April 1, 2025 • 46 mins
What does it take to run a nation’s anti-financial crime agency and stay one step ahead of those adapting to the changing world of finance faster than the government agencies tasked with stopping them? By building better investigative and analytic methods through new technologies. Dr. Shlomit Wagman was the Director-General of the Israel Money Laundering and Terror Financing Prohibition Authority. She served when terrorist groups in the region first began experimenting with cryptocurrencies. She saw their new methods up close and helped develop technologies and investigative methodologies to go after them. Designated host, Yaya Jata Fanusie recently spoke with Dr. Wagman where she described the challenges and successes while leading such a massive operation and reminds us all that technology is a tool that can be used, for good and bad, depending on who yields it and how.
Designated’s Proud Sponsors:
TRM offers leading blockchain intelligence for AML compliance at financial institutions, crypto businesses, and regulatory organizations alike - with sanctions support on 65 blockchains and coverage of more than 70 million digital assets. In a recent customer survey, 85% of users agree that TRM accelerates their work. 92% of users agree that TRM provides actionable intelligence. And 83% of users agree that TRM has provided intelligence they would not otherwise have. See for yourself why our customers rave about TRM by requesting a free trial or demo at trmlabs.com
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:04):
Today's podcast is supported by TRM. TRM enables compliance teams
to accelerate business revenue and deliver actionable intelligence to regulatory
and law enforcement stakeholders with leading attribution of severe risk categories.
Request a free trial today at trmlabs dot com. I'm
(00:35):
Yaya Jata Finussi. What does it take to run a
nation's anti financial crime agency and stay one step ahead
of those trying to skirt the system and law. My
guest will give you a glimpse of the challenges and
steep learning curve involved when illicit actors adapt to the
changing world of finance faster than the government agencies task
(00:56):
with stopping them. From twenty sixteen to twenty twenty two,
shall Meet Wagman was Director General of the Israel Money
Laundering and Terror Financing Prohibition Authority. She served at a
time when terrorist groups in the region first began experimenting
with cryptocurrencies. She saw their new methods up close and
helped develop technologies and investigative methodologies to go after them.
(01:21):
It's the first time I've been able to talk to
someone who has led operations on such a massive scale.
She's now a chief regulatory and compliance officer at the
global payments company Rapid and we spoke about how payments,
technology and financial crime are trending. From her point of view,
it's time to get designated with she she'll meet Wagman.
(01:45):
Could you please maybe start us off by telling us
some background, tell us of how you arrived to become
Director General of the israel Financial Intelligence Units.
Speaker 2 (01:58):
Thank you so my career, I've always been in the
intersection of technology, regulation and financial market. After graduating from
law school, I clerked for the Chief Justice of the
Israeli Supreme Court, Aron Barak, and then I pursued my
master's and PhD degrees at l Law School, focusing on
(02:18):
law and technology. And after completing my PhD, I joined
the law firm of Hochtel Libton in New York, where
I worked with high profile MNAs deals with some of
the world's top legal minds. And after a couple of years,
I returned to Israel and then I decided to make
a transition to public service, and I was very fortunate
(02:40):
to join the Israeli Money Load Bringing Terrorism Financing Prohibition
Authority as General counsel or its other name the Israeli
FIU Financial Intelligence Unit, and I was not familiar with
the field earlier, but I quickly became experience in that
and was recognized as a leader expert in the field.
(03:01):
I was in fact selected by the Council of Europe
to serve as an evaluator on its audits on member
countries and you know, get some experience in the field,
and after a couple of years, I was appointed to
be the Director General of the Israeli FAU, and in
this role I had two major tasks. First was to
(03:24):
improve and modernize the FAU, which was essential. The practices
that the FAU had at that time were a little
bit outdated and there was very limited contribution to financial investigations.
So I led a deep strategical process to make sure
that the FAU becomes much more data driven and verse
(03:45):
new technologies and significantly improved its internal processes, the internal
just capabilities and collaboration with investigating authorities and basically we
embraced the followed the money approach and led in Israel
to record breaking financial investigation numbers and results, improving them dramatically.
(04:07):
The collaboration between the FA, you and the police.
Speaker 1 (04:10):
If I could back up just one second, give us
the time timeline here around what time was this?
Speaker 2 (04:18):
So I joined the FAO at around twenty eleven and
became the head of the FAU at twenty sixteen, okay, okay,
And that was a time in which, due to I
mean the processes that we conducted at the FAU, we
gained an amazing improvement in that and were able to
(04:38):
crack down major organized crime in Israel. That was I
think during the years between twenty sixteen and twenty twenty two,
we were at all times records in terms of financial
investigations and we were able to actually practice to follow
the money approach. We won numerous international awards for successful
(04:58):
international investigation, and the FAU was granted the highest effectiveness
score by FADF. In addition, but I think that another
important strategical process that happened at that time was the
Israeli accession to FATF. That was my major other task
other than establishing the FYU, and that was to lead
(05:19):
israel accession to the FATF, the Financial Action Task Force,
the international organization that sets global standards in the email
and safety domain, and that required to undergo a comprehensive
evaluation by the FATF members, you know, to be Frank
at first, we conducted an internal assessment in Israel and
we realized that Israel is most likely to be gray
(05:42):
listed by FATF because we had major deficiencies in our system.
Speaker 1 (05:47):
I wonder if you could pause there, if we could
just go back to one thing, because I mean, you
mentioned so you were part of improving you know, it
sounded like you said improving data, sort of improving the
you know, I would say almost the financial forensics to
follow the money approach, that they were organized crime fat
and the fat of potentially Israel being on the fat
of gray list. But give us this a sense of
(06:10):
I mean, you mentioned organized crimes groups. I mean, what
were the key targets, what were the key key types
of criminal activity, especially organized crime, which again I don't
know about that much about in the Israeli setting. What
were the financial crime targets or issues that you were
dealing with.
Speaker 2 (06:25):
Then, yeah, so israel major challenges are organized crime, money
service businesses, underground banking, kawala, a lot of tax offenses
and additional related and of course there are is in financing.
And in order to address those domains, usually you need
(06:49):
to find the facilitators because all those activities are require
advanced money launderings capabilities. So the challenge was how to
go after the facilitators, not only the criminals themselves in
each one of those phenomenons.
Speaker 1 (07:06):
And so can you tell us about even before I
get into what happened with Fatav? I mean, what were
some of I mean obviously as a director general you
had a high sort of authoritative role, but what were
some of the cases, interesting cases that you saw and
perhaps prosecuted or dealt with.
Speaker 2 (07:25):
Yeah, so we had like numbers of interesting cases. I
think that one very first. We had many corruption cases,
and in all those cases, the financial investigation was a
crucial part of it. It was including a candidate to
become the Israel president who was back then was a minister,
(07:46):
a senior minister, and it all started with a star,
a single star filed by one of the financial institutions
and then initiated financial investigation open testimony in which he
provided his version of you know, the situation. And one
of the questions related to a details which was revealed
(08:06):
as part of the financial investigation, and that was an
open question. It was still not under a formal investigation,
and he was lying on this question. Now, you know,
in financial intelligence. Sometimes you have it's a binary situation
either that you know you have the fact or not.
And we had the trail and he was lying about
this particular fact and then immediately the investigator made a
(08:29):
phone call to the Attorney General said, you know, Houston,
we are we have a problem, and immediately it turned
into a formal investigation based on this item. Another case
that I could could you know, could refer to perhaps
you know, the diamond dealers in Israel, which we found
(08:51):
to be actually that they were functioning in the addition
of being diamond dealers also underground banking industry and they
were transferring lots of funds through their activity. We were
always also able to find out how money changer provider
exchangers were actually being ware facilitators to large organized crime facilities. Again,
(09:14):
it all came from financial intelligence. And one of the
interesting phenomena that we addressed was professional money launders. And
my approach has always been not to go after you know,
individual case only. Yes, of course we would do those
cases and will investigate them, but I was thinking about
how to make sure that we are more efficient and
(09:36):
effective and instead of taking out one fish at the time,
how you know, to actually look at the school of
fish and to find phenomenas and concentrate on them. And
we did that in a couple of methods, first through
task forces, joint forces with other law enforcement authorities and
choosing particular phenomenas to go after. But second, and I
(09:58):
think that perhaps it's even more interestingly, it provides toolbox
also to private sector, is to identify a phenomena that
exists in your data and with enhance data driven analytics
and patterned analysis and network analysis to find the patterns
and phenomena, for example, professional money loaners. So we would
(10:18):
try and create and craft what are the characteristics that
are defining those groups, and then to look for additional
cases that have the same phenomena and go after them.
