ReportTitle_TP3.jpg

COVID-19: rethinking anti-money laundering (AML) and fraud risk management

May 2021  |  TALKINGPOINT  |  FRAUD & CORRUPTION

Financier Worldwide Magazine

May 2021 Issue


FW discusses the impact of COVID-19 on anti-money laundering and fraud risk management with Keith D. Andrzejewski, Carl E. Case III, Brian L. Ferrell, Kristin Milchanowski Gilkes and Thomas P. O’Donnell at Ernst & Young LLP.

FW: To what extent has the COVID-19 pandemic raised the level of anti-money laundering (AML) and fraud risk? How would you describe the current threat landscape?

Andrzejewski: Over the past 18 months, the fraud risk environment can be described as fluid and dynamic. There have been unprecedented levels of phishing scams, smishing scams, call spoofing, account takeovers, ransomware, synthetic identity and mobile device attacks. In certain large financial services firms, there was a remarkable increase in identity fraud from the last quarter of 2019 to the same period in 2020. Among all these risks and threats, many companies’ top priorities are identity verification and identity proofing, application fraud, and insider threat and insider fraud. These areas have led to significant financial losses. For example, synthetic identities are no longer just being used for application fraud with credit cards. Application fraud using synthetic identities has quickly expanded to hard goods. Coronavirus (COVID-19) led to vast increases in online sales for small- and large-dollar value items alike, making this a ripe environment for synthetic identity fraud at unprecedented rates. The lack of in-person applications, which depressed sales in luxury markets and financial markets that were unaccustomed to comprehensive online servicing, created a perfect storm. States and municipalities have also been victims of synthetic identities in the real estate market. It is likely that online servicing is here to stay. Financial services must adapt to fraudsters’ ever-changing identity tactics.

Ferrell: As innovation increases to meet evolving consumer demands and expectations, many companies cannot keep up with the pace of change. They are seeing far more sophisticated fraud and money laundering schemes and are requiring help to address these unique challenges. Recent business and market disruption associated with COVID-19 introduced new opportunities for internal and external bad actors to exploit this period of business disruption, reduced oversight and untested cyber controls. Bad actors keen on engaging in nefarious conduct are taking advantage of these challenges while identifying weaknesses that might not have been foreseeable in a pre-pandemic environment. This has fundamentally changed the threat landscape as both employees and customers engage with financial service providers differently. This has also contributed to a shift in the anti-money laundering (AML) and fraud threat landscape that will have a lasting impact on the future of financial services and the compliance and risk management functions of many companies.

O’Donnell: It is difficult to quantify and compare the amount of money laundering and fraud risk prior to the pandemic versus during the pandemic. It is, however, very clear that usage of financial products and services has changed dramatically over the past 12 months. In-person transactions have lessened in favour of online or virtual transactions. There has been a shift in the products and services that customers are consuming. While we have seen these types of behavioural changes in the past, the speed of change driven by the pandemic is simply unprecedented. Bad actors have rapidly adapted their techniques to take advantage of the new environment to launder money and commit financial crimes, such as fraud. Financial institutions (FIs) need to adapt with equal quickness to effectively mitigate the new risks. Some institutions have found it challenging to do so for various reasons, many of which have a link to the virtual environment caused by the pandemic. We are seeing parties, now more than ever, need innovative, immediate solutions to mitigate the increasing risks being identified as a result of the current landscape caused by the global pandemic.

Gilkes: Due to the pandemic, FIs closed their physical offices to many back-office functions. Employees of FIs are primarily working from home, including many in the compliance, cyber, financial crimes and fraud domains. This shift in work location increases insider trading and insider threat risks. High unemployment and continued lockdowns have created financial hardship, combined with the challenges of working remotely, like balancing new professional responsibilities with school or childcare closures, which have led to some people rationalising behaviours they should otherwise avoid. No organisation has adapted oversight, controls and security in the new environment as effectively, rapidly or comprehensively as necessary.

