Raising the Bar – Interview with Amir Orad CEO of NICE Actimize

“It is about being stronger in such a way that people will not attack you, but you have to ensure that in being the strongest, you are not causing your customers unnecessary pain.”

Amir Orad

Amir Orad

Amir Orad is president and CEO, NICE Actimize and leads the company’s corporate vision, strategy and execution.  Previously at Actimize, he held the roles of president of Americas, executive vice president of product management and business development, and chief marketing officer. Orad is a thought leader and renowned expert in the areas of financial crime, cyber security, payments and authentication. Prior to joining Actimize, he was co-founder and executive vice president marketing of Cyota Inc., an online security and anti-fraud company acquired by RSA Security in 2005.  Following the acquisition, he was vice president of marketing at RSA. Orad holds an MBA from Columbia University’s executive programme and a BS in Computer Science and Management from Tel Aviv University.

Amir Orad’s track record in online security and anti-fraud have served him well. NICE Actimize, the company he is president and CEO of has a solution that uses know-how and intelligent logic to address the unique characteristics of financial crime, risk and compliance in different parts of a bank’s business. Yet, when asked who is winning the war against financial crime, Orad says it is not a game someone wins. It is about ensuring your bank is less of an easy target for criminals.

How has Actimize’s strategy evolved? 

Actimize started as a business intelligence company and quickly evolved to one that focuses on financial crime and fraud. It was very clear at the beginning that generic business intelligence did not provide enough value, so a decade ago, we built a technology platform that combined business intelligence with targeted analytics designed for the financial services market. We started first with trade surveillance and compliance in investment banks and soon segued into anti-money laundering (AML) compliance.

Ultimately, we applied what we learned to fraud detection and prevention. However, each segment of our business and development is unique. Money-laundering detection in trades is different from money laundering detection in private or commercial banking, and it is different from how you execute fraud surveillance on wires and credit card transactions, and it is different again when you do screening. Across various user cases, financial crime and compliance is very complex and to do it out of the box, you have to put a lot of logic and know-how into the product. Our strategy for the past five to seven years has been to focus on financial services, risk and compliance. We have a common technology platform and the business applications on top are the best available.

Most banks talk about the number of false positives that AML systems generate. Have solution providers addressed that?

False positives are still an industry issue. Every time you expand your AML coverage to other business areas or geographies, you face false positives. As you do more real-time sanction monitoring, false positives are much more painful. Stopping a wire in real time because of false positives is not just a 10-minute delay, and it probably means you are unlikely to use that bank again. The moment you do real time, every mistake is painful. Customers are focused on the costs of running an AML software system. Every false positive costs money. If you improve false positives by 10%, you are saving a lot of money so there is a cost-saving element to improvements in technology.

Instead of having multiple systems for AML, fraud, risk and compliance for different parts of the business (cards, payments, private banking), you talk about an enterprise-wide approach. Does that mean having a single system that does everything? 

We believe that different solutions are designed to address specific challenges, but the ability for these applications to leverage a single, comprehensive platform is key to monitoring risk and securing the enterprise.  Some companies are in love with a particular algorithm but there is no single tool or silver bullet, and if you fall in love with one algorithm, you may miss the opportunity to leverage the effectiveness of multiple tools. Within our system there is a lot of self-learning and sophisticated profiling.  Our solutions are data hungry. All the data you have, even if believed to be theoretically irrelevant, provides far more value than people may think. For example, our visual link analysis investigation tool profiles data and uncovers links between entities. It is about connecting the dots. People who just have a single system will fail. There is no one tool that does everything well. You can have one platform with data integration, however the algorithms, workflow and logic of the applications are very different.

Many banks are forced to invest in AML solutions or face hefty fines from the regulators, but are they really getting a return on their investment? 

Banks know they need strong AML otherwise they will pay millions in fines.  Now the question becomes, how do I convert this investment into ROI? A good example of that is by looking at factors such as conversion rates. Customer conversion rates – the number of alerts produced by the system that become a Suspicious Activity Report (SAR) – have doubled using our system.  By doubling the conversion rates you cut in half the people you need in compliance. That means you’ve improved your efficiency by 50%. We are now piloting an enterprise case management technology that sits above all of the systems for AML and fraud that widens and connects all the dots.  What is the ROI? Instead of maintaining five, six or seven front-ends, you can unify them – that is an IT saving.

Banks often complain that they spend a lot of time producing SARs, but they are not followed up by the authorities. 

The entire system relies on banks to self-police. They are not judge and jury, but we see more demand form regulators for technologies to help them review the information they get from banks. Some countries in Europe are looking to do better data mining. The russian regulators acquired a system from Actimize to look at reports form the banks and detect country issues. The regulators are starting to take a consolidated view and are using technology that detects anomalies.

When it comes to terrorist financing, despite the screening done by banks against blacklists, few terrorist assets have actually been seized. does this mean that what the banks are doing is having little or no impact? 

At the end of the day, looking at blacklists is making the bad guys’ lives more difficult. Some terrorists are financing their activities by credit card fraud because they are unable to move enough money through conventional banking channels. That means they have a more difficult time buying materials to commit attacks. It is about raising the bar. That’s what it takes.

Who is winning the battle – the banks or the criminals? 

No one is winning the battle. It is not The Lord of the Rings. The amount of fraud out there is more or less the same. The question is, will they attack you? If you want to hack into some bank’s computer, you will probably manage to do it. It’s a case of is Bank A better protected than Bank B. It is about being stronger than others in such a away that people will not attack you, but you have to ensure that in being the strongest, you are not causing your customers unnecessary pain. It is about striking a balance and being able to adjust the level of security based on the level of risk.  That is where a cross-channel enterprise view of fraud becomes important, as you have better information, and based on that you can adjust your security levels.

Fraud is also migrating from consumer payments into commercial payments.  Can existing financial crime technologies be used to combat fraud in commercial payments? 

UK banks are now investing in the area of commercial payments fraud.  It is very different, however, and the technologies and methods used to detect consumer fraud are not good at catching fraud in the commercial enterprise.  For example, in a commercial enterprise, a large amount of international transfers are legitimate. Banks also have less sophisticated fraud controls for commercial payments. In order to address commercial fraud we had to invest in a different set of algorithms. Now we are one of the few solution providers with a solution for commercial payments.

Approaches to AML have changed radically over the past few years, but how mature is it as an industry? 

AML is not that mature.  There are still large international and domestic banks that, when examining themselves or being examined by others, realise their customer risk-rating processes and systems are far from enough. The smarter guys are being more pro-active but a lot are waiting for someone to tell them to do it. Even some of the more sophisticated banks still use manual processes.  This has become a painful issue for a number of firms who face eight, nine, 10-figure fines. Also in the AML space, while transaction monitoring is mature, sanctions are not mature enough. And when it comes to know your customer and customer due diligence there is no single definition of how to do either correctly.