MEA

Introducing FINTRAIL Pioneer

FINTRAIL Pioneer is here  - the latest edition to our service offering designed to help businesses, no matter how small, in the fight against financial crime. 

Pioneer will sit within our global FINTRAIL Consult team, leveraging our specialist knowledge and passion for financial crime prevention to start supporting a new range of clients who have previously found it harder to access bespoke and considerate anti-financial crime services. 

So what does this mean in practice? Well: 

FINTRAIL firmly believes that excellent financial crime prevention starts from the ground up. Anti-financial crime (AFC) controls need to be built into your product and culture from the word go to limit bad actors exploiting your product. To help you, FINTRAIL Pioneer makes our consulting expertise easily available to small businesses, and early-stage startups (we’re talking less than 10 employees, or a balance sheet of around £2million or less) to support you in building a robust AFC program right from the start. 

We also understand that financial crime does not limit itself to only the financial services sector, so we’re expanding our Pioneer services to the Not-For-Profit (NPO) sector to support them in delivering crucial work for those most in need, free from the threat of being exploited by financial criminals.  

Lastly, our team  is driven by a shared passion for disrupting financial criminals and the crimes they facilitate across the globe. Pioneer will be uniquely responsible for directing that passion towards “for good” projects across the industry, offering our services free of charge to projects where we really believe we can make a difference. 

We’re really excited about Pioneer, and the difference we aim to make in the AFC community.

So if you are a small business, early stage start-up, or NPO and need support with your AFC obligations, or have a “for good” project you’d love to chat about then please get in touch – we’re all ears. 

Introducing FINTRAIL Consult

November marks my third year at FINTRAIL, and whilst three years certainly isn’t a major landmark to be celebrated, upon reflection, the last three years have been an incredible journey. Over the last 18 months alone we have delivered over 200 financial crime projects to support a  variety of different organisations. We have also seen the FINTRAIL team grow and develop, and we are in the process of adding another 10+ people to the family.

Yet there is more still to be done. Rob mentioned in his “Change is coming” blog last week, we are making some exciting changes at FINTRAIL to support the industry further. Under the new banner of ‘FINTRAIL Consult’, our consulting team is dedicated to offering a best in class anti-financial crime consultancy service to whoever may need it. 

The last 18 months have taught us that collaboration is key to delivering high quality products and services to our clients.  We will be joining our teams together under one global banner of ‘FINTRAIL Consult’ whilst continuing to add depth to our consultancy team with both regional and subject matter knowledge. This means our clients will receive a more consistent service and have access to all the knowledge within our team regardless of where they are located.

To ensure we support our client’s aspirations, we have also made some internal changes. Jessica Cath has been promoted to Head of Financial Crime Project Delivery, leading the core consultancy team and ensuring we maintain a high level of standards in the services we provide. Alongside Jess, we have expanded Greg Wlodarczyk’s role to Head of Specialist Financial Crime Advisory and Virtual Assets.  We recognise the evolving environment our clients operate within, which means we must also evolve. Greg will be focusing on ensuring the services we provide are progressive and ready to meet new challenges, whilst also working to hire individuals with the right specialist skills.

The new FINTRAIL Consult is looking forward to continuing to work with the financial crime community into 2022 and beyond! 

We are always here if you need us - do reach out if you have any questions

Cryptocurrency in Conflict Zones: Risks and Opportunities

For the past two weeks, the world’s attention has been firmly fixed on Afghanistan. One critical challenge, both for those fleeing and those left behind, is access to money.  The banking system is on the verge of collapse, with many branches closed and those which are open quickly running out of cash. There are long-term concerns for what Taliban rule will mean for the economy and for people’s livelihoods. In the face of this uncertainty, a small but increasing number of Afghans are reportedly turning to cryptocurrency as a way to shore up their savings, evade Taliban oversight, and maintain international access.

There have been similar developments in other conflict zones and politically unstable countries. According to a Guardian article earlier this year, Libya, Palestine and Syria neared the top in online searches for bitcoin and other digital currencies, and there are reports of growing usage in troubled countries including Venezuela, Iran, Zimbabwe and Lebanon. Many of these countries have a substantial middle class with moderate levels of savings and financial literacy and high internet penetration rates - the ideal conditions for crypto adoption. The phenomenon has gained scholarly attention; Boston University convened a task force in 2015 to explore how cryptocurrencies could provide assistance in conflict zones. So how realistic is this idea?  And what financial crime challenges would wider adoption bring in its wake?

Unlike in developed markets, where crypto adoption was initially driven by ideology and later by speculation, in fragile states adoption is mostly driven by practical need. Virtual currencies can offer solutions to a number of critical problems:

  • Inflation: despite the inherent instability of crypto assets themselves, they can be a good hedge in jurisdictions afflicted by severe currency depreciation. Both Venezuela and Iran have witnessed increasing crypto adoption in the face of dramatic inflation - in Venezuela’s case, peaking at 10,000,000% in 2019. Wealthier individuals in such countries have previously turned to stock markets and physical assets such as gold and property to protect their wealth, but crypto offers a more accessible option to those with smaller amounts to invest.

  • Circumventing sanctions controls: crypto is sometimes the only solution for those in sanctioned countries who cannot move money abroad any other way. Many small businesses and freelancers in Iran, for instance, choose to be paid in crypto as they are not able to receive international bank transfers or use services like PayPal.  

  • Avoiding currency controls in countries with restrictions on the amount of currency that can be moved abroad. For instance, during the Lebanese financial crisis which broke out in 2019, customers’ savings were effectively frozen by banks imposing informal capital controls and blocking transfers abroad. New regulations were introduced in May 2020 to permit foreign currency withdrawals, but these were limited to $50 to a few hundred dollars a month, with transfers abroad capped at $50,000 a year for “necessary matters” only. Growing numbers of Lebanese citizens are choosing to keep their savings in cryptocurrency to maintain control and prevent losing it to bank- or state-imposed restrictions. 

  • Uncensored: while the lack of centralised control was originally a purely ideological plus point, in conflict zones this is often of practical importance. The censorship-resilient system reassures users who have lost faith in their national financial systems and want to keep their assets out of reach of the authorities, and safe from seizure, freezes or other restrictions. 

  • Price and speed: Perhaps most obviously, crypto offers faster and cheaper overseas transfers. While this is a positive anywhere, it’s especially useful in unstable countries which have large diasporas and are heavily reliant on remittances (e.g. Somalia where remittances account for a huge 23% of GDP). It is also a key consideration in countries deemed to be high risk and “derisked” by global banks, where the local banking network is poorly connected internationally, resulting in higher fees, longer waits, and greater inconvenience.

Nevertheless, there are still clearly numerous barriers to more widespread adoption. Top of the list in most emerging markets is a lack of awareness, and unreliable access to the internet. In high-risk and fragile states, there are additional barriers in the form of access to the banking system. Crypto may seem like a good solution for the unbanked, but not being able to use a bank account or credit card to trade restricts the type of platforms available. Users may also lack the ID documents required to open accounts with the larger exchanges.

For this reason, crypto activity in fragile countries rarely takes place on international, centralised exchanges. It is mostly driven by decentralised P2P exchanges, which do not require KYC and allow users to buy and sell in cash - either through local crypto-to-cash brokers or in-person payments. Social media is also increasingly used to match local buyers and sellers. These platforms help customers avoid restrictions imposed by larger exchanges such as geoblocking; under pressure from their banking partners, a growing number of exchanges have banned users based in Iran, for instance. In other instances, users buy and sell crypto with the help of friends or family based abroad with fiat bank accounts and credit cards, who can purchase and hold crypto on the user’s behalf. In a creative blend of the old and the new, hawala dealers can also facilitate purchases, either by sending or receiving money from friends and family overseas, or by letting people cash out by selling their coins to the dealer in exchange for local currency.  

Conflict zones are inherently high-risk for financial crime including arms trafficking, sanctions evasion, corruption, and terrorist financing, and P2P activity on decentralised exchanges only exacerbates these risks. The absence of KYC controls and the use of cash are ideal for criminal actors as well as civilian users. Having associates or hawala dealers making purchases and holding crypto on behalf of a user in a fragile state clearly obscures the true owner and source of the funds. The use of P2P exchanges is also risky for users themselves, as they are more exposed to fraud and theft when making cash payments or using exchanges without escrow services.   

