Why it’s time to think like a cop to prevent cryptocrime
Watch any true crime documentary or drama on Netflix, and you’ll notice one thing in common: the criminals got away with it for so long because law enforcement was fragmented and analogue, hampering the sharing of real-time intelligence that can spot crime before it happens. Fast-forward to today, and many fraud and financial crime teams are facing the same challenge; criminals who change their modus operandi faster than they can keep track, and who are sharing their tips and tricks on how best to scam, cheat, steal and launder without getting caught. And they are capitalizing on the rise of cryptocurrency to further gain traction. The constant is bad guys do not play by any rules, we are all targets, and we have to continually evolve to get ahead of the risks.
Spotlight on Bitcoin and Blockchain
Cryptocrime is the next financial crime frontier, or so it would appear… It makes the headlines, it’s got regulator focus, and apparently financial services firms and law enforcement aren’t ready to investigate, solve, or prosecute.
This is not a debate on the trust or utility for decentralized finances, but focused on how do we need to be thinking about the risks, and how do we get on better footing? Crypto is just the headline, what we are talking about applies more broadly across financial crime, from cyber-enabled crime, to fraud and money laundering.
Recent regulatory and law enforcement action has so far focused on areas such as misinformation around decentralized finance (DeFi), including making an example of Kim Kardashian with a $1.26 million fine from The US Securities and Exchange Commission (SEC) as part of its efforts to tackle ‘pump and dump’ digital currencies popping up.
But cryptocurrency and blockchain technology is being used in combination to complete closed-looped money laundering transactions through digital artworks as Non-Fungible Tokens (NFTs) purchased with DeFi funds.
The use of Bitcoin, Ethereum, Thether and other stablecoins and altcoins in illegal activities has become so rife that the Justice Department has formed a national network of prosecutors focused on cryptocrime. Eun Young Choi is the first director of the Justice Department’s national cryptocurrency enforcement team, and has explained the challenges around digital currency law enforcement: “Digital-asset crimes are truly multidisciplinary,” Ms. Choi said in an interview. “They are cross-border, complex, and challenging investigations and they require a certain level of competency.”
Banks waking up to the threat of crypto crime
In our recent research, The State of Fraud and Financial Crime in the U.S., we found that cryptocurrency-related fraud was a rising concern for smaller FIs, with only the very largest stating no increase in rates on digital currencies.
But the lack of reporting consensus on what we all know to be true, combined with the regulatory arbitrage and lack of clear rules in this new fintech reality, is letting the criminals get away with murder.
The dark net has forums full of criminals boasting of their exploits, sharing ‘best practice’ to stay one step ahead of the fraud and financial crime-fighting heroes. It’s clear that the lack of real-time collaboration between fraud and AML teams internally; between banks and PSPs in the market; and between regulators, law enforcement and financial services organizations, is hampering our efforts to outsmart the criminals.
Fighting fraud and financial crime in real-time
The right insights, in real-time, can be the difference between people scammed out of their life savings, or the disappearance of the funds associated with narcotics and other illicit activities – never to be recovered.
These are my four lessons learnt from my time as a cop on how to more effectively combat new financial crimes. The missing pieces for many financial institutions (FIs) is real-time information, and they center on leveraging innovation, focusing on real-time information, enabled by active collaboration.
1. Connecting the dots on criminal aliases
Cops learnt long ago that siloed data allowed serial criminals to take advantage of ‘anonymity’ in new counties, states and jurisdictions. Some of the world’s most notorious and dangerous criminals repeated their crimes across lines and borders without being caught, because law enforcement teams didn’t have a way to connect these profiles and vectors in real-time.
FIs can make use of technology data secure data sharing such as APIs as well as collaboration groups for discussion on best practice to learn from each other. Operating on minimal data means teams will always be one step behind the criminals. Efficient, timely, and automated flows of information within and between FIs, payment networks, regulators and law enforcement are needed to feed richer data into machine learning models that can improve accuracy in fraud and financial crime prevention.
Critical to success is s a shared understanding of threats and all working to complementary goals.
