These latest recognitions highlight Feedzai’s groundbreaking contributions to artificial intelligence and machine learning for enhanced financial risk management. As an AI-first organization, our risk technology is built to be highly responsive to new fraud and scam patterns.

Feedzai Places in Top 5 in RiskTech AI 50 2024 Report

It’s an honor and a privilege to be recognized as the top AI-driven anti-fraud platform in the Chartis Research RiskTech AI 50 2024 report. This recognition highlights our commitment to helping the financial sector by providing real-time fraud detection and prevention that delivers unmatched accuracy using cutting-edge AI and machine learning technology. 

We are equally honored to rank #4 overall in AI, especially in a competitive industry. This ranking highlights Feedzai’s unique approach and contribution to fighting fraud and financial crime. 

Leading Financial Services with an AI-first Mindset

This recognition is the result of Feedzai’s AI-first origins. Since our inception, we’ve built our technology with AI at its core, not as an afterthought. From Day 1, our platform has been designed with flexible, responsible, and well-governed AI models that set us apart in fraud and financial crime prevention. 

Many mature legacy systems were initially built long before AI and machine learning became prevalent. They operate using rules-only models and require re-engineering to integrate machine learning effectively, resulting in increased complexity. 

Rules-based systems are still effective for long-standing fraud patterns such as account takeover attacks or card-not-present fraud. However, these systems often struggle to address more nuanced fraud typologies like authorized push payment fraud and scams. Legacy systems also struggle to support various use cases without compromising their original design during their AI adoption efforts.

Understanding customer behavior is increasingly important as this activity is highly complex and individualized. Rules alone struggle to address more nuanced fraud situations, such as purchase scams or elder fraud incidents. 

Several patented technologies underpin Feedzai’s technology, which is designed for a single purpose: fraud and financial crime prevention. We recognize that model-building in data science is a highly complex field. Our AutoML solution sits at the heart of our technology, enabling machine learning models to be deployed in days instead of weeks or even months.

Further Honors for Feedzai’s Game-Changing AI Technology

This recognition from Chartis Research is further evidence of our commitment to keeping commerce and financial services safe using AI and machine learning. It’s also the latest in a series of recognitions that confirm our position as a market leader in fraud prevention.

We were recently named a Leader in the 2024 IDC Worldwide Enterprise Fraud Solutions 2024 Vendor Assessment. The IDC MarketScape report noted that our solution is “designed to be omnichannel, enabling its fraud solution to monitor different customer interaction methods. Feedzai utilizes real-time customer interaction and transaction data to increase accuracy and improve the customer experience.”

Additionally, we were also recently named a Leading Contender in Datos Insights’ Behavioral Biometrics Market Analysis for our groundbreaking work in behavioral biometrics and device fingerprinting. Our biometrics solution was also recognized in the SPARK Matrix: Behavioral Biometrics, 2023 report from Quadrant Solutions. 

Learn the critical challenges with current AI model risk governance frameworks and how Feedzai is making a difference.

The Challenges with Current AI Model Risk Governance Frameworks

Many banks face two key challenges regarding AI model risk governance frameworks.

1. Self-Learning and Evolving Models

AI models are not static entities. They self-learn and evolve after exposure to real-world scenarios. 

This dynamic nature can be a double-edged sword. On the one hand, it helps catch unexpected anomalies that traditional systems might miss. But on the other hand, it poses a challenge for fraud teams. Banks must ensure that these models continue to produce meaningful results.

2. Understanding Supervised and Unsupervised Models

Two primary types of machine learning models come into play here: supervised and unsupervised. 

• Supervised machine learning uses training data with labels, identifying “good” or “bad” examples. The model learns to classify new examples based on patterns found in the training data. 
• Unsupervised machine learning takes a more autonomous approach because it is not trained on labeled data. It identifies anomalies based on clusters of data that it deems similar. This makes it a powerful tool for uncovering unexpected fraud patterns.

While the advantage of unsupervised models is clear, it is crucial to maintain vigilant oversight to guarantee their continued efficacy in real-world applications.

2. Regulatory Expectations for Governance

Many jurisdictions, such as the US Office of the Comptroller of the Currency (OCC), mandate the documentation of the entire process involved in creating and maintaining a model that affects individuals’ financial decisions. This documentation is a crucial step in ensuring fairness and accountability in using models. However, there are several challenges to overcome:

1. Domain Expertise is Critical (and Time-Consuming)

Effective model governance typically requires a dedicated team who is hands-on with the model development and monitoring process. This team should also clearly and explicitly communicate how they use the results.

This process isn’t necessarily flashy because this governance process doesn’t actively stop criminals. But it’s crucial to always monitor and tune models, as well as demonstrate the validity of the decisions your financial institution produces. 

Furthermore, it’s detrimental if it’s done incorrectly. Imagine if your credit bureau cannot prove its methodology for generating your credit score.

End-to-end documentation of data sources, the intended purpose, development, training, and results of all models is a time-consuming process. A team needs to sit down and type out a multi-page report detailing this process with tables, graphs, and charts to demonstrate the model’s purpose and effectiveness. Some regulatory agencies require this to be done on a semi-annual basis. 

2. New AI Techniques Carry Risks

The advent of generative AI, or GenAI, introduces a new set of risks that go beyond the model itself. Transparency is key, and it’s vital for building trust in the decisions made by these models. It’s critical to understand and document where the data originates.

Consider this scenario: If the data sources are not transparent, how can banks trust the responses or decisions that AI models provide? Or explain it to regulators? For example, if models draw from biased data sources, questions about fairness and reliability will arise. When AI models impact people’s lives by determining whether they can open a savings account or get a credit card, transparency and reliability become paramount.

The Biden administration recently issued the first-ever executive order on artificial intelligence’s societal impact. The order aims to ensure AI is implemented safely, prepare agencies for AI’s growth, and mandate transparency from model developers. In other words, expect model transparency to be required as new AI regulations take shape.

How Feedzai Stands Apart

Feedzai understands these challenges and has crafted solutions that set it apart in the field of AI model risk governance.

1. Automatic Model Monitoring

Feedzai’s proactive monitoring system automatically detects changes in models often unseen by the human eye. This process begins with feature engineering and the automatic selection of the best features for the model. As the model produces results, it’s crucial to ensure that it still performs as intended. Feedzai streamlines this aspect, saving time and resources.

2. Automatic Feature Monitoring

Data drift is a significant concern in AI model governance. Feedzai offers automated alarms and data drift detection by monitoring the distribution of data features. It measures data stability by comparing feature distributions over time, thus providing insights into potential issues. 

A real-world example from a bank in EMEA found broken fields and data drift when comparing training data with production data. Intuitive visuals explain observed shifts in the data, simplifying the decision-making process.

3. Automatic Model Governance Reports

Feedzai automatically generates standard Model Governance Reports with all the relevant information and numbers, such as data sources, features used by the model, detection performance, and a bias audit. The system captures any edits or changes made to the model, automatically documenting them within the system. Banks can easily pull these details into the report, saving considerable time and effort.

Why Choose Feedzai?

Feedzai delivers a different AI model risk governance experience for banks. This experience features two important benefits.

• Built-in Value: Time is valuable for any organization. Banks can either handle all these tasks manually or build similar systems themselves. This can be a resource-intensive and time-consuming endeavor.
• Time and Cost Savings: Banks can also reduce the time and effort required for model governance. The system does the heavy lifting, allowing institutions to make and document changes efficiently. 

These benefits cater to both bigger and smaller banks. Larger organizations will see report preparation times reduced from two weeks to a few days. This enhances efficiency and allows for quicker response to evolving fraud patterns. Meanwhile, for smaller banks, which may not have robust model governance systems, the system helps reduce risks and boost capabilities.

Feedzai delivers automated monitoring, feature analysis, and report generation that ultimately saves banks time, money, and resources. Feedzai ensures that AI models provide effective results and are adaptable in the shifting landscape of financial crime detection.

The Top 3 SAR Filing Pain Points

Financial institutions file suspicious activity reports (SARs) with regulatory bodies whenever suspicious transactions are flagged. This includes agencies like the Financial Crimes Enforcement Network (FinCEN) in the United States, BAFIN in Germany, TRACFIN in France, COAF in Brazil, and Bank Negara Malaysia in Malaysia.

What makes the SAR filing process such a minefield? Let’s review.

1. SAR Filing is a Highly Manual and Labor-intensive Process

Banks and financial institutions are required to file SARs whenever a transaction is suspected of being tied to illegal activity. Analysts must collect relevant evidence, including transaction details and adverse news, and manually attach them to the SAR. This can be highly time-consuming for analysts.

2. The SAR Process is Highly Error-Prone

SAR reporting also requires manually entering personal information like names, addresses, and dates of birth into SARs forms. Any information entered inaccurately can compromise the SAR’s accuracy and hamper any relevant investigation.

3. It’s Important to Explain Your Decisions

Filing a SAR is not the end of the story. Regulators will want to understand the decision-making process. Compliance professionals must be able to produce an audit trail of how an analyst reached the decision outlined in the SAR. Many organizations use a Maker-Checker process or a Four-Eye check. In this process, a second person, usually a manager, reviews and verifies the completeness and quality of the information before a SAR is submitted. 

4. Dependency  on Vendors

Rules-based systems are common for AML transaction monitoring, but many systems create a high rate of false positives. Banks need to be agile in adjusting and tuning rules to get productive alerts and effectively respond to the latest financial crime patterns. However, some transaction monitoring systems are rigid and aren’t self-serviceable – forcing banks to rely on their vendor to adjust the rules when necessary. Further delays occur when banks and financial institutions don’t have a self-service option for transaction monitoring, clogging up their alert queues with overwhelming false positives and impacting their ability to report suspicious activity effectively.

The 3 As of Seamless SAR Reporting

Feedzai’s SAR Manager upgrades the conventional SAR filing process by offering banks a self-service option. SAR Manager improves the traditional reporting process by introducing three As into the workflow: auditable, automation, and autonomy. 

Auditability: Strengthening Compliance Efforts

Maintaining a comprehensive audit trail is essential in suspicious activity reporting. SAR Manager provides transparency in all updates and decisions made in the system. This level of audibility ensures that banks have all the necessary evidence to explain their decision-making process to regulators and law enforcement agencies. Additionally, SAR Manager includes a SAR activity log, which records every action taken, such as the creation and updates of SARs, along with date and time stamps. This feature simplifies compliance efforts and reinforces transparency.

Automation: Streamlining the SAR Reporting Process

SAR Manager saves time and enhances accuracy by minimizing manual errors. It also provides a more intuitive and automated user experience for analysts. The system automatically populates entity details and guides analysts through creating suspicious activity reports. Analysts gain access to dynamic form building and are prompted to fill out relevant information, ensuring a more streamlined and error-free process. 

