Financial frauds – history, regulations and the way forward – III

Technological advancement is a continuous process which is changing our world on a daily basis. “Digital” has become a cross-industry buzzword and it keeps getting deeper into our lives, thanks to path-breaking technologies of the modern world such as Blockchain, Machine Learning, Artificial Intelligence, Robotics Process Automation, Internet of Things (IoT), Cloud Computing, etc.

All it takes is a basic analysis of how we go about our everyday task and how we used to do it few years back would tell us the extent of technological advancement – in some cases without us realizing it! We live on an invisible highway of wireless networks that drive our home appliances, television sets, phones, tablets and computers.

Banking is one of the industries that has seen the maximum traction during the digital revolution. From running to the bank for the most routine transactions such as funds transfer, we have come a long way along the evolution curve, where we can now trade in stocks across borders right from our living rooms by making a few clicks on our smartphones.

It would be fair to say that if all other industries are being taken by technology storm, banking and financial services is facing a hurricane.

Banking, Financial Services and Insurance (BFSI) sector is in the middle of a global technological churn. Customer needs and expectations continue to soar through the roof and it has come to a stage where providing great products just does not cut it. It has to be packaged with convenience and ease of use, giving the customer complete control over his investments.

We have already seen how online banking has moved from internet to mobile phones and passwords have been replaced by fingerprints, 4-digit PINs and facial unlock features – customers want access to their accounts within seconds and the experience has to be as frictionless as possible.

Given the inherent risk of this industry, BFSI players are walking a regulatory tightrope day in and day out in order to strike a balance between data protection and convenience. Countries around the world are pushing towards a “cashless” economy to eliminate the physical risks associated with currency exchange and to bring down costs associated with printing and circulating currency.

This has resulted in exponential growth of digital payments. Financial institutions are finding innovative ways to deliver products, services and customer experience and have expanded their presence across multiple channels – thereby increasing the “surface area” for cyber-attacks.

Just when regulators around the world were taking cognizance of the modus operandi of cyber criminals and issuing guidelines to keep them at bay, global markets saw a whole new amalgamation of digital innovation and finance – cryptocurrency.

This blockchain based currency found its way into technical conversations and got elevated to the reputation of being decentralized, universal, fraud-proof and fully digital alternative to conventional currencies that did not require a regulator. This spooked regulators around the world no end – how do you regulate something that does not need to be regulated? To regulate a currency one first needs to understand it and as we have mentioned time and again, regulators are often found wanting when it comes to keeping pace with digital innovation.

Bitcoin – the first and most popular digital currency – first surfaced in the year 2009. Nearly a decade down the line, laws enforcement agencies, financial regulators and tax authorities around the world are still trying to figure out the best practices around it. After all, bitcoins do not exist in physical form, can be transacted anonymously across international borders without any exchange rate and do not exist in physical form and are mined rather than issued by central banks.

These peculiar characteristics have yielded it different levels of acceptance around the world, as the same characteristics can be exploited by drug lords, criminals and terror organizations around the world for a host of illegal acts.

Are Cryptocurrencies Legal? Well, the straightforward response is – it depends on the country you are in. Regulators around the world have taken markedly different stances to the concept of cryptocurrencies. The United States, Canada and Australia have been the trendsetters in this regard, recognizing Bitcoin as legal tender.

Though they have classified it differently, it is heartening to see such important economies being welcoming about cryptocurrencies. On the other hand, countries like China, Russia, India, Vietnam, Bolivia, Columbia and Ecuador have banned the use of Bitcoins and other cryptocurrencies. The European Union as a whole has not arrived at a collective decision on the legality, regulation and acceptance of bitcoins, thus prompting individual countries to respond to its rise differently.

This wikipedia link provides a comprehensive list of countries and their regulations towards cryptocurrency. During the course of my research, I stumbled upon this very recent news article, where Japan has approved self regulation for Cryptocurrency Industry.

Fintech analyst Billy Bambrough, in his article for Forbes explains how a survey by Coinbase carried out by Qriously suggests a bright future for cryptocurrencies, with 42% of the world’s top 50 universities offering at least one course on the underlying technologies – crypto or blockchain. A number of experts from different domains have thrown their weight behind this asset class, pointing towards an inevitable widespread adoption in the coming months and years.

CNBC spoke to ten experts and the general perception has been towards a global adoption of blockchain technology in the medium to long term, with some even comparing it to the likes of oil.

In a world where regulators are already having a tough time dealing with digital banking and financial frauds, cryptocurrencies are the last thing they needed on their to-do list. It is here to stay and in this section we will see why regulators have not been able to embrace it with open arms, like they have done to other fin-tech innovations such as internet banking, mobile wallets, etc.