Case: The COVID-19 pandemic immediately introduced a significant shift in the day-to-day fiscal norms in behaviour for global consumers and commerce. This can pose a significant challenge for FIs that utilise those historical norms and patterns of behaviour to spot irregularities and anomalies that could be indicative of nefarious parties and illicit behaviours, particularly when those parties adapt their own behaviour to take advantage of the volatility and ‘white noise’ in the system. Couple that volatility with the accelerated rollout of economic stimulus and relief programmes, and you find that the pandemic presents ‘perfect storm’ conditions for heightened financial crime risk.

Bad actors have rapidly adapted their techniques to take advantage of the new environment to launder money and commit financial crimes, such as fraud.
— Thomas P. O’Donnell

FW: Against this backdrop, do companies need to rethink their AML and anti-fraud strategies? In your experience, do they need to be more proactive in this area?

Ferrell: Many parties are recognising that they must be vigilant and increasingly agile, given the rapidly evolving landscape, from both a customer service and a risk and controls perspective; however, the challenge remains how to do so and remain competitive. Companies must be able to assess operational controls and risk management programmes, particularly as the threat environment is only going to become more challenging due to the ‘new normal’ of a remote and dispersed workforce, less face-to-face customer interaction and rapidly expanding digitalisation. Such modifications to identify the vulnerabilities and rethink their approach to disruption, identification and mitigation of financial crime allows companies to be nimble in addressing risk in real time.

O’Donnell: To be effective, AML and anti-fraud strategies must be tailored to the risks and threats facing FIs. When the threats change, those programmes must change accordingly, or the risk is that they will be rendered ineffective. The challenge today is that the threats are changing over a shorter period than ever before. Most FIs employ financial crimes compliance controls that were not built for the level of adaptability that is needed to keep up. To maintain effective AML and anti-fraud programmes, FIs must proactively identify what has changed and where new vulnerabilities exist, and then modify or enhance controls to mitigate those vulnerabilities. The speed at which the threats are changing is forcing parties to be more agile than ever before, and they are utilising solutions that may span multiple programme areas and allow for ‘real-time’ risk identification.

Gilkes: As always, criminals are opportunists and will look for the weakest links, ineffective controls and poor cyber and IT security measures to exploit. In many FIs, there is growing concern about heightened exposure to insider threat and the need to evolve AML and anti-fraud strategies to address the changing risk environment. Many companies are now working to establish new controls around critical digital assets, creating new reports linking together case management investigations across AML, cyber and fraud and implementing new analytics engines to flag anomalies in employee behaviour that are more indicative of true insider threat.

Case: Entering the pandemic, many companies were already reconsidering their AML and anti-fraud strategies to improve effectiveness, agility and efficiency. The conditions brought about by the pandemic only served to amplify and exacerbate the challenges companies were facing in their response to these threats, particularly as it relates to agility. Most anti-financial crime programmes today operate much like a factory floor – they are designed to identify, investigate and report on what has been seen before, at scale. When it comes to new and emerging risks, however, the helm can be slow to turn, often burdened by governance and controls that are designed for a less dynamic environment. As a result, organisations are increasingly seeking opportunities to streamline existing processes used to identify risks and implement or update controls. They are also establishing processes to augment the existing foundation of controls with more dynamic capabilities, such as alternative monitoring technologies and intelligence-led investigative units.

Andrzejewski: Organisations, now more than ever, must be proactive when it comes to deploying new controls and technology to prevent fraud and reduce losses. When an organisation waits until a fraud event has occurred to decide to deploy new fraud controls, it is already behind and will struggle to get ahead of these risk issues. The proper implementation of anti-fraud technology often takes years to implement, and, when it is implemented as a response to fraud rather than as an offensive strategy, the planned benefit and return on investment (ROI) are not present. That said, perhaps even more important to being proactive is to be more agile in the method for rolling out new technologies that stop fraud. A number of diversified financial services firms are building an orchestration layer that consistently manages the business rules across a single customer, across each product and across every channel in which the customer interacts. This orchestration layer allows companies to implement new anti-fraud technology in a matter of weeks rather than years and allows them to change business rules in a matter of minutes instead of months. One example of this technique is a change in biometric technology. In the traditional model, when a firm requires customers to use a centrally managed biometric for account transfers, a new biometric technology would previously have been integrated into each channel, application and product for each interaction. Effectively, this is an implementation of the same technology more than a dozen times. In the new orchestration environment, the implementation of the new biometric technology is done once, thereby eliminating 60 percent of the code and saving millions in development costs.

