Transcript: Andrew Davies podcast

Our senior reporter Carmen Cracknell spoke to Andrew Davies about financial crime and fetanyl.

This is a transcript of the podcast Andrew Davies of ComplyAdvantage on financial crime and fentanyl between GRIP senior reporter Carmen Cracknell and Global Head of Regulatory Affairs at ComplyAdvantage, Andrew Davies.


Carmen Cracknell: Welcome back to The GRIP Podcast. In June, the US Department of Justice issued the first ever charges against fentanyl manufacturers in China, the primary source of a drug that has become the leading cause of death for Americans aged 18 to 45. While the movement of illicit funds in the illegal drugs trade is not a new phenomenon, the figures show the extent to which the issue has become amplified. I’ll discuss this and more with today’s guest, Andrew Davies, Global Head of Regulatory Affairs at ComplyAdvantage.

It’s great to have you here, Andrew. Could you just start by talking a bit about you and what you do at ComplyAdvantage?

Andrew Davies: Sure. Yeah, thanks, Carmen. So my name is Andrew Davies. I’ve been in the financial services industry since the mid-90s, so probably before most of the people on this podcast were born. Spent a lot of that time in the United States. I’m originally from London. And what I’ve done over those years is really look at how technology and data can be used to manage financial crime risk. And this includes things like money laundering fraud and the predicate crimes for money laundering. And what I do at Comply is I actually run a team of subject matter experts, what we refer to as customers in residence, and they help bring their expertise, their experience in the industry to support our customers, to support the industry as a whole, so speaking to different industry groups, to try and figure out how we can more effectively solve the problem that is financial crime, which is a sort of perennial problem and is ultimately an arms race between criminals and legitimate parties that are trying to stop the illicit flow of funds and the stealing of funds from different organisations. So that’s what I do. I’m a super enthusiast for this space. I’m delighted to have the opportunity to speak to you.

Carmen Cracknell: Likewise, great to have you here. I know you’ve done quite a bit of research into fentanyl and your piece on the Department of Justice’s fentanyl actions. It’s all over the mainstream news, but it isn’t a new phenomenon, is it?

Andrew Davies: I don’t think it’s new. I think that’s part of the problem. The illicit flow of funds from drug trafficking into the legitimate financial system has been going on for decades at this point. I think the potency of fentanyl in particular has brought this into sharp focus the number of deaths that are caused by either illegally produced or illegally acquired fentanyl. I think that sort of brought this to the front of mind for regulators around the world. But certainly this is really nothing new. We’ve seen drug trafficking and the proceeds of drug trafficking being laundered through the system for decades. One thing I would say is that many of the regulators around the world have, and this comes from European regulators, the FCA in the UK and fincen here in the United States, where they’re broadening their focus.

This is sort of a natural evolution that I’ve seen in the industry where we started off with where can technology help us manage different types of financial crime risk? Initially, that was around sanctions. But right now, fast forward to 2023, and the regulators are saying, well, the technology, unusual financial behavior could be indicative of fraud, the different stages of money laundering, or some of the predicate crimes for money laundering, which include drug trafficking, human trafficking, child sexual exploitation, all of these things. And that’s, they’re becoming more prescriptive and providing guidance on these, on how to detect and the importance of detecting some of these predicate crimes for money laundering, rather than just having a sort of an overarching notion that we should be detecting money laundering.

And I think that supports the sort of, what I call really sort of three dimensions of financial crime risk. One is your compliance obligations, right? So why I have to stop the proceeds of crime, the proceeds of these predicate crimes being laundered through the system, that’s, and the regulators require me to do that. AMLD-6 identifies these predicate crimes, the finder national priorities identifies these crimes. But then beyond that, there’s obviously the reputational risk. People don’t want to do business with organizations that are lack integrity, that facilitate these illicit activities.