And that was extremely successful exercise because we were able
to find those enablers, those facilitators in many different cases
(10:39):
or initiate new cases which we were not familiar earlier.
Speaker 1 (10:44):
And this is you know, this is a time twenty sixteen,
I think you said twenty sixteen to twenty twenty two,
or get right right at that time. And I remember
that time because that's the time when I started to
twenty sixteen, look closely at Financial Crime and Crypto tell
us about how crypto crypto financing came on your radar.
Speaker 2 (11:09):
So the first time that I heard about cryptocurrencies was
around twenty twelve, where we started receiving indications from the
private sector about this emerging phenomena. So to better understand
that we engage with companies and players in the field
to better understand that.
Speaker 1 (11:25):
Now.
Speaker 2 (11:25):
The first thing that we did, as many global regulators
did at that time, we issued a public warning about
the risk associated with crypto and acknowledging that it provides
a lot of opportunities to bad actors to act. After
this first reaction, we dealted more deeply into the phenomena
(11:49):
and we recognize two key insights, and I think that
I was the leader here in Israel about developing this approach.
First that cryptocurrencies, in addition to all the risks that
are associated with them and the benefits that they bring
to criminals, they were also a financial innovation and I
(12:09):
thought that it could not be simply blocked because black
market will be developed very quickly. And second, not only
that this is a financial innovation, but blockchain, in addition
to all the problems that it brings up which are
known by now. It also has an advantage. It leaves
(12:29):
digital tracks, and unlike cash, every transaction is recorded and
presented in a unique opportunity in the blockchain, and it
presents uniqu opportunity for law enforcement to follow it. So
back then, tracing that you know, this transaction over the
blockchain seems almost science fiction, but we did recognize, you know,
this capability, and we thought that it's possible to make
(12:51):
from the lemon lemonades. And over the years, I have to,
you know, to say honestly that I was approached multiple
times by minutes sort of finance and other official stakeholders
asking me to help them outlaw and prohibit cryptopty world together.
But I consistently advise against a prohibition approach because I
(13:13):
thought that it made much more sense to monitor and
regulate the industry and then you know, control it to
some extent, or it least be able to differentiate between
legitimate and non legitimate actors rather than just push it underground.
And you know, over the time, this approach has been
accepted globally by FATF in twenty eighteen when it was
(13:35):
integrated into the standards. Later on, I implemented that in Israel,
and this is the common approach. Now I think across
the globe there are I don't think that there are
countries that are outloading that.
Speaker 1 (13:45):
So this was you know, in the early time, and
then you were getting a grapple, you know, a grapple
a handle on it. But I imagine with this new technology
arriving and you trying to follow it and track that
it wasn't all, you know, one hundred percent success. Tell
us about any of the obstacles that you dealt with.
Speaker 2 (14:06):
Oh well, okay, there were many obstacles. And of course,
I mean it's extremely challenging to follow the money generally
speaking and in crypto as well. So one of the
challenges that you know, first, it took us a lot
of time to understand the technology, to gain the capabilities
to purchase the relevant you know, blockchain analytics tool that
(14:31):
exists in private sector and develop internally system and you
know it also you know, even to know what to
look for at first when you need to look for
you know, the the codes, the numbers of the wallets,
even just to you know, to configure that into your
system that there is something like that. This is you know,
it sounds extremely technical, but this is something that you
need to do if you want to get the data
(14:51):
and to explore that. So we had a lot of difficulties.
At first, investigator were not familiar with that and then
did not understand that they were really looking of even
getting into that. Let's you know, human nature, we should
acknowledge that. But then we started eventually to investigate those cases,
and at first we made mistakes. For example, we confiscated
(15:12):
a wallet which we thought that was associated with a
terror organized group. We raised a couple of thousands of
dollars that went to that wallet, and then when we
got the details of the wallet, all of a sudden
there was much more money in and there I think
that we're looking for twenty k and we found out
eight hundred thousand dollars something. We were so happy, and
(15:33):
immediately we confiscated that. And then what we found out
that that was not the wallet of the user itself,
but that was you know, a central wallet of an exchange.
So we had to release most of the fund there.
But at the same time we also had many success stories.
For example, one of the investigations that we had nationally,
(15:57):
there was like a large ransomware case in which ransomware
was asked to release a critical infrastructure that was attacked,
and through the negotiation, there were a couple of bitcoins
that were transferred back and forth, you know, in order
just to go good intention and to show that the
hackers have control over the hackers group has control over that.
(16:19):
And we at the FIU were able to trace the
crypto and what we found out that it went eventually
and cashed out to cash in a VESP which was
located in a certain jurisdiction that within the Israeli context
made a very clear connection to actually national threat a
theo attack. It was exchanged in Iran. So once we
(16:41):
saw that the bitcoin was cashed out in Tehran, it
gave a completely different flavor to the entire story and
it moved from a criminal investigation into a national security one. Also,
another I think successful example is the confiscation of Hamas's wallet.
So Hamas is one of the organizations organization that was
(17:02):
an early adapter along with ISIS to do fund raising
through crypto, and we were able to trace some of
this activity and IS well designated the name of your
podcast designated this. Immediately we start receiving you know, a
lot of information about that, and we did it for
quite some time, and it's so and we were able to
(17:23):
confiscate millions of dollars. At some point. April twenty twenty three,
HAMAS published a public announcement to its supporter asking them
to stop contributing or set out, you know, the donation
via bitcoin and why that's not because of the designation
and the linkage that Israelis law enforcement authorities were able
(17:46):
to make. Those donors were adversely impacted by their affiliation
with HAMAS, and all their wallets were confiscated immediately, were
frozen immediately. They've asked them to stop using that. By
the way, way, they did not stop using crypto a tolt.
They just changed it from blockchain, which was high on
the rudder, to other coints like front which are less monitorned.
Speaker 1 (18:11):
They learned, they changed from Bitcoin and started using other,
you know, other tokens. These actors, illicit actors, always adapt
Terrorist financing with crypto is new. I'm sure that there
are new adaptations. I know in twenty twenty I think
it was twenty twenty three, or I forget exactly when
(18:33):
you testified before a Senate Banking committee and you actually
you know. In fact, I think that's when I first
first saw you. You were testifying about terrorist financing and crypto.
So can you give us a sense of what are
the trends now, what's the direction and how are authorities
dealing with it?
Speaker 2 (18:53):
Yes, definitely I did testifyed about that, and one of
the questions there was, you know, whether bitcoin or blockchain
should be cryptococcurrencies should be prohibited, and I gave the
same answer as I gave earlier here. So I actually
have quite a bit an updated information on that as
(19:17):
I just came back from the No Money for Terrorism
conference which was held in Germany and brought together minister
or finance from all over the world to discuss this
particular question. How what are the current trends of digital
assets being used by the organization and what can be
done about it. So what we see is that our
organizations are using crypto more and more. They never neglected
(19:42):
the core channels that they were using, namely cash, hawala
and business infrastructure, but alongside that they are also adapting
more and more cryptocurrencies. They are not doing only just
you know, the traditional or the more conservative cryptocurrencies like bitcoin,
but they are going into DeFi JWALA style application Web
(20:05):
three and more and enhanced privacy preserving technologies, and we
see a growing trend into that it includes smart contracts
and so forth. For example, you know, a couple of
examples that I could chair is a crowdfunding activity that
was conducted by Isis and Hamas. We see money laundering
(20:26):
between FIAT and crypto conducted by Grisabella in Latin. We
see direct funding of their activity for example in France,
and sanction evasions and so forth. In you know unregulated
VASPs for example Russian and Chinese VASPs which are actually
they are regulated, but they're not in compliance or in
(20:49):
full compliance with the global standards, and they are exploiting
the weak link in order to enter into the financial
system and under the funds there. One of the facilitators
of doing that we see is indeed the regulatory arbitruge
(21:09):
between countries and between enforcement of certain countries of the
existing regulation. There are certain countries that are allowing vasts
to operate much more freely and without enforcing the international rules.
And we see clearly that those the organization are using that.
We can give you know for examples, which was in
(21:33):
its indictment and defined that it got from the US regulators.
It was clearly indicated that they were allowing hamas activists
to operate. And we see you know, the Rescent Guarentex
designation which allowed sanction invasion and so and so. So
we see those as one of the reasons. We also
(21:58):
see that there is not sufficient technological capabilities to law
enforcement and private sector to address that. We see that
there are not enough collaboration and information sharing between private
sector and government and between internally between a private sector,
and you know, lack of capabilities and technological capabilities to
(22:22):
follow that for just to name a few.