The insider threat landscape has changed enough that we are seeing a need to integrate data and analytics to help with control intervention.
— Kristin Milchanowski Gilkes

FW: How should companies go about assessing whether their current AML and anti-fraud measures are adequate in this new reality?

O’Donnell: Institutions traditionally start their financial crimes compliance journey with a comprehensive risk assessment that appropriately identifies risks and the controls designed to mitigate those risks. During these times of change and uncertainty, the accuracy and adaptability of the risk assessment are particularly important. Many FIs are either undertaking or considering a review and refresh of their risk assessment processes and outcomes, given events brought on by the pandemic and our rapidly changing business environment. This accelerated evolution of financial crime risks means that it is even more important that the risk assessment process is nimble and flexible.

Gilkes: If an institution’s internal controls, policies and procedures have not changed since the start of the pandemic, then it is critical that the changes are comprehensively examined and then updated accordingly with haste. The insider threat landscape has changed enough that we are seeing a need to integrate data and analytics to help with control intervention, which is something that institutions have not always been comfortable executing against. When assessing solutions to AML and anti-fraud measures, FIs should bring the full power of the institution together. Include leaders from risk, human resources (HR), technology, security, fraud and AML, to work through a fraud risk assessment and a threat landscape assessment. Saying “we are okay, we do not have insider threat” is unacceptable. Leadership should be asking “How do we get comfortable that we are mitigating insider threat holistically?”

Andrzejewski: Organisations must develop consolidated enterprise fraud risk assessments (eFRAs) that focus on current and new products, together with each product’s associated risk. Companies with an existing eFRA should conduct a detailed review of their fraud risks and perform extensive customer journey maps. When drawing up journey maps, each business process, the technology used, the primary control and any compensating controls must be documented. Companies must identify whether the control is active or passive, identify the cost for the control and identify the likelihood of a threat across each product and every channel. A journey map provides the organisation with a complete understanding of product weaknesses, redundancies and gaps in control frameworks and where technology and controls may be overbuilt. eFRAs with customer journey maps can reduce the cost of fraud controls and customer authentication by up to 50 percent.

Case: A comprehensive risk assessment is a foundational programme component and is essential to a strong anti-financial crimes programme. As a part of the risk assessment process, we continue to see an increased importance in utilising a data-driven approach. In the rapidly shifting financial crimes threat landscape, the global data ecosystem can be an FI’s greatest ally in identifying and combatting financial crime. Many third-party data aggregators and service providers are continuing to develop new and expanding data sets to aid in the identification of escalated risk aligned to several emerging and traditional threat vectors, such as synthetic identity, sanctions, cryptocurrency, trade finance and marijuana-related business. Companies can use these data sets as an accelerator to perform rapid, point-in-time assessments of risk exposure or to establish ongoing monitoring of risks from a specific threat vector.

Ferrell: For any companies, including FIs, the first step is to identify AML and fraud risk management programme deficiencies, as well as shifts in their risk profiles resulting from the pandemic. Companies should perform a rapid diagnostic – effectively a risk and vulnerability health check – and identify gaps in existing controls, technology infrastructure and high-risk business segments. Developing and deploying targeted analytics using a library of pandemic-related first-party, third-party and internal risk indicators can help identify evolving threats, such as those associated with customer identity, suspicious behaviour, procurement fraud and employee-related collusion. Furthermore, companies should build and institute a testing programme to perform control tests regularly and to introduce additional governance measures to ensure that they are working as intended.

