The Asia Pacific region is more vulnerable to fraud than anywhere else in the world, and it could upend client due diligence for wealth managers.
We can talk about the wonders of generative AI in our tech-driven age, but the humble passport or ID copy, saved as a PDF and printed on paper, still reign supreme in finance.
It is the glue holding together a private bank’s account opening and KYC processes in most regional financial hubs, and a must-have for such eminent regulatory authorities as Hong Kong’s Securities and Futures Commission (SFC).
The New Deepfake
An updated Monetary Authority of Singapore circular from early 2022 shows a willingness to tread new, more hallowed grounds, but an unwritten fallback shines through the entire eight pages of electronically delineated nirvana. Again, the humble passport or ID card copy.
But concerns loom over the current state of affairs, as a global identity fraud report issued by global ID&V leader AU10TIX released overnight indicates. According to them, impersonation bots are the new deepfakes.
Malicious Bots Everywhere
It appears they can take a selfie of an individual holding up their passport for verification purposes, and with a few steps, transform it into someone who is a completely different age and gender. And we are not even getting into names and birthdates here, the sine qua non of all traditional financial crime suspicious activity monitoring systems.
Although this kind of activity is currently focused on social media, no one should rest easy, as AU10TIX maintains that almost one-third of all internet traffic is now driven by malicious bots that are out to get us, our money, and our digital likenesses.
World Leaders in Fraud
Added to that worry is the Asia Pacific region itself. AU10TIX had no good news here either, as the region had the world’s highest fraud rate in the second quarter, with 3.27 percent of all transactions being fraudulent - on top of an almost one-quarter increase between 2022 and 2023 no less.
Indeed, there was one focused mega-attack in Asia that featured over 5,000 faked onboarding attempts – a fact that is sure to raise the heart rate of any financial crime officer and due diligence team manager working for a small branch of an international private bank.
Widespread Concerns
Beyond that, in our very own neighborhood, the number of deep fake incidents was up by an alarming 1,530 percent, with the widespread institutional concerns related to the uptick in fraud being amply voiced by finews.asia in several recent articles.
The MAS, in its abovementioned circular, did try to get ahead of the pack by extensively discussing fraud and impersonation risks, saying that several financial institutions had already introduced controls to verify clients through video conferencing processes with liveness checks and specific questions.
«For example, some FIs have trained staff involved in the video-conferencing process to specifically look out for the requisite authentication markers on the ID documents displayed by the customer on screen,» the MAS indicates.
Institutional Habit
But, still, in certain cases, MAS guided readers to the good old way of doing things and an institutionally settled way of managing our digitally crime-ridden times.
«FIs should institute additional measures to verify that the soft copies of documents are genuine, such as by obtaining an original certified true copy or requiring suitably qualified persons to use digital signatures or watermarks to certify the authenticity of the soft copies of the documents,» it guides readers.
Selfie to the Rescue
AU10TIX, for its part, has a different take. They believe that selfies stop fraud, although they weren’t quite as clear about what stopped a good selfie from becoming a bad selfie.
«The numbers show that deepfake synthetic fraud (variations on document numbers and face pictures) is becoming more common, while verification through selfies has repeatedly proven to deter attempts at identity fraud,» they maintain.
Big Hold Up
Although they were not directly discussing the ins and outs of KYC and due diligence at private banks and wealth managers, there are some interesting takeaways.
Relationship managers may be put in a position very soon where they will have to ask clients, either on a videoconference call - or over lunch - to take a selfie while holding up a passport or ID card, after which they vouch internally that it is the correct document and likeness.
No Breach Here
As usual, it will be up to management, compliance, and operations to figure out the exact modalities of how that should get done without unintentionally breaching written, or unwritten, etiquette with the client.
Already, that sounds like it entails an entirely new internal process document chock full of flow charts and attractively placed little sidebars listing key dos and don’ts – and a nice little form at the end in the appendix where the bankers are asked to sign their name in figurative blood, testifying that the image and the document is a true likeness of the client they know.
Free Selfie Sticks
But that is probably overthinking the current banking reality.
Still, if you are a senior executive, the branch manager, or the COO, you better get comfortable with the thought of giving your private bankers free selfie sticks.
