Fintech’s Financial Crime: Collaboration v Constraints
Forward written by David Pelled- CEO, MLROs.com
This article has been written by one of our regular members James Emin
James has been looking at the bigger picture and how the whole ecosystem works from his perspective both as a practitioner in financial institutions and now as a consultant.
He is looking for the friction and failure points and a way forward, and I feel many of his views (they are his views and not those of MLROs.com) are somewhat representative of a section of the financial crime and AML practitioner professionals take on the issues.
I think this is a useful piece that has had considerable thought and effort from James, and it is a great starting point for discussions on the way forward.
I hope you enjoy reading it, and we are very grateful to James for taking the time and effort to do the research and put this thought-provoking piece together for the membership to enjoy.
Do let us and James know what you think so the whole community can learn and improve going forward.
Fintech’s Financial Crime: Collaboration v Constraints
Facing Reality and Facts
Financial crime is big business – an estimated 2 – 5% of global GDP, equating to $1.6 trillion[1], is laundered each year, with an estimated 1% of money laundered being confiscated[2]. This year, companies across the globe are expected to have spent above $1.45 trillion[3] in detecting, preventing and investigating financial crime, with 80% of this spent on human resources versus only 20% spent on technology[4]. In the UK, the Financial Conduct Authority (FCA) estimates that hundreds of millions of pounds is laundered and that serious organised crime costs the UK economy £37 billion alone[5]. Further, fraud is worth a whopping £190 billion, equating to 3.8 million recorded offences which account for a third of all crimes[6]. Fraud has seen a 17% increase in the last year[7], driven mainly by bank and credit card fraud. Despite this, Politically Exposed Persons (PEP) Suspicious Activity Reports (SAR) reflect a relatively unchanged landscape. The facts and figures do not convey the untold damage these activities cause to our global community – fraud has resulted in life changing loses for many individuals. From identifying ownership and control, to overnight screenings and the monitoring of transactions, existing legal requirements aid and enforce effective systems and controls which detect, disrupt and stop criminal and terrorist activity. The emergence of “Fintech”[8] and “Open Banking”[9] shows how fast technology is advancing, and this has allowed criminals to adapt in innovative ways.
With 1.7 billion unbanked[10] adults globally[11], Fintech is set to be big business, particularly with the help of government initiatives, such as digital IDs. Developing economies such as Thailand and India have led the way in order to get their vast populations banked, primarily for tax reasons, and consequently forging an ever growing cashless society. This has seen an unprecedented rise of digital products and services. According to UK Finance, 5 million people within the UK are choosing to lead cashless lifestyles[12]. This has enabled criminals to exploit existing rules that have not kept pace with the rise of Fintech, by providing them with sophisticated methods to manipulate the financial system to meet their own ends. There has been a huge rise in authorised push payment fraud (APP fraud[13])[14] and the use of “mule accounts”[15] that are set up by dangerous criminals to exploit vulnerable individuals, many of whom are often trafficked and coerced into using their digital identity for on boarding. There is clear evidence that existing systems and controls cannot keep up with these new threats that are consistently evolving new typologies. In short, it is clear that the criminals are ahead of the curve. Therefore organisations, whether that be corporations, financial institutions, Regtech[16], Fintech, regulators, auditors or payment providers, are having to collaborate in a swift and agile manor. This allows institutions to make use of technology which can deploy rapid controls in modular environments instantaneously, as and when new threats emerge.
