Latest news with #SameerKumandan
IOL News
2 days ago
- Business
- IOL News
AI fuels surge in sophisticated cybercrime
Cybercrime poses an unprecedented threat to businesses. Image: File picture. Artificial intelligence is ushering in a new era of cybercrime, with AI-powered scams increasingly targeting individuals and financial systems. In recent months, experts have reported a surge in sophisticated fraud schemes that use AI to mimic real people with startling accuracy, raising concerns about security, privacy, and the erosion of public trust in digital communications. Sameer Kumandan, Managing Director of SearchWorks, says one of the key strategies being used is the creation of highly convincing fake images, videos, and audio—commonly referred to as 'deepfakes.' He explains that these are often used to impersonate real individuals and spread misleading or false information. More concerning is that, while early deepfakes were often unconvincing, recent advancements have made them increasingly difficult to detect, making it easier for bad actors to mislead, manipulate, and defraud. Video Player is loading. Play Video Play Unmute Current Time 0:00 / Duration -:- Loaded : 0% Stream Type LIVE Seek to live, currently behind live LIVE Remaining Time - 0:00 This is a modal window. Beginning of dialog window. Escape will cancel and close the window. Text Color White Black Red Green Blue Yellow Magenta Cyan Transparency Opaque Semi-Transparent Background Color Black White Red Green Blue Yellow Magenta Cyan Transparency Opaque Semi-Transparent Transparent Window Color Black White Red Green Blue Yellow Magenta Cyan Transparency Transparent Semi-Transparent Opaque Font Size 50% 75% 100% 125% 150% 175% 200% 300% 400% Text Edge Style None Raised Depressed Uniform Dropshadow Font Family Proportional Sans-Serif Monospace Sans-Serif Proportional Serif Monospace Serif Casual Script Small Caps Reset restore all settings to the default values Done Close Modal Dialog End of dialog window. Advertisement Next Stay Close ✕ Ad Loading Kumandan recounts a recent incident where criminals impersonated Risto Ketola, Momentum Group's Financial Director, on WhatsApp. They used Ketola's LinkedIn profile photo to create a closed WhatsApp group, pretending to be him. Although this particular case did not involve AI-generated imagery or video, it highlighted the risks associated with the misuse of a person's likeness for malicious purposes. 'Deepfake-driven cybercrime has escalated to the point where the South African Banking Risk Information Centre (SABRIC) recently issued a strong warning about the growing threat of AI-enabled fraud,' said Kumandan. 'SABRIC specifically highlighted the use of deepfakes and voice cloning to impersonate bank officials, promote fake investment schemes, and fabricate endorsements from well-known public figures. This emerging threat not only compromises the integrity of the financial sector but also erodes customer trust and confidence in digital interactions.' He added that fraudsters are increasingly using AI to bypass security measures such as automated onboarding systems and Know Your Customer (KYC) checks, allowing them to create accounts and access services under false identities. 'From a business email compromise (BEC) standpoint, attackers are now incorporating deepfake audio and video of senior executives into phishing attempts, convincing employees to release funds or disclose sensitive information. Social engineering attacks have also become more sophisticated, with AI being used to analyse and replicate communication styles based on publicly available information, making scams appear more authentic. 'In some cases, AI is used to generate entirely synthetic identities, combining real and fabricated data to create fake personas capable of applying for credit, laundering money, or committing large-scale financial fraud.' Kumandan warns that many legacy fraud detection tools aren't equipped to identify fake audio or video, making deepfake scams even harder to detect. 'In response, financial institutions must urgently evolve their fraud prevention strategies to stay ahead of these sophisticated threats. Regulators expect institutions to keep up with the latest cybercrime trends, and failing to detect deepfake-based fraud can result in compliance failures, fines, and legal action. 'Furthermore, financial institutions must consider the broader impact of these risks on customer trust. As awareness of deepfake threats grows, it is understandable that clients may begin to question the authenticity of video calls, digital signatures, and other remote interactions. This erosion of confidence has the potential to hinder digital transformation initiatives and may even prompt some customers to disengage from digital platforms altogether.' Kumandan says that through VOCA, an application designed to streamline compliance processes for accountable institutions, SearchWorks provides financial institutions with verified data and intelligent processes to reduce fraud exposure and ensure regulatory compliance. 'By leveraging real-time data and automated checks, VOCA helps organisations verify the identity and legitimacy of the individuals and entities they engage with. It flags discrepancies, detects suspicious behaviour, and highlights incomplete or false information, supporting informed decision-making at every stage.' He added that through continuous monitoring of client behaviour and borrower risk profiles, VOCA enables early identification of potential threats, helping institutions close compliance gaps, avoid financial penalties, and stay ahead of emerging fraud risks.
