Greater use of artificial intelligence (AI) by criminals is ‘probably the most significant’ growing risk facing those seeking to prevent financial fraud, according to a senior UK official who has spent his career within the civil service and law enforcement focused on fighting fraud and serious organised crime.
“We’re not seeing AI used at scale in fraud yet,” said Nick Sharp, deputy director in the National Economic Crime Centre (NECC), during a panel discussion at a UK-focused conference in London. “I would say it’s probably the most significant risk facing us, and there’s going to be an innovation ‘arms race’ and we’re going always be behind, if you’re on the ‘good side’ of the fraud fight: a criminal can innovate fast and just use it and come up with a scam,” he warned. “We will take long time to keep up with that unless we take innovation as a default position.”
Fraudsters are able to use AI to impersonate people and mimic voices. But the technology also offers opportunities for authorities to help detect and prevent scams, for example by using machine-learning models.
Addressing the topic of ‘Financial crime, fraud and payment scams’ at the ‘Payments Regulation and Innovation Summit’ on 25 January, Sharp – who moved to the NECC four months ago, having previously spent more than 17 years at HM Revenue & Customs (HMRC), latterly as deputy director economic crime – also highlighted the challenge of tackling AI-enabled crime in other crime types, such as child sexual exploitation and abuse.
Nick Lewis OBE, managing director – high risk client unit at Standard Chartered Bank and a former senior British public servant tackling organised crime at a global level, said there was a need “to try and ‘calm the horses’ a little bit” – a reference the global hype around AI, which, he said, brought both risks and opportunities for fighting fraud.
RELATED ARTICLE Fraud fighters: public authorities look to fuse technology with data to battle criminals – write-up of a Global Government Fintech webinar on 7 November 2023 on the topic of ‘Following the money: how can data and technology combine to help governments beat fraudsters?’ (the panel included representatives from the German and Spanish governments)
UK fraud strategy’s nod to AI
The conference was taking place less than a year after the UK government published a fraud strategy (‘Fraud Strategy: Stopping Scams and Protecting the Public’) that noted that ‘the emergence of new artificial intelligence large language models such as ChatGPT and clever machine learning tools allows fraudsters to target and tailor their scams to be more effective’.
The strategy, published in May 2023, referenced the planned signing of an ‘online fraud charter’ – a voluntary agreement between the UK government and big tech companies that aims to reduce fraud on the latter’s platforms and services. Published in November 2023, the agreement was described in the 74-page strategy document as ‘vital because of the growing threat from online fraud, and from criminals abusing cutting-edge technology to commit fraud’. It noted that ‘one recent example is the developments in AI large language models like ChatGPT, Bing and Bard, which can allow fraudsters to create ever more persuasive fraudulent communications, email and voice calls.’
Signatories to the charter agreed to adopt numerous measures within six months, including having dedicated liaisons who will respond to law enforcement requests (and other law-enforcement-related commitments); as well as ‘delivering simple messaging to support the public to recognise and avoid online fraud’.
Ronya Naim, money laundering reporting officer and head of financial crime at UK-headquartered fintech company ClearBank, was also a panellist. She highlighted that the general public were typically unaware of the potential of generative AI (AI that generates text, images or other data using generative models) and its use by fraudsters. “The average person has no idea that this is happening or is even out there,” she told the audience at the event, which was organised by conference company City & Financial Global.
The panel’s AI-related comments were in response to an audience member’s question during the session’s Q&A segment. Naim made comments in a similar vein during the main discussion, flagging the need for greater “consumer awareness and community outreach” about the risks of fraud and financial scams. “Sometimes we’re just putting slight Band-Aids [adhesive bandages] on the issue, and not really talking about the kind of root-cause,” she said.
*** JOIN GLOBAL GOVERNMENT FINTECH’S LINKEDIN COMMUNITY ***
More ‘intelligence’ and more ‘impact’
During the main part of the discussion Sharp highlighted three developments from a law-enforcement perspective that should help in the battle against financial fraud.
First, what he described as a “reboot” of the UK’s Action Fraud service in the next few months. City of London Police appointed two companies last year – Capita and PwC UK – to provide the fraud and cybercrime reporting service that will replace Action Fraud.
Second, “increased use of intelligence in the whole system”, including the launch of a ‘Fraud Targeting Cell’. This was mentioned in the government’s fraud strategy, which states that the NECC would ‘establish a multi-agency fraud targeting cell that draws on all source data to improve system-wide understanding of the threat and produce high quality intelligence packages’ and that ‘as a result, collective resources will be directed to where they will have greatest impact.’
Third is increased manpower. As also mentioned in the fraud strategy, a ‘National Fraud Squad’ (NFS) is being set up ‘dedicated to pursuing the most sophisticated and harmful fraudsters’. Sharp referred to this as a “big uptick in capacity in the system to take on casework… more people to send out onto the street to investigate.”
But, naturally, multiple challenges remain. For example, most fraud against people in the UK is committed by criminals physically located outside the UK, which means working across borders.