Autonomy: Putting Control in the Hands of Banks

Further upstream, Feedzai’s AML Transaction Monitoring solution has self-service rules, allowing banks to better manage their risk strategy and rules performance. Once an analyst determines that a suspicious activity report is warranted, they’re able to utilize the integrated SAR Manager within the same user interface. One key advantage of SAR Manager is the ability it provides to banks to configure roles and permissions for different analysts and managers. This self-service option allows banks to tailor the system according to their specific needs, creating distinct roles such as Level 1 analysts, Level 2 analysts, and managers. By granting banks the tools to configure these roles internally, SAR Manager eliminates the need to rely on external vendors for making changes, thereby enhancing efficiency and reducing dependency.

How Feedzai’s SAR Manager Works

SAR Manager’s true strength lies in its ability to integrate seamlessly with other anti-money laundering tools. It provides a consolidated platform that houses all the necessary evidence and data required for SAR submissions. From Know Your Customer (KYC) and Customer Due Diligence (CDD) to customer and payment screening, SAR Manager offers a comprehensive suite of AML solutions. This eliminates the need for banks to rely on multiple resources, streamlining the entire reporting process and increasing efficiency.

Here’s how it works in operation:

SAR Creation

Banks gain access to a step-by-step guided flow to produce a SAR, structured dynamically according to their local jurisdiction.

Maker-Checker Process

The solution includes a process to enforce a four-eye check. The investigator will create the SAR (the “Maker”) and submit it for approval to their manager (the “Checker”). Usually, the Bank Secrecy Act (BSA) Officer or Money Laundering Reporting Officer (MLRO) approves or rejects the SAR.

Flexible Roles and Permissions

SAR Manager includes configurable role-based access control of a user role for the SAR Manager component that allows permissions to be assigned accordingly. Roles can be assigned based on the following:

• L1 Analysts
• L2 Analysts
• QA Analysts
• Managers
• MLROs

SAR e-Filing

The system automatically generates the XML file aligned with the regulator-specific format for the bank’s preferred jurisdiction. XML files are then made available to be downloaded by the user.

SAR Manager simplifies the SAR reporting process, empowering banks with greater autonomy, automation, and audibility. By putting control back into the hands of analysts and managers, streamlining the filing process, and enhancing compliance efforts, SAR Manager offers an invaluable solution for financial institutions. With the ability to configure roles, automate form filling, and maintain a comprehensive audit trail, banks can optimize their SAR reporting capabilities and improve overall efficiency in combating financial crime.

Can you describe how Feedzai prevents and detects fraud?

We are responsible for protecting many banks’ online channels. We accomplish this by understanding the many ways that user credentials can be compromised – including phishing, data breaches, or malware that harvests user information stored on a device. Fraudsters use these stolen credentials to access the bank’s online platform and from there they look to monetize their efforts. 

Feedzai takes a combination of steps to prevent bad actors from profiting from fraud. We go beyond transaction analysis that simply looks at factors like the frequency, the average value of the customer’s of payments, or whether they’ve paid the recipient before. We also establish digital trust with the customer by learning their digital footprint. This insight includes the device the user typically uses, the location where they log in, and even their behavioral patterns with their device – such as how they touch their screen, move their mouse, or tap keyboard keys. From there, we use this information to normalize the customer’s behavior over a period of time.

Combining the digital trust signals that make up the customer’s digital footprint with the transaction analysis makes it easy to identify potential fraud in real time. This approach gives our banking partners a really strong handle on preventing unauthorized fraud attempts. 

Have new payment systems like United Payments Interface (UPI) resulted in higher or lower fraud rates compared to older ways of transferring funds?

What we’ve globally is that faster payments generally means faster fraud – and more fraud. This means banks don’t have a two-hour (let alone a 24-hour window) to investigate transactions. Banks in India (and around the world for that matter) must ensure their fraud decisions are real-time to keep up with the realities of instant payments technology. This has forced banks to rethink how they provide controls for their consumers and how they adopt the right technology to prevent instant payments from becoming instant fraud losses.

We’ve already seen this play out in countries where instant payment systems have been introduced. In the UK, for example, consumers were quick to embrace the nation’s Faster Payment Service (FPS) after it was introduced. And why wouldn’t they be? Consumers realized that money could move quicker than ever before and who wouldn’t like that? Unfortunately, fraud rates also shot up after FPS’s launch. 

How should banks use behavioral biometrics solutions for their mobile app security?

A good behavioral biometrics solution allows banks to protect both channels – web and mobile. It’s worth noting that due to the differing nature of device types, the data that is collected from a mobile app is very different from what would be collected from a web browser. 

On the web, we typically look at the data in two parts: keystrokes and mouse movements. Keystroke analysis looks at how fast users type, whether they use keyboard shortcuts (which indicates whether they have a higher typing proficiency), and how long a user holds down a key. Meanwhile, mouse movement analysis tracks mouse curvature, inflections of the mouse, and mouse clicks. 

On mobile channels, however, there is no mouse data to collect. Instead, we look at data such as the size of the finger that presses on a mobile touchscreen, swipe patterns, and the pressure that the user applies. We also review gyroscopic data on mobile devices. Gyroscopic signals include the angle at which the phone is held, if the phone is held in the right or left hand, or even held up to the user’s ear. Other mobile apps also use these signals – think of how a YouTube screen shifts its orientation when you turn your phone to a landscape position.

Like transaction data, behavioral biometric data is used to build a baseline understanding of how customers normally engage with the devices. This baseline knowledge can be used to make future risk decisions – such as if a user is suddenly logging in from a mobile device instead of a web browser or holding the device differently (think flat on a table instead of in their hand).