Unsurprisingly, governments in conflict-affected and fragile states are unlikely to be too concerned with developing the cryptocurrency regulatory environment. The onus therefore falls on financial institutions to find ways to monitor developments and address the risks posed.  One clear lesson is the need to understand the broader context, looking at political and security developments to predict and engage with peaks in demand.  Widespread adoption remains unlikely, given the numerous challenges around infrastructure, trust and education.  Nevertheless, it is clear that crypto will remain an appealing option for some, as long as the traditional financial system fails to offer a better alternative. Finding ways to reduce the risks and integrate these users into a regulated crypto ecosystem could provide new options for financial inclusion for the most vulnerable.


If you would like to speak to FINTRAIL about any of the issues raised in this article, please contact Maya Braine, Managing Director for the Middle East and Africa at maya.braine@fintrail.com. We work with FinTechs in Saudi Arabia and the wider Middle East region to build out their financial crime compliance controls, secure banking partnerships, select and integrate RegTech vendors, perform health checks and audits, provide interim compliance support, and run training.

Is FinTech Saudi Arabia’s new oil? Some financial crime considerations

Firstly, a quick summary. There has been a lot of buzz about Saudi Arabia embracing FinTech as “the new oil”, a key pillar of its ambitious economic reform programme designed to move away from a dependence on crude oil. It is competing with its neighbours, especially the UAE and Bahrain, to become a regional FinTech hub, encouraging the best talent and most promising start-ups to make Riyadh their home. The government has launched numerous initiatives including FinTech Saudi - a joint venture by the central bank (SAMA) and the Capital Markets Authority (CMA), a regulatory sandbox, and the CMA FinTech Lab among others. The government’s Vision 2030 sets a target for moving away from cash and increasing cashless payments to 70%.  Next year will see the launch of the FinTech Saudi Hub in the King Abdullah Financial District, and new regulations on FinTech activities. Most major Saudi banks have also initiated FinTech programmes and invested large sums in digital transformation to explore new opportunities and stave off the competition. 

But behind the positive headlines, is the regulatory environment and compliance culture in the Kingdom ready for such large-scale change? And how can Saudi Arabia embrace FinTechs and digitisation while guarding against financial crime threats?

Regulatory  Environment

There are many components to establishing a thriving FinTech ecosystem, not least a conducive regulatory environment. FinTechs have only been able to receive licenses in Saudi Arabia since January 2020, when SAMA issued its first licences to non-bank financial institutions (STCPay and Geidea). In the same month SAMA introduced the Payment Services Provider Regulations (updated in August 2020), and in February 2020 it issued guidelines for digital-only banks. These guidelines stated digital banks had to meet the requirements of existing regulation plus demonstrate compliance with AML/CTF regulations “in a fully digitised environment”.   

Despite the positive moves, there are still a number of grey areas where FinTechs need more clarification to understand their regulatory obligations. Interaction with the regulator is extremely useful, but is difficult for small start-ups who lack the communication channels and existing relationships of major banks. This is where initiatives like FinTech Saudi can play a really helpful role, acting as an aggregator for queries and serving as an intermediary for the whole FinTech community. 

RegTech

Like most markets, Saudi Arabia professes that it is keen to embrace RegTech as a way to improve efficiency and effectiveness in tackling financial crime. The digital banking guidelines published in 2020 describe banks operating “in a fully digitised environment”, which appears to open the way for using RegTech for processes like e-KYC. However, more details are needed around what is allowed in practice and how the regulations are to be interpreted. For instance, the use of facial biometric technology is still not permitted in financial services, which limits onboarding tools such as selfie and video verification (although banks are testing the water around biometrics - Riyad Bank has started using voice authentication, and Al Rajhi Bank has rolled out self-service terminals featuring fingerprint biometrics). Another complication is data storage; Saudi regulations place restrictions on the hosting, transfer and storing of customer data outside the Kingdom, restricting the use of many compliance platforms and tools.

Open Banking

Looking ahead, the next hot topic is open banking. SAMA has announced an open banking framework which is due to go live in the first half of 2022. This will compel financial institutions to allow third parties access to customer data (with the customer’s consent), resulting in greater competition and innovation. So far, Bahrain is the only Gulf state to have adopted open banking, although individual financial institutions in the UAE have introduced open banking APIs.

This development will supercharge the growth of the FinTech sector and create both challenges and possibilities in relation to financial crime. Saudi banks can learn from their international counterparts that have developed security measures to protect their open banking APIs from fraud, such as multifactor authentication (MFA), but opening up their systems to third parties does inevitably create new fraud risks. For money laundering, open banking can theoretically be a game changer; data can be shared across multiple providers, enabling each institution to form a more complete picture of customers and their transactions. However, this only works if they change their KYC and monitoring controls to capitalise on this possibility. 

FinTechs and other market entrants will also have to play catch-up to prevent an unequal playing field; banks have spent years developing rigorous controls under strict regulatory supervision, whereas new firms will have less experience in financial crime risk management, and regulators may struggle to effectively monitor the increasing number of small companies. Money launderers and fraudsters are extremely good at identifying and targeting weak links, so it’s important for the whole financial sector to apply the same high standards. Ultimately, regulators need to reconsider what data can be shared between institutions and how, to improve customer experiences and develop a holistic understanding of customers to improve financial crime detection.

Recruitment and hiring

A final challenge in both Saudi Arabia and the wider GCC is finding the right compliance talent for an increasingly digital world.  The ideal candidates would be people with experience in FinTechs and digital products, but given the lack of such expertise in Saudi Arabia, that would mean recruiting people from other markets like the UK who wouldn’t necessarily understand the regional context or local regulatory nuances. The next best thing, then, is people who thrive on change and are happy to challenge received wisdom and upend the traditional way of doing things. They want to engage with their peers and with the regulators to share insights, ask questions and develop guidelines that will help the sector grow responsibly.  For the right people, it’s a hugely exciting opportunity!

Final Thoughts

The next couple of years will be critical for the Saudi FinTech sector. One factor that will determine how quickly new firms can get up and running is if they can assure regulators and banking partners that their compliance programmes are sufficiently robust and that they can successfully balance customer experience with suitable risk controls. Saudi firms can look to international counterparts for guidance and ideas, although they should be aware that even these firms don’t have all the answers, and more developed markets still face real challenges around fraud and money laundering.  Nonetheless, benchmarking against international best practice will provide reassurance to regulators and partners, and show a level of sophistication beyond the baseline of meeting minimum regulatory requirements.

However, it is not just FinTechs themselves who need to be open-minded and ready to learn to get the sector off the ground. Regulators also need to be receptive to new ideas, technologies and ways of working, and should be prepared to seek expert advice in areas where they may lack experience, such as cryptocurrencies. The good news is that SAMA and other government bodies in Saudi Arabia genuinely seem prepared to do this, and to work collaboratively with the private sector to encourage growth and work through the details to ensure the regulatory environment permits FinTechs to thrive while successfully minimising financial crime risks.  

If you would like to speak to FINTRAIL about any of the issues raised in this article, please contact Maya Braine, Managing Director for the Middle East and Africa at maya.braine@fintrail.com. We work with FinTechs in Saudi Arabia and the wider Middle East region to build out their financial crime compliance controls, secure banking partnerships, select and integrate RegTech vendors, perform health checks and audits, provide interim compliance support, and run training.

Love is in the air.. Or is it?

With increasing restrictions placed upon our lives due to COVID-19, millions of people have turned to online dating sites to meet someone and spark human interaction. In some instances, it is genuinely love at first sight, but not in others. In such an emotionally charged environment some enter this not for love but for financial gain and tragically, many stumble upon con artists who are eager to take advantage of people looking to make a connection. The fraudster builds up rapport by making up a story and, once they have established enough trust, moves onto the real reason they are there, asking for money. According to UK Finance, there was a 20% increase in bank transfer fraud linked to romance scams in 2019 compared to 2018. However, the damage to the victim often goes much deeper than the financial loss suffered. Navigating relationships can be fraught at the best of times, but here are few things that may help you identify if it is a scammer or not.

Liar liar

Red flags that might help you spot scammers include:

  • Asking a lot personal questions about you while avoiding answering personal questions about themselves

  • Trying to establish a bond quickly by telling you “this is the first time they’ve felt like this before”, giving you an endearing pet name or even that they are in love with you

  • Preferring to move the communication away from dating websites and towards texting or phone calls as the scammers know that the dating website will have no proof of them asking you for money

  • Asking for financial help by making up lies (which is covered below)

  • never meeting them in person as they are either “out of the country at the moment” or have made up excuses about why they had to cancel - sometimes these include financial reasons

Scammers are inventive when it comes to creating a facade with which to lure victims. Some frequently used lies by scammers in order to request funds include paying:

  • For a plane ticket or other travel expenses

  • For surgery or other medical expenses

  • Customs fees

  • Off gambling debts

  • For a visa or other official travel documents

Scammers usually request funds via wiring money, putting money on a gift card, or loading money onto a prepaid card. Scammers know that this way, they can get cash quickly and remain anonymous and the transactions are almost impossible to reverse.