And then I think most importantly, the, at least for me, what inspires me and what I know inspires people in the industry is detecting and uncovering this criminal activity in support of the moral imperative. Our society is affected by the illicit sale and production of drugs. We see, you know, if you go to an airport in the United States right now, and you go to the restroom, there’s almost inevitably a sign about child sexual exploitation and looking for red flags. And people want to want to support these initiatives. And I think that’s what’s the sort of sea changes at the moment. And that’s notwithstanding even the this my whole sort of like commentary on the the potential of technology and the potential of data to actually allow us to be more effective in fighting financial crime.

Carmen Cracknell: And from a financial crime perspective, do you think regulators are adapting their guidelines to fit around the tech and the modern challenges?

Andrew Davies: Yeah, so there’s, there’s lots of things that the regulators are doing, in my opinion. So, for example, the FCA in the UK, the Monetary Authority in Singapore, and then fincen here in the United States, they’ve reached out, they do outreach to financial institutions, but also technology vendors to figure out, you know, what data is available, what innovation is going on in this space to more effectively manage these risks. They’ve also been very proactive in providing guidance on, you know, what is a practical application of technology to uncover, for example, drug trafficking. And they’ve got I mean, fincen, for example, had an advisory where they actually list different typologies. So the approaches that people are that criminal activity, criminal groups are using to actually launder the proceeds of fentanyl production and sale. I think they’re being much more prescriptive. There’s a lot more collaboration with the regulators and financial institutions. And then there’s, there’s an overarching group called the Financial Action Task Force on Money Laundering. There’s a sort of intergovernmental group that has provided fantastic guidance on the nature of the problem related to the proliferation in opioid use, how you can collaborate more effectively to mitigate the these criminals, and then also sort of different typologies, so different types of things, the red flags that you can you can look out for. So I think the regulators have been approaching this different differently and in a more collaborative way.

Carmen Cracknell: The DOJ announced recently the seizure of enough fentanyl precursor to kill 25 million Americans, which shows the scale of this issue. Can you outline the three phases of how we got here to this point?

Andrew Davies: Well, so I think the three phases that I sort of referred to was what I call my sort of like three pillars of financial crime risk management, compliance obligations, moral imperative and then sort of reputational risk and those sort of three dimensions that organizations care about when they’re implementing technology and when they’re trying to uncover and deter and remediate these particular types of criminal activity. But what’s fascinating to me, because I’m so old, is the sort of evolution of how technology has been applied. So if you think about this as a macro level problem. 25 years ago, the United Nations said that around 2 to 5% of global GDP is laundered through the financial system. Right now, according to the Financial Action Task Force, that 2 to 5% of global GDP, which is around one point six to three point six trillion dollars, as far as I know, that that that’s made up of at least tens of billions of dollars that are laundered through the global financial system as the proceeds of the illicit production and sale of fentanyl. Right. So they’re staggering numbers. Twenty five years ago, it was 2 to 5 % of global GDP.

Right now, it’s 2 to 5% of global GDP. Financial institutions and the industry as a whole have spent a lot of money trying to develop technology and to stop the proceeds of criminal activity being laundered through the financial system. So we’ve gone through this evolution where we’ve had a problem, we’ve tried to solve it with technology, and we haven’t really been successful as an industry. Now, what’s changed at this point in time as we’ve gone through that sort of chronology of where we started doing simple rules and then using behavioral analytics. And now we’ve got we’re at a point where we’ve got more data than we’ve ever had before. We’ve got better technology to make inference on that data about these sort of criminal activities. And I think that’s where we’re at this sort of like exciting point in the in the industry around stopping these predicate crimes. We just have better technology and better data.

Now, of course, the criminals have better technology and better data as well. But I think we need to obviously we need to if what they don’t have is the ability is the vast amount of data that we have if we collaborate as an industry. And that’s what’s being advocated by the F.A.T.F. by fincen. I mean, there’s been some great examples, I think historically of US law enforcement collaborating with the narcotics control bureau in China to, you know, dismantle a fentanyl production facility. So there is there is this collaboration. Collaboration is key to solving this problem across that compliance obligation, reputational risk and then the moral imperative. Yeah. How is data turned into action and policy? So the I guess there’s the way it’s turned into action is so individual organizations, whether this is a financial institution, whether it’s a fintech company or whether it’s just a corporate that’s providing certain materials that could be used in a production facility, for example. So they have access to the data. They can use that data to make inference on that data, whether that’s something that’s derived from a previous investigation, whether it’s something to say, oh, this is an unusual activity for this particular customer of ours or this particular vendor. Now, you can do that historically. So look at a pattern of activity over time. You can look at how people are using your products and are they deviating from how you anticipated them using the product.