Banking regulators have always been vigilant about strategic and operational aspect of reforms, with technology seen as an enabler. Today’s age of digital has disrupted that practice and technology is no longer a sidekick. It has taken a lead role and financial firms are fast transforming into technology firms to sustain their relevance. Barring rare exceptions, regulators have mostly fallen behind the learning curve when it comes to keeping pace with tech innovations. Financial crimes of the modern, connected world have the potential to impact economies across the world overnight – something we learnt from Lehmann Brothers episode.

As technology progresses, regulators are faced with the challenge of bringing in stringent fraud detection and Anti Money Laundering (AML) practices to keep the integrity of systems uncompromised.

Just like banks and financial institutions, hackers are adopting technology powered tools to keep themselves relevant. Banks have enabled fingerprint based authentication to ease life for customers. Mobile phone manufacturers have played along by releasing state of the art technologies such as face detection and NFC based payments to the mass markets. These have given hackers more avenues to exploit. Data breaches are more common than ever and the stakes on stolen data are getting higher by the day.

Data breaches have the potential to destroy businesses and individuals alike – and it can happen anywhere. At retail markets, banks, public Wi-Fi infrastructure, government websites and anything else under the sun. American restaurant chain Jason’s Deli, health insurance giant Aetna, leading supply chain firm FedEx, electronic toymaker VTech, Under Armour, Wells Fargo Bank, Power Grids and a number of U.S. institutes have been victims of data breach.

May 2017 was a significant month in the world of financial crimes. It introduced unsuspecting victims to a never seen before kind of malware – ransomware. The attack affected over 200,000 systems running across 150 countries on the first day. Everyone was affected – from government agencies to large organizations to education institutions – and everyone in between.

The attack locked victim computers up and issued a message demanding a ransom within a stipulated time (typically a day or two), failing which the cost would go up. If the demand was still not met, the data would be erased permanently. The fact that hackers demanded ransom in cryptocurrencies such as Bitcoins made it virtually impossible to trace them once the ransom was paid. Well known business names such as Boeing, FedEx and Germany’s local train operator Deutsche Bahn were all affected. Though the cause was eventually singled out (an exploit in older versions of Microsoft Windows Operating System) and patch was issued for it shortly thereafter, it gave the world a glimpse of how bad things can potentially get in the cyber age.

Victims were advised not to give in to the demands as researchers’ analysis of underlying code revealed that hackers had no means to tell who had paid up and who had not. Even in cases where victims panicked and paid up, the amount lay unused for quite a while. By the end of 2018, the UK, the US, Australia, Canada and New Zealand concluded that WannaCry was a brainchild of North Korea, with the latter denying the responsibility.

Silver lining of WannaCry was that it made cyberattacks a conversational topic among the masses globally. Preventive security measures were stepped up by individuals and organizations alike, though we strongly believe such efforts need to be continued with enhanced focus in the months and years to come.

Capital Markets around the world are heavily reliant on technology. The last thing regulators want is for technology to become a problem rather than a solution – there are enough regulatory problems to worry about for economies around the world. Given this situation, regulators adopt a “safety first” approach wherein they are prepared to fall behind technology by a few years compared to pushing reforms with the minimal risk – and make no mistake – there are risks aplenty!

Well, this is what meets the eye but if we scratch the surface there are deeper reasons to be found. Fin-tech innovations are aimed at eliminating manual intervention, promoting efficiency and reducing costs. There are age old systems where government officials have been taking a cut from different possible sources for awarding contracts and releasing payments for them from time to time.

There is a large maze of red-tape to be navigated for the most trivial file movements. There are senior employees who have been there for decades and never really upgraded their skills to fit into a modern, efficient, digital lifestyle and fear job losses with the introduction of technology. These are few obvious factors which would incentivise slowing tech introduction down and are to be found in developing markets.

There are cartels around the world that see unholy nexus between lawmakers and businessmen who need to scratch each other’s backs. Technology has the potential to straighten these systems and automation can significantly reduce the power they presently exercise. Deloitte had published its analysis on 2018 Banking Regulatory Outlook and a glance through the paper suggests most of it remains relevant. 2018 has seen some significant steps being taken by regulators around data protection and financial fraud prevention. Here is a glance of some steps taken by regulators and industry bodies towards data protection and fraud prevention:

• For the United States, the Financial Industry Regulating Authority (FINRA) listed fraud on the top of its list.
• The European Union implemented their much awaited General Data Protection Regulation (GDPR) to address privacy issues of its citizens and how data is stored and exported within and out of European Economic Area.
• The European Union Payment Services Directive (PSD2) went into effect.
• The New York Department of Financial Services (NYDFS)’s rules around multi-factor authentication and data encryption went into effect.
• Financial Institutions have turned to Robotic Process Automation (RPA) and Artificial Intelligence (AI) technologies to drive accuracy and efficiency, freeing up employees to take over more complex, value driven assignments.

Financial Crimes Observer by PWC released earlier in the year details many innovations and associated risks that come with digital innovations in the financial sector. While the users of these products have to be more vigilant than ever in protecting their privacy, we expect regulators to be ahead of the game rather than hindering technological adoption in the name of security.