Protect yourself

Never send money to a romantic interest you haven’t met in person. If you suspect a romance scam:

  • Stop communicating with the person immediately

  • Do a search for the type of job the person has to see if other people have heard similar stories. For example, you could do a search for “UK Army scammer

  • Do a reverse image search of the person's profile picture to see if it’s associated with another name or with details that don’t match up

  • Contact Action Fraud on 0300 123 2040

If you’d like to learn more, please contact Ishima Romain, consultant or email us at: contact@fintrail.com.

FinTech and Law Enforcement partnerships

Expert Working Group Topic 2: Law Enforcement partnerships

We’ve just wrapped up our second Expert Working Group, following last year’s EWG on FinTech Approaches to Sanctions Regimes. This time, we gathered 16 experts from FinTechs along with law enforcement leaders to chat about our partnerships with law enforcement.

This working group made it clear that finding the right contact or information can be tricky. Please do not hesitate to reach out to the FFE secretariat at ffe_admin@fintrail.co.uk if you need help making contact on an important law enforcement matter—this goes for law enforcement, FIUs and FinTechs. We’re happy to help you find the information you need, quickly.

A sneak peek into just a few of the insights that came from our discussions, which covered FinTech best practices for receiving and responding to requests, SAR feedback, asset freezing, stay-open requests and more: 

  • Public/private partnerships and industry groups are tough nuts to crack—58% feel they’ve struggled to get traction with groups that share high-value law enforcement information

  • We hear from law enforcement a lot. Half of us receive several requests per week.

  • MLROs rarely act as the central point of contact. If you’re an MLRO, and you’re still taking all the phone calls, delegate away—today is your day!

Check out the full report for more, and reach out to us at ffe_admin@fintrail.co.uk to share any insights of your own. And, of course, stay tuned for further Expert Working Groups!

A look forward: what does 2021 have in store for the anti-financial crime community?

2020 was a rollercoaster for us all, not least professionals in the anti-financial crime (AFC) space who had to deal with regulatory change continuing, and criminals upping their game and exploiting the pandemic in tragically ingenious ways.  You can read more about the impact of the global pandemic, and other key regulatory and typological developments in our lookback papers from our Europe, Middle East and Africa, and Asia Pacific teams.  But, let’s now take a moment to look ahead to 2021 and what we might expect to see as AFC practitioners over the year and what we plan to do as FINTRAIL. Normally, we shy away from predictions, but nothing could have been stranger than the reality that was 2020, so we thought we would give it a go!

Effectiveness and Outcomes-focussed Compliance

We’ve already started to see a shift in this direction in the AFC community, in both larger, traditional banks, as well as in the FinTech community as the pressure from regulators for firms to achieve good outcomes in financial crime prevention increases.  Even as far back as 2019, the then-interim Chief Executive of the UK’s Financial Conduct Authority noted: “One thing is already clear – we are moving from a narrower compliance with the rules, to a focus on delivering the outcomes we want for the users of financial services.” While not specific to anti-financial crime, it is clear that all financial services firms want good outcomes for their customers, particularly when it comes to preventing crime against them or involving them. 

What is likely to come this year, in our opinion, is a greater focus from regulators on how those outcomes are measured and therefore how confident a firm can be that its controls and AFC risk mitigants are indeed effective at tackling financial crime. Presently, measuring effectiveness can be challenging and is often unsystematic, relying on annual Money Laundering Reporting Officer (MLRO) reports that pull together proxy measures of effectiveness from a wide range of sources, which is manual, time consuming and potentially error prone if the data is not tracked on a more regular basis, and unusual findings pulled out and scrutinised. Using technology to address this problem in the future is at the heart of the solution. In our view, not only will an outcomes focussed approach increase the relevance of reporting that AFC provides to its senior leadership teams - as it will be able to demonstrate clear Key Performance Indicators (KPIs) and markers of improvement over time - it will also drive positive developments in AFC controls by helping to understand better whether those controls are working to actively reduce crime and illicit funds flowing through the financial services ecosystem. 

So what are we doing about this at FINTRAIL to ensure our clients adjust to the shift in focus? Our immediate response is to embed ‘effectiveness’ into all of our service offerings in 2021 from advisory to assurance; our consultancy teams are putting it at the heart of everything they do for our clients.

Secondly, FINTRAIL is now an investor in Cable.tech that is headed by the fantastic Natasha Vernier and Katie Savitz who both bring great pedigrees from the likes of Monzo and Square. Cable is focused on finding a technical solution to the challenge of AFC effectiveness. We are super excited by what the team there is building and are sure as 2021 progresses they will be taking the industry by storm. 

Increasing specialisation in AFC Compliance

A few years ago and anecdotally at FINTRAIL, we noticed a shift from quite siloed AFC teams with specific areas of focus across the different crime types (e.g. Head of Fraud), to a more homogenous AFC team structure with experts in a number of areas working together and collaborating. A particularly notable change in some organisations was the inclusion of Fraud teams into wider AFC compliance teams, where Fraud had sometimes more traditionally been placed alongside operations or in security and cyber security teams.  This flatter approach was especially popular in newly established AFC teams in startups and FinTechs. 

Our prediction for 2021 is that we are going to see an increasing specialisation of AFC compliance professionals in the product areas that they oversee and risk manage. For example, Fintech AFC compliance officers might well be broken down further into payments AFC specialists, Foreign Exchange (FX) AFC specialists and Banking as a Service (BaaS) AFC specialists. These specialist product skills will help AFC officers really pinpoint the risks their firm’s products are facing and thereby design more nuanced controls to manage those risks.

As such, it seems increasingly likely that these skills will be required by FinTech firms when recruiting and that candidates coming from more generalist backgrounds will need to demonstrate additional competencies in order to compete with the more specialist compliance officers out there. 

We have responded to this development and the growing, critical need for certified qualification in the FinTech industry by partnering with ACAMS to offer the Certified AML FinTech Compliance Associate (CAFCA) qualification and examination. This sets a new standard for the global FinTech industry and brings credibility and parity to an industry that has historically faced questions about competence. As our colleague Kate Hotten put it “It's for FinTechs, but it's so much more: it explores how scale, inclusion, new financial models and technical skills impact how we work in AML. We really worked hard to make sure this wasn't the same old AML blah-blah.”

Wellbeing is critical

2020 gave us all time to reflect on what wellbeing really meant to us as individuals, and firms are starting to do more to ensure that their staff are engaged, resilient and are looking after their physical and mental health. Not only is doing so beneficial for the employees involved, but it also has proven and wide ranging benefits on productivity, employee retention and engagement, inter alia. Staff in AFC teams are no exception to this, and in these roles especially dealing with the negative sides of society that we see when we investigate some pretty horrendous crimes, wellbeing should be prioritised.  Further, the sometimes relentless pressure - whether it’s from criminals breaching your perimeter controls to the more generalised stress of working in a regulated industry - can take its toll, and mental health and wellbeing should be taken seriously. Plus, with crime continuing to increase during the pandemic, this focus has never been more needed. And, just because we are working remotely doesn’t mean that wellbeing can be discounted, in fact it’s just the opposite.

At FINTRAIL, we are proud to offer the services of app-based therapy provider, Spill to our colleagues, and are also looking forward to exploring some more bespoke options with Your Virtual Wellbeing Hub, a research-backed one-stop-shop for employers looking to introduce, add to, or kick-start their employee wellbeing offering. We hope that these efforts will make sure that our team’s wellbeing is central to our company ethos.

For the wider FinTech FinCrime Exchange (FFE) community, we are excited to be offering a series of free, donation-based yoga classes from March onwards to help our members disconnect from their day jobs and find that all important “me” time, making them even better crime fighters.


So, whether you are looking to hone your compliance skills, take some time out for yourself from a busy day or are looking at how to revitalize your compliance programme over the next year, we hope you’ve enjoyed reading this piece, and if you would like to contact us about any of the topics raised in this article, or about any other anti-financial crime compliance needs, please reach out at contact@fintrail.co.uk

A Year in Review: Financial Crime in the Middle East and Africa in 2020

2020 has clearly been a year like no other.  Both businesses and criminals have had to adapt to the abrupt and far-reaching impacts of the COVID-19 pandemic.  This has drastically accelerated the shift away from cash to digital payments, and encouraged both governments and global actors such as the Financial Action Task Force (FATF) to promote a shift towards digitisation.  The pandemic also provided ample opportunities for criminals to devise new schemes and take advantage of a rapidly changing, uncertain environment.  Many financial institutions in the Middle East, particularly the Gulf Cooperation Council (GCC) struggled with sluggish performance, but most still planned to grow their compliance teams and increase compliance spend over the course of the year, with a focus on technology.  

