THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK

Angela S.M. IrwinKim-Kwang Raymond Choo

STATEMENT OF INTENTThis paper examines the technological challenges faced by financial institutions in setting up, managing and maintaining an effective Know Your Customer (KYC), Customer Due Diligence (CDD) and Customer Identification Program (CIP), as well as the future of money laundering and terrorist financing risk management with a focus on technologies.

The views and opinions expressed in this paper are those of the authors and do not necessarily reflect the official policy or position of Thomson Reuters.

THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK 2

TABLE OF CONTENTS

EXECUTIVE SUMMARY 3

INTRODUCTION 4

ESSENTIAL ELEMENTS OF AN EFFECTIVE KYC/CDD SYSTEM AND CIP 5

THE CURRENT STATE OF DATA ANALYSIS IN FINANCIAL INSTITUTIONS 5

CLOUD COMPUTING 6

THE WAY FORWARD: A THREE-PRONGED APPROACH 7

REFERENCES 9

THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK 3

EXECUTIVE SUMMARYKnowing a customer well helps a financial institution to manage their risks and meet regulatory requirements. However, it is one of the major challenges faced by financial institutions every day. Despite increased investment in AML/CTF systems, the systems in place by many financial institutions fall well below the standard necessary to deal with current or future regulatory demands placed on the industry. This paper discusses the challenges faced by financial institutions and how cloud computing and big data analytics may help financial institutions to better position themselves to more effectively deal with vast amounts of data and their ever-changing regulatory environment.

This paper also discusses a three-pronged approach that may be employed to ensure the effective use of up-to-date intelligence, make careful predictions about future trends in information and communication technology (ICT) and the scale of the money laundering and terrorism financing risk landscape, and ensure that appropriate controls are in place to support a resilient AML/CTF strategy.

THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK 4

IntroductionFinancial institutions are in a time of growing business uncertainty, changing geopolitical environment and ever-increasing regulatory scrutiny. Know Your Customer (KYC) and Customer Due Diligence (CDD) policies are becoming increasingly important globally as a tool to prevent money laundering, terrorism financing, financial fraud and identity theft. Knowing a customer well helps a financial institution to manage their risks and meet regulatory requirements. However, it is one of the major challenges faced by financial institutions every day. Additionally, as regulatory definitions are neither globally consistent nor prescriptive, financial institutions are at risk of being held to different standards dependent upon their jurisdiction and regulatory environment.1

The USA Patriot Act, for example, requires that financial institutions develop a Customer Identification Program (CIP) appropriate to the size of its business. For large organizations with millions of account holders and businesses in more than 160 countries and jurisdictions worldwide, this can be an extremely complex task and a massive undertaking. Although financial institutions must quickly and effectively assess, align and implement an organizational best-fit customer compliance solution, in the case of an organization such as Citibank, a corporation-wide KYC solution is extremely difficult to envisage and implement. The staggering volume and complexity of data in such an organization also serves to complicate the issue further.

Customer identification is the critical first step in anti-money laundering/counterterrorism financing (AML/CTF). A CIP includes the collection and analysis of basic identity information and is usually part of wider KYC controls. A CIP also includes the checking of customers and the transactions they perform,against hundreds of industry watchlists, politically exposed person (PEP)2 lists and internal lists. It also includes the determination of the customer’s risk in terms of propensity to commit money laundering, terrorism financing, financial fraud or identity theft; the creation of an expectation of a customer’s transactional behavior; and the monitoring of a customer’s transactions against their expected behavior and recorded profile, as well as those of their peers.

Financial institutions are required to manage their KYC and CDD compliance throughout the entire customer life cycle, from customer on-boarding through ongoing due diligence. This can be done with the help of KYC/CDD solutions that operate in a stand-alone environment or as an integrated solution within the financial institution’s existing technology infrastructure.

Due to the constantly changing environment in which they operate, financial institutions are required to constantly update their AML/CTF transaction monitoring efforts, CIP and AML/CTF processes and make greater investment in monitoring systems. For example, between 2009 and 2010, financial institutions were reported to have implemented more than 1,200 new AML/CTF transaction monitoring systems. Despite increased investment in AML/CTF systems, AML/CTF transaction monitoring efforts in many organizations fall below the optimal standard.