The Needles in the Haystacks
In the UK, there are tens of billions of transactions every year, worth a total of £90 trillion, including 39.3 billion payments made last year – trying to detect wrongdoing in a universe of legitimate activity is a struggle for all parties[17]. Further, the collective cost of preventing and combating money laundering for regulated firms in the UK is £1 billion per annum. Transaction monitoring is a legal requirement in all financial institutions, and the legal framework is part of their essential toolkit. Some financial institutions use manual practices, which are rudimentary methods. Money launderers and sanction evaders, being fully aware of these processes, have developed methods and tactics to circumvent these very controls, including: wire stripping; false or stolen identities; shell and shelf companies and so on. Furthermore, having the correct and relevant information in a time-pressured environment is a recognised pain point for any monitoring alert investigator. Currently firms are using automated processes to prevent and detect fraud and financial crime, with incremental cycles of continuous improvements, tuning and configuring to lessen the false positive burden, which is resulting in qualitative rather than quantitative alerts. This is followed by the manual process of case management with the use of an army of costly administrators, to disposition level one (L1), who go through a vast amount of probabilistic false alerts currently at 90% globally[18]. They then use deterministic methods to see, for instance, if an ultimate beneficial owner’s age is matched to multiple (sometimes hundreds of) adverse media articles. This is just one person of significant influence out of many individuals tagged to the transaction-facing client. So the scale of the human cost of all screening practices should not be underestimated. Once a true match is determined, it then goes on to a L2 senior compliance practitioner to investigate materiality prior to L3, in order for the MLROs to make a business decision to submit a SAR. This allocation of resources and the cost of compliance has proven to be a barrier to business for many Fintech start-ups.
Information sharing within big organisations is insufficient, let alone across payment networks that need to collaborate to discuss findings of suspicion. The problem stems from legal constraints such as the General Data Protection Regulation (GDPR), local legislation to retain data within borders, plus information barriers for market sensitive data. All of these data sharing constraints force most Financial Institutions’ data to be siloed and opaque internally. This limits how much aggregated data can be accessed and presented to a compliance investigator within the prescribed L2 Service Level Agreement. For a positive client experience, the data should afford all compliance teams a greater holistic internal view of their clients’ activities, affiliates, networks and UBO’s at an inter-intuitional level, and allow these teams to be decisive when taking the right risk-based approach when a rapid business decision needs to be made.
It Takes a Network to Catch a Network
A rise in mule accounts, which are often left dormant for six months, has resulted in a rise in mule and money laundering networks. 24-7 service offering is allowing customers and corporations to send and receive real-time payments to and from their UK bank accounts. Regrettably, this has allowed criminals to exploit these benefits to facilitate their sinful activities. Money launderers and cybercriminals know how to game the system. They act as a network by simultaneously staging attacks and pumping high volumes transactions with relatively low value cash – this amounts to fraud, a crime on which money laundering is predicated. These acts are a way of distracting resources against the imperative targets of high valued assets, which are vital in disrupting the greater harm to society. The 2019 FCA’s Financial Crime TechSprint (‘TechSprint’) drove the initiative of collaboration, across not just siloed institutions but industry as a whole. The rhetoric was consistent in that there is a need for this to happen very much in real-time, by using a secure and centralised forum of a trusted network. Currently there is a global group of growing and established Fintechs who are getting together once a month to share typologies and methods used by criminals.
More impressive is the sharing of tools and techniques, as a non-competitive support group, to identify ways to fend off nefarious actors. Actors are trying to penetrate this controlled environment, which is so reliant on consumer trust and confidence as its eco system matures. The big issue is the privacy rights of data subjects and what can be shared. Just because one individual may be acting suspiciously in one firm, which could be immaterial, does not necessarily mean they are committing bad behaviour in another firm. A firm could be breaching the FCA’s ‘treating costumers fairly’ rules and principles, as well as the ICO’s blacklist of bulk monitoring if they were to share information of suspicious persons. These are the regulatory tensions and constraints that most firms face. Due to these constraints, the typologies and information that is shared is often done so in a blunt and ineffective fashion. As the stripping of the finer details make their application difficult, TechSprint addressed solutions to remove the subjectivity of identifiers such as personal information attributes that can identify data subjects. The other constraint is regulatory and the civil liability of the trustworthiness of the data being used. The larger incumbent banks are still tackling their data warehouse projects to identify patterns of financial abuse.
