Trends and challenges – a series of interviews with experts in the field of fraud prevention and anti-money laundering measures.

Iana Prodanova

Interview with Yana Prodanova, Chief Risk & Compliance Officer, Paynetics AD

Iana Prodanova

Over 15 years of experience in the field of risk management, modeling of fraud prevention systems, construction of monitoring and control systems, construction of BI models, regulatory compliance, compliance with the requirements of card schemes, operational security and systems, AML / Financial Crime Expert.

Last year was marked by an unusual event that affected public life in all possible ways. Of course, it changed the flow of cash flows – cash payments decreased and electronic payments increased, businesses such as restaurants and tourism almost ceased to function. Globally, lockdowns have restricted the movement of people and products and reduced the ability to generate “dirty money” such as drugs and trafficking in migrants, but at the expense of fraud to help those affected by the crisis. This, of course, led to a change in money laundering methods and a change in the channels for their movement.

What, according to your observations, are the new trends in money laundering?

As a representative of a fintech company that develops exclusively in the offer of innovative digital payment solutions and models, I could share that in all areas the trends in money laundering lead to insufficiently well-regulated cryptocurrencies, which still allow instant transfers/exchanges of large sums of money and to some extent maintaining the anonymity of the beneficial owner. Stolen identities, criminal “swallowing” of customer accounts, phishing attacks, burst-out merchants, SIM-swap scams and unauthorized access to digital wallets are still in place and occur in one form or another, especially in digitalized payment decisions. What is seen as a new trend is a combination of several money laundering models, which attempts to compromise access to digital services and uses a series of electronic and crypto-wallets to transfer money for a single purpose – to limit the traceability of money. Regulatory weakness in some respects “supports” this type of fraud, so controls in payment institutions should take into account these new trends.

How the introduction of digital onboarding changes money laundering detection activities?

Digital onboarding is really the main form of onboarding in companies that operate in the field of digital fintech payment services and which fully implement the measures for remote establishment of business relationships. The last few years have seen a tremendous boom in the development of technology providers that offer digital onboarding solutions based on integrated integrations with public resources and AI (Artificial Intelligence) technologies, aimed only at improving the mechanisms for proving authenticity and ensuring risks, arising from identification without the presence of the client. In view of these trends, each parameter of the virtual identity can be recorded and subjected to computer analysis, both at the time of identification and in subsequent processes of monitoring the customer’s transactional behavior, which in turn creates a risk profile of the customer and possibility for easier control and prevention of suspicious operations. This significantly facilitates the detection of money laundering models, as it eliminates the possibility of performing anonymous operations and sets operational thresholds and controls depending on the risk profile of the client. However, there are still trends of stolen identities acquired on the “black market” or criminal acquisition of unauthorized access to customer accounts in the event of data leakage or hacker attacks.

Can the increasing digitalization of banking processes reduce the cases of internal fraud?

The digitalisation of banking processes brings new operational risks to data security and in-house abuses, and it is therefore extremely important how this is controlled at the institutional level. I would say that cases of internal fraud are objectively dependent on a number of other factors, but to a large extent the management of systematic access in view of the need for each employee to access the minimum necessary information to perform their duties must be paramount in any a security system. The implementation of software for recording and analyzing system logs, rules for access in terms of hierarchy / responsibilities of each employee, professional training and awareness, are perhaps the only ways in which an institution could minimize the manifestations of internal fraud.

Do you think that there was a reduction in the movement of dirty money during the pandemic? 

The COVID-19 pandemic is a problem of the physical world, and in reality it has further strengthened physical controls over the physical movement of dirty money and made societies suspicious of the smallest detail, but has reversed interest in the digital world and free internet space, as a more appropriate alternative for moving dirty money during a pandemic. I could definitely say that there are many new fraudulent schemes specific to COVID-19, using the “ubiquitous fear of infection” and fully feasible in the digital world, aiming to skillfully exploit the weakened human protection and the “potential” such at a systemic level.

Are the patterns of movement of “dirty” money changing?

The schemes for moving dirty money are being upgraded and looking for new manifestations, but in essence they are preserving and looking for “anonymization”, the possibility of compromising security or weaknesses in control / regulatory mechanisms. Creating a community of sharing “negative” experiences is perhaps one way to stop the rapid multiplication of schemes from institution to institution. With the implementation of the PSD2 protocol and the requirements for two-factor authentication when accessing payment services, significant efforts are being made in the prevention of compromising static access or weakened ones. In this regard, the requirements of the regulator are becoming more complex and set a number of stoppers for the rapid implementation of a money laundering scheme in the payment system, which in turn makes fraudulent players even more creative and “bold”.

Do you think that the current situation will affect the increase of cases of internal fraud?

Unfortunately, there are many factors that influence the possible incentives for an employee to commit internal abuse, and especially in a situation of remote work in the conditions of COVID-19, system controls and access control must be particularly restrictive. Last but not least, I put the so-called “awareness” of each employee about the responsibilities assigned to him and the possible consequences for the employee in case of established abuse or attempted violation. I can say for sure that the remote work process was a kind of stress test for each institution, not only in terms of human resources, but also in terms of the very functioning of the institution. As a result, many weaknesses have been identified that can be used constructively, but also many benefits of the remote work model with proven efficiency of the work process and work-life balance for the employee. The focus on the importance of the employee as a corporate value is a kind of step of each institution against the increase of cases of internal fraud.

Does the change in the market situation lead to a revision of the fields and values in the Risk Matrix for money laundering risk assessment ?

Risk profiling of clients through a risk matrix is ​​a product of each institution based on the portfolio of services, the type of clients, their geographical location, the way of establishing business relationships and the channels it uses. In this respect, I would say that a revision will be necessary if the assessment does not reflect sufficiently well the reality and the subsequent controls at institution level. The market situation of companies that operate entirely remotely could not reflect the risk matrix, as the risk perception of this type of company is a priori an idea over conservative banks that operate entirely in the physical world.

Do you think that the use of artificial intelligence functionality would improve and make faster and more accurate analysis of establishing money laundering criteria?

I claim this for sure, but it is still difficult to calculate what array of information and for how long this artificial intelligence will need to make definite and accurate decisions. I do not think that artificial intelligence could completely replace the human factor in evaluation and analysis, especially in the context of dynamically changing behavior of the “bad guys” and especially in the field of AML Compliance, which is a kind of combination of many professional qualities and experiences that are difficult to reproduce by an artificial intelligence. Of course, in the field of Artificial Intelligence, very good developments are made, such as facial recognition, motion recognition, recognition of false documents, etc., which are skillfully used in ID&V processes and are proven to be effective.

About NOTO

Notolytix Ltd. was founded in 2015 by a group of – fraud prevention & IT veterans, from global companies like Groupon, Paysafe and Rakuten 

NOTO is an enterprise grade solution designed to address all financial crime threats. NOTO is data agnostic and uniquely flexible solution that empowers its users to efficiently combat fraud and money laundering across any vertical or industry. NOTO delivers unsurpassed ROI and truly global capabilities. 

One simple integration helps companies transform their approach to fraud, compliance and risk management in any sector or vertical. 

To learn more about NOTO, visit About NOTO