This paper looks at the information and communication technology (ICT) challenges faced by financial institutions in setting up, managing and maintaining an effective KYC/CDD and CIP. It examines how ICT is currently being implemented by financial institutions in the KYC/CDD and customer identification domains and explores how software and data might be better optimized to more effectively meet increasingly complex regulatory and compliance demands. It also discusses how technology can help financial institutions to simplify KYC/CDD and customer identification even though the number of customers, and the amount of information available on those customers, grows considerably each year.

THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK 5

ESSENTIAL ELEMENTS OF AN EFFECTIVE KYC/CDD SYSTEM AND CIP

There is great disparity in terms of the type of AML/CTF compliance software utilized by financial institutions in order to meet regulatory demands. For example, some financial institutions use complete end-to-end solutions, while others use software that focuses exclusively on targeting one part of the problem such as dealing solely with KYC, CDD, suspicious activity monitoring, case management or watchlist filtering. Some financial institutions use the most rudimentary tools, such as email and spreadsheet tools, to meet their regulatory requirements. Since these tools are not designed for AML/CTF purposes, they are not scalable and deliver results that lead to inconsistent decision making.

In reality, the AML/CTF systems in place by many financial institutions may fall well below the standard necessary to deal with current or future regulatory demands placed on the industry. For example, many AML/CTF systems cannot support segmented monitoring of customers and peer groups or produce cross-channel views of illicit behavior. These systems may also lack the flexibility to deploy new monitoring strategies and are unable to scale to growing transaction volumes. Additionally, many systems lack integration, which makes the sharing of information between systems extremely difficult or impossible. Members of compliance staff are often forced to query transaction systems and enter information into systems manually, thereby increasing the chances of human error.

The following paragraphs discuss the essential elements of an effective KYC/CDD system and CIP, which will help financial institutions to better position themselves to successfully deal with complex regulatory demands imposed on their industry.

It is believed that the ideal AML/CTF solution increases efficiency through streamlined automated workflows, rapid data collection, efficient alert management and prioritization, advanced case management, ad hoc investigation, integrated research tools and comprehensive, centralized audit trails and reporting, while also satisfying local and global regulatory requirements.

An effective KYC/CDD program also includes the use of detailed scanning and matching solutions. These are essential, as financial institutions must be able to find, match and link similar entities and discover hidden relationships between seemingly unconnected people, places and things. The scanning and matching solution should be able to search data where it lives, in its native format, without the need for normalization3 or the building of an intermediate data warehouse. It should also be able to search data across disparate departmental silos and cross organizational boundaries, access hundreds of watchlists, and

be able to integrate easily with existing KYC/CDD solutions. The scanning and matching solutions must be able to perform millions of queries on hundreds of millions of rows of data across dozens of data sets, provide an auto alert when a hidden relationship or pattern has been found, and have an intuitive content-rich or visualization interface for viewing results.

Although scanning and matching technologies can be a valuable asset to an effective KYC/CDD program, it can be very difficult or impossible for typical screening tools to make links between people, places and things when clerical errors, language barriers, and deliberate misrepresentation of information is introduced into the system. To reduce operational workload, screening tools must also be able to return a low number of false positive results.

Watchlist filtering solutions should be used to provide financial institutions with enterprise-wide, multijurisdictional and multibusiness unit coverage for screening customers and transactions against sanctions, PEP and internal lists and manage regulatory requests. To minimize the risk of missing sanctions violations or high-risk customers, intelligent analytical solutions and intelligent learning systems can be utilized by financial institutions. However, the cost of these types of systems can be prohibitive to many small to medium-sized financial institutions. These organizations often turn to third-party sanctions screening services to conduct watchlist filtering.

A financial institution’s customer identification program must include risk-based procedures for verifying the identity of each customer to the extent reasonable and practicable. Intelligent risk-based scoring and screening systems should be used to identify customers with high-risk profiles and high-risk behavior. Risk scoring and screening should be integrated, automated, systematic and multifactor.4 This ensures consistent decision making, increased operational transparency and reduced inconsistency in compliance processes. A dynamic and efficient risk-based scoring and screening system creates efficiency by focusing operation teams on high-risk customers and fully automating the process for low-risk customers.

Although the tools and systems put in place to deal with a financial institution’s AML/CTF compliance can have an impact on the success of those efforts, the financial institution’s ability to manage and analyze data is of equal importance. This is becoming increasingly more important as the amount of data involved in conducting effective KYC/CDD and CIP activities continues to grow.