The other challenge is the relevance and proportionality of red flags to each individual and organization – just because an individual may be a small village drug dealer, who is high up on a local branches agenda, does not mean he is a lesser threat to the eco system. The time and cost in applying these indicators could be disproportionate, as the concerted efforts and attention from financial institutions is to disrupt the more serious and organised crime networks. Professional money launderers exploit international borders. This has led the FCA to initiate the Global Financial Innovation Network (GFIN), which was launched in January 2019 by an international group of financial regulators (so far 39[19]) and related organisations. Technologies such as distributed ledger technology allow for better sharing of intelligence between regulators, firms and enforcement agencies, with the balancing act of trying to protect data subject rights. That is why homomorphic encryption technology is leading the way for privacy, enabling data to be processed remotely. This privacy enhancing technology is also enabling firms to facilitate the sharing of intelligence without compromising GDPR.
Treating Customers Fairly
Treating customers fairly is an additional constraint – a client with many red flags is not necessarily doing bad things. People’s circumstances and situations change. Financial institutions should not hinder people’s accessibility to carry out lifestyle activities or impede business activities, because of disproportionate suspicion which, in effect, is the jumping at shadows. So there needs to be a fine balancing act of systems and controls, which allows retail customers and business to thrive legitimately. Conversely, banks have a legal obligation to freeze accounts that show signs of serious suspicious activity and report them to the country’s Financial Intelligence Unit (FIU). For the UK it is the National Crime Agency (NCA). During an NCA investigation, financial institutions are not allowed to tell the customer what is going on because it is an offence called ‘tipping-off’. This obviously creates anguish and frustration for customers. Events like this have recently seen Fintech banks like Monzo having its reputation damaged for freezing accounts without explanation, while leaving some customers struggling for the essentials, such as food. Monzo’s customer services team even directed those affected to food banks or charities, as many complained of having no cash to live on. This was raised by the criminals on social media and on the UK’s top consumer TV show, the BBC’s Watchdog. There were reports that Monzo went to too far and that the wrong people’s accounts were frozen. Chief executive Tom Blomfield said that “Monzo was no more or less exposed than any other bank”[20]. The bank further defended its position: “crucially, no conclusions can be drawn based on a bank refunding those whose accounts have been closed. It does not mean they have been treated unfairly. Without context, which we are prohibited from sharing by law, it is incorrect to reach a conclusion about why accounts have been frozen or closed”[21]. It is clear Monzo had robust compliance procedures, systems and capacity resilient enough to keep pace with the firm’s rapid growth. The firm was able to make use of data sets detection methods that identified typologies that were consistent with APP fraud and mule accounts. Their unwavering response has acted as a deterrent to nefarious actors that this abuse is not welcome, but at the cost of inconveniencing a small proportion of legitimate account holders.
The Future of Data Sets and Technology
There is a need for radical change which steers away from rules-based monitoring, for systems and controls to be relevant and proportionate. Prescriptive regulatory rules are simply not working and are very much being navigated around by money launderers. Principle-based regulations are leading the way, allowing firms and Regtech to innovate. It is in an effective and tailored way to meet a firm’s risk appetite while aligning to their business model of consumer convenience and seamless user experience. Monzo’s unfortunate client experience caused untold and perhaps unfair reputational damage whilst at the same time being disproportionate to law abiding citizens. It illustrates that the application of observation and detection measures needs to be more tailored to each specific client and institution that falls in line with real-time KYC as and when circumstances change.
Should firms and RegTech now be looking at tactics to ensure that the modification and monitoring of data points can be done in a cost effective and ethical manor? This could be deployed almost instantaneously, acting like a precision-guided weapon in combatting financial crime, without compromising privacy or causing collateral damage, such as client attrition. Data sets play a pivotal role in predicting and preventing financial crime, and an effective use of these will play out as enablers that act as early warning detection, rather than being used to investigate isolated events once the horse has bolted and the money has left. Data sets should be used to identify trends in real-time, based on historical schemas that have come about via shared real-time typologies across industry.