The processing power of technology can assist with prioritising risk factors using data analytics and provide advanced authentication and detection methods.
— Brian L. Ferrell

FW: What steps should companies take to improve their processes and controls to manage and mitigate financial crime? How can limited resources best be deployed?

Case: For many companies, this is a question of both prioritisation and curation. FIs need their limited resources to be focused on their greatest risks, and their people need to be equipped with the right information, at the right time, and in an understandable, digestible format to be able to make the best use of that information. Significant opportunities exist for technology to assist across both of those dimensions. Increasingly, organisations are looking to data analytics solutions, including machine learning (ML) and artificial intelligence (AI), to reduce the amount of noise generated by more traditional monitoring platforms and to focus investigative efforts on the highest risk alerts. These solutions are especially attractive because of their effectiveness, which we have seen achieve 30-40 percent efficiency improvements almost immediately, rising to 70-80 percent over time. We are also seeing the leading edge of data democratisation and citizen data science making inroads into investigative units to curate information for human consumption. Spreadsheets are still an investigator’s favourite tool, but we are starting to see more organisations look at better tools and methods to present the right data versus more data.

Ferrell: As part of ongoing risk management practices, FIs are expected to respond to a risk event immediately and to assess additional, related vulnerabilities. Based upon experience working with various regulatory and government agencies, I would advise that this expectation remains unchanged. The industry has increasingly driven toward more dynamic risk and threat assessments, and a control response to quickly deploy proactive means to prevent and detect financial crime. In the post-pandemic environment, there is an even greater imperative for risk/threat assessment and risk management response to become more of a real-time activity. In the immediate term, companies should use the results of the rapid diagnostic to understand where vulnerabilities have been identified, prioritise resources and define both a tactical and strategic roadmap, leading to a more efficient current state. This multistep process includes a triage of immediate risk and gaps, the execution of target operating models, the deployment of behavioural monitoring, and training on emerging risks and controls.

Andrzejewski: The first step to mitigate financial crime comes from within. Organisations must evaluate their existing governance structures, organisational models and technology architectures. Organisations that successfully mitigate fraud have a centralised governance structure with clear roles and responsibilities across the identified owners of the fraud controls. Additionally, many organisations lack a central fraud taxonomy. This means that different business units define losses using different metrics, which leads to inaccurate reporting, gaps in controls and redundancy in resources, including people and budget. Finally, organisations must develop uniform fraud technology across business units to prevent fraudsters from exploiting potential gaps in technology controls that might otherwise exist.

Gilkes: Companies must ask themselves hard questions and drive solutions with data. Will we start or deepen our monitoring and understanding of customer and employee behaviour? What is the right balance between customer security and customer friction? All institutions need to look at the basics. Are they collecting the right data with the right rules and requirements? Are feedback loops in place to facilitate better monitoring between AML, fraud, insider threat and insider trading groups? Limited data and technology resources need not be a barrier to driving valuable insight. The secret to optimising output with limited resources is having the right data, available at the right time, to the right people, and implementing appropriate feedback loops.

O’Donnell: The concept of a risk-based approach is more relevant today than it has ever been. As it is impossible to monitor everything, the compliance programme must be prioritised to target the areas of highest concern. In addition, we have seen, and continue to see, many innovative financial crime compliance technology initiatives that utilise automation, AI and ML to enhance the effectiveness and efficiency of processes that have historically been conducted manually. Many parties are moving toward design and implementation of ‘smarter’ processes relating to transaction monitoring investigations, negative news searches, list screening and know your customer (KYC) controls. The implementation of these leading technology enablers will allow the limited resources within the FI to be efficient and productive in identifying and focusing on the highest risk activity to the institution.

FW: In what ways can technology help companies tackle financial crime? What benefits can these solutions provide?

Ferrell: The processing power of technology can assist with prioritising risk factors using data analytics and provide advanced authentication and detection methods. For example, the Financial Action Task Force has advised companies to employ digital onboarding techniques and simplified due diligence as part of their KYC process to alleviate resource constraints and limited in-person interaction. Regarding fraud processes, faster technology-enabled detective controls tailored to the risk profile of the company are critical to protect customer and enterprise data, and assets, from theft or misuse. Customers are increasingly availing themselves of non-traditional money movement services that are fully based in the digital environment. This trend is expected to continue post recovery. To accommodate and remain competitive, traditional FIs must explore options to integrate across applications and data sources and invest in ML for improved analytics and behaviour monitoring capabilities.