Below are some of the key financial crime stories and trends from the year across the MEA region:

Fraud and COVID-19

COVID-19 has created opportunities for organised criminals and fraudsters across the globe, and MEA is no exception.  The region has traditionally been dominated by cash payments, but the pandemic accelerated a huge shift to digital transactions (e.g. a PwC survey shows 53% of Middle East respondents making purchases online).  This change, coupled with public anxiety which left people vulnerable to scams, led to a massive increase in fraud including phishing, online shopping fraud, impersonation fraud, and fake charitable appeals. The UAE, for instance, saw a 250% increase last year in cyberattacks, including phishing and ransomware incidents.

Financial institutions need to respond by re-examining their fraud controls, conducting risk assessments to capture the latest threats, and educating their customers on new risks and typologies.  Informal collaboration or industry groups such as the regional charters of the FinTech FinCrime Exchange can be invaluable here.

Spotlight on digital onboarding and eKYC

Regulators in the Middle East and Africa were already moving towards greater digitisation and use of technology to fight financial crime, and this trend has only been accelerated by the COVID-19 pandemic.  In April 2020 the Arab Monetary Fund published a report on ‘Digital Identity and e-KYC Guidelines for the Arab Countries’ to further the debate on adopting digital onboarding tools.  Within the Middle East, the UAE and Bahrain have been the national frontrunners - Bahrain launched an eKYC project mandated by the Central Bank of Bahrain in 2019, to facilitate KYC data sharing amongst participating financial institutions which has continued to develop over the course of 2020, and the UAE introduced its own eKYC platform which went live in July last year.   

As more and more firms look to digitise their compliance processes, against this backdrop of growing official support, care must be taken to select technological solutions which allow firms to reduce any potential risk exposure, and that their use and integration is properly assessed and re-evaluated on an ongoing basis.

FATF Mutual Evaluation Report on the UAE

One major regional news story in 2020 was the publication of FATF’s critical Mutual Evaluation Report on the UAE’s money laundering and terrorist financing controls.  FATF stated the UAE needed to make “fundamental and major improvements” to its AML/CTF systems, and placed it under a year-long observation to ensure that it is properly implementing its recently adopted laws.

The UAE has faced other criticism last year.  It was the only GCC state included in a list of 82 major money laundering jurisdictions identified by the US State Department in March.  A report from the Carnegie Endowment in July on financial crime in Dubai highlighted a number of risk areas and stated that “Dubai’s prosperity is a steady stream of illicit proceeds borne from corruption and crime.”  The investigative and policy organisation The Sentry issued a report in November on how Dubai has become the main destination for illicit gold from Africa.

While the UAE government works to meet FATF requirements over the next 12 months, individual financial institutions need to ensure they have up-to-date risk assessments that reflect the financial crime threats relating to the country highlighted by these external sources, and then align their procedures and controls to address and mitigate the risks.

MEA regulators start to warm up to cryptocurrencies

The growth of cryptocurrency remained relatively low-scale but continued to show promise across both Africa and the Middle East.  Commentators believe the growing level of interest in Africa in particular, and compelling crypto use cases (the instability of fiat currencies and high remittance fees) will force regulators’ hands and encourage the issue of crypto-specific regulations in the near future.  2020 saw the issue of new regulations in Nigeria, South Africa and the UAE, with other jurisdictions such as Kenya and potentially Saudi Arabia likely to follow soon.  The UAE and Bahrain (which issued crypto regulations in early 2019) have both granted licenses to crypto exchanges under the relevant regulations, and currently have a number of crypto companies in their sandbox programmes.

The growing adoption and acceptance of cryptocurrencies in the MEA region will not only require crypto firms themselves to establish robust compliance programmes, but also other companies with potential exposure to them, such as conventional banks.  Crypto is perceived to be a high-risk sector but this does not mean it should be off-limits, and with greater knowledge and training on the associated risks and necessary controls, an increasing number of financial institutions are likely to engage with it in the coming years.

Slow steps towards greater transparency and access to data

Finally, 2020 has seen some positive developments relating to one of the region’s key issues in financial crime compliance, namely transparency and accessibility of data.  A small number of governments have made moves to align themselves with international standards, such as the UAE, Egypt and Kenya, which all introduced new requirements in 2020 for companies to declare their ultimate beneficial owners.  The onus is now on industry bodies to lobby to make all this information public, and on financial institutions to work out how best to integrate these new sources of information into their onboarding, customer risk assessment, and ongoing due diligence processes. Once again, technology is likely to play an increasing role here.

FINTRAIL in 2020

2020 was a key year for FINTRAIL’s coverage of the Middle East and Africa, with the appointment of Maya Braine as managing director, allowing for dedicated coverage and enhancing our understanding and expertise.  We completed several exciting projects with a focus on the region, including an ongoing assignment to provide training to compliance teams across Kenya, Nigeria and South Africa, and the launch of a digital product focusing on the African diaspora.  We also became a Venture Acceleration Partner  of Bahrain FinTech Bay, one of the world’s leading FinTech hubs.  We have ambitious plans for the region in 2021, so watch this space!

If you would like to contact us about any of the topics raised in this article, or about your financial crime compliance needs in the MEA region, please contact maya.braine@fintrail.co.uk. FINTRAIL can assist with performing risk assessments, providing training, implementing RegTech solutions, composing policies and procedures, and designing and reviewing FinCrime controls. For more details on our services, please visit our website.

Snakes and Property Ladders

How is one of the most exciting moments in someone’s life also the most stressful? 

Passports. Bank statements. Proof of employment. Payslips. So many different documents provided to so many different people.

For most people buying a house, whether for the first time or finally finding your “forever home”, is meant to be one of the best moments in their lives. But this is often soured by several journeys to the estate agents/solicitors to prove you are who you say you are or by needing to send numerous personal documents by post. 

This blog looks at the documentation and due diligence behind house buying - and how it can be simplified whilst still mitigating the risks. At FINTRAIL, some of the team have been lucky enough to have bought a place within the last 12 months. We have all experienced the good, the bad and the ugly during the process but surprisingly not all in the same area. We are going to discuss the risks associated with property purchases, compare and contrast our journeys, look at how this market differs from FinTechs and gain insight from Thirdfort, a firm which specialises in providing identity verification and source of funds checks for lawyers in the property market. 

What are the risks?

Before we dive into the FINTRAIL team’s experience of property purchases, we should look into the risks associated with the property market. Laundering money through the purchase of property is often described as one of the oldest known ways to legitimise ill-gotten gains. As property purchases naturally involve high prices, it is an easy way to move large sums of criminal proceeds. Properties can also be used operationally in a criminal’s organisation - potentially as a way to generate legitimate income via rent or as a location for other illicit activity. Another risk to be aware of, which is highlighted in HMRC’s risk assessment for estate agency businesses, is the risk of overseas buyers, especially from higher-risk jurisdictions. Property purchases may be made with the proceeds of crimes committed in other jurisdictions, including but not limited to bribery and corruption and even sanctions evasion. Transparency International published a paper in 2015 which showed the extent of this risk: 40,725 London property titles were held by foreign companies of which 4.89% were held by companies incorporated in secrecy jurisdictions. 

As the risks faced by the parties in the property sector are being increasingly highlighted by numerous governmental and non-governmental organisations, it is not surprising that the property sector in the UK has come under scrutiny by both law enforcement and the supervisor under the Money Laundering Regulations, HMRC. Unexplained wealth orders (UWOs) are a type of court order used in the UK to compel the target to reveal the sources of their unexplained wealth. It uses the reverse onus principle, where the burden of proof shifts to the target. We have seen the majority of UWOs being issued to find out how multiple high-value properties had been financed, and in the most recent case saw nearly £10m of assets handed to the National Crime Agency. This shines a light on the need to understand the source of funds used to purchase a property and if this is in line with the individual’s profile. In 2019, HMRC fined Purplebricks for breaches concerning failures in having the correct policies, controls and procedures, conducting due diligence and timing of verification. This highlights the need for the sector to have the correct level of customer due diligence in place, which involves understanding and verifying who your customer is. 


Our Journeys 

house buying-01.png

Where is the technology? 

