USA

Introducing FINTRAIL Pioneer

FINTRAIL Pioneer is here  - the latest edition to our service offering designed to help businesses, no matter how small, in the fight against financial crime. 

Pioneer will sit within our global FINTRAIL Consult team, leveraging our specialist knowledge and passion for financial crime prevention to start supporting a new range of clients who have previously found it harder to access bespoke and considerate anti-financial crime services. 

So what does this mean in practice? Well: 

FINTRAIL firmly believes that excellent financial crime prevention starts from the ground up. Anti-financial crime (AFC) controls need to be built into your product and culture from the word go to limit bad actors exploiting your product. To help you, FINTRAIL Pioneer makes our consulting expertise easily available to small businesses, and early-stage startups (we’re talking less than 10 employees, or a balance sheet of around £2million or less) to support you in building a robust AFC program right from the start. 

We also understand that financial crime does not limit itself to only the financial services sector, so we’re expanding our Pioneer services to the Not-For-Profit (NPO) sector to support them in delivering crucial work for those most in need, free from the threat of being exploited by financial criminals.  

Lastly, our team  is driven by a shared passion for disrupting financial criminals and the crimes they facilitate across the globe. Pioneer will be uniquely responsible for directing that passion towards “for good” projects across the industry, offering our services free of charge to projects where we really believe we can make a difference. 

We’re really excited about Pioneer, and the difference we aim to make in the AFC community.

So if you are a small business, early stage start-up, or NPO and need support with your AFC obligations, or have a “for good” project you’d love to chat about then please get in touch – we’re all ears. 

Introducing FINTRAIL Consult

November marks my third year at FINTRAIL, and whilst three years certainly isn’t a major landmark to be celebrated, upon reflection, the last three years have been an incredible journey. Over the last 18 months alone we have delivered over 200 financial crime projects to support a  variety of different organisations. We have also seen the FINTRAIL team grow and develop, and we are in the process of adding another 10+ people to the family.

Yet there is more still to be done. Rob mentioned in his “Change is coming” blog last week, we are making some exciting changes at FINTRAIL to support the industry further. Under the new banner of ‘FINTRAIL Consult’, our consulting team is dedicated to offering a best in class anti-financial crime consultancy service to whoever may need it. 

The last 18 months have taught us that collaboration is key to delivering high quality products and services to our clients.  We will be joining our teams together under one global banner of ‘FINTRAIL Consult’ whilst continuing to add depth to our consultancy team with both regional and subject matter knowledge. This means our clients will receive a more consistent service and have access to all the knowledge within our team regardless of where they are located.

To ensure we support our client’s aspirations, we have also made some internal changes. Jessica Cath has been promoted to Head of Financial Crime Project Delivery, leading the core consultancy team and ensuring we maintain a high level of standards in the services we provide. Alongside Jess, we have expanded Greg Wlodarczyk’s role to Head of Specialist Financial Crime Advisory and Virtual Assets.  We recognise the evolving environment our clients operate within, which means we must also evolve. Greg will be focusing on ensuring the services we provide are progressive and ready to meet new challenges, whilst also working to hire individuals with the right specialist skills.

The new FINTRAIL Consult is looking forward to continuing to work with the financial crime community into 2022 and beyond! 

We are always here if you need us - do reach out if you have any questions

Love is in the air.. Or is it?

With increasing restrictions placed upon our lives due to COVID-19, millions of people have turned to online dating sites to meet someone and spark human interaction. In some instances, it is genuinely love at first sight, but not in others. In such an emotionally charged environment some enter this not for love but for financial gain and tragically, many stumble upon con artists who are eager to take advantage of people looking to make a connection. The fraudster builds up rapport by making up a story and, once they have established enough trust, moves onto the real reason they are there, asking for money. According to UK Finance, there was a 20% increase in bank transfer fraud linked to romance scams in 2019 compared to 2018. However, the damage to the victim often goes much deeper than the financial loss suffered. Navigating relationships can be fraught at the best of times, but here are few things that may help you identify if it is a scammer or not.

Liar liar

Red flags that might help you spot scammers include:

  • Asking a lot personal questions about you while avoiding answering personal questions about themselves

  • Trying to establish a bond quickly by telling you “this is the first time they’ve felt like this before”, giving you an endearing pet name or even that they are in love with you

  • Preferring to move the communication away from dating websites and towards texting or phone calls as the scammers know that the dating website will have no proof of them asking you for money

  • Asking for financial help by making up lies (which is covered below)

  • never meeting them in person as they are either “out of the country at the moment” or have made up excuses about why they had to cancel - sometimes these include financial reasons

Scammers are inventive when it comes to creating a facade with which to lure victims. Some frequently used lies by scammers in order to request funds include paying:

  • For a plane ticket or other travel expenses

  • For surgery or other medical expenses

  • Customs fees

  • Off gambling debts

  • For a visa or other official travel documents

Scammers usually request funds via wiring money, putting money on a gift card, or loading money onto a prepaid card. Scammers know that this way, they can get cash quickly and remain anonymous and the transactions are almost impossible to reverse.

Protect yourself

Never send money to a romantic interest you haven’t met in person. If you suspect a romance scam:

  • Stop communicating with the person immediately

  • Do a search for the type of job the person has to see if other people have heard similar stories. For example, you could do a search for “UK Army scammer

  • Do a reverse image search of the person's profile picture to see if it’s associated with another name or with details that don’t match up

  • Contact Action Fraud on 0300 123 2040

If you’d like to learn more, please contact Ishima Romain, consultant or email us at: contact@fintrail.com.

FinTech and Law Enforcement partnerships

Expert Working Group Topic 2: Law Enforcement partnerships

We’ve just wrapped up our second Expert Working Group, following last year’s EWG on FinTech Approaches to Sanctions Regimes. This time, we gathered 16 experts from FinTechs along with law enforcement leaders to chat about our partnerships with law enforcement.

This working group made it clear that finding the right contact or information can be tricky. Please do not hesitate to reach out to the FFE secretariat at ffe_admin@fintrail.co.uk if you need help making contact on an important law enforcement matter—this goes for law enforcement, FIUs and FinTechs. We’re happy to help you find the information you need, quickly.

A sneak peek into just a few of the insights that came from our discussions, which covered FinTech best practices for receiving and responding to requests, SAR feedback, asset freezing, stay-open requests and more: 

  • Public/private partnerships and industry groups are tough nuts to crack—58% feel they’ve struggled to get traction with groups that share high-value law enforcement information

  • We hear from law enforcement a lot. Half of us receive several requests per week.

  • MLROs rarely act as the central point of contact. If you’re an MLRO, and you’re still taking all the phone calls, delegate away—today is your day!

Check out the full report for more, and reach out to us at ffe_admin@fintrail.co.uk to share any insights of your own. And, of course, stay tuned for further Expert Working Groups!

A look forward: what does 2021 have in store for the anti-financial crime community?

2020 was a rollercoaster for us all, not least professionals in the anti-financial crime (AFC) space who had to deal with regulatory change continuing, and criminals upping their game and exploiting the pandemic in tragically ingenious ways.  You can read more about the impact of the global pandemic, and other key regulatory and typological developments in our lookback papers from our Europe, Middle East and Africa, and Asia Pacific teams.  But, let’s now take a moment to look ahead to 2021 and what we might expect to see as AFC practitioners over the year and what we plan to do as FINTRAIL. Normally, we shy away from predictions, but nothing could have been stranger than the reality that was 2020, so we thought we would give it a go!

Effectiveness and Outcomes-focussed Compliance

We’ve already started to see a shift in this direction in the AFC community, in both larger, traditional banks, as well as in the FinTech community as the pressure from regulators for firms to achieve good outcomes in financial crime prevention increases.  Even as far back as 2019, the then-interim Chief Executive of the UK’s Financial Conduct Authority noted: “One thing is already clear – we are moving from a narrower compliance with the rules, to a focus on delivering the outcomes we want for the users of financial services.” While not specific to anti-financial crime, it is clear that all financial services firms want good outcomes for their customers, particularly when it comes to preventing crime against them or involving them. 

