SHELLY ANN MOHAMMED, head of ACCA Caribbean
For hundreds of years economic growth has relied on technology to allow the aggregation of capital and labour and exploitation of knowledge at a distance, through developments such as movable type, the limited liability company and the telegraph. One of the key features in technologies which enable business and supply chains is that they facilitate the recording and communication of information and agreements.
The key advance in the digital technology that drives the internet is how we can handle the communications and permanent records, which up until now had to be recorded in physical form. Electronic recording and communication change the character of information and what can be done with it. Replication and transmission of data is no longer costly and inconvenient, while interrogation has undergone a revolution in speed and exhaustivity. Agreements, based on more information than ever, can be made from opposite sides of the world as easily as across a boardroom table.
From tally sticks to blockchain, individuals have relied on information transfer mechanisms to allow for dealings at a distance. Shared experiences and common frameworks of legal dealings and business practices have driven stock markets to grow, mechanisms intended to effectively reallocate surplus capital to productive investment. Trust underpins business relationships. Technology has been used to enable trust, and to allow parties to deal with individuals and businesses they have never met.
But the growth of trust on those platforms has also led to additional opportunities for abuse. Economic crime is fundamentally about abuse of that trust. Whether in the direct perpetration of a fraud on a buyer or seller, or by using systems designed to assist legitimate business to aid criminals by laundering the proceeds of crime, today, technology is fundamental to most economic crime – enabling, facilitating and disguising it.
There are now entirely new categories of economic crime – businesses are no longer valuable because they are a source of money; they are targets as a source of data. And that data is a source of value; denying a business access to its customers was all but impossible in the days of high street stores – but now, DDOS (distributed denial-of-service) attacks or similar can cripple a retail business with knock on impacts for others.
In three key areas – anonymity, accessibility and accountability – digital technologies have delivered a step change in what criminals can achieve.
Criminals can disguise their identities and activities and reach out more effectively to a far wider pool of potential victims, exploiting the labour-saving side of digitalised communications to drive down the costs of, and increase the odds of a return on, their investment. The ubiquity of email as a communication tool for both business and personal affairs allows criminals to gain access to huge audiences, while address spoofing permits the scam to be initiated from anywhere in the world. As tools like chatbots become popular with legitimate merchants and service providers, so criminals are moving in to mimic them, aided by AI technology to target likely victims, and tailor the approach to deceiving them from anywhere around the globe.
What does it all mean for businesses and individuals trying to navigate these exciting new waters? Prevention is better than a cure and in developing strategic responses, we can divide economic crime into two broad camps: active and passive. Active crimes are those where the offence relies on active, direct participation by the victim – that is, changing payment details in response to a “customer email” or agreeing to transfer funds via their own account for two third parties in return for a commission. Passive crimes are those where existing system design decisions allow criminals to operate unhindered – for example, failing to conduct the know your client due diligence checks properly before accepting funds into a new bank account, or leaving network ports open by default, enabling the injection of malware into sensitive systems.
Handling the latter is a technological issue. Just as AI enabled fake imposter chatbots can learn how to defraud individuals, so deployment of RPA, ML can automate much of the due diligence process around identity verification for anti-money laundering checks, saving human operators from the “swivel chair syndrome” as they try to build a coherent picture from multiple databases. Active monitoring of payment patterns, matched with structured and unstructured network data, allows businesses to effectively implement their own internal controls, or banks to recognise and trace, or halt the flow of illicit funds.
The fight against economic crime will though never be simply a matter of technology. More sophisticated tools are a threat to the trusting innocent party only because another guilty party seeks to abuse that trust. Alerting decision-makers to the warning signs of suspicious transactions will remain a vital piece of the jigsaw. In the technological arms race that sees criminals deliberately disguising their activities, blind reliance on automated tools can only take prevention and enforcement so far. Whistleblowers’ role, and how they can be enabled and protected, is an area of active debate, and remains so as long as system design contains compromises in the name of efficiency for the compliant majority, which in turn allow criminals to exploit those systems.
Economic crime is a function of human nature. Every successful crime starts with individual decisions, whether to deliberately break the rules, or to place trust in information that isn’t trustworthy. And whether it’s in double checking who really sent a payment instruction, or teaching humans how to properly use the outputs of AI generated guidance, being sure that the humans in the chain have the right attitudes, the right rules to follow, and the right tools to counter the advances in criminal behaviour is the most important element keeping the impacts of economic crime to a minimum.