- South Africa has just 18 months to show that it has an effective anti-money laundering (AML) policy.
- The government estimates that between $2 billion and $8.3 billion is laundered annually through local financial institutions.
- Banks in South Africa must find a new way to prove identity to prevent money laundering and cyberattacks.
South Africa has just 18 months to show that it has an effective anti-money laundering (AML) policy, an undertaking that banks can help to rescue the country from the grey list. In January 2025, the global anti-money laundering watchdog, the Financial Action Task Force will review its decision to greylist South Africa. The agency will interrogate the public and private sector measures taken by the country to address its concerns.
The nation will have to present a workable, scalable plan to stop fraud, money laundering, and other financial crimes. Failure to do so will have severe negative economic ripple consequences on the Rand. South Africa also risks a sharp decline in foreign capital inflows and a downgrading by credit rating agencies. State-owned businesses that rely on finance from offshore debt capital markets face a major threat from an extended greylisting.
This does not have to be the situation in South Africa. In two years, Mauritius successfully complied with FATF’s requirements and was taken off the grey list. But for this to happen, both the public and commercial sectors have to pay close attention and work together.
Financial institutions in South Africa are currently in the limelight. There is enough time to take the necessary actions to stop the greylisting, and the technology is already available to effectively combat financial crime and money laundering.
Money laundering – banking’s Achilles heel
Greylisting in South Africa covers a wide range of issues, some of which are the responsibility of the public sector. However, the private sector can work together to tackle financial crime and money laundering.
Even while some illegal activity involves cash or cryptocurrency, banks are nonetheless susceptible to money laundering, especially when dealing with international transactions. Even though the government estimates that between $2 billion and $8.3 billion is laundered annually through local financial institutions, hardly one per cent of the money is ever recovered.
The root of online financial crime
Banks must address the underlying reasons behind how money laundering goes unnoticed to properly tackle financial crimes. And this root cause is identity. According to Murray Collyer, Chief Operating Officer of iiDENTIFii, banks need to better authenticate a person’s identification. This according to Coller, is the surest way to successfully and reliably counter financial crime. Banks must provide the assurance that a customer conducting business on the other side of the screen is who they claim to be.
The ability to combat cybercrime is a pressing concern as our lives become more digital. According to the global police agency Interpol’s Global Crime Trend Report 2022, crimes such as ransomware and phishing attacks are expected to rise dramatically in the next three to five years. As a result, the conventional verification methods that banks typically use, including one-time passwords (OTPs), become insecure and out-of-date.
Digital security threats to banks
Presently, there are two types of biometric security threats: presentation assaults and digital injection attacks. Presentation attacks involve holding images, movies, or even masks in front of a screen. This move simply tricks the technology into identifying the attributes of the identity that is being stolen. In contrast, digital injection assaults use emulators, hacking tools, or virtual cameras to insert imagery directly into the video stream.
The advanced “deepfakes” or “face swaps” that AI technology uses to impersonate another person are among the directly injected pictures. In a recent 2023 study, iProov, the technology partner of iiDENTIFii, reports a 149 percent rise in digital injection attacks and a 295 percent rise in face swaps.
Face swaps have gained popularity, giving low-skilled thieves the ability to carry out sophisticated attacks. Threat actors attacked hundreds of systems worldwide using motion-based attacks that were launched simultaneously and at scale.
Collyer adds, “To the untrained eye or technology, face swap synthetic imagery has the characteristics of the genuine individual’s facial traits. The imagery can match their government-issued identification photograph during a liveness verification attempt if the technology is not equipped with the latest defences.”
How financial institutions can prepare
Banks must tackle the challenge head-on to have the robust AML systems and processes required for South Africa’s greylisting review. This needs a clear perspective on the current threats and how to mitigate the resulting risks to banks and customers.
The approaches required for digital injection attack detection and presentation attack detection (PAD) are fundamentally different. In order to stop money laundering and cyberattacks, financial institutions must discover a new way to confirm identity. This is because many of their current biometric technologies are ill-equipped to counter this rapidly expanding threat. The use of ‘liveness’ in authentication holds the key to the solution.
“Simply put, ‘liveness’ is the confirmation and verification that there is a human being conducting a transaction on the other side of the screen,” Collyer explains. “While cybercriminals can mine personal data and override certain systems through targeted attacks, it is more difficult to forge a sense of human liveness.”
Many local banks are addressing the challenge head-on. They are upgrading their systems in response to new digital risks. “iiDENTIFii has to date partnered with three leading South African banks to fortify their digital identification and onboarding processes. This is part of a wider banking strategy to protect companies and consumers against AML and fraud,” adds Collyer. “Over the next 18 months, we believe the full impact of this solution will be visible and hopefully play a part in shifting the needle on the greylisting decision.
Reverse South Africa’s greylisting
“Our 4D Liveness is resilient to deepfake and replay attacks. It comprises different colour lights that reflect in a certain sequence off the user’s face, which helps determine true biometric liveness. This has been the solution of choice for South Africa’s leading banks.”
It is possible to reverse South Africa’s greylisting in 18 months. Financial institutions need to refine their focus on digital identity, the central factor in performing safe, verifiable, and authenticated transactions.
Collyer concludes, “We call on financial institutions and the government to embed infallible, enterprise-level and sophisticated biometric authentication into the country’s financial services infrastructure. This should not just be a response to our greylisting. It is a strategic imperative in an increasingly digitised economic climate where cybersecurity risks abound. If we can demonstrate an ability to combat threats at a global level, this could instill faith in reluctant overseas investors and local customers alike.”