BAE Systems: Cracking down on financial crime through industry collaboration
Financial crime has never been more imminent and banks, regulators need to team up more than ever.
Technology has certainly come a long way, and AI, analytics and cloud have certainly scaled up banks and other industries that are making the transformation to digital and mobile.
However, the same technology can be used by hackers to steal data just like what happened in mid-2018 when hackers stole personal data from SingHealth’s system. In the financial services and banking industry, the same thing is happening with criminals siphoning large amounts of dirty money to banks who bear the risk of facing money laundering sanctions from regulators.
From July 2017 to December 2018, the Monetary Authority of Singapore (MAS) reported 16.8 million in financial penalties and compositions to 42 financial institutions, $698,000 in civil penalties in relation to two insider trading cases and one case of unauthorised trading, and 19 prohibition orders banning unfit representatives from re-entering the financial industry.
As criminals mole their way into organisations and work around company security and protocol with their devious tactics, anti-financial crime practitioners need to reconsider if they have the right tools, strategies and capabilities in place. BAE Systems Applied Intelligence, the Financial Crime & Compliance and Cyber Security arm of global defense company BAE Systems, knows very well that banks and financial services should be doing what they’re good at, instead of losing time and resources by tracking these cases by themselves.
To gain valued insight into this spectrum and the complexity of tracking financial criminals, Asian Banking and Finance spoke with Sanjay Samuel, Managing Director, Financial Services – APAC at BAE Systems Applied Intelligence, as he talked about the challenges in fighting financial crime, how financial services and banks can double up on their defenses, and why a collaborative financial crime intelligence network could make the difference in toppling down financial crime and ensuring compliance with regulations.
Can you tell us about your key role as managing director of BAE systems in Asia Pacific?
We are a wholly owned subsidiary of BAE systems—a global defense company. Who we are is BAE Systems Applied Intelligence, which is the Financial Crime & Compliance and Cyber Security arm of the larger group. Within Applied Intelligence we focus on two business areas: government and financial services. I run the financial services side of the business across Asia Pacific and Japan based in Singapore, where I am responsible for the whole business—from sales support delivery, product management, feeding back into our product development team based in the UK, representing all other customers in the markets and across the region.
For banks and financial services, what would be the challenges in tracking and preventing financial crime?
The biggest challenge is skills shortages. Anti-money laundering (AML) and financial crime, unfortunately, is a very hot space at the moment. You just have to pick up the newspaper and you will see examples of regulatory actions globally, whether it's Australia, Singapore, Malaysia or anywhere in the world. This reflects the growing concern of financial crime globally and the need for banks to put up this protective layer to try and reduce financial crimes. So what that drives is a great demand for people, subject matter experts and knowledgeable staff in the market; you just have to go to LinkedIn and type in ‘AML expert’ and there’s hundreds and hundreds of job listings that come up. So, skill shortages is probably the greatest challenge that our customers have.
The second area is the cost of running these systems. It is very people intensive, very data intensive, and you need a very large infrastructure to do that if you're a banker and insurance company. So, this is a cost that is necessary for a bank in the financial services industry. There is no option; they need to invest in these technologies to be compliant with the regulators. Financial service companies are always looking at how they could reduce costs to remain compliant, and if there is a smarter, better way to do it.
The third bit is data. Our software is a series of analytical models that ingests data from the bank, consumes it, looks for patterns of fraud or patterns of financial crime, and then produces an alert to the bank, if it detects suspicious activity in the data. So, internal data is a challenge because of data timeliness and cleanliness as data will come from multiple systems. The data will need to then be merged together so that our software platform can ingest this. The new area of investment is external data, which is publicly available data that can be added to internal data to enrich the capabilities of the software models.
The last one is, unfortunately, criminals who are forever changing their tactics, and the threat vectors which are always changing. They are trying to find different ways to commit financial crime. So, to counter these criminals, we have launched the Financial Crime Intelligence Network (FCIN), which is a free-of-charge community of interest not just for our customers and our partners, but for the entire market, that aims to enhance collaboration between financial service institutions, vendors, and regulators. We all have the same mission—to stop bad people doing bad things. And by creating the FCIN, we can start building a community of financial crime practitioners where they can share their experiences and what they have done within their organisations so that other members of the group in the region can adopt these across their own organisations.
For each one of the points mentioned, we offer products and services to help our customers. With the skills shortage, we are getting into outsourcing and engaged services. Where appropriate, we are approaching a number of our customers to run the entire infrastructure for them from a technology perspective. They use our software, they use our systems, so we would be the best people to run it on their behalf. We have a number of clients who are banks and insurers across the region, who are focusing on their expertise in banking and insurance—and engaging us in running the technology stack—the fin crime technology platform—where they would say that our people are better at it, and that in a way helps with the skill shortages in the industry. From a cost perspective, we've also launched our products in the cloud so that greatly reduces the infrastructure costs for our customers. We are also investing in artificial intelligence and machine learning so that the system gets a lot more accurate and starts to really pinpoint. Using these advanced techniques to do that is an example of some of the things that we do for our clients.
As digital banks enter the fray, how can BAE Systems ensure that its solutions will help FIs adapt to the changing regulatory landscape in Singapore?
The regulatory framework for digital banks or the larger, more established banks is exactly the same. They have to adhere to the regulations as published by MAS in Singapore, Bank Negara in Malaysia and AUSTRAC in Australia for example. So the rules or the framework doesn't change. What does change is the whole premise of a digital bank where the value proposition is speed and ease of use. The larger, more established banks ingest a lot more data and that is acceptable for the larger banks.
