The first money laundering activities to run through mobile apps took place over ten years ago when 20 of the top 25 downloaded applications in the Danish Apple App Store were downloaded from China and cost between $50 and $100 each. The laundering activity was fairly simple. Criminals created the apps, and used stolen gift cards and credit cards to buy their own products. App money laundering has advanced over the years. In 2018, criminals were caught using free gaming apps to launder money. The scheme was simple. It centered around three games: Clash of Clans, Clash Royale, and Marvel Contest of Champions. They would download the free app, use stolen credit cards for in-game purchases, and sell the fully loaded app to players who didn’t want to spend the time developing their player or building up their repository of tools. Since 2018, money laundering has continued to thrive through mobile applications. It presents a perfect environment for stealing and cleaning money. Applications and mobile payments are lightly regulated, and in-app purchases for thousands of dollars don’t necessarily raise an eyebrow. Furthermore, applications allow gift card purchases, which are even less regulated than credit card payments. Here are a few ways criminals are laundering money. Peer-to-Peer Laundering Airbnb and Uber have revolutionized their industries. Without owning a single property or car, these companies rank among the largest hospitality and transportation companies in the world. Consumers use the apps to book rooms and rides, while criminals use them to easily launder money and move funds across borders. Fake stays in expensive Airbnbs are an easy way to launder money. Using a stolen credit card, the money is sent to the host, giving off the appearance of a legitimate transaction. Fake reviews are the final touch in making the stay look legitimate. Uber can facilitate transactions in a similar way. Criminals book rides that never happen with stolen credit cards, giving the driver a cut of the transaction and taking the rest of the laundered funds. Laundering COVID Relief Money Recently, governments around the world have spent billions of dollars in COVID relief. In the United States, the CARES Act allocated over 2 billion dollars in direct payments to citizens, unemployment benefits, loans to major industries, and loans to small businesses. In an effort to get money into the hands of people who needed it, the government made it quick and easy. Criminals falsified applications to receive checks and quickly deposited them into “money mule” accounts. From there, it was easy to transfer the money into popular mobile applications and move the money around. When the cash arrived in the hands of the criminals, it was clean and could be used for anything. Chinese Money Laundering App Earlier this year, the Indian police in Delhi busted an elaborate money laundering scheme based in China that managed to steal nearly 20-million dollars from half a million Indian citizens over just a few months. Criminals recruited Indians citizens through messaging applications WhatsApp and Telegram,

Correspondent banking is a vital system that helps to connect smaller and underdeveloped communities to the world’s financial ecosystem. In the last decade or so, the need for correspondent banking has boomed across the globe. The global pandemic further kicked this increase into overdrive, with many people needing to transfer money to loved ones abroad. In fact, according to Juniper Research, the cross-border payment industry will facilitate over $35 trillion in payments by next year. However, despite the volume of correspondent banking transactions going up, the number of traditional banks participating in these types of cross-border payments has been steadily declining. Risky Business This poses the question, “If the demand for correspondent banking is increasing, how in the world are banks not able to meet the demand?” There are a couple of reasons why this is the case, with the first being the risk involved. Simply put, most banks are not properly equipped to handle the risk of correspondent banking. These transactions can typically involve up to a dozen smaller banks spread throughout the world, making it close to impossible for banks to conduct proper KYC due diligence and understand who exactly is processing and receiving the money. To make matters even more complicated, each individual bank in the process has its own, disparate set of data that needs to be analyzed by the main bank involved. So for instance, if a correspondent banking network has 10 member banks and one million customers, 10 million unique reports need to be analyzed. This data deluge makes manual review nearly impossible without incurring massive compliance and regulatory risk. Slow and Expensive Does Not Win the Race Another factor that’s keeping banks out of the correspondent banking game is the fact that emerging payment service providers (PSPs) are able to process the same transactions faster and cheaper than traditional financial institutions. If you’re reading this wondering how that’s possible after I just told you the vast amount of data that needs to be analyzed, it’s because PSPs like Transferwise and PayPal aren’t required to follow the same stringent regulations and compliance requirements as banks, giving them a boost in the speed department and allowing them to price their services accordingly. Here’s an example to highlight the processing speed and cost disparity between banks and PSPs: Say i’d like to transfer $1,000 to Estonia from Israel. If I went to my bank to conduct this transaction, it would likely cost me $40 and take a week to arrive at the recipient. On top of that, the bank would likely also require a lot of information on the transaction, including information about its recipient, the reason for the transaction, etc. On the other hand, if I took that same $1000 to Transferwise, they would charge around $10, it would only take a few days for the payment to arrive and, as an added bonus, they wouldn’t require any information about the transaction. Put two and two together, and why would anyone decide to use the