And then you can also look at, you know, is this business that supplies these precursor drugs operating in a different way than my other customers or my other vendors that are producing these precursor drugs? I think that that’s using the almost sort of behavioral data. This goes beyond financial transactions. It can be any sort of data that you can make an inference on to uncover anomalies. And the fascinating thing, and this is where I think the regulators are sort of where the industry and the regulators are super smart is some sort of anomalous behavior by a customer could be money laundering, could be related to human trafficking, could be related to fraud, could be related to terrorist financing. So we’ve got this data, we’ve got this ability to make an inference on it, and then look at it through these different risk lenses. I think the so that’s sort of how you can take action based on data. Now, from a policy perspective of the the regulators, they can encourage and facilitate the sharing of that data. And now in the US, there’s something called 314 B’s at the section of the USA Patriot Act, where participating organizations are able to share data. I think that’s going to be a if we could do that on a global scale, prescribing different types of red flags and typologies by the in the legislation, taking guidance from the FATF. That’s how in policy we can support the actions and mitigate the risk.

Carmen Cracknell: Yeah, and I know, at ComplyAdvantage, you’ve talked about taking a risk based approach. And how that’s helpful in this context, what are the principles of that exactly?

Andrew Davies: Oh, I mean, the risk based approach is the is the sort of foundation, the cornerstone of this industry. We know one of the ways to stop financial crime is to stop every transaction that Carmen does and take a look at it, right, have a human look at it. And they’re not not withstanding any, you know, the, the employee is complicit in the in the criminal activity. But you can stop everything. And if as long if you have the where we’ve all to look at it, of course, that’s not practical. So what what risk based approach is saying, okay, how do I, it’s almost like the categorical Kant’s categorical imperative, right? How do I basically service most of my customers, well, whilst also managing my risk and stopping those sort of nefarious activities. So risk based approach is, let me look at my products, let me look at my customer base, and let me monitor them in line with what what financial crime exposure I think I have with these relationships and these transactions.

So it’s, it’s like anything in life, it’s about balance, managing risk, whilst also not introducing too much customer friction, and not generating what we what we in the industry refer to as too many false positive alerts. And of course, it’s super this is super cool subject, because if you think about financial services as a whole, it’s gone through such a sort of transformation over the last sort of four or five years, you know, the obviously the pandemic was a bit of a catalyst for that, but it was moving down this path anyway, with the advent of open banking. And if you’re a traditional financial institution, you’re competing with fintechs who are really good at the customer experience. So you want to make sure that your traditional financial institution has an equally good customer experience as these FinTechs.

And of course, one of the things that you don’t want to do is introduce friction, because you’re, you know, super concerned about fraud. I mean, the so risk based approach is essentially saying, what’s my exposure with these products? How do I balance that with the delivery of these and the servicing of my customers in the context of these products? And then you map that to those three dimensions I talked about earlier on, you know, I need to adopt this risk based approach to fulfill my compliance obligations to manage my reputational risk, and then supporting the moral imperative.

Carmen Cracknell: Just moving on to a question about crypto, it’s pseudonymous. So what is its role in all of this?

Andrew Davies: So there’s actually a couple of good reports on the volume or the amount of money that’s suspected to be laundered through virtual assets and crypto. And crypto itself, of course, isn’t any sort of nefarious product. And also, it’s the underlying technology that gives that ability to anonymize or encrypt the data, right? So in the blockchain, you can have that secure data sources. So I think that the relative to traditional financial institutions and traditional financial products, the amount of money that’s laundered through crypto is still small. However, the criminals, you know, when we’re talking about criminals here, we’re talking about transnational criminal organizations. I think according to fincen revenue derived from transnational crime is, you know, $2 trillion annually. So we’re dealing with sophisticated organizations that will try and use these other products to fulfill their criminal activities. So I think that in and of themselves, they’re good, right?

