In CFO Brew’s latest virtual event, Annemarie McAvoy, CEO and founder of compliance and fraud detection consulting firm Clovis Quantum Solutions and a former federal prosecutor, spoke with editor Drew Adamek about how to combat financial crime and strengthen compliance systems.
This interview has been lightly edited for length and clarity.
How complicated do you see the current world of financial crime, sanctions risk, and compliance risk?
The more technology has improved, the more difficult it can become to find who you’re actually dealing with, to find the funds before they wind up being dissipated or sent somewhere else, or sent to a jurisdiction where we can’t get them anymore.
A lot of people wind up being scammed these days. There are even AI programs that can mimic a person’s voice. Then, you add to it; you have vehicles to move money such as cryptocurrency and it moves immediately, and it doesn’t have the FDIC protections that a bank account would have. Whoever has access to the key to the wallet has access to anything that’s in it. So, you don’t necessarily know who even has access to a particular wallet because a bad guy can give the key to an associate who then can be moving funds as well. It becomes very, very complicated and difficult these days.
In your experience, how do you see organizations prioritizing these kinds of risks?
They need to give these areas—and generally it falls under compliance, under fraud prevention—they need to give them the manpower that is required, as well as the funding that’s required. Unfortunately, these areas have often been looked upon as cost centers, which they are. But if you don’t take care of those issues, as far as making sure that your company remains safe from any sort of bad guys either using your products and systems or actually somehow hacking in…and stealing the information of your clients, that can be monumental as far as the cost involved if that happens. You may never recover.
News built for finance pros
CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.
Where should organizations be directing their financial investments in compliance in the next, say, 12–18 months to next five years?
I think it’s a combination of the personnel and getting the right people who understand the industry, and understand compliance and have a background in it, [and are] capable of doing the work. Many places hire people who have a minimal background, and they just aren’t equipped. And regulators will come in and say, “You have an anti-money launder compliance officer, but they don’t have the background that they need to actually efficiently do the job.” And then that will potentially lead to an enforcement action as well, or at least be part of it as far as some sort of regulatory action.
The other area they need to put money into is, especially if it’s a larger operation, is the systems. They keep improving. There’s a lot of review going on right now of how to have AI be used. I think there’ll be, in the next 10 years, certainly the way the systems are set up will undoubtedly incorporate much more of AI.
Right now, regulators are still not too thrilled with AI. You can’t rely on it completely because you have to be able to explain the methodology behind all of your decisions, and you have to be able to document each of your decisions in AI because it learns from itself essentially, and keeps improving upon itself. You don’t have that documentation of exactly what went into each decision as to how it changes how it’s operating. That is a problem right now with AI, but certainly in the next 10 years, I’m sure a lot of the issues will be worked out.