Andrzejewski: Technology is a critical control in preventing and detecting fraud. Fraudsters are most successful during real-time interactions with call centre representatives, agents and branch employees. Technology removes the ability for fraudsters to socially engineer the personal interactions that cause the representative to bypass organisational controls. Through personal conversation, the fraudster may portray him or herself as desperate, helpless or trustworthy, which leads the agent to agree to approve the fraudster’s request, despite standardised procedures. When deployed correctly, fraud technology builds customer trust, reduces operational expenses, reduces regulatory risk, provides tax advantages and reduces capital reserves.

Gilkes: Technology can be deployed to enhance automation of control functions and drive automated reactions to potential financial crimes events. Technology can help evaluate current monitoring rules to check whether risk scenarios are providing the right risk coverage via tuning, ongoing monitoring or model validation efforts. If the volume of alerts has increased due to shifts in criminal behaviour, the use of advanced analytics can help optimise investigation resources and add a layer of automation to provide investigators with timely and relevant information. We have seen this deployed on numerous occasions, and parties are achieving 30-60 percent savings and an ROI in less than three years. Additionally, advanced analytics and ML can be deployed to reduce false positives by up to 40 percent, and anomaly detection can help identify emerging AML, fraud, insider trading and insider threat patterns.

O’Donnell: To identify, report on and manage financial crime, it is critical that FIs integrate the latest technology into their control frameworks. Technology allows institutions to be more efficient, which means that valuable time can be spent on identifying actual money laundering, terrorist financing and sanctions evasion, instead of dedicating resources and effort to managing and responding to false positive or unproductive ‘noise’ within the system, deterring from a focus on actual illicit activity. As our world becomes more digital and virtual every day, accelerated in part by the pandemic, it is even more critical that parties invest in technology and the use of automation to mitigate the risks being presented.

Case: There are many areas where we are seeing technology aid companies today in the fight against financial crime. The more mainstream solutions focus on reducing noise or false positives from legacy systems and on automating several of the manually intensive processes associated with investigations and due diligence. We also see organisations that have recognised data as the ‘secret weapon’ in the fight against financial crime and, as a result, have focused efforts on their data strategy and underlying technologies to access, unify and share data across their financial crimes prevention teams. The most innovative companies leverage enhanced data standards and the application programming interface (API) ecosystem of integration protocols to frictionlessly access and utilise public and privately held data and advanced processing capabilities. Moving forward, we expect that interest will continue to rise in technology solutions that assist in improved detection efficacy – solutions integrating multiple technologies, such as graph databases and neural networks – as well as cross-industry information sharing, such as homomorphic encryption. While, today, the information advantage unfortunately sits with the criminal elements and malicious actors, the industry continues to take steps forward in levelling the playing field.

In the rapidly shifting financial crimes threat landscape, the global data ecosystem can be an FI’s greatest ally in identifying and combatting financial crime.
— Carl E. Case III

FW: What advice would you offer to companies on overcoming typical challenges when integrating new AML and anti-fraud controls, policies and procedures into their existing systems?

Case: A collaborative approach that balances the objectives of policy, operational and technology participants is necessary to achieve success in this space. This sometimes requires organisations to step back and examine their overall change or transformation strategy and to define a more holistic approach. When it comes to technology solutions, there is often a tendency to seek out individual point solutions that address individual risks or operational pain points, but today’s quick fix can also impede future integration efforts. In financial crimes where the technology ecosystem is more critical than the individual components, organisations should seek to better understand the desired future state and define a strategy that allows for seamless operation and integration between the various ecosystem components. Specific to the ongoing pandemic environment, some technology solutions, particularly AI and ML, require a measured approach. Some of these frameworks are reliant upon historical data to train the system to identify suspicious behaviour. The unstable nature of the current environment has the potential to adversely impact the ongoing performance of these systems, and organisations employing these capabilities should seek to enhance the resiliency of these controls with a robust performance monitoring and model risk management process.