Using this data in the smartest possible way can be a game-changing strategy for banks when it comes to preventing a whole range of different mobile fraud types.

Is there a significant difference in fraud prevention investments between traditional banks and challenger banks?

There are a few key differences. First, challenger banks – which are usually digital or mobile-first financial institutions – typically have different fraud risks than traditional banks. This is because traditional banks have a broader range of channels through which the consumer can interact. That changes the way fraudsters plan to attack the institution. Traditional financial institutions, as a result, must assess their technology investment differently.

Data usage is another key difference between challenger banks and traditional banks. Challenger banks tend to be much more effective when it comes to utilization of data, making strong usage of data science and analytics. However, at the same time, challenger banks don’t tend to have the breadth and depth of data that traditional banks have, due to their limited time on the market. Traditional banks, meanwhile, have access to large volumes of data – but often lack the process and infrastructure connectivity to draw maximum value from that data.

Finally, each type of bank has different risk appetites. For example, traditional banks have already essentially cornered the market by amassing a large share of consumers. As a result, they’re more likely to take a defensive position and are more concerned with guarding their reputations, keeping their customers satisfied, and protecting a strong reputation of reliability and security. Challenger banks, on the other hand, are more focused on making it as easy as possible for consumers to onboard and reduce the friction in their consumers’ journeys. Unfortunately, if it’s easy for consumers to onboard, it will be equally easy for fraudsters as well, so it is important for challenger banks to manage this risk accordingly.

Will the Telecom Regulatory Authority of India (TRAI)’s proposal to display the name of the caller and the industry’s proposal to shift away from SMS OTP for 2FA lead to reduction in scams?

Both proposals are focused on not allowing the telecoms to continue to facilitate the rise of scams and fraud. Most fraudsters will contact their victims on a spoofed number that presents the same number as the number printed on a customer’s bank card. Therefore, my opinion is that displaying the name of the caller wouldn’t necessarily fundamentally change the risk landscape. However, I think a better strategy would be telcos working together to tackle number spoofing – one of the biggest scams risks that is currently used today.

As for the SMS OTP debate, it’s worth noting that this was never designed as an authentication mechanism. But we’ve become so wedded to this process that it’s now an accepted and popular method for two-factor authentication (2FA). But it has three key limitations. First, it’s not particularly secure since it’s vulnerable to SIM swap, for example, which is an easy way to circumvent an SMS OTP.

Second, it’s a cumbersome user journey. I may not receive the SMS OTP. Or the bank might not have my most recent phone number on file so the OTP goes to the wrong number. Or it might take 15 seconds to come through and for me to tap it into the screen. Any one or more of these conditions makes for an authentication headache.

Finally, it can be expensive. It only costs a small sum to send an SMS. That might not sound like a lot, but it adds up to a hefty sum for a bank that has roughly 20 million customers. 

What I’d like to see happen is for banks to shift from overt mechanisms like SMS OTP to more covert and secure mechanisms, like positively identifying a user through their digital footprint. This will improve the experience for the user, and if executed correctly, reduce the fraud and scam risk at the same time.

In what ways are fraudsters increasing their level of sophistication in trying to carry out digital frauds?

It wasn’t that long ago that you might get an email claiming that you’ve won a lottery or from someone claiming to be a Nigerian prince with a plea for help. Scams have gotten much more advanced since those days. 

Today’s criminals do their homework to learn your name, where you bank, and may even call your bank to learn some of your most recent transactions. If the bank reveals the information to a scammer, they can call you claiming to be your bank. If they know your most recent transaction, they’ll be much more convincing. Scammers might play background sound effects on a phone call to make it appear that they’re in the office.  Once the victim trusts the scammer, the victim is more likely to do whatever they say.

Scammers will also play on the emotions of either fear or greed. From a fear point of view, a scammer may convince a victim that their account has been compromised and tell them to transfer money to a different account while they investigate. From a greed perspective, a scammer urges their target to invest in a crypto wallet and promises a generous incentive to move the money. 

Fear is more effective on elderly victims since older consumers are more likely to trust people in public positions. Younger consumers, on the other hand, are more likely to fall for the greed approach as these users have grown up in a culture where it’s cool to get rich at a young age and retire early. 

At the end of the day, scams are no longer random. They will speak to the person in a way that will best resonate and give scammers the best option to monetize their efforts. 

If you are looking for a fraud solution that provides strong digital trust, we’d like to help you. Schedule a demo with us today to see how our experts and technology can help establish digital trust for you and your customers. 

Regardless of where fraud originates, banks and financial institutions need to be prepared to stop it before it can do any damage to customers. Here are three things banks can do to stop fraud from hot spots around the world.

1. Work with Partners Who Value Continuous Learning

Fraud is constantly evolving and comes in numerous forms as this list outlines. That’s why financial institutions (FIs) need to work with a trusted provider who understands that fraudsters and criminals will constantly shift tactics. In this respect, fraud is a lot like fashion. It constantly changes from season to season. FIs need to stay up to date on the latest trends or they could get stuck with an outdated fraud prevention system. 

For example, if a provider offers solutions for a single use case fraudsters will simply target other operations to bypass that particular use case. FIs need to work with partners who are tuned into the evolving nature of fraud and prepared to change their tactics as needed.

2. Know Your Customers’ Normal Behaviors

As they work to prevent fraud, FIs can’t afford to interrupt their customers’ experiences. Today’s customers have grown accustomed to being able to transact from any device they want and have little tolerance for delays or cumbersome authentication requests. Banks and FIs must build a digital profile of their customers based on every interaction they have to understand how they normally behave. These profiles can evolve over time as the customers’ career, address, and family situation changes. FIs can assess whether customers are logging in at strange hours of the day or making overseas money transfers that raise red flags. But having this foundation of a customer’s normal behavior makes it much easier to determine if they are behaving unusually or if a fraudster is attempting to access their account.

