APAC

Introducing FINTRAIL Pioneer

FINTRAIL Pioneer is here  - the latest edition to our service offering designed to help businesses, no matter how small, in the fight against financial crime. 

Pioneer will sit within our global FINTRAIL Consult team, leveraging our specialist knowledge and passion for financial crime prevention to start supporting a new range of clients who have previously found it harder to access bespoke and considerate anti-financial crime services. 

So what does this mean in practice? Well: 

FINTRAIL firmly believes that excellent financial crime prevention starts from the ground up. Anti-financial crime (AFC) controls need to be built into your product and culture from the word go to limit bad actors exploiting your product. To help you, FINTRAIL Pioneer makes our consulting expertise easily available to small businesses, and early-stage startups (we’re talking less than 10 employees, or a balance sheet of around £2million or less) to support you in building a robust AFC program right from the start. 

We also understand that financial crime does not limit itself to only the financial services sector, so we’re expanding our Pioneer services to the Not-For-Profit (NPO) sector to support them in delivering crucial work for those most in need, free from the threat of being exploited by financial criminals.  

Lastly, our team  is driven by a shared passion for disrupting financial criminals and the crimes they facilitate across the globe. Pioneer will be uniquely responsible for directing that passion towards “for good” projects across the industry, offering our services free of charge to projects where we really believe we can make a difference. 

We’re really excited about Pioneer, and the difference we aim to make in the AFC community.

So if you are a small business, early stage start-up, or NPO and need support with your AFC obligations, or have a “for good” project you’d love to chat about then please get in touch – we’re all ears. 

Introducing FINTRAIL Consult

November marks my third year at FINTRAIL, and whilst three years certainly isn’t a major landmark to be celebrated, upon reflection, the last three years have been an incredible journey. Over the last 18 months alone we have delivered over 200 financial crime projects to support a  variety of different organisations. We have also seen the FINTRAIL team grow and develop, and we are in the process of adding another 10+ people to the family.

Yet there is more still to be done. Rob mentioned in his “Change is coming” blog last week, we are making some exciting changes at FINTRAIL to support the industry further. Under the new banner of ‘FINTRAIL Consult’, our consulting team is dedicated to offering a best in class anti-financial crime consultancy service to whoever may need it. 

The last 18 months have taught us that collaboration is key to delivering high quality products and services to our clients.  We will be joining our teams together under one global banner of ‘FINTRAIL Consult’ whilst continuing to add depth to our consultancy team with both regional and subject matter knowledge. This means our clients will receive a more consistent service and have access to all the knowledge within our team regardless of where they are located.

To ensure we support our client’s aspirations, we have also made some internal changes. Jessica Cath has been promoted to Head of Financial Crime Project Delivery, leading the core consultancy team and ensuring we maintain a high level of standards in the services we provide. Alongside Jess, we have expanded Greg Wlodarczyk’s role to Head of Specialist Financial Crime Advisory and Virtual Assets.  We recognise the evolving environment our clients operate within, which means we must also evolve. Greg will be focusing on ensuring the services we provide are progressive and ready to meet new challenges, whilst also working to hire individuals with the right specialist skills.

The new FINTRAIL Consult is looking forward to continuing to work with the financial crime community into 2022 and beyond! 

We are always here if you need us - do reach out if you have any questions

The Digitisation of Hong Bao

The world is quickly moving towards a cashless society, and with the rise of digital wallets and mobile payments, where does this leave the Lunar New Year tradition of gifting little red packets of cash, known as hong bao? The digitisation of hong bao has been on the rise in recent years and with the pandemic looming over this year's Lunar New Year festivities, we are likely to see even more people sending and receiving e-hong bao than usual. FINTRAIL and transaction monitoring and screening solution provider, ComplyAdvantage, explore what payment services and financial institutions may see from a payments and transaction monitoring perspective during this period.

Rise in ‘e-hong bao’

Recent years have seen a gradual shift towards “e-hong bao” with the first of this type of product being launched by Chinese mobile payment and digital wallet provider, WeChat Pay, in 2014. Since then, other payment and banking providers such as PayNow, GrabPay and DBS have followed suit introducing new, creative ways for people to send and receive hong bao without the use of cash. DBS’ ‘QR Hong Bao’, for example, allows its PayLah! App customers to load money onto a physical card via their banking app using a QR code, in which the recipient can then redeem the value by scanning the QR code. PayNow uses its peer-to-peer fund transfer service which allows money to be transferred to a recipient using only their phone number or National Registration Identity Card (NRIC) for Singaporean customers. Most recently, Revolut Singapore revealed its designs for its new gifting feature which allows customers to send e-hong bao in any of its 28 in-app currencies for free. Just like physical red packets, Revolut customers can choose from a selection of designs with customisable greetings and schedule them to be sent on a specific day. 

Today, with the pandemic looming over this year's Lunar New Year festivities, celebrations are likely to look a little different, with families no longer crossing borders to celebrate with loved ones, mass celebrations being replaced with virtual gatherings, and the gifting of hong bao also going digital. In Singapore, there has been a government push to encourage the adoption of e-hong bao and e-gifting. The Monetary Authority of Singapore (MAS) has encouraged those who celebrate Lunar New Year to give out e-hong baos, as it will not only help to reduce queues for new notes from a Covid-friendly perspective, but also has the benefit of being significantly more eco-friendly, as it will reduce the printing and subsequent wastage of red envelopes and new notes returned to banks after each festive season. Likewise, the Association of Banks in Singapore (ABS) has also supported MAS’ stance, as it claims e-gifting enables the tradition of giving hong baos to continue safely and complements the existing safe management measures in place. In Singapore, this effort is further encouraged through the MAS incentive of rewarding the most innovative FinTech e-gifting solution with a special recognition at the Singapore FinTech Festival in November this year.

Key trends

So, what does going cashless and the rise of e-hong bao mean for payment services and financial institutions when it comes to monitoring customer activity during the Lunar New Year period? FINTRAIL and ComplyAdvantage explore some key trends that have been identified across the industry and provide payment services and financial institutions some high-level considerations when it comes to monitoring customer activity during this time. 

  • Payment services and financial institutions are likely to see a spike in transaction monitoring and payment alerts during the Lunar New Year period, as a result of the increased volume of payments being sent by customers. This is due to traditions like the gifting of hong bao or other traditional customs, such as paying off any debts and loans, including mortgages, as well the gifting of shares in companies. For many payment services and financial institutions this includes two distinct spikes associated with pre-new year and post-new year activities. 

  • Financial institutions may also see an increase in payments through alternative channels, for example, if they only offer their e-gifting products at certain times of the year. For these seasonal specific products, banking providers may see an increase in account openings during this period, for accounts that are purely set up for e-gifting purposes, and are only used at this time of year. Accordingly these accounts may remain dormant until the following year. This pattern of customer activity may trigger a number of alerts involving dormant accounts. 

  • Customers are likely to be sending payments to a wider audience and beneficiary group compared to their average payment history. This may include both local and cross border payments to a wider variety of individuals in their network including friends, relatives, business partners, and employees. E-hong bao can also be gifted from a range of customer segments including wholesale and business customers. This includes gifting between businesses, from businesses to its employees, and between business partners. This variety of payments may increase the number of payment screening alerts for payment services and financial institutions. 

With these trends in mind, mainly relating to the increase in volume of payments and associated transaction monitoring and payment screening alerts, what are some considerations financial institutions and payment services should take into account to manage these spikes and assess financial crime risk appropriately? Ahead of the Lunar New Year, Compliance teams may want to consider the following:

  • Work with data analysis teams and transaction monitoring system owners to calibrate rules to address the expected spikes and volumes during this period, for example by increasing thresholds for cash base rules, to reduce the volume of single or aggregated alerts

  • Perform sandbox testing to provide assurance that any new or modified rules have been tested sufficiently and are effective in identifying typology risk. Calibration and testing will ensure operational efficiency during this period but also ensure Compliance teams are adequately resourced to address any spikes in volume of alerts as well as manage BAU processes.

  • Leverage resources from other regional transaction monitoring and investigation teams that do not celebrate Lunar New Year to assist with any potential spikes and backlogs. This may also present itself as an opportunity for teams to provide analysis on any patterns and trends identified through analysing the data from afar.