RELATED ARTICLE UK anti-fraud and economic crime legislation aims to tackle fake identities – a news story (30 October 2023) on the Economic Crime and Corporate Transparency Bill gaining Royal Assent
‘Huge chasm’ across borders
Lewis reflected that “huge opportunities” had been missed by organisations “over the years to build out and understand the sophistication” behind certain types of fraud.
Organised financial crime had, he said, evolved from cases where “whole villages” in Nigeria were “hand-writing letters to be posted to 1,000s of people around the world asking them to invest in various dubious schemes” (known as ‘419 fraud’ – a reference to a section of Nigerian criminal code) to “bad guys” being able to send out “millions of emails and phonecalls from robot call-centres in almost no time at all”. “They only need a very small success rate to start making lots of money from those,” he said.
“One of the problems we have in the UK is the absence of an international response to this,” he said, later referring to a “huge chasm” in financial crime information-sharing.
Information flows from the financial sector to law enforcement agencies had improved over time, he said. But it’s not necessarily the same in the other direction, despite the growing number of programmes and partnerships designed to encourage high-quality two-way information flow. “This happens in pockets of excellence, but it’s not thematically executed across the globe,” he said.
Lewis also noted what he described as “creeping outsourcing of government policy and law enforcement activity” to the private sector (a trend most notable, he said during a later part of the discussion, in the area of sanctions).
RELATED ARTICLE Hong Kong authorities launch public-private alliance to fight scams – a news story (4 December 2023) on Hong Kong authorities and major banks forming the ‘Anti-Deception Alliance’
‘Every nation is slow’
“I really like it when I see a government – UK, Australia, US – sharing typologies and risk factors as openly as they can,” Sharp responded. “There is a tactical consideration with a lot of that [however], which is partly that you are ’showing your hand’ but also, partly, the businesses also want to feel that there’s a point of co-operation as well.”
He highlighted the Monetary Authority of Singapore-developed ‘COSMIC’ platform, which will allow financial institutions to securely share information on customers who exhibit multiple ‘red flags’ that may indicate potential financial crime concerns.
“There’s very little organised crime which doesn’t cross a border,” Sharp said. “If it crosses a border to someone [a country] who isn’t a ‘friend’, [it’s] much more difficult for a law enforcement outcome, naturally. There are ways and means of building co-operation through diplomatic channels, obviously. But every nation is slow – some are slower than other – [and] it’s not a fast process often. So, that’s a challenge in itself. Often limited by legislation as well: you may want to work with another country but if it has different human-rights rules, then you can’t just ‘open the door’.”
Sharp also made a different point about the use of the word ‘scams’ as part of the overall fraud lexicon. “When we use the word ‘scam’, it puts people [victims] off reporting – they feel like they’ve done something wrong and they’ve ‘fallen for’ a trick, it increases the embarrassment factor,” he said.
“We are trying to use the word ‘fraud’ more and more,” Sharp continued. “I actually feel that maybe we should just use the word ‘crime’ because there’s no grey area here: this is crime, someone is a victim. Lots and lots of it is organised. It’s a cliché but if you ‘follow the money’ you will find organised crime very quickly after you find fraud.”
RELATED ARTICLE Protecting the public purse: tackling fraud, error and debt – write-up of a session at the Global Government Fintech Lab 2023 (in Dublin, Ireland)
Financial crime priorities for 2024
The discussion was moderated by Ted Rugman, director for financial crime and forensics at the professional services firm EY, who asked the panel members to reveal some of their priorities for 2024.
Sharp referred to the implementation of the ‘online fraud charter’. “I believe it’s the first and only time that tech, en masse, has signed up to counter fraud,” he said, describing it as a “unique opportunity” containing “amazing measures”, including on law enforcement. He also mentioned responding to an Ofcom consultation on codes of practice related to fraud under the UK’s Online Safety Act, which received Royal Assent in October 2023.
Lewis picked up on one of his earlier observations, reflecting on a global challenge that he described as a “personal crusade” to try to make headway on. “We [as a global bank] could see the biggest, most sophisticated, most organised global money-laundering or organised crime network, and there is nothing we can do about it as we see it,” he said. “There is no single place that we can report that. There is no institution anywhere in the world that we can take a global picture and explain it. We have to break that down, we have to deconstruct that network into country-by-country chunks, and we have to report to each FIU [financial intelligence unit] or each law enforcement agency individually, and we’re often even prevented from telling one law enforcement [authority] in one country, that we’ve reported something in another country”.
So, he said, financial institutions can be left “knowingly withholding really, really critical information, because we have a reporting regime and an international legislative regime that prevents us actually telling anybody the full story that we know.”
The NECC launched in October 2018 with officers or representatives from the National Crime Agency (NCA), Serious Fraud Office, Financial Conduct Authority (FCA), City of London Police, HMRC, Crown Prosecution Service (CPS) and Home Office. The NECC includes Joint Money Laundering Intelligence Taskforce (JMLIT), a partnership formed in 2015 between law enforcement and the financial sector to exchange and analyse information relating to money laundering and broader economic threats.
Global Government Fintech’s Fraud, Error & Debt topic section