Coping with the Growing Fraud Threat

Coping with the Growing Fraud Threat 

John Byrne: [00:00:00] Welcome to our August edition of AML Voices coping with the growing fraud threat. I'm John Byrne with AML RightSource and joining me today are Ulises Pineda. He is the Director of Financial Crimes Head of Fraud Investigations at First Citizens Bank. And Don Fort is an advisory board member and director of investigations at Costella, LLP and the former chief of the Criminal Division of IRS.

Gentlemen, thank you so much. We're in the dog days of August, but fraud never sleeps as we all know ran across this study just the other day that I thought I'd start off our conversation with. This comes from a UK consultancy firm called Juniper, and the study's called Fraud Detection and Prevention in the Banking Market.

2025 to 2030. They project [00:01:00] 153% jump from an estimated 23 billion in 2025. And one of the biggest threats that they talk about in the report is synthetic identity fraud. When criminals create fake personas that blend stolen real and fabricated details, the report also says, and we're going to talk about this later, that the rise of our artificial intelligence is fueling the problem.

According to the report, they say that synthetic identities can stay under the radar for longer and drain more money from banks, and then they recommend that institutions have to rethink static verification. And introduce continuous monitoring if they want to keep pace. So, we'll talk about AI toward the end of today's conversation, but I wanted to just throw that out as something just that just came across my desk.

AlSo, we'll take your questions, so feel free to put those in the q and a box and we definitely will address those throughout the program. Let me start off with [00:02:00] a broad question to both of you. And that is not statistically, but from your involvement, what is the state of bank fraud in 2025 from your perspective, both domestically and globally?

And Don, I'll start with you.

Don Fort: I think it's interesting you make those open comments and I just want to start by once again thanking you for hosting this event. It's great. Ulises really looking forward to having a discussion with you. You haven't, you and I haven't been on a webinar before, so really excited to, to be here with you.

I think it's constantly evolving, It's never going to go away. There's always new threats and I'll politely disagree with one of the things you said about talking about AI later because I, it's hard to answer any question about fraud right now without talking about ai.

Sure. The entry point, the technology, everything that's going [00:03:00] on has made it cheaper, faster, and the criminals don't have to be terribly successful to be very profitable. Where, whereas previously it used to be there'd be some one-off crimes and bank fraud and things like that.

And now it's really these are largely organized criminal enterprises that are really set up again, like an organized crime syndicate. The synthetic identity fraud is really scary. And I've seen some demos on it and I'm sure we'll talk about this a little bit more as the conversation goes.

But what's being done out there? I wasn't, haven't been with the IRS for 30 years and I was there. The height of the stolen identity refund fraud, which was a lot of that was old school street crime [00:04:00] paper identity theft and evolved into more of the digital and cryptocurrency and things like that.

But this synthetic identity fraud and the impact I think it's having on the banks it, you can see again, seeing a live demo of what's actually for sale on the dark web and the shockingly low prices that are available. These identities are ranked in terms of how successful you may be.

Even saw a demo, a live demo of somebody bypassing two-factor authentication somebody that had a, has a pretty high technical capability, but it wasn't ridiculously difficult. And again, to see that live and how that's done because I think many of us that certainly, I thought two-factor identification was [00:05:00] basically something you couldn't defeat.

And to see somebody do it fairly easily, I think it just gives you the state of where we are in, in fraud and bank fraud in general.

John Byrne: That's great. Since we're on AI and I was again, I, as I promised, we'll take questions throughout. I would go to you in a second, Ulises, but this is an actually a pretty valid question for this part of the conversation.

And the question is, the recently passed budget bill had in it a provision and I think made it through, but I could be wrong, Don, you probably would know that no regulation or legislation could be created, I think, in the states for AI in the next 10 years. How do you see that particular, is that going to impact fraud prevention?

I think it made it to the end, but I must admit I'm not a hundred percent.

Don Fort: I think John, Yes, I'm aware of that. I know I read up the same I have to say I think I'm in the same boat as you are. I don't know if it passed. It looked like it [00:06:00] was going to. Yep. Again, Don Ford's personal opinion, it's incredibly shortsighted.

You, look at the way technology, it just exponentially increases. Over just days, months, You look at where we were with AI even three years ago, and the advent of open ai, nobody was really talking about it to the extent that we're talking about it now. Three years ago prior to open ai.

So I think any I'm not a lawyer, I'm not a legislator. I'm not a regulator, but any legislation that, that you have out 10 years saying somebody can't do something just seems to open the door. For potential fraudulent conduct. Again the, we talk about this on most of the webinars is that.

The crime, I guarantee you, John, you and I may not be up on that [00:07:00] bill. I guarantee you the criminals are. Yeah. IJI just did a quick

John Byrne: search and it was deleted from the provision which I thought was the case, but I was not a hundred percent sure. But still, I think your points are obviously more than valid about how shortsighted that would be if we can't have any additional legislation at the federal or state level in ai.

And I think that would definitely continue to.

