Financial institutions and businesses must ensure they don’t accidentally help criminals, but what features are most important?
The year 2020 set a record for global anti-money laundering fines. Authorities handed out around $706m, topping the previous year’s record of $444m.
The fact that AML fines keep rising year on year points to the challenges faced by financial organizations. Despite increasing efforts and investment, large banks are still unwillingly helping financial crime, as shown with the largest money-laundering scandal of Danske Bank in 2018.
The last thing you want to do as a business is to accidentally support money laundering. Not only might the funds come from organized crime, prostitution rings, human trafficking, or terrorism but, ethics aside, you could land your entire organization into hot waters due to crippling anti-money laundering fines.
Protect your business with SEON’s advanced real time fraud fighting tools to keep your business secure
Book a Demo
The Basics of Money Laundering
Criminals who acquire money through illegal means want to ensure the funds cannot be traced back to them. The process, known as money laundering, usually involves running the money through a legitimate business. This can be a cash-based brick-and-mortar shop or an online operation.
There are three steps involved in money laundering:
1. Placement: The dirty money is placed into the legitimate financial system.
2. Layering: The money is concealed through transactions and bookkeeping tricks.
3. Integration: The money is now laundered and withdrawn from a legitimate account by criminals.
Do You Really Know Your Customer?
Risk assessment is a broad term, which encompasses any effort to calculate how likely a customer is to break laws in the future. It is one of the pillars of an AML check. But it’s not enough to know a customer.
This is why KYC, or Know Your Customer, is a series of checks that can also help gather information about your users’ identity. It’s a mandatory process for financial institutions and can also help with AML when it’s used specifically to prevent terrorism financing and other financial crimes.
Why Is AML Software Important?
There are many reasons for companies to implement AML software but the main plus point is to increase efficiency when handling a higher volume of transactions. With machine learning and velocity rules, a business can easily automate transactions with no human input by scanning multiple data sources to lower the need for manual reviews.
As society has only further headed towards the digital age, money laundering activities continue to increase as fraudsters gain access to newer technologies and develop new techniques.
Furthermore, AML software can remove risks surrounding compliance. Whether you are a crypto exchange, a neobank, or a traditional financial institution, it’s your duty to be aware of and to follow AML regulations. While there are different levels depending on your vertical, the core rules to follow include:
- AML holding period: A recommendation that funds deposited in an account must be held for a minimum of five trading days.
- Reporting suspicious activity: Businesses must monitor customer deposits and transactions. Large sums, especially those exceeding $10,000, must be given extra attention by verifying their origin.
- Educating about AML: The responsibility of letting customers know about AML laws falls on the shoulders of the business.
- Logging financial information: Businesses must keep extensive records which can be used to investigate suspicious financial transactions.
- Customer due diligence: Knowing who your customers are through extensive KYC verification checks is also the business’s responsibility.
The Challenges of AML Solutions
The biggest controversy surrounding AML is whether it’s effective at all. While heavy fines are so large that they can destroy a business, there is little evidence that the current approach helps to catch terrorists, criminals or insiders who abuse the financial system. This has been highlighted in several reports as well as opinion pieces in recent years, including in The Economist and on Reuters.
And still, financial institutions must employ sizable teams of staff and consultants to help with transaction monitoring, even when it’s automated.
This is in part because of the ever-growing complexity of payment streams (ecommerce, increase of online volume, virtual currencies, prepaid cards), which, coupled with an increase in more sophisticated attacks, is causing a real headache for larger businesses to stay ahead of fraudsters.
The main challenge, however, isn’t necessarily in deploying the right team of resources to prevent money laundering. It’s about the friction that these checks create for customers.
This is particularly damaging for neobanks, whose entire business model relies on quick and painless onboarding via mobile or desktop. Throw in too many ID verifications and questions, and your potential customers might just turn elsewhere.
It doesn’t matter if you use in-house tools or third-party companies like Onfido (as does Revolut); the AML solution is stacked on top of already heavy regulations regarding customers’ identity in the form of KYC or PEP and Sanctions checks.
Can You Trust Your AML Solution Data?
Another constant worry: What if you are diligent in your AML checks but accidentally miss some falsified information? Many developing countries don’t have bureaus for ID information to reliably perform checks with.
Real criminals, moreover, have every incentive to hide their IDs from you. And there is no shortage of options for them to build fake profiles.
1. Criminals acquire stolen ID scans from the deep web.
2. They open bank or neobank accounts as “drops”.
3. They deposit money in these accounts and withdraw to P2P money transfer apps or crypto exchanges.
4. The funds are “tumbled”, i.e. moved across multiple accounts so they become untraceable.
Understanding these steps helps to highlight where the challenge lies for financial institutions. The onboarding stage, where you collect all your customer information, is the stage where money launderers will work the hardest to fool you.
This brings us to the topic of AML tools you can put in place within your organization.
What Connects AML and Fraud Detection?
Essentially, AML compliance and fraud detection efforts require the same checks. You must ensure you can confirm your user’s identity, and flag any suspicious activity, both at the onboarding and transaction stage (deposits and withdrawals).
This is why a continuous detection solution like SEON’s can help simultaneously with anti fraud and anti money laundering.
Common Types of AML Fraud
Whether you’re a traditional financial institution, a neobank, or a crypto exchange, the onboarding process is where you’ll need to be smart about checking data. And it’s also your duty to go above and beyond the obligatory KYC regulations.
Fake IDs / Stolen IDs
Stolen IDs that come from data breaches are often bought in bulk on the darknet, as well as information to create fake IDs, sometimes candidly advertised as full packages designed to enable you to open online bank accounts. Fraudsters also go to great lengths to acquire personal data via phishing, fake job openings, or plain old hacking.
