Santander uses ThetaRay’s artificial intuition to bolster its AML defences


Peter Lee
Published on:

As card fraud, identity theft and cybercrime surge, international banks need cutting edge technology to protect the weak spots in their correspondent networks.


The Covid-19 pandemic has been a boon for bank robbers.

As the many inexperienced consumers that previously relied on cash have begun to use their debit and credit cards online more frequently, exposing themselves to phishing attacks, credit card fraud has surged by 35% in the US according to Fidelity National Information Services.

And that may just be the tip of the iceberg. To report a theft, you have to know that you’ve been robbed.

Cyber criminals are increasingly sophisticated and particularly good at setting up their servers in remote countries, stealing small amounts from millions of bank accounts then shutting down again before anything amiss is noticed.

At a higher level, however, the travel restrictions imposed during lockdowns that still persist in the early stages of reopening have been a setback for money launderers. They too have to adapt to cash going out of fashion.

The image of shady characters sneaking suitcases of bank notes onto planes may seem like an outdated cliché, but the practice is very much alive. The Drug Enforcement Administration seizes around $200 million a year at the 15 largest US airports alone.

More customers are using digital services for the first time and the criminals themselves are using artificial intelligence to spot opportunities 
 - Mark Gazit, ThetaRay

What happens when money mules can no longer catch their international flights?

More of that money today is being moved across borders by exploiting blind spots in correspondent banking networks. Large banks in markets like the US have to rely on local correspondents running proper know your customer (KYC) and anti-money laundering (AML) checks on local customer accounts, determining the real identity of their owners and monitoring transactions.

Some of those smaller banks can’t keep up with new types of money laundering activity and that’s why larger banks have de-risked by cutting correspondents. The fear of being fined for money laundering haunts the executive floors of European banks, with the Danske Bank affair in 2019 just the latest in a long and sorry list of mirror trades and laundromats.

But de-risking has its limits. Banks are in the business of moving money after all.

It is rare for international banks to reveal the identity of external providers of cybercrime defences. But at the start of June, Santander announced that it has been in partnership since the fourth quarter of 2019 with ThetaRay, a leading provider of AI-based big data analytics enabling large banks to detect money laundering schemes, uncover fraud, expose bad loans and identify operational weak spots.

In the coming months, Santander will implement globally ThetaRay’s AML solution for correspondent banking. This analyzes Swift traffic, risk indicators and KYC data to detect anomalies indicating money laundering schemes in correspondent banking transactions.


Mark Gazit,

Mark Gazit, chief executive of ThetaRay, explains how its financial crime solutions draw on the cutting edge of computer science in defence research to protect against terrorist attacks, an area in which he has previously worked.

“We are advancing ways for computers to develop more than artificial intelligence, but rather a form of human intuition that we call artificial or computational intuition,” Gazit tells Euromoney. 

“If your kid goes to a new school, they’ll be able to tell you within a couple of days who the good guys are and who the guys to watch out for are. Computers following pre-set rules to identify bad behaviours cannot identify criminals until they actually do something bad. But human brains can connect the dots earlier.”

Intuition sounds intangible and random, but it’s not. It’s about seeing patterns of behaviour, spotting changes in those patterns and sometimes simply sensing the presence of patterns where none should exist.

Gazit offers an example from one of the other large banks the company serves that has branches in many countries and a big correspondent network.

“We were able to identify a network of accounts sharing certain features, which, on their own, might have been explainable and innocent, but which in combination suggested something amiss.

“They were all recently opened accounts. But the bank and its correspondents open new accounts all the time. The accounts all used more than one currency. But this is an international bank.

“The money coming into these accounts always exactly matched the money going out. Now that is a classic sign of money laundering, but some people do take a salary in and spend it all without going overdrawn.

“The accounts each had just a very small number of counterparts. Most of us who go to certain shops where we live and in the cities we visit, who eat at certain restaurants, who pay our friends for pizza and shop online, tend to have a couple of hundred.”

Many Washingtonians did not know their information had been stolen 
 - Suzi LeVine, Washington state government

ThetaRay’s algorithms do seek to learn, but they don’t follow pre-set rules. They look for anomalies. They suggested to the bank that something troubling was going on between these accounts even though the amounts they were moving were small – €10 here, $15 there, £7 somewhere else.

“The bad guys know that the banks are looking for suspicious behaviours, so they keep the amounts small – although the average here was going up,” says Gazit.

ThetaRay is not itself an investigator. It could not explain what lay behind the patterns of behaviour. But, Gazit says: “We knew with a high degree of probability that this was very suspicious.” It passed its recommendation to the bank to investigate.

Months later it emerged that what ThetaRay had spotted was the movement of money funding ISIS.

Sleeper agent

“I like building companies,” says Gazit. “This is my fifth. With the last one, running advanced data analytics, the product was sold to government agencies seeking to get ahead of the next terrorist outrage. As for ThetaRay, we are not trying to second guess or re-check identities that correspondent banks have confirmed. This is not about identities: it is about behavior patterns.

“If an enemy country has a sleeper agent on your territory, that agent will have a legitimate identity. They may have been born there. The issue becomes what that agent does differently when they are activated. In a similar way, we can identify suspicious new patterns in account behaviour – in many cases, even 70 days before a planned crime is attempted. 

"The time it takes us to identify those suspicious patterns is shrinking and the number of false positive alerts is very low.”


Mario Aransay,

Santander is sufficiently impressed that it is more than just a customer of ThetaRay. 

“Santander unit Strategic Digital Partnership has strengthened the partnership with ThetaRay via a broader agreement that will help business units across the group accelerating the adoption of this disruptive technology in anti-money laundering and fraud prevention fields,” says Mario Aransay, head of Santander InnoVentures Partnerships.

It is the right time for such a move.

In May, Suzi LeVine, employment security department commissioner for the state of Washington in the US, disclosed a sharp rise in imposter fraud, as bad actors took advantage of the chaos around the pandemic to steal hundreds of millions of dollars in state benefits being paid out during the Covid-19 lockdown.

The state was forced to hold back some payments to check claimants’ authenticity.


Suzi LeVine,
Washington state

“What we are seeing is that a victim’s personal information has been stolen from some other source, for example in one of the massive external data breaches like the Equifax breach, and is then used by criminals to apply for benefits and attempt to route those payments to their own bank accounts," says LeVine. 

"Many Washingtonians did not know their information had been stolen in the past.”

Some reports have suggested that a fraud ring in West Africa was a big player and that the scam ran to $300 million.

The state was forced to hire large numbers of fraud investigators as well as call centre staff to respond to anxious claimants, while seeking to cross match data with other state and federal agencies across the US. It soon became clear that this was not just happening in Washington. Rather, imposter fraud had become a sweeping issue affecting unemployment systems across the country.

“The bad news is that cybercrime is getting worse,” says Gazit. “Criminals have more access to powerful computers, while many bank staff are working from home, where access to their bank’s own IT is suboptimal, and both staff and systems are being almost overwhelmed dealing with customers. 

"More customers are using digital services for the first time and the criminals themselves are using artificial intelligence to spot opportunities.”

Is there any good news? Gazit thinks there is. 

“There are more companies like ours using advanced technology to create artificial intuition that can identify threats in advance. I have been in this business for 20 years. What I have learned is that in the battle between the good guys and the bad guys, the good guys always win in the end.”