Real-Time KYC
For any bank account to be open there must be a purpose that has had consistent activity. As previously mentioned, there has been a rise in mule accounts that are often left dormant, then used once fraud and schemes take effect. The current model of the KYC period review is being abused. Money launderers know how these systems work and will endeavour to be on boarded as low risk clients that require a review of their KYC to be refreshed every 3 years, while slipping under the radar of the more scrutinising transaction monitoring.
Danske Bank and Scottish Liability Partnerships Scandal
This was a proven tactic employed by money launderers in the wake of the Danske Bank and Scottish Liability Partnerships scandal. They took advantage of the low risk KYC entity type, as well as the low risk jurisdiction of the UK, enabling the cleaning of dirty Russian Roubles into Euros. During this money laundering phase, some people of Scottish Liability Partnerships had been stuck off for failing to provide annual returns, and therefore were not legally permissible to trade or transact. Those who had filed their annual accounts had balance sheets that did not make economic sense in view of the scale and volumes of transactions going through Danske Bank. Howard Wilkinson, the whistle-blower who headed Danske Bank’s Baltics trading unit from 2007 to 2014, told European Union lawmakers in Nov 2019: “the role of the United Kingdom is an absolute disgrace. Limited liability partnerships and Scottish liability partnerships have been abused for absolutely years”[22]. The NCA has said it is investigating the use of UK-registered companies and a number of so-called professional enablers in connection with the widening scandal. The technology of real-time KYC uses instant data from the UK’s commercial register via secure API calls. In a matter that has led to the departure of both Danske’s chief executive and chairman, had Danske Bank made better use of this technology, it would not have taken a front office whistle-blower to discover such accounting and KYC irregularities.
Rise of Digital Banking
Conversely, with the demise of bricks and mortar, digital retail banks should have to take into account people’s circumstances which will unequivocally change. While the on boarding process only uses digital instruments like smartphones to do identification & verification (ID&V), people are going to go from being a student, getting a job, promoted, getting bonuses etc. to travelling abroad or sending or receiving money to loved ones oversees. When the bank identifies transactional anomalies, maybe it should trigger an automated questionnaire with a statement that states: “to avoid your account being frozen as a fraud prevention measure, please complete the following questions”. This will force the account holder to update their own KYC data sets via their smartphone app, in order to assist the financial crime team to have a better understanding of the profile of their client. This information should be validated by a four eye checker (machine or human), to ensure the information is consistent and to spot anomalies that do not make commercial or lifestyle sense. Subsequently, a data verification process that can use data from social media or “Insurtech”[23], or reviews scanned documentation such as invoices, payslip, gambling receipts, airline tickets etc., will need to be implemented. Then AI learning to spot fraud and inconsistencies, and machine learning to detect if the source of funds are legitimate, should both be utilised. The key question is: is an automated questionnaire, ‘tipping-off’? Furthermore, is it necessary to freeze the full amounts of funds that left legitimate and law abiding citizens penniless for weeks? As the digital banking economy evolves, these are certainly the fault lines that industry, legislators and regulators will need to grabble with.
Reducing the False Positive
The latest frontier of digital banking is real-time on boarding and transactions. Consequently, regulators can expect financial crime prevention to happen in real-time, and this is forging the way into the next generation of Regtech. A better use of data sets such as geo location, product, spending habits versus the evolution of real-time KYC, would help build a more targeted profile that should help reduce false positives. This can be achieved by matching scenarios, with circumstances of profiles being screened against real-time typologies, as and when fraud schemes and money laundering events happen. The dissemination of typologies can happen instantaneously and the next generation of Regtech monitoring systems should have the ability to be configured and calibrated in a swift and easy form, set by financial crime practitioners rather than solution development teams, in costly 2 week sprint iterations.