On its surface, de-risking banking activities is a justifiable move. Rather than attempt to manage the risk, banks choose instead to avoid risk. With that move, they sidestep past onerous regulator penalties, reputation-tarnishing headlines, and angry shareholders and customers. The result, of course, is predictable. Banks find themselves in the clear but watch as revenue streams close. In their place, payment service providers (PSP) are filling the void, facilitating transactions across borders to all corners of the globe. An Alternative Approach to De-Risking For years, banks have tried to manage risk through rule-based tools. It didn’t really work. ThetaRay’s Chief Customer Officer Idan Keret recently wrote that rule-based approaches triggered so many false alarms that only 1% of all alerts turned out to be true positives. With that type of success rate, it’s easy to understand why banks felt it was better to de-risk than to manage risk. However, technology has advanced far beyond rules. Introducing artificial intelligence and machine learning tools transaction monitoring has the potential to shift the equation in correspondent banking. Banks can and should be looking at managing risk, and taking back their cross-border payment business. What Does it Mean to Manage Risk? There are essentially two types of risk that banks need to manage. Once those risks are brought under control, banks can pursue correspondent banking business, expanding their relationships with respondent banks and reopening their revenue stream. Compliance risk management is one of the bigger risks that they face. In the first six months of this year, regulators handed out over $660 million in fines and penalties for having inadequate money laundering and terrorist financing controls in place. These banks’ crimes and weren’t found to have committed any wrongdoing; they were simply assessed fines for their lack of control. In contrast, operational risk management pushes banks to do a better job screening and monitoring transactions, as well as prevent suspicious transactions from being processed. Failing to do so puts them at risk of significant fines. Introducing advanced detection tools that utilize artificial intelligence and machine learning can allay both types of risk. Since 2018, regulators have realized that innovations in AI and ML enable improvements in AML activities that are not achievable in any other way. That year, Dr. Lael Brainard told delegates at a conference that was optimistic about the potential for AI and ML in the fight against money laundering. Brainard, who has sat on the Federal Reserve Board of Governors since 2014, noted that AI had superior pattern recognizability, offered cost efficiencies for banks, and was better than conventional approaches at working with large, less structured data sets. By using AI tools to monitor transactions, banks can manage, rather than de-risk, correspondent banking. Benefits of AI in Risk Management Utilizing AI enables banks to get back into the correspondent banking business, and with it, reopen this revenue stream. With an effective AI tool in place to monitor transactions, banks do find themselves with additional growth opportunities. Every year since 2012, the

There is a great romanticism about the unknown unknown. It sits there on the edge just beyond our knowledge and understanding. North America, before Columbus sailed there in 1492, was an unknown unknown to Europeans. Travels can take us to unknown places, and while there, we often find ourselves face to face with cultures and practices that existed so far beyond our imagination that they are simply unfathomable. The unknown unknown exists beyond our point of reference. When preparing to go off to school for the first time, we know that we are about to explore campus life and dormitories and meeting new people from different walks of life. All those are simply unknowns. It’s what happens beyond those recognized unknowns that make the college experience that much richer and more vibrant. Beyond the unknowns, that’s where we really begin to see something different. It may be wild or tame. Thrilling or relaxing. But it is so incomprehensible to us before it comes into view. Unknown unknowns aren’t always positive. Dorie Clark, in an article for the Harvard Business Review, was rejected from every doctoral program she applied to. She came to understand that the very quality that made her appealing to previous academic programs – her interest in a wide range of subjects – was the exact quality that made her so unappealing to doctoral programs that required singlemindedness toward a single subject. For Dorie, who was named one of the top business thinkers in the world by Thinkers50, it was the unknown unknown that created a blind spot that derailed her plans. She developed a three-step plan to help her find the unknown unknowns that could derail her plans. First, she recognized the need to get an insider perspective. Because of her previous success in academia, it never occurred to her that doctoral programs might be different. Second, she decided to “war game” potential failures. By assuming that an initiative is going to fail, and then analyzing every potential reason for that failure, she would open herself to creative insights and possible issues that might have been overlooked. Lastly, she advises looking at implicit assumptions, and trying to debunk them. That oftentimes requires getting a different perspective from someone in a different discipline who can knock the assumption on its side just by looking at it from their different point of view. Roots of the Unknown Unknown The late, former Secretary of Defense Donald Rumsfeld is generally credited with coining the phrase unknown unknowns. During a news briefing in 2002, while explaining the limitations of intelligence reports, he said, “There are known knowns. There are things we know we know. We also know there are known unknowns. That is to say, we know there are some things we do not know. But there are also unknown unknowns, the ones we don’t know we don’t know.” That may sound like a confusing tongue twister but there is a lot of truth in it. It’s hard to find something that

