By Rob O’Farrell, CTO, ID-Pal
I reflect on this month’s ‘European Anti-Financial Crime Summit 2024’ I think, what an information-packed day!
EAFCS2024, hosted by ‘AML Intelligence’ took place in the RDS, Dublin on May 16 and the organisers did an amazing job. The speakers were incredibly knowledgeable and well respected in the industry, including Paschal Donohoe, Irish Minister and Head of the Eurogroup, and Dr. Pleyer, from the German federal finance ministry and former FATF president.
For me, the running focus points of the day were:
- The Opportunities and Threats of AI
- Information Sharing
- The EU Anti-Money Laundering Agency (AMLA)
- The Future of Anti-Financial Crime
Let’s move straight to discussing the key takeaways.
Information Sharing: Public-Private and Private-Private Partnership
Almost every speech and panel highlighted that a successful and efficient path to fighting financial crime must include better information sharing. The need for easier verification of the Ultimate Beneficial Owners (UBOs) of businesses across the entire EU was highlighted, with some advocating for a single point of verification and others advising standardisation of access across the Union. There is merit to both elements and an opportunity for consolidation, which several Know Your Business (KYB) companies are already exploring.
Great advancements are coming, such as the Shared Fraud Database in Ireland, similar to CIFAS in the UK, making it easier for companies to share fraud information.
There are opportunities to use technology to support sharing of identity data to reduce friction and fraud simultaneously. Many participants are advocating for Reusable Identities to reduce onboarding time to just a few seconds. However, some systems may not meet AML compliance standards because they prevent new companies from making independent identity verification decisions, opting instead to rely on previous determinations.
Additionally, the manner in which data is shared between companies raises concerns about GDPR compliance, presenting both regulatory compliance challenges and significant risks of fraud. Equally, some are relying on a one-time verification followed by re-use of a token. For example, using Face ID to access a wallet does not prove you are the owner of the contents of the wallet, only that your face is enrolled on that device. As new technologies emerge, we must be careful to hold on to simple facts like “have I proven that I’m dealing with the true owner of this identity?”
AI Threats and Opportunities
We are all familiar with the threat Generative AI poses, but Colum Lyon’s presentation, where he created a deepfake of Paschal Donohoe in 60 seconds, was mind-blowing. This demonstrated the ease with which AI can be misused without advanced technical expertise.
Fortunately, EAFCS also covered the positives of AI, such as detecting deepfake fraud through Injection Attack Detection, Presentation Attack Detection, and Liveness Tests. AI can also better identify patterns in money-laundering transactions.
Risk-Based rather than Rules-Based Regulation
Dr. Pleyer, from Germany’s federal finance ministry and who is building out Germany’s own AML super-agency, delivered an eloquent and insightful speech emphasising the importance of risk-based regulation over rules-based regulation.
In an environment where criminal attack vectors change daily, we must have the flexibility to react in a risk-based manner. Rule-based systems are costly to implement, maintain, and audit, while a risk-based approach offers European businesses more competitive opportunities. I am personally encouraged by these messages from Dr. Pleyer, a former president of FATF (2020-2022).
The Future of Anti-Financial Crime: Chain of Trust
In the panel discussion about the future of anti-financial crime that I participated in, we touched on many of the points above. I was pleased to discuss a simple topic that brought many concepts together: the Chain of Trust and Trust Networks. By Trust Networks, I am referring to establishing appropriate frameworks that enable the sharing of information to meet the minimum requirements of AML regulation and GDPR compliance.
By the Chain of Trust, I mean guaranteeing thoroughness in validations and tracking. Prove you have a real identity. Prove you are dealing with a live person. Prove they are the owner of the identity.
We were all shocked at the impact of Generative AI last year. However, that will not be the last big innovation we see, or the last new tool criminals bring to bear. We need to learn from that shock and ensure that we now work in a way that enables us to catch criminals. Let’s all work in a way that allows us to share information in a compliant fashion and re-examine our decisions whenever we become aware of the next big fraud vector.
Find out more about the foundations of Identity Verification here or feel free to connect with me on LinkedIn.
Share this on:
Follow us on: