GenAI is already helping criminals circumvent standard CDD and KYC practices.
The tried-and-tested process of keeping soft and hard copies of a private banking client’s passport or ID card for identification purposes is becoming obsolete as we speak.
A warning sent on Wednesday by the US Treasury Financial Crime Enforcement Network (FinCEN) could even be the euphemistic, pivotal asteroid that triggers the extinction of the increasingly frail external consultant-vetted, back office CDD infrastructure in the business with high-net-worth clients.
Modifying Images
«FinCEN’s analysis of BSA data indicates that criminals have used GenAI to create falsified documents, photographs, and videos to circumvent financial institutions’ customer identification and verification and customer due diligence (CDD) controls,» its statement indicates.
According to them, the new tech makes it easier for criminals to forge critical documents with fewer resources and in less time, and that is exactly what has been happening.
Opening Accounts
GenAI has been used to alter or generate images for driver’s licenses and passports although that is not the worst of it.
They indicated that so-called malicious actors have successfully opened accounts with fraudulent identities and it recommended banks protect themselves in a variety of ways.
Live Selfies
But they quickly veer off into the direction of the overly technical by suggesting phishing-resistant multifactor identification and live verification checks under which a client is prompted to confirm their identity by audio and video.
That is something we at finews.asia foreshadowed in September by suggesting that private bankers would soon be having clients take selfies with their identification documents, without the attendant tech overlays, as that will quickly become clumsy and difficult.
Banker Impersonation
Another issue that FinCEN points out that warrants concern for wealth managers is the ability of fraudsters to impersonate executives or relationship managers, requesting back offices to transfer funds or investments to illicit accounts.
This is a large risk in harried, understaffed operations teams experiencing constant fluctuation and a large proportion of relatively junior employees, particularly in more hierarchical institutions.
Additional Operations Work
FinCEN did offer up several red flags, although the burden and responsibility lie on the financial institutions and the individual employees.
That is going to be a big ask, particularly in figuring out whether a client’s photo is internally inconsistent or in cases when they present multiple documents that don’t match, as operations staffers rarely win the day when relationship managers and executives get involved when it comes to important clients and given that few in the financial industry, from top to bottom, are imagery experts.
Process Breakdowns
And we are not even getting into the fact that any process that requires employees to do a reverse-image lookup or open-source check of identity photo matches against an online gallery of GenAI-manufactures faces is practically asking for systematic and regular procedural failure.
We recently published an interview with AU10TIX chief development officer, Ofer Friedman, a global leader in digital IDV matters, and he agreed with that take: «The responsibility of detecting sophisticated identity fraud should not be put on the banks' employees, but on their fraud detection vendors, who are best equipped to handle such advanced threats.».