Profiling Constraints
It must be noted, privacy regulators like the UK’s ICO have raised serious concerns that the unnecessary tracking and profiling of people could lead us into a surveillance state. Many perceive this as going against people’s rights and freedoms not to be monitored by any organisation without their consent, especially a commercial organisation. One would guess that this would need to be ingrained in the terms & conditions as a first line of defence when on boarding, but transparency and the ‘how’ and ‘why’ in a clear and unambiguous way is imperative to satisfying GDPR. Automated processing of personal data leads to profiling for the purpose of assessing personal features. Fintech and banks are growingly using AI automation to ensure a prompt, rapid and decisive service at a cost effective rate, such as credit scoring. They are also vital real-time tools in combating fraud and money laundering. This seems to conflict with Article 22 of the GDPR, which states: ‘the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her’. Consequently, firms must be transparent in explaining every automated decision, if requested to do so by a data subject. The firm must also provide a legitimate rationale for the processing, such as having explicit consent or having to comply with legal obligations (such as anti-money laundering). If clients are not willing to consent then maybe this could be a red flag during the on boarding process.
Regulatory Innovation and Impact[24]
When the FCA was formed in 2013, it extended its regulatory powers to include competition, addressing some problems consumers faced in markets. Competition was the key driver in tackling these issues and innovation was key. The FCA foresaw that many tech innovators were not from the traditional financial services background and it was concerned at how they would navigate around the costly regulatory red tape. As a result, the FCA set out an approach to ensure the tech innovators journey with them was easy and friendly. Project Innovate (now called ‘Innovate’) was conceived by simplifying the application and authorisation process that establishes whether a firm and their business case and model could be trusted by falling within rules that also protected consumers. The benefit for firms was reduced time-to-market and the gaining of better access to finance. Innovate was a call for firms to come forward so that the FCA could help support them with their journey in getting their products and services to the market as a competitor, ensuring that appropriate consumer protection safeguards were built. The clear objective that had to be satisfied was reducing costs to consumers. Given this regulatory initiative was the world’s first, a safe and controlled environment to test these products and services was needed. Therefore, the FCA Sandbox was formed for small-scale testing with a limited number of customers, with test periods of around six month during which both the FCA and the firm could mutually learn. After the test period, the firm would have a commercial decision to make – either take to the market permanently and remain authorised (meeting the FCA’s criteria) or exit with a plan in place to limit impact on consumers. Think of Sandbox as a clinical trial in a safe environment before going to mass market. By recognising these proof of concepts, the FCA, a world leading authority, has now helped start-ups gain traction and trust. This has led to greater access of further rounds of Venture Capitalist funding.
EBA Outsourcing Rules
Outsourcing is a way of gaining relatively easy access to new technologies and it certainly contributes to achieving economies of scale. On the 5th February 2019 the European Banking Authority (EBA), updated the CEBS guidelines on outsourcing (GL02/2006) that initially applied solely to credit institutions, as it needed to be enhanced. This is due to a new generation of emerging digitalisation and the growing importance of new financial technology providers such as Fintech and Regtech. Many financial institutions that are changing their business operations have, and will, adopt such technologies in order to improve their cost efficiency. Some have increased their use of Fintech and Regtech solutions and have programs in place. Fintech providers will now find themselves subject to the same guidelines, robust governance processes and internal documentation requirements. Many complying with the guidelines will see this as a constraint and cost on resources and business. Furthermore, obligated institutions that use Fintech providers may face a challenge in balancing the desire to be innovative with using new emerging products. That said, meeting the due diligence rules under these guidelines require covered entities to account for the service provider’s business reputation, abilities, expertise, capacity, resources, and organisational structure. Such obligations will invariably favour established and mature service providers over that of a start-up.
Why Does This Matter?