Don Fort: Yeah. And as we talk about that a little bit more, one of the points I'm certainly going to make is that, that AI obviously a tool for banks, financial institutions detecting financial fraud, but even more so for the criminals. And if you're going to arm, if one side's going to be armed with it and the other's not going to be equal armed, it's not a fair fight.

John Byrne: Ulises, Going back to the broader question, what are you and your peers in other institutions seeing regarding the explosion of fraud? Both, again, here and globally? Of course.

Ulises Pineda: Yeah. I would say generally across the industry, [00:08:00] what we are seeing is some of the same tactics, but just I think to, to Dawn's earlier point, a lot more sophisticated.

So, we're still seeing BEC, we're still seeing check fraud. We're still seeing account takeovers, we're seeing identity theft. But on a broader scale. And I would say that there is more organization behind it more now more than ever. Like in the past, I would say it was probably a little bit more and more opportunistic scammers that we're really going after, after victims.

And now what we're seeing is broader tactics employed by bad actors really linked to these transnational organized crime groups. And you're seeing it, and you can see it in the way that the government is putting out advisories fin sense specifically towards the cartel. I think today they put one out specific around Chinese money laundering groups and the [00:09:00] genesis of all of that is fraud.

It's the account takeovers, it's the business email compromise. It's the pig butchering scams in particular I think are really drive a real problem for financial institutions. Especially for those authorized push payments where our clients are being victimized into thinking that they are speaking with an IT company.

They think they're speaking with a government agency or someone that they trust and being manipulated into sending payments to these individuals businesses, to cryptocurrency accounts. Specifically I think one of the biggest things that we have a hard time with is they're coming in, withdraw cash and then moving those funds to these cryptocurrency kiosk.

Those are, that, those are some of the biggest issues that we see. So trying to have an omnichannel view of our clients and their banking [00:10:00] behavior I is one of the things that I think small institutions and large financial institutions are having a problem with. It's really important for banks to evolve,

I worked for smaller community banks and I've worked obviously now for larger financial institutions and having a pulse of what is going on with your client base, knowing specifically who they are, how they transact is super important for all of us. And I think to the points made earlier, AI is just going to make that a tsunami of fraud that's going to come and hit us in a very quick fashion.

I think right now we're at the cusp of it. We know it's coming and by 20 26, 20 27 it is definitely going to hit us. It hit us even worse than ever. And interestingly, there was a I read an article in about the UK specifically that UK had. Experience that authorized push payments [00:11:00] where their client clients are being victimized by scammers.

The number or the count of incidents had decreased from like 2023 to 2024, but the total amount had act only decreased by about 2%. So fewer people are getting hit harder by the, by these scammers. It's just interesting to see how the fraud continuously just evolves right from one tactic to another, and sometimes within the same type of payment mechanism they just switch a behavior knowing that a bank has put into control for that specific type of fraud.

John Byrne: Ulises, how effective is your ability, your institution's ability to information share? I don't mean from a legal standpoint I know the, but just in general with your peers and colleagues, what are there ongoing frustrations? What are some [00:12:00] of the challenges? I was going to ask that later, but I figure it's important now.

Because I know all of your peers, because we talked to a lot of them and some of them are clients obviously. And one of their struggles is to have folks like yourself talk to other folks like yourself and other institutions. So give us a state of that right now.

Ulises Pineda: Yeah I think it, it's that frustration has not changed in the last five, 10 years,

It's one of our biggest challenges, being able to effectively communicate and information share with colleagues at different financial institutions. I think networking groups obviously make that a lot easier and being able to connect regionally. With the, with those individuals in different banks helps a ton.

But also it's difficult when you're a larger financial institution to be able to go across the country and do that effectively. The one thing that, that I wish that we all did better was use three 14 B to [00:13:00] share information about fraud. I think it's a great tool that AML groups do. Fantastic.

A fantastic job with privacy, the. The rate at which you get communication and responses differs from institution to institution, but it is a great mechanism that is available to us to share information. Obviously like you said from a legal standpoint without any issues. But I think the most effective way is really net peer networking groups, having these connections at different in institutions because that, I think more than anything else picking up the phone and calling somebody that a fraud investigator someone in their FIU and their compliance department and talking about, talking to them about potential situation that's going on between both is much more effective than waiting for a response from a three 14 b.

John Byrne: Don, we're going to move in a minute to check fraud, but before we do, your [00:14:00] former agency has created this CI first opportunity for information sharing and issues. And when you were in role, you definitely supported private public partnership in addition to what Ulises has identified from the government law enforcement perspective.

What more can be done? Like I said, I think the CI first seems to be a really, it's more than a starting point, is an excellent opportunity for FIS to work with government and share information and create typologies and that, that sort of thing. But what else do you see as challenges for your former agency?

Don Fort: Yeah, I think I do. I do really applaud what they're doing. A lot of it is reinvigorating things that have already been done, but it, there's always a need for that. And I think that to u's point, I think sometimes there, there are [00:15:00] ways to share information, share typologies and sometimes.