3. Know Your Bank Customers’ Devices

It’s equally important to know your customers’ devices and how they normally interact with them. FIs should perform assessments at each interaction to determine if the device used to log into their account is a known device associated with the customer or an unfamiliar one from an unfamiliar location. FIs can determine if the customer is using their keyboard or mobile touchscreen as they normally would or if their interaction is slightly different. If their device behaviors are unusual for them, FIs can stop the transaction if they suspect an account takeover is underway or if the device has been infected with malware. 

Fraud comes in many forms and across different locations. Following these tips are an important step for banks worldwide to keep their customers safe in an expanding global economy.

Download The APAC Bank’s Guide to Building Digital Trust to understand the importance of digital trust and how it will impact FIs across the APAC region.

What is RiskOps?

A RiskOps platform provides banks with a framework to more effectively manage financial crime risks. This ensures a standardized approach to risk management that makes abstract and hard-to-define concepts like “risk” and “opportunity” easier to gauge. Having the ability to measure and analyze risk management enables banks to think of risk assessment as a science, instead of an art form and thereby make more confident decisions.

As its name suggests, RiskOps operationalizes risk by putting customers at the center of decisions and treating them fairly. It also empowers FIs to react fast to new opportunities, uncover suspicious behaviors, identify criminals more accurately, and stop more fraud. In other words, RiskOps allows FIs to seamlessly handle the challenges of identity, real-time data, and collaboration across teams and systems to deliver better, more trusted services to customers.

The 3 Pillars of RiskOps

RiskOps platforms are supported by three key pillars:

• Comprehensive Architecture. Banks rely on data from multiple sources, in multiple formats, directed to multiple systems to make informed decisions. But banks need to process this widely disparate data at both speed and scale. RiskOps works in real time, providing a single, centralized location for data to be ingested and interpreted.
  What this means for banks: A RiskOps platform’s comprehensive architecture gives banks a centralized hub to identify emerging fraud threats, new business needs, and insights into user experiences and operational performance. Banks can foresee where their priorities should lie instead of waiting to react to the latest trends.

 

• Human-centered AI. An unfortunate side effect of technology is that it becomes easy to think of customers as data points instead of people. If bank customers aren’t scored based on their individual behaviors, they can unfairly be grouped into cohorts and experience unnecessary friction. RiskOps platforms employ multidimensional data that enables banks to put customers at the center of AI. The platforms build hyper-accurate risk profiles based on customers’ individual behaviors – enabling banks to detect changes in behavior and stop financial crime more easily.
  What this means for banks: Having highly accurate views of how customers behave and transact enables smoother customer onboarding and can reduce the risk of offboarding a customer. These insights can also reduce customer attrition and reduce the threat of AI bias by treating a customer as an individual instead of as part of a cohort.

 

• Collaborative Analytics Suite. It’s very common for silos to exist between fraud prevention, anti-money laundering (AML), and risk teams. Each department focuses on their respective role leading to communication gaps. RiskOps platforms eliminate these silos by offering a single location for a bank’s entire team to access the data they need and opens new doors to communication and collaboration across the organization.
  What this means for banks: Enabling internal users to work together more effectively allows teams to reduce fraud losses, prevent more financial crime, and improve customer experiences. It also enables fraud prevention and AML teams to work smarter, resulting in greater job satisfaction and more rigorous AML compliance.

5 Tips for Implementing RiskOps

Now that you are familiar with RiskOps platforms, their architecture, and how it changes risk management, the next question is how can you prepare your FI to embrace it? Here are five steps banks can take to start their RiskOps journey. 

1. Evaluate Your FI’s Self-Service Risk Appetite

Risk management has historically required banks to implement a variety of point solutions to address each individual business need. RiskOps eliminates the inefficiencies that emerge from relying on multiple point solutions by consolidating data and offering staff a collaborative suite of tools. The result is teams take greater ownership over the organization’s risk framework. The platform enables greater coordination between teams and personnel to exercise more control over their destinies. Establishing how much control should be exercised and by which teams in advance will go a long way toward making RiskOps platforms work more effectively.

2. Identity Opportunities Your Bank Previously Overlooked

Approaching risk as an art form can have a serious impact on a bank’s bottom line. Specifically, it means banks might err on the side of caution and bypass opportunities. With a RiskOps platform in place, financial institutions’ risk teams look at their risk assessment across the organization to better understand where their earlier approach to risk left them exposed. Having RiskOps in place gives banks a 360-degree view of a customer’s risk profile, opening new opportunities for banks to understand why they previously declined to take on a customer and whether that was the right decision. Banks can identify more opportunities by having a clearer, up-to-date understanding of the customer’s risk level.

3. Clarify Your Organization’s Data-Sharing Guidelines Upfront

A disparate array of point solutions can lead to organizational silos and communication gaps. RiskOps offers a consolidated view of data and opens new opportunities for your teams to collaborate more effectively. That said, data is highly regulated in this day and age. As RiskOps makes data more easily accessible across an organization, set clear expectations on how the data will be handled. These rules should make clear what types of data can be shared, who can access it, and how it can be used. Setting internal procedures will be important to protect your customers’ data and how your organization follows regulatory compliance and conducts internal audits.

