Technological Thoughts by Jerome Kehrli

I spoke to to Rudolf Falat, founder of the Voice of FinTech podcast about leveraging AI in anti-fraud prevention and cybersecurity.

The Podcast is available here and can be listened to directly from hereunder:

Happy listening !

The full transcript is available hereunder

Jerome, can you introduce yourself? How did you get to do what you do today?

I'm swiss, 43 years old and a proud father of 3 boys.
I guess I'm first and foremost a passionate software engineer and computer scientist. I remember putting my hands on my first computer - a commodore 128 - when I was 12 years old and knowing very well at that very moment that that would be my carrier.
I'm passionate by technology, artificial intelligence, programming, etc. for nearly 30 years now. I made all my career in financial institutions and fintechs and I wouldn't see myself working in another business nowadays. Financial institutions and financial markets form a very interesting domain of application in computer science due to the complexity of these systems and the wide range of concerns to be addressed, from real-time computing to highly mathematical applications.
I guess that my role today as CTO of NetGuardians is kind of a natural evolution in my career.

NetGuardians is a Swiss based software editor developing a Big Data Analytics platform that we package and deploy in financial institution mostly today to detect fraudulent activities and prevent fraudulent transactions.

Why have you decided to join a start-up (or a scale-up) like NetGuardians?

Before the NetGuardians co-founders reached out to me I was a consultant for a few years, working mostly for the major european banking institutions.
I really liked the job at the time, mostly the possibility to jump quickly from one topic to another, one customer to another.

But I did miss the product culture very much. As a consultant I was guiding other teams or leaders in adopting technologies, designing information systems, driving innovation projects, etc. But I was missing the deep implication and engagement that you get when you create a product from A to Z and sell it. Developing a software is the closest you can get in day job to having an actual child ;-)

So when NetGuardians pivoted to banking fraud fighting 7 years ago, the co-founders were looking for someone to lead the product research and development department, someone with a strong technical background and an extensive experience in finance.
Switzerland is a small country so they have been directed by some common relationship we had in their advisory board to my profile. So we met and they told me their story and shared their vision with me and I decided that I wanted to be part of it.
And today, 7 years after this first encounter I guess this company and this product are just as much my children as they're theirs.

When will we finally have truly intelligent AI working on fraud prevention in banking ?

Now that's a good question.
It's hard to answer since intelligent AI would need to be defined or precised. So first I would want to distinguish strong AI vs. weak AI and then share my perspective on what would be a truly intelligent AI.

If we qualify as a strong artificial intelligence, a software program able to contextualize, to show sensitivity, to show creativity or to exceed it's programming scope, then we don't have today the slightest trail of a proof that we'd be able one day to create such an program. This is downright science fiction. There is nothing in the real world anywhere close to the beginning of it.
The thing is that Artificial Intelligence is generating a lot of fantasy in the public's mind and I guess that the fact that we have given some of these algorithms names such as neural network is not helping in this regards. If we had given to neural networks the technical names they should have, such as largely convoluted and iterative statistical matrix model, I'm sure they wouldn't generate the same level of fantasy in people's minds.
Anyways.

Then if we qualify as a weak AI a software program able to optimize a mathematical function, solve a classification problem, or take a decision based on input data, then the progresses today are tremendous and new applications and solutions pop up nearly every week.
This technology evolves at a very fast pace and today's AI programs are a collection of sometimes hundreds of different algorithms working together to solve an analytical problem, such as driving a car autonomously for instance which is amazing.

Now when it comes to true intelligence, I strongly believe that the only true, actual intelligence is in the mind of the people developing these systems, not the machine, never the machine.
And then again, the progresses today are tremendous and essentially around 2 dimensions: the complexity of the individual Machine Learning algorithms and the number of these algorithms deployed together and working in conjunction in Artificial Intelligence Systems

And what we do at NetGuardians is a good illustration of all this evolution.
When we started in 2016, we were using one or two different methods to infer good features on events we were monitoring, mostly EBanking activities and financial transactions, as well as a single Supervised learning algorithm. Today we use a combination of multiple dozens of different unsupervised and supervised techniques all working together and each one of them focusing on a specific perspective, such as the timing of events, their frequency, their location, the destination of the funds, etc. or a specific step in the risk scoring process.

So yeah, again the true intelligence is in the mind of the guys developing these systems, not in the software.

How good is anti-fraud AI today? What kind of AI are we talking about?

Anti-fraud systems today form a very peculiar and passionate domain of application for artificial Intelligence. The nature of the problem to be solved makes it very specific.
Think of it, while some payments channel such as credit cards for instance experience a plethora of frauds, some other channels such as digital banking payments have typically only a few frauds for a million transactions a day.

Most sophisticated classification machine learning algorithms we have today perform very poorly on such datasets. They work well when the data is very much balanced between the positive and other populations.
As an example, every engineer knows today how to train a neural network to recognize pictures of cats, for instance, by feeding it with thousands of pictures of cats and thousands of pictures of other animals and other objects. Now if you try to train a neural network to recognize cats with only 6 pictures of cats and millions of random pictures of other animals and objects, the next picture of a cat you will present to the neural network will be classified as anything, such an elephant, right ? But there's no way an algorithm trained this way understands how to recognize cats.

And we're in the same situation. The very unbalanced nature of the data we're playing with makes all simple approaches simply irrelevant. So we have to do fairly complex stuff.

Our state of the art approach today at NetGuardians is a combination of multiple fairly evolved techniques and approaches working together.
I don't want to go to much into technical details but I would mention three categories of techniques we're using.