Speaker 1 (22:24):
So if a big issue is not having the right capabilities,
I mean, you mentioned what helped you and your organization
your team early right following the money blockchain analysis. What's
the state of blockchain analysis tools as far as you can.
Speaker 3 (22:41):
Tell, So I think that, you know, there's a huge
improvement in that field and it becomes you know, the
golden standard for everyone to use that and we rely
a lot on it.
Speaker 2 (22:54):
However, as a person who strongly support the approach of
having network analysis, pattern analysis and being able to use
you know, a big data for that, I think that
right now most of the tools that the industry uses
are very forensic in their nature. There are more doing,
(23:16):
you know, the pathological investigation rather than proactive real time
prevention of the activity. And I think, and I see
that already coming up, that there is a second generation
of block chain analytics companies, and I'm working with some
of them that they are developing the cluster approach, that
(23:38):
they are addressing that in a more holistic way and
manner which allows actually to have real time monitoring and
prevention of more complex environments, including DeFi not just centralized environment,
but this centralized environment to go through mixers, smart contract
and so forth, which are exactly the tools that the
(24:00):
advance terror organization and criminal organization are now using and exploiting.
And you know, I can give you an example. I
was recently shown Iranian infrastructure to longer funds, and what
we've seen there is those clusters, cluster after cluster after cluster.
Each one of them is composed of dozens of thousands
(24:23):
of wallets that are doing lots of structuring and layering
across the global ecosystem. Now, if you're doing a linear
investigation as a PASP or as a law enforcement you
will never be able to efficiently and effectively understand or
prevent the phenomena because each investigation is very limited. And
(24:43):
I know that more and more organizations are trying to
look at a big picture, but still it moves much
faster than what we could actually envision. And you see
how they are changing the cluster from one to second,
to third to fourth and fifth. And unless you have
those tools that allowing you to have the same pattern
and cluster analysis in real time, the combat against them
(25:04):
will not be successful. And actually, I may say, you
even get like a red a green flag when you
are running the single transaction through those engines and you
don't see the full picture and you're actually being misused
to launder funds or even you know, terror funds.
Speaker 1 (25:22):
So it sounds like you're super advocating for more data focused,
you know, data driven machine learning approach. If I may say,
I mean, how how is artificial intelligence or how can
our artificial intelligence AI be leveraged for these types of activities.
Speaker 2 (25:41):
That's excellent question. I think that this is the solution.
So we see that you know, traditional tools rule base
are very limited, but AI can leverage the capabilities in
crypto and in crime in general on how to expand
the view and be able to process much more data
in a very short period of time, be able to
actually address that. We should also acknowledge that AI allows
(26:07):
much more activity on the adversarial at first and sits.
You know, I've been researching a lot, you know, AI
on my academic affiliation and SOT FORWATH, But for us,
I think that what would be interested interesting to discuss
is that, you know, in the AI arena, fraud and
social engineering becoming much more accessible, cheap and scalable. I
(26:34):
can give you a couple of examples for example, you know,
using a deep fake in order to cause people to
transfer funds to someone that they thought that instructed them
to do so. There is a case of twenty five
million dollars that transferred by an employee to her CFO
as it was instructor in a zoom conversation by her CFO,
(26:54):
which was a deep fake to you know, a third party.
We could also see the use of images of even
video images to do manipulation to log in and log
into website. You see you know, people sitting with fake
idea which actually you know you see their faces. But
(27:14):
this is all deep fake You can create very easily
campaign of phishing by using fraud gityps. That's a new
tool that's really amazing. You know we all use chaityp.
Speaker 1 (27:23):
Criminals have fraud fraud gpt. Wow.
Speaker 2 (27:27):
Yes, yeah, it was actually shown me that and that's amazing.
You could type in and ask, can you please produce
for me a campaign, a phishing campaign. Let's say that
we look exactly like Chase Manhatten Bank, a website with
the same logo, phones, colors, any URL that we look
authentic enough, and it produces that in twenty seconds. Now,
you know, organized crime group they need to invest resources
(27:51):
in order to create those campaigns. All of a sudden,
it became very cheap and accessible, and it's scary because
instead of you know, sending those fishing attack to a
limit number, you could just you know, spread it all over.
And you know, social engineering can create boots that are
really seems to be person and everything is scalable. And
I think that in the fraud domains and companies need
(28:14):
to understand that the threads are growing and growing because
that's become the industry benchmark, the standards for those criminal organizations.
They're smart, they're clever, they want to save resources, they
want to be very effective, and they are using that
more and more, and back to your question, the only
way to actually address that successfully is using machines because
(28:35):
a person cannot trace that any longer. And we have
to take that, you know, into that level as well.
Acknowledging that they are going to be much more attacked
and they are going to be much more sophisticated and
at scale. So financial institutions have to embed that into
their practices, into their fraud prevention, into their monitoring system,
(28:57):
and advance AI to be able to cope up with
the new challenges and numbers of attack that they are
going to experience.
Speaker 1 (29:06):
TRM offers leading blockchain intelligence for AML compliance at financial institutions,
crypto businesses, and regulatory organizations alike, with sanctioned support on
sixty five blockchains and coverage of more than seventy million
digital assets. In a recent customer survey, eighty five percent
of users agree that TRM accelerates their work, ninety two
(29:30):
percent of users agree that TRM provides actionable intelligence, and
eighty three percent of users agree that TRM has provided
intelligence they would not otherwise have. See for yourself why
customers rave about TRM by requesting a free trial or
demo at trmlabs dot com. Financial institutions are going to
(29:51):
have to really up their game, get more sophisticated, start
us thinking proactively about using AI and being on defense.
Any thoughts on what I FI used to need to
do to prepare and deal with AI.
Speaker 2 (30:04):
Yeah, definitely. So if I use are the same situation
as other financial institutions. They all have to adopt AI.
But for governmental agencies, and here I could again speak
for my experience, there are additional challenges, challenges in addition
of the need you know, to adopt the technology, embed
that and work with that, they also need to think
(30:25):
on additional consideration and that bias of the system and
what do I mean. When I was at the FIU,
we already use back then as being a data driven organization,
we already used algorithms machine learning algorithms which are very
similar to what we see now with AI. And one
of the tasks that we were asked the algorithms was
to find patterns. For example, if I use the example
(30:47):
that I mentioned before to identify professional money launders. Now,
the system was extremely biased and at first it gives
us the exact same result as I mean, the same
type of crimes as we identified previously. Cent demography, age, neighborhoods.
You know, everything was very similar. So we became a
(31:08):
law enforcement authority that goes only against certain types of criminals,
while we wanted actually to have diversity in the criminals
that we are targeting and addressing. So law enforcement agencies
have to take that. You know, that was just one example,
but they have to think very carefully on how to
make sure that the algorithms do not suffer from certain
(31:29):
bias that we lead to wrong results either. You know,
there are many different levels that could be taken into account.
This is one thing. And also we should all take
into account, you know, the fact that machine made mistakes,
so the final decision has to be made by analysts
and not by a machine.
Speaker 1 (31:47):
Well, and you bring up an issue too, but now
we're talking about the interaction between investigators, law enforcement technology,
and also the general public, whether it's the criminals or
it's just the population at large. I know you've done
some work relating to the privacy realm, and I'm wondering
if you could share about how you've navigated this tension
(32:09):
between compliance law enforcement and privacy.
Speaker 2 (32:12):
Yeah. So in my past I was also the head
of the Israeli Privacy Protection Authority, So when I established
that authority, I have a lot of background in the field.
And there is always this tension between law enforcement activity
and privacy and I think, you know, many people think
that there are contradicted contradicting but I think that those
are a compliment, that they are complimenting each other in
(32:34):
terms of the at least in the Israeli context, the FAUS,
it's under the Ministry of Justice in order to protect
the privacy of the public to have a lot of
data in one place, but it has to be extremely
protected and access to law enforcement is being granted only
when you have a real suspicious about certain offense. So
(32:56):
I think that you know, when you are able to
adopt high and highly sophisticated technology that allows you know,
to identify patterns and network and bring up the relevant
information out, then you're able to actually balance very nicely
between privacy protection and law enforcement activity. You don't want
(33:17):
to harm too much the privacy of people unless there
is a particular need, And personally I put together lots
of enforcement on that. And AI is also something that
allows us to add this additional layer of protection to
make sure that there is this you know, separation between
big data and actual investigations that are happening only on
(33:37):
a base on a need to do basis.
