TRUST matters

June 2024

One Day Workshop - Anomalous Activity in Digital Financial Systems

On May 25th, 2024, IIT Bombay’s SJMSoM buzzed with activity as leading minds in finance and technology gathered for an intensive one-day workshop. The focus? Anomalous Activity in Digital Financial Systems – a pressing issue in our increasingly digital world. Co-hosted by the Centre for Machine Intelligence and Data Science (CMInDS) and IITB Trust Lab, this invite-only workshop brought together key players from academia and industry. While SBI Foundation Hub was the supporting partner for the workshop, Deloitte India served as the Knowledge Partner bringing their expertise and insights to the discussion.

The workshop, jointly conceptualized by CMInDS and IITB Trust Lab, aimed to foster collaboration between researchers and solution providers and the `problem owners’ in financial risk, security, and fraud detection & management on the one side and academics and practitioners in the fields of Artificial Intelligence (AI) and security. The key objective aimed to close the divide between these two groups— those facing issues in financial technology and those that may be possessing the tools to tackle them with innovative solutions. 

Prof. D. Manjunath, the Professor-in-charge of CMInDS, started off the proceedings by providing an overview of CMInDS and the IITB Trust Lab. He also introduced the speakers slated to lead various sessions throughout the workshop.

The first session was led by Mr. P. R. Ramesh, the former Chairman of Deloitte India, who delivered a comprehensive presentation on the current fraud landscape in India. He began by discussing the prevalence of banking frauds and the diverse types of frauds encountered, such as data theft, cybercrime, bribery, and fake documentation. Mr. Ramesh also highlighted the legal framework, specifically referencing the definition of fraud under Section 447 of the Companies Act 2014, emphasizing the gravity of fraudulent activities.

Mr. Ramesh also shed light on the early warning signals of corporate fraud and the typical methods of discovery. He provided insights into the profile of fraudsters and shared global statistics on fraud occurrences, enabling the audience to better understand the scale and characteristics of these illicit activities.

The discussion then shifted towards the regulatory measures aimed at addressing corporate fraud and enhancing governance. Mr. Ramesh focused on key legislation and initiatives undertaken by the Reserve Bank of India (RBI) to combat fraud in the Indian context. He underscored the importance of implementing robust fraud risk management systems within banks and the effectiveness of anti-fraud controls. Additionally, he stressed the necessity of employee training in fraud awareness to create a strong first line of defense against financial crimes.

Lastly, Mr. Ramesh explored the potential benefits of leveraging Artificial Intelligence (AI) and Machine Learning (ML) techniques in the fight against fraud. He highlighted how these technological advancements can serve as crucial tools in detecting and preventing financial crimes, enabling organizations to stay ahead of increasingly sophisticated fraudsters.

The session concluded with an engaging question-and-answer session, allowing attendees to seek further clarification and share their own insights on the topic.

Next was Mr. Vishwanath Krishnamurthy, the Chief Risk Officer of National Payments Corporation of India (NPCI), who delivered a talk on the topic “Digital Financial Fraud as seen in NPCI”. His presentation focused on various aspects of digital financial fraud, with a specific emphasis on the Indian context.

Mr. Krishnamurthy highlighted the growing prevalence of cyber scams and social engineering frauds, which have become significant concerns in the digital financial landscape. He elaborated on investment scams and stock trading scams, explaining how fraudsters lure individuals into fraudulent schemes by promising high returns or insider information. These scams often exploit people’s desire for quick profits and their lack of financial literacy.

Additionally, Mr. Krishnamurthy discussed the challenges posed by system glitches, which can be exploited by cyber criminals to carry out malicious activities, such as a money heist. He emphasized the need for robust security measures and regular system audits to identify and address vulnerabilities promptly.

Looking towards the future, Mr. Krishnamurthy warned about the potential threats posed by emerging technologies, such as caller ID spoofing apps and deep fakes. Caller ID spoofing allows fraudsters to disguise their identities, making it easier to deceive unsuspecting victims. Deep fakes, on the other hand, involve the use of AI-generated audio and video content to create convincing but fraudulent messages. He stressed the importance of staying ahead of these technological advancements and developing effective counter measures to protect digital banking users.

Furthermore, Mr. Krishnamurthy shed light on the exit of fraudulent money from the financial ecosystem, which often involves cryptocurrency transactions. Cryptocurrencies, due to their decentralized and pseudonymous nature, have become a popular choice for fraudsters to move and launder illicit funds. He  emphasized the need for enhanced collaboration between financial institutions, regulators, and law enforcement agencies to trace and recover stolen funds.

Mr. Krishnamurthy’s talk was one of the most interactive sessions of the workshop, with a lot of engagement between the speaker and attendees.

In the following session, Mr. Jayant Saran, a Partner in the Forensics and Financial Advisory division at Deloitte India, delivered a presentation titled “Data Breach and Data Protection: The New Frontiers”. His talk focused on the critical importance of data protection in the wake of recent data breaches and the evolving landscape of data-driven risk management practices.