Law enforcement and the financial institutions gets so scared away by the regulations or privacy or disclosure that they fail to make those human connections, which is, it's those human connections where we're able to move the needle here. Each of when you think about this fight against financial crime each side.

So the banks and financial institutions and law enforcement have a unique insight, And they see things that the others don't, and there's not always ways to be able to neatly share that. And it's interesting. Ulises brings up the three 14 b because on the three 14 the law enforcement side of three 14 is hardly ever used.

That the, I think most agents don't even know it [00:16:00] exists. So there are opportunities like that. And I think where I think more work needs to be done is a lot of these events that occur the ACAMS and the regional events they happen in certain areas and they're amazing. And you and I have been to many of them.

And when you're sharing that information and making connections in your community between law enforcement and financial institutions, the results I think are really incredible. But it's not consistent around the country. And I think that there needs to be more. And again, I think the CI first is great.

I know they're holding a series of conferences with financial institutions over the summer and into the fall. And anything like that I think has an impact in, in, in the overall fight against financial crime.

John Byrne: If folks watching this do not know about that, just go to IRSCI’s[00:17:00] website or just in Google.

Put in CI first and you'll see what we're referencing. Don check fraud. You wouldn't have guessed that in 2025 with the way payments are changed, have changed so dramatically that check fraud would, as they say, still be a thing. But we've obviously seen a number of presentations from like the postal service and your former agency about the explosion, not the explosion, but the continuing challenge of check fraud.

Talk a bit about that and then get Ulises thoughts about what banks can do, what they are doing in that space.

Don Fort: Yeah. It is amazing that it's still going on, And I think that it's the treasury checks, the government checks that are still going out. I think part of that you also get to a generational issue where the younger generation probably maybe somewhat up through our generation are [00:18:00] comfortable with PayPal and Zelle and Venmo and things like that where you can really confirm an identity.

Versus when I think of my parents who were in their early eighties they don't have smartphones. There's no real there's no real digital payments going on in their life. So there are a lot of checks changing hands. And again, we get back to that recurring theme of things like AI are making it easier to make these the signatures and the checks.

A lot more realistic and hard, de hard to detect. There's a one of my former agents that has retired and now works for a nonprofit that tries to educate the elderly community to prevent them from some of these frauds. Made a really simple suggestion, which is [00:19:00] on, when you're writing a check, use a gel pen, always use a gel pen because that they can't be washed or it can't be washed as easily as other types of as other types of pens.

But I think there and there's also some legislative momentum out there if it these things take a long time, but you've seen some of the government agencies recently come out with requests for information on how they can. Mitigate this type these types of payment frauds that are out there.

So again, I think it, it's intertwined again with every one of these questions and the discussion that we're having about the criminals being able to use artificial intelligence, but the best the, that the best defense is really a good offense. That the best way to mitigate it is through these tools that can detect it, hopefully.

John Byrne: So, Ulises, what are you and your [00:20:00] colleagues doing to combat check fraud? What are some of the things that, that you're doing and some of your recommended practices?

Ulises Pineda: Yeah, definitely. I think one of the big things is a lot of the victims and this is across the industry, For check fraud Are businesses more than consumers are probably being victimized by check fraud?

Because one, it's a cheap payment method and it's easy to control within your office, whether you're a small mom and pop shop, or you're a large corporation. One of the things that I think a lot of financial institutions do is just educating clients about how to put in controls within their business for check handling to Don's point about how to use a gel pen.

Also one of the things that we really at across the industry really promote with clients is the use of positive pay. I [00:21:00] think positive pay is probably the gold standard in terms of check fraud detection for a customer. And then. Then after that. So it's always like layers of defense,

First at, the customer level. And then also when it comes to the bank, being able to have the proper fraud technology. And I think when I first started, we thought that we were going to move away from check fraud detection, We invested less in check fraud detection way back when because we thought, okay, we're going to move to wires, we're going to move to a CH, and we took our foot off the pedal at that point in time to quickly realize that the bad actors had pivoted back to check fraud.

So we start to invest more in check fraud detection, obviously from an anomaly standpoint but also from, I think a lot more now is having better detection around check images and check stocks so we can see the differences between a legitimate check stock for our clients versus [00:22:00] counterfeit check, an altered check, forge check whatever it may be.

So there's really like a multiple pronged approach to how we do that. One is from a client education standpoint and secondly from a technology stand standpoint. And obviously you need humans also to be able to look at those images making us make a determination whether this is a legitimate or not, or do we escalate to a customer for review.

And I think as the technology gets better for check fraud prevention especially I think this is one of the best use cases pro potentially for ai in the, in a future state, is to be able to. Really monitor those, images because there's such a huge false positive rate for check fraud prevention and you just can't, you don't have the resources from a, human capital and from a, budgetary standpoint. Yeah. Any financial institution to put that towards check fraud prevention. But being able to use more effective and [00:23:00] efficient tools for it will be a game changer for banks both large and small. But you definitely need the humans behind it to be able to analyze the data and then from there, being able to make the right decisions to be able to prevent it.