Speaker 1 (33:41):
Well, you know, we've talked so much about law enforcement
and government agencies, but you know, now in your current role,
one of your current roles, I mean, you're working in
payments in a payments company. What is based on everything
we've talked about or anything new? I mean, what either
excites you about payments or what is what do you
think people should know about the payment industry moving forward?
Speaker 2 (34:05):
Yeah, so first let's connect it perhaps to the last
point that we've discussed. It's AI AIH I think you
know it's going to change dramatically the payment industry and
the payment domain. I'm currently working with a global payment company,
Rapid that works across the glob and we embed very
quickly a lot of AI technology and what we see is,
(34:26):
first it's you know, it improves dramatically the work that
you are conducting when you're adopting AI. It improves the
authorization rate, the analysis of transaction, profitability, every all the
processes are very are becoming much more efficient. But in
addition to that, I think that AI and highly regulated industries,
(34:49):
for example, the financial sector, actually can benefit a lot
from adopting those technology. Let's take it, you know, to
the law enforcement compliance worlds. You know, there are many
processes that if you use a machine could be much
more productive. For example, the onboarding process. Once you're integrating
AI technology into that, you can improve your consistency with
(35:13):
policy completely. It sounds, you know, perhaps weird, but because
we want to ensure that our policies are being enforced,
it's easier to do that many times with machine rather
than with people. People make mistakes. Machine makes mistakes too. However,
when you're change one parameter in the prompt, you could
change that completely. You could monitor that and make sure
(35:36):
that you know you're following your policy. Also, as I
mentioned earlier, fraud prevention becomes much better, and the overall
payment that domain is going to change because you know,
algorithms will be able to transfer funds and transaction based
on voice recognition and many other activities that are going
to make everything move faster and you know, smoother and
(35:57):
so forth. And and you know, personally, I mean, we
are adopting AI to so many processes and that makes
the compliance more work, much more efficient and accurate. Perhaps
if I could also address it in a different angle,
you know, the the tension or the connection between crypto
(36:21):
and payments. I think that also there is a lot
of changes that are going to happen there between payment
worlds and crypto because you know, we see more and
more merging that those worlds are being combined together, and
payments company wants to use crypto as well, so you
need to have different licenses that for sure, But when
(36:41):
you want to combine them, the crypto world has to
enter into payments when you need to have a real
time response and make sure that the transaction is safe
and needs banking is almost banking standards, and this is
the stage in which I think, for example, as we
mentioned earlier, that the crypto industry will have to change
the standard of the way that they are screening transaction
(37:01):
and doing the monitoring and anazis to actually be able
to provide a real time solution and response to allow
you know, those immediate transactions that need to go through
the payment industry. So I think those industries are going
to kind of merge at some point and become much
more advanced and secure.
Speaker 1 (37:23):
Well, you can see the merger happening, especially now there's
more of a discussion policy wise about stable coins. So
we've talked about crypto, we haven't talked particularly about stable coins.
Any thoughts on how stable coins are going to change
or are changing global payments.
Speaker 2 (37:40):
Yeah, so we see but by the way, we see
that criminals and terrorists are preferring to use stable coin
rather than other cryptocurrencies. And the reason for that is simple.
They want to make sure that the value of their
assets is remain they they do not want to do
speculative investment. They want to have, you know, a consistent investment.
(38:04):
So we see that in terms of like the trends,
we see these merge between those industries and how customers
of the payment industry do want to get you know,
the payments with stable coid as well, and that causes
many challenges because you know, at payments you have different
environment which is more regulated and easy to trace. That's
(38:26):
not necessarily the situation with stable coin. It's also the
best stable coin. And I think that there is a
clear call for action here for regulators to create a
better infrastructure and that and as part of that, you know,
to set perhaps a better standard and understanding of what
should be considered as you know, a proper transaction or standards.
(38:47):
It all connects, you know, to the transaction monitoring capabilities
that we are but we discussed earlier also the fact
that it is possible in some of the stable coin
to freeze them from from afar. So like the operator
has with USDC for example, has the capability to freeze
the accounts with you know, accessing the wallet and actually
(39:08):
take them. We see how that impacts the industry. And
one interesting point the things that I learned is one
authority is confiscated one hundred and eighty million dollars of
stable coin from a criminal network. It led immediately to
(39:28):
a decrease of about six billion dollars in the volume
of using that particular coin after that activity. So what
we see is that when law enforcement they are taking actions,
concrete actions visa vis stable coin, we see that the
bad actors are trying to move to other coins just
(39:49):
to make sure that you know, their assets will not
be confiscated. So you know, we're still in the process
of finding the right balance between them.
Speaker 1 (39:55):
But yeah, another yet finding the right balance and I
know to do that, there's you know, balancing the opportunities
with the risk. And I mean maybe one sort of
final thought that I have is, you know, or I'd
like to know from you. Out of everything that you're
observing that you're seeing, what do you have the biggest
(40:16):
concern about?
Speaker 2 (40:18):
A challenge to trace asset and to combat the bad
actors is always a challenge. This is like you know,
a cat and a mouse race you'll never win in
You're never able to win in all fronts. However, I
think that we new technologies right now, we do have
an opportunity to improve that. First, I think that you know,
(40:38):
what frightened me the most, and I mentioned that earlier
is AI and deep fake synthetic content and the challenges
that it creates. We're not going to be able to understand,
you know, what's real and what's not, and there is
a necessary, an urgent need to address that. I think
that it's going to create a lot of challenges to
the financial domains. It's going to be open for many
(41:01):
more hacks and activities, and I think that an immediate
action is required here. So some of it will be
achieved by more investment in technology, not only AI technology,
but technology that is addressing safety and adversarial users of AI.
But also I believe that at some point also governments,
(41:23):
including the US governments, which now you know comes out
with statement that they are not going to regulate the industry.
I do think that they will need to address first
national security issues related to that in order to address
the gaps. As by the way that the US government
under the Trump administration did with respect to crypto a
couple of years ago, I was working very closely with
(41:46):
that team when they were addressing cryptocurrencies global challenges and
the national security, terrorism, finance, and financial crime aspects. First,
I think that the same will happen with AI to
some extent, just to make sure that the non legitimate
use are being blocked to some extent at least, you know,
national threads on you know, deep fake and so forth,
(42:08):
which impact dramatically the activity that we see now being
adopted by criminals.
Speaker 1 (42:14):
SCHLEMI, we've talked about crypto and criminals using it, but
can you tell us about crypto being used for good?
Speaker 2 (42:23):
Yes, definitely. I think that the advantages of cryptocurrencies and
the ability to trace activity much is in a much
more easy way than cash actually make it very attractive
to support, for example, humanitarian aid in conflict area. And
a project that I led in the past year was
actually to think, you know, how crypto can be used
(42:44):
in conflict zones when you have a real concern that
international aid, international funds will reach a venture that will
be provided to people in that region will be channeled
eventually to designate their organization. We could see that a
lot for example in the Middle East in Lebanon these
days were dispitalized acting in Gaza when you have hamas
(43:05):
and so forth. And what I built is actually a
program in infrastructure how to facilitate international assistant provided by
countries and international organization two people who need that using
blockchain technology, for example, by relying on private stable coin
(43:26):
that would be monitored and control in the on ramp
and off ramp by certain stakeholders, it is possible to
actually send out the aid through those channels and have
full visibility and transparency on the uses of that, you know,
like creating a close garden. And this is a great
example of how blockchain advantages could be used to create
(43:50):
you know, better good for the society in use case.
In use cases that fit out perfectly well, and this project,
for example, is now being adopted by government and international
organization to use that to provide their aid through those channels.
It's much safer than you know using cash or domestic
(44:11):
banks or exchange or money exchangers that are you know,
more vulnerable to be misused in those situations. So that's
a great opportunity for this industry to expand for additional
use cases.
Speaker 1 (44:26):
Any other words of advice for those that are out
there in the industry and financial institutions.
Speaker 2 (44:33):
Yeah, So I think that what I see along my
career is that and this is what you know, help
us in Israel to successfully go through the FATF evaluation
and the authority that I led IMPA to become much
more effective. Is first to understand the risk that you're facing.
You have to do the you know these work and
(44:54):
understand and craft what are the risks that you're addressing,
and then to support it with a very strong technology.
Once you are becoming a doted riefin organization, you have
the toolbox to address that not only with people but
also with machine and be able to prioritize and address
mainly the larger threads. It's always need to be in
a strategic resource allocation on how you look at the
(45:16):
big picture, not only the particular cases to be strategically
successful and be able to do that in the most
efficient efficient way, and you should always, you know, do
the balance between those aspects.