Moral obligation rather than regulatory
Component authorities, the lawmakers to those who enforce, define financial crime as a whole multitude of wrongdoing that encompasses a holistic range of criminal conduct, including money laundering, terrorist financing, bribery and corruption, market manipulation, insider dealing, sanctions and so on. Given the complexity of the scale and scope of the financial crime subject, many financial institutions and incumbent banks will individually segment it, ensuring they are meeting all of their legal and regulatory obligations. This affords their firm protection from fraud, and reputational and monetary loses, and the avoidance of the regulatory stick. Some may view this as dehumanized and victimless crime – after all, it only impacts upon a financial institution’s balance sheet for which they set aside risk management provisions for such adverse events. Nonetheless, there are in fact human and environmental costs, with a face associated with each illicit transaction that derives from predicated offences. These crimes go way beyond what we assume are the typical proceeds of crime, such as drug trafficking. There is a huge range of predicated offences that, by their sheer nature, fall under the radar of typical financial crime controls. Mainly because criminals are creative and are one step ahead, their offences can be perceived as legitimate due to frameworks and networks that act as credible supply chains or regulatory affiliation. More recently the BBC’s panorama reported that a big 4 audit report for a precious metal supplier, which has had allegations of a cover up of the truth of the underlying asset gold being painted in silver, had acted as a tool of reliance for anti-money laundering (AML) mitigation. These sophisticated and flourishing frameworks lead to crimes being undetected in the initiation phase. This phase has seen drug money being repatriated, unsophisticated investors being duped out of their life pensions, refugees being exploited for human and sex trafficking, and tyrannical regimes and terrorist procuring instruments of oppression or at worse components to build, test and deliver weapons of mass destruction. Public officials are lining their pockets by allowing deforestation or depriving aid to those who desperately need funding to get out of poverty, and improve their education, health and wellbeing.
For these crimes to be predicated, there has to be an incentive. Financial reward is the incentive, with money laundering networks being the trusted conduit that supply oxygen to this criminal economy. These trusted networks heavily rely on the formal financial system and the technology which facilitates these ill-gotten gains that causes such misery to society. So rather than just satisfying the regulatory obligation and ticking the prescriptive rule box, a moral incentive is needed from every person and institution to work together who oversee all transactions. This is to bite the carrot that disrupts the criminal networks of bad people doing bad things. With a predicted 99% of all illicit transactions slipping through the net[25], greater collaboration across industry and a more nimble way to use technology is needed. With just 10%[26] of dirty money being detected and disrupted, this could have a profound and positive impact on the global society, environment and even conservation. Continued innovation is absolutely critical, but for that to succeed, there are constraining barriers and fault lines that need to be addressed.
Conclusion
Reducing the constraints
The EU’s Fourth Anti-Money Laundering Directive and GDPR came into force in 2017 and 2018, respectively. Ideally, both of the pan-European Directives should have coincided quite seamlessly. Yet, there was little co-operation between the two regimes. This has led to tensions and uncertainty, not just for firms, but for national regulators such as the UK’s FCA and ICO. This lack of inter-consultation within the EU commission has given criminals avenues to exploit GDPR, as financial institutions have an inherent tribulation not to breach data subjects’ privacy rights. There are a number of developments needed not just in the money laundering system, but in the broader eco-system globally, with a dire need for the greater effectiveness of policies and regimes. This was highlighted in the Financial Action Task Force’s 4th round of assessments for how financial institutions can make their system and technology more efficient and effective. It is imperative that the best-in-class products and services are conceptualised, designed, and deployed without having to navigate around the costly regulatory red tape which will envisage the next generation of financial crime technology. The key question is: what will this reformed technological anti-financial crime eco-system look like? What are the milestones? And what is it ultimately expected to do? The current regime’s architecture is neither fit nor proper, and the focus should be on outcomes. An obvious outcome is to protect the integrity of the financial system and doing it in a preventative, predictive and systematic way, by using these best-in-class technologies that deliver real-time information. This is to provide key decision makers the mechanism by which to prevent illicit capital and funds entering or leaving the supervised financial system. More importantly is, how will these emerging tensions be ironed out as a result of this shift in paradigm? By ‘tensions’, what is meant is: what is going on in the environment that may put pressure on the fundamentals of the global anti-financial crime system, a system that demands transparency, traceability and accountability in an uncompromising manner? Further, are there limits and constraints on those principles and polices, in light of new technologies and developments? Having a pragmatic approach in identifying these fault lines should be accounted for in the next phase of the design of this modularised environment. This will meet not just the demands of all regulators, but the moral obligation that affords all firms sustainable trust in a competitive financial system.