What is likely to come this year, in our opinion, is a greater focus from regulators on how those outcomes are measured and therefore how confident a firm can be that its controls and AFC risk mitigants are indeed effective at tackling financial crime. Presently, measuring effectiveness can be challenging and is often unsystematic, relying on annual Money Laundering Reporting Officer (MLRO) reports that pull together proxy measures of effectiveness from a wide range of sources, which is manual, time consuming and potentially error prone if the data is not tracked on a more regular basis, and unusual findings pulled out and scrutinised. Using technology to address this problem in the future is at the heart of the solution. In our view, not only will an outcomes focussed approach increase the relevance of reporting that AFC provides to its senior leadership teams - as it will be able to demonstrate clear Key Performance Indicators (KPIs) and markers of improvement over time - it will also drive positive developments in AFC controls by helping to understand better whether those controls are working to actively reduce crime and illicit funds flowing through the financial services ecosystem. 

So what are we doing about this at FINTRAIL to ensure our clients adjust to the shift in focus? Our immediate response is to embed ‘effectiveness’ into all of our service offerings in 2021 from advisory to assurance; our consultancy teams are putting it at the heart of everything they do for our clients.

Secondly, FINTRAIL is now an investor in Cable.tech that is headed by the fantastic Natasha Vernier and Katie Savitz who both bring great pedigrees from the likes of Monzo and Square. Cable is focused on finding a technical solution to the challenge of AFC effectiveness. We are super excited by what the team there is building and are sure as 2021 progresses they will be taking the industry by storm. 

Increasing specialisation in AFC Compliance

A few years ago and anecdotally at FINTRAIL, we noticed a shift from quite siloed AFC teams with specific areas of focus across the different crime types (e.g. Head of Fraud), to a more homogenous AFC team structure with experts in a number of areas working together and collaborating. A particularly notable change in some organisations was the inclusion of Fraud teams into wider AFC compliance teams, where Fraud had sometimes more traditionally been placed alongside operations or in security and cyber security teams.  This flatter approach was especially popular in newly established AFC teams in startups and FinTechs. 

Our prediction for 2021 is that we are going to see an increasing specialisation of AFC compliance professionals in the product areas that they oversee and risk manage. For example, Fintech AFC compliance officers might well be broken down further into payments AFC specialists, Foreign Exchange (FX) AFC specialists and Banking as a Service (BaaS) AFC specialists. These specialist product skills will help AFC officers really pinpoint the risks their firm’s products are facing and thereby design more nuanced controls to manage those risks.

As such, it seems increasingly likely that these skills will be required by FinTech firms when recruiting and that candidates coming from more generalist backgrounds will need to demonstrate additional competencies in order to compete with the more specialist compliance officers out there. 

We have responded to this development and the growing, critical need for certified qualification in the FinTech industry by partnering with ACAMS to offer the Certified AML FinTech Compliance Associate (CAFCA) qualification and examination. This sets a new standard for the global FinTech industry and brings credibility and parity to an industry that has historically faced questions about competence. As our colleague Kate Hotten put it “It's for FinTechs, but it's so much more: it explores how scale, inclusion, new financial models and technical skills impact how we work in AML. We really worked hard to make sure this wasn't the same old AML blah-blah.”

Wellbeing is critical

2020 gave us all time to reflect on what wellbeing really meant to us as individuals, and firms are starting to do more to ensure that their staff are engaged, resilient and are looking after their physical and mental health. Not only is doing so beneficial for the employees involved, but it also has proven and wide ranging benefits on productivity, employee retention and engagement, inter alia. Staff in AFC teams are no exception to this, and in these roles especially dealing with the negative sides of society that we see when we investigate some pretty horrendous crimes, wellbeing should be prioritised.  Further, the sometimes relentless pressure - whether it’s from criminals breaching your perimeter controls to the more generalised stress of working in a regulated industry - can take its toll, and mental health and wellbeing should be taken seriously. Plus, with crime continuing to increase during the pandemic, this focus has never been more needed. And, just because we are working remotely doesn’t mean that wellbeing can be discounted, in fact it’s just the opposite.

At FINTRAIL, we are proud to offer the services of app-based therapy provider, Spill to our colleagues, and are also looking forward to exploring some more bespoke options with Your Virtual Wellbeing Hub, a research-backed one-stop-shop for employers looking to introduce, add to, or kick-start their employee wellbeing offering. We hope that these efforts will make sure that our team’s wellbeing is central to our company ethos.

For the wider FinTech FinCrime Exchange (FFE) community, we are excited to be offering a series of free, donation-based yoga classes from March onwards to help our members disconnect from their day jobs and find that all important “me” time, making them even better crime fighters.


So, whether you are looking to hone your compliance skills, take some time out for yourself from a busy day or are looking at how to revitalize your compliance programme over the next year, we hope you’ve enjoyed reading this piece, and if you would like to contact us about any of the topics raised in this article, or about any other anti-financial crime compliance needs, please reach out at contact@fintrail.co.uk

Inauguration Day: What does the Biden Administration mean for FinCrime?

January 20, 2021. Inauguration Day. The end of an era. Following four years under President Donald Trump, the United States will have a new president. 

What should we expect under the administration of President Joe Biden and Vice President Kamala Harris? Your answer to this question will likely depend on your top priorities. At FINTRAIL, we have been working to help our clients understand and prepare for any and all financial crime-related changes that are anticipated under the new administration. While some specifics are up in the air, it is clear that tackling illicit finance will be a top priority. 

Broadly, we can expect to see some changes from the top down. The new Deputy Treasury Secretary, Adewale Adeyemo, has promised a review of the Office of Terrorism and Financial Intelligence’s programs, including FinCEN, with plans to increase both staffing and budget. With new resources, there is likely to be new guidance and potentially new enforcement measures coming into force. 

Let’s explore in a bit more detail what we are and aren’t likely to see across the major financial crime areas over the next four years:


Money Laundering

At the start of the year, Congress passed the latest National Defense Authorization Act (NDAA), which the Biden Administration will be responsible for implementing. The NDAA outlined several major changes for BSA/AML professionals, particularly the development of a beneficial ownership register. Once implemented, this register will have a huge impact on CDD for legal entities.  Professionals should also keep an eye out for the Biden Administration’s top AML priorities, which must be published within 6 months of the NDAA going into effect, as well as the results of Treasury reviews of existing AML/CTF regulations (especially those around SAR filing) and specific studies on emerging technologies, trade-based money laundering and money laundering to China. While not immediate, these outputs may lead to further significant revisions to the existing AML/CTF landscape.

Compliance changes could also come about through other legislation. For example, with Democrats now in control of both houses of Congress, there is likely to be another push to pass the Safe Banking Act, which would give financial institutions a pass to bank the cannabis industry. This would mean needing to revamp your risk appetite and potentially your screening program, as many firms currently screen against lists of legal cannabis providers that cannot yet be banked under federal law.

Terrorist Financing

Two-thirds of US terrorist attacks in the first eight months of 2020 were from far right wing domestic terrorist groups or individuals, and especially in light of the recent Capitol attack, it is likely that far right wing extremism will remain the most pressing terrorism threat to the United States. This will be a top concern for the Biden Administration, and Biden has promised to pass a new law against domestic terrorism. Even before the recent events at the Capitol, Biden was meeting with advocacy groups, such as the Anti-Defamation League, illustrating a unique commitment and exploration of strategies to counter far-right-wing extremism. Practitioners have struggled with the lack of a specific federal crime for domestic terrorism, and there has not yet been a discussion of exactly what elements of counter-terrorism and counter-extremism the Biden Administration will prioritize. There is more explicit counter-terrorist financing legislation around the financing of foreign terrorist groups, for example, and any changes to laws against domestic terrorism could have knock-on effects for our understanding of terrorist financing. In the short term, some measures within the NDAA can be used to improve counter-terrorist financing efforts, particularly through improved public-private information sharing. 