THE CURRENT STATE OF DATA ANALYSIS IN FINANCIAL INSTITUTIONS

Today, organizations are experiencing an unprecedented rise in the growth of data volume, variety and velocity. None more so than those in the financial services industry. However, there appears to be a misconception that financial institutions use sophisticated online and offline techniques to intelligently assess who their customers are and what their customers need. In reality, the financial services industry, big banks in particular, are far from this ideal state.

This is confirmed in a recent study carried out by Oracle, a multi-national information technology corporation,5 who surveyed 333 North American C-level executives to understand their organizations’ preparedness to manage the data deluge and their

ability to extract intelligence to improve operations, capitalize on new opportunities and create new revenue streams. Results from the financial services sector show that there is much room for improvement in how financial institutions, in the United States at least, collect, analyze and leverage the vast amounts of information that they collect on a daily basis.

The main findings to come out of the study in relation to the financial services industry are that 94% of those surveyed are collecting and managing more business information today than they did two years ago. Of those who are collecting and managing more information, the average increase in business information collected and managed is 75%.

THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK 6

When asked to grade how prepared their organization was for the data deluge (“A” to “F,” where “F” is the lowest grade), 25% of financial services organizations gave their organization a “D” or “F”, 56% gave their organization a “C” or lower and only 3% gave their organization an “A.”

When asked what their biggest data management gripes were, the number one issue was that information was no longer relevant by the time it got to their business managers (38%), closely followed by the right systems not being in place to effectively deal with data management issues (34%) and the systems on the market not being designed to meet their specific industry needs (34%).

Based on the average revenue of the organizations surveyed, it is estimated that 12% of average annual revenue (USD 64.6M) was lost as a result of not being able to fully leverage the information collected.

Almost all (91%) of the financial services organizations used industry-specific applications and software to help leverage information to make strategic decisions. However, when asked to select the top three applications that they felt had room for improvement, financial management (34%), customer relationship management (34%) and regulatory compliance (34%) were cited by most financial services executives.

In order to improve information optimization, almost half of the financial services organizations questioned said that they most needed more customized systems/applications to meet the needs of their industry (47%). A significant number (38%) also felt that they needed greater ability to translate information into actionable insight. The same number (38%) also felt that they needed improved tools to collect more accurate information.

Although over a third of executives claimed that improvements

were necessary for applications that dealt with regulatory compliance, a similar number (38%) felt that regulatory compliance was an area in which they did the best job of leveraging data to move their organization forward. This was closely followed by customer service (34%) and sales and marketing (31%).

When asked to select the top three areas in their organization that could benefit most from better business intelligence or analytical capabilities, risk management (44%), alignment of risk and finance (41%) and regulatory compliance (41%) were cited by most executives.

Finally, when asked how prepared their organization was to deal with the analytical needs associated with financial reform and new regulatory requirements, only 28% claimed to be very prepared. The highest number (63%), claimed to be somewhat prepared. The rest were not very prepared (6%) or unsure (3%).

This survey confirms that we are still in the early days of effective adoption and utilization of high-level analytics in financial institutions.

There are a number of technologies and tools that may be used by financial institutions to help them more effectively address the issues and challenges associated with identifying customers, performing KYC and CDD activities and reducing their exposure to risk, while at the same time comply with ever-changing regulatory requirements. These are cloud computing and big data analytics. The following sections discuss the challenges faced by financial institutions and how cloud computing and big data analytics may help financial institutions to better position themselves to more effectively deal with vast amounts of data and their ever-changing regulatory environment.

CLOUD COMPUTING

In a typical financial institution, the data required to effectively perform customer identification is usually distributed throughout various systems, locations and departments, often worldwide. In many cases, these systems are old legacy applications that cannot adapt quickly, or at all, to changing market or regulatory conditions. These systems often do not provide a holistic view of the customer, integrate well with other applications, or offer the ability to collaborate in real time. The costs associated with application decommissioning, data migration and the implementation of new technology can be extremely high. However, financial institutions that do not make significant investment in their technology and infrastructure may lose the ability to excel in an extremely competitive environment.

Many of these challenges can be addressed by cloud computing. Cloud computing allows extremely large amounts of data to be stored, accessed and analyzed from a centralized location once, rather than having to access and analyze that data from numerous department-centric and siloed databases via data warehouses. This obviously has cost saving advantages, due to the fact that less hardware is being managed, and allows for seamless interaction with the data held within. Cloud computing also has the advantage that as the amount of data grows or decreases, the cloud can be expanded and scaled in size to fit.

