Financial frauds - history,
regulations and the way forward – III
Technological advancement is a continuous process which
is changing our world on a daily basis.
Technological advancement is a continuous process which is changing our world on a daily basis.
“Digital” has become a cross-industry buzzword and it keeps getting deeper into our lives, thanks to
path-breaking technologies of the modern world such as Blockchain, Machine Learning, Artificial
Intelligence, Robotics Process Automation, Internet of Things (IoT), Cloud Computing, etc.
All it takes is a basic analysis of how we go about our everyday task and how we used to do it few
years back would tell us the extent of technological advancement – in some cases without us
realizing it! We live on an invisible highway of wireless networks that drive our home appliances,
television sets, phones, tablets and computers.
Banking is one of the industries that has seen the maximum traction during the digital revolution.
From running to the bank for the most routine transactions such as funds transfer, we have come a
long way along the evolution curve, where we can now trade in stocks across borders right from our
living rooms by making a few clicks on our smartphones.
It would be fair to say that if all other industries are being taken by technology storm, banking
and financial services is facing a hurricane.
Digital Banking – Convenience vs. Security
Banking, Financial Services and Insurance (BFSI) sector is in the middle of a global technological
churn. Customer needs and expectations continue to soar through the roof and it has come to a stage
where providing great products just does not cut it. It has to be packaged with convenience and ease
of use, giving the customer complete control over his investments.
We have already seen how online banking has moved from internet to mobile phones and passwords have
been replaced by fingerprints, 4-digit PINs and facial unlock features – customers want access to
their accounts within seconds and the experience has to be as frictionless as possible.
Given the inherent risk of this industry, BFSI players are walking a regulatory tightrope day in and
day out in order to strike a balance between data protection and convenience. Countries around the
world are pushing towards a “cashless” economy to eliminate the physical risks associated with
currency exchange and to bring down costs associated with printing and circulating currency.
This has resulted in exponential growth of digital payments. Financial institutions are finding
innovative ways to deliver products, services and customer experience and have expanded their
presence across multiple channels – thereby increasing the “surface area” for cyber-attacks.
The Cryptocurrency Dilemma
Just when regulators around the world were taking cognizance of the modus operandi of cyber
criminals and issuing guidelines to keep them at bay, global markets saw a whole new amalgamation of
digital innovation and finance – cryptocurrency.
This blockchain based currency found its way into technical conversations and got elevated to the
reputation of being decentralized, universal, fraud-proof and fully digital alternative to
conventional currencies that did not require a regulator. This spooked regulators around the world
no end – how do you regulate something that does not need to be regulated? To regulate a currency
one first needs to understand it and as we have mentioned time and again, regulators are often found
wanting when it comes to keeping pace with digital innovation.
Bitcoin – the first and most popular digital currency – first surfaced in the year 2009. Nearly a
decade down the line, laws enforcement agencies, financial regulators and tax authorities around the
world are still trying to figure out the best practices around it. After all, bitcoins do not exist
in physical form, can be transacted anonymously across international borders without any exchange
rate and do not exist in physical form and are mined rather than issued by central banks.
These peculiar characteristics have yielded it different levels of acceptance around the world, as
the same characteristics can be exploited by drug lords, criminals and terror organizations around
the world for a host of illegal acts.
How are world economies responding to cryptocurrencies?
Are Cryptocurrencies Legal? Well, the straightforward response is – it depends on the country you
are in. Regulators around the world have taken markedly different stances to the concept of
cryptocurrencies. The United States, Canada and Australia have been the trendsetters in this regard,
recognizing Bitcoin as legal tender.
Though they have classified it differently, it is heartening to see such important economies being
welcoming about cryptocurrencies. On the other hand, countries like China, Russia, India, Vietnam,
Bolivia, Columbia and Ecuador have banned the use of Bitcoins and other cryptocurrencies. The
European Union as a whole has not arrived at a collective decision on the legality, regulation and
acceptance of bitcoins, thus prompting individual countries to respond to its rise differently.
This wikipedia link provides a comprehensive list of countries and
their regulations towards cryptocurrency. During the course of my research, I stumbled upon this
very recent news article, where Japan has approved self regulation for Cryptocurrency Industry.
Fintech analyst Billy Bambrough, in his article for Forbes explains how a survey by Coinbase carried out by Qriously suggests a bright future for
cryptocurrencies, with 42% of the world’s top 50 universities offering at least one course on the
underlying technologies – crypto or blockchain. A number of experts from different domains have
thrown their weight behind this asset class, pointing towards an inevitable widespread adoption in
the coming months and years.
CNBC spoke to ten experts and the general perception has been towards a
global adoption of blockchain technology in the medium to long term, with some even comparing it to
the likes of oil.
The Dark Side of Technology – Regulators’ nightmare!
In a world where regulators are already having a tough time dealing with digital banking and
financial frauds, cryptocurrencies are the last thing they needed on their to-do list. It is here to
stay and in this section we will see why regulators have not been able to embrace it with open arms,
like they have done to other fin-tech innovations such as internet banking, mobile wallets, etc.