Speaker 1 (45:34):
Astro Meat has explained the world of financial crime is evolving.
For law enforcement, successful operations don't just come from accessing
new tech, but from figuring out how to build better
investigative and analytic methods through new technologies. She also highlights
that all technology is a tool that can be used
for good or bad depending on who yields it and how,
(45:57):
and that is where the real challenge lies for those
on the front line in the fight against financial crime,
keeping up with and staying one step ahead of those
using new technological advances to support their illicit aims. I'm
Yaya Jata Finussi and this is designated on the Illicit
(46:19):
Edge Network.
Today's podcast is supported by TRM. TRM enables compliance teams
to accelerate business revenue and deliver actionable intelligence to regulatory
and law enforcement stakeholders with leading attribution of severe risk categories.
Request a free trial today at trmlabs dot com. I'm
(00:35):
Yaya Jata Finussi. What does it take to run a
nation's anti financial crime agency and stay one step ahead
of those trying to skirt the system and law. My
guest will give you a glimpse of the challenges and
steep learning curve involved when illicit actors adapt to the
changing world of finance faster than the government agencies task
(00:56):
with stopping them. From twenty sixteen to twenty twenty two,
shall Meet Wagman was Director General of the Israel Money
Laundering and Terror Financing Prohibition Authority. She served at a
time when terrorist groups in the region first began experimenting
with cryptocurrencies. She saw their new methods up close and
helped develop technologies and investigative methodologies to go after them.
(01:21):
It's the first time I've been able to talk to
someone who has led operations on such a massive scale.
She's now a chief regulatory and compliance officer at the
global payments company Rapid and we spoke about how payments,
technology and financial crime are trending. From her point of view,
it's time to get designated with she she'll meet Wagman.
(01:45):
Could you please maybe start us off by telling us
some background, tell us of how you arrived to become
Director General of the israel Financial Intelligence Units.
Speaker 2 (01:58):
Thank you so my career, I've always been in the
intersection of technology, regulation and financial market. After graduating from
law school, I clerked for the Chief Justice of the
Israeli Supreme Court, Aron Barak, and then I pursued my
master's and PhD degrees at l Law School, focusing on
(02:18):
law and technology. And after completing my PhD, I joined
the law firm of Hochtel Libton in New York, where
I worked with high profile MNAs deals with some of
the world's top legal minds. And after a couple of years,
I returned to Israel and then I decided to make
a transition to public service, and I was very fortunate
(02:40):
to join the Israeli Money Load Bringing Terrorism Financing Prohibition
Authority as General counsel or its other name the Israeli
FIU Financial Intelligence Unit, and I was not familiar with
the field earlier, but I quickly became experience in that
and was recognized as a leader expert in the field.
(03:01):
I was in fact selected by the Council of Europe
to serve as an evaluator on its audits on member
countries and you know, get some experience in the field,
and after a couple of years, I was appointed to
be the Director General of the Israeli FAU, and in
this role I had two major tasks. First was to
(03:24):
improve and modernize the FAU, which was essential. The practices
that the FAU had at that time were a little
bit outdated and there was very limited contribution to financial investigations.
So I led a deep strategical process to make sure
that the FAU becomes much more data driven and verse
(03:45):
new technologies and significantly improved its internal processes, the internal
just capabilities and collaboration with investigating authorities and basically we
embraced the followed the money approach and led in Israel
to record breaking financial investigation numbers and results, improving them dramatically.
(04:07):
The collaboration between the FA, you and the police.
Speaker 1 (04:10):
If I could back up just one second, give us
the time timeline here around what time was this?
Speaker 2 (04:18):
So I joined the FAO at around twenty eleven and
became the head of the FAU at twenty sixteen, okay, okay,
And that was a time in which, due to I
mean the processes that we conducted at the FAU, we
gained an amazing improvement in that and were able to
(04:38):
crack down major organized crime in Israel. That was I
think during the years between twenty sixteen and twenty twenty two,
we were at all times records in terms of financial
investigations and we were able to actually practice to follow
the money approach. We won numerous international awards for successful
(04:58):
international investigation, and the FAU was granted the highest effectiveness
score by FADF. In addition, but I think that another
important strategical process that happened at that time was the
Israeli accession to FATF. That was my major other task
other than establishing the FYU, and that was to lead
(05:19):
israel accession to the FATF, the Financial Action Task Force,
the international organization that sets global standards in the email
and safety domain, and that required to undergo a comprehensive
evaluation by the FATF members, you know, to be Frank
at first, we conducted an internal assessment in Israel and
we realized that Israel is most likely to be gray
(05:42):
listed by FATF because we had major deficiencies in our system.
Speaker 1 (05:47):
I wonder if you could pause there, if we could
just go back to one thing, because I mean, you
mentioned so you were part of improving you know, it
sounded like you said improving data, sort of improving the
you know, I would say almost the financial forensics to
follow the money approach, that they were organized crime fat
and the fat of potentially Israel being on the fat
of gray list. But give us this a sense of
(06:10):
I mean, you mentioned organized crimes groups. I mean, what
were the key targets, what were the key key types
of criminal activity, especially organized crime, which again I don't
know about that much about in the Israeli setting. What
were the financial crime targets or issues that you were
dealing with.
Speaker 2 (06:25):
Then, yeah, so israel major challenges are organized crime, money
service businesses, underground banking, kawala, a lot of tax offenses
and additional related and of course there are is in financing.
And in order to address those domains, usually you need
(06:49):
to find the facilitators because all those activities are require
advanced money launderings capabilities. So the challenge was how to
go after the facilitators, not only the criminals themselves in
each one of those phenomenons.
Speaker 1 (07:06):
And so can you tell us about even before I
get into what happened with Fatav? I mean, what were
some of I mean obviously as a director general you
had a high sort of authoritative role, but what were
some of the cases, interesting cases that you saw and
perhaps prosecuted or dealt with.
Speaker 2 (07:25):
Yeah, so we had like numbers of interesting cases. I
think that one very first. We had many corruption cases,
and in all those cases, the financial investigation was a
crucial part of it. It was including a candidate to
become the Israel president who was back then was a minister,
(07:46):
a senior minister, and it all started with a star,
a single star filed by one of the financial institutions
and then initiated financial investigation open testimony in which he
provided his version of you know, the situation. And one
of the questions related to a details which was revealed
(08:06):
as part of the financial investigation, and that was an
open question. It was still not under a formal investigation,
and he was lying on this question. Now, you know,
in financial intelligence. Sometimes you have it's a binary situation
either that you know you have the fact or not.
And we had the trail and he was lying about
this particular fact and then immediately the investigator made a
(08:29):
phone call to the Attorney General said, you know, Houston,
we are we have a problem, and immediately it turned
into a formal investigation based on this item. Another case
that I could could you know, could refer to perhaps
you know, the diamond dealers in Israel, which we found
(08:51):
to be actually that they were functioning in the addition
of being diamond dealers also underground banking industry and they
were transferring lots of funds through their activity. We were
always also able to find out how money changer provider
exchangers were actually being ware facilitators to large organized crime facilities. Again,
(09:14):
it all came from financial intelligence. And one of the
interesting phenomena that we addressed was professional money launders. And
my approach has always been not to go after you know,
individual case only. Yes, of course we would do those
cases and will investigate them, but I was thinking about
how to make sure that we are more efficient and
(09:36):
effective and instead of taking out one fish at the time,
how you know, to actually look at the school of
fish and to find phenomenas and concentrate on them. And
we did that in a couple of methods, first through
task forces, joint forces with other law enforcement authorities and
choosing particular phenomenas to go after. But second, and I
(09:58):
think that perhaps it's even more interestingly, it provides toolbox
also to private sector, is to identify a phenomena that
exists in your data and with enhance data driven analytics
and patterned analysis and network analysis to find the patterns
and phenomena, for example, professional money loaners. So we would
(10:18):
try and create and craft what are the characteristics that
are defining those groups, and then to look for additional
cases that have the same phenomena and go after them.
And that was extremely successful exercise because we were able
to find those enablers, those facilitators in many different cases
(10:39):
or initiate new cases which we were not familiar earlier.
Speaker 1 (10:44):
And this is you know, this is a time twenty sixteen,
I think you said twenty sixteen to twenty twenty two,
or get right right at that time. And I remember
that time because that's the time when I started to
twenty sixteen, look closely at Financial Crime and Crypto tell
us about how crypto crypto financing came on your radar.