Bribery and Corruption

Countering corruption at home and abroad is expected to be a central focus of Biden’s overall agenda. Some of the changes made within the NDAA, especially regarding whistleblower protection and requirements around ownership disclosure, directly play into this. However, for many financial institutions, it is unlikely that there will be major changes in day-to-day anti-bribery and corruption exercises, at least in the short term. FinCEN issued an updated statement on PEPs in August 2020, and while further clarification may come along during the Biden administration, there has been no explicit discussion around the position changing in the near future. 


Sanctions Evasion

The Biden Administration has already promised a “top-to-bottom” review of OFAC’s sanctions program. As part of the Obama Administration, Biden did not shy away from the importance of sanctions as a foreign policy tool, so we shouldn’t expect a major shift in their continued use. With that said, there will likely be a shift in the specific regimes applied. Shifts will take time though, especially in light of the recent move to re-add Cuba to the state sponsors of terrorism list and the time that may be needed to renegotiate the Iran nuclear deal. In some areas, we can expect sanctions to tighten. For example, Biden’s Chief of Staff, Ron Klain, has already spoken about the introduction of new sanctions in response to the recent Russian cyber attacks against the US government. There is also emphasis on taking a more multilateral approach to issuing sanctions, which could see the roll back of secondary sanctions or the pursuance of joint US/UK or US/European sanctions targeting human rights violators. Make sure your list provider will be able to quickly and accurately provide you with updated OFAC lists and that you understand any new conditions, particularly if more complex sectoral regimes are applied.

Tax Evasion

President Biden’s pick for National Security Advisor, Jake Sullivan, has previously written about ramping up efforts against tax havens as a core pillar of US trade strategy. Biden has similarly written about the importance of closing tax loopholes and reducing tax avoidance. In the near term, the implementation of the 2021 NDAA will also help with efforts to clamp down on tax evasion, particularly through the targeting of anonymous shell companies. Practitioners should continue to watch this space, as efforts to clamp down on tax avoidance may push some activity that has been licit into being illicit. 

Fraud

Fraud is also likely to be prioritized by the incoming administration, but immediate and wide-ranging changes are unlikely.. In terms of prosecution, experts have noted that there is a “serious backlog” of fraud cases, which will likely take time to process. More practically, BSA/AML professionals should pay attention to when Biden’s new $1.9 trillion COVID relief package is passed - most likely sooner than later given the Democrats’ control of the Senate. This promises further government support for individuals and small businesses, which, like the Paycheck Protection Program, is likely to lead to an increase in related fraud typologies. Make sure your monitoring system is tuned to detect these typologies, especially based on any patterns detected during the prior waves of stimulus, and that you have the human and technical resources to manage any surges in fraud.

Market Manipulation

Experts predict there to be an increase in investigations into market manipulation and securities-related crimes, including insider trading and accounting scams. However, it is important to remember that securities prosecutions can take an especially long time, so we are unlikely to see anything immediate in this space. There has not been a substantial discussion around reforms the Biden Administration is planning, but Gary Gensler, the Administration’s likely pick to head the Securities Exchange Commission, has a history of pushing through stricter oversight regulation and “issuing hefty fines,” as seen during the Libor scandal.

There are going to be changes to the way we think about and operate financial crime programs under the Biden Administration. While it may take some time to see the true impact of these changes, the shift in mindset and priorities will hopefully help the US continue modernising its overall approach to anti-financial crime.


Snakes and Property Ladders

How is one of the most exciting moments in someone’s life also the most stressful? 

Passports. Bank statements. Proof of employment. Payslips. So many different documents provided to so many different people.

For most people buying a house, whether for the first time or finally finding your “forever home”, is meant to be one of the best moments in their lives. But this is often soured by several journeys to the estate agents/solicitors to prove you are who you say you are or by needing to send numerous personal documents by post. 

This blog looks at the documentation and due diligence behind house buying - and how it can be simplified whilst still mitigating the risks. At FINTRAIL, some of the team have been lucky enough to have bought a place within the last 12 months. We have all experienced the good, the bad and the ugly during the process but surprisingly not all in the same area. We are going to discuss the risks associated with property purchases, compare and contrast our journeys, look at how this market differs from FinTechs and gain insight from Thirdfort, a firm which specialises in providing identity verification and source of funds checks for lawyers in the property market. 

What are the risks?

Before we dive into the FINTRAIL team’s experience of property purchases, we should look into the risks associated with the property market. Laundering money through the purchase of property is often described as one of the oldest known ways to legitimise ill-gotten gains. As property purchases naturally involve high prices, it is an easy way to move large sums of criminal proceeds. Properties can also be used operationally in a criminal’s organisation - potentially as a way to generate legitimate income via rent or as a location for other illicit activity. Another risk to be aware of, which is highlighted in HMRC’s risk assessment for estate agency businesses, is the risk of overseas buyers, especially from higher-risk jurisdictions. Property purchases may be made with the proceeds of crimes committed in other jurisdictions, including but not limited to bribery and corruption and even sanctions evasion. Transparency International published a paper in 2015 which showed the extent of this risk: 40,725 London property titles were held by foreign companies of which 4.89% were held by companies incorporated in secrecy jurisdictions. 

As the risks faced by the parties in the property sector are being increasingly highlighted by numerous governmental and non-governmental organisations, it is not surprising that the property sector in the UK has come under scrutiny by both law enforcement and the supervisor under the Money Laundering Regulations, HMRC. Unexplained wealth orders (UWOs) are a type of court order used in the UK to compel the target to reveal the sources of their unexplained wealth. It uses the reverse onus principle, where the burden of proof shifts to the target. We have seen the majority of UWOs being issued to find out how multiple high-value properties had been financed, and in the most recent case saw nearly £10m of assets handed to the National Crime Agency. This shines a light on the need to understand the source of funds used to purchase a property and if this is in line with the individual’s profile. In 2019, HMRC fined Purplebricks for breaches concerning failures in having the correct policies, controls and procedures, conducting due diligence and timing of verification. This highlights the need for the sector to have the correct level of customer due diligence in place, which involves understanding and verifying who your customer is. 


Our Journeys 

house buying-01.png

Where is the technology? 

The first interesting observation is the lack of technology in most of our journeys. Lauren was lucky as her solicitors used an app for verification and a portal to update on progress. Being able to take a picture of your ID and upload a selfie is something we now come to expect in the FinTech space, which was replicated here. However, for Rachel and JP, the methods used to verify their identity, including certifying copies of documents or having to see someone face-to-face, were time consuming, costly and quite surprising given the online methods we know work very well in identifying and verifying individuals today.  At the time of JP’s purchase, the national lockdown was underway and COVID restrictions were in place for all businesses. To require face-to-face contact when businesses should have been operating as “COVID secure” does not seem logical, especially with the numerous contactless options that are available.  

Thirdfort have noted that the legal sector is embracing technology at an increasing rate, and certain developments mean that this trend is likely to continue apace. The HM Land Registry recently announced that they are now accepting digital signatures, and the Ministry of Justice temporarily accepted video witnessing of wills during this year’s lockdown. At the same time, law firms have had to digitalise their approach to client due diligence due to social distancing and lockdown restrictions, so it seems that the process of buying or selling a property is set to become more tech-focused. 



So what if the industry took more of a risk-based approach?

Using a risk-based approach is an expected element in a risk management framework. Within the conveyancing process, a risk-based approach could include collecting different levels of information and documentation for identity verification, varying the beneficial ownership threshold for verification, and collecting different levels of evidence for source of funds/wealth all in line with the risk of the customer. To help define that risk-based approach, a risk assessment should be conducted to identify the areas with the biggest risk exposure and tailor the procedures to mitigate those risks. HMRC recently published guidance to help estate and letting agents identify and understand where those risks could lie. 