Banking regulators have always been vigilant about strategic and operational aspect of reforms, with
technology seen as an enabler. Today’s age of digital has disrupted that practice and technology is
no longer a sidekick. It has taken a lead role and financial firms are fast transforming into
technology firms to sustain their relevance. Barring rare exceptions, regulators have mostly fallen
behind the learning curve when it comes to keeping pace with tech innovations. Financial crimes of
the modern, connected world have the potential to impact economies across the world overnight –
something we learnt from Lehmann Brothers episode.
As technology progresses, regulators are faced with the challenge of bringing in stringent fraud
detection and Anti Money Laundering (AML) practices to keep the integrity of systems uncompromised.
Data Breach and The Rise of Ransomware
Just like banks and financial institutions, hackers are adopting technology powered tools to keep
themselves relevant. Banks have enabled fingerprint based authentication to ease life for customers.
Mobile phone manufacturers have played along by releasing state of the art technologies such as face
detection and NFC based payments to the mass markets. These have given hackers more avenues to
exploit. Data breaches are more common than ever and the stakes on stolen data are getting higher by
the day.
Data breaches have the potential to destroy businesses and individuals alike – and it can happen
anywhere. At retail markets, banks, public Wi-Fi infrastructure, government websites and anything
else under the sun. American restaurant chain Jason’s Deli, health insurance giant Aetna, leading
supply chain firm FedEx, electronic toymaker VTech, Under Armour, Wells Fargo Bank, Power Grids and
a number of U.S. institutes have been victims of data breach.
Ransomware attacks – WannaCry
May 2017 was a significant month in the world of financial crimes. It introduced unsuspecting
victims to a never seen before kind of malware – ransomware. The attack affected over 200,000
systems running across 150 countries on the first day. Everyone was affected – from government
agencies to large organizations to education institutions – and everyone in between.
The attack locked victim computers up and issued a message demanding a ransom within a stipulated
time (typically a day or two), failing which the cost would go up. If the demand was still not met,
the data would be erased permanently. The fact that hackers demanded ransom in cryptocurrencies such
as Bitcoins made it virtually impossible to trace them once the ransom was paid. Well known business
names such as Boeing, FedEx and Germany’s local train operator Deutsche Bahn were all affected.
Though the cause was eventually singled out (an exploit in older versions of Microsoft Windows
Operating System) and patch was issued for it shortly thereafter, it gave the world a glimpse of how
bad things can potentially get in the cyber age.
Victims were advised not to give in to the demands as researchers’ analysis of underlying code
revealed that hackers had no means to tell who had paid up and who had not. Even in cases where
victims panicked and paid up, the amount lay unused for quite a while. By the end of 2018, the UK,
the US, Australia, Canada and New Zealand concluded that WannaCry was a brainchild of North Korea,
with the latter denying the responsibility.
Silver lining of WannaCry was that it made cyberattacks a conversational topic among the masses
globally. Preventive security measures were stepped up by individuals and organizations alike,
though we strongly believe such efforts need to be continued with enhanced focus in the months and
years to come.
Balancing Innovation with Risk, Governance and Controls
Capital Markets around the world are heavily reliant on technology. The last thing regulators want
is for technology to become a problem rather than a solution – there are enough regulatory problems
to worry about for economies around the world. Given this situation, regulators adopt a “safety
first” approach wherein they are prepared to fall behind technology by a few years compared to
pushing reforms with the minimal risk – and make no mistake – there are risks aplenty!
Well, this is what meets the eye but if we scratch the surface there are deeper reasons to be found.
Fin-tech innovations are aimed at eliminating manual intervention, promoting efficiency and reducing
costs. There are age old systems where government officials have been taking a cut from different
possible sources for awarding contracts and releasing payments for them from time to time.
There is a large maze of red-tape to be navigated for the most trivial file movements. There are
senior employees who have been there for decades and never really upgraded their skills to fit into
a modern, efficient, digital lifestyle and fear job losses with the introduction of technology.
These are few obvious factors which would incentivise slowing tech introduction down and are to be
found in developing markets.
There are cartels around the world that see unholy nexus between lawmakers and businessmen who need
to scratch each other’s backs. Technology has the potential to straighten these systems and
automation can significantly reduce the power they presently exercise. Deloitte had published its
analysis on 2018 Banking Regulatory Outlook and a glance through the paper
suggests most of it remains relevant. 2018 has seen some significant steps being taken by regulators
around data protection and financial fraud prevention. Here is a glance of some steps taken by
regulators and industry bodies towards data protection and fraud prevention:
- For the United States, the Financial Industry Regulating Authority (FINRA) listed fraud on the top of its list.
- The European Union implemented their much awaited General Data Protection Regulation (GDPR) to address privacy issues of its citizens and how data is stored and exported within and out of European Economic Area.
- The European Union Payment Services Directive (PSD2) went into effect.
- The New York Department of Financial Services (NYDFS)’s rules around multi-factor authentication and data encryption went into effect.
- Financial Institutions have turned to Robotic Process Automation (RPA) and Artificial Intelligence (AI) technologies to drive accuracy and efficiency, freeing up employees to take over more complex, value driven assignments.
Financial Crimes Observer by PWC released earlier in the year details
many innovations and associated risks that come with digital innovations in the financial sector.
While the users of these products have to be more vigilant than ever in protecting their privacy, we
expect regulators to be ahead of the game rather than hindering technological adoption in the name
of security.