Using Stronger AML Measures to Combat Insider Threats

In the wake of recent high-profile anti-money laundering (AML) cases, banks and financial institutions (FIs) are seeing confirmation that a lax internal threat prevention culture can produce a huge gap within protocols that can be exploited for nefarious money laundering actors over time.  

This risk is causing many banks and financial institutions (FIs) to look within and assess their programs to avoid the increased scrutiny and pressure that comes with such incidents.  

While external threats have been factored into AML compliance strategies, insider threats typically have gone unchecked due to constraints with resources, technology, timing, and data accessibility. The thought was that protecting the inflows and outflows of funds is the best way to secure compliance at the gates. 

This isn’t necessarily so. 

With advances in technology and predictive analysis, uncovering the role that an internal actor can play in facilitating money laundering schemes is now possible to contextualize and detect in a timelier manner. The scale and brazen nature of internally activated AML violations are resonating throughout the sector and ushering in a new era of more stringent oversight, steep fines, and reputational harm.  

Accordingly, the Department of Justice (DOJ) and the Financial Crimes Enforcement Network (FinCEN) are vigorously seeking other violators, putting sharper fangs into compliance with the Bank Secrecy Act and AML laws. Banks must strengthen AML capabilities with a renewed urgency or face unacceptable risks.  

 

Correlations Between Insider Fraud and AML Infractions  

Historically, AML efforts have concentrated mostly on transactional aspects and external threats. However, recent events have exposed how insidiously effective insiders can be in money laundering. Expect this fact to become central to AML enforcement going forward. 

"AML has traditionally focused on transactional analysis rather than insider behavior, but a recent case that hit headline news highlights the need for better internal monitoring," said Bottomline’s Risk Solutions Consultant Albert Laino.  

Internal monitoring is now more crucial than ever for banks and financial institutions. While external threats remain a major concern, the ability of insiders to exploit their knowledge of systems and processes poses a unique risk. 

"Employees with access to financial systems and the ability to transfer or accept money are in a different class of risk, requiring specialized monitoring and controls," Laino said.  

 

The Cyber Security Trifecta: Deter, Prevent, and Detect  

In late 2024, the DOJ was deliberate with the recommended approach to combating financial crime: deter, prevent, and detect. This framework is particularly relevant when addressing insider threats and AML compliance.  

Laino notes the importance of this approach, saying, "The DOJ's emphasis on deterrence, prevention, detection, and proactivity in addressing AML infractions" is crucial. 

Deterrence starts with creating a corporate culture of compliance and accountability. To illustrate his point, he used the analogy of people who leave bowls of Halloween candy on the porch and trust the honor system: "It's like trick-or-treaters. If you know someone's watching, you're less likely to do something nefarious, like taking the bowl." 

It makes a point about human nature. The temptation is too great for some people. In the end, some employees and contractors will inevitably veer into crime, driven by compulsion or desperation, resulting in activities including insider fraud. 
 

Continuous Monitoring: The Key to Mitigating Insider Threats 

One of the most effective tools in combating insider threats is to continuously monitor employee behavior. "Human behavior changes over time, and continuous monitoring helps assess risk appetite and detect suspicious behavior," Laino said. 

This goes beyond simple transaction monitoring. It involves understanding employee networks, tracking user session activity, and analyzing behavior patterns across various systems and applications. "We need to capture user sessions and analyze their behavior and activity to really stand a chance in helping to mitigate internal threats," he added. 

 

The Role of Payment Partners in Fraud Prevention Payment  

Payment partners are important players in the fight against money laundering and insider fraud. Partnering with these organizations gives banks access to other expertise, data, and detection capabilities. They already have the empirical data leading up to the fraudulent events. Incorporating this information and expertise into an internal threat program can help prevent fraud before it happens. 

"Bottomline, for example, has a boatload of what's considered enrichment data that can help identify any type of fraudulent activity quickly," Laino said. By leveraging this data, payment partners can help banks implement proactive measures to prevent fraud.  

"We know everything about the payment, but there are also things that happen before the payment,” he added. “There is user session activity, for example. That's where application monitoring comes into play."  

 

Taking the Initiative 

To effectively combat insider threats and strengthen AML compliance, banks must consider implementing more proactive AML measures. "We help impact that part of the process,” Laino said. 

“Off-hours access or looking at files outside of one’s professional purview may not be enough for me to stop a payment, but if I see two or three of these things in a certain sequence, that’s a flag” that AML violations and other illicit activities may be happening.  

Useful techniques to deter, prevent, and detect such insider fraud include: 

• Application Monitoring: Implement systems that capture user activity and behavioral patterns within critical applications. 

• User Session Analysis: Monitor and analyze user sessions to identify anomalies in access patterns, login locations, or device usage. 

• Behavioral Baselines: Establish baselines for normal employee behavior and use advanced analytics to detect deviations from these norms. 

• Integration of Payment Partner Data: Leverage enriched data from payment partners to enhance fraud detection capabilities. 

• Real-time Alerts: Implement systems that can generate real-time alerts when suspicious activity is detected. 

 

Securing The Path Forward 

As banks and FIs grapple with the evolving landscape of AML compliance and insider threats, it's clear that a multi-faceted approach is necessary.  

Laino emphasized the importance of proactivity: "That's the whole remit of terms like ‘prevent’,” he said. By combining robust internal monitoring, continuous behavioral analysis, and strategic partnerships with payment providers, banks and FIs can create a more comprehensive and effective defense against money laundering and insider fraud.  

"We can help you beef up that process end to end," Laino said. That’s fundamental in the fight against money laundering and insider fraud. It requires a comprehensive approach that combines technology, process, and culture. By embracing new strategies and tools, often enabled through payment partners, banks can not only meet regulatory requirements but also protect their assets, reputation, and the integrity of the global financial system.