Government agencies and law enforcement bodies are looking to combine the latest technology with digital data to combat fraud. Ian Hall reports on a Global Government Fintech webinar exploring the obstacles and opportunities they face
Fighting economic crime in any of its guises – money laundering, bribery, corruption, fraud and more – is a relentless global battle.
Governments and public authorities across the world are – typically – struggling. Hamstrung by everything from budget restrictions to patchy international co-ordination, criminals are more often than not coming out on top.
Technology is helping both sides. Governments, agencies and law enforcement are increasingly using innovative techniques and tools to help them detect and prevent fraud. But criminals, naturally, are quick to exploit technology to break the law and evade capture.
It is against this backdrop that Global Government Fintech convened an international webinar on 7 November 2023 titled ‘Following the money: how can data and technology combine to help governments beat fraudsters?’.
The discussion, organised in partnership with sister title Global Government Forum, featured senior representatives from two of Europe’s largest nation states – Germany and Spain – and was partnered by analytics and artificial intelligence company SAS.
Governance lagging technological advances
SAS UK principal consultant Colin Gray opened the webinar by pointing out the chain of illegality often related to financial crime – something that makes the topic even more important and multi-faceted than it can first appear.
“Individuals and gangs that steal or abuse our public services are the same people that engage in human and drug trafficking and modern slavery,” he said. “Where you can disrupt and prosecute these people and organised crime gangs, you’re also protecting vulnerable individuals and society.”
After referencing technology trends – specifically the emergence of AI, which fraudsters will themselves capitalise on to “exploit opportunities and loopholes in the system” – he described how public authorities often face challenges in capitalising on the surge in availability of digital data.
“Governance and the legislative process is often falling behind advances made in technological and financial markets,” he said, warning that “silos of system and data governance set up across [public sector] departments to rightly protect citizen privacy will often impede the ability to prevent and detect fraud and crime.”
He referenced challenges of interpretation of the European Union’s General Data Protection Regulation (GDPR), giving the example of a European agency that “had interpreted GDPR requirements in a restrictive manner that seemed to prevent them from sharing data across departments, let alone bringing in supplementary data from private-sector organisations”.
Building future-fit anti-fraud programmes
Criminals have always moved fast to try to stay ahead of crime-fighting trends – something that will never change.
“Scams are going to be changing so fast, and if you’re always addressing what you’re dealing with today, you’re never looking at what the next scam is going to be – you’re never going to be ready to have the appropriate prevention capability in place for the future,” Gray said.
He advised public authorities to have “agility” in their overall anti-fraud programme when it comes to incorporating data sources. “How are you creating a data ecosystem that allows you to rapidly integrate with internal and external data sources to leverage all the innovations in the marketplace?”, he asked rhetorically.
Expanding on this, he said that organisations need to ask how they can “leverage [their] data ecosystem in a sustainable fraud prevention programme, which includes an architecture that allows [them] to access analytics and artificial intelligence but with a governance structure that leads to getting consistent production and value out of those investments”.
“It’s less about the ‘scam of the day’ and it’s more strategic in how you’re setting up that ecosystem to address the issues you’re facing right now but also the issues that you’re going to be facing next month and next year,” he said.
Germany looks to ‘follow the money’
Dr Marcus Pleyer, deputy director-general in Germany’s Federal Ministry of Finance (Bundesministerium der Finanzen – BMF) with responsibility for digital technology and financial market policy, was the webinar’s second speaker.
Germany’s federal cabinet has just adopted a package of laws aimed at a “fundamental realignment of the structures and powers for fighting financial crime in Germany, repositioning structures and institutions and improving the methods and tools employed“. An announcement (on 11 October) stated that “in future, financial investigations will take the ‘follow the money’ approach, based on data and employing digital technology which is constantly being updated to target criminals and sanctioned individuals”.
Pleyer began by reflecting on the webinar’s question – ‘How can data and technology combine?’ – saying: “‘Combine’ is a very important term because, in the end, it is important to have as much data as possible because you need data to [complete] the puzzle. And you need, of course, high-quality data – data you can really rely on – and you need accessibility of data.”
