Money laundering is a process by which the source of “dirty money” obtained criminally is obscured or concealed so as to make such money “clean”. Ostensibly sound “clean money” can imperceptibly enter the hands of terrorist organizations which threaten world security or peace, thereby becoming “dirty”. Financial institutions must avoid such nightmare scenarios in which their systems are exploited to carry out these misdeeds and they are unknowingly involved in financial crimes. The use of sophisticated digital tools is essential in combatting these crimes, says NRI’s Takahiro Kato. We spoke with him about his detailed knowledge of anti-financial crime solutions.

Companies risk getting hit with massive fines, even for accidental involvement

--- Tell us about the current state of financial crimes.

According to IMF statistics, the criminal proceeds of money laundering is now equivalent to between 2 and 5 percent of global GDP. If we assume that the IMF statistics also apply to Japan, the scale of money laundering with respect to Japan’s GDP of nearly 550 trillion yen would come out to 11 trillion yen or more. By contrast, the total amount of damage done by communications fraud, which is the most common criminal activity serving as a basis for money laundering in Japan, amounted to approximately 36 billion yen in 2018 (figures published by the National Police Agency). It’s possible that financial crimes are being conducted without public knowledge. In fact, the number of reports involving suspicious financial transactions has been steadily on the rise.

Global monitoring systems are being put in place to combat financial crimes, but if some incident were to occur at a Japanese financial institution, not only would it damage the reputation of that company, but the reputation of the entire Japanese financial system could suffer. There are cases overseas where even companies that have inadvertently gotten involved in the money laundering of criminal proceeds have been hit with massive fines, or had their officers and employees sentenced to prison.

The increasing sophistication of criminal tactics means a greater operational burden

--- What kinds of anti-crime measures ought to be taken?

The Financial Services Agency has indicated guidelines serving as minimum standards, but this involves a risk-based approach, so it isn’t the case that uniform goals have been set about how extensive a company’s response should be. For this reason, individual companies need to identify the risks pertinent to their own businesses, and then take the corresponding measures.

In that context, the essential first step is the work of identity verification, which is referred to as KYC (Know Your Customer). The purpose of this is to prevent things like impersonation. Currently, identity verification is often done with the human eye, and such verification is done at the time someone opens a bank account. Verification of existing customers is often insufficient, but by using things like biometric authentication, address verification utilizing location information, and digital IDs authenticated by a public certification body, the process will become more automated and efficient.

What’s important in the next step is monitoring to confirm that transaction themselves don’t involve any suspicious activity. The volume of transactions has been growing recently, and thus companies need to accurately detect suspicious transactions from among large quantities of data, without letting any slip by. Criminal tactics are quickly becoming more sophisticated, and so there is a limit to what can be done with simple rule-based detection methods. The circumstances demand more advanced data analysis, for instance in the form of using statistical information or external sources to narrow down the risks, detecting transaction patterns across multiple financial institutions, and checking financial transactions other than exchange transactions like trade financing.

--- What sorts of problems arise with normal rule-based methods?

For example, if a financial institution is looking to detect financial transactions of two million yen or more, then a criminal group could potentially get around that by doing more transactions in sums limited to 1.8 million yen per transaction. In response to this, financial institutions will try to prevent transactions from escaping their detection by lowering the sums covered in their searches, but as a result, the number of cases they’ll have to deal with will balloon. The operational burden involved in doing primary surveys of “false positive” transactions which actually aren’t problematic but look suspicious is going up, and this is becoming an extremely significant problem. So much so that there are even global financial institutions that have staffs in the thousands dedicated to analysis and determinations.

Conducting thorough monitoring by wisely utilizing global knowhow

--- Are there any ways that companies can reduce the rate of false positives and detect only problematic transactions efficiently?

It’s possible to raise the accuracy of your detection, for instance by using outside data to verify the creditworthiness or relationships of your customers for which you were alerted, or by analyzing patterns that often appear in crimes and doing filtering with AI learning functions. When it comes to measures against financial crimes, our domestic regulations and rules have been established with consideration for international standards, and so I’d recommend that companies fully integrate knowhow from overseas, mainly from the West which is leading the way in technology utilization. In particular, it would be effective to apply global IT products conforming to overseas regulations and knowhow for use in Japan. NRI also handles a variety of global IT products^*.

--- It seems that this rat race to keep up with criminal organizations will only continue. Do you have any advice for financial institutions?

There is currently a growing interest among financial institutions in ESG (environment, society, governance) investments, but in terms of fulfilling social responsibilities as well, these institutions need to be aggressive in their measures to combat financial crimes. We are seeing regulations concerning anti-financial crime measures getting strengthened across the world, and operational burdens will absolutely be on the rise, even if companies are currently able to deal with the issue by human-wave tactics. Those financial institutions that have taken the initiative in going digital and reducing their costs and operational burdens will likely be at an advantage. In addition, while it might be difficult both technologically and in terms of cost to block all of these criminal tactics, if they prioritize going after comparatively simple tactics, that is, ones where the costs associated with the crime are rather lower than the criminal proceeds, I think they’ll be able to prevent a large number of financial crimes. We at NRI are ready to offer superior solutions, ones that employ technologies in areas such as AI analytics, various authentication methods, security, and communication protocols, as well as insight into the financial industry and overseas networks, while also achieving a balance between safety and convenience using cutting-edge digital technologies.

• * “OFSAA FCCM”, “Collibra Data Governance Center”, etc.