  • Increase staff awareness around the cultural traditions of Lunar New Year and any nuances of how it is celebrated between countries. Taking the traditional customs of paying off debts, loans and mortgages, compliance professionals will need to understand what financial crime risks and red flags may be associated with early repayments and how to appropriately assess these risks and distinguish between early repayments from legitimate sources of funds compared to illicit funds. 

  • Increase staff awareness around seasonal scams and frauds perpetrated by bad actors using the increase in volumes expected and business closures during the Lunar New Year period to integrate illicit funds. This may include paying increased attention to local and global regulators publishing any regulatory updates or warning notices pertaining to seasonal scams.

If you would like to contact us about any of the topics raised in this article, or about your financial crime compliance needs in the APAC region, please contact sara.abbasi@fintrail.com 

ComplyAdvantage is an AI-driven financial crime risk data and detection technology company transforming financial crime detection. The company actively identifies tens of thousands of risk events from millions of structured and unstructured data points every single day. ComplyAdvantage has four global hubs located in New York, London, Singapore and Cluj-Napoca and is backed by Ontario Teachers’, Index Ventures and Balderton Capital. Learn more at complyadvantage.com.

Love is in the air.. Or is it?

With increasing restrictions placed upon our lives due to COVID-19, millions of people have turned to online dating sites to meet someone and spark human interaction. In some instances, it is genuinely love at first sight, but not in others. In such an emotionally charged environment some enter this not for love but for financial gain and tragically, many stumble upon con artists who are eager to take advantage of people looking to make a connection. The fraudster builds up rapport by making up a story and, once they have established enough trust, moves onto the real reason they are there, asking for money. According to UK Finance, there was a 20% increase in bank transfer fraud linked to romance scams in 2019 compared to 2018. However, the damage to the victim often goes much deeper than the financial loss suffered. Navigating relationships can be fraught at the best of times, but here are few things that may help you identify if it is a scammer or not.

Liar liar

Red flags that might help you spot scammers include:

  • Asking a lot personal questions about you while avoiding answering personal questions about themselves

  • Trying to establish a bond quickly by telling you “this is the first time they’ve felt like this before”, giving you an endearing pet name or even that they are in love with you

  • Preferring to move the communication away from dating websites and towards texting or phone calls as the scammers know that the dating website will have no proof of them asking you for money

  • Asking for financial help by making up lies (which is covered below)

  • never meeting them in person as they are either “out of the country at the moment” or have made up excuses about why they had to cancel - sometimes these include financial reasons

Scammers are inventive when it comes to creating a facade with which to lure victims. Some frequently used lies by scammers in order to request funds include paying:

  • For a plane ticket or other travel expenses

  • For surgery or other medical expenses

  • Customs fees

  • Off gambling debts

  • For a visa or other official travel documents

Scammers usually request funds via wiring money, putting money on a gift card, or loading money onto a prepaid card. Scammers know that this way, they can get cash quickly and remain anonymous and the transactions are almost impossible to reverse.

Protect yourself

Never send money to a romantic interest you haven’t met in person. If you suspect a romance scam:

  • Stop communicating with the person immediately

  • Do a search for the type of job the person has to see if other people have heard similar stories. For example, you could do a search for “UK Army scammer

  • Do a reverse image search of the person's profile picture to see if it’s associated with another name or with details that don’t match up

  • Contact Action Fraud on 0300 123 2040

If you’d like to learn more, please contact Ishima Romain, consultant or email us at: contact@fintrail.com.

FinTech and Law Enforcement partnerships

Expert Working Group Topic 2: Law Enforcement partnerships

We’ve just wrapped up our second Expert Working Group, following last year’s EWG on FinTech Approaches to Sanctions Regimes. This time, we gathered 16 experts from FinTechs along with law enforcement leaders to chat about our partnerships with law enforcement.

This working group made it clear that finding the right contact or information can be tricky. Please do not hesitate to reach out to the FFE secretariat at ffe_admin@fintrail.co.uk if you need help making contact on an important law enforcement matter—this goes for law enforcement, FIUs and FinTechs. We’re happy to help you find the information you need, quickly.

A sneak peek into just a few of the insights that came from our discussions, which covered FinTech best practices for receiving and responding to requests, SAR feedback, asset freezing, stay-open requests and more: 

  • Public/private partnerships and industry groups are tough nuts to crack—58% feel they’ve struggled to get traction with groups that share high-value law enforcement information

  • We hear from law enforcement a lot. Half of us receive several requests per week.

  • MLROs rarely act as the central point of contact. If you’re an MLRO, and you’re still taking all the phone calls, delegate away—today is your day!

Check out the full report for more, and reach out to us at ffe_admin@fintrail.co.uk to share any insights of your own. And, of course, stay tuned for further Expert Working Groups!

A look forward: what does 2021 have in store for the anti-financial crime community?

2020 was a rollercoaster for us all, not least professionals in the anti-financial crime (AFC) space who had to deal with regulatory change continuing, and criminals upping their game and exploiting the pandemic in tragically ingenious ways.  You can read more about the impact of the global pandemic, and other key regulatory and typological developments in our lookback papers from our Europe, Middle East and Africa, and Asia Pacific teams.  But, let’s now take a moment to look ahead to 2021 and what we might expect to see as AFC practitioners over the year and what we plan to do as FINTRAIL. Normally, we shy away from predictions, but nothing could have been stranger than the reality that was 2020, so we thought we would give it a go!

Effectiveness and Outcomes-focussed Compliance

We’ve already started to see a shift in this direction in the AFC community, in both larger, traditional banks, as well as in the FinTech community as the pressure from regulators for firms to achieve good outcomes in financial crime prevention increases.  Even as far back as 2019, the then-interim Chief Executive of the UK’s Financial Conduct Authority noted: “One thing is already clear – we are moving from a narrower compliance with the rules, to a focus on delivering the outcomes we want for the users of financial services.” While not specific to anti-financial crime, it is clear that all financial services firms want good outcomes for their customers, particularly when it comes to preventing crime against them or involving them. 

What is likely to come this year, in our opinion, is a greater focus from regulators on how those outcomes are measured and therefore how confident a firm can be that its controls and AFC risk mitigants are indeed effective at tackling financial crime. Presently, measuring effectiveness can be challenging and is often unsystematic, relying on annual Money Laundering Reporting Officer (MLRO) reports that pull together proxy measures of effectiveness from a wide range of sources, which is manual, time consuming and potentially error prone if the data is not tracked on a more regular basis, and unusual findings pulled out and scrutinised. Using technology to address this problem in the future is at the heart of the solution. In our view, not only will an outcomes focussed approach increase the relevance of reporting that AFC provides to its senior leadership teams - as it will be able to demonstrate clear Key Performance Indicators (KPIs) and markers of improvement over time - it will also drive positive developments in AFC controls by helping to understand better whether those controls are working to actively reduce crime and illicit funds flowing through the financial services ecosystem. 

So what are we doing about this at FINTRAIL to ensure our clients adjust to the shift in focus? Our immediate response is to embed ‘effectiveness’ into all of our service offerings in 2021 from advisory to assurance; our consultancy teams are putting it at the heart of everything they do for our clients.

Secondly, FINTRAIL is now an investor in Cable.tech that is headed by the fantastic Natasha Vernier and Katie Savitz who both bring great pedigrees from the likes of Monzo and Square. Cable is focused on finding a technical solution to the challenge of AFC effectiveness. We are super excited by what the team there is building and are sure as 2021 progresses they will be taking the industry by storm. 

Increasing specialisation in AFC Compliance

A few years ago and anecdotally at FINTRAIL, we noticed a shift from quite siloed AFC teams with specific areas of focus across the different crime types (e.g. Head of Fraud), to a more homogenous AFC team structure with experts in a number of areas working together and collaborating. A particularly notable change in some organisations was the inclusion of Fraud teams into wider AFC compliance teams, where Fraud had sometimes more traditionally been placed alongside operations or in security and cyber security teams.  This flatter approach was especially popular in newly established AFC teams in startups and FinTechs. 

Our prediction for 2021 is that we are going to see an increasing specialisation of AFC compliance professionals in the product areas that they oversee and risk manage. For example, Fintech AFC compliance officers might well be broken down further into payments AFC specialists, Foreign Exchange (FX) AFC specialists and Banking as a Service (BaaS) AFC specialists. These specialist product skills will help AFC officers really pinpoint the risks their firm’s products are facing and thereby design more nuanced controls to manage those risks.