And I think obviously if fraud happens one of the, I think one of the biggest challenges that every financial institution is just the regulations, UCC code and how. Clear as mud it is in terms of who's liable for recovery? Who's liable to the client, and which client is ultimately responsible and who's going to take the loss.

Those are all big questions and I think points of friction for banks to also work together in, in some instances.

John Byrne: That makes sense. We didn't talk about this in our pre-plan, but it just struck me with a thought I had was, and we've done programs on this, on, on elder [00:24:00] fraud.

I'm just curious about Ulises your perspective for on this question. Some banks have been asked not some about the liability, the accountability, When you have an elderly person coming in with a family member or what have you, I know some states have passed laws to allow guardians to be on the account, so you can check that sort of thing.

W where do you stand with that issue real quick? Again, I know we didn't talk about this, but I'm sure you've dealt with it before and your peers have, I'm always curious how institutions think about that. You obviously aren't craving liability for your institution, but, and you also want to be raising as much awareness as you can.

But in that kind of sticky situation, what are some of the do's and don'ts if you, don't mind?

Ulises Pineda: Yeah I think primarily it is doing the right thing, Whether regardless of liability and I think that's the approach that we've taken in financial institutions that I've worked [00:25:00] with in the past and currently you always want to do the right thing.

That's number one. Then from there, it's really trying to educate our clients who are in that stage of life to make sure they understand what are the red flags of potential elder financial exploitation, whether it's from a family member a guardian, a caretaker, or also from someone completely outside of their family or friend group.

And then from there I think, we try to educate our branch employees as much as possible to look out for those red flags because really our branch employees are the number one point of contact for that customer and are able to tell this is out a pattern. And I think for in general, that's where we get our best referrals for elder financial exploitation is our branch employees.

And we really try to get them, one, to educate them [00:26:00] on those red flags. And second, to send referrals regarding potential elder exploitation. Whether they're right or wrong, I'd rather have an influx of referrals from the branch then not so that they can tell us like, Hey, this seems just in my gut, this seems off.

And then we can take it from there. And if we work with them and also branch management to potentially submit something to a PS or Dell Protective Services based on laws within that jurisdiction we're, more than happy to do I think that's really been my historical approach to elder financial exploitation.

John Byrne: Don I want to switch gears a little bit. An area that I know law enforcement has to grapple with as well as the financial sector, and that's the use of either intentionally or unintentionally money mules. So money mules get used by transnational organized criminals. They get used by cartel members or just typical scammers.

[00:27:00] Talk a bit about how that happens, and I'll preface this by saying I've had a family member who's got caught up in this situation, typical scam, where you thought you had won a lottery or something, and then it turns out people that are. Organizing this scam, ask you for money, a little bit of money.

So that, that sort of scenario, talk a bit about that and what law enforcement challenges are to distinguish between the intentional person or intentional movement of funds by that person knowing full well what they're doing and those that are just unfortunately naive to what they've become part of.

Don Fort: Yeah. I, it's another one of those that it's I think we're never going to, we're never going to get rid of the problem of money mules, So it is, I think for the financial institutions and for law enforcement it can be a very fine line in determining whether that individual is doing it [00:28:00] intentionally.

Versus they're just an innocent participant like, like you mentioned. And a lot of it is. Dependent on the type of behavior that they're engaging in and what their reactions are to it, So somebody that know is knowingly involved and knows the stakes and the risks when they're, warned about something, they may not heed those warnings versus somebody that's innocent that if they're warned by a financial institution or law enforcement, are generally going to have the reaction that most of us would have, which would be like, oh my gosh, I didn't know, I didn't realize what I was doing.

The use of a, the use of a bank account or somebody that's innocent may just use the same account over and over again without [00:29:00] regard to dollar amounts and things like that. Whereas somebody that's more in the business and more, more intentional is going to maybe do some test transactions to see what they can get away with multiple accounts, multiple banks and things like that.

And, obviously speaking from the law enforcement perspective Bo both are of interest to law enforcement because they can help you potentially solve a crime. But there there's, they don't generally have an interest in. And trying to prosecute and go after the innocent ones.

It's really the, intentional ones. And again, you get to that structure of, if it's structured like a narcotics organization or a traditional organized crime, if it's intentional, you, hopefully you get somebody that's intentional and they know who they're dealing with, that there's they, may be able to flip on a witness or they know their contact person or contact phone number that can lead [00:30:00] lead to additional leads of witnesses and bank accounts and things like that for law enforcement.

But it really does matter. And for the financial institutions, if they're able to make that distinction it's helpful for law enforcement obviously, in terms of being able to parse through their leads and whatnot.

John Byrne: So Ulises, obviously Don's laid out some of the indicators, red flags, whatever you want to call them.

It goes back to the issue of frontline training that you talked about before. In that situation, you're trying to determine if the account holder is acting in a way that's different from the, how the account was set up. Talk a bit about that from your perspective regarding money mules and what are good, best practices?