The first interesting observation is the lack of technology in most of our journeys. Lauren was lucky as her solicitors used an app for verification and a portal to update on progress. Being able to take a picture of your ID and upload a selfie is something we now come to expect in the FinTech space, which was replicated here. However, for Rachel and JP, the methods used to verify their identity, including certifying copies of documents or having to see someone face-to-face, were time consuming, costly and quite surprising given the online methods we know work very well in identifying and verifying individuals today.  At the time of JP’s purchase, the national lockdown was underway and COVID restrictions were in place for all businesses. To require face-to-face contact when businesses should have been operating as “COVID secure” does not seem logical, especially with the numerous contactless options that are available.  

Thirdfort have noted that the legal sector is embracing technology at an increasing rate, and certain developments mean that this trend is likely to continue apace. The HM Land Registry recently announced that they are now accepting digital signatures, and the Ministry of Justice temporarily accepted video witnessing of wills during this year’s lockdown. At the same time, law firms have had to digitalise their approach to client due diligence due to social distancing and lockdown restrictions, so it seems that the process of buying or selling a property is set to become more tech-focused. 



So what if the industry took more of a risk-based approach?

Using a risk-based approach is an expected element in a risk management framework. Within the conveyancing process, a risk-based approach could include collecting different levels of information and documentation for identity verification, varying the beneficial ownership threshold for verification, and collecting different levels of evidence for source of funds/wealth all in line with the risk of the customer. To help define that risk-based approach, a risk assessment should be conducted to identify the areas with the biggest risk exposure and tailor the procedures to mitigate those risks. HMRC recently published guidance to help estate and letting agents identify and understand where those risks could lie. 

 

In our cases, there appeared to be a lack of a risk-based approach for Lauren with her source of deposit checks from the solicitors.  A small percentage was kindly gifted by her mum, who was then asked to prove her source of funds with numerous bank statement requests. Given Lauren’s mum has been a working professional for a number of years and has accumulated savings over those years, the level of detail required for her to prove this seems excessive. This point is emphasised more when you look at JP’s source of funds check.  His proceeds came from the sale of another house, but this was not investigated in detail to ensure the funds did not come from another source. At FINTRAIL we encourage all our clients to treat their anti-financial crime checks as something more than a “tick box exercise”, which does not seem to be the case in relation to JPs SoF checks.

What next? 

Here are some key takeaways for the property market to consider:

  • Conduct a risk assessment to ensure you identify and better understand the key financial crime risks you are facing. 

  • Look out for red flags of suspicious activity, which may include:

    • Anonymous or difficult to identity owner 

    • Unusual or inconsistent income 

    • Over or under estimated property prices

  • Take advantage of the technology out there to create a smoother customer journey while still mitigating risks.

  • Apply a risk-based approach to your financial crime framework to ensure you are focussing your attention on the highest risk areas, especially when it comes to verifying source of funds.

  • Apply more targeted client due diligence and enhanced due diligence to specific areas of risks identified, rather than applying the same standard measures across the board. This allows firms to mitigate the actual risk posed by the customer rather than just conducting a tick box exercise.

  • Look out for HM Land Registries guidance on digital identity checking in conveyancing.

  • In light of the Covid-19 pandemic, companies such as Thirdfort have shown the importance of individuals being able to complete their due diligence checks in the comfort of their own home. It is important to hit a comfortable ground between ensuring firms can verify clients and manage risk compliantly and taking some of the pain-points out of property transactions for the client.


If you’d like to learn more, please contact Lauren Vincent, Team Coordinator, or email us directly at: contact@fintrail.com.

FINTRAIL Monthly REG-CAP Nov 2020

FINTRAIL is producing a monthly regulatory summary of any FinCrime changes that may be occurring in Europe and beyond.

This one pager will cover:

  1. Key updates from global and local regulators

  2. Key updates from industry guidelines

  3. Additional insights identified from financial intelligence units

November 2020

In November’s issue, we cover post-Brexit sanctions.


Other highlights include two important reports published by Europol.

What other regulations changes caught your eye in November?

If you are interested in speaking to the FINTRAIL team about any of the items in the REG-CAP, have any ideas for inclusion or want to discuss any other financial crime topic please get in touch at: contact@fintrail.co.uk

FINTRAIL Book Club: Anti-racism

In October 2020, and to mark Black History Month, FINTRAIL ran a team book club dedicated to reading books authored by Black, Asian, Minority Ethnic and Inidigenous people and People of Colour (BAME and BIPOC). We did this to improve our understanding of racism and the issues faced by the BAME/BIPOC communities, as well as to facilitate an open discussion, ensuring that everyone in the team participated actively in a discussion about racism. We wanted to share how we set up the book club, our key takeaways and our next steps.

We devised a list of books by BAME and BIPOC authors, and asked each person in the team to pick one book to read. We asked a series of short, generic questions (what was the story, what did you learn, what challenged you about the book) and then all met (virtually of course in these COVID-19 times) and each ran through the book we’d read and answered the three general questions.  This meant everyone could share their individual take on the book they’d read and we got to learn about a wider range of books than if we’d simply picked one book for us all to read. The team at FINTRAIL offers a huge note of thanks to Meredith and Ishima for coordinating all of this.

We held a lively and engaging discussion, the main takeaway being that we all experienced an overwhelming feeling of shock and frankly horror at the injustices BAME and BIPOC individuals have faced on a continuous basis throughout history. We learned from Mikey’s reading of “In Black and White” [Alexandra Wilson] about the injustices faced by black criminal barristers in the UK, and how the mistreatment of black people in the legal profession - often mistaking them for defendants - negatively impacts how justice is served to our BAME populations in the UK. There is a horrible and unjust (pun fully intended) irony here. Meredith read “Indian Horse” [Richard Wagamese], centering on the author’s experiences as an Indigenous person in Canada of the residential care system. The practice of residential care for indigenous people was only disbanded in the 1960s in Canada, and it subjected indigenous children to religious cleansing, child labour and sexual abuse in many cases, turning on its head the notion that Canada has been sensitive in its handling of indigenous communities. 

We observed too that there were wild discrepancies between how much black history we had all covered at school; some colleagues had covered elements of black history in detail, whereas others hadn’t touched on anything specific.  For many of us, this discussion was one of the first opportunities we’d had (or taken) to discuss racism openly and learn about black history.  That all being said, and as Maya pointed out based on her reading of “Black and British” [David Olusoga], it became clear to us that we need to start teaching black history not as a history of black people in Britain, but as an integral part of the history of Britain. We lose important context if we do the former. As such, it seems critical that schools and educational institutions examine urgently how they are teaching history that fully encompasses the Black, Asian and Minority Ethnic/BIPOC experience. 

As regards other practical steps to be taken, we learned from James’s reading of “Why I’m No Longer Talking To White People About Race” [Reni Eddo-Lodge] that the need for black equality is not about inverting the power balance between black and white people, but rather rebalancing that power evenly. James noted - in a work-based example - that the notion therefore of hiring people solely on “merit” was no longer sustainable, and that to redress the imbalances caused by racism, more proactive hiring of BAME/BIPOC individuals is needed.  

Finally, we learned from a number of the books we read that white people have been conditioned not to talk about race, or deal with their privilege and that this has to change if we are to make inroads into the battle against racism. Therefore, a small, but important logistical observation stood out: running the book club the way we did - with each person reading and commenting on a different book -  facilitated a very open discussion.  In turn, this ensured that everyone participated and had to start that conversation about white privilege and Black, Asian and Minority Ethinc/BIPOC oppression with the group, and - most importantly - with themselves.

If you’d like to learn more, please contact Gemma Rogers, Co-Founder, or email us at: contact@fintrail.co.uk.

Partners Against Crime: FinTech-Banking Partnerships in the GCC

With particular thanks to Banque Saudi Fransi, First Abu Dhabi Bank, Jingle Pay, Rise, Xpence, and Ziina.

Although the FinTech sector in the GCC has developed significantly in recent years, it is still relatively underdeveloped in global terms and has huge potential for future growth.  One major obstacle often cited by FinTech start-ups is the difficulty of establishing partnerships with incumbent banks.  These are essential since FinTechs generally operate under a bank’s licence rather than obtain their own, and rely on the banks’ payment rails.


However, banks in the GCC are often reluctant to onboard FinTech partners, for both commercial and compliance reasons.  Many are creating their own digital product offerings and see FinTechs as competition.  However, another major issue is the banks’ worry around the financial crime risks posed by customer-facing FinTechs.  In a region already recognised by external parties as high-risk, and facing numerous financial crime threats from money laundering and terrorist financing to sanctions evasion, many banks are reluctant to take on new high-risk business and consider FinTechs to be outside their risk appetite.  