 

In our cases, there appeared to be a lack of a risk-based approach for Lauren with her source of deposit checks from the solicitors.  A small percentage was kindly gifted by her mum, who was then asked to prove her source of funds with numerous bank statement requests. Given Lauren’s mum has been a working professional for a number of years and has accumulated savings over those years, the level of detail required for her to prove this seems excessive. This point is emphasised more when you look at JP’s source of funds check.  His proceeds came from the sale of another house, but this was not investigated in detail to ensure the funds did not come from another source. At FINTRAIL we encourage all our clients to treat their anti-financial crime checks as something more than a “tick box exercise”, which does not seem to be the case in relation to JPs SoF checks.

What next? 

Here are some key takeaways for the property market to consider:

  • Conduct a risk assessment to ensure you identify and better understand the key financial crime risks you are facing. 

  • Look out for red flags of suspicious activity, which may include:

    • Anonymous or difficult to identity owner 

    • Unusual or inconsistent income 

    • Over or under estimated property prices

  • Take advantage of the technology out there to create a smoother customer journey while still mitigating risks.

  • Apply a risk-based approach to your financial crime framework to ensure you are focussing your attention on the highest risk areas, especially when it comes to verifying source of funds.

  • Apply more targeted client due diligence and enhanced due diligence to specific areas of risks identified, rather than applying the same standard measures across the board. This allows firms to mitigate the actual risk posed by the customer rather than just conducting a tick box exercise.

  • Look out for HM Land Registries guidance on digital identity checking in conveyancing.

  • In light of the Covid-19 pandemic, companies such as Thirdfort have shown the importance of individuals being able to complete their due diligence checks in the comfort of their own home. It is important to hit a comfortable ground between ensuring firms can verify clients and manage risk compliantly and taking some of the pain-points out of property transactions for the client.


If you’d like to learn more, please contact Lauren Vincent, Team Coordinator, or email us directly at: contact@fintrail.com.

FINTRAIL Monthly REG-CAP Nov 2020

FINTRAIL is producing a monthly regulatory summary of any FinCrime changes that may be occurring in Europe and beyond.

This one pager will cover:

  1. Key updates from global and local regulators

  2. Key updates from industry guidelines

  3. Additional insights identified from financial intelligence units

November 2020

In November’s issue, we cover post-Brexit sanctions.


Other highlights include two important reports published by Europol.

What other regulations changes caught your eye in November?

If you are interested in speaking to the FINTRAIL team about any of the items in the REG-CAP, have any ideas for inclusion or want to discuss any other financial crime topic please get in touch at: contact@fintrail.co.uk

FINTRAIL Book Club: Anti-racism

In October 2020, and to mark Black History Month, FINTRAIL ran a team book club dedicated to reading books authored by Black, Asian, Minority Ethnic and Inidigenous people and People of Colour (BAME and BIPOC). We did this to improve our understanding of racism and the issues faced by the BAME/BIPOC communities, as well as to facilitate an open discussion, ensuring that everyone in the team participated actively in a discussion about racism. We wanted to share how we set up the book club, our key takeaways and our next steps.

We devised a list of books by BAME and BIPOC authors, and asked each person in the team to pick one book to read. We asked a series of short, generic questions (what was the story, what did you learn, what challenged you about the book) and then all met (virtually of course in these COVID-19 times) and each ran through the book we’d read and answered the three general questions.  This meant everyone could share their individual take on the book they’d read and we got to learn about a wider range of books than if we’d simply picked one book for us all to read. The team at FINTRAIL offers a huge note of thanks to Meredith and Ishima for coordinating all of this.

We held a lively and engaging discussion, the main takeaway being that we all experienced an overwhelming feeling of shock and frankly horror at the injustices BAME and BIPOC individuals have faced on a continuous basis throughout history. We learned from Mikey’s reading of “In Black and White” [Alexandra Wilson] about the injustices faced by black criminal barristers in the UK, and how the mistreatment of black people in the legal profession - often mistaking them for defendants - negatively impacts how justice is served to our BAME populations in the UK. There is a horrible and unjust (pun fully intended) irony here. Meredith read “Indian Horse” [Richard Wagamese], centering on the author’s experiences as an Indigenous person in Canada of the residential care system. The practice of residential care for indigenous people was only disbanded in the 1960s in Canada, and it subjected indigenous children to religious cleansing, child labour and sexual abuse in many cases, turning on its head the notion that Canada has been sensitive in its handling of indigenous communities. 

We observed too that there were wild discrepancies between how much black history we had all covered at school; some colleagues had covered elements of black history in detail, whereas others hadn’t touched on anything specific.  For many of us, this discussion was one of the first opportunities we’d had (or taken) to discuss racism openly and learn about black history.  That all being said, and as Maya pointed out based on her reading of “Black and British” [David Olusoga], it became clear to us that we need to start teaching black history not as a history of black people in Britain, but as an integral part of the history of Britain. We lose important context if we do the former. As such, it seems critical that schools and educational institutions examine urgently how they are teaching history that fully encompasses the Black, Asian and Minority Ethnic/BIPOC experience. 

As regards other practical steps to be taken, we learned from James’s reading of “Why I’m No Longer Talking To White People About Race” [Reni Eddo-Lodge] that the need for black equality is not about inverting the power balance between black and white people, but rather rebalancing that power evenly. James noted - in a work-based example - that the notion therefore of hiring people solely on “merit” was no longer sustainable, and that to redress the imbalances caused by racism, more proactive hiring of BAME/BIPOC individuals is needed.  

Finally, we learned from a number of the books we read that white people have been conditioned not to talk about race, or deal with their privilege and that this has to change if we are to make inroads into the battle against racism. Therefore, a small, but important logistical observation stood out: running the book club the way we did - with each person reading and commenting on a different book -  facilitated a very open discussion.  In turn, this ensured that everyone participated and had to start that conversation about white privilege and Black, Asian and Minority Ethinc/BIPOC oppression with the group, and - most importantly - with themselves.

If you’d like to learn more, please contact Gemma Rogers, Co-Founder, or email us at: contact@fintrail.co.uk.

Case Study: Digitisation Support

Designing Financial Crime Compliance Programme for Africa-Focused Digital Product

A case study of how FINTRAIL helped an international banking group launch a new digital product, by designing an innovative, tech-focused financial crime compliance programme.

See how FINTRAIL designed bespoke policies and procedures, processes for customer onboarding and ongoing monitoring, to ensure full regulatory compliance, effective risk mitigation, and great customer experience.

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch with the team at: contact@fintrail.co.uk

When you should carry out ongoing Due Diligence and how to remediate gaps

The FINTRAIL and Jumio teams have been discussing why regulated businesses are expected to perform ongoing Due Diligence on clients, why it is important to remediate gaps identified, and the approach businesses should consider when performing this remediation.

In this report you will find examples of the different scenarios when you should consider refreshing your Due Diligence. It also highlights why it is important to remediate gaps and how you should seek to operationalise this process.

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch with the team at: contact@fintrail.co.uk

FinTech Approaches to Sanction Regimes

Announcing Expert Working Groups and Topic 1: Sanctions compliance

The FFE have kicked off a series of topical roundtable discussions among industry leaders, with the aim of connecting senior decision makers to discuss their own internal approaches to common challenges. These Expert Working Groups are under Chatham House Rule, with FINTRAIL acting as secretariat to facilitate discussion amongst experts. Thanks to RDC and RUSI, too, for providing expert insights alongside our FinTech experts.

Our first Expert Working Group focused on FinTech approaches to sanctions regimes, and gathered 18 sanctions experts from 8 different FinTech industries. After just two in-depth sessions, we were able to glean insight on best practices that we hope you find useful when benchmarking your own approach. 