As such, it seems increasingly likely that these skills will be required by FinTech firms when recruiting and that candidates coming from more generalist backgrounds will need to demonstrate additional competencies in order to compete with the more specialist compliance officers out there. 

We have responded to this development and the growing, critical need for certified qualification in the FinTech industry by partnering with ACAMS to offer the Certified AML FinTech Compliance Associate (CAFCA) qualification and examination. This sets a new standard for the global FinTech industry and brings credibility and parity to an industry that has historically faced questions about competence. As our colleague Kate Hotten put it “It's for FinTechs, but it's so much more: it explores how scale, inclusion, new financial models and technical skills impact how we work in AML. We really worked hard to make sure this wasn't the same old AML blah-blah.”

Wellbeing is critical

2020 gave us all time to reflect on what wellbeing really meant to us as individuals, and firms are starting to do more to ensure that their staff are engaged, resilient and are looking after their physical and mental health. Not only is doing so beneficial for the employees involved, but it also has proven and wide ranging benefits on productivity, employee retention and engagement, inter alia. Staff in AFC teams are no exception to this, and in these roles especially dealing with the negative sides of society that we see when we investigate some pretty horrendous crimes, wellbeing should be prioritised.  Further, the sometimes relentless pressure - whether it’s from criminals breaching your perimeter controls to the more generalised stress of working in a regulated industry - can take its toll, and mental health and wellbeing should be taken seriously. Plus, with crime continuing to increase during the pandemic, this focus has never been more needed. And, just because we are working remotely doesn’t mean that wellbeing can be discounted, in fact it’s just the opposite.

At FINTRAIL, we are proud to offer the services of app-based therapy provider, Spill to our colleagues, and are also looking forward to exploring some more bespoke options with Your Virtual Wellbeing Hub, a research-backed one-stop-shop for employers looking to introduce, add to, or kick-start their employee wellbeing offering. We hope that these efforts will make sure that our team’s wellbeing is central to our company ethos.

For the wider FinTech FinCrime Exchange (FFE) community, we are excited to be offering a series of free, donation-based yoga classes from March onwards to help our members disconnect from their day jobs and find that all important “me” time, making them even better crime fighters.


So, whether you are looking to hone your compliance skills, take some time out for yourself from a busy day or are looking at how to revitalize your compliance programme over the next year, we hope you’ve enjoyed reading this piece, and if you would like to contact us about any of the topics raised in this article, or about any other anti-financial crime compliance needs, please reach out at contact@fintrail.co.uk

Getting tough in 2020: Lessons learned from a landmark year of AML fines in APAC

APAC has overtaken the US in terms of the value of enforcement actions for the first time since 2015 with regulators imposing approximately USD 5.1 billion in fines for AML and KYC violations in 2020.¹ This is a result of two landmark fines imposed against Goldman Sachs for its involvement in 1Malaysia Development Berhad (1MBD) and Australian bank Westpac for its money laundering scandal with links to serious crimes. As a result of this landmark year for penalties, what are some of the key high level takeaways for APAC and how can financial institutions prevent these occurrences happening in future? 

Back to Basics

The material failures of Goldman Sachs and Westpac highlight that there is a need for financial institutions to go back to the very basics in understanding the underlying reasons for AML laws and why financial crime controls and oversight is so important. So often financial institutions approach financial crime compliance with a checklist attitude failing to understand the complex and evolving nature of financial crime risk, as well as forgetting the human impact of the underlying predicate crimes of money laundering. After the material failings of this year, compliance professionals, senior members of staff and board members should pause to reflect and ask themselves why AML and KYC controls are so critical in not only mitigating money laundering risk but also in preventing harm to the victims of financial crime. 

Both landmark cases of 2020 highlight there were significant failings of financial institutions in performing adequate customer due diligence. In the case of Goldman Sachs, the initial red flags identified in regards to the source of wealth and suitability of Malaysian businessman Jho Low as a private banking customer were allegedly dismissed by the deals team and business was actively pursued with Jho Low and his associates indirectly through the three 1MDB bonds held with Goldman Sachs. Whilst the wrongful actions of the deals team highlight a fundamental cultural concern within the bank, the fact that Goldman’s ongoing monitoring and due diligence controls do not identify the ongoing connection between the 1MDB bond transactions and Jho Low is also an area of concern. This ability to circumvent controls by the deals team as well as failures in the ongoing monitoring of customers and transactions highlight several lessons for financial institutions:

  • Due diligence is by no means a one time event. It should be conducted at the start of a relationship but also holistically and throughout all relationships.

  • All business decisions should be recorded in sufficient detail and accessible to all business areas. If at any point the relationship is terminated or declined a clear rationale should be recorded in the customers due diligence records and used as intelligence for ongoing monitoring activity.

  • Deliberate dismissal of financial crime red flags for the purpose of lucrative and unsavory business or the personal gain of employees may exist and there must be adequate internal controls and oversight to mitigate this type of behavior

Similarly, the Westpac scandal in which Westpac has admitted to “breaking the law by failing to monitor whether a dozen customers were making transactions consistent with child exploitation” also touches upon the importance of ongoing customer due diligence and monitoring.² Allegedly it was known to the bank that a customer had an existing conviction for child exploitation offences and was one of many customers sending funds to the Philippines where child exploitation is a serious concern. AUSTRAC have identified this as a failure to carry out appropriate customer due diligence in relation to suspicious transactions associated with possible child exploitation cases. Here we can learn that:

  • Customer risk evolves and ongoing monitoring solutions should be robust enough to detect and monitor any changes to customer behavior or suspicious activity, particularly those customers and transactions that are considered higher risk. 

  • AML professionals should be regularly trained on current and evolving money laundering typologies by regions, products, service offerings, customers types etc. Criminal groups and those responsible for laundering money are getting smarter. It is therefore important for transaction monitoring systems to stay relevant but also for the individuals monitoring the alerts. 

Financial Crime Compliance is everyone’s responsibility 

In this increasingly competitive climate with traditional banks losing footing to digital and neo-banks, the reputational damage and hefty fines as a result of AML/CTF breaches is no longer something banks can take lightly. As such, financial crime compliance should be at the forefront of everyone’s agenda across the business including at the most senior levels. The Goldman Sachs scandal showcases how the siloed approach between the sales team, senior management and the compliance function lead to information slipping between the cracks, and exposing Goldman to bribery and corruption. 

The due diligence failings relating to Jho Low provides one example of how a siloed approach to KYC allowed the sales team to circumvent controls and onboard Jho Low as an indirect customer via the 1MDB bonds. Similarly, allegations surrounding bribery in relation to the 1MDB transactions were allegedly known to Goldman, in which the Malaysian unit admitted to “knowingly and willing” paying bribes to foreign officials.³ These red flags were allegedly ignored by the relevant personnel instead of alerting higher-ups to problems with the bonds. Chief Executive, David Solomon, highlighted that ‘while many good people worked on these transactions and tried to do the right thing, we recognise that we did not adequately address red flags and scrutinise the representations of certain members of the deal team”. The 1MDB investigation highlights there was a problem with the corporate culture in the Malaysian division which looked to emphasize revenue and sales over honest business and compliance. 

Similarly, following the findings of AUSTRAC’s investigation and the headlines linking Westpac to child exploitation, Westpac’s Senior Management and Board of Directors have openly discussed and committed to address the concerns of its corporate culture and governance and accountability frameworks and practices, admitting that Westpac has “been focused on finding individuals to blame for problems when they arose rather than addressing systemic issues”⁴. According to Westpac, it follows the three lines of defence model to detect and combat risk, however, has admitted that this is not ‘consistently understood and embedded’ in the bank meaning that roles, responsibilities and accountabilities are often misunderstood and have allowed some things to fall through the cracks⁵. 

How can cultural and structural issues within a financial institution be addressed? Consider the following: 

  • Compliance is everyone’s job. Even within the sales team compliance should be at the forefront of the business agenda, ensuring that business is conducted honestly and transparently. Compliance should not be seen as a barrier to business but as a tool for the acquisition of good business to help achieve the firm's commercial and strategic objectives. 

  • A positive compliance culture lays the foundation for an effective AML/CFT framework. When talking about culture, this should include active engagement from the firm's leadership in terms of setting the ‘tone from the top,’ effectively integrating AML/CTF controls in business as usual and encouraging a healthy reward system where reward behaviour supports a positive AML culture

  • Allegations of bribery or misconduct should be taken seriously. Financial institutions should have in place suitable reporting and escalation policies and procedures to ensure red flags and concerns are identified and responded to by senior management where appropriate.