When I began my career, back in the late 90s, I was hyper-focused on rule-based technology and methodology. Rules represented our best chance at using automation to monitor transactions and prevent money laundering and other financial crimes. Two decades have passed, and it’s easy to see how wrong I was. At its very best, a rules-based approach finds one instance of financial crime for every 99 instances that it stops. A measly 1% of true positives, while 99% of its alerts are false positives that keep analysts busy but do little to thwart money laundering. In place of rules, we are starting to appreciate the value that artificial intelligence (AI) brings in transaction monitoring. From my front-row seat, I’ve enjoyed the role I’ve played in the rapidly evolving fight against financial crimes. I’d like to take a fresh look at transaction monitoring, and the way it has changed over the last half-decade. Understanding Transaction Monitoring Every time money moves from one account to another, we have a transaction. Monitoring those transactions means looking at where the money came from, and where it’s going. When you think about me sending you $100, the monitoring is pretty simple, but when you start to think about it at scale, with millions of transactions moving across different banks, borders, and currencies, it starts to get complicated. Hidden among legitimate transactions are illicit transactions, where criminals move money that have been involved in drug dealing, illegal arms sales, and human trafficking. Regulators demand that banks monitor these transactions to prevent money laundering. That monitoring is important; banks who fail to do so are at risk of millions of dollars in penalties. To make matters more complicated, monitoring goes beyond the current transaction. It requires a knowledge of historical transactions as well and reviewing a customer’s activity and information to get a full picture of the money trail. The Complexity of Cross Border Transactions At the heart of a bank’s responsibility is preventing financial transactions from passing through a bank in an international transfer. Money launderers love moving money across borders. For one, it enables them to pay suppliers, but it also allows them to clean money so that it can be used for other purposes. Despite it being 2021, or perhaps because of it, sending money from one country to another isn’t easy. If you wanted to send money from New York to California, the two banks most likely have a relationship, and the money can easily pass from one bank to the next. However, if you wanted to send money from New York to Johannesburg, South Africa, your money is in for quite a ride. To protect themselves from falling afoul of regulators, over the last few years banks have de-risked themselves and limited their relationships with foreign banks. The New York bank uses a series of correspondent banks to send the money from the United States to South Africa. The money might go to London first. From there, it may travel to Germany,

With over 4000 leaked SARS that were involved with 2000 banks, turns out most of the SARs were related to cross border activity, a well-known “blind spot” in the banking world.  Over the past several years, large schemes revealed the financial systems failure- with billions of dollars remaining undetected and unreported.  The list of SARs also revealed the inadequacy of the system, banks and FIUs to fulfill their obligation of identifying, reporting, and making effective use of the SARs, which is standard procedure. If most activities remain undetected, and the ones detected and reported did not lead to an expected outcome, what is the purpose of this mechanism? Who will be held responsible to prevent financial crimes?  Key questions are usually re-surfaced when large schemes are published:  Most of these schemes go un-detected and unidentified while banks continue to cater to these customers. All regulators and large banking organizations such as the Wolfsburg group and the European Banking Federation call for the use of effective controls, EU commission response to the recent large schemes was a call for significant changes in the enforcement of AML.  On September 16th FINCEN published a call for comments covering the new guidelines for effectiveness.  All stake holders acknowledge the fact that the current methods proved unreliable and that the industry should shift from a rule-based approach to risk based. The FinCEN leak justified this decision.  How is it that throughout the AML value chain, this requirement was not mentioned?   What is the meaning of effectiveness? The guidelines for regular standards are vague and can be interpreted in various ways. The EBF document calls for urgent change and covers the following aspects:  Redundant costly rule-based solutions “Tick-the-box” approach  Irrelevant controls  “De-risking” challenge “Risk-based approach” Public-private partnership Implementing new technologies Effectiveness focuses on results. The new published guidance by FinCEN is steering us in the right direction, although it attempts to combine old terms and methodologies that have failed in the past. A familiar bell rings, as Albert Einstein once said: “you can’t keep doing the same thing and expect different results” this is the definition for “Insanity”  Banks- regulators sync Interesting points of view regarding SARs can be learned by a report published by the Swiss regulator, with statistics around the quality of SARs reported. This dramatic increase in number of SARs and consistent decrease in quality shows the negative impact of the relationship between regulatory expectations and the financial industry, only a few understand what works and what will be considered “compliant.”  Haven for criminals and terrorists The lack of ability to decide what to do and to bravely implement effective measures left a barrier for bad actors that has “more holes than bricks”, laundering money and moving illicit funds between jurisdictions is overall fairly easy. Winning the war against the “dark side” Finding lists of SARs that are over 4 years old is practically a wakeup call, reminding us to be one step ahead of criminals and to stop suspicious activity in both