Ulises Pineda: Yeah, a hundred percent agree with Dawn on this one, where it's a very fine line when you're trying to figure out whether you have a Witting money Mule [00:31:00] and Unwitting Money Mule, a complicit money mule. Complicit is pretty black and white, but the, that gray area between and unwitting it is definitely hard to tell for, even for, of someone in the front line, someone in fraud investigations, someone in AML looking at that transaction behavior. Because it could be right from the get go, you can see the incoming funds and then the outgoing funds and whether they're complicit or not they could, they potentially would be a subject in a SAR,

For us, I think one of the biggest things is being able to communicate with that customer and being able to talk to them and understand do they know what's going on? Have they fallen victim to a romance scam? If they fall into a romance scam that's a little bit easier to distinguish and understand.

Okay, they had no idea what they're involved in. They've obviously been manipulated in, [00:32:00] into something and then. Again, to Don's earlier point, if they do it again and again, that obviously changes the perspective because at this point we've tried to educate them on what's going on here, how they're being victimized, and they just don't want to take that into account.

I think one of the biggest challenges that a lot of financial institutions have larger ones and smaller ones is the digital account opening channel, So they are just open accounts online, no, never going into a brand. So there is no connection with the human whatsoever. So you're really basing all of your decisions on the money, how the money the transaction behavior for a client and whether that is unusual or not, in a lot of those cases, you really side on, you're a little bit more cautious in your approach and you go with the avenue of them being potentially a money mule [00:33:00] that is complicit in the activity. Unfortunately, whether you a hundred percent know or don't know that's the approach that I've always looked at it or my lens when looking at an investigation and when we're talking to our investigators about those mud mule tactics, and it, and I'll be honest, you see a lot of fraud rings and sometimes it's hard to distinguish those fraud rings.

And in those cases, being able to link the cases together to provide the best information for law enforcement, we try to do that as, as much as possible. But you can see that sometimes you get an attack of a money mules ring and sometimes you come, they come in piecemeal. Which is interesting when you're doing that investigation and putting it all together, you want to provide the best story possible for law enforcement, obviously, in terms of the flow of money and how it's being moved between different banks.

John Byrne: We're going to move in a little bit to [00:34:00] some what you just referred to, and that's best practices regarding SAR filings and how you provide enough information. So Don's former colleagues can benefit from that. But I want to stick with you, Ulises, on this question is an age old debate on fraud and AML, I alluded to it earlier when you talk about three 14 b, I will tell you, as somebody who helped draft those provisions 20 years ago, we had always had hoped that B was going to include broad-based financial crime, not just money laundering. And unfortunately, that wasn't the case. But because that would not solve a lot of problems, but it would certainly help.

But I want to ask you about both your institution in terms of how you're organized, but the question on the table is the merging of fraud in a SAR

, which isn't done that frequently, occasionally has been done and then broken back apart, unfortunately, or unfortunately, there's [00:35:00] different skill sets, in my opinion, for a fraud investigator and an AML person.

Some of it is similar, but I think there are some differences. Talk to us about that. Even they even came up with a an acronym years ago, frail. But it's it, maybe the acronym is still known, but certainly the area hasn't taken off as many people thought. It might talk about the challenges of fraud and AML working together and maybe your personal views on how this should be.

Because again, some of your colleagues do it, a lot of them don't.

Ulises Pineda: Yeah, no, and I, in my experience I've done it. I've seen it both ways. I've been at, obviously I think there's no one size fits all for solution for. Fraud and AML due to the diversity of the organization, Small banks, large banks.

I think smaller financial institutions where I started out at usually have one kind of top [00:36:00] level organization within their financial intelligence unit. You have fraud and AML together, and that works great. I think one thing with that approach, you just have to have, like you said, different skill sets.

You have to have different leaders. Driving fraud and driving at AML. And then the communication is super important even when they are combined together. Because I've also seen, and I've heard of organizations that they have that approach, but still, there's a contention sometimes between those two organizations and be, and sharing data and who's going to take an investigation and who's going to like that.

That needs to go out the window when it comes to that. And I, I've been fortunate enough here with First Citizens and my leadership where we have our SAR investigations group built out where we have AML and fraud together. And we just have a great connection and we're able to talk to each other about investigations.[00:37:00]

Decide who is the best organization to take a specific case. Like sometimes it gets a little bit more complex and we think it's probably better suited for the AML team. Or sometimes they'll come to us and be like, Hey, I think it's better suited for fraud. And it's really about that open and honest communication amongst the teams that's more important than whether an AML team and a fraud team are together.

And then the other, I think difference here is for larger institutions, you might have your FIU together with in terms of SAR investigations, but your fraud prevention team and some of the operation components of a fraud department fall under the operations umbrella. And being able to bridge the gap between those in those groups.