He challenged the focus on ‘government’ in the webinar’s title (certainly when applied to tackling anti-money laundering – AML). “If you look at where the money actually flows, it’s not [flowing through] the government – it flows through banks and payment service providers, and for that reason, government needs to work together with the private sector,” he said. He later described the UK’s Joint Money Laundering Intelligence Taskforce (JMLIT), created in 2015, as a “wonderful model” for such collaboration, saying that it had inspired Germany’s AFCA (Anti-Financial Crime Alliance), which launched four years later.
Picking up on Gray’s point about data governance, he referred to “tension” between data protection and data-sharing objectives. “Here I think technology can help us a lot because we have quite modern technology that makes detection more effective and helps us to protect the privacy of the data, for example data custodians,” he said – a reference to those who oversee the storage, transfer and transport of data. “You yourself don’t look into the private data, it’s the custodians who do the work, and the custodian who runs the software that monitors the transactions,” he explained.
He mentioned two further tech possibilities. “There is migrating algorithm software [by which] you don’t actually share the data, but the algorithm jumps from one entity to another, and if it finds connections, then it makes an alert. And you can look into the actual data and combine it again, to find out who is behind that. The third technology that is relevant is encryption technology, which means you don’t really see the private data – only if there is an alert, then you can open [the data] and find out who is the actual person behind that and follow the trace of the money back to the criminal networks.”
Seeking stronger collaboration
Germany is in the throes of creating a new Federal Office to Combat Financial Crime (Bundesamt zur Bekämpfung von Finanzkriminalität – BBF), bringing together its Financial Intelligence Unit (FIU), criminal investigations and supervision. “In view of the complexity of money laundering activities, for example in the crypto sector, and due to the large amounts of data, a strong analytical competence of the BBF is an important building block,” the BMF states on its website, adding that the focus is “also on the potential of data analytics and artificial intelligence, among other technologies”.
Structurally the creation of the BBF aims to optimise teamwork. “These [areas] are usually silos in a government, everyone works in their world and their bubble,” said Pleyer. “But we want them to collaborate much better together, and also to combine data and technology to be more effective in the fight against financial crime.”
Though the new authority reflects the federal government’s acknowledgment that it needs to do more to tackle AML, Pleyer said that he was aware that some agencies in Germany were “already work[ing] with fintech [companies] to detect illicit financial flows”.
“What is, of course, very important is that agencies have access to a lot of databases like beneficial ownership registries, to find out who is actually behind a company,” he said, adding that Germany had also “built up a real-estate registry so that you also find out not only about companies that own real estate, but also about ‘natural persons’ who own real estate and how they are interconnected”.
Pleyer is a former head of the German delegation to the Financial Action Task Force (FATF) and was the global inter-governmental AML/combating the financing of terrorism (CFT) organisation’s first president from 2020-2022. He provided a statistic that served to highlight the size of the global challenge. “If you take all the 200 Financial Intelligence Units [from member countries/regional bodies that are part of FATF] together, we still spend less money than one international bank spends on compliance, which shows that I think we don’t prioritise sufficiently the issue of anti-fraud, anti-money laundering. It needs to be prioritised higher,” he said.
Spanish actions against financial fraud
Laura Díez Pérez, senior adviser for digital and sustainable finance in Spain’s Ministry of Economic Affairs and Digital Transformation (Ministerio de Asuntos Económicos y Transformación Digital), was the third speaker. She began by focusing on the importance of EU law-making.
The European Commission in June put forward proposals to update the 27-member bloc’s current Payment Services Directive (PSD2) – which will become PSD3 – and establish a Payment Services Regulation. The package aims to “combat and mitigate” payment fraud “by enabling payment service providers to share fraud-related information between themselves, increasing consumers’ awareness, strengthening customer authentication rules”, among other measures.
She described the EU’s plans as “addressing fraud from all perspectives”, ranging from prevention to increasing collaboration, against a backdrop where regulatory authorities are challenged by the proliferation of technology-based financial services business models.
Greater success in the battle against fraud will be achieved by focusing on three priorities, she said: better detection, stronger co-operation and greater financial awareness. Responsibility falls on both public and private sectors to do more in all areas.
In respect of detection, GDPR was again referenced in the context of the challenge of striking a balance between data protection and “opening up” data; in respect of co-operation, she mentioned the importance of an ‘Action Plan Against Financial Fraud’, promoted by Spain’s National Securities Market Commission (CNMV), which was agreed last year by 19 public and private entities (including Spain’s central bank and police forces) and has created an interactive database open to signatory bodies; and in respect of consumer awareness, Díez Pérez pointed out that certain cohorts of the population – for example, the elderly – are often more vulnerable to “new types” of financial fraud.
