EXCLUSIVE: “Closing ranks on fincrime” – Rein Graat, ING in ‘The Fintech Magazine’

Five Dutch banks are establishing a transaction monitoring utility that aims to move the dial on anti-money laundering through data-sharing and sophisticated AI. ING‘s Chief Compliance Officer Rein Graat tells us why they must now stand together

“It takes a system to fight a system,” says Rein Graat. “And we’re fishing for criminals with nets, when we want to be spear fishing.”

The ING chief compliance officer’s analogy sums up how the Dutch bank is working to transform its anti-money laundering techniques by moving away from rule-based monitoring systems to an AI-powered behavioural monitoring model. Treating everyone as a potential fraudster in order to catch the few who are, have been too invasive for many customers and expensive for the banks, while still failing to stop the criminals get away with trillions every year.

That’s because banks have been trying to defeat fraudsters in isolation, says Graat, and, in the process, they’ve been outsmarted by gangs that move dirty money between financial institutions and across borders to avoid detection.

“To combat money laundering, you need to create a picture from all the small pieces of information. It’s like a puzzle. If banks only examine their own information, they risk not seeing the bigger picture,” says Graat. “So we need to combine forces. For us, that means harmonisation across Europe, guided by regulations and directives, so a bank’s systems can connect with those of its peers, which enriches what we all see.”

Breaking out of silos and working within a network is very much a current trend, and one that the Bank for International Settlements (BIS) is examining under its Project Aurora. In partnership with Lucinity, an Icelandic regtech, BIS is studying the use of AI software analysis of payments data to spot money laundering within a network of private and public sector partners – a system it calls CAL (collaborative analysis and learning).

The scale of the problem that it’s trying to tackle is laid bare by the statistics – BIS reports the value of money laundered globally is estimated at between two and five per cent of global GDP, or $2trillion to $5trilion. Less than one per cent of this – $20billion to $50billion – is seized annually. Meanwhile, the cost to financial institutions of complying with anti-money laundering (AML) and other fincrime regulation is huge, totalling $274billion last year, an increase of 28 per cent on the $214billion spent in 2020.

How can it cost so much and achieve so little?

Faced with a seemingly insurmountable task, and with the threat of stiff fines when AML compliance rules are breached, BIS says banks have a tendency to over-report fraud concerns to regulators, which results in a drain on both the banks’ own resources and the public purse. Nobody is winning and still the criminals evade the net.

“To combat money laundering, you need to create a picture from all the small pieces of information. It’s like a puzzle. If banks only examine their own information, they risk notseeing the bigger picture”

BETTER TOGETHER

One of the many different CAL models that the BIS project is studying to remedy that situation is the transaction monitoring utility. One of them is Transaction Monitoring Netherlands (TMNL). Launched in 2020 by five of the country’s banks, TMNL is a co-operative data-sharing network that monitors business accounts to combat crime. At its outset, TMNL estimated €16billion was being laundered every year in Holland and around one tenth of all bank employees (8,000 staff) were tied up combatting money laundering and terrorist financing.

The TMNL members, which include ING, ABN Amro, Rabobank, Triodos Bank and de Volksbank, work closely with the Dutch government’s ministries of Finance and Justice and Security, and the country’s Financial Intelligence Unit, in the hope of translating detection of criminal activity into prosecutions. To meet EU laws around data privacy, the member banks use pseudonyms, so data provided to the TMNL cannot be linked with individual customers and is meaningless without a bank’s encryption key.

Tracking the movement of funds between the banks is critical. Before being invested in assets such as property, yachts, vehicles or equities, criminals launder cash by ‘layering’ it – for example networks of money mules are employed to intentionally or unintentionally transfer dirty money through their own bank accounts. Another tactic is ‘smurfing’, whereby transactions are broken up into smaller amounts using multiple bank accounts, credit cards and shell companies.

All that is often difficult to detect in a rule-based anti-money laundering system, which uses pre-defined algorithms to flag up suspicious transactions, such as the size, frequency or origin of a transaction. And it has also proved inefficient, generating high volumes of both false positives and false negatives – BIS reported between 90 and 95 per cent of all alerts are false positives. A departure from such a blunt rule-based system to a sophisticated process that constantly evolves is needed to match the laundering methods adopted by major drugs, prostitution and people trafficking gangs, argues Graat.

He believes a switch to behavioural monitoring systems, powered by sophisticated AI and shared by a network of financial players, could revolutionise crime detection, while also reducing the scrutiny that law-abiding customers face. A legal victory in October by Dutch challenger bank bunq over the use of artificial intelligence software for AML provided clarity for other banks and meant detection can now become more ‘risk- based’, says Graat.

Bunq had argued the approach to AML by the country’s central bank – De Nederlandsche Bank – was antiquated and ineffective. Graat believes the court ruling will accelerate the switch to more sophisticated analysis.

He says: “The bunq case was a clarification and I expect discussions will now gain more intensity. The central bank is now keen to explore the rules needed around risk-based systems and how it will be regulated by law. We need to decide what data we feed our AML engines, why we are using that data, who can have access to it, what models we run, and we must be transparent about all of this with our customers because there is a perception among the public that privacy is being compromised. But, with behavioural monitoring, we will, in fact, be much more specific in what we target. Rather than looking at what each customer is doing, day in, day out, we can instead examine anomalies and then take a deeper dive into what’s going on. By being more selective, banks will be safeguarding data privacy.

“We already have very stringent rules governing how our systems work – TMNL, for example, is designed to be more specific and far less invasive. And, because the data we share with partners goes through a process of pseudonymisation, privacy is safeguarded.”

Graat acknowledges that such use of advanced AI invites debate. He welcomes it.

“Ultimately, the biggest asset on any bank balance sheet is the trust equation, and we have no interest in jeopardising that. With the use of AI comes discussions around data ethics. Banking is about credibility and trust, so we must be clear and transparent with our customers about what we’re doing with their data.”

Graat points out that all countries’ regulators demand customer due diligence and transaction monitoring, which, by definition, already have implications for data privacy. But he emphasises that a change in approach is vital.

“We want to focus on building a picture of the banking behaviour of a criminal. And a criminal doesn’t only bank with us at ING, they have multiple accounts. So it takes a system to fight a system,” he insists.

The introduction of ISO 20022 as a common language for financial messages is a key factor that makes this. industry-wide collaboration possible.

“Data harmonisation means data builds into information that we can respond to. But the banks, who are the gatekeepers, need to be clear about their role,” adds Graat. “There is a whole ecosystem to consider. We’re having that discussion in the Netherlands about public-private partnerships, bringing relevant organisations around the table to decide our national agenda.”

Even so, expectations around the potential to beat financial crime must be managed, says Graat, since criminals have shown they have an infinite capacity to innovate to exploit system weaknesses.

“Will we be able to remove 100 per cent of criminal activity from our systems? No,” says Graat. “Can we be more efficient, more targeted, and achieve better results? Absolutely yes.”

This article was published in The Fintech Magazine Issue 29, Page 18-19