While financial crime considerations are clearly relevant in every region, an additional complication in the GCC is the fact regional banks are concerned about their correspondent banking partnerships, which enable them to transact in foreign currencies.  Widespread derisking has caused many global banks to cut ties with their Middle Eastern counterparts, meaning regional banks can’t endanger their remaining partnerships by taking on new business their partners will deem high-risk.  Effectively, regional banks can’t define their own risk appetite and have to follow that of their international partners.


As well as correspondent banking partners, regional banks must also satisfy increasingly strict local regulators.  The introduction of more rigorous regulations and enforcement by GCC regulators to meet international expectations has resulted in significant de-risking within the GCC itself, with banks terminating relationships rather than accepting and managing the associated risks.  In this environment, signing up new, high-risk FinTech businesses is a tough sell.


However, there are clearly major benefits for both banks and FinTech start-ups to successfully form partnerships with the right counterparts.  The key is for the banks to be comfortable with the FinTechs’ compliance frameworks and controls, and to be able to convince their correspondent partners and local regulators that they have suitable systems in place for assessing and managing the risks associated with these partnerships.  


So in practical terms, what do regional banks and FinTechs need to do?  FINTRAIL has looked in a previous blog at FinTech-bank partnerships in the US, and some key ways the two parties can ensure a successful partnership by aligning risk appetites, expectations, and operating practices.  Many of the key takeaways, such as the need for clear roles and responsibilities, a documented escalation process, and regular communication, are clearly of global relevance and just as important for GCC firms as those elsewhere in the world.  


In addition, to address the specific challenges in the GCC, regional banks should ensure they can demonstrate the following:

  1. A clearly defined risk appetite for FinTech partnerships and the type of business and levels of associated risks the bank is happy to accept

  2. Tailored onboarding and customer risk assessment processes for FinTechs, to ensure the bank fully understands the risks of each relationship and manages them accordingly, with the appropriate level of due diligence

  3. Special due diligence controls designed for FinTechs, such as nuanced AML questionnaires, onsite visits, and bespoke transaction monitoring, to give the bank insight into its partner’s compliance controls and activity


Regional banks should also seek to educate their correspondent partners on the local regulatory environment, such as FinTech licensing requirements and local KYC regulations, to help them better understand the true nature of the underlying customers.  This could help dispel misconceptions about the level of risk posed.


Ultimately, there is no doubting the potential of the FinTech sector in the GCC, and the opportunity for all parties to benefit.  Regional banks recognise that FinTechs are shaking up the industry and forcing innovation in terms of product offerings and customer service.  Digitising their own offerings will only go so far towards meeting this challenge, and partnering with the right start-ups will offer them the chance to benefit themselves from this innovation.  Especially given the current economic situation in the region, the prospect of new revenue streams is not easy to dismiss.  Banks who can think creatively about how to manage the compliance risks associated with FinTech partnerships and can demonstrate a rigorous programme to their own internal stakeholders and to external partners stand to make tremendous gains.


FINTRAIL has experience working on both sides of the table helping FinTechs and their partner banks manage financial crime risks. We can assist by helping banks determine their risk appetite and design robust onboarding and ongoing monitoring programmes for FinTech partners, and by performing assessments of FinTechs’ financial crime exposure and compliance programmes and controls.

If you’d like to learn more, please contact Maya Braine, MD for Middle East and Africa, or email us at: contact@fintrail.co.uk.

Case Study: Digitisation Support

Designing Financial Crime Compliance Programme for Africa-Focused Digital Product

A case study of how FINTRAIL helped an international banking group launch a new digital product, by designing an innovative, tech-focused financial crime compliance programme.

See how FINTRAIL designed bespoke policies and procedures, processes for customer onboarding and ongoing monitoring, to ensure full regulatory compliance, effective risk mitigation, and great customer experience.

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch with the team at: contact@fintrail.co.uk

When you should carry out ongoing Due Diligence and how to remediate gaps

The FINTRAIL and Jumio teams have been discussing why regulated businesses are expected to perform ongoing Due Diligence on clients, why it is important to remediate gaps identified, and the approach businesses should consider when performing this remediation.

In this report you will find examples of the different scenarios when you should consider refreshing your Due Diligence. It also highlights why it is important to remediate gaps and how you should seek to operationalise this process.

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch with the team at: contact@fintrail.co.uk

FinTech Approaches to Sanction Regimes

Announcing Expert Working Groups and Topic 1: Sanctions compliance

The FFE have kicked off a series of topical roundtable discussions among industry leaders, with the aim of connecting senior decision makers to discuss their own internal approaches to common challenges. These Expert Working Groups are under Chatham House Rule, with FINTRAIL acting as secretariat to facilitate discussion amongst experts. Thanks to RDC and RUSI, too, for providing expert insights alongside our FinTech experts.

Our first Expert Working Group focused on FinTech approaches to sanctions regimes, and gathered 18 sanctions experts from 8 different FinTech industries. After just two in-depth sessions, we were able to glean insight on best practices that we hope you find useful when benchmarking your own approach. 

As a sneak peek into some of those insights:

  • Around 30% of the FinTechs we spoke with have a sanctions-specific risk assessment to support their risk-based approach, with several more working to create one.

  • Unanimously, Expert Working Group participants are typically using conservative (or even very conservative) fuzzy matching thresholds ranging from 70%-85%, especially compared to industry averages closer to 85%-92%.  

  • C-Suite and board members are increasingly expected to have sight of the Sanctions program and/or Sanctions-specific policies, vs. just the broader Compliance or Anti-Money Laundering program.

Check out the full report for more, and reach out to us at ffe_admin@fintrail.co.uk to share any insights of your own. And be sure to stay tuned for further Expert Working Group insights!

ON DEMAND: ComplyAdvantage Webinar - The Rise of Money Muling

*** Now available on demand ***

ComplyAdvantage Webinar banner: The Rise of Money Muling, with Charles Delingpole Founder and CEO of ComplyAdvantage, Gemma Rogers, Co-FOunder at FINTRAIL, Tom Keatinge, Director, Centre for Financial Crime and Security Studies (CFCS) at The Royal U…

Due to rapidly changing global circumstances, high unemployment and uncertainty surrounded the future, money muling is tragically on the rise.

It is a crime that often disproportionately affects the most vulnerable and financially illiterate. Criminals involved in money muling often survive by tricking ‘clean’ individuals with no criminal history but who is ultimately responsible for educating and helping to prevent this insidious form of money laundering: individuals, banks, governments, regulators, social media platforms?

Join our expert panel including:

  • Charles Delingpole, Founder & CEO, ComplyAdvantage

  • Gemma Rogers, Co-Founder, FINTRAIL

  • Tom Keatinge, Director, Centre for Financial Crime & Security Studies, RUSI

  • Adam Hadley, Director, Tech Against Terrorism

In this thought-provoking webinar, the panel will be exploring:

  • The role that social media platforms play in recruitment, advertisement, and propagation

  • Why this issue deserves urgent and serious attention now

  • What the financial services sector and the regulator is and should be doing to stop money muling

ON DEMAND: FINTRAIL- Elliptic Cryptoasset Compliance Virtual Bootcamp

***NOW AVAILABLE ON DEMAND***

For financial crime compliance professionals, cryptoassets are one of the hottest topics around. With regulators and global watchdogs like the Financial Action Task Force zeroing in on cryptoassets, any compliance team that isn’t educated on cryptoassets has a major blind spot. 

Cryptoassets are no longer a fringe financial technology: cryptoassets have a total market value of more than $250 million; bitcoin is among the top ten currencies globally in terms of the overall value of banknotes and coins in circulation; and over $500 billion flows between the banking sector and cryptoasset businesses annually. Cryptoassets are now a feature of the financial landscape. This exciting technology presents both compliance challenges and business opportunities for teams not only at cryptoasset businesses, but also for banks and FinTechs who can no longer ignore this burgeoning asset class.  

That’s why we’re partnering with the team at Elliptic to launch our first ever cryptoasset compliance virtual bootcamp. Originally launched on 30 June 2020, this online bootcamp is one we’ve designed to assist banks, FinTechs, and cryptoasset firms alike in identifying strategies for managing financial crime risks in this new phase of cryptoassets. We’ve launched this initiative to help compliance teams in their journey, and to educate and ensure the wider regulated sector understands the cryptoasset industry, how it may affect their business, and how best to practically address the risks while harnessing new opportunities. The bootcamp focuses on how your business can apply an effective risk based approach towards cryptoassets. This ensures the highest risks to your business are the focus of your compliance efforts, with less impactful risks sitting lower down the priority list. 