First, unsupervised learning techniques for anomaly detection ... with a wide range of different algorithms, from simple statistical or Poisson scoring down to clustering and peer group analysis. At the end of the day, fraudulent activities and transactions are always part of the set of anomalies.
Then, supervised learning techniques ... with a lot of different models being required from classification algorithms to risk scoring techniques, to distinguish between legitimate anomalies and highly potentially fraudulent transactions.
Last but not least, active learning and other supervision techniques to monitor the feedback we get from banking business users reviewing the hits, the activities or transactions being blocked in real-time by the system, etc.
And that is absolutely key because at the end of the day, our algorithms learn a lot from the feedback of these business people and they can only be as good as this feedback is. So supervising this quality is an essential concern.

So yeah, again, our approach at NetGuardians today is a combination of dozens of such techniques and algorithms deployed together to detect and block suspicious activities and transactions in real-time. And It works pretty good !

Another thing to consider: every transaction we block is investigated by a business expert within the bank who takes the eventual decision.
In a sense, we're not replacing the human decision process, but we're enhancing it. We give bankers a chance to review potentially or likely fraudulent activities before the funds leave the bank. And this is called Augmented Intelligence.

Who are your target customers?

At NetGuardians, we're working only for financial institutions. Our typical customers are Tier 1 and Tier 2 banks - big banks to medium size banks - where we detect fraudulent activities in a holistic fashion, fraudulent transactions and activities on digital channels just as much as internal fraud or scams.
In terms of types of financial institutions, we work just as much with massive retail banking institutions in Asia than private banking institutions in Switzerland.
Our key markets are Europe, our home market, Africa and Asia Pacific.
We support on premise deployment for Tier 1 banks who have a strong will to keep everything in house and onboard smaller institutions on one of our SaaS - Software as a Service - platforms on the cloud.

How do you make money?

Our customers pay an annual recurring licensing fee calculated from two metrics, their Asset under Management and their volume of financial transactions.
We bill delivery and integration costs when we integrate the solution ourselves but we intend to get away from this activity as much as possible and rely increasingly on local partners for integration.
We are not very much interested to sell services and would want to focus in the future on selling licenses only but that would require us to reach a critical mass and we're not there yet.But it's an ultimate objective for us, moving a way from a being both a product and service company today and turning to an only product company.

Where are you based?

We're a company founded in Switzerland and we are still today headquartered in Yverdon-les-bains, a small town north to Lausanne. We have offices in Nairobi where we manage our operations in Africa and in Singapore where we handle our Asian activities. We also have a commercial office in London and a near-shore development center in Warsaw .

Where are you on your journey in terms of product development, geographic reach, funding, hiring? Any numbers you can share?

We have today a very solid technology and product for the banking fraud detection and prevention problem. And in the short term we intend to leverage on our technology to extend our product to other financial crime use cases.

There are many different concerns in Financial crime fighting in banking institutions, Fraud detection is an essential one of them of course but then there's also AML - Anti Money Laundering - Transaction Monitoring, KYC - Know your customer and of course customer and transaction screening.
KYC and screening require very different technologies than the ones we've built so they're not in our short term focus. But AML Transaction Monitoring is very close from what we do on Fraud, just the perspective of the analytics is somewhat different.
Finding fraud is a lot about understanding where the money goes while AML is a lot about understanding where the money comes from, but from a technical standpoint it's really similar.

So long story short, we intend by the end of next year to extend our solution to state of the art AML transaction Monitoring leveraging on our technology. Eventually, over the next years, we intend to build a complete financial crime package by integrating third party solutions for KYC and screening.

In terms of geographic reach, we are today strong in Europe - our local market - and Africa. But we're really only building Asia. This is where we are investing our effort today and in the coming year to build a strong sales team, identifying and leveraging on the right partners, scaling the delivery team and eventually, hopefully, become a major player in Asia as well.
Interestingly, we have no intent to actively address the US market today aside of a few opportunistic leads through some of our partners.

To give you a few figures, we're today a 100 FTEs company and we have a little less than 80 financial institutions as customers.

Now regarding funding, I can't tell you much actually. We have raised roughly 30 million USD so far and we are in the process of challenging and building the next investment round. Building the proper structure in APAC to emerge as a major player here is not something on our reach today. We need support from investors to build this and we're working on that today.

What are the next steps for you next year and beyond? Customers, incumbents as partners, investors?

We intend to develop significantly in our three key markets, Europe, Africa and Asia. We are in the process of finalizing recruitment of the key people - such as regional sales director, etc. - who will be instrumental in driving our growth in these regions.
And as I said before, we need support from investors to build the proper structure in APAC, based in Singapore.

In terms of partnership, we have today very good partners in the core banking systems and banking package providers field where our strategy is to bundle our fraud detection engine with their Core Banking Package offering.
We are now in the process of looking for integration partners in the different regions to support our scaling and incrementally disengage our own people from delivery.

In terms of investment, we would also expect the next round to support our extension to completeness of offering in AML and more generally financial crime fighting as well as complete our transition to the cloud as lead deployment channel. We have still quite a path ahead of us to provider tier 1 banking institutions with a state of the art hybrid cloud approach.
A lot of tier 1 banking institution would sign up for a cloud deployment of NetGuardians if and only if we can provide them with means to guarantee that the confidential data remains within the bank information system boundaries. And the technology for that is called hybrid cloud which would be quite an evolution from what we do today.

Where can interested parties reach you?

Well, I guess the best way to get in touch with us is through our web site, www.netguardians.ch.
And the best way to contact me would be on linkedin I guess jerome KEHRLI.