Anything that, you know, if you think about international payments over the blockchain, something that could be instantaneous with no intermediary financial institutions facilitates the rapid movement of money, facilitates global trade. But of course, the anonymous nature of the transactions does introduce some inherent risks. So we have to figure out how we can manage that risk, given that, you know, the limited amount of data that we’ve had. But certainly, the criminals will try and take advantage of these types of assets, not only for criminal activities, but I think there’s been an uptick in the use of virtual assets for funding extremism. So that’s something that we have to be aware of as well. But I think according to one of our partners is Elliptic. And according to their chief scientists, you know, they talk about, you know, there is certainly a significant demand from suppliers to be paid in crypto for fentanyl related activities. The fascinating point, of course, is that, you know, to turn those virtual assets into some sort of legitimate asset, generally, you have to move it to a fiat currency. So that off-ramp into fiat from crypto is an opportunity for us to sort of disrupt that flow of funds and uncover the illicit activity. You mentioned a number of international organisations like the FCA, fincen and Singapore authorities.

Carmen Cracknell: Is there enough progress being made with international efforts in terms of collaboration and setting standards for screening and monitoring?

Andrew Davies: I think in the report from the FATF, they talk about the sort of need to do more with international collaboration. There’s certainly been bilateral enforcement actions. And there’s certainly a lot of collaboration between the regulators. I think having a standard mechanism or standard mechanisms to collaborate is one of the outcomes of the FATF report. It says, you know, we certainly need to do more. I think there has been a sort of standardisation of the predicate crimes with AMLD-6, with the fincen national priorities. And this sort of almost equalisation or normalisation of the approach to managing financial crime was actually brought into sharp focus with the sanctions regimes around the war in Ukraine. People were trying to communicate more to sort of normalise the things that people were looking for, and in that case, the sanctions list. I think there’s certainly a lot has been done. I think there’s certainly more to be done with respect to collaboration between the regulators and also public-private partnerships. I’m involved in a couple of sort of think tanks with providing guidance to the lawmakers here in the United States. And I think that collaboration between the industry and the regulators is sort of key. And then at a macro level that the regulators collaborate in internationally. There’s got to be better ways of us sharing insights, maybe without sharing necessarily sort of PII data, but at least sharing insights across the industry between regulators, vendors and financial institutions.

Carmen Cracknell: Why is China’s role in this so challenging? And do you think there’ll be more US sanctions against Chinese entities?

Andrew Davies: So I think there certainly has been collaboration between the US and China in enforcement cases around fentanyl. I mean, I think there’s certainly needs to be more collaboration. There could potentially be more sanctions. I mean, I can’t really comment on that. It depends on the sort of nature of, you know, if we talked about balance in the context of the risk-based approach, well, sanctions is also about balance in your relationship and the global geopolitics. So who knows? The Chinese regulators have certainly shown a willingness to collaborate with the US regulators and law enforcement.

So I think it’s, you know, if you think about the precursor drugs for fentanyl production, they can be legitimately produced. And of course, organizations may have legitimate production facilities. But what then happens to those precursor drugs and who’s actually purchasing them? And the cartels, for example, they’ll use shell companies. So it could be difficult for an organization in China to sort of uncover the true ownership structure of one of their customers. But certainly there needs to be more done. I mean, if nothing else, you know, nobody wants to be, you know, facilitating the death of millions of, you know, tens of thousands of people because they’re using these sort of potent drugs illegally.

Carmen Cracknell: Yeah, I guess there’s a need to maintain diplomacy for the US. So it’s a hard balance to strike.

Andrew Davies: Yeah.

Carmen Cracknell: What’s the future outlook for tackling financial crime?