Led by FINTRAIL’s Danielle Jukes and Elliptic’s David Carlisle, and featuring guest speakers from around the financial crime compliance space, this complementary virtual bootcamp will include three engaging sessions across June and July. Each session will focus on the key pillars that we see as vital to a strong cryptoasset financial crime risk management framework. Content for the sessions will include: 

SESSION 1: CRYPTOASSET RISKS . . . WHAT’S YOUR APPETITE? 

Effective risk management starts by defining your risk appetite. If you are a cryptoasset business, have you articulated to your staff which risks you’re willing to accept? For example, are there certain countries that present especially high cryptoasset risks and with which you won’t do business? And if you are a FinTech or bank, have you clearly defined what degree of interaction your business will or won’t have with cryptoassets, and do your staff understand how to ensure adherence to that risk appetite? Until you’ve defined your risk appetite, you can’t expect your compliance team to develop an effective response. In this session, we’ll provide you with a conceptual framework for defining your cryptoasset risk appetite and using that foundation for effective risk management.

  • Key takeaways: an understanding of how you can develop a risk appetite statement on crypto, and how it can affect your business, relevant examples of statements related to cryptoassets.

SESSION 2: ASSESSING AND GETTING TO GRIPS WITH THE FINCRIME RISKS:

Cryptoassets present specific financial crime risks and feature heavily in some typologies more than others. Understanding these risks and executing a crypto-specific risk assessment is critical to managing risk exposure, whether your platform offers cryptoasset services directly or not. If you are a cryptoasset business, do you understand which fincrime typologies present the highest risks to your platform? Do you offer privacy coins or other services that may present an elevated risk to your profile? If you are a FinTech or bank, while you may not offer cryptoasset services, do you understand crypto-specific typologies that may expose your business to indirect cryptoasset risks that are sometimes very difficult to detect? This session will equip you with the know-how you require to conduct an effective cryptoasset risk assessment for your business. 

  • Key takeaways: an understanding of different types financial crime risks, how they present themselves within cryptoassets, and how your business can assess these risks.

SESSION 3: SYSTEMS AND CONTROLS - MANAGING YOUR CRYPTOASSET RISKS IN PRACTICE 

Managing cryptoasset risks requires access to systems and controls that can detect and protect against bespoke risks. Your compliance team should be working to solve the following questions:.

  • For cryptoasset businesses, do you have access to these bespoke cryptoasset monitoring tools tools, and are they configured appropriately to your business needs? 

  • For banks and fintechs, are you able to detect and assess risks related to counterparties who may be dealing in cryptoassets? Solutions exist that can enable you to do so, but they require expertise your business may not possess. 

  • Filing SARs and undertaking reporting obligations related to cryptoassets can present specific challenges. Are you equipped to navigate these challenges? 

  • Key takeaways: an understanding of what systems and controls are out there, and how they can fit into your wider anti-financial crime framework.

This bootcamp will help your compliance team work through these and other questions, and in doing so, will empower you to execute on a vital component of your financial crime risk management framework. If these three pillars are executed effectively, then your compliance team can confidently tackle the risks associated with cryptoassets. 

You don’t want to miss out on this opportunity to learn from FINTRAIL and Elliptic’s experts in cryptoasset compliance.

How to use Compliance as an enabler in Digital Transformation

Digital transformation for onboarding is a hot topic at the moment, given that much of the world is currently living their life from their sofas and managing their day-to-day financial needs from home. Having worked on transformation projects before with traditional FI’s, alongside assisting various FinTechs in the creation of new digital offerings, we at FINTRAIL thought it would be a good opportunity to move the spotlight onto compliance, and fly the financial crime flag by discussing some of the common misconceptions.

 

Front end change is just the tip of the iceberg

The ‘tip of the iceberg’ cliche has never been more appropriate when it comes to describing common misconceptions towards digital transformation. The main message is that a good user experience isn’t solely dependent on a minimal field registration journey, and that there are other components that need to be considered which the customer can’t see. Getting these components implemented effectively are equally as important and the focal point is our good friend - ‘a risk-based approach’. Having a robust risk-based approach can be the key for a slick user experience and dictate your approach to CDD, custom screening and risk management, enabling you to target your controls on your highest risk areas.

Image of front end change is the tip of the iceberg. Registration depicted above water, while the rest of the compliance processes depicted underwater as the main body of the iceberg

Less is more

It would be logical to assume that the less information you collect from your customer the better, and that allowing a customer to sign up by just inserting an email and password will drive your Trustpilot reviews through the roof. Ignoring the fact that this probably doesn’t actually meet your ID&V requirements, we would like to suggest that less isn’t always more. By creating a shortened registration process you may well get more sign ups, but if you subsequently need to perform downstream due diligence to address gaps, you could be creating a poor user experience further down the line, perhaps even in a critical situation when dealing with a vulnerable customer whose account has been frozen and they need urgent access to funds.  We don’t necessarily mean your registration process should be 100 fields deep across 10 pages but there is certainly a happy medium. 


Business enabling Anti-Financial Crime (AFC)

A common misconception is that financial crime compliance can be the blocker when it comes to innovation in these projects. It probably comes as no surprise that we at FINTRAIL would offer a healthy challenge to those naysayers. 

So, you are 6 months into your digital transformation project, it’s all on JIRA (other platforms are available) or you have a lovely Gantt chart. You have lined up all your sprints and it suddenly occurs to you that you should speak to your compliance team. After 45 minutes debriefing your compliance team, they have a bunch of questions and recommendations before you can move the project forward, resulting in you putting a big red “Stuck” against it. While you may have translated this into a no, these recommendations do not necessarily mean no, and even if it is a no, is that really surprising considering you have only introduced them as stakeholders so late on? Obviously we are focusing on the negatives here to emphasise our point and the above is certainly not a reflection on most businesses’ these days.

Some of the most successful projects we have been part of are the ones where AFC stakeholders have been included as part of the journey rather than just at sign off. There is a new breed of financial crime professionals who want to be viewed as business enablers and able to offer a great user experience as much as the next product owner.

A RACI (responsible, accountable, consulted, informed) matrix is often used in project delivery to divvy up people’s roles. With that in mind your approach may have been previously to assign compliance a consulted duty, but we would encourage you to increase their involvement in order to reduce blockers downstream and increase compliant innovation.

RACI project management chart with Compliance/financial crime function moved from consulted to responsible/accountable

Being a Compliance Champion

Equally it is not just the business that needs to take ownership of transformation, it can also be the fincrime function itself. Embracing change has never been more important in a digital enabled world and as fincrime professionals we should be just as excited by these new developments. Whether it is the implementation of a new due diligence process or screening programme, don’t be afraid to rip up the policy and start again. There is no reason why the financial crime team cannot be the driver for change.

Build, Buy or Both?

Like the ‘tip of the iceberg’, ‘build or buy’ is also becoming a bit of a cliche. What we do know is that you will likely need to partner with some technology providers in order to achieve your future state goals. Equally, even if you partner with someone, there will be an element of building that goes hand in hand. There are a variety of great providers available with a range of capabilities but we would like to reposition the ‘build or buy’ question. No single provider will solve all of your needs, and equally, to build everything in house isn’t logical when there are specialist systems available. This potentially means that the ‘build or buy’ question is a goose chase and in fact an amalgamation of the two is the best approach to adopt. 

Takeaways

Here are our top takeaways to be a compliance champion when it comes to digital transformation:

  • User experience does not stop on the physical registration page; it continues throughout the customer lifecycle

  • Less is not always more when it comes to identification programmes

  • Treat your compliance/ fincrime team as business enablers, engaging them in discussions earlier

  • Answer your build, buy or both question

  • A risk-based approach marries itself perfectly with transformation projects

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch at: contact@fintrail.co.uk

FINTRAIL- Elliptic Cryptoasset Compliance Virtual Bootcamp

For financial crime compliance professionals, cryptoassets are one of the hottest topics around. With regulators and global watchdogs like the Financial Action Task Force zeroing in on cryptoassets, any compliance team that isn’t educated on cryptoassets has a major blind spot. 

Cryptoassets are no longer a fringe financial technology: cryptoassets have a total market value of more than $250 million; bitcoin is among the top ten currencies globally in terms of the overall value of banknotes and coins in circulation; and over $500 billion flows between the banking sector and cryptoasset businesses annually. Cryptoassets are now a feature of the financial landscape. This exciting technology presents both compliance challenges and business opportunities for teams not only at cryptoasset businesses, but also for banks and FinTechs who can no longer ignore this burgeoning asset class.  