Speaker 2 (11:09):
So the first time that I heard about cryptocurrencies was
around twenty twelve, where we started receiving indications from the
private sector about this emerging phenomena. So to better understand
that we engage with companies and players in the field
to better understand that.
Speaker 1 (11:25):
Now.
Speaker 2 (11:25):
The first thing that we did, as many global regulators
did at that time, we issued a public warning about
the risk associated with crypto and acknowledging that it provides
a lot of opportunities to bad actors to act. After
this first reaction, we dealted more deeply into the phenomena
(11:49):
and we recognize two key insights, and I think that
I was the leader here in Israel about developing this approach.
First that cryptocurrencies, in addition to all the risks that
are associated with them and the benefits that they bring
to criminals, they were also a financial innovation and I
(12:09):
thought that it could not be simply blocked because black
market will be developed very quickly. And second, not only
that this is a financial innovation, but blockchain, in addition
to all the problems that it brings up which are
known by now. It also has an advantage. It leaves
(12:29):
digital tracks, and unlike cash, every transaction is recorded and
presented in a unique opportunity in the blockchain, and it
presents uniqu opportunity for law enforcement to follow it. So
back then, tracing that you know, this transaction over the
blockchain seems almost science fiction, but we did recognize, you know,
this capability, and we thought that it's possible to make
(12:51):
from the lemon lemonades. And over the years, I have to,
you know, to say honestly that I was approached multiple
times by minutes sort of finance and other official stakeholders
asking me to help them outlaw and prohibit cryptopty world together.
But I consistently advise against a prohibition approach because I
(13:13):
thought that it made much more sense to monitor and
regulate the industry and then you know, control it to
some extent, or it least be able to differentiate between
legitimate and non legitimate actors rather than just push it underground.
And you know, over the time, this approach has been
accepted globally by FATF in twenty eighteen when it was
(13:35):
integrated into the standards. Later on, I implemented that in Israel,
and this is the common approach. Now I think across
the globe there are I don't think that there are
countries that are outloading that.
Speaker 1 (13:45):
So this was you know, in the early time, and
then you were getting a grapple, you know, a grapple
a handle on it. But I imagine with this new technology
arriving and you trying to follow it and track that
it wasn't all, you know, one hundred percent success. Tell
us about any of the obstacles that you dealt with.
Speaker 2 (14:06):
Oh well, okay, there were many obstacles. And of course,
I mean it's extremely challenging to follow the money generally
speaking and in crypto as well. So one of the
challenges that you know, first, it took us a lot
of time to understand the technology, to gain the capabilities
to purchase the relevant you know, blockchain analytics tool that
(14:31):
exists in private sector and develop internally system and you
know it also you know, even to know what to
look for at first when you need to look for
you know, the the codes, the numbers of the wallets,
even just to you know, to configure that into your
system that there is something like that. This is you know,
it sounds extremely technical, but this is something that you
need to do if you want to get the data
(14:51):
and to explore that. So we had a lot of difficulties.
At first, investigator were not familiar with that and then
did not understand that they were really looking of even
getting into that. Let's you know, human nature, we should
acknowledge that. But then we started eventually to investigate those cases,
and at first we made mistakes. For example, we confiscated
(15:12):
a wallet which we thought that was associated with a
terror organized group. We raised a couple of thousands of
dollars that went to that wallet, and then when we
got the details of the wallet, all of a sudden
there was much more money in and there I think
that we're looking for twenty k and we found out
eight hundred thousand dollars something. We were so happy, and
(15:33):
immediately we confiscated that. And then what we found out
that that was not the wallet of the user itself,
but that was you know, a central wallet of an exchange.
So we had to release most of the fund there.
But at the same time we also had many success stories.
For example, one of the investigations that we had nationally,
(15:57):
there was like a large ransomware case in which ransomware
was asked to release a critical infrastructure that was attacked,
and through the negotiation, there were a couple of bitcoins
that were transferred back and forth, you know, in order
just to go good intention and to show that the
hackers have control over the hackers group has control over that.
(16:19):
And we at the FIU were able to trace the
crypto and what we found out that it went eventually
and cashed out to cash in a VESP which was
located in a certain jurisdiction that within the Israeli context
made a very clear connection to actually national threat a
theo attack. It was exchanged in Iran. So once we
(16:41):
saw that the bitcoin was cashed out in Tehran, it
gave a completely different flavor to the entire story and
it moved from a criminal investigation into a national security one. Also,
another I think successful example is the confiscation of Hamas's wallet.
So Hamas is one of the organizations organization that was
(17:02):
an early adapter along with ISIS to do fund raising
through crypto, and we were able to trace some of
this activity and IS well designated the name of your
podcast designated this. Immediately we start receiving you know, a
lot of information about that, and we did it for
quite some time, and it's so and we were able to
(17:23):
confiscate millions of dollars. At some point. April twenty twenty three,
HAMAS published a public announcement to its supporter asking them
to stop contributing or set out, you know, the donation
via bitcoin and why that's not because of the designation
and the linkage that Israelis law enforcement authorities were able
(17:46):
to make. Those donors were adversely impacted by their affiliation
with HAMAS, and all their wallets were confiscated immediately, were
frozen immediately. They've asked them to stop using that. By
the way, way, they did not stop using crypto a tolt.
They just changed it from blockchain, which was high on
the rudder, to other coints like front which are less monitorned.
Speaker 1 (18:11):
They learned, they changed from Bitcoin and started using other,
you know, other tokens. These actors, illicit actors, always adapt
Terrorist financing with crypto is new. I'm sure that there
are new adaptations. I know in twenty twenty I think
it was twenty twenty three, or I forget exactly when
(18:33):
you testified before a Senate Banking committee and you actually
you know. In fact, I think that's when I first
first saw you. You were testifying about terrorist financing and crypto.
So can you give us a sense of what are
the trends now, what's the direction and how are authorities
dealing with it?
Speaker 2 (18:53):
Yes, definitely I did testifyed about that, and one of
the questions there was, you know, whether bitcoin or blockchain
should be cryptococcurrencies should be prohibited, and I gave the
same answer as I gave earlier here. So I actually
have quite a bit an updated information on that as
(19:17):
I just came back from the No Money for Terrorism
conference which was held in Germany and brought together minister
or finance from all over the world to discuss this
particular question. How what are the current trends of digital
assets being used by the organization and what can be
done about it. So what we see is that our
organizations are using crypto more and more. They never neglected
(19:42):
the core channels that they were using, namely cash, hawala
and business infrastructure, but alongside that they are also adapting
more and more cryptocurrencies. They are not doing only just
you know, the traditional or the more conservative cryptocurrencies like bitcoin,
but they are going into DeFi JWALA style application Web
(20:05):
three and more and enhanced privacy preserving technologies, and we
see a growing trend into that it includes smart contracts
and so forth. For example, you know, a couple of
examples that I could chair is a crowdfunding activity that
was conducted by Isis and Hamas. We see money laundering
(20:26):
between FIAT and crypto conducted by Grisabella in Latin. We
see direct funding of their activity for example in France,
and sanction evasions and so forth. In you know unregulated
VASPs for example Russian and Chinese VASPs which are actually
they are regulated, but they're not in compliance or in
(20:49):
full compliance with the global standards, and they are exploiting
the weak link in order to enter into the financial
system and under the funds there. One of the facilitators
of doing that we see is indeed the regulatory arbitruge
(21:09):
between countries and between enforcement of certain countries of the
existing regulation. There are certain countries that are allowing vasts
to operate much more freely and without enforcing the international rules.
And we see clearly that those the organization are using that.
We can give you know for examples, which was in
(21:33):
its indictment and defined that it got from the US regulators.
It was clearly indicated that they were allowing hamas activists
to operate. And we see you know, the Rescent Guarentex
designation which allowed sanction invasion and so and so. So
we see those as one of the reasons. We also
(21:58):
see that there is not sufficient technological capabilities to law
enforcement and private sector to address that. We see that
there are not enough collaboration and information sharing between private
sector and government and between internally between a private sector,
and you know, lack of capabilities and technological capabilities to
(22:22):
follow that for just to name a few.
Speaker 1 (22:24):
So if a big issue is not having the right capabilities,
I mean, you mentioned what helped you and your organization
your team early right following the money blockchain analysis. What's
the state of blockchain analysis tools as far as you can.
Speaker 3 (22:41):
Tell, So I think that, you know, there's a huge
improvement in that field and it becomes you know, the
golden standard for everyone to use that and we rely
a lot on it.