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources such as networks, servers, storage,

applications and services.6 Cloud computing resources can be rapidly provisioned and released with minimal management effort or service provider interaction. The benefits of using cloud computing include significant cost savings on IT infrastructure, software and licensing fees; faster and more responsive upgrade functionalities; the possibility of a more globalized workforce; streamlined processes and operational efficiencies; improved accessibility and business continuity; flexibility in work practices; and more effective collaboration, allowing financial institutions to communicate and share more easily outside traditional methods.

A number of major technology service providers are aiming their cloud-based services at financial institutions, and a number of financial institutions are among the many organizations that are closely examining cloud-based IT solutions to determine whether to move all, or at least part, of their IT infrastructure into the cloud. However, there are a number of key concerns that must be considered and resolved before cloud computing becomes a viable option. These concerns include data privacy, data and system security, data protection and integrity, business continuity and contingency planning, and liability/risk management. Moving to the cloud can be an extremely complex undertaking, especially when you add into the mix issues relating to regulatory oversight of cloud computing.

Although authoritative financial regulatory guidance on cloud computing activities for regulated financial organizations is still somewhat sparse, it is evolving. Financial regulatory agencies

THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK 7

have indicated, however, that the same regulatory requirements and standards that apply to financial organization third-party technology outsourcing activities also apply to cloud computing activities.7

Cloud computing is essentially the acquisition of IT services through a new delivery channel. Therefore, the risk management, compliance and liability reduction principles that apply to financial institutions’ general technology service activities apply with equal force to their cloud computing activities, regardless of the types of services or applications that they may want to access through the cloud. This also applies to the public, private or hybrid nature of the cloud platform that they may seek to access.

It is believed that, at least in the short term, the financial institution market for broad-scale cloud IT services may be limited primarily to those financial institutions that are prepared to purchase a highly customized but significantly more expensive private or semiprivate cloud platform.3 But cloud technology offers the promise of very significant economies and ready access to a wide array of on-demand IT services that are strongly attractive to the financial institution community. There are some indications that the technology service provider community may be awakening to the need to adapt their products and services to the demands of

their regulated financial institution clients.

It is clear that financial institutions need to unify platforms and reduce the number of applications used in their organization to become more agile, and IT architecture needs to become more focussed on simplification. It is believed that cloud computing would be a significant step in this direction.

Great benefits can be gained when the adaptability of the cloud is leveraged. A holistic view of the customer and the risk that they pose becomes possible. The challenges posed by distance are removed in cloud computing; for example, a corporation-wide AML/CTF, KYC/CDD and CIP can be implemented as easily in a global organization as it can in a local one. It is also much easier to disseminate information to and collaborate with staff from different branches anywhere in the world. Due to the centralized nature of cloud computing and big data analytics, efficient alert management and prioritization, advanced case management and ad hoc investigation can be carried out on a larger amount of data in a fraction of the time. Scanning and matching solutions become much more efficient and effective, as data can be searched where it lives rather than having to normalize the data and create data warehouses in order to query and search the data to find matches and relationships between places, people and things.

THE WAY FORWARD: A THREE-PRONGED APPROACH

Money laundering and terrorism financing are detrimental to a nation’s economic growth and development. Criminals and terrorists will go to great lengths and constantly seek to exploit new areas and opportunities to manipulate and exploit vulnerabilities and opportunities whether these be in law enforcement, political, regulatory, business, economic, legal or online environments. Their only limitation is that of the imagination. Countering money laundering and terrorism financing activities is a multifaceted endeavor that is defined not only by human, process and technical perfection but also by an ability to manage imperfections when they arise.

Money laundering and terrorism financing risks and windows of vulnerability evolve over time, partly in response to defensive actions or crime displacement. Although the speed of change in ICT development and adoption means that history may offer limited guidance about the future threat landscape, understanding the risk landscape is crucial to a financial institution’s AML/CTF strategy. Data is the foundation of the AML/CTF strategy, and information and intelligence contribute to the financial institution’s understanding of current money laundering and terrorism financing risks and the need to report suspicious activity.

