Germany has a reputation as a money laundering paradise due to its great love of cash and is strongly opposed to the European Union's proposals to put a ceiling on cash payments.
Added to this are ever new "varieties" of money laundering. For instance, the Handelsblatt reported recently that trading in carbon credits is particularly susceptible to illegal cash flows. According to the Düsseldorf-based business newspaper, many companies are blind to the fact that they have fallen victim to dubious business partners – and are thus liable to prosecution themselves.
Roy Prayikulam, Senior Vice President Risk & Fraud at INFORM provides an overview. At INFORM, he is responsible for fighting financial crime with the help of Hybrid AI and algorithms.
What exactly are money launderers aiming to achieve by trading CO2 certificates?
The aim of money laundering is always to smuggle assets obtained illegally into the financial and economic cycle. This is how criminals seek to evade the scrutiny of law enforcement authorities. CO2 certificates are merely one more means of doing this, among many, that go largely undetected. Other examples include art or luxury vehicles.
What is special about these certificates, however, is that they are purely digital goods that can be traded throughout Europe, even outside the official marketplaces (OTC, over-the-counter). This provides criminals with plenty of opportunities. Their first step has been to transfer money obtained illegally into CO2 certificates. In the next step, they plan to "launder" this money by carrying out a legal sale.
What practical measures can be implemented to bring about greater criminal prosecution of money laundering in Germany?
In principle, the legal framework for this has already been laid down. For example, anyone who buys the CO2 certificates will be held legally liable if they purchase them despite clear indications and suspicions of possible illegal activities ("willful blindness"). This is the case, for example, if the certificates are offered far below market value.
However, the German law enforcement authorities are in most cases not equipped to detect these offenses. The lack of digitalization and automation when it comes to transaction data – even compared to other European countries – is the key problem here. The same also applies outside the banks: In Portugal, for example, all cash register systems are able to send all transactions directly to the tax authorities together with the buyers’ fiscal number, whereas discussions are still underway in Germany about the obligation to issue physical cash register receipts.
What impact does this change have on IT departments in banks?
New, complex methods of money laundering and fraud are emerging almost every day. CO2 certificates are just one possible means of laundering money. Nowadays, financial crime is often committed across a great many channels, involving a wide variety of stakeholders, albeit knowingly or unknowingly. With every new FinTech, app, cryptocurrency, and payment channel, the opportunities for criminals grow exponentially.
This creates a multitude of requirements for IT, security, and compliance departments: First, they need to have a holistic overview of a wide variety of data sources and channels (multi-channel) and be able to meaningfully correlate and evaluate them. Transactions must be checked for fraud and money laundering in real time. Incidentally, having machine learning (ML) algorithms learn behavioral patterns and other indicators of illegality from the data is not enough either, even though it is an important building block. The perpetrators would have far too much time to do incalculable damage by the time an ML model came to the right conclusions. Instead, we need technologies that are capable of making clear decisions, even from inaccurate data, not to mention technologies that can adapt, simulate, and put into operation even the most complex, dynamic sets of rules at any time and without the need for programming.
What challenges do German banks face with regard to internal IT processes?
Until now, many banks have only had standalone solutions or systems that were separate from each other. In many cases, this means that it is necessary to follow up on false positives, for example, if a transaction is reported as safe by one of the bank's systems but as suspicious by another.
Modern systems such as RiskShield act as a single source of truth. They synchronize, analyze, and evaluate the results from a Customer Due Diligence (CDD) assessment, the watchlist screening, as well as carry out suspicious activity monitoring. Ultimately, this holistic view of customers leads to greater decision-making certainty and fewer false hits for banks.
How can RiskShield be used to report suspicious cases and detect threats in time?
It should, of course, be very easy to report suspicious activities, regardless of whether templates are used for SARs (Suspicious Activity Reports), CTRs (Currency Transaction Reports), or configurable interfaces for automatic upload. In practice, however, there is often still a lack of acceptance and understanding of AI in government agencies. It is therefore important that all decisions made by an AI-based system can be easily understood, explained, and adapted. This is where RiskShield’s hybrid AI approach comes in.
Hybrid AI means that we integrate data-based methods (e.g., machine learning) and knowledge-based methods (e.g., fuzzy logic, dynamic profiles) in order to assess and prevent illegal transactions. This allows us to check transactions within a matter of milliseconds and trigger appropriate actions, while simultaneously learning from patterns observed in the vast amounts of data.
The knowledge-based AI methods are goal-oriented because they make informed decisions despite data uncertainty. To do this, they compare risk assessments from different sources, perform automated risk classification on an ongoing basis, and check payment flows against various sanctions and embargo lists. They also identify illegal transactions designed to disguise the true origin of money, in other words, they probe far beyond simple wire transfers from A to B.
How does RiskShield succeed in detecting conspicuous transaction patterns?
What sets RiskShield apart is its holistic approach. To fully profile a customer, for example, it not only checks all transactions across all channels, but also checks non-financial transactions. This means that current behavior can always be compared with the dynamic profile in order to identify and evaluate changes in behavior.
Another aspect is that data from fraud prevention and AML compliance is increasingly shared. This has huge benefits for teams working in different areas in IT departments in banks who often work in total isolation and have few means of communicating with each other. RiskShield helps them to save money, become more efficient, and achieve better results by identifying even more correlations.
The interview first appeared in German on March 07, 2023 on finanzwelt.de.