Can sometimes be challenging, but I think for us now in our current environment, we have a great connection with those first line partners to be able to have good intelligence sharing between the two the two different groups within [00:38:00] operations and obviously within compliance. But more than anything else, it goes above and beyond fraud and AML,

I think we're at a point in time where you need to have cyber involved in those communications and those discussions because a lot more of our investigations have turned into having cyber events from an, from a fraud perspective, external fraud, internal fraud, and from a money laundering perspective.

But I understand that the challenges within organizations small and large, of having that al approach in my personal opinion, I think it makes a ton of sense to have that under one organization as long as you have. Great communication, great partnerships across the board.

John Byrne: So a direct question, who makes the final decision at for Citizens on filing the SAR?

Is it always collaborative or is it you, the AML who makes the, because we had we did an webinar a few months [00:39:00] ago, and that BSA officer said similar to what you talked about, that it's collaboratively worked together, but he said at the end of the day, he said I make the call just because somebody has to be eventually accountable.

How is it done? If, you feel free to discuss.

Ulises Pineda: Yeah, no I think it really our, my, my boss ultimately the deputy BSA officer would make the call, like if there was a real question between AML and fraud, she would make the decision. And she's great about talking it through with both groups and make eventually making that call.

John Byrne: Perfect. Don, let's stay with SARs, but focus on the fraud aspect as a former user of the information, and obviously now you advise, provide advice and counsel for your clients in this space. What were some of the challenges on your end for SARS that you looked at that dealt with fraud?

Was there too much information? Not enough. [00:40:00] Talk a bit about that process at I-R-S-C-I,

Don Fort: I think the age old problem in the world of SARs that keeps getting even more pronounced is the volume. Just the volume of SAR that are filed. And I've talked about this a number of times, but now , the.

Law enforcement agencies, the users of the BSA data have more technology at their fingertips than they ever have before. So the volume is not so much an issue because it can be parsed by really strong technology really quickly. And that that is always to my point of it may be that one little nugget of information, a name or a address, or a witness identifier.

In a SAR that would not have been found before by humans. But now because of the technology and matching in fact I refer to the [00:41:00] SAR as some of the most like, analyzed documents because every law enforcement agency has separate technology that they've paid tens of millions of dollars for to analyze it for their own purposes.

I think the challenge, the real challenge is, and it always has been, is how do you find that needle in a haystack? You can find some cases in there but I would. I would contend that the, a lot of the ones that are of the most value to law enforcement are the hardest to detect by the banks.

And I'll reiterate every point that Ulises made. It is really difficult. We talked about those fine lines in the money mules, but how do you find those and how do you, how does law enforcement identify those? And again, a lot of that is made all the more difficult by these latest schemes with the synthetic [00:42:00] identity theft and identity fraud where it is virtually impossible to.

Detect the difference between the real document and the fake document. A lot of these crypto schemes that are of interest to law enforcement never involve a transaction with a financial institution that triggers a suspicious activity report. And so there's so many, and I think there's always, so you've got that the, just the data fatigue that there's so many.

Now I feel like we're recently, at least this year in a, again, at the. Say this is Don Ford's opinion, but almost in an anti FinCEN SAR mode. And it's it is, I can again, speak from my experiences and you can look at [00:43:00] the stats that SAR puts out that I-R-S-C-I puts out to this day.

That it is one of the single most important factors in investigating financial crime for an agency that only investigates financial crime. About 20% of their cases come directly from SARs, and over 85% have some involvement of an SAR. And if there was ever like be being able to reiterate how important that is to folks like Ulises and his folks and his colleagues, it's that statistic.

And I-R-S-E-I is really the only ones that put that statistic out. But I think that's really powerful. To me again, it's just how do you cut through the noise and really get to the SARS that matter.

John Byrne: Yeah, Ulises bankers have always bemoaned the lack of extensive feedback regarding SAR filings.

That's an age old issue, but as Don points out, IR SCI has put out [00:44:00] some statistics, be fair, so as FinCEN and others but talk in the fraud space solely. What your process is from this high level, not how do you how do you characterize, what boxes do you check? But I'm curious about the narrative writing the ability, if you think it's serious enough to call a contact.

Because my old days at the A BA, we used to always talk in the early days of SARs talk about it's important that you sell your SAR to law enforcement. So you send it in, but you also pick up the phone if you think it's a major issue. If you think it's just something that's quote suspicious and you don't know whether it's criminal, that's different.

Talk a bit about the environment that you are in and your colleagues are in regarding filing SARS on fraud related topics.

Ulises Pineda: Yeah, I think for us, we want to provide the best information to law enforcement, And, [00:45:00] I think when it comes to specifically I'll just talk about like external fraud because I think it's a little bit different.

Ver when you have a first party client who's perpetrating fraud, you have a lot more information there on them. When you have a client who's being victimized by fraud by, let's say a scammer and you only have one side of the story, you're trying to give law enforcement the best information possible, transaction data specifically what typically occurred, all of the factual information to them.