As a sneak peek into some of those insights:

  • Around 30% of the FinTechs we spoke with have a sanctions-specific risk assessment to support their risk-based approach, with several more working to create one.

  • Unanimously, Expert Working Group participants are typically using conservative (or even very conservative) fuzzy matching thresholds ranging from 70%-85%, especially compared to industry averages closer to 85%-92%.  

  • C-Suite and board members are increasingly expected to have sight of the Sanctions program and/or Sanctions-specific policies, vs. just the broader Compliance or Anti-Money Laundering program.

Check out the full report for more, and reach out to us at ffe_admin@fintrail.co.uk to share any insights of your own. And be sure to stay tuned for further Expert Working Group insights!

ON DEMAND: ComplyAdvantage Webinar - The Rise of Money Muling

*** Now available on demand ***

ComplyAdvantage Webinar banner: The Rise of Money Muling, with Charles Delingpole Founder and CEO of ComplyAdvantage, Gemma Rogers, Co-FOunder at FINTRAIL, Tom Keatinge, Director, Centre for Financial Crime and Security Studies (CFCS) at The Royal U…

Due to rapidly changing global circumstances, high unemployment and uncertainty surrounded the future, money muling is tragically on the rise.

It is a crime that often disproportionately affects the most vulnerable and financially illiterate. Criminals involved in money muling often survive by tricking ‘clean’ individuals with no criminal history but who is ultimately responsible for educating and helping to prevent this insidious form of money laundering: individuals, banks, governments, regulators, social media platforms?

Join our expert panel including:

  • Charles Delingpole, Founder & CEO, ComplyAdvantage

  • Gemma Rogers, Co-Founder, FINTRAIL

  • Tom Keatinge, Director, Centre for Financial Crime & Security Studies, RUSI

  • Adam Hadley, Director, Tech Against Terrorism

In this thought-provoking webinar, the panel will be exploring:

  • The role that social media platforms play in recruitment, advertisement, and propagation

  • Why this issue deserves urgent and serious attention now

  • What the financial services sector and the regulator is and should be doing to stop money muling

ON DEMAND: FINTRAIL- Elliptic Cryptoasset Compliance Virtual Bootcamp

***NOW AVAILABLE ON DEMAND***

For financial crime compliance professionals, cryptoassets are one of the hottest topics around. With regulators and global watchdogs like the Financial Action Task Force zeroing in on cryptoassets, any compliance team that isn’t educated on cryptoassets has a major blind spot. 

Cryptoassets are no longer a fringe financial technology: cryptoassets have a total market value of more than $250 million; bitcoin is among the top ten currencies globally in terms of the overall value of banknotes and coins in circulation; and over $500 billion flows between the banking sector and cryptoasset businesses annually. Cryptoassets are now a feature of the financial landscape. This exciting technology presents both compliance challenges and business opportunities for teams not only at cryptoasset businesses, but also for banks and FinTechs who can no longer ignore this burgeoning asset class.  

That’s why we’re partnering with the team at Elliptic to launch our first ever cryptoasset compliance virtual bootcamp. Originally launched on 30 June 2020, this online bootcamp is one we’ve designed to assist banks, FinTechs, and cryptoasset firms alike in identifying strategies for managing financial crime risks in this new phase of cryptoassets. We’ve launched this initiative to help compliance teams in their journey, and to educate and ensure the wider regulated sector understands the cryptoasset industry, how it may affect their business, and how best to practically address the risks while harnessing new opportunities. The bootcamp focuses on how your business can apply an effective risk based approach towards cryptoassets. This ensures the highest risks to your business are the focus of your compliance efforts, with less impactful risks sitting lower down the priority list. 

Led by FINTRAIL’s Danielle Jukes and Elliptic’s David Carlisle, and featuring guest speakers from around the financial crime compliance space, this complementary virtual bootcamp will include three engaging sessions across June and July. Each session will focus on the key pillars that we see as vital to a strong cryptoasset financial crime risk management framework. Content for the sessions will include: 

SESSION 1: CRYPTOASSET RISKS . . . WHAT’S YOUR APPETITE? 

Effective risk management starts by defining your risk appetite. If you are a cryptoasset business, have you articulated to your staff which risks you’re willing to accept? For example, are there certain countries that present especially high cryptoasset risks and with which you won’t do business? And if you are a FinTech or bank, have you clearly defined what degree of interaction your business will or won’t have with cryptoassets, and do your staff understand how to ensure adherence to that risk appetite? Until you’ve defined your risk appetite, you can’t expect your compliance team to develop an effective response. In this session, we’ll provide you with a conceptual framework for defining your cryptoasset risk appetite and using that foundation for effective risk management.

  • Key takeaways: an understanding of how you can develop a risk appetite statement on crypto, and how it can affect your business, relevant examples of statements related to cryptoassets.

SESSION 2: ASSESSING AND GETTING TO GRIPS WITH THE FINCRIME RISKS:

Cryptoassets present specific financial crime risks and feature heavily in some typologies more than others. Understanding these risks and executing a crypto-specific risk assessment is critical to managing risk exposure, whether your platform offers cryptoasset services directly or not. If you are a cryptoasset business, do you understand which fincrime typologies present the highest risks to your platform? Do you offer privacy coins or other services that may present an elevated risk to your profile? If you are a FinTech or bank, while you may not offer cryptoasset services, do you understand crypto-specific typologies that may expose your business to indirect cryptoasset risks that are sometimes very difficult to detect? This session will equip you with the know-how you require to conduct an effective cryptoasset risk assessment for your business. 

  • Key takeaways: an understanding of different types financial crime risks, how they present themselves within cryptoassets, and how your business can assess these risks.

SESSION 3: SYSTEMS AND CONTROLS - MANAGING YOUR CRYPTOASSET RISKS IN PRACTICE 

Managing cryptoasset risks requires access to systems and controls that can detect and protect against bespoke risks. Your compliance team should be working to solve the following questions:.

  • For cryptoasset businesses, do you have access to these bespoke cryptoasset monitoring tools tools, and are they configured appropriately to your business needs? 

  • For banks and fintechs, are you able to detect and assess risks related to counterparties who may be dealing in cryptoassets? Solutions exist that can enable you to do so, but they require expertise your business may not possess. 

  • Filing SARs and undertaking reporting obligations related to cryptoassets can present specific challenges. Are you equipped to navigate these challenges? 

  • Key takeaways: an understanding of what systems and controls are out there, and how they can fit into your wider anti-financial crime framework.

This bootcamp will help your compliance team work through these and other questions, and in doing so, will empower you to execute on a vital component of your financial crime risk management framework. If these three pillars are executed effectively, then your compliance team can confidently tackle the risks associated with cryptoassets. 

You don’t want to miss out on this opportunity to learn from FINTRAIL and Elliptic’s experts in cryptoasset compliance.

How to use Compliance as an enabler in Digital Transformation

Digital transformation for onboarding is a hot topic at the moment, given that much of the world is currently living their life from their sofas and managing their day-to-day financial needs from home. Having worked on transformation projects before with traditional FI’s, alongside assisting various FinTechs in the creation of new digital offerings, we at FINTRAIL thought it would be a good opportunity to move the spotlight onto compliance, and fly the financial crime flag by discussing some of the common misconceptions.

 

Front end change is just the tip of the iceberg

The ‘tip of the iceberg’ cliche has never been more appropriate when it comes to describing common misconceptions towards digital transformation. The main message is that a good user experience isn’t solely dependent on a minimal field registration journey, and that there are other components that need to be considered which the customer can’t see. Getting these components implemented effectively are equally as important and the focal point is our good friend - ‘a risk-based approach’. Having a robust risk-based approach can be the key for a slick user experience and dictate your approach to CDD, custom screening and risk management, enabling you to target your controls on your highest risk areas.

