The cycle of biometric and digital identity fraud protection rules might be summed up as follows: criminals use new technology to . In response, regulators devise and implement and safeguards; while this is happening (usually slowly), technology progresses enough that stay ahead of the regulatory curve. A new report out of Washington highlights just how much suspicious activity in the financial sector is identity-related. A release from the Financial Crimes Enforcement Network ( ) says its Financial Trend Analysis of Bank Secrecy Act (BSA) reports filed in 2021 found that 1.6 million of them – around 42 percent of all reports in the calendar year – were related to identity. That represents around $212 billion in suspicious activity. “This report reveals the existence of significant identity-related exploitations through a large variety of schemes,” says FinCEN Director Andrea Gacki. “Robust customer identity processes are foundational to the security of the U.S. financial system, and critical to the effectiveness of financial institutions’ programs to combat money laundering and counter the financing of terrorism. Financial institutions are encouraged to work across their internal departments to address these schemes.” Among identity-related , 88 percent came from the top five typologies: fraud (and especially impersonation), false records, identity theft, third-party money laundering, and circumvention of verification standards. The report also notes that compromised verification credentials have a disproportionate financial impact compared to other types of identity exploitation. A separate trend report says U.S. investment banks lack the budgets and staff to keep up with evolving regulations and the pace of financial crime. The 2023 KYC Banking Trends Report comes from , a Dublin-based provider of , transaction monitoring and client lifecycle management (CLM). A company release summarizes the findings, which are based on a survey of executives in operations, risk, and compliance and information roles across the U.S. Major issues identified in the report include slow and inefficient onboarding and adverse economic conditions leading to operational risk. Banks are spending less time per client on KYC reviews for onboarding and maintenance, although methods, including biometric tools, are getting more efficient. “Investment banks are understandably concerned with operational risk as they grapple with inflationary pressures, reduced money supply and ,” says Stella Clarke, chief strategy and marketing officer at Fenergo. “There are fewer available resources within risk and compliance departments, for reasons such as lay-offs, outsourcing and talent retention.” Clarke says that to compensate for human resources, optimize revenue, and maintain compliance with changing legislation and guidelines, investment banks are turning to digital and biometric tools for AML and KYC compliance, transaction monitoring and onboarding procedures. When regulatory lag filters down from lawmakers to stretched (or ruthless) businesses, malicious uses of technology inevitably gain even more ground. An from TechCrunch and Yahoo News raises the alarm about the ease with which generative AI can now create fake and manipulated ID images able to circumvent KYC and other biometric security procedures. Mentioning by name, but applicable to any free AI-based image generator, the piece says off-the-shelf software can easily be used to alter or create synthetic renderings of people, which can be edited to be useful as fake ID images. While it quotes a Reddit user who posts workflows for creating deepfake ID selfies saying it still takes a day or two to create a convincing fake, the ease with which anyone can now generate images with realistic lighting, shadows and other previously difficult-to-achieve features has increased dramatically. What about ? Already unreliable against with some generative AI models, according to leaders in tech security. Meaning, KYC in its present form could soon become toothless and ineffective. For its part, Fenergo is already working on solutions. Speaking on the company’s FinTalks , Head of Financial Crime Policy Rory Doyle outlines the concept of perpetual know-your-customer, or pKYC, which replaces periodic reviews with a system wherein reviews are prompted by changes in a client’s transaction behavior or risk profile. In keeping with the cyclical nature of tech crime and security, it is no surprise that a popular defensive strategy is to fight AI with AI. Doyle points to AI and automation as potential allies in compliance and ongoing risk monitoring – especially in light of the paucity of fincrime resources and a geopolitical landscape that requires fast adaptation to seismic shifts. A report from on the benefits of automation for KYC-related tasks such as name-matching includes comments, attributed to the digital payments provider , as further proof that the cycle continues: “AI and machine learning are enhancing KYC processes through ongoing monitoring and re-KYC. By automating parts of these critical compliance functions, AI allows financial institutions to improve security, reduce risk, increase efficiency, and improve the customer experience.” | | | | | | |