But I think one of the challenges that we have is really the unknown, We don't know the other piece of the puzzle when it comes to that investigation and being able to make that connection and provide it to them is one of the things that's, super difficult for us, super challenging for us.

I, think a little bit of frustration there, but I think we want to provide that information in case on the flip side law enforcement can use their tools to make the connections that there are multiple folks being scammed or [00:46:00] victimized by this one organization, this one group o of fraudsters. In terms of, you'll have to remind me the second part of that question, John, in terms of what else?

John Byrne: Just con contacting law enforcement you can't do it on everything you have to make, have vision, and especially the bigger you are, the more difficult it is. I would imagine community banks probably don't feel as reluctant to contact the, again, their local I-R-S-C-I person or what have you on, an ongoing potential fraud.

But I have to imagine institutions your size and bigger it's a, different policy determination.

Ulises Pineda: Yeah. And I think larger financial institutions in general have specific groups that they've designated to reach out to law enforcement in certain situations where we think that it's gotten to a point where, what, we have something here that's in real time that could be dangerous or that could [00:47:00] be of material and import for law enforcement.

At that point. There's policies and procedures governing when we'll reach out to law enforcement specifically so that we can say, Hey, FYI we've done something with this and we want to give, we want to put it on your radar.

John Byrne: That makes sense. Don, I want to come back to you on ai. To give you an opportunity to expand on what you're saying upfront, talk about ai, we talked about some of the challenges obviously in the report indicated.

It's misuse in some cases, but it's also an investigative tool. So talk a little bit about, I don't want to say pros and cons, but some of the ways in which the environment, the community is weighing how to use ai.

Don Fort: It's, Yes, I think it's become, AI has become the most overused term and in the government and financial crime prevention I, it's hard to find a [00:48:00] company now that says they don't use ai.

So I think a lot of these points we've made before when, in our discussions today, but I think for law enforcement is now using and I'll just use the generic ai, they are using ai. In the analysis of BSA information they're really starting to use ai in their ability to analyze potential criminal activity.

The kind of predictive analytics that again I think artificial intelligence and machine learning are really well suited for, because you can look at. A history of activity criminal court cases, information, things that have been filed publicly that detail criminal activity to train the artificial intelligence to be able to potentially [00:49:00] predict when that behavior is going to happen.

Overlay that with the B the Bank Secrecy Act data all these other public databases and law enforcement databases that law enforcement has at their disposal. It's an incredibly powerful tool to be able to determine if criminal activity is occurring. I'll preface that with saying in the law enforcement world.

Where people are being put under investigation and their livelihoods are being impacted you're always going to have a human being, The technology can really help you parse through billions of records really quickly and help you make sense of it. But at the end of the day, you need smart, rational human beings to be able to analyze things to determine ne next direction.

So I think on the law enforcement side, it really does have the potential to be a game changer, recognizing, again, all the examples that we've talked about today [00:50:00] where. The criminals are using the latest cutting edge artificial intelligence. The, anything that they can do to combat the latest precautions.

They are doing it. And it's so interesting to see the parallels between what we talk about partnership between law enforcement and financial institutions, and the sharing of information what the criminals are doing. They are sharing information. They are sharing information about which, which cryptocurrencies law enforcement is able to detect and trace which identities are most successful now, where you can find them, where you should use them, where they you can have the most success.

Which institutions are multiple most vulnerable. So it's this, again it's not a new issue, it's this cat and mouse. Where you've got. Law enforcement and the criminals are always slightly a ahead [00:51:00] of the curve because for the criminals, there are no regulations they have to follow. Again, the entry point into ai and you don't have to be successful many times to be profitable.

They can put so much out there. I think probably everybody that's listening to this webinar at least once a day, I get something that I a hundred percent know is a phishing scam, It's a text, it's an email and we laugh about it, but our parents are not people that are not as technology savvy are clicking these and losing money.

And just two, two quick points on that. I think what, where we need to make. Inroads as a society is the education piece, if and we know because this is the life that we live in. So we're always skeptical, but a lot of people are not, and particularly the elder generation, and this is how [00:52:00] these elder frauds occur.

And then I recently had another situation where it's not even a, like a, high tech attempt of fraud. I was on a website looking to rent a property and it wasn't like A-V-R-B-O or an Airbnb, it was a lesser known, but looking to rent a piece of property for a few months. And I found something and I was interacting through a reputable website, interacting with an individual that I quickly realized was just sending me information that was publicly available on Zillow.

They had actually, they knew who the owner was because the property records are open source. They have all the pictures from the property because it's all out there on Zillow. They can create what looks like an invoice on chat GPT in two seconds. And I quickly sniffed it out, but when we called around to let people know they had [00:53:00] already had a number of individuals that had sent money and there's no way you're getting that money back.

It's just, again, a very low tech example of what's going on in ai. And I think the overall importance of the education piece has to be that, that's paramount.

John Byrne: Y just a quick question. The question came in, but I alSo, I'm interested in this. Do you see a scenario where banks would use AI in some fashion to fill out SAR narratives?