Image of front end change is the tip of the iceberg. Registration depicted above water, while the rest of the compliance processes depicted underwater as the main body of the iceberg

Less is more

It would be logical to assume that the less information you collect from your customer the better, and that allowing a customer to sign up by just inserting an email and password will drive your Trustpilot reviews through the roof. Ignoring the fact that this probably doesn’t actually meet your ID&V requirements, we would like to suggest that less isn’t always more. By creating a shortened registration process you may well get more sign ups, but if you subsequently need to perform downstream due diligence to address gaps, you could be creating a poor user experience further down the line, perhaps even in a critical situation when dealing with a vulnerable customer whose account has been frozen and they need urgent access to funds.  We don’t necessarily mean your registration process should be 100 fields deep across 10 pages but there is certainly a happy medium. 


Business enabling Anti-Financial Crime (AFC)

A common misconception is that financial crime compliance can be the blocker when it comes to innovation in these projects. It probably comes as no surprise that we at FINTRAIL would offer a healthy challenge to those naysayers. 

So, you are 6 months into your digital transformation project, it’s all on JIRA (other platforms are available) or you have a lovely Gantt chart. You have lined up all your sprints and it suddenly occurs to you that you should speak to your compliance team. After 45 minutes debriefing your compliance team, they have a bunch of questions and recommendations before you can move the project forward, resulting in you putting a big red “Stuck” against it. While you may have translated this into a no, these recommendations do not necessarily mean no, and even if it is a no, is that really surprising considering you have only introduced them as stakeholders so late on? Obviously we are focusing on the negatives here to emphasise our point and the above is certainly not a reflection on most businesses’ these days.

Some of the most successful projects we have been part of are the ones where AFC stakeholders have been included as part of the journey rather than just at sign off. There is a new breed of financial crime professionals who want to be viewed as business enablers and able to offer a great user experience as much as the next product owner.

A RACI (responsible, accountable, consulted, informed) matrix is often used in project delivery to divvy up people’s roles. With that in mind your approach may have been previously to assign compliance a consulted duty, but we would encourage you to increase their involvement in order to reduce blockers downstream and increase compliant innovation.

RACI project management chart with Compliance/financial crime function moved from consulted to responsible/accountable

Being a Compliance Champion

Equally it is not just the business that needs to take ownership of transformation, it can also be the fincrime function itself. Embracing change has never been more important in a digital enabled world and as fincrime professionals we should be just as excited by these new developments. Whether it is the implementation of a new due diligence process or screening programme, don’t be afraid to rip up the policy and start again. There is no reason why the financial crime team cannot be the driver for change.

Build, Buy or Both?

Like the ‘tip of the iceberg’, ‘build or buy’ is also becoming a bit of a cliche. What we do know is that you will likely need to partner with some technology providers in order to achieve your future state goals. Equally, even if you partner with someone, there will be an element of building that goes hand in hand. There are a variety of great providers available with a range of capabilities but we would like to reposition the ‘build or buy’ question. No single provider will solve all of your needs, and equally, to build everything in house isn’t logical when there are specialist systems available. This potentially means that the ‘build or buy’ question is a goose chase and in fact an amalgamation of the two is the best approach to adopt. 

Takeaways

Here are our top takeaways to be a compliance champion when it comes to digital transformation:

  • User experience does not stop on the physical registration page; it continues throughout the customer lifecycle

  • Less is not always more when it comes to identification programmes

  • Treat your compliance/ fincrime team as business enablers, engaging them in discussions earlier

  • Answer your build, buy or both question

  • A risk-based approach marries itself perfectly with transformation projects

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch at: contact@fintrail.co.uk

Partners Against Crime: Building Strong Partnerships on the AML Frontlines

It is safe to say that the US FinTech market has hit its stride. Global FinTech funding soared past $34 billion last year, and the US makes up around half of the global FinTech market. More and more consumers are turning to FinTech products to transform the way they manage their finances, paychecks, loans and insurance. With COVID-19 keeping us all socially distanced for the time being, the move toward digital finance is only going to pick up more steam. 


But the FinTech sector isn’t built on standalone infrastructure. As Banks attempt to stay on the forefront of innovation and as FinTechs seek the regulatory and compliance infrastructure they require, FinTech/Bank partnerships have become the new normal. This has been particularly important for the growing internationalization of FinTechs - as successful European FinTechs seek to cross the pond, having a legacy partner helps them gain a foothold.


These partnerships can take a variety of different forms - though for the sake of this piece, we’re going to focus on community banks that handle the banking back end of FinTech products, such as holding FinTech customer deposits and ensuring they are FDIC-insured or offering for benefit of (FBO) accounts to FinTech MSBs. As part of these relationships, FinTechs end up not directly regulated, and it’s up to the partner to ensure the FinTech remains compliant with BSA regulations. This means that banks have to be careful to select the right possible FinTech partners, and the same goes for FinTechs! Wirecard’s recent collapse, which has sent FinTechs all over the world scrambling for new partners, particularly highlights the level of overall due diligence and care that is needed when forming and sustaining a banking partner relationship.


What Happens When It Doesn’t Work Out?

We’ve seen first hand how FinTechs and their partners are pushing forward to innovate not just on customer-driven financial services, but also on financial crime prevention. However, the risks of getting partnerships wrong still need to be taken seriously and inform a firm’s approach to stakeholder management. 


So what does it look like when things go wrong? 

For some FinTechs, it means not getting very far. US partner banks tend to have steep compliance requirements and expectations - that means being able to demonstrate your BSA/AML compliance capability up front through risk assessments, policies and procedures, training, and effective control integration. Partner banks like Cross River weed out the majority of prospective FinTech partners due to the amount of compliance required. For FinTechs, failing to get a partner bank relationship set up can mean the difference between a successful funding round and going back to the drawing board. For European FinTechs and other international players with their eyes set on the US market, failing to obtain a banking partner due to compliance reasons could potentially shut off millions of new customers and dramatically set back scaling plans. 


A few bad actors could also risk the current environment of strong partnerships. Across-the-board de-risking of correspondent banking illustrates what can happen when the difficulties managing AML/CTF controls within a partner relationship cannot be prudently resolved.


The picture isn’t great for partner institutions either. Building out relationships with the FinTech sector is becoming a profitable lifeline for institutions looking for ways to innovate and reach new client segments outside of their traditional stomping grounds; turning off the taps can obviously have an impact. And on the compliance side, as FinCEN expects financial institutions to ensure the compliance of their FinTech partners, failure to do so could risk steep fines and penalties. 


In fact, one of the most frustrating obstacles to successful partner bank/FinTech relationships can be the current regulatory landscape, according to Robin Garrison, VP of Compliance at MainStreet Bank, who presented on making the most of partner bank relationships at the FinTech FinCrime Exchange (FFE). Certain regulators can hold traditional and sometimes out-of-date perspectives on risk and financial crime - and the absence of a unified approach between different US regulators (the Office of the Comptroller of Currency (OCC), for instance, has been much more proactive in supporting FinTech innovation than some of their counterparts), can only add complication. To really get the regulator onboard, Robin added, it’s important for FinTechs and their partner banks to work together to ensure appropriate testing has been done to evidence to the regulator that any financial crime risks are being appropriately mitigated.


Even if a FinTech and partnering bank do succeed in getting a relationship off the ground, poor relationship management can hinder positive efforts to prevent financial crime. High volumes of manual work, a lack of knowledge on how the other party is operating, and long delays in communication can mean that even if a partnership looks successful on the outside, it may still be struggling with balancing financial crime compliance and customer experience. 

How Do You Make It Work?

Looking at the risks involved with setting up a successful partnership, it’s no wonder that it can be difficult for a startup to break into the FinTech space or for a legacy institution to take the leap into a new relationship in a digital world. But there are plenty of examples of where partnerships have taken off. What are they getting right? 


