The Future of AML: A Holistic Approach To Combat Financial Crime
As financial transactions became increasingly digital, banking has become much more convenient for both individuals and businesses.
It is now easier than ever to move money from point A to point B, even across borders.
Additionally, the birth of digital currencies such as Bitcoin, Ethereum, and other cryptocurrencies known as “alt coins” also made it very easy to make digital transactions while concealing the remitter’s true identity.
Perhaps too easy.
Indeed, banks and governments around the world have taken notice of the ease of conducting illegal activities using cryptocurrencies, such as money laundering, terrorism financing, theft via exchange hacks, and fraud.
The Connection Between Anti-Money Laundering and Cryptocurrency Exchange Hacks
Here are the key reasons why banks and governments are concerned:
Criminals could use cryptocurrencies to conduct scams, (e.g. the plustoken scam), and to launder stolen funds obtained by hacking an exchange.
As recently as last month, the Upbit exchange was hacked. $52 million worth of ETH was lost. Uppsala Security is investigating the Upbit incident by using forensic tools to track the stolen coins, helping other exchanges prevent hackers from cashing them out.
Of course, banks, payment processors, and other financial institutions are concerned about fighting money laundering. To add to their concerns, criminals are likely using cryptocurrencies for such nefarious purposes.
Combating crypto-based money laundering, however, requires a broader cross-functional approach by financial institutions, governmental entities, and law enforcement agencies.
The Need for Collaboration Between AML and Cybersecurity
To get a full understanding of the crypto-driven money laundering phenomenon and to maintain regulatory compliance, executives must have a high-level understanding of cybersecurity, privacy, and other fields where they may not have expertise.
Because of cryptocurrencies, there is an increasing overlap between cybersecurity and anti-money laundering (AML). However, to wage successful AML campaigns, there needs to be open lines of communication between both cybersecurity experts and AML experts.
Cybersecurity threats compound the risk of fraud and financial crime, such as money laundering and exchange hacks, within the context of cryptocurrencies. These cybercrimes have become as numerous and costly as ever, whereas “for every dollar of fraud, institutions lose nearly three dollars”. In 2018, the World Economic Forum noted that fraud and financial crime was a trillion-dollar industry, reporting that private companies spent approximately $8.2 billion on AML controls in 2017 alone.
Despite passing new regulations while ratcheting up sanctions against bad actors and their sponsors, governments around the world are finding that the existing regulatory framework is not enough to fully contain such financial crimes.
A new regulatory framework is needed to combine AML and cybersecurity into “Cyber-AML” (or C-AML) a new term coined by Patrick Kim, the CEO of Uppsala Security. Kim believes that a cybersecurity perspective is necessary to effectively and efficiently address digital financial crime and anti-money laundering.
Financial Crime and Fraud Are Now One and the Same
As we have alluded, the lines between “financial crime” and “fraud” are now blurred to the point where these terms can be interchangeable in the world of C-AML. Cryptocurrencies makes these crimes borderless — and thus more difficult to police.
These financial crimes used to be transaction-based. Today, they are more identity-based, where personal information gets exploited. Banks and crypto exchanges are responding with more stringent Know-Your-Customer (KYC) due diligence along with other enforcement rules based on new guidelines set forth by the FATF in 2019. However, the global marketplace demands faster transactions with instant payments. Banks are under constant pressure to maintain a balance between fighting cybercrime while handling authorized transactions instantly to keep their customers happy.
Therefore, an integrated cross-functional approach is necessary to control fraud, financial crime, and money laundering while maintaining best cybersecurity practices to ensure compliance with regulations.
Data Sharing As a Holistic Approach
By approaching C-AML with a holistic view of underlying processes, banks can streamline decision-making to support a better customer experience, improve risk management, and reduce costs.
In one successful case, a major bank with global reach combined all operations related to financial crime, including fraud and money laundering, into a single global entity functioning as a C-AML department. As a result, the bank obtained a high-level view of customer risk to improve decision-making and reduce operating costs by approximately $100 million.
The recipe for success is to use a shared dataset of cybersecurity threats that supports such a holistic approach. If banks, payment processors, and crypto exchanges share the same information and latest intel about the latest cybersecurity threats — not just in the crypto space — but also the broader financial landscape, we can create a more secure digital world for making financial transactions with greater peace of mind for all.