Fraudsters ‘much more agile’ than governments
The question and answer section of the webinar began with discussion about the pace with which criminals often operate and the use of emerging technologies.
“Fraudsters are much more agile than government,” Gray said, referring back to his opening remarks. “They don’t have the same rules [as] government. If they want to do something, they just go ahead and do it. I think the other issue is that if you’re good at fraud, you don’t get found out.”
He spoke of ‘self-revealing’ fraud and ‘non-revealing’ fraud. Stealing money from a person’s bank account would be an example of the former. The latter – which he described as “endemic” – is more challenging for authorities to uncover. He gave an example. “If somebody steals, let’s say, in the construction industry, or puts the price up of something in the construction industry, you just end up paying more for it. You don’t necessarily know that you’ve been [a victim of fraud]. And that may continue for many years, without ever being found out.”
In terms of technologies being used to try to prevent fraud, Gray referenced biometrics, as well as data analytics’ role in anomaly detection. “If people are doing things online, there’s a number of technologies that can use clever capabilities [to see] how quickly you’re typing,” he continued. “So, if somebody’s just copying-and-pasting passwords into a form, you can pick that up versus somebody deliberately typing in the password.”
He also mentioned generative AI, of which ChatGPT is the poster-child. “Generative AI can generate data that looks very much like real data but it’s not,” he said. “You can use it to train models to at least take you 90% of the way there without having to share everything – you can build out a good part of the journey to generate those algorithms that are needed to detect fraud. And then [for] that last 10% you might have to use some real data to finalise and finesse models and capabilities.”
Finding the key(s) to anti-fraud success
Questions came in around the impact of blockchain technology and cryptoassets.
“Blockchain is actually a very transparent and open route [for money flows]. Everyone sees what happens, which transactions are done,” Pleyer responded. “The problem is that you don’t know who is behind the ‘key number’ – which ‘natural person’ is actually active. Breaking up this anonymity is the key to finding and preventing fraud over blockchain.”
The FATF’s so-called ‘travel rule’ requires that both originators and beneficiaries of digital fund transfers must swap key identifying information.
“Some countries are ‘frontrunning’ and implementing this – the European Union is issuing its AML legislative package [seventh AML directive – AMLD7] and one part is the implementation of this travel rule,” said Pleyer. “But other jurisdictions are not so ambitious in implementing this, and we see some of the crypto service providers now moving from those ambitious countries to the less ambitious countries because they want to misuse the regimes that are not that compliant with the new standard.”
Structurally, the EU is creating a dedicated Anti-Money Laundering Authority (AMLA). Germany and Spain are among the member states that have been bidding to host it. “Why did we get this AMLA? It’s because we had very easygoing [financial] supervision in Europe, which led to some financial institutions losing their reputation, getting cut off of the US dollar and [becoming] insolvent,” Pleyer said. “So what we really need is a supervisor that is well resourced, that has the most modern IT tools – and that is what we try to build up with AMLA. If we have a stricter, tougher supervisor, we will have a more sound financial industry.”
Technologies’ ‘reconciling’ role
Discussion came to a close with Pleyer reflecting on the challenges that authorities face in handling data but emphasising the growing importance of technology solutions.
“We are all working in Europe under GDPR but we see that data can be shared much more easily in Italy than, for example in Germany. So, there is a cultural issue,” he said. “But there is also an issue of legal uncertainty. The people who have to process the data: they, on the one hand, have the obligation to effectively fight crime; on the other side, they have to fulfill data protection, and they are not sure under what conditions they can share what data, and this must be clearly spelled out by the regulator.”
“I think we have a lot of technologies that can help us in reconciling both [tensions],” he concluded. “You can keep up a high level of data protection at the same time you can share the data with a data custodian, with a migrating algorithm or with encryption technology. So, I think technology is key here.”
He was optimistic about the impact of the EU’s latest proposed AML package, including new measures on data sharing – which, he said, would constitute “huge progress”.
This reflected the overall impression that it is in the areas of data governance and inter-agency, international and public-private collaboration – among other factors, most notably budget – rather than the ability and availability of technology that is the biggest handbrake on outmaneuvering financial criminals.
Read more: Reducing risk: how governments can use data analytics to prevent fraud