1. They set a strong foundation. 

This is something that features in all of the industry reading on how to make the most of a partner bank relationship. And that really is relevant here too! If you don’t have a strong, open, and transparent partnership in other parts of the business - such as making sure your financials are sorted and growth strategies are aligned - then it’s going to be difficult to build a relationship that allows you to successfully fight financial crime. In fact the best approach to building a positive relationship is to ensure that BSA/AML compliance isn’t segregated. From day one, compliance should be considered as an integral building block in wider relationship management efforts. This will ensure it doesn’t come back to bite once the relationship progresses on the commercial side.


Strong, positive foundations also go beyond shared values. Robin left FFE members with an important message about selecting the best banking partner. “Don’t go with the first partner bank willing to accept you. It can be very difficult to ensure that your data can be fed into and processed by your partner bank, so think about how well your technical systems will integrate when picking your banking partner.” Without aligned systems, anti-financial crime processes become a greater operational burden, and it becomes far more difficult for the partner bank to have the information they need in order to conduct robust assurance on the activity of their FinTech partners.


2. They establish clear roles and responsibilities.

Establishing clear roles and responsibilities is important for any business relationship, but it’s especially important from a financial crime perspective. When laying out the contractual arrangement, FinTechs and partner banks should try to agree up front and in writing who will be responsible for which part of the BSA/AML control framework and who the key points of contact are. 


For example, does the partner bank need to review all KYC files on a FinTech’s new customers before they onboard, or will the partner bank perform assurance on the KYC process through periodic (e.g. quarterly) spot checks? If the FinTech is managing KYC, who should they talk to about trialling a new ID verification provider? Who will be responsible for OFAC screening at onboarding, throughout the business relationship, and for customer screening? To what extent should the FinTech establish their own transaction monitoring tool? Or will they be able to rely on the TM system offered by the partner bank?


There may be circumstances where the partner bank and FinTech relationship is so intertwined that setting rigidly defined roles and responsibilities just isn’t feasible. Anthony Jerkovic, Head of Data & Risk at Bank Novo, explained that, in Bank Novo’s partner banking relationship, roles and responsibilities often require a certain level of flexibility in order to effectively address the dynamic problems faced day-to-day. “If everyone touches a case, it is hard to precisely draw the lines of responsibility. Instead, we focus on close communication and working together and try to see them as an extension of our own team.”


If partnering firms aren’t able to develop a close working relationship or meaningfully outline roles and responsibilities, problems will inevitably arise. At best, it may take longer for both parties to process financial crime-related tasks, such as the investigation of unusual or suspicious activity, but at worst, serious financial crime cases could go undetected, as no one was formally designated as being responsible for identifying red flags.



3. They have a clear escalation process.

As part of laying out a clear delineation of roles and responsibilities, partner banks and FinTechs should also work together to establish clear escalation paths. The goal is to determine when the hand off happens and how. A lot of this will come down to the partner bank’s risk appetite, as they are the ones ultimately liable for any financial crime activity that occurs. But depending on the relationship, there may be certain activities that the FinTech can respond to without immediately escalating to their partner bank.


For example, one partner bank may be comfortable with a FinTech making a decision on whether to accept a customer with an adverse media finding against them, while another partner bank may require all adverse media hits to be escalated to their compliance team for review. 


Let’s look at another example, which illustrates how escalation and communication paths work both ways. For instance, if a FinTech is doing their own customer screening, they may be expected to escalate all confirmed PEPs to the partner bank for approval prior to the start of any business relationship but only do so after clearing the alert and requesting necessary due diligence documents on source of wealth and source of funds. By contrast, if the partner bank does the customer screening, they may have to reach out to the FinTech to communicate with the customer to obtain EDD documentation.


Without getting the escalation process right, FinTechs and partner banks will run into the same problems as with roles and responsibilities - difficulty maintaining BSA/AML compliance and operating effectively. 

4. They regularly communicate on all things fincrime. 

The whole goal of outlining roles and responsibilities as well as escalation paths is to ensure that communication on financial crime issues remains robust throughout the partnership. This is especially important when both parties are closely involved in day to day financial crime operations. Without close communication, unusual customer activity can’t be investigated quickly, leaving funds suspended in a way that can damage a customer’s experience if they’re innocent. Given how quickly funds can move in and out of a FinTech account, without close cooperation, a partnership may fail to stop significant volumes being laundered through an account. 


Samuel Peters, BSA Manager at Middlesex Federal, Bank Novo’s partner bank, highlighted that “especially when dealing with those in traditional banking, communication is key.” Depending on the nature of the relationship, frequent and regular touchpoints may be needed, even multiple times per week. Though, Samuel also flagged that it was important to ensure that both FinTechs and their partner banks understood that there would always be some level of risk involved in the arrangement. “Traditional banks and FinTechs are going to have different risk appetites; regular and open communication is the best way to help close the gap.”


Of course, there are also regulatory expectations with regards to reporting. Partner banks are currently expected to file a suspicious activity report (“SAR”) within 30 days of the initial detection of the suspicious activity, provided there’s a suspect. This means that the FinTech has to move quickly to escalate any unusual activity and work closely to support any investigation from the partner bank in order to meet the deadline. 


Even in cases where FinTechs are given a good degree of autonomy, they should still work closely with their partner bank to ensure that both remain on the same page in terms of risk appetite. This means keeping the partner bank up to date on any new product developments, target customer segments, and geographic expansion plans, as all of these would impact the FinTech’s financial crime risk profile. 


What Next?

FinTech relationships with partner banks aren’t going away and do come with their share of risks. But through successful stakeholder management efforts taken with a fincrime focus, both parties can work together to stop criminals exploiting the US financial ecosystem.

We have experience working on both sides of the table to help FinTechs and their partner banks manage financial crime risks. If you’d like to discuss this more, please contact our US team or email us at: contact@fintrail.co.uk

FINTRAIL- Elliptic Cryptoasset Compliance Virtual Bootcamp

For financial crime compliance professionals, cryptoassets are one of the hottest topics around. With regulators and global watchdogs like the Financial Action Task Force zeroing in on cryptoassets, any compliance team that isn’t educated on cryptoassets has a major blind spot. 

Cryptoassets are no longer a fringe financial technology: cryptoassets have a total market value of more than $250 million; bitcoin is among the top ten currencies globally in terms of the overall value of banknotes and coins in circulation; and over $500 billion flows between the banking sector and cryptoasset businesses annually. Cryptoassets are now a feature of the financial landscape. This exciting technology presents both compliance challenges and business opportunities for teams not only at cryptoasset businesses, but also for banks and FinTechs who can no longer ignore this burgeoning asset class.  

That’s why we’re partnering with the team at Elliptic to launch our first ever cryptoasset compliance virtual bootcamp. Launching on June 30, this online bootcamp is one we’ve designed to assist banks, FinTechs, and cryptoasset firms alike in identifying strategies for managing financial crime risks in this new phase of cryptoassets. We’ve launched this initiative to help compliance teams in their journey, and to educate and ensure the wider regulated sector understands the cryptoasset industry, how it may affect their business, and how best to practically address the risks while harnessing new opportunities. The bootcamp focuses on how your business can apply an effective risk based approach towards cryptoassets. This ensures the highest risks to your business are the focus of your compliance efforts, with less impactful risks sitting lower down the priority list. 

Led by FINTRAIL’s Danielle Jukes and Elliptic’s David Carlisle, and featuring guest speakers from around the financial crime compliance space, this complementary virtual bootcamp will include three engaging sessions across June and July. Each session will focus on the key pillars that we see as vital to a strong cryptoasset financial crime risk management framework. Content for the sessions will include: 

Session 1: Cryptoasset risks . . . What’s your appetite? 

Effective risk management starts by defining your risk appetite. If you are a cryptoasset business, have you articulated to your staff which risks you’re willing to accept? For example, are there certain countries that present especially high cryptoasset risks and with which you won’t do business? And if you are a FinTech or bank, have you clearly defined what degree of interaction your business will or won’t have with cryptoassets, and do your staff understand how to ensure adherence to that risk appetite? Until you’ve defined your risk appetite, you can’t expect your compliance team to develop an effective response. In this session, we’ll provide you with a conceptual framework for defining your cryptoasset risk appetite and using that foundation for effective risk management.