  • Financial institutions should ensure that their staff are aware of, and trained on, the escalation policies and procedures on a regular basis. 

  • A speak up culture should be encouraged, where no issue or concern is too small or unimportant. But most importantly, any concern should be addressed appropriately and by the relevant personnel. 

  • Roles and responsibilities should be clearly defined and understood in order to rapidly identify, prioritise, escalate and remediate issues.

Slipping through the cracks

Since the 1MDB scandal broke in 2016, a series of events have unfolded throughout the US, Switzerland, Malaysia, Singapore, Hong Kong and the UK. Central to the scheme were several senior Goldman bankers that managed to circumvent financial crime controls in place to siphon off approximately USD2.7 billion from 1MDB for their own personal gain as well as to pay a series of bribes to foreign officials. 

The Goldman case is notorious as not only was there criminal conduct by a number of Goldman executives but as we have seen there were a number of red flags from the onset and throughout the 1MDB relationship that were raised over the years that should have allowed Goldman Sachs to either identify misconduct and follow up on it or stop it altogether. Essentially the accumulation of letting things ‘fall through the cracks’ allowed for billions of dollars being laundered and stolen from the Malaysian people.

The series of failings linked to the 1MDB transactions highlight ineffective oversight of the internal money laundering controls at Goldman and also demonstrate a number of key takeaways: 

  • Documentation, record keeping and following up are so important. All decisions, rationales, investigations or resolutions made should be appropriately documented which will ensure that any risk is assessed and addressed at a point in time.

  • Corporate compliance programmes are not only adequate on paper, but companies need to ensure that they are adequately resourced, functioning properly, tested and that they can actually identify, stop and mitigate the type of conduct that lead to criminal charges.

  • Escalate, escalate, escalate. Where there is a concern escalate this through the relevant pathways and discuss these issues in a risk and compliance setting with individuals from the business and the compliance functions. 

  • Ensure there are appropriate measures in place to undergo “four eye” checks or reviews prior to opening or closing accounts, particularly high risk accounts, associated PEP accounts or accounts with any financial crime concerns. 

With this milestone year for APAC in terms of regulatory enforcement action, there are critical lessons that all financial institutions should take away to prevent being subject to hefty fines and reputational damage in future. Whether this is by encouraging firms to go back to the basics, pausing to reflect on the importance of a financial crime framework, ensuring that compliance is everyone’s responsibility or maintaining a robust control framework that is adequately tested to ensure nothing slips through the cracks, these are fundamental activities that financial institutions should undertake to protect the financial system and any victims from the perpetrators of financial crime.  

FINTRAIL in 2020

2020 was a challenging but exciting year for FINTRAIL in Asia. We further consolidated our presence in this region by working with a number of new clients on health checks, policy and procedure drafting, risk assessments and license preparation and application. We also continued to facilitate knowledge sharing within the FinTech community by taking our FFE meetings online. As demand for our services grew, we added to our team - we welcomed Sara in December who combines her industry experience working in financial crime operations for a range of financial institutions including private and investment banking and global payments services with expertise in agile project delivery. We have plenty in the pipeline for 2021 which promises to be our best year yet. 


If you would like to contact us about any of the topics raised in this article, or about your financial crime compliance needs in the APAC region, please contact payal.patel@fintrail.co.uk or sara.abbasi@fintrail.co.uk

¹Fenergo AML, KYC and Sanctions Fines for Global Financial Institutions reach 5.6 billion mid year
²
Westpac admits it broke law over customers' transactions allegedly linked to child exploitation
³
Goldman Sachs to pay $3bn over 1MDB corruption scandal
Westpac admits it has failed to fix culture that contributed to money-laundering scandal
⁵Westpac admits it has failed to fix culture that contributed to money-laundering scandal

Snakes and Property Ladders

How is one of the most exciting moments in someone’s life also the most stressful? 

Passports. Bank statements. Proof of employment. Payslips. So many different documents provided to so many different people.

For most people buying a house, whether for the first time or finally finding your “forever home”, is meant to be one of the best moments in their lives. But this is often soured by several journeys to the estate agents/solicitors to prove you are who you say you are or by needing to send numerous personal documents by post. 

This blog looks at the documentation and due diligence behind house buying - and how it can be simplified whilst still mitigating the risks. At FINTRAIL, some of the team have been lucky enough to have bought a place within the last 12 months. We have all experienced the good, the bad and the ugly during the process but surprisingly not all in the same area. We are going to discuss the risks associated with property purchases, compare and contrast our journeys, look at how this market differs from FinTechs and gain insight from Thirdfort, a firm which specialises in providing identity verification and source of funds checks for lawyers in the property market. 

What are the risks?

Before we dive into the FINTRAIL team’s experience of property purchases, we should look into the risks associated with the property market. Laundering money through the purchase of property is often described as one of the oldest known ways to legitimise ill-gotten gains. As property purchases naturally involve high prices, it is an easy way to move large sums of criminal proceeds. Properties can also be used operationally in a criminal’s organisation - potentially as a way to generate legitimate income via rent or as a location for other illicit activity. Another risk to be aware of, which is highlighted in HMRC’s risk assessment for estate agency businesses, is the risk of overseas buyers, especially from higher-risk jurisdictions. Property purchases may be made with the proceeds of crimes committed in other jurisdictions, including but not limited to bribery and corruption and even sanctions evasion. Transparency International published a paper in 2015 which showed the extent of this risk: 40,725 London property titles were held by foreign companies of which 4.89% were held by companies incorporated in secrecy jurisdictions. 

As the risks faced by the parties in the property sector are being increasingly highlighted by numerous governmental and non-governmental organisations, it is not surprising that the property sector in the UK has come under scrutiny by both law enforcement and the supervisor under the Money Laundering Regulations, HMRC. Unexplained wealth orders (UWOs) are a type of court order used in the UK to compel the target to reveal the sources of their unexplained wealth. It uses the reverse onus principle, where the burden of proof shifts to the target. We have seen the majority of UWOs being issued to find out how multiple high-value properties had been financed, and in the most recent case saw nearly £10m of assets handed to the National Crime Agency. This shines a light on the need to understand the source of funds used to purchase a property and if this is in line with the individual’s profile. In 2019, HMRC fined Purplebricks for breaches concerning failures in having the correct policies, controls and procedures, conducting due diligence and timing of verification. This highlights the need for the sector to have the correct level of customer due diligence in place, which involves understanding and verifying who your customer is. 


Our Journeys 

house buying-01.png

Where is the technology? 

The first interesting observation is the lack of technology in most of our journeys. Lauren was lucky as her solicitors used an app for verification and a portal to update on progress. Being able to take a picture of your ID and upload a selfie is something we now come to expect in the FinTech space, which was replicated here. However, for Rachel and JP, the methods used to verify their identity, including certifying copies of documents or having to see someone face-to-face, were time consuming, costly and quite surprising given the online methods we know work very well in identifying and verifying individuals today.  At the time of JP’s purchase, the national lockdown was underway and COVID restrictions were in place for all businesses. To require face-to-face contact when businesses should have been operating as “COVID secure” does not seem logical, especially with the numerous contactless options that are available.  

Thirdfort have noted that the legal sector is embracing technology at an increasing rate, and certain developments mean that this trend is likely to continue apace. The HM Land Registry recently announced that they are now accepting digital signatures, and the Ministry of Justice temporarily accepted video witnessing of wills during this year’s lockdown. At the same time, law firms have had to digitalise their approach to client due diligence due to social distancing and lockdown restrictions, so it seems that the process of buying or selling a property is set to become more tech-focused. 



So what if the industry took more of a risk-based approach?

Using a risk-based approach is an expected element in a risk management framework. Within the conveyancing process, a risk-based approach could include collecting different levels of information and documentation for identity verification, varying the beneficial ownership threshold for verification, and collecting different levels of evidence for source of funds/wealth all in line with the risk of the customer. To help define that risk-based approach, a risk assessment should be conducted to identify the areas with the biggest risk exposure and tailor the procedures to mitigate those risks. HMRC recently published guidance to help estate and letting agents identify and understand where those risks could lie. 