4. Establish Your Bank’s Priorities

RiskOps platforms offer clearer insights into customer behaviors, present new collaborative opportunities for banks, and offer a centralized hub for data. While your organization will be tempted to take these capabilities and quickly pursue new business opportunities, it’s also important to assess your organization’s vulnerabilities to financial crime. Regulators constantly scrutinize banks to ensure they follow best practices. Take a hard look at your organization’s vulnerabilities and identify and address the biggest weaknesses to make the most of the opportunities your RiskOps platform offers.

5. Declutter Your Bank’s Internal Systems 

Consolidation of disparate systems is one of the biggest benefits that RiskOps platforms offer. Take the time to audit your bank’s internal systems for solutions that are no longer necessary. If a single point solution’s functions can be performed by the RiskOps platform, consider replacing it. It’s important to note that your organization should not remove or replace all systems entirely. If your company has signed a long-term contract with a vendor or if a system is tied to a specific business use case you could interrupt important functions by replacing it. Instead, look carefully at which systems can be phased out immediately – and which ones will be replaced in the longer term.

Risk has been viewed as an art form for far too long. RiskOps platforms break the illusion by giving banks the tools they need to make informed, intelligent decisions about how to manage risk more effectively. With the right RiskOps platform in place, banks can improve their internal collaboration capabilities, improve customer experiences, and consolidate their data operations. 

Instant payments are popular with both customers and fraudsters. Download our new eBook Prevent and Detect Payments Fraud with Feedzai to learn how to keep your customers safe.

Listen to AML Compliance Checklist: A Self-Audit Guide for FIs (8 min):

1. Consider Your Financial Institution’s Risk Appetite

Your financial institution (FI) will have a “risk appetite/tolerance” that sets the tone from the top and considers how much risk your organization is willing to accept in its business operations. Are they risk-averse or a risk-taker? Somewhere in between is the likely outcome. A risk-based approach will be the crux of your AML program and its control structure. View everything from onboarding clients to product/service usage to monitoring their activity through a risk lens. Consider your FI’s risk appetite as you move on to the next step, your risk assessment. 

2. Perform a Thorough Risk Assessment

An end-to-end risk assessment should be the next item on your FI’s AML compliance checklist. FIs need to understand if any area (or areas) of business operations, products, and/or services are vulnerable to money laundering activities. Ensure your controls address your risks; if there are gaps, address them swiftly. 

It’s also a good time to look at the geopolitical landscape and assess whether some regions are becoming riskier due to shifting political events. While you’re at it, consider if customers are still using your product and services in the same manner. Has the risk profile of your business offerings changed, and therefore, so have the risks? 

3. Internal Controls & Anti-Money Laundering Policies

Risk assessment complete. Next item on your FI’s AML compliance checklist: are there any gaps in your internal controls? As one of the five pillars of an AML compliance program, effective internal controls are essential. Keep them fresh, keep them applicable, and try not to layer too many when fewer are just as impactful. Consult with relevant stakeholders.   

Are your controls (and processes) sorted? How are your AML policies looking? These policies range from clearly addressing AML strategy to how your organization will onboard new customers, flag and investigate suspicious activities, monitor transactions, maintain adequate record-keeping, communicate effectively, and identify the regional and global regulations the FI needs to follow. Your organization should regularly evaluate and monitor your AML compliance program for adequacy, effectiveness, and deficiencies. 

4. Name a Chief Compliance Officer

FIs must designate an individual responsible for managing the organization’s AML program. In some organizations that may be the BSA Officer/Money Laundering Reporting Officer (MLRO). It could be the Chief Compliance Officer (CCO). Regardless of the title, this individual must have the requisite experience and knowledge to effectively manage the role. They must be hyper-focused on the AML program and not distracted by “additional” responsibilities. They will be looked at as a leader by their teams, the Board, and regulators to ensure a culture of compliance is established and regulations are appropriately addressed in the AML program.   

5. Train Your Staff

An FI’s staff is responsible for ensuring the organization meets its AML compliance responsibilities on a daily basis. Therefore, take appropriate to ensure staff is trained on the latest policies, understands the regulatory landscape, and operates with a compliance-first mindset. Training and education sessions should not be considered “one-and-done” tasks. This will be an ongoing effort as the regulatory landscape changes and FIs update their controls to address new risks and threats to their organization.   

6. Know Your Customer/Customer Due Diligence (KYC/CDD)

The newest pillar to the AML compliance program, Customer Due Diligence (CDD), is a crucial component in the fight against financial crime. FIs need to understand the “why” and “how” their customers intend to interact with them. This happens during onboarding and should continue throughout the customer lifecycle. This process entails assessing the customer’s demographic data, screening them against global watchlists and adverse media, analyzing the beneficial ownership that a person has over a business (if applicable), and assessing inherent risks. FIs should consider taking their CDD to the next level by embracing a solution that also incorporates operational and transactional patterns as well as interactions into a customer’s risk profile. Given the continual evolution of cryptocurrency in the global economic sphere, firms should factor in these unique risks as well.

7. Sanctions and Watchlist Screening

The consequences of doing business with an individual or entity named on a global sanctions watchlist are severe for FIs. There will be investigations, fines, and public scandals for allowing sanctioned individuals and entities to conduct business with your institution. And sanctions apply to everyone, not just regulated institutions. FIs must ensure updated watchlists are considered in the process for both sanctions and risk-related watchlists, such as politically exposed persons (PEPs), relatives or close associates (RCAs), and adverse media. Apply sanctions screening during the payment screening process and expand the data to include risk-related and ownership data at the customer screening level.