2. Data Interpol-ation
Law enforcement knows that data standards make understanding the size and shape of the global problem possible, The United Nations Office on Drugs and Crime has The International Classification of Crime for Statistical Purposes (ICCS) provides a comprehensive framework for producing statistics on crime and criminal justice.
Standardized and consistently structured data makes it simple for FIs to bring into their risk hubs, and to pass reports, tips and evidence to law enforcement (such as INTERPOL’s Financial Crime and Anti-Corruption Centre (IFCACC)) when criminal activity is suspected. New rich data standards like ISO 20022 offer the opportunity to better structure data as well as include more detail. Regulators and law enforcement may look to mandate the completion of certain data fields in transactions, and match these to Suspicious Activity Reports (SARs) filings helps to ensure that detectives have everything they need to act on the information.
3. Meeting the burden of proof
In criminal prosecutions, the standard of proof requires that allegation or argument is true beyond all reasonable doubt. We don’t have that same burden in fighting financial crime, but being able to articulate a risk-based approach is important in how financial institutions explain their risk-based decisions on transactions, with guidance from regulators.
Machine learning models can be used to improve decision making, but the legal system must be confident in leveraging those details in criminal evidence. To achieve this, model decisions need a high level of explainability. To date, the definition of an acceptable level of explainability for advanced machine learning models in financial crime prevention hasn’t been issued by the U.S. regulator, Financial Crimes Enforcement Network (FinCEN). To create this confidence and empower financial crime-fighters, clear definitions (including explainability versus interpretability) and guidelines are needed, such as how to measure the performance of models and the minimum effectiveness standards to which they must adhere.
4. Eliminating evidence tampering
Bureaucracy may be the bane of TV detectives, but real cops will tell you that clear governance frameworks help, not hinder the investigation process. The boys in blue can be confident that the evidence they are gathering, and the way in which they are doing it, will be acceptable at trial.
Current guidelines for how machine learning models gather evidence for a risk-based decision were designed for a broader set of models rather than those specifically for fraud prevention and financial crime transaction monitoring. This makes it really challenging for FIs to be confident that if they invest in these innovations they will be compliant, even though the aim is to detect and flag more of the fraud and financial crime that is sweeping the world. Regulators need to ensure the letter of the law is clear so that FIs can leap into action and create practical crime-fighting solutions within the legal framework. With the right framework, machine learning models can be legally and successfully applied to identify fraud or suspected money laundering and terrorist financing.
Cold start learning and cold cases
There are three key ways that machine learning innovations are able to improve the accuracy of fraud prevention and financial crime monitoring.
- When working a cold case where there are no new leads, you need to use new, better techniques to root out bad actors. Machine learning, and in particular deep learning innovations including techniques such as cold-start and transfer learning can identify suspicious activity, even without historical, labelled datasets.
- Dead end leads and false positives leave the same bad taste in the mouth of innocent citizens and customers. Adaptive Behavioral Analytics and behavioral profiling aid FIs to better understand genuine behavior versus criminals and money launderers, meaning they produce fewer false positives and focus all the investigative resource on the bad guys.
- Serial criminals and organized crime networks have unique fingerprints. Self-learning machine models are able to build connections between seemingly disparate data points, to spot new criminal patterns and identify emerging typologies.
Lightening the load on law enforcement
Models can perform transaction monitoring with greater accuracy and efficiency than traditional rules-based systems. This means they hold the potential to cut off the illicit revenue streams that fund criminal networks – effectively, making sure crime doesn’t pay. As law enforcement fights global, increasingly organized crime the sheer volume and complexity threatens to overwhelm the good guys. But removing the chance to defraud funds, or launder these back into the global financial system would wreak havoc on criminal operations and help prevent economic crimes such as the trafficking of humans, drugs, and illegal weapons.
Discover how regulatory reform to facilitate real-time information sharing could help us all make the world a safer place to transact. Read the Featurespace response to FinCEN’s review of the Bank Secrecy Act (BSA) Regulations and Guidelines.
Share