Andrew Davies: The one thing I would say is that is super encouraging is, you know, it shouldn’t be seen as a problem that, you know, there are these predicate crimes for money laundering. One of the things that we do at Comply is we basically map news data, for example, from smart people like you from sort of journalists, and we map that onto these predicate crimes. So it could be human trafficking. There’s big enforcement action here in the United States this year around an organization not understanding that their customers were linked to child sexual exploitation. So I really want to sort of like have that perspective that there are these terrible predicate crimes, but we have the wherewithal with data and technology to be more impactful in detecting and deterring these financial crimes. And what that ultimately does is it makes the financial system and the ecosystem of players in the financial system, it supports integrity and security within that framework. And it’s a positive thing that we can use this technology at this point to have more impact, because that ultimately will be able to positively impact people’s lives.

Carmen Cracknell: Yeah, I did have a question actually at the end, but I felt like we covered it, but maybe you can say more. AI is the buzz term at the moment. So beyond kind of using it to mine data, I guess, if I’ve got the right idea there about what its use case is, to what extent will it replace the human element and human judgment in addressing fraud?

Andrew Davies: So that’s a good point that you made there. So one of the things that we use machine learning and AI for is one of the things that we use machine learning for is to curate and capture data. So if there’s an article in a newspaper that we want that covers one of our, that covers a particular financial crime, we’ll map that to particular typologies of financial taxonomies of financial crimes, so fraud, money laundering, human trafficking, etc. So in that securing and curating of data, we use machine learning there. The industry as a whole is using, is also taking machine learning and using it to better detect unknown unknowns, right? I can say Carmen’s activity at her bank deviates from its historical norm, that could be because it’s subject to being subject of fraud or it could be that someone is using your account as a pass-through for money laundering. But beyond that, we can use machine learning to uncover these sort of unknown unknowns. And one of the inputs to those models that uncover those unknowns is the outcome of human investigations. So rather than look at it as an opportunity to replace analysts, it’s complementing what analysts are doing so they can be more effective in managing these criminal activities. So what that basically means is you end up with a smarter model and then it constantly gets better over time because you’ve got a feedback loop or a symbiosis between the technology that which is being detected as suspicious and the outcome of a sort of human analyst’s investigation. I call this the sort of spidey sense that feeds back into the model to make it more effective and then over time it just gets better and better. And then the whole rationale is to support that moral imperative and do better than detecting 2 to 5% of global GDP, right? We can certainly do better than that. The UN says that we detect around less than 1% of the money that’s laundered through the global financial system. Well, I don’t know about you, but you know, when I was way back in the mists of time when I was taking examinations, if I got 1% that wasn’t considered very good. We can certainly do better.

Carmen Cracknell: Definitely. Well, it’s good to hear AI being used as a force for good.

Andrew Davies: Yeah, it has to be balanced with all of those things that model risk governance and making sure that we don’t have bias models.

Carmen Cracknell: Yeah, that data bias is a… Did you want to say a bit about that? I always throw that question in as well. How much of an issue is that in your sector?

Andrew Davies: It’s certainly an issue. You think about there’s legislation, consumer protection legislation in many, many countries. And one of the things that needs to factor into that is that we appropriately use unbiased models. And certainly Chuck Schumer in the Senator for New York has actually raised recently raised or created a group that’s looking at how we can use machine learning in financial services without introducing unnecessary bias. It’s a real tricky one in the financial crime space because something like demographic information or age information can be very useful in uncovering different types of scams.

And if you look at the Federal Trade Commission statistics, the profile of criminal activity against people that are over 65 versus between 45 and 55 and then younger groups, they actually change. So how do you use that information without introducing bias? It’s very complicated, but certainly something that we’re aware of and there’s been a whole groundswell of activity in the industry to solve that problem.

Carmen Cracknell: Good to hear. Lovely. Well, thanks so much for joining me, Andrew.

Andrew Davies: Okay, brilliant. Yeah, I really appreciate it, Carmen.

Carmen Cracknell: Lovely. Thanks very much.

Andrew Davies: Anytime. Have a great day.

Carmen Cracknell: Take care, you too.

Listen to the audio.