Gilkes: Rather than conducting a partial or siloed review, companies should execute a holistic programme review using a framework that focuses on people, capabilities, culture and compliance. One of the most critical, and least expensive, things to do when integrating new controls is to talk. Talk to your employees and talk internally to leadership across the organisation, including risk and compliance, HR, legal, security, technology and the lines of business. New controls in a virtual environment will require the support and leverage of the whole firm.

O’Donnell: When designing and implementing new financial crime compliance controls, there are several questions companies must ask themselves at the onset of the transformation. Are these controls the right ones to mitigate the risks my institution is facing? Can we implement the new controls consistently and effectively? Do we have the technology to be able to implement these controls correctly? What are the impacts to my end-customer experience? Institutions need to evaluate new controls holistically and roll them out in a planned way. A strategic, tailored integration and implementation plan, which is flexible and reactive to business and regulatory change, is a critical success factor in any programme transformation. Another key component is data. Enhancing your programme by strategically identifying and using all the data points you have at your disposal is one component of a strong compliance programme.

Andrzejewski: There is no single technology to prevent all fraud. Organisations need to take a holistic approach to fraud prevention. More often than not, organisations seek to buy call quality tools or voice biometrics to stop call centre fraud, only to be met with an increase in fraud from the online channels. Once this happens, the organisation responds by purchasing more tools to stop online fraud, only to face increases in fraud from the mobile channel. Then, once the mobile channel is ‘secured’, the circle continues, channel to channel, new tool to new tool. Instead of chasing fraud as it is encountered, organisations must leverage the customer journey and control maps to perform an architecture and controls rationalisation. The organisation must evaluate the technology and infrastructure, as well as the fraud risks, develop a total solution based on the technology’s architecture and forgo a piecemeal approach to technology implementation based on product channels.

Ferrell: FIs should take this opportunity to not just convert existing systems and controls into a modified environment in response to the immediate risk event of the pandemic, but to rethink and holistically evaluate their AML and fraud risk management programmes. As FIs progress in digital transformation and invest in technology, they should consider the outcomes they want to achieve, from both a risk management and customer experience perspective. The increasingly digital world is resulting in the increased availability of data.

Today’s environment is fraught with increased regulatory scrutiny and oversight and, as such, requires a new measurement of success for fraud prevention.
— Keith D. Andrzejewski

FW: How do you expect AML and fraud risk management strategies to develop in the months ahead? What consequences are likely to await companies that fail to focus on and address these risks within their organisation?

Gilkes: FIs have not slowed their merger and acquisition activity during the pandemic, which brings cultural challenges as teams and programmes come together. As such, we are seeing a heightened regulatory focus on institutions’ insider threat programmes, including an expectation that these programmes expand across the enterprise, beyond information security, to include and converge conduct and ethics, physical security, internal fraud, IT sabotage and data threats. For many FIs, convergence of these areas will be a new feat.

O’Donnell: As FIs get better at identifying money laundering and terrorist financing, criminals continually evolve to evade detection and prosecution. Therefore, FIs are faced with the challenge of constantly keeping up with the latest trends and typologies. In addition to changes in the way crimes are committed, financial services themselves are going through rapid changes, ranging from new delivery models to digital banking to cryptocurrencies. If institutions are unable to keep their financial crime compliance programmes up to date, it could hinder them in being competitive in the new banking landscape and subject them to increased regulatory focus, along with reputational and financial risk. Many parties are using this unprecedented time to explore changes to their overall operating models, looking for greater efficiency, lower cost and increased productivity. There is increasing use of alternative operating models, including the use of managed services and incorporating game changing, transformative and innovative ideas into their programmes.