8. Transaction Monitoring & Reporting

FIs must remember that AML compliance is perpetual. This includes keeping a close eye on transactional activity. They must establish transaction monitoring (TM) protocols based on risk attributes to detect potentially suspicious activity and take appropriate action to consider case creation and SAR/STR filing. Firms should consider incorporating customer risk scores into their review and decision-making process and consider embedding typologies and/or enriching the data set in their AML TM solution. 

9. Recording-Keeping

Keep fastidious records of your activity ᠆ period. An audit trail is an essential part of every AML program. You will receive questions about why decisions were made, be required to show evidence that you have followed your own policies and procedures, and have documented risks. These requests will be both internal (audit, oversight/governance committees) and external (regulators). Always be able to explain your actions. 

Our checklist outlines the key components that go into building an effective AML compliance program. Download the checklist to make sure your FI checks all the boxes.

A customer’s risk score should be mapped against a risk rating/band (e.g., low, medium, or high). This way a customer carries both a numerical score and a risk rating. In doing so, financial institutions (FIs) provide the risk of their customers to regulators, know if they are operating within their risk appetite, and apply the correct policies and procedures for each risk band. Banks gain a more accurate view of who the customer is and the risk level they pose which enables them to decide which products they can offer to different risk cohorts. If a customer is incorrectly labeled as a high risk level an FI may be reluctant to offer them certain financial products or services. This is a missed revenue opportunity for the FI if the customer is in reality a medium or low risk. 

Here’s why customer risk scoring impacts the effectiveness of a bank’s AML compliance efforts and enables them to better serve both their new and existing customers.

What is Customer Risk Scoring

Customer risk scoring is part of the Know Your Customer (KYC)/Customer Due Diligence (CDD) pillar of an AML framework. The goal of any customer risk scoring procedure is for FIs to understand the risk that a customer (or potential customer) poses to their organization both when they onboard with the bank and across the entire customer lifecycle. 

As part of the CDD process, customer risk scoring involves reviewing a customer’s background and his behavior to arrive at their score. The risk score is based on:

• Demographic Review: This includes checking attributes like nationality, occupation, length of time with the FI, date of birth, residential and mailing addresses, occupation, credit score (amongst others).  
• Customer Screening: Customer screening is critical to CDD as it allows FIs to continuously guarantee that the commercial relationship with each customer remains permissible under their jurisdiction. Each customer of the FI is required by regulations to continuously be subjected to screening against multiple watchlists.
• Operational Patterns: Banks must review any record of fraud alerts, suspicious activity reports (SARs), suspicious transaction reports (STRs), or other red flags that are related to the customer’s behaviors.
• Transactional Patterns: Banks should review their customer’s source of wealth and consider if it makes sense with respect to their occupation or location. This includes analyzing whether transactions make sense taking into consideration the customer risk profile.

Problems with Customer Risk Scoring

This process is highly complicated and can create several challenges for banks to obtain accurate and reliable scores. Banks typically face three core challenges when it comes to measuring and tracking risk scores.

1. Customer Risk is Fluid

It’s important to note that a customer’s risk score is not set in stone after the initial onboarding stage. Instead, it’s fluid as customers change throughout their lifecycle with the FI. A customer could receive a medium risk score at onboarding – but shift to high risk over time if they perform a series of risky activities. Because customer risk can quickly change, banks need systems that continuously analyze their customers’ behaviors and update scores.

2. Conventional Tools are Insufficient

The fluidity of customers’ risk highlights the second-biggest problem banks face: getting the right tools for the job. Many CDD tools are often ineffective because they don’t continuously monitor how a customer’s patterns are evolving and how these changes affect their risk score. For example, a customer that onboards with a medium risk score/rating, may experience a change in risk profile overnight (e.g, if he becomes listed on a sanctions list or moves to high-risk location). If a bank only performs customer risk scoring on a yearly or quarterly basis, fraud and AML teams won’t be able to adjust their monitoring rules or know that a high-risk customer is transacting on their platform until it’s too late. Alternatively, it can also lead to incorrectly classifying low- or medium-risk customers as high risk.

3. Regulations are Vague, but Penalties are Severe

Finally, banks face a regulatory landscape that is frequently changing and intentionally vague. The expectations for banks to fulfill their KYC/CDD obligations can be unclear, which forces many banks to take a reactive approach to compliance. Some financial institutions develop their own solutions using multiple sources of information (both dynamic and static) that make it very challenging to monitor and react to customer risk score changes. This approach can also contribute to silos emerging within an organization as different solutions struggle to communicate with each other – and makes it even more difficult to comply with current regulatory requirements. While regulations might be complicated, regulators can still issue serious penalties for non-compliance. In other words, banks face a potential minefield in which it’s almost impossible to know how to move forward safely.

Tips for Banks to Improve the Customer Risk Scoring Process

Culturally, banks have viewed CDD as a “check the box” activity that an FI only has to perform during onboarding and then periodically. But banks have an opportunity to reconsider their traditional view of risk scoring, a move that could open new revenue streams, protect their reputation, and enable banks to understand who their customers are and how they normally transact.

Improve Data Quality

Having a robust set of data is foundational for CDD and risk scoring. The data should also be easily available and clearly formatted. Without a robust dataset, your bank’s models just won’t work. Even your current processes will prove to be ineffective if you don’t have proper data practices in place. Make sure your bank embraces the right data tools to enhance your risk scoring capabilities.