Ulises Pineda: I could see a scenario where you use it to a certain degree, but at the end of the day, you need humans to really look at the data, look at the transaction, be able to take all of the information that maybe AI puts in front of you, and then write a cohesive, concise narrative that would be beneficial for law enforcement.

I don't see a point in time where we take a human out of that [00:54:00] star writing process.

John Byrne: Oh, I agree with that. We have about five minutes left. We have some good questions, but I, and I know we could do a whole couple of webinars on this next topic, but I just want your top of the line thoughts on crypto fraud.

Now that we've become the crypto capital of the world, apparently obviously crypto fraud is a major issue from a banker's perspective. What are some of the questions you would ask before engaging with clients that are engaged with crypto or crypto exchange from a fraud perspective?

Only, not asking about the value proposition, Ulises, but just in general, I'm sure you and your colleagues are talking about this. What are some of the high level things we need to ask from a fraud prevention standpoint?

Ulises Pineda: Yeah what we're talking about clients who are getting into the crypto space it's really what are their controls that do they have in place?[00:55:00]

Strictly from. An AML standpoint from a fraud prevention standpoint, what are they doing to protect potential consumers when it comes into that area? And honestly, I don't think there is enough knowledge across both consumers and businesses who are trying to get into this space in terms of how they're going to protect consumers at the end of the day with, crypto.

And also from a banking standpoint. Traditionally we've all just been in regular fiat and that's pretty much it. Now trying to get a whole host of investigators to understand how crypto works, even now when it comes to scams and our clients being victimized and taking those funds to crypto kiosks,

When we have our fraud investigators asking questions about, can you provide us the receipts? From those crypto kiosk, can we, [00:56:00] that way we can get wallet information, trace funds, things like that. That's a whole new education piece for, from a frontline standpoint for both bankers and for fraud investigators.

John Byrne: Don, your thoughts high level again, I know we can talk a lot longer. Yeah. What are some

Don Fort: There's just in general on the cryptocurrency and smart contracts and things like that. I think there's. There, there is some huge potential, but there's and I think it's definitely here to stay, but there's also the potential of fraud,

And, agree with Ulises a hundred percent. The lack of knowledge is hard to overcome. It's not just in the financial institutions, it's a general public. It's in parts of law enforcement and whatnot. There needs to be more education on it. And it's not the easiest topic to wrap your brain around,

[00:57:00] It's, we talk about this public ledger, but it doesn't give you who the person's name is. There, there are a lot of frauds out there. I think there's also you what you led with it. The state of affairs in crypto in the US has drastically changed in the last six months. There's not a lot of regulation out there, unlike other instruments that are being used.

And I think that what people, some people don't realize is you give up your private keys, you just gave up your crypto and you're not getting it back. It's not like other instruments that. Law enforcement is going to be getting this money back for you. These horrendous pig butchering schemes that it's been reported, that's like $75 billion has been lost in these schemes.

And these are just your basic romance schemes in a lot of cases. [00:58:00] But that there's very difficult and complicated to get that money back. So again I think there's a lot of really positive potential going forward, but there's a lot more knowledge. And I think, again, personally, it's regulation that needs to go into play in this area.

John Byrne: Gentlemen, I really want to thank you for taking some time today, but I want to give you 30 seconds for a quick takeaway. So you list these, I'll start with you. Takeaway.

Ulises Pineda: Yeah. I think most importantly it's the communication, the information sharing for fraud. I think that's one area where we continue to try to make headway with, and I encourage everyone to, do that within their regional networking groups and across the country.

Really try to leverage your connections, both at different financial partners and with law enforcement partners to be able to protect our clients and also the banks and do the best for law enforcement because that's why we're here, [00:59:00] Don.

Don Fort: Yeah, I would say two quick things. If you are a banker or working a financial institution, make a connection with somebody in your local regional law enforcement if you don't already.

And flip side, if you're a cop or a financial investigator start to make the, make a connection with somebody and you're in your own area. And the other I said is, again, a theme that's come up today is education. Talk to your friends and your relatives and your children about these, scams.

We, we have to spread the word because it's only going to get worse as these deep fakes and whatnot. Continue accelerate.

John Byrne: Ladies and gentlemen, thank you for spending this hour with us. Be sure to subscribe to our This Week in AML podcast that come out every Friday. A number of lengthier podcast interviews will be posted in the next couple of weeks.

One is with the head of the charity and security network on issues dealing with the de-risking and [01:00:00] others. And one with Lisa Arquette, the recently retired FDIC official that did A-M-L-C-F-T for many years and her views on where we are today. I want to thank Don Fort and Ulises Pineda for their time today.

Ladies, gentlemen, thank you so much for the questions we didn't get to. We're going to figure out a way to get to those questions probably in our This Week in AML podcasts. But thank you so much for spending some time sharing your views and being engaged. Everybody have a great Labor Day weekend and we'll see you next time in for our September webinar.

Thanks everybody.

Don Fort: Thanks everybody.