Mr. Saran emphasized the significant impact that data breaches can have on organizations, both in terms of financial losses and reputational damage. He highlighted the need for robust data protection regulations to safeguard sensitive information and maintain the trust of customers and stakeholders. He discussed the various types of data breaches, such as those resulting from cybercrime, insider threats, or accidental disclosures, and the potential consequences faced by organizations in the event of a breach.

Furthermore, Mr. Saran covered the evolution of data-driven risk management practices, showcasing how organizations are increasingly leveraging advanced technologies and analytics to identify, assess, and mitigate data-related risks. He provided recommendations for safeguarding data, which included implementing strong access controls, encrypting sensitive information, conducting regular security audits, and providing employee training on data handling best practices.

The presentation also highlighted the Digital Personal Data Protection Act, a proposed legislation in India aimed at protecting personal data and regulating its collection, usage, and storage. Mr. Saran discussed the key components of the act, such as data localization requirements, consent mechanisms, and penalties for non-compliance.

To further illustrate the real-world implications of data breaches, Mr. Saran presented case studies from various industries, including leading private-sector lenders, multinational banks, financial services platforms, and regulatory bodies. These case studies likely showcased the diverse range of data breach incidents, the underlying causes, and the lessons learned from each event.

The session concluded with an engaging question-and-answer session, allowing attendees to seek further clarification and share their insights on the topic.

The post-lunch session commenced with a presentation by Mr. Nandkumar Saravade, a highly experienced professional with a diverse background as the Co-founder of DeepStrat, the Founding CEO of Reserve Bank Information Technology (ReBIT), and a former Indian Police Service (IPS) Officer. His talk, titled “Public Policy Aspects of tackling Payment Fraud,” focussed on the various strategies and considerations for combating fraud in the digital payment ecosystem.

Mr. Saravade emphasized the critical need for protection and collaboration among stakeholders in the fight against payment fraud. He discussed several strategies to reduce fraud, including proactive detection and prevention of risks, the implementation of Confirmation of Payee (CoP) mechanisms, and the importance of safeguarding vulnerable customers who may be more susceptible to fraudulent activities.

One of the key points highlighted in the presentation was the importance of having robust reimbursement processes in place for victims of fraud. Mr. Saravade discussed the role of the Reserve Bank of India (RBI) in setting regulations and issuing circulars to manage electronic banking transactions and protect customers from fraudulent activities.

In his presentation, Mr. Sachin Yadav, a Partner in the Forensics and Financial Advisory division at Deloitte India, focused on the topic “Case Study: ATM Frauds.” He shared valuable insights into the evolving landscape of ATM frauds and the necessity of implementing robust security measures to combat threats such as hardware compromise and insider attacks.

Mr. Yadav’s talk featured a comprehensive case study of an ATM fraud incident involving a Man-in-The-Middle (MiTM) attack. Through this case study, he highlighted the crucial role of customer education in preventing such frauds from occurring.

Furthermore, he emphasized the importance of investing in security measures to address the challenges posed by sophisticated malware and emerging fraud techniques. Mr. Yadav stressed the need for vigilance and preparedness in safeguarding against ATM frauds, underscoring the critical role that proactive measures play in protecting financial institutions and their customers.

The session concluded with an engaging question-and-answer round.

Mr. Viraj Joshi (Associate Vice President, Regulatory and Policy, Zerodha), joined virtually to present on risk management in the financial industry, highlighting the importance of robust monitoring.

This included KYC and pre-boarding screening, continuous client monitoring, and transaction-level monitoring with 73 red flags.

He also covered common frauds like investor and taxation frauds, penny stock schemes, and phishing trading accounts. Finally, the potential of AI in transaction monitoring was explored, offering innovative solutions for mitigating risks.

The workshop panel session, titled “Three Perspectives on the Way Forward,” was moderated by Mr. Sandeep Ubale, Mr. Sulesh Kumar, and Prof. Venky Panchapagesan. The panelists discussed various aspects of combating financial fraud, particularly in the banking sector.

Mr. Sandeep Ubale from SBI stressed the importance of implementing robust machinery to handle fraud at different organizational levels.

Mr. Sulesh Kumar focused on innovative solutions and collaborations between startups and banks to improve fraud detection. He highlighted the Money Mule Score, a tool designed to evaluate the legitimacy of individuals involved in financial transactions. Additionally, he emphasized the significance of selecting the right startup for investment, considering factors such as founder background, understanding of FinTech, and experience working with financial institutions. Mr. Kumar also addressed the pressing issue of banking fraud in India, presenting examples of startups working on fraud detection solutions. Moreover, he explored ways for banks to optimize partnerships with startups, such as providing feedback and leveraging data partners.

Prof. Kameswari Chebrolu delivered the closing remarks, emphasizing the integration of research, technology, and outreach programs.

The workshop, attended by over 80 senior industry professionals from the banking and financial sectors as well as Ph.D. scholars working in digital financial systems, provided an excellent networking opportunity for the attendees.