If you want a drop account, you also have the option to purchase pre-created neobank accounts for your fraudulent needs. Just find one on the darknet and buy the login details from a seller.
Synthetic IDs, meanwhile, combine real and fake personal data. For instance, fraudsters often use stolen ID details from children with clean credit records and use them for loan fraud.
With real credit information, it’s extremely easy to create fake IDs using templates designed to fool modern credit scoring. You can even find online services that specialize in Photoshop editing for ID fakes and 2FA verification.
What Features to Look for in AML Software
If you’re an organization operating online and offering some form of payout, it’s vital to utilize real-time fraud detection software. However, the importance of specific features will vary depending on the requirements of your business and industry.
On top of any compliance/regulatory demands, some specific features that you might want to look out for include:
- Data enrichment capabilities: Create a basic user profile that details information from external sources on a single data point – for example, checking an email address to see if it’s deliverable and what domain type can reveal a level of risk.
- Customizable rules and risk scoring: To help businesses streamline processing times and boost accuracy, a customizable ruleset will approve or reject any given action in real-time without impacting the user’s journey. This is best calculated via an overall risk score.
- Social media lookup: Building on data enrichment, some software providers offer the availability of a social media tracking API that offers more insight on the user, essentially acting as an online passport.
- PEP checks: Transactions involving a politically exposed person (PEP) – i.e. a President, politician, mayor, etc. – are considered high-risk due to the nature of the person’s position and authority. Applying enhanced customer due diligence with these individuals helps prevent potential money laundering.
- Pricing: For smaller businesses, paying per API call offers the most flexibility as your business grows. Businesses using the option of paying per individual check can complete operations in-house instead of outsourcing any transactions, which is often more costly.
How to Integrate AML Software or Tools into Your Business
For ease, some businesses simply work with the AML software provided by their chosen payment gateway/processor. For example, Stripe has its own Radar tool, which uses historical payments and card data gathered through its platform to identify potential risks.
Some companies choose to build their own in-house fraud prevention teams, as this provides more flexibility and security when faced with specific fraud challenges. However, to be truly successful, you need champions who are highly knowledgable in the space and make the right hires when scaling. Otherwise, this can become an expensive endeavor.
Alternatively, for most companies, we would recommend looking at cloud-based solutions from third-party providers that enable you to integrate APIs to create a multi-layered defense that is developed solely around the needs of your business.
Some might find a complete end-to-end solution easier. With an end-to-end solution, maintenance and upgrades happen when needed – but the multi-layered approach gives you complete control and flexibility over your prevention arsenal without any heavy fees or commitments.
How to Screen For Bad IDs
We’ve already extensively covered how SEON’s tools like digital footprint analysis, data enrichment, and dynamic friction can help, especially in the context of onboarding users with zero friction.
But it’s worth noting here that a key element of improving your AML compliance checks is to look at user behavior. And this is something an experienced risk team can do, but it’s also possible to automate the process with certain risk management rules.
Put simply, a fraud management engine will be monitoring and logging all user activity on your platform. And it’s up to you to feed that data through certain rules, to see if the activity looks suspicious or not.
This is what we call velocity rules or rules that look at a customer’s actions over time. For instance, these are scenarios that could increase the risk factor, and alert you that AML tools should be deployed:
- A user logs in from a different geolocation and device and starts withdrawing large sums of money.
- A new user transfers hundreds of small sums to their account and withdraws them in bulk.
- Money seems to be deposited and withdrawn too quickly.
- Someone is logging in multiple times from a risky IP geolocation pointing to the Cayman Islands.
Use Case: How a Client Uses SEON as an AML Tool
One of our clients, a leading crypto exchange, uses our SEON solution like they would an AML tool. How? Via smart Slack integration.
SEON monitors every user’s action on their platform, and the crypto exchange has set up a custom rule in the Scoring Engine that is triggered whenever a customer deposits more than €2500. The transaction is automatically paused, and the team receives a notification directly in Slack, so they can immediately act by asking further questions or performing a manual review.
Combining Anti Fraud, AML and KYC in One
One of the main challenges of AML tools is that financial institutions believe they need to increase their hiring of specialists. Yet this can be costly and overwhelming and doesn’t necessarily work at scale, as it could result in more false positives.
But, in fact, there is a lot of risk-based passive monitoring you can do using a powerful anti-fraud tool. Analyzing large amounts of data and user behavior at scale is something these tools are particularly adept at doing.
And while an AML solution cannot replace a formal investigation, it can certainly help you ensure that fraudsters, criminals, and money launderers are discouraged from setting foot on your site in the first place.
See our tool in action to see how we can help support and enrich your data to make better decisions.
Book a Demo
Frequently asked questions
This depends entirely on your requirements. An all-in-one suite might cost more/involve a longer commitment but will quickly lift the majority of work from your business, whereas developing a multi-layered defense might mean taking time to identify the right tools but will be much more affordable in the long run.
A good fraud prevention tool will automate as much risk management as possible by calculating risk before declining, accepting, or sending for manual review accordingly. With key features such as machine learning, data enrichment, and device fingerprinting, you can create a clearer picture of the person trying to operate on your site.
Book a demo today and see how we can support your business and team!
Sources of data presented in this article:
- Finextra: Bank AML fine values in 2020 already outstripping 2019
- Guardian: Is money-laundering scandal at Danske Bank the largest in history?
- Reuters: Anti-money laundering controls failing to detect terrorists, cartels, and sanctioned states
- The Economist: The war against money-laundering is being lost
Showing all Articles with `` tag
See a live demo of our product
Tamas is the founder and CEO of SEON and an expert in all the technological aspects of fraud prevention.