Invest in a Robust Risk Assessment Model

Banks have an opportunity to embrace a robust risk assessment model that aligns with their core mission and quickly responds to new regulations, even if they are unclear. Perform a risk assessment to understand your organization’s risk appetite and ensure it’s aligned with business goals and your product portfolio. This insight enables you to decide if a customer’s risk level makes sense for their business goals or the geographical regions where they operate.

Practice Continuous Monitoring

Let’s face it: a lot can happen in between periodic reviews. If even one customer shifts to risky or ethically questionable activities in between review periods, your bank may not realize it until the next review period, which could be years later. It is better to have a simpler model in place, with fewer variables that can continuously monitor a customers’ activity for any red flags for financial crime. 

The focus of risk-scoring shouldn’t be limited to how and when banks should issue alerts and raise red flags. Implementing a robust risk-scoring model will enable banks to develop a deeper understanding of who their customers really are, how they transact, and open new business opportunities by trusting their customers with their portfolio of products and services. 

Download our eBook 6 Crucial Capabilities to Protect the Online Customer Journey to learn how continuous authentication ensures customers are consistently who they claim to be.

Warning. The rest of this article contains spoilers for Netflix’s The Tinder Swindler.

What The Tinder Swindler Reveals About Romance Scams

“You can find a bit of everything on Tinder.” 

That’s one of the opening lines from the documentary which chronicles three women who have one thing in common: they were all defrauded by a con man known as Simon Leviev. 

In the film, the three women reveal how they met Leviev on Tinder. He claimed to be a billionaire and the heir to an Israeli diamond fortune. The first date was an international trip on a private jet and a stay at a five star hotel. He dripped with opulence – $5,000 a night resorts, parties in exclusive clubs, cavorting with models, and dressed in the most expensive high-end luxury brand clothing and accessories. His social media profile as well as a Google search appeared to back up his story, producing images that resembled scenes from a James Bond movie.

But while the romance started as a fairy tale, it ended as a cautionary nightmare. Soon after dazzling them into believing he was ultra-wealthy, Leviev told his targets that he was in trouble. He convinced them that dangerous people were looking for him. He claimed it was too risky to use his own credit cards and pressured his victims into sending him money from their savings accounts. They even applied for loans, opened new credit cards with higher balances which they eventually turned over to Leviev who quickly maxed them out. 

The victims each describe how red flags went off as they took on massive debts for the man they believed they loved. But when they confronted him with their concerns, they were met with a mix of gaslighting, paranoia, and even threats of violence. In the end, they all acknowledge that they will never be the same again after their romance scam.

How Banks Can Protect Customers from Romance Scams

The underlying message of the documentary is that it is very difficult, if not impossible, to catch a romance scammer and bring them to justice. After the credits for The Tinder Swindler have rolled, the victims are still saddled with massive debts. Meanwhile, Leviev is free after serving a 15-month prison sentence and is using dating apps again. He was recently banned from Tinder and other online dating services.

Fraudsters aren’t limited to dating services like Tinder, Bumble, or Match. Social media platforms like Facebook and Instagram also give fraudsters access to numerous targets. The U.S. Federal Trade Commission (FTC) recently found that romance scams were the second most profitable fraudulent activity pushed on social media platforms in 2021 (behind only fake cryptocurrency investments). The latest figures from the FBI, meanwhile, found fraudsters defrauded U.S. consumers out of $133 million. Bear in mind these are just the figures reported to the FBI and FTC. There are likely many other cases  reported to banks, but that go unreported to government agencies.

Romance scams are also common outside the U.S. In the U.K., for example, this activity rose by 40% last year. Meanwhile, the latest figures from Australia estimate that romance scam losses came close to $37 million in 2020. 

Victims of romance scams – as The Tinder Swindler depicts – often feel humiliated and so scarred by their experience that they are reluctant to tell  police, banks, or their families about the betrayal. As the victims in the film note, by sharing their experiences, they also invite public shaming on social media. But banks can step in to protect their customers from falling prey to romance scams – and keep them from becoming the subject of future true crime documentaries.

1. Know Your Customers

Banks should understand who their customers really are and how they typically transact to detect if their behavior raises any alarms. Sudden shifts in behavior are red flags. These include:

• suddenly opening loans;
• applying for new credit cards (and quickly maxing them out);
• raising spending limits;
• transfers to other recipients;
• buying plane tickets for other people;
• expensive transactions in international locales.

If customers are behaving far outside their normal patterns, intervene to stop the transactions before a transfer or transaction is completed. 

2. Educate Consumers on Romance Scam Dangers

At the end of the day, consumers are the best line of defense against fraud. Banks should educate and train their consumers on how to spot the signs of a romance scammer (such as someone who suddenly needs money for medical expenses or travel). Partnering with organizations like the FTC, the Better Business Bureau, or other advocacy groups can help banks raise awareness and better prepare their customers to stay clear of fraudsters preying on their romantic interests.

3. Employ Machine Learning

At the end of the day, we’re only human. Unfortunately, fraudsters will prey on the need for human connection to defraud victims using romance scams and other tactics. But human beings will also struggle to see sinister connections in a customer’s normal behavior amid large quantities of data. That’s why machine learning and fraud prevention are made for each other. To protect their customers’ finances and hearts, banks need advanced technology that can uncover patterns that would otherwise go unnoticed by the human eye..

The Tinder Swindler focuses on just one of many romance scammers who defrauds unsuspecting victims. As one of the subjects says, “One little swipe can change your life forever.” With this in mind, banks need to watch out for customers  as they search for love online. 

Fraud evolves fast. Download our eBook 6 Crucial Capabilities to Protect the Online Banking Journey to learn why it’s important to future-proof online fraud prevention solutions.