The Citizen
30-05-2025
- Business
- The Citizen
The actual cost of non-compliance with Fica
'Any accountable institution, whether in property, legal, crypto or lending, is at risk if compliance lapses occur.' In the past 18 months, institutions in banking, legal, and financial services have faced steep penalties for non-compliance with the Financial Intelligence Centre Act (Fica). Some South African commercial banks have been sanctioned with fines ranging from R7.7 million to more than R50 million. These are not outliers, they reflect a clear regulatory shift toward stricter enforcement. Sameer Kumandan, MD of SearchWorks360, said that while much has been said about Fica obligations, less attention is paid to what happens when businesses fall short. 'The penalties are not limited to financial institutions. Any accountable institution, whether in property, legal, crypto or lending, is at risk if compliance lapses occur.' ALSO READ: FSCA fines 3 financial services providers R1.2 million for Fica non-compliance How Fica penalties are determined He said the type of punishment depends on the severity of the violation. Regulators apply a structured framework that considers both mandatory and discretionary factors. 'These include the nature, duration, seriousness and extent of the contravention, as well as whether the conduct was intentional, reckless or negligent. 'The regulator will also assess whether the entity gained any financial or commercial benefit from the non-compliance and if there was any remedial action taken once the issue was identified.' A business's compliance history matters too. Institutions with prior contraventions or those seen as repeat offenders can expect harsher sanctions, as can those found to have obstructed investigations or withheld key information. Fica sanctions Kumandan said sanctions range from a written caution or public reprimand to a remediation directive, restriction or suspension of business activities, and administrative fines of up to R10 million for individuals and R50 million for companies. For more serious breaches, particularly those involving an element of intent, criminal charges may be brought, with potential fines of up to R100 million or imprisonment up to 15 years. Senior managers, directors and employees involved in the breach may be held personally liable. ALSO READ: Prudential authority fines Absa R10 million for FICA non-compliance Common non-compliance issues 'Most Fica penalties stem from recurring failures such as inadequate or generic risk management and compliance programmes (RMCPs), poor customer due diligence, incomplete recordkeeping, failure to submit reports like cash threshold reports and insufficient training,' said Kumandan. 'These are not technicalities – they are central to the act and form the basis of most enforcement actions. In one case, a legal firm was fined R7.7 million for failing to implement an RMCP or train its staff. 'A financial services provider was penalised for failing to report suspicious transactions in a timely manner. These are the kinds of 'basic' oversights that now carry serious consequences.' The pressure is industry-wide He added that the uptick in enforcement isn't limited to large financial institutions. In recent months, law firms, insurers, financial advisers and crypto platforms have all faced enforcement actions. 'Fica applies across sectors and smaller firms are not immune. If you deal with money, you are accountable.' Avoiding penalties requires more than good intentions Fortunately, regulated entities have access to automated compliance platforms that facilitate the prevention of fraud, money laundering and regulatory breaches. He said these tools reduce manual oversight, simplify regulatory reporting and ensure Popia-compliant data handling. They also automate Know Your Customer (KYC)/Know Your Business (KYB) verification processes and can generate suspicious transaction and compliance reports as requested by regulators. 'One of the big selling points of automating Fica compliance is ongoing monitoring. Often, a business will conduct its due diligence at the start of a relationship with a client, only for that client to engage in illicit and illegal activities down the line. 'Ongoing monitoring helps accountable institutions to assess and manage risks continuously, during the onboarding process and throughout the business relationship. 'By tracking client profiles daily, accountable organisations keep tabs on all transactions as they happen and they are alerted to any changes that might indicate a compliance risk.' NOW READ: The risks of doing business with politically exposed persons
