Oh to be a money launderer, a tax evader or frankly any established financial criminal in today’s world. Financial crime is already the most profitable business in the history of the world, but it’s possibly entering a golden age. $6 trillion of panic stimulus is being injected into the financial system over the next few months. In the US, that is 27% of the GDP in cash, all rushed into the market at one time! Fingers crossed, we may be seeing some light in the control of COVID-19 and all these funds may not be needed. Either way, it’s going to make a lot of people rich and alas, many that we should not be comfortable with.
No doubt, we have to support massive parts of our communities from the worst of the repercussions of social distancing and stay at home. Absolutely we do, and the banks will be a critical part of stabilizing our economy and our society over the next few months of upheaval. And surely, the banking system is sound and robust? Surely, we have a handle on financial crime after $10’s of billions of investments in technology, organizations, fines, and regulations? That’s a more complicated, and less encouraging answer.
The problem is speed creates opacity.
Most things can be looked at as a triangle of three intersecting pressures, or a balance of time, risk and cost. One is a partial derivative of the other two. For example, the faster the time the higher the cost and/or the risk. Basic stuff, but something you can’t get out of. So back to stimulus funding and its expedited distribution.
The risk is incredibly high because of the understandable demand for speed in cash distribution. Loan applications have allegedly increased by over 15,000% in the last month, many existentially critical for the applicants. There is also impressive spillover in the mortgage market with refinancing up 192% on a comparative basis versus the same time last year. It obviously means risk is sky high. Default risk on loans has led to the big four banks last week writing off $22 billion credit cost and loan provisions in a single quarter. Other banks are hesitant to be a distributor of stimulus funds, and only doing it because of brand concerns. Some are putting caps in place. Many are demanding that anti money laundering know your customer (KYC) requirements be suspended.
The potential for wholesale fraud is spectacular.
- Employee Stuffing – exactly how many employees are in the firm? Are they consultants, 1099s, do they actually exist? Did they ever?
- Shedding – the staff I have taken stimulus funds for I can remove and ghost payroll payments relying on whistleblower hotlines as the only form of exposure.
- Shuck and Clean – multiple distressed firms are now prime targets for cash takeover from organized crime. Not just for fraud but for a wholesale assault by establishing hundreds of new shell companies with a simple change of ownership.
- Identity Theft, Elder Abuse, and Trafficking will continue but will metastasize, supercharged by the $350 billion in US stimulus, which is already disbursed with many more billions in the pipeline. We’re giving the worst of us an opportunity to get rich.
- Cross-System Abuse – Multiple banks relationships for one company, making multiple applications for the same staff pool, and same receivables. This is complicated by legitimate companies finding it hard to get through diligence with their existing provider looking to move other banks with quicker loan processes.
Regulatory and law enforcement officials have a genuine concern around new opportunistic collusion, new attacks and most challengingly, the pivot of traditional financial crime into a new and incredibly lucrative opportunity.
Estimates of fraud currently range between $30 and $100 billion in the US. But respectfully, this is way-off if we use data from other events. Most logical comparison is TARP. Bill Barofsky, who ran TARP, talked about 10% fraud being assumed with that stimulus package. Simply using this estimate the exposure is a quarter to half a trillion dollars of fraud. For effect, thats $250,000,000,000 to $500,000,000,000 potentially being stolen. And TARP was a well-run, well-understood stimulus, focused at a reasonably small number of participants.
Unfortunately, and some will disagree with this, a significant majority of the fraud will come from entities already customers of the bank. After all, money laundering is already an $800 billion – $2 trillion business. Shell companies, stolen identities, opaque high net worth individuals who already have an institutionalized relationship will pivot to this new opportunity. But …. this is also a really cool, unique opportunity for those trying to stop them. Something to chat about below.
“It’s all about your KYC” But is it?
Many think this is solely a KYC challenge. It is to some extent, but it’s so much more complicated, and solely calling this KYC is a materially significant mistake.
We need to look at stimulus loans as a new asset class that has opacity in pricing, forgiveness, evolving in definition, clear responsibility for fraud liability, and most importantly, a risk that is dynamic through the duration of the loan. At what point can the loan recipient simply stop paying, and simply default with no repercussions? If they do stop, who owns the loss? The government? But was it fraud, or was the loan just too late to save the company? Who pays for the investigation, interdiction, and recovery if it is fraud? This confusion and the speed in which decisions are being made is why the financial crime community is so motivated at the moment.
So simply focusing on KYC is not enough. An additional approach needs to be considered. An approach that gives transparency both at the application – definitely a lot of good KYC technologies and processes out there – but also applies a set of consistent KPIs during the duration of the loan. These KPIs need to be dynamic, staying close to the behavior of the loan recipient, to the market and establish a constant “probability of forgiveness” metric.
This is needed not just for fraud analysis but also for pricing transparency and consistency for any future securitization. After all, it’s trillions of dollars with new risks and repercussions, so secondary markets will be something that will obviously be considered. Without a clear understanding of risk, we face the danger of ending up with toxic portfolios and repetition of 2008. Pure guesswork, but someone is gonna need to unravel the mess we are creating.
But some good news …..
This might also be an opportunity for the good guys. I’ve been known to say that finding financial crime is not like looking for a needle in a haystack, but rather, looking for a needle in a stack of needles. Financial criminals want to look the same as everyone else, want to be innocuous, hiding in the noise. They are exceptionally good at it, and this single reason is why most financial crime surveillance technology is so ham-stringed by false positives.
What is interesting here is that the opportunity to steal is so great, so compelling that criminals that are totally comfortable, institutionalized within the banking system will most surely be tempted to grasp this opportunity. When they do, they will, ever so slightly, stand out and so become vulnerable to higher-order discovery technologies.
This is where AI investments will prove to be so valuable. Finding that weak signal in behavioral change across massive dimensions of evolving new data cannot be done with a smart investigator. It laughably cannot be done by systems using rules designed over a decade ago. The right focus by a CAMLO, a head of the FIU, or the FinCrime tech team at a time when everything is chaotic around them could pay enormous dividends. Now is a chance to expose something interesting, to shine a light onto adversaries that have impressively outmaneuvered us in the past. So, starting to manage and analyze stimulus fraud and the desperate need for transparency could well benefit our efforts against laundering, trafficking, bribery and evasion.
That’s where Ayasdi is working with its clients – hunting stimulus fraud, but as we do, discovering laundering, trafficking, bribery and evasion schemes that have been so carefully hidden in the past. For once, some banks are armed with what they need in this fight.
OK, some may say this is grasping at straws for a silver lining. Others will say we have nothing to worry about. I think they’re wrong. Those that act quickly will have an opportunity to materially improve the safety of their bank. And some smart bankers are looking at this as a real opportunity to understand the attacks that will not just happen but have been undermining their efforts for multiple years. They are staying focused on the mission and see that this is not just a challenge, but a real opportunity.