 

In our cases, there appeared to be a lack of a risk-based approach for Lauren with her source of deposit checks from the solicitors.  A small percentage was kindly gifted by her mum, who was then asked to prove her source of funds with numerous bank statement requests. Given Lauren’s mum has been a working professional for a number of years and has accumulated savings over those years, the level of detail required for her to prove this seems excessive. This point is emphasised more when you look at JP’s source of funds check.  His proceeds came from the sale of another house, but this was not investigated in detail to ensure the funds did not come from another source. At FINTRAIL we encourage all our clients to treat their anti-financial crime checks as something more than a “tick box exercise”, which does not seem to be the case in relation to JPs SoF checks.

What next? 

Here are some key takeaways for the property market to consider:

  • Conduct a risk assessment to ensure you identify and better understand the key financial crime risks you are facing. 

  • Look out for red flags of suspicious activity, which may include:

    • Anonymous or difficult to identity owner 

    • Unusual or inconsistent income 

    • Over or under estimated property prices

  • Take advantage of the technology out there to create a smoother customer journey while still mitigating risks.

  • Apply a risk-based approach to your financial crime framework to ensure you are focussing your attention on the highest risk areas, especially when it comes to verifying source of funds.

  • Apply more targeted client due diligence and enhanced due diligence to specific areas of risks identified, rather than applying the same standard measures across the board. This allows firms to mitigate the actual risk posed by the customer rather than just conducting a tick box exercise.

  • Look out for HM Land Registries guidance on digital identity checking in conveyancing.

  • In light of the Covid-19 pandemic, companies such as Thirdfort have shown the importance of individuals being able to complete their due diligence checks in the comfort of their own home. It is important to hit a comfortable ground between ensuring firms can verify clients and manage risk compliantly and taking some of the pain-points out of property transactions for the client.


If you’d like to learn more, please contact Lauren Vincent, Team Coordinator, or email us directly at: contact@fintrail.com.

FINTRAIL Monthly REG-CAP Nov 2020

FINTRAIL is producing a monthly regulatory summary of any FinCrime changes that may be occurring in Europe and beyond.

This one pager will cover:

  1. Key updates from global and local regulators

  2. Key updates from industry guidelines

  3. Additional insights identified from financial intelligence units

November 2020

In November’s issue, we cover post-Brexit sanctions.


Other highlights include two important reports published by Europol.

What other regulations changes caught your eye in November?

If you are interested in speaking to the FINTRAIL team about any of the items in the REG-CAP, have any ideas for inclusion or want to discuss any other financial crime topic please get in touch at: contact@fintrail.co.uk

FINTRAIL Book Club: Anti-racism

In October 2020, and to mark Black History Month, FINTRAIL ran a team book club dedicated to reading books authored by Black, Asian, Minority Ethnic and Inidigenous people and People of Colour (BAME and BIPOC). We did this to improve our understanding of racism and the issues faced by the BAME/BIPOC communities, as well as to facilitate an open discussion, ensuring that everyone in the team participated actively in a discussion about racism. We wanted to share how we set up the book club, our key takeaways and our next steps.

We devised a list of books by BAME and BIPOC authors, and asked each person in the team to pick one book to read. We asked a series of short, generic questions (what was the story, what did you learn, what challenged you about the book) and then all met (virtually of course in these COVID-19 times) and each ran through the book we’d read and answered the three general questions.  This meant everyone could share their individual take on the book they’d read and we got to learn about a wider range of books than if we’d simply picked one book for us all to read. The team at FINTRAIL offers a huge note of thanks to Meredith and Ishima for coordinating all of this.

We held a lively and engaging discussion, the main takeaway being that we all experienced an overwhelming feeling of shock and frankly horror at the injustices BAME and BIPOC individuals have faced on a continuous basis throughout history. We learned from Mikey’s reading of “In Black and White” [Alexandra Wilson] about the injustices faced by black criminal barristers in the UK, and how the mistreatment of black people in the legal profession - often mistaking them for defendants - negatively impacts how justice is served to our BAME populations in the UK. There is a horrible and unjust (pun fully intended) irony here. Meredith read “Indian Horse” [Richard Wagamese], centering on the author’s experiences as an Indigenous person in Canada of the residential care system. The practice of residential care for indigenous people was only disbanded in the 1960s in Canada, and it subjected indigenous children to religious cleansing, child labour and sexual abuse in many cases, turning on its head the notion that Canada has been sensitive in its handling of indigenous communities. 

We observed too that there were wild discrepancies between how much black history we had all covered at school; some colleagues had covered elements of black history in detail, whereas others hadn’t touched on anything specific.  For many of us, this discussion was one of the first opportunities we’d had (or taken) to discuss racism openly and learn about black history.  That all being said, and as Maya pointed out based on her reading of “Black and British” [David Olusoga], it became clear to us that we need to start teaching black history not as a history of black people in Britain, but as an integral part of the history of Britain. We lose important context if we do the former. As such, it seems critical that schools and educational institutions examine urgently how they are teaching history that fully encompasses the Black, Asian and Minority Ethnic/BIPOC experience. 

As regards other practical steps to be taken, we learned from James’s reading of “Why I’m No Longer Talking To White People About Race” [Reni Eddo-Lodge] that the need for black equality is not about inverting the power balance between black and white people, but rather rebalancing that power evenly. James noted - in a work-based example - that the notion therefore of hiring people solely on “merit” was no longer sustainable, and that to redress the imbalances caused by racism, more proactive hiring of BAME/BIPOC individuals is needed.  

Finally, we learned from a number of the books we read that white people have been conditioned not to talk about race, or deal with their privilege and that this has to change if we are to make inroads into the battle against racism. Therefore, a small, but important logistical observation stood out: running the book club the way we did - with each person reading and commenting on a different book -  facilitated a very open discussion.  In turn, this ensured that everyone participated and had to start that conversation about white privilege and Black, Asian and Minority Ethinc/BIPOC oppression with the group, and - most importantly - with themselves.

If you’d like to learn more, please contact Gemma Rogers, Co-Founder, or email us at: contact@fintrail.co.uk.

Case Study: Digitisation Support

Designing Financial Crime Compliance Programme for Africa-Focused Digital Product

A case study of how FINTRAIL helped an international banking group launch a new digital product, by designing an innovative, tech-focused financial crime compliance programme.

See how FINTRAIL designed bespoke policies and procedures, processes for customer onboarding and ongoing monitoring, to ensure full regulatory compliance, effective risk mitigation, and great customer experience.

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch with the team at: contact@fintrail.co.uk

When you should carry out ongoing Due Diligence and how to remediate gaps

The FINTRAIL and Jumio teams have been discussing why regulated businesses are expected to perform ongoing Due Diligence on clients, why it is important to remediate gaps identified, and the approach businesses should consider when performing this remediation.

In this report you will find examples of the different scenarios when you should consider refreshing your Due Diligence. It also highlights why it is important to remediate gaps and how you should seek to operationalise this process.

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch with the team at: contact@fintrail.co.uk

FinTech Approaches to Sanction Regimes

Announcing Expert Working Groups and Topic 1: Sanctions compliance

The FFE have kicked off a series of topical roundtable discussions among industry leaders, with the aim of connecting senior decision makers to discuss their own internal approaches to common challenges. These Expert Working Groups are under Chatham House Rule, with FINTRAIL acting as secretariat to facilitate discussion amongst experts. Thanks to RDC and RUSI, too, for providing expert insights alongside our FinTech experts.

Our first Expert Working Group focused on FinTech approaches to sanctions regimes, and gathered 18 sanctions experts from 8 different FinTech industries. After just two in-depth sessions, we were able to glean insight on best practices that we hope you find useful when benchmarking your own approach. 

As a sneak peek into some of those insights:

  • Around 30% of the FinTechs we spoke with have a sanctions-specific risk assessment to support their risk-based approach, with several more working to create one.

  • Unanimously, Expert Working Group participants are typically using conservative (or even very conservative) fuzzy matching thresholds ranging from 70%-85%, especially compared to industry averages closer to 85%-92%.  

  • C-Suite and board members are increasingly expected to have sight of the Sanctions program and/or Sanctions-specific policies, vs. just the broader Compliance or Anti-Money Laundering program.

Check out the full report for more, and reach out to us at ffe_admin@fintrail.co.uk to share any insights of your own. And be sure to stay tuned for further Expert Working Group insights!

