
"The Ugly" involves the most sophisticated criminals who are technologically advanced and have a very good understanding of the controls and measures compliance teams use. They have mastered the art of disguise.
Compliance officers often feel that they are trying to find a 'needle in a stack of needles'. This is often based on preconceived beliefs and methodologies. Unfortunately, this approach often is one of the reasons why transaction monitoring can often be found to be ineffective.
"It's not defensible if your program is cited for review."
The key, Faisal notes, is to combine your expertise with the right toolset to empower your work. Machine learning allows compliance experts to ‘teach’ the algorithm what to do by feeding it with data.
"A Machine Learning System is your own personal militia of infinite compliance officers."
AI can only bring measurable results if supported by a human brain. Compliance officers should be able to see and detect suspicious activities by using tools that visually show both good and bad patterns. A human expert is always required to make the final decision and take appropriate action.
As the last of the speakers, Faisal presented the key takeaways from the session:
- A good user does not always mean a good transaction.
- The context behind events always matters.
- AI technologies like machine learning are proving to be the most effective tools to balance the fight against financial crime at all levels.
The QA session and closing remarks followed.