Speaker 2 (22:54):
However, as a person who strongly support the approach of
having network analysis, pattern analysis and being able to use
you know, a big data for that, I think that
right now most of the tools that the industry uses
are very forensic in their nature. There are more doing,
(23:16):
you know, the pathological investigation rather than proactive real time
prevention of the activity. And I think, and I see
that already coming up, that there is a second generation
of block chain analytics companies, and I'm working with some
of them that they are developing the cluster approach, that
(23:38):
they are addressing that in a more holistic way and
manner which allows actually to have real time monitoring and
prevention of more complex environments, including DeFi not just centralized environment,
but this centralized environment to go through mixers, smart contract
and so forth, which are exactly the tools that the
(24:00):
advance terror organization and criminal organization are now using and exploiting.
And you know, I can give you an example. I
was recently shown Iranian infrastructure to longer funds, and what
we've seen there is those clusters, cluster after cluster after cluster.
Each one of them is composed of dozens of thousands
(24:23):
of wallets that are doing lots of structuring and layering
across the global ecosystem. Now, if you're doing a linear
investigation as a PASP or as a law enforcement you
will never be able to efficiently and effectively understand or
prevent the phenomena because each investigation is very limited. And
(24:43):
I know that more and more organizations are trying to
look at a big picture, but still it moves much
faster than what we could actually envision. And you see
how they are changing the cluster from one to second,
to third to fourth and fifth. And unless you have
those tools that allowing you to have the same pattern
and cluster analysis in real time, the combat against them
(25:04):
will not be successful. And actually, I may say, you
even get like a red a green flag when you
are running the single transaction through those engines and you
don't see the full picture and you're actually being misused
to launder funds or even you know, terror funds.
Speaker 1 (25:22):
So it sounds like you're super advocating for more data focused,
you know, data driven machine learning approach. If I may say,
I mean, how how is artificial intelligence or how can
our artificial intelligence AI be leveraged for these types of activities.
Speaker 2 (25:41):
That's excellent question. I think that this is the solution.
So we see that you know, traditional tools rule base
are very limited, but AI can leverage the capabilities in
crypto and in crime in general on how to expand
the view and be able to process much more data
in a very short period of time, be able to
actually address that. We should also acknowledge that AI allows
(26:07):
much more activity on the adversarial at first and sits.
You know, I've been researching a lot, you know, AI
on my academic affiliation and SOT FORWATH, But for us,
I think that what would be interested interesting to discuss
is that, you know, in the AI arena, fraud and
social engineering becoming much more accessible, cheap and scalable. I
(26:34):
can give you a couple of examples for example, you know,
using a deep fake in order to cause people to
transfer funds to someone that they thought that instructed them
to do so. There is a case of twenty five
million dollars that transferred by an employee to her CFO
as it was instructor in a zoom conversation by her CFO,
(26:54):
which was a deep fake to you know, a third party.
We could also see the use of images of even
video images to do manipulation to log in and log
into website. You see you know, people sitting with fake
idea which actually you know you see their faces. But
(27:14):
this is all deep fake You can create very easily
campaign of phishing by using fraud gityps. That's a new
tool that's really amazing. You know we all use chaityp.
Speaker 1 (27:23):
Criminals have fraud fraud gpt. Wow.
Speaker 2 (27:27):
Yes, yeah, it was actually shown me that and that's amazing.
You could type in and ask, can you please produce
for me a campaign, a phishing campaign. Let's say that
we look exactly like Chase Manhatten Bank, a website with
the same logo, phones, colors, any URL that we look
authentic enough, and it produces that in twenty seconds. Now,
you know, organized crime group they need to invest resources
(27:51):
in order to create those campaigns. All of a sudden,
it became very cheap and accessible, and it's scary because
instead of you know, sending those fishing attack to a
limit number, you could just you know, spread it all over.
And you know, social engineering can create boots that are
really seems to be person and everything is scalable. And
I think that in the fraud domains and companies need
(28:14):
to understand that the threads are growing and growing because
that's become the industry benchmark, the standards for those criminal organizations.
They're smart, they're clever, they want to save resources, they
want to be very effective, and they are using that
more and more, and back to your question, the only
way to actually address that successfully is using machines because
(28:35):
a person cannot trace that any longer. And we have
to take that, you know, into that level as well.
Acknowledging that they are going to be much more attacked
and they are going to be much more sophisticated and
at scale. So financial institutions have to embed that into
their practices, into their fraud prevention, into their monitoring system,
(28:57):
and advance AI to be able to cope up with
the new challenges and numbers of attack that they are
going to experience.
Speaker 1 (29:06):
TRM offers leading blockchain intelligence for AML compliance at financial institutions,
crypto businesses, and regulatory organizations alike, with sanctioned support on
sixty five blockchains and coverage of more than seventy million
digital assets. In a recent customer survey, eighty five percent
of users agree that TRM accelerates their work, ninety two
(29:30):
percent of users agree that TRM provides actionable intelligence, and
eighty three percent of users agree that TRM has provided
intelligence they would not otherwise have. See for yourself why
customers rave about TRM by requesting a free trial or
demo at trmlabs dot com. Financial institutions are going to
(29:51):
have to really up their game, get more sophisticated, start
us thinking proactively about using AI and being on defense.
Any thoughts on what I FI used to need to
do to prepare and deal with AI.
Speaker 2 (30:04):
Yeah, definitely. So if I use are the same situation
as other financial institutions. They all have to adopt AI.
But for governmental agencies, and here I could again speak
for my experience, there are additional challenges, challenges in addition
of the need you know, to adopt the technology, embed
that and work with that, they also need to think
(30:25):
on additional consideration and that bias of the system and
what do I mean. When I was at the FIU,
we already use back then as being a data driven organization,
we already used algorithms machine learning algorithms which are very
similar to what we see now with AI. And one
of the tasks that we were asked the algorithms was
to find patterns. For example, if I use the example
(30:47):
that I mentioned before to identify professional money launders. Now,
the system was extremely biased and at first it gives
us the exact same result as I mean, the same
type of crimes as we identified previously. Cent demography, age, neighborhoods.
You know, everything was very similar. So we became a
(31:08):
law enforcement authority that goes only against certain types of criminals,
while we wanted actually to have diversity in the criminals
that we are targeting and addressing. So law enforcement agencies
have to take that. You know, that was just one example,
but they have to think very carefully on how to
make sure that the algorithms do not suffer from certain
(31:29):
bias that we lead to wrong results either. You know,
there are many different levels that could be taken into account.
This is one thing. And also we should all take
into account, you know, the fact that machine made mistakes,
so the final decision has to be made by analysts
and not by a machine.
Speaker 1 (31:47):
Well, and you bring up an issue too, but now
we're talking about the interaction between investigators, law enforcement technology,
and also the general public, whether it's the criminals or
it's just the population at large. I know you've done
some work relating to the privacy realm, and I'm wondering
if you could share about how you've navigated this tension
(32:09):
between compliance law enforcement and privacy.
Speaker 2 (32:12):
Yeah. So in my past I was also the head
of the Israeli Privacy Protection Authority, So when I established
that authority, I have a lot of background in the field.
And there is always this tension between law enforcement activity
and privacy and I think, you know, many people think
that there are contradicted contradicting but I think that those
are a compliment, that they are complimenting each other in
(32:34):
terms of the at least in the Israeli context, the FAUS,
it's under the Ministry of Justice in order to protect
the privacy of the public to have a lot of
data in one place, but it has to be extremely
protected and access to law enforcement is being granted only
when you have a real suspicious about certain offense. So
(32:56):
I think that you know, when you are able to
adopt high and highly sophisticated technology that allows you know,
to identify patterns and network and bring up the relevant
information out, then you're able to actually balance very nicely
between privacy protection and law enforcement activity. You don't want
(33:17):
to harm too much the privacy of people unless there
is a particular need, And personally I put together lots
of enforcement on that. And AI is also something that
allows us to add this additional layer of protection to
make sure that there is this you know, separation between
big data and actual investigations that are happening only on
(33:37):
a base on a need to do basis.
Speaker 1 (33:41):
Well, you know, we've talked so much about law enforcement
and government agencies, but you know, now in your current role,
one of your current roles, I mean, you're working in
payments in a payments company. What is based on everything
we've talked about or anything new? I mean, what either
excites you about payments or what is what do you
think people should know about the payment industry moving forward?