ON DEMAND: ComplyAdvantage Webinar - The Rise of Money Muling

*** Now available on demand ***

ComplyAdvantage Webinar banner: The Rise of Money Muling, with Charles Delingpole Founder and CEO of ComplyAdvantage, Gemma Rogers, Co-FOunder at FINTRAIL, Tom Keatinge, Director, Centre for Financial Crime and Security Studies (CFCS) at The Royal U…

Due to rapidly changing global circumstances, high unemployment and uncertainty surrounded the future, money muling is tragically on the rise.

It is a crime that often disproportionately affects the most vulnerable and financially illiterate. Criminals involved in money muling often survive by tricking ‘clean’ individuals with no criminal history but who is ultimately responsible for educating and helping to prevent this insidious form of money laundering: individuals, banks, governments, regulators, social media platforms?

Join our expert panel including:

  • Charles Delingpole, Founder & CEO, ComplyAdvantage

  • Gemma Rogers, Co-Founder, FINTRAIL

  • Tom Keatinge, Director, Centre for Financial Crime & Security Studies, RUSI

  • Adam Hadley, Director, Tech Against Terrorism

In this thought-provoking webinar, the panel will be exploring:

  • The role that social media platforms play in recruitment, advertisement, and propagation

  • Why this issue deserves urgent and serious attention now

  • What the financial services sector and the regulator is and should be doing to stop money muling

ON DEMAND: FINTRAIL- Elliptic Cryptoasset Compliance Virtual Bootcamp

***NOW AVAILABLE ON DEMAND***

For financial crime compliance professionals, cryptoassets are one of the hottest topics around. With regulators and global watchdogs like the Financial Action Task Force zeroing in on cryptoassets, any compliance team that isn’t educated on cryptoassets has a major blind spot. 

Cryptoassets are no longer a fringe financial technology: cryptoassets have a total market value of more than $250 million; bitcoin is among the top ten currencies globally in terms of the overall value of banknotes and coins in circulation; and over $500 billion flows between the banking sector and cryptoasset businesses annually. Cryptoassets are now a feature of the financial landscape. This exciting technology presents both compliance challenges and business opportunities for teams not only at cryptoasset businesses, but also for banks and FinTechs who can no longer ignore this burgeoning asset class.  

That’s why we’re partnering with the team at Elliptic to launch our first ever cryptoasset compliance virtual bootcamp. Originally launched on 30 June 2020, this online bootcamp is one we’ve designed to assist banks, FinTechs, and cryptoasset firms alike in identifying strategies for managing financial crime risks in this new phase of cryptoassets. We’ve launched this initiative to help compliance teams in their journey, and to educate and ensure the wider regulated sector understands the cryptoasset industry, how it may affect their business, and how best to practically address the risks while harnessing new opportunities. The bootcamp focuses on how your business can apply an effective risk based approach towards cryptoassets. This ensures the highest risks to your business are the focus of your compliance efforts, with less impactful risks sitting lower down the priority list. 

Led by FINTRAIL’s Danielle Jukes and Elliptic’s David Carlisle, and featuring guest speakers from around the financial crime compliance space, this complementary virtual bootcamp will include three engaging sessions across June and July. Each session will focus on the key pillars that we see as vital to a strong cryptoasset financial crime risk management framework. Content for the sessions will include: 

SESSION 1: CRYPTOASSET RISKS . . . WHAT’S YOUR APPETITE? 

Effective risk management starts by defining your risk appetite. If you are a cryptoasset business, have you articulated to your staff which risks you’re willing to accept? For example, are there certain countries that present especially high cryptoasset risks and with which you won’t do business? And if you are a FinTech or bank, have you clearly defined what degree of interaction your business will or won’t have with cryptoassets, and do your staff understand how to ensure adherence to that risk appetite? Until you’ve defined your risk appetite, you can’t expect your compliance team to develop an effective response. In this session, we’ll provide you with a conceptual framework for defining your cryptoasset risk appetite and using that foundation for effective risk management.

  • Key takeaways: an understanding of how you can develop a risk appetite statement on crypto, and how it can affect your business, relevant examples of statements related to cryptoassets.

SESSION 2: ASSESSING AND GETTING TO GRIPS WITH THE FINCRIME RISKS:

Cryptoassets present specific financial crime risks and feature heavily in some typologies more than others. Understanding these risks and executing a crypto-specific risk assessment is critical to managing risk exposure, whether your platform offers cryptoasset services directly or not. If you are a cryptoasset business, do you understand which fincrime typologies present the highest risks to your platform? Do you offer privacy coins or other services that may present an elevated risk to your profile? If you are a FinTech or bank, while you may not offer cryptoasset services, do you understand crypto-specific typologies that may expose your business to indirect cryptoasset risks that are sometimes very difficult to detect? This session will equip you with the know-how you require to conduct an effective cryptoasset risk assessment for your business. 

  • Key takeaways: an understanding of different types financial crime risks, how they present themselves within cryptoassets, and how your business can assess these risks.

SESSION 3: SYSTEMS AND CONTROLS - MANAGING YOUR CRYPTOASSET RISKS IN PRACTICE 

Managing cryptoasset risks requires access to systems and controls that can detect and protect against bespoke risks. Your compliance team should be working to solve the following questions:.

  • For cryptoasset businesses, do you have access to these bespoke cryptoasset monitoring tools tools, and are they configured appropriately to your business needs? 

  • For banks and fintechs, are you able to detect and assess risks related to counterparties who may be dealing in cryptoassets? Solutions exist that can enable you to do so, but they require expertise your business may not possess. 

  • Filing SARs and undertaking reporting obligations related to cryptoassets can present specific challenges. Are you equipped to navigate these challenges? 

  • Key takeaways: an understanding of what systems and controls are out there, and how they can fit into your wider anti-financial crime framework.

This bootcamp will help your compliance team work through these and other questions, and in doing so, will empower you to execute on a vital component of your financial crime risk management framework. If these three pillars are executed effectively, then your compliance team can confidently tackle the risks associated with cryptoassets. 

You don’t want to miss out on this opportunity to learn from FINTRAIL and Elliptic’s experts in cryptoasset compliance.

How to use Compliance as an enabler in Digital Transformation

Digital transformation for onboarding is a hot topic at the moment, given that much of the world is currently living their life from their sofas and managing their day-to-day financial needs from home. Having worked on transformation projects before with traditional FI’s, alongside assisting various FinTechs in the creation of new digital offerings, we at FINTRAIL thought it would be a good opportunity to move the spotlight onto compliance, and fly the financial crime flag by discussing some of the common misconceptions.

 

Front end change is just the tip of the iceberg

The ‘tip of the iceberg’ cliche has never been more appropriate when it comes to describing common misconceptions towards digital transformation. The main message is that a good user experience isn’t solely dependent on a minimal field registration journey, and that there are other components that need to be considered which the customer can’t see. Getting these components implemented effectively are equally as important and the focal point is our good friend - ‘a risk-based approach’. Having a robust risk-based approach can be the key for a slick user experience and dictate your approach to CDD, custom screening and risk management, enabling you to target your controls on your highest risk areas.

Image of front end change is the tip of the iceberg. Registration depicted above water, while the rest of the compliance processes depicted underwater as the main body of the iceberg

Less is more

It would be logical to assume that the less information you collect from your customer the better, and that allowing a customer to sign up by just inserting an email and password will drive your Trustpilot reviews through the roof. Ignoring the fact that this probably doesn’t actually meet your ID&V requirements, we would like to suggest that less isn’t always more. By creating a shortened registration process you may well get more sign ups, but if you subsequently need to perform downstream due diligence to address gaps, you could be creating a poor user experience further down the line, perhaps even in a critical situation when dealing with a vulnerable customer whose account has been frozen and they need urgent access to funds.  We don’t necessarily mean your registration process should be 100 fields deep across 10 pages but there is certainly a happy medium. 


Business enabling Anti-Financial Crime (AFC)

A common misconception is that financial crime compliance can be the blocker when it comes to innovation in these projects. It probably comes as no surprise that we at FINTRAIL would offer a healthy challenge to those naysayers. 

So, you are 6 months into your digital transformation project, it’s all on JIRA (other platforms are available) or you have a lovely Gantt chart. You have lined up all your sprints and it suddenly occurs to you that you should speak to your compliance team. After 45 minutes debriefing your compliance team, they have a bunch of questions and recommendations before you can move the project forward, resulting in you putting a big red “Stuck” against it. While you may have translated this into a no, these recommendations do not necessarily mean no, and even if it is a no, is that really surprising considering you have only introduced them as stakeholders so late on? Obviously we are focusing on the negatives here to emphasise our point and the above is certainly not a reflection on most businesses’ these days.