It is, therefore, essential to canvass global developments of the criminal, political, regulatory and business environments that may give rise to money laundering and terrorism financing activities, as many of the risks are based in global features of the criminal economy and the global threat landscape. This is also consistent with Felson’s8 evolutionary perspective on criminal phenomena where he highlighted the importance of understanding the interplay of the perpetrator and the surroundings (also termed “crime ecology”), as well as the practice of intelligence analysis, which involves a continuous cycle of tasking, collection, collation, analysis, dissemination and feedback.9

The fundamental aim of the three-pronged approach is to ensure the effective use of up-to-date intelligence (broadly defined) in a combined top-down/bottom-up approach to provide situational awareness; to make careful predictions about future trends in ICT

and scale of the money laundering and terrorism financing risk landscape at both localized and international levels, as well as about the impact of money laundering and terrorism on society and the financial institution; and to ensure that appropriate controls (e.g., resources and investment) are made to ensure the resilience of the AML/CTF strategy.

An ongoing environmental scan and systematic money

laundering/terrorism financing risk analysis of the existing and emerging payment technologies and their implications for governments, financial institutions and other key stakeholders will provide a better sense of the money laundering and terrorism financing risks posed by these technologies. This would also facilitate policy makers, AML/CTF regulators, financial intelligence and law enforcement units and other key stakeholders in identifying the main vulnerabilities, evaluating and exploring

Environmental Scan

(localized and international

developments)

AML/CTFStrategy

Proactive Engagement (international

level, systematic controls)

Proactive Partnership

(national level,

localized controls)

People Process

Technology

THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK 8

strategies that would best utilize existing resources within governments to address identified vulnerabilities.

At a strategic level, the findings about new and changing money laundering and terrorism financing threats or opportunities will allow policy makers and other key stakeholders to reach a level of consensus and decide on broad AML/CTF strategies, policies and resources in a timely fashion. At the operational level (e.g., investigations), findings about new or changing patterns of money laundering and terrorism financing activities, both domestically and internationally, will support operational units in their decisions about focusing scarce government resources in the most effective way. Additionally, once the scale of money laundering and terrorism financing activities is known, the macroeconomic effects and the impact and effectiveness of existing AML/CTF policy and legislative responses can be evaluated.10

It is also important to invest in and conduct more strategic research and evaluation that can provide policy and practice-relevant evidence and help address specific gaps in knowledge concerning the risk of money laundering and terrorism financing activities. For example, the importance of research in the fight against organized crime was highlighted in a 2007 Australian Parliamentary Inquiry into “the future impact of serious and organised crime on Australian society,” where concerns were raised about ”... the increasing use of technology, transnational connections and fluidity of organised crime groups [that] will make law enforcement’s task of policing organised crime’s illicit activities more difficult.” In the inquiry, the Australian Crime Commission “... called for a greater involvement and contribution by academia to the body of research informing Australia’s policy and operational choices in fighting organised crime” and suggested that “… a lot more work could be done to fill in some of the gaps … [such as] the value of organised crime markets, which is about the revenue derived by organised crime in pursuit of illegal activity. … To deal with organised crime, to assist in forming policy and to have better operational responses, you have to look at the problem itself and understand organised crime markets.”11

THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK 9

1 For an overview of the legal framework and compliance, and enforcement outcomes of the AML/CTF regimes across countries with disparate legal traditions, namely the European Union (the United Kingdom, France, Germany and Belgium), Asia (the Republic of China (Taiwan), Hong Kong and Singapore), the United States and Australia, see Walters J., Budd C., Smith R.G., Choo K-K.R., McCusker R. and Rees D. 2012. Anti-money laundering and counter-terrorism financing across the globe: A comparative study of regulatory action. Research and public policy No. 113, Canberra: Australian Institute of Criminology. http://www.aic.gov.au/documents/4/E/E/%7b4EE0EECA-9079-45DB-80A1-743CFCE5D58E%7drpp113.pdf

2 Choo K-K.R. 2010. Challenges in dealing with politically exposed persons. Trends & Issues in Crime and Criminal Justice 386: 1–6. http://www.aic.gov.au/documents/D/3/6/%7bD36F2729-AFC4-48CC-8A3C-2C81FCDCE5A3%7dtandi386.pdf

3 Normalization is the process of organizing the fields and tables of a relational database to minimize redundancy and dependency. Normalization usually involves dividing large tables into smaller (and less redundant) tables and defining relationships between them.