That’s why we’re partnering with the team at Elliptic to launch our first ever cryptoasset compliance virtual bootcamp. Launching on June 30, this online bootcamp is one we’ve designed to assist banks, FinTechs, and cryptoasset firms alike in identifying strategies for managing financial crime risks in this new phase of cryptoassets. We’ve launched this initiative to help compliance teams in their journey, and to educate and ensure the wider regulated sector understands the cryptoasset industry, how it may affect their business, and how best to practically address the risks while harnessing new opportunities. The bootcamp focuses on how your business can apply an effective risk based approach towards cryptoassets. This ensures the highest risks to your business are the focus of your compliance efforts, with less impactful risks sitting lower down the priority list. 

Led by FINTRAIL’s Danielle Jukes and Elliptic’s David Carlisle, and featuring guest speakers from around the financial crime compliance space, this complementary virtual bootcamp will include three engaging sessions across June and July. Each session will focus on the key pillars that we see as vital to a strong cryptoasset financial crime risk management framework. Content for the sessions will include: 

Session 1: Cryptoasset risks . . . What’s your appetite? 

Effective risk management starts by defining your risk appetite. If you are a cryptoasset business, have you articulated to your staff which risks you’re willing to accept? For example, are there certain countries that present especially high cryptoasset risks and with which you won’t do business? And if you are a FinTech or bank, have you clearly defined what degree of interaction your business will or won’t have with cryptoassets, and do your staff understand how to ensure adherence to that risk appetite? Until you’ve defined your risk appetite, you can’t expect your compliance team to develop an effective response. In this session, we’ll provide you with a conceptual framework for defining your cryptoasset risk appetite and using that foundation for effective risk management.

  • Key takeaways: an understanding of how you can develop a risk appetite statement on crypto, and how it can affect your business, relevant examples of statements related to cryptoassets.

Session 2: Assessing and Getting to Grips with the FinCrime Risks:

Cryptoassets present specific financial crime risks and feature heavily in some typologies more than others. Understanding these risks and executing a crypto-specific risk assessment is critical to managing risk exposure, whether your platform offers cryptoasset services directly or not. If you are a cryptoasset business, do you understand which fincrime typologies present the highest risks to your platform? Do you offer privacy coins or other services that may present an elevated risk to your profile? If you are a FinTech or bank, while you may not offer cryptoasset services, do you understand crypto-specific typologies that may expose your business to indirect cryptoasset risks that are sometimes very difficult to detect? This session will equip you with the know-how you require to conduct an effective cryptoasset risk assessment for your business. 

  • Key takeaways: an understanding of different types financial crime risks, how they present themselves within cryptoassets, and how your business can assess these risks.

Session 3: Systems and Controls - Managing Your Cryptoasset Risks in Practice 

Managing cryptoasset risks requires access to systems and controls that can detect and protect against bespoke risks. Your compliance team should be working to solve the following questions:.

  • For cryptoasset businesses, do you have access to these bespoke cryptoasset monitoring tools tools, and are they configured appropriately to your business needs? 

  • For banks and fintechs, are you able to detect and assess risks related to counterparties who may be dealing in cryptoassets? Solutions exist that can enable you to do so, but they require expertise your business may not possess. 

  • Filing SARs and undertaking reporting obligations related to cryptoassets can present specific challenges. Are you equipped to navigate these challenges? 

  • Key takeaways: an understanding of what systems and controls are out there, and how they can fit into your wider anti-financial crime framework.

This bootcamp will help your compliance team work through these and other questions, and in doing so, will empower you to execute on a vital component of your financial crime risk management framework. If these three pillars are executed effectively, then your compliance team can confidently tackle the risks associated with cryptoassets. 

You don’t want to miss out on this opportunity to learn from FINTRAIL and Elliptic’s experts in cryptoasset compliance. You will also be awarded a certificate of attendance after attending all three sessions. 

Active Anti-Racism in Anti-Financial Crime: Our Next Steps for Combatting Discrimination

At FINTRAIL, our US and global teams have been closely watching the swell of protests unfolding in response to the shocking deaths of George Floyd and Breonna Taylor - the latest victims of ongoing and unjustifiable police brutality against black people. However, racism isn’t just the existence of bad actors engaging in criminal acts of violence; police brutality emerges from systematic and deep-rooted racism that has infected justice systems in the US and around the world for centuries. And unfortunately, the anti-financial crime sector, integral for feeding information on suspected money launderers and terrorist financiers to police, has been complicit in this institutional racism. At FINTRAIL, we are constantly working to do more to promote diversity within our ranks and to support and learn from black voices. But we can do more as a firm to not just avoid racism but actively reject it, particularly through our work supporting anti-financial crime teams. Together, as consultants and as community leaders in the FinTech FinCrime Exchange (FFE), we can help make meaningful change to improve the treatment of black customers and to hold ourselves accountable when we get it wrong. 

  1. We promise to help champion and support non-white perspectives within our own team and the teams we work with. Implicit biases exist not only in day-to-day anti-financial crime activity, but also in senior level decision-making. People can unfortunately be prone to ignoring or undermining opinions given by black people in the room - and this is even more so the case for black women. In the worst cases - the room may be entirely white, eliminating the chance for non-white voices and perspectives to influence decisions on financial crime. How else can we be held accountable and understand the impact of our processes and decisions across all areas of financial crime risk management without ensuring black people are involved in the work and have the space to make constructive challenges? Thus, as FINTRAIL, we will make sure that we use our privilege to ensure there is always diversity in the room and that we listen to any and all challenges to our approach, especially from black people.

  2. We promise to work with clients to take extreme caution in the consideration of demographic factors when evaluating customer risk.  Firms building out their customer risk assessment (CRA) models may choose to include demographic factors, including nationality. While under very specific circumstances, demographics may be strongly correlated with risk (e.g. cheaply purchased nationalities), we will not advise or support the inclusion of demographic risk factors into a CRA methodology in a way that could unfairly lead to the application of enhanced due diligence (EDD) measures to a customer solely based on their racial, ethnic or socioeconomic background. In practice, this means strongly questioning whether such a factor is necessary in a CRA model in the first place and, if included, ensuring that only specific risks to the business are targeted and that there is no undue bias in the weighting of such a risk factor.

  3. We promise to be aware of racial biases that may exist within ourselves and our clients when it comes to clearing and investigating screening or monitoring alerts. Even when demographic factors have not been included in the calculation of a customer’s risk, racial biases can still cloud our judgment when evaluating one customer’s financial activity versus another’s. It is well documented that people are prone to more negative perceptions of those with darker skin, often without even realizing they are doing it. This can have dangerous effects for a customer, leading to their account being frozen or offboarded and their activity being reported to police. To help mitigate implicit and explicit bias in alert clearing, we will seek to support internal and external anti-racism bias training in the context of alert clearance and will push for the provision of clear decision trees to help analysts more objectively work through potential suspicious activity.

  4. We promise to do more to recognise and help mitigate the racial biases that can exist within European and American identity verification RegTech platforms. Within the US and Europe, we are really lucky to have a variety of robust identity verification tools to suggest to our clients that help automate the onboarding process. Innovative solutions allow for FinTechs to match customer selfies, live selfies or videos to a verified ID document - allowing them to onboard the customer within only a couple minutes. However, some solutions can struggle with non-white faces as their facial recognition technology hasn’t been adequately trained in correctly matching non-white faces to IDs. This can lead to serious negative consequences - non-white victims of identity fraud may have their documents stolen and used to open financial accounts without being spotted, or alternatively, genuine customers may be routed through a laborious manual review process simply because they aren’t white. We will work closely with FinTechs and RegTechs in the community to identify practical solutions to ensure that identity verification tools can more effectively verify non-white customers.

  5. We promise to take more initiative to build out innovative onboarding solutions for non-standard non-face-to-face situations. Under some circumstances, customers may not have the typical documentation needed to onboard - they may not have a passport or driving licence, or they may have recently moved country and have no address history. The good news is that more and more regulators expect financial institutions to have onboarding processes in place for customers who may be unable to provide traditional documentation - though some regulators go farther than others in their guidance. The bad news is that, in the absence of meaningful guidance, firms may end up with extremely manual onboarding processes, which require robust sensitivity training for front-line staff and which can delay financial access for those most in need of it. Some firms may even inadvertently avoid establishing a written approach to non-standard identity verification cases. We will do more to work with clients to help them establish more innovative approaches to non-standard onboarding and ensure that the approach is well-documented and that necessary training has been given to the front-line.

By working with the community on these practical steps, we hope to help inspire greater change within anti-financial crime best practice. No one should have a worse banking experience or be treated as a criminal solely based on the color of their skin, and we are committed to actively fighting for an actively anti-racist approach to financial crime.