Some of the most successful projects we have been part of are the ones where AFC stakeholders have been included as part of the journey rather than just at sign off. There is a new breed of financial crime professionals who want to be viewed as business enablers and able to offer a great user experience as much as the next product owner.

A RACI (responsible, accountable, consulted, informed) matrix is often used in project delivery to divvy up people’s roles. With that in mind your approach may have been previously to assign compliance a consulted duty, but we would encourage you to increase their involvement in order to reduce blockers downstream and increase compliant innovation.

RACI project management chart with Compliance/financial crime function moved from consulted to responsible/accountable

Being a Compliance Champion

Equally it is not just the business that needs to take ownership of transformation, it can also be the fincrime function itself. Embracing change has never been more important in a digital enabled world and as fincrime professionals we should be just as excited by these new developments. Whether it is the implementation of a new due diligence process or screening programme, don’t be afraid to rip up the policy and start again. There is no reason why the financial crime team cannot be the driver for change.

Build, Buy or Both?

Like the ‘tip of the iceberg’, ‘build or buy’ is also becoming a bit of a cliche. What we do know is that you will likely need to partner with some technology providers in order to achieve your future state goals. Equally, even if you partner with someone, there will be an element of building that goes hand in hand. There are a variety of great providers available with a range of capabilities but we would like to reposition the ‘build or buy’ question. No single provider will solve all of your needs, and equally, to build everything in house isn’t logical when there are specialist systems available. This potentially means that the ‘build or buy’ question is a goose chase and in fact an amalgamation of the two is the best approach to adopt. 

Takeaways

Here are our top takeaways to be a compliance champion when it comes to digital transformation:

  • User experience does not stop on the physical registration page; it continues throughout the customer lifecycle

  • Less is not always more when it comes to identification programmes

  • Treat your compliance/ fincrime team as business enablers, engaging them in discussions earlier

  • Answer your build, buy or both question

  • A risk-based approach marries itself perfectly with transformation projects

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch at: contact@fintrail.co.uk

The Payment Services Act - A unique risk based approach to regulation or an overly complicated set of standards?

In January 2020 the anticipated Payments Services Act (‘PSA’) came into force in Singapore. According to the Monetary Authority of Singapore (‘MAS’) the act is:

 

“A forward looking and flexible framework for the regulation of payment systems and payment service providers in Singapore. It provides for regulatory certainty and consumer safeguards, while encouraging innovation and growth of payment services and FinTech.”

 

In this paper we look to understand:

  • the genesis of the PSA

  • what approach has been taken to licensing new payment methods

  • what are the differences to the approach taken in Europe, and

  • whether the implementation of the PSA in Singapore will succeed in promoting innovation

Why Virtual Asset Service Providers in South Korea Must Act Now

South Korea remains the third-largest market for virtual currency, behind the United States and Japan. During the Bitcoin bull run of 2017, an estimated 1 in 3 office workers owned cryptocurrencies.

This crypto gold rush existed alongside limited regulatory oversight which created a fertile breeding ground for exploitation. This is evidenced through numerous controversies including  exit scams, exchange hacks, price manipulation, and fake trading volume. Data from the Korean Ministry of Justice indicates that South Koreans lost $2.7 billion USD in cryptocurrency scams between July 2017 and June 2019. The ministry also said it has indicted and detained 132 individuals accused of cryptocurrency fraud and indicted another 288 individuals without detaining them.

In March this year,  South Korea’s National Assembly passed an important new legislative amendment to their Financial Information Act that effectively legitimizes virtual asset ownership and trading and aligning the country requirements with international anti-money laundering and counter-terrorism funding (AML/CFT) standards. All Korean Virtual Asset Service Providers (‘VASPs’) must be fully compliant with the Act no later than September 2021.

Whilst formally bringing crypto exchanges into the regulatory fold, these requirements are not without their challenges. All Korean exchanges are now legally required to establish a verified real-name individual account with an authorized Korean bank. The exchange’s designated individual account holder will be responsible for withdrawing and depositing fiat currency between the exchange and the bank by way of a single bank account. South Korea introduced the real-name verification system in January 2018. Although not a requirement, crypto exchanges were encouraged to partner with approved banks to use the system. However, so far, only the largest exchanges — Bithumb, Upbit, Coinone, and Korbit — have been able to use this system, as banks have been reluctant to provide this service to small and medium-sized exchanges.  Under the new Act the VASP  is required to report their business and real-name bank account before September 2021, or else potentially face a 5-year prison sentence or 50 million Korean Won fine.

In addition, each Korean VASP must apply for an Information Security Management System (ISMS) certificate from the Korea Internet & Security Agency (KISA) in order to do business. To receive ISMS certification, they’ll need to implement new AML/KYC measures such as Recommendation 16 travel rule which requires VASPs to exchange customers’ personally identifiable information.

As crypto exchanges look to build / enhance their AML programme to meet regulatory requirements and also  secure banking partnerships, what should they be focusing on?

  • Know Your Customer:

    • This goes beyond simply to collation of ID documents - which is just one piece ( arguably the easiest piece) of the puzzle. 

    • Think about proportionality. Perhaps you do not need to collect ID when your customer registers, but only when they start actively trading. The amount of KYC you collect can be tailored to your clients activity and wallet caps included to limit exposure. 

    • VASPs may also consider using some more enhanced data points to better understand their customer such 

  • Transaction monitoring:

    • Whilst companies are able to apply a risk based approach to the collection of documentation at onboarding, the key to understanding your customers behaviour is to have robust monitoring in place. 

    • The monitoring of both fiat transactions, and the crypto transactions is very important. A customer's transaction profile should be considered by looking at both of these elements. 

    • An increasingly popular request from banks is that they require a look back on the VASPs transactions over a set period of time. This usually forms a report, and is facilitated by the bank by either asking the VASP directly, or requesting this information through a third party blockchain analysis provider. 

  • Governance:

    • The usual governance applies, however this should also be extended to include an audit and regular reviews of the crypto transaction monitoring systems, as well as a review of the crypto-assets themselves that the VASPs are listing. 

  • Sanctions:

    • OFAC have now started including cryptocurrency addresses as part of their sanctions regime. This is an extremely important area to focus on, and something that is vital for your transaction monitoring. When liaising with vendors for blockchain analysis, a key question should be around how they deal with sanctioned addresses, and how often those lists are updated. 

The newly passed law forces any non-compliant VASPs to either quickly reform their AML/KYC programme or cease their operations. While a handful of the biggest Korean exchanges already comply with most of these measures, there is a real chance that many of the other VASPs that have not adequately considered AML protocols as they have built and scaled, will struggle to implement these new regulations.  Some may even be forced to cease operations all together. 

FINTRAIL are currently working with crypto exchanges globally to build, scale and test their AML and CTF programmes  to not only meet regulatory requirements, but also to secure banking partnerships and help them proactively manage their financial crime risks, thereby helping to strengthen the AML health and wellbeing of the sector.

If you are interested in speaking to the FINTRAIL team about the issues discussed in this article or any other financial crime topic please get in touch via contact@fintrail.co.uk.

FINTRAIL- Elliptic Cryptoasset Compliance Virtual Bootcamp

For financial crime compliance professionals, cryptoassets are one of the hottest topics around. With regulators and global watchdogs like the Financial Action Task Force zeroing in on cryptoassets, any compliance team that isn’t educated on cryptoassets has a major blind spot. 

Cryptoassets are no longer a fringe financial technology: cryptoassets have a total market value of more than $250 million; bitcoin is among the top ten currencies globally in terms of the overall value of banknotes and coins in circulation; and over $500 billion flows between the banking sector and cryptoasset businesses annually. Cryptoassets are now a feature of the financial landscape. This exciting technology presents both compliance challenges and business opportunities for teams not only at cryptoasset businesses, but also for banks and FinTechs who can no longer ignore this burgeoning asset class.  

That’s why we’re partnering with the team at Elliptic to launch our first ever cryptoasset compliance virtual bootcamp. Launching on June 30, this online bootcamp is one we’ve designed to assist banks, FinTechs, and cryptoasset firms alike in identifying strategies for managing financial crime risks in this new phase of cryptoassets. We’ve launched this initiative to help compliance teams in their journey, and to educate and ensure the wider regulated sector understands the cryptoasset industry, how it may affect their business, and how best to practically address the risks while harnessing new opportunities. The bootcamp focuses on how your business can apply an effective risk based approach towards cryptoassets. This ensures the highest risks to your business are the focus of your compliance efforts, with less impactful risks sitting lower down the priority list. 