4 Financial institutions in most countries are subject to exacting regulatory requirements, and it would be advisable for the institutions to ensure that the systems comply with applicable regulatory obligations (e.g., data privacy laws) and industry standards.

5 From Overload to Impact: An Industry Scorecard on Big Data Business Challenges. Available: http://www.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp?p_ext=Y&p_dlg_id=12350238&src=7546261&Act=4 (Last accessed 8 October 2013).

6 Jansen, W. and Grance, T. 2011. Guidelines on Security and Privacy in Public Cloud Computing. Gaithersburg, MD: National Institute of Standards and Technology.

7 Horn, C.M. and Ford, C. 2012. Are financial institutions ready for cloud computing? Available: http://about.bloomberglaw.com/practitioner-contributions/are-financial-institutions-ready-for-cloud-computing/ (Last accessed 19 September 2013).

8 Felson, M. 2006. Crime and nature. SAGE Publications.

9 Ratcliffe, J. 2003. Intelligence-led policing. Trends & Issues in Crime and Criminal Justice 248: 1–6.

10 Choo, K-K.R. 2013. New payment methods: A Review of 2010-2012 FATF Mutual Evaluation Reports. Computers & Security 36(2013): 12–26.

11 Parliamentary Joint Committee on the Australian Crime Commission (2007). Inquiry into the future impact of serious and organised crime on Australian society. Canberra: Parliament House.

REFERENCES

THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK 10

About the AuthorsDR. ANGELA S.M. IRWIN

Dr. Angela S.M. Irwin’s background and tertiary education is in information and communication technology and information system management. Dr. Irwin graduated from the University of South Australia’s Information Assurance Research Group, and her Ph.D. thesis is entitled “Money Laundering and Terrorism Financing in Virtual Environments: A Feasibility Study.” She is the leading expert on money laundering and terrorism financing in virtual environments, and has published several articles in the Journal of Money Laundering Control, the world’s only peer-reviewed journal in the prevention, identification and prosecution of money laundering.

DR. KIM-KWANG RAYMOND CHOO

Dr. Kim-Kwang Raymond Choo is a Fulbright Scholar and senior lecturer at the University of South Australia. He has (co)authored a number of publications in the areas of anti-money laundering, cyber and information security, and digital forensics, including a book published in Springer’s “Advances in Information Security” book series and a book entitled Cloud Storage Forensics, 1st Edition to be published by Syngress, an imprint of Elsevier. He has been an invited speaker for a number of events (e.g., 2011 UNODC-ITU Asia-Pacific Regional Workshop on Fighting Cybercrime) and delivered keynote/plenary speeches at the ECPAT Taiwan 2008 Conference on Criminal Problems and Intervention Strategy, the 2010 International Conference on Applied Linguistics, and the 2011 Economic Crime Asia Conference. He also delivered an invited lecture at the Bangladesh Institute of International and Strategic Studies. In 2009, Dr. Choo was named one of 10 Emerging Leaders in the “Innovation” category of The Weekend Australian magazine/Microsoft’s Next 100 series. Dr. Choo is the recipient of several awards, including the 2010 Australian Capital Territory (ACT) Pearcey Award for “taking a risk and making a difference in the development of the Australian ICT industry” and the 2008 Australia Day Achievement Medallion in recognition of his dedication and contribution to the Australian Institute of Criminology and through it to the public service of the nation. He has also received the British Computer Society’s Wilkes Award for the best paper published in the 2007 volume of The Computer Journal and the Best Student Paper Award from the 2005 Australasian Conference on Information Security and Privacy.

RISK MANAGEMENT SOLUTIONS FROM THOMSON REUTERSRisk Management Solutions bring together trusted regulatory, customer and pricing data, intuitive software and expert insight and services – an unrivaled combination in the industry that empowers professionals and enterprises to confidently anticipate and act on risks – and make smarter decisions that accelerate business performance.

For more information, contact your representativeor visit us online at risk.thomsonreuters.com

RISK MANAGEMENT SOLUTIONS FROM THOMSON REUTERSRisk Management Solutions bring together trusted regulatory, customer and pricing data, intuitive software and expert insight and services – an unrivaled combination in the industry that empowers professionals and enterprises to confidently anticipate and act on risks – and make smarter decisions that accelerate business performance.

For more information, contact your representativeor visit us online at risk.thomsonreuters.com

© 2016 Thomson Reuters GRC00667/3-16