For example, one of the things our software platform does is customer onboarding. When someone goes and applies for a financial services product or credit card or loan, our software onboards that customer from a financial crime perspective, so we screen the customer against sanctions list and watch lists and so on.
In a larger bank, it’s sometimes okay to do that overnight because of the large infrastructure and the terms and conditions they have with the new customers. For digital banks, it almost has to happen in real time. The whole value proposition of a digital bank is you have an app on your phone, you want to apply for a credit card, and you want that approved within seconds. So our software needs to operate in that cadence. So, the rules are the same. It's about the speed of operation and the latency of doing that analysis, which, I'm happy to say, we have that capability.
The second part is digital banks are starting from ground zero and they're growing their markets, and there's the challenge of banks. So, as I mentioned earlier, we offer our platform in many different ways. We can service the largest banks in the world and very large pieces of infrastructure or we now operate in the cloud as a utility. One of the things that MAS is looking at is a KYC utility for customer onboarding to be accessed by all financial services companies. Our products can operate in that manner—where everyone sort of shares a central infrastructure. So you get that speed of response, but also a lower cost offering as well when you're a digital bank. As the banks grow and become more and more successful, that often will scale with it.
Can you tell us more about NetReveal Cloud for AML Compliance? When was it launched and how can financial institutions leverage on this technology to manage AML compliance and financial crime risk?
NetReveal Cloud has been around for quite some time, perhaps over 10 years. It started in the insurance industry in the UK, since NetReveal Cloud has a module that detects insurance fraud, auto insurance fraud, and household insurance fraud, and then acquired customers in Europe, Canada and the Americas. In Asia Pacific, we first launched it in Australia, with both insurance and the full compliance suite. I'm happy to say we have four banks now that have used NetReveal Cloud in Australia. The functionality of the product is identical whether you install it on site, or if you run it in NetReveal Cloud—but the economics are very different. When you run it in the cloud, the costs are lower since in terms of infrastructure, you are sharing the infrastructure with many other users. So it's a different economic proposition, but the functionality is the same. Lastly, with NetReveal Cloud, we manage the entire environment on behalf of our customers. We have a managed services team who are based in the region and we monitor the system 24/7. It gives customers the flexibility and scalability that they want, so they can go about doing what they’re really good at, which is running a bank or an insurance company. We look after the software platform, manage the entire environment for them, and ensure that it adheres to all the latest ruling from the regulator.
Aside from cost savings, why do you think companies should outsource their financial crime prevention to BAE Systems or move to the cloud?
I think the biggest one is that this is a strategy adopted by a lot of financial service companies across a whole organization, that will allow them to be flexible, scalable, and be able to change according to customer demands very quickly.
They've either adopted the private cloud or public cloud for everything, all the internal systems, and certainly [for] all the banks we're working with throughout the region, this fits in as a part of the strategic direction. They want to adapt and make use of the cloud. Once you get to the cloud, then it opens up a whole different operating environment.
In Singapore there's a large demand for fintechs. And being able to onboard a new piece of technology. In the cloud is a lot more flexible and a lot cheaper and a lot quicker to do versus a very massive infrastructure that large banks would have run. So it's strategic, it's very flexible, it's very scalable. You can ramp up and down as you wish. You don't have to have a huge infrastructure just for the month in processing; you can ramp it up at month end, when you need the processing power, and then the rest of the month it can be ramped down to make it very cost effective as well.
We didn't develop the cloud because we thought this was a good idea, we did it as demand from all our clients, and largely because that was a strategic direction. Once you have the infrastructure running, managed by someone else, you can free up resources to do other more relevant work throughout the day.
What can BAE systems offer to would-be digital banks in terms of scalability?
We started working with the biggest banks in the world that had massive technology and systems, whereas fintechs are coming from the other direction. So, talking about our technology where NetReveal was first developed 10-15 years ago, that's our legacy. Our mission was to scale it down so that we can address even the smallest digital bank. We have a customer in Singapore, a wealth management company with 3,000 customers and they are running the full NetReveal compliance platform. Point is, we can address a bank of that size. On the flip side, we can address the very largest banks in the world and the software is capable of technically scaling from the very largest to very smallest.
The other piece of scalability, of course, is pricing. If you had one price that suits all, that's never going to work. So we have come up with a whole new pricing model that is based on usage for a monthly fee. You can subscribe to NetReveal Cloud and make use of it and pay a monthly fee over a period of time. And you have full access to all the software and all that managed services that are mentioned before.
What's the group's outlook on the AML Compliance industry or financial crime for the next year?
I've got an industry outlook, which, unfortunately, is not a good one. The UN has estimated that 2-5% of global GDP is lost to financial crime. Somewhere between 500 billion and 2.5 trillion US dollars per annum is unfortunately money that's laundered globally. So it's an enormous problem, which leads to all sorts of bad things such as terrorist financing. I believe that, globally, the industry recognizes that this just isn't going to slow down, which is a terrible thing to say.
Fighting financial crime, we call it our noble cause. This is why we don't think this should be a competitive market. The people in BAE Systems get out of bed and come to work every day because we need to do our best to help the industry suppress those statistics. I’ve mentioned earlier that we've launched this Financial Crime Intelligence Network, and that's a part of it. It’s not just the technology and the services we deliver. We also want to drive all the industry players to get together—even our competitors—into one forum so we can start sharing best practices and sharing experiences to try and reduce those pretty alarming statistics.