Led by FINTRAIL’s Danielle Jukes and Elliptic’s David Carlisle, and featuring guest speakers from around the financial crime compliance space, this complementary virtual bootcamp will include three engaging sessions across June and July. Each session will focus on the key pillars that we see as vital to a strong cryptoasset financial crime risk management framework. Content for the sessions will include: 

Session 1: Cryptoasset risks . . . What’s your appetite? 

Effective risk management starts by defining your risk appetite. If you are a cryptoasset business, have you articulated to your staff which risks you’re willing to accept? For example, are there certain countries that present especially high cryptoasset risks and with which you won’t do business? And if you are a FinTech or bank, have you clearly defined what degree of interaction your business will or won’t have with cryptoassets, and do your staff understand how to ensure adherence to that risk appetite? Until you’ve defined your risk appetite, you can’t expect your compliance team to develop an effective response. In this session, we’ll provide you with a conceptual framework for defining your cryptoasset risk appetite and using that foundation for effective risk management.

  • Key takeaways: an understanding of how you can develop a risk appetite statement on crypto, and how it can affect your business, relevant examples of statements related to cryptoassets.

Session 2: Assessing and Getting to Grips with the FinCrime Risks:

Cryptoassets present specific financial crime risks and feature heavily in some typologies more than others. Understanding these risks and executing a crypto-specific risk assessment is critical to managing risk exposure, whether your platform offers cryptoasset services directly or not. If you are a cryptoasset business, do you understand which fincrime typologies present the highest risks to your platform? Do you offer privacy coins or other services that may present an elevated risk to your profile? If you are a FinTech or bank, while you may not offer cryptoasset services, do you understand crypto-specific typologies that may expose your business to indirect cryptoasset risks that are sometimes very difficult to detect? This session will equip you with the know-how you require to conduct an effective cryptoasset risk assessment for your business. 

  • Key takeaways: an understanding of different types financial crime risks, how they present themselves within cryptoassets, and how your business can assess these risks.

Session 3: Systems and Controls - Managing Your Cryptoasset Risks in Practice 

Managing cryptoasset risks requires access to systems and controls that can detect and protect against bespoke risks. Your compliance team should be working to solve the following questions:.

  • For cryptoasset businesses, do you have access to these bespoke cryptoasset monitoring tools tools, and are they configured appropriately to your business needs? 

  • For banks and fintechs, are you able to detect and assess risks related to counterparties who may be dealing in cryptoassets? Solutions exist that can enable you to do so, but they require expertise your business may not possess. 

  • Filing SARs and undertaking reporting obligations related to cryptoassets can present specific challenges. Are you equipped to navigate these challenges? 

  • Key takeaways: an understanding of what systems and controls are out there, and how they can fit into your wider anti-financial crime framework.

This bootcamp will help your compliance team work through these and other questions, and in doing so, will empower you to execute on a vital component of your financial crime risk management framework. If these three pillars are executed effectively, then your compliance team can confidently tackle the risks associated with cryptoassets. 

You don’t want to miss out on this opportunity to learn from FINTRAIL and Elliptic’s experts in cryptoasset compliance. You will also be awarded a certificate of attendance after attending all three sessions. 

Active Anti-Racism in Anti-Financial Crime: Our Next Steps for Combatting Discrimination

At FINTRAIL, our US and global teams have been closely watching the swell of protests unfolding in response to the shocking deaths of George Floyd and Breonna Taylor - the latest victims of ongoing and unjustifiable police brutality against black people. However, racism isn’t just the existence of bad actors engaging in criminal acts of violence; police brutality emerges from systematic and deep-rooted racism that has infected justice systems in the US and around the world for centuries. And unfortunately, the anti-financial crime sector, integral for feeding information on suspected money launderers and terrorist financiers to police, has been complicit in this institutional racism. At FINTRAIL, we are constantly working to do more to promote diversity within our ranks and to support and learn from black voices. But we can do more as a firm to not just avoid racism but actively reject it, particularly through our work supporting anti-financial crime teams. Together, as consultants and as community leaders in the FinTech FinCrime Exchange (FFE), we can help make meaningful change to improve the treatment of black customers and to hold ourselves accountable when we get it wrong. 

  1. We promise to help champion and support non-white perspectives within our own team and the teams we work with. Implicit biases exist not only in day-to-day anti-financial crime activity, but also in senior level decision-making. People can unfortunately be prone to ignoring or undermining opinions given by black people in the room - and this is even more so the case for black women. In the worst cases - the room may be entirely white, eliminating the chance for non-white voices and perspectives to influence decisions on financial crime. How else can we be held accountable and understand the impact of our processes and decisions across all areas of financial crime risk management without ensuring black people are involved in the work and have the space to make constructive challenges? Thus, as FINTRAIL, we will make sure that we use our privilege to ensure there is always diversity in the room and that we listen to any and all challenges to our approach, especially from black people.

  2. We promise to work with clients to take extreme caution in the consideration of demographic factors when evaluating customer risk.  Firms building out their customer risk assessment (CRA) models may choose to include demographic factors, including nationality. While under very specific circumstances, demographics may be strongly correlated with risk (e.g. cheaply purchased nationalities), we will not advise or support the inclusion of demographic risk factors into a CRA methodology in a way that could unfairly lead to the application of enhanced due diligence (EDD) measures to a customer solely based on their racial, ethnic or socioeconomic background. In practice, this means strongly questioning whether such a factor is necessary in a CRA model in the first place and, if included, ensuring that only specific risks to the business are targeted and that there is no undue bias in the weighting of such a risk factor.

  3. We promise to be aware of racial biases that may exist within ourselves and our clients when it comes to clearing and investigating screening or monitoring alerts. Even when demographic factors have not been included in the calculation of a customer’s risk, racial biases can still cloud our judgment when evaluating one customer’s financial activity versus another’s. It is well documented that people are prone to more negative perceptions of those with darker skin, often without even realizing they are doing it. This can have dangerous effects for a customer, leading to their account being frozen or offboarded and their activity being reported to police. To help mitigate implicit and explicit bias in alert clearing, we will seek to support internal and external anti-racism bias training in the context of alert clearance and will push for the provision of clear decision trees to help analysts more objectively work through potential suspicious activity.

  4. We promise to do more to recognise and help mitigate the racial biases that can exist within European and American identity verification RegTech platforms. Within the US and Europe, we are really lucky to have a variety of robust identity verification tools to suggest to our clients that help automate the onboarding process. Innovative solutions allow for FinTechs to match customer selfies, live selfies or videos to a verified ID document - allowing them to onboard the customer within only a couple minutes. However, some solutions can struggle with non-white faces as their facial recognition technology hasn’t been adequately trained in correctly matching non-white faces to IDs. This can lead to serious negative consequences - non-white victims of identity fraud may have their documents stolen and used to open financial accounts without being spotted, or alternatively, genuine customers may be routed through a laborious manual review process simply because they aren’t white. We will work closely with FinTechs and RegTechs in the community to identify practical solutions to ensure that identity verification tools can more effectively verify non-white customers.

  5. We promise to take more initiative to build out innovative onboarding solutions for non-standard non-face-to-face situations. Under some circumstances, customers may not have the typical documentation needed to onboard - they may not have a passport or driving licence, or they may have recently moved country and have no address history. The good news is that more and more regulators expect financial institutions to have onboarding processes in place for customers who may be unable to provide traditional documentation - though some regulators go farther than others in their guidance. The bad news is that, in the absence of meaningful guidance, firms may end up with extremely manual onboarding processes, which require robust sensitivity training for front-line staff and which can delay financial access for those most in need of it. Some firms may even inadvertently avoid establishing a written approach to non-standard identity verification cases. We will do more to work with clients to help them establish more innovative approaches to non-standard onboarding and ensure that the approach is well-documented and that necessary training has been given to the front-line.

By working with the community on these practical steps, we hope to help inspire greater change within anti-financial crime best practice. No one should have a worse banking experience or be treated as a criminal solely based on the color of their skin, and we are committed to actively fighting for an actively anti-racist approach to financial crime.