This article is original content for MLROs.com by James Emin
Copyright© MLROs.com 2020
[1] https://www.unodc.org/unodc/en/money-laundering/globalization.html
[2] https://www.unodc.org/unodc/en/press/releases/2011/October/unodc-estimates-that-criminals-may-have-laundered-usdollar-1.6-trillion-in-2009.html
[3] p5 of https://www.refinitiv.com/content/dam/marketing/en_us/documents/reports/true-cost-of-financial-crime-global-focus.pdf
[4] Fact check – cannot find evidence of the 20:80 split.
[5] https://www.fca.org.uk/news/speeches/turning-technology-against-financial-crime
[6] https://www.fca.org.uk/news/speeches/turning-technology-against-financial-crime
[7] https://www.fca.org.uk/news/speeches/turning-technology-against-financial-crime
[8] The term Fintech (Financial Technology) refers to software and other modern technologies used by businesses that provide automated and improved financial services. Tech-savvy customers, especially millennials expect money transfer, lending, loan management and investing to be effortless, secure and scalable, ideally without the assistance of a person or the visit of a bank.
[9] Open Banking is the secure way to give providers access to customers’ financial information. It is expected to open the way to new products and services that could help customers and small to medium-sized businesses have access to better deals or new financial services products.
[10] “Unbanked” is an informal term for adults who do not use banks or banking institutions in any capacity. Unbanked persons generally pay for things in cash or else purchase money orders or prepaid debit cards. Unbanked persons also typically do not have insurance, pensions or any other type of professional money-related services. They may take advantage of alternative financial services, such as check-cashing and payday lending, if such services are available to them
[11] https://www.worldbank.org/en/news/press-release/2018/04/19/financial-inclusion-on-the-rise-but-gaps-remain-global-findex-database-shows
[12] https://www.bbc.co.uk/news/business-48542233
[13] Authorized push payment fraud (APP fraud) is a form of fraud in which victims are manipulated into making real-time payments to fraudsters, typically by social engineering attacks involving impersonation.
[14] https://www.theguardian.com/money/2019/sep/26/number-of-bank-transfer-scams-in-uk-rise-by-40-in-a-year
[15] “Mule accounts” are bank accounts which are used to move the proceeds of crime (sometimes without the knowledge of the account owner)
[16] “Regtech” is a combination of ”regulatory” & “technology” that uses information technology to enhance regulatory processes with an emphasis on regulatory monitoring, reporting and compliance
[17] p2 of https://www.ukfinance.org.uk/sites/default/files/uploads/pdf/UK-Finance-UK-Payment-Markets-Report-2019-SUMMARY.pdf and https://www.bankofengland.co.uk/knowledgebank/how-do-card-payments-work
[18] p4 of http://www.oracle.com/us/wp-disrupt-status-quo-in-aml-compl-5440180.pdf
[19] https://www.fca.org.uk/firms/global-financial-innovation-network says there are 50 organisations.
[20] https://www.telegraph.co.uk/technology/2019/11/01/monzo-cards-banned-tesco-branches-months-complaints-shoppers/
[21] https://monzo.com/blog/2019/10/18/watchdog-response
[22] https://www.cityam.com/why-river-dirty-money-flows-through-united-kingdom/
[23] Insurance technology (insurtech, or sometimes spelled insuretech) is technology designed to increase the efficiency and efficacy of insurance companies. Machine learning-powered applications can process the massive amounts of data required to push improvements in efficiency and effectiveness. This enables multiple applications including personalized policies, more options for small business policies, and customer-facing applications
[24] FCA Sandbox (Extract from: Open banking’s PSD2: Open trust v Open abuse. Author: James Emin)
[25] Fact check – supporting evidence required.
[26] Fact check – supporting evidence required.