Andrzejewski: In years prior, companies have measured the success of their fraud programmes based on whether the organisation met their fraud loss budget for the year or met their total loss numbers for the year. Today’s environment is fraught with increased regulatory scrutiny and oversight and, as such, requires a new measurement of success for fraud prevention. Organisations should assess the likelihood and impact of potential fraud schemes and use the results of these assessments to inform the design of the organisation’s fraud risk management system and risk appetite. Management should report this information to senior management and the board, who understand the fraud risk and potential for fraud losses across the enterprise and help in setting the fraud risk appetite for internal and external fraud.

Ferrell: We expect an increase in investment in technology and data-based solutions, such as ML and analytics, to modernise compliance functions and allocate resources efficiently. Companies that can develop real-time compliance analytics that enable rapid decision-making moving at the same speed as digital finance will minimise losses and protect themselves against money launderers and fraudsters. Companies that do not take substantial steps to reorganise and reprioritise their AML and fraud risk management programmes may be exposed to regulatory scrutiny. At the same time, they may find compliance process adversely impacting their competitiveness in the market.

Case: In the near term, organisations will continue to progress the improvement and transformation initiatives that were either spurred on by or in place prior to the pandemic. Efficacy, efficiency and agility are not new challenges in combatting financial crimes, but the financial conditions and risks exposed by the pandemic have certainly contributed to an acceleration of change initiatives for many companies. Like the surge in activity and emergence of new risks that occurred at the start of the pandemic, as consumers and the global economy recover, there will likely be a period of increased volatility and shifting financial behaviour. Forward-looking organisations are already preparing to address the operational and technological challenges imposed by those periods of volatility, through automation or planning for surge resources. Simultaneously, those organisations continue to seek and establish improved mechanisms to identify and assess new and emerging risks and implement the corresponding controls.

 

Keith Andrzejewski is a principal in the consulting practice of EY and leads the firm’s fraud technology and operations services in the US. He brings more than 25 years of extensive experience leading global financial services organisations in the design, development and deployment of cyber security, fraud programmes and fraud technology implementations. He specialises in identity verification and identity proofing, customer authentication, transaction monitoring, anomaly detection and case management. He can be contacted on +1 (203) 278 6118 or by email: keith.andrzejewski@ey.com.

Carl Case is a principal and the US financial crimes compliance technology consulting leader for EY. In this role, he assists EY clients in bringing analytics, automation, artificial intelligence and other innovative technologies to bear in their fight against financial crimes. He also leads the development of the EY FinCrime Platform and Cognitive Investigator, a suite of state-of-the art financial crime monitoring and investigations technologies employed by EY clients across the globe. He can be contacted on +1 (703) 475 7646 or by email: carl.case@ey.com.

Brian Ferrell brings extensive hands-on leadership experience in managing the complex financial crimes and compliance demands faced by diversified financial services institutions. He has nearly 30 years of corporate, regulatory and government experience, including as chief counsel at the Financial Crimes Enforcement Network and trial attorney at the US Department of Justice. As a market-facing and impactful leader, he has led successful transformative and remedial efforts across the globe. He can be contacted on +1 (860) 218 8335 or by email: brian.ferrell@ey.com.

Kristin M. Gilkes focuses on advanced analytics, AI engineering and architecture in the financial crimes, fraud and insider threat arena. Prior to EY, she was the chief data scientist of the legal and compliance division of a global investment bank and head of global financial crimes and compliance technology and model management at an investment bank/financial services holding company. She can be contacted on +1 (202) 327 7477 or by email: kristin.m.gilkes@ey.com.

Tom O’Donnell is a co-lead of the EY financial crimes compliance practice. He is a compliance executive with over 20 years of experience in providing consulting services to the banking industry, specialising in the areas of anti-money laundering (AML), USA PATRIOT Act, Bank Secrecy Act, Office of Foreign Assets Control, and Foreign Corrupt Practices Act (FCPA) compliance and regulatory matters. He has extensive knowledge of the global regulatory landscape. He can be contacted on +1 (732) 539 2586 or by email: thomas.odonnell1@ey.com.

© Financier Worldwide


©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.