Speaker 2 (34:05):
Yeah, so first let's connect it perhaps to the last
point that we've discussed. It's AI AIH I think you
know it's going to change dramatically the payment industry and
the payment domain. I'm currently working with a global payment company,
Rapid that works across the glob and we embed very
quickly a lot of AI technology and what we see is,
(34:26):
first it's you know, it improves dramatically the work that
you are conducting when you're adopting AI. It improves the
authorization rate, the analysis of transaction, profitability, every all the
processes are very are becoming much more efficient. But in
addition to that, I think that AI and highly regulated industries,
(34:49):
for example, the financial sector, actually can benefit a lot
from adopting those technology. Let's take it, you know, to
the law enforcement compliance worlds. You know, there are many
processes that if you use a machine could be much
more productive. For example, the onboarding process. Once you're integrating
AI technology into that, you can improve your consistency with
(35:13):
policy completely. It sounds, you know, perhaps weird, but because
we want to ensure that our policies are being enforced,
it's easier to do that many times with machine rather
than with people. People make mistakes. Machine makes mistakes too. However,
when you're change one parameter in the prompt, you could
change that completely. You could monitor that and make sure
(35:36):
that you know you're following your policy. Also, as I
mentioned earlier, fraud prevention becomes much better, and the overall
payment that domain is going to change because you know,
algorithms will be able to transfer funds and transaction based
on voice recognition and many other activities that are going
to make everything move faster and you know, smoother and
(35:57):
so forth. And and you know, personally, I mean, we
are adopting AI to so many processes and that makes
the compliance more work, much more efficient and accurate. Perhaps
if I could also address it in a different angle,
you know, the the tension or the connection between crypto
(36:21):
and payments. I think that also there is a lot
of changes that are going to happen there between payment
worlds and crypto because you know, we see more and
more merging that those worlds are being combined together, and
payments company wants to use crypto as well, so you
need to have different licenses that for sure, But when
(36:41):
you want to combine them, the crypto world has to
enter into payments when you need to have a real
time response and make sure that the transaction is safe
and needs banking is almost banking standards, and this is
the stage in which I think, for example, as we
mentioned earlier, that the crypto industry will have to change
the standard of the way that they are screening transaction
(37:01):
and doing the monitoring and anazis to actually be able
to provide a real time solution and response to allow
you know, those immediate transactions that need to go through
the payment industry. So I think those industries are going
to kind of merge at some point and become much
more advanced and secure.
Speaker 1 (37:23):
Well, you can see the merger happening, especially now there's
more of a discussion policy wise about stable coins. So
we've talked about crypto, we haven't talked particularly about stable coins.
Any thoughts on how stable coins are going to change
or are changing global payments.
Speaker 2 (37:40):
Yeah, so we see but by the way, we see
that criminals and terrorists are preferring to use stable coin
rather than other cryptocurrencies. And the reason for that is simple.
They want to make sure that the value of their
assets is remain they they do not want to do
speculative investment. They want to have, you know, a consistent investment.
(38:04):
So we see that in terms of like the trends,
we see these merge between those industries and how customers
of the payment industry do want to get you know,
the payments with stable coid as well, and that causes
many challenges because you know, at payments you have different
environment which is more regulated and easy to trace. That's
(38:26):
not necessarily the situation with stable coin. It's also the
best stable coin. And I think that there is a
clear call for action here for regulators to create a
better infrastructure and that and as part of that, you know,
to set perhaps a better standard and understanding of what
should be considered as you know, a proper transaction or standards.
(38:47):
It all connects, you know, to the transaction monitoring capabilities
that we are but we discussed earlier also the fact
that it is possible in some of the stable coin
to freeze them from from afar. So like the operator
has with USDC for example, has the capability to freeze
the accounts with you know, accessing the wallet and actually
(39:08):
take them. We see how that impacts the industry. And
one interesting point the things that I learned is one
authority is confiscated one hundred and eighty million dollars of
stable coin from a criminal network. It led immediately to
(39:28):
a decrease of about six billion dollars in the volume
of using that particular coin after that activity. So what
we see is that when law enforcement they are taking actions,
concrete actions visa vis stable coin, we see that the
bad actors are trying to move to other coins just
(39:49):
to make sure that you know, their assets will not
be confiscated. So you know, we're still in the process
of finding the right balance between them.
Speaker 1 (39:55):
But yeah, another yet finding the right balance and I
know to do that, there's you know, balancing the opportunities
with the risk. And I mean maybe one sort of
final thought that I have is, you know, or I'd
like to know from you. Out of everything that you're
observing that you're seeing, what do you have the biggest
(40:16):
concern about?
Speaker 2 (40:18):
A challenge to trace asset and to combat the bad
actors is always a challenge. This is like you know,
a cat and a mouse race you'll never win in
You're never able to win in all fronts. However, I
think that we new technologies right now, we do have
an opportunity to improve that. First, I think that you know,
(40:38):
what frightened me the most, and I mentioned that earlier
is AI and deep fake synthetic content and the challenges
that it creates. We're not going to be able to understand,
you know, what's real and what's not, and there is
a necessary, an urgent need to address that. I think
that it's going to create a lot of challenges to
the financial domains. It's going to be open for many
(41:01):
more hacks and activities, and I think that an immediate
action is required here. So some of it will be
achieved by more investment in technology, not only AI technology,
but technology that is addressing safety and adversarial users of AI.
But also I believe that at some point also governments,
(41:23):
including the US governments, which now you know comes out
with statement that they are not going to regulate the industry.
I do think that they will need to address first
national security issues related to that in order to address
the gaps. As by the way that the US government
under the Trump administration did with respect to crypto a
couple of years ago, I was working very closely with
(41:46):
that team when they were addressing cryptocurrencies global challenges and
the national security, terrorism, finance, and financial crime aspects. First,
I think that the same will happen with AI to
some extent, just to make sure that the non legitimate
use are being blocked to some extent at least, you know,
national threads on you know, deep fake and so forth,
(42:08):
which impact dramatically the activity that we see now being
adopted by criminals.
Speaker 1 (42:14):
SCHLEMI, we've talked about crypto and criminals using it, but
can you tell us about crypto being used for good?
Speaker 2 (42:23):
Yes, definitely. I think that the advantages of cryptocurrencies and
the ability to trace activity much is in a much
more easy way than cash actually make it very attractive
to support, for example, humanitarian aid in conflict area. And
a project that I led in the past year was
actually to think, you know, how crypto can be used
(42:44):
in conflict zones when you have a real concern that
international aid, international funds will reach a venture that will
be provided to people in that region will be channeled
eventually to designate their organization. We could see that a
lot for example in the Middle East in Lebanon these
days were dispitalized acting in Gaza when you have hamas
(43:05):
and so forth. And what I built is actually a
program in infrastructure how to facilitate international assistant provided by
countries and international organization two people who need that using
blockchain technology, for example, by relying on private stable coin
(43:26):
that would be monitored and control in the on ramp
and off ramp by certain stakeholders, it is possible to
actually send out the aid through those channels and have
full visibility and transparency on the uses of that, you know,
like creating a close garden. And this is a great
example of how blockchain advantages could be used to create
(43:50):
you know, better good for the society in use case.
In use cases that fit out perfectly well, and this project,
for example, is now being adopted by government and international
organization to use that to provide their aid through those channels.
It's much safer than you know using cash or domestic
(44:11):
banks or exchange or money exchangers that are you know,
more vulnerable to be misused in those situations. So that's
a great opportunity for this industry to expand for additional
use cases.
Speaker 1 (44:26):
Any other words of advice for those that are out
there in the industry and financial institutions.
Speaker 2 (44:33):
Yeah, So I think that what I see along my
career is that and this is what you know, help
us in Israel to successfully go through the FATF evaluation
and the authority that I led IMPA to become much
more effective. Is first to understand the risk that you're facing.
You have to do the you know these work and
(44:54):
understand and craft what are the risks that you're addressing,
and then to support it with a very strong technology.
Once you are becoming a doted riefin organization, you have
the toolbox to address that not only with people but
also with machine and be able to prioritize and address
mainly the larger threads. It's always need to be in
a strategic resource allocation on how you look at the
(45:16):
big picture, not only the particular cases to be strategically
successful and be able to do that in the most
efficient efficient way, and you should always, you know, do
the balance between those aspects.
Speaker 1 (45:34):
Astro Meat has explained the world of financial crime is evolving.
For law enforcement, successful operations don't just come from accessing
new tech, but from figuring out how to build better
investigative and analytic methods through new technologies. She also highlights
that all technology is a tool that can be used
for good or bad depending on who yields it and how,
(45:57):
and that is where the real challenge lies for those
on the front line in the fight against financial crime,
keeping up with and staying one step ahead of those
using new technological advances to support their illicit aims. I'm
Yaya Jata Finussi and this is designated on the Illicit
(46:19):
Edge Network.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.