  • Key takeaways: an understanding of how you can develop a risk appetite statement on crypto, and how it can affect your business, relevant examples of statements related to cryptoassets.

Session 2: Assessing and Getting to Grips with the FinCrime Risks:

Cryptoassets present specific financial crime risks and feature heavily in some typologies more than others. Understanding these risks and executing a crypto-specific risk assessment is critical to managing risk exposure, whether your platform offers cryptoasset services directly or not. If you are a cryptoasset business, do you understand which fincrime typologies present the highest risks to your platform? Do you offer privacy coins or other services that may present an elevated risk to your profile? If you are a FinTech or bank, while you may not offer cryptoasset services, do you understand crypto-specific typologies that may expose your business to indirect cryptoasset risks that are sometimes very difficult to detect? This session will equip you with the know-how you require to conduct an effective cryptoasset risk assessment for your business. 

  • Key takeaways: an understanding of different types financial crime risks, how they present themselves within cryptoassets, and how your business can assess these risks.

Session 3: Systems and Controls - Managing Your Cryptoasset Risks in Practice 

Managing cryptoasset risks requires access to systems and controls that can detect and protect against bespoke risks. Your compliance team should be working to solve the following questions:.

  • For cryptoasset businesses, do you have access to these bespoke cryptoasset monitoring tools tools, and are they configured appropriately to your business needs? 

  • For banks and fintechs, are you able to detect and assess risks related to counterparties who may be dealing in cryptoassets? Solutions exist that can enable you to do so, but they require expertise your business may not possess. 

  • Filing SARs and undertaking reporting obligations related to cryptoassets can present specific challenges. Are you equipped to navigate these challenges? 

  • Key takeaways: an understanding of what systems and controls are out there, and how they can fit into your wider anti-financial crime framework.

This bootcamp will help your compliance team work through these and other questions, and in doing so, will empower you to execute on a vital component of your financial crime risk management framework. If these three pillars are executed effectively, then your compliance team can confidently tackle the risks associated with cryptoassets. 

You don’t want to miss out on this opportunity to learn from FINTRAIL and Elliptic’s experts in cryptoasset compliance. You will also be awarded a certificate of attendance after attending all three sessions. 

Active Anti-Racism in Anti-Financial Crime: Our Next Steps for Combatting Discrimination

At FINTRAIL, our US and global teams have been closely watching the swell of protests unfolding in response to the shocking deaths of George Floyd and Breonna Taylor - the latest victims of ongoing and unjustifiable police brutality against black people. However, racism isn’t just the existence of bad actors engaging in criminal acts of violence; police brutality emerges from systematic and deep-rooted racism that has infected justice systems in the US and around the world for centuries. And unfortunately, the anti-financial crime sector, integral for feeding information on suspected money launderers and terrorist financiers to police, has been complicit in this institutional racism. At FINTRAIL, we are constantly working to do more to promote diversity within our ranks and to support and learn from black voices. But we can do more as a firm to not just avoid racism but actively reject it, particularly through our work supporting anti-financial crime teams. Together, as consultants and as community leaders in the FinTech FinCrime Exchange (FFE), we can help make meaningful change to improve the treatment of black customers and to hold ourselves accountable when we get it wrong. 

  1. We promise to help champion and support non-white perspectives within our own team and the teams we work with. Implicit biases exist not only in day-to-day anti-financial crime activity, but also in senior level decision-making. People can unfortunately be prone to ignoring or undermining opinions given by black people in the room - and this is even more so the case for black women. In the worst cases - the room may be entirely white, eliminating the chance for non-white voices and perspectives to influence decisions on financial crime. How else can we be held accountable and understand the impact of our processes and decisions across all areas of financial crime risk management without ensuring black people are involved in the work and have the space to make constructive challenges? Thus, as FINTRAIL, we will make sure that we use our privilege to ensure there is always diversity in the room and that we listen to any and all challenges to our approach, especially from black people.

  2. We promise to work with clients to take extreme caution in the consideration of demographic factors when evaluating customer risk.  Firms building out their customer risk assessment (CRA) models may choose to include demographic factors, including nationality. While under very specific circumstances, demographics may be strongly correlated with risk (e.g. cheaply purchased nationalities), we will not advise or support the inclusion of demographic risk factors into a CRA methodology in a way that could unfairly lead to the application of enhanced due diligence (EDD) measures to a customer solely based on their racial, ethnic or socioeconomic background. In practice, this means strongly questioning whether such a factor is necessary in a CRA model in the first place and, if included, ensuring that only specific risks to the business are targeted and that there is no undue bias in the weighting of such a risk factor.

  3. We promise to be aware of racial biases that may exist within ourselves and our clients when it comes to clearing and investigating screening or monitoring alerts. Even when demographic factors have not been included in the calculation of a customer’s risk, racial biases can still cloud our judgment when evaluating one customer’s financial activity versus another’s. It is well documented that people are prone to more negative perceptions of those with darker skin, often without even realizing they are doing it. This can have dangerous effects for a customer, leading to their account being frozen or offboarded and their activity being reported to police. To help mitigate implicit and explicit bias in alert clearing, we will seek to support internal and external anti-racism bias training in the context of alert clearance and will push for the provision of clear decision trees to help analysts more objectively work through potential suspicious activity.

  4. We promise to do more to recognise and help mitigate the racial biases that can exist within European and American identity verification RegTech platforms. Within the US and Europe, we are really lucky to have a variety of robust identity verification tools to suggest to our clients that help automate the onboarding process. Innovative solutions allow for FinTechs to match customer selfies, live selfies or videos to a verified ID document - allowing them to onboard the customer within only a couple minutes. However, some solutions can struggle with non-white faces as their facial recognition technology hasn’t been adequately trained in correctly matching non-white faces to IDs. This can lead to serious negative consequences - non-white victims of identity fraud may have their documents stolen and used to open financial accounts without being spotted, or alternatively, genuine customers may be routed through a laborious manual review process simply because they aren’t white. We will work closely with FinTechs and RegTechs in the community to identify practical solutions to ensure that identity verification tools can more effectively verify non-white customers.

  5. We promise to take more initiative to build out innovative onboarding solutions for non-standard non-face-to-face situations. Under some circumstances, customers may not have the typical documentation needed to onboard - they may not have a passport or driving licence, or they may have recently moved country and have no address history. The good news is that more and more regulators expect financial institutions to have onboarding processes in place for customers who may be unable to provide traditional documentation - though some regulators go farther than others in their guidance. The bad news is that, in the absence of meaningful guidance, firms may end up with extremely manual onboarding processes, which require robust sensitivity training for front-line staff and which can delay financial access for those most in need of it. Some firms may even inadvertently avoid establishing a written approach to non-standard identity verification cases. We will do more to work with clients to help them establish more innovative approaches to non-standard onboarding and ensure that the approach is well-documented and that necessary training has been given to the front-line.

By working with the community on these practical steps, we hope to help inspire greater change within anti-financial crime best practice. No one should have a worse banking experience or be treated as a criminal solely based on the color of their skin, and we are committed to actively fighting for an actively anti-racist approach to financial crime.

Remote Delivery: NuBank Financial Crime Compliance Project

In the current climate the notion of ‘working from home’ has become the new norm. This means that some businesses have had to rapidly adapt how they work, how they deliver their products and services to their clients, and how they remain top of their game. Whilst FINTRAIL do have physical offices in London, Singapore, the US, we operate flexible working for our employees, and have also conducted fully remote projects in the past. We feel that these projects and our working set up has allowed us to quickly adapt to this new normal and we thought we would share some of our insights with the wider community. 

One of our most recent fully remote projects involved working with NuBank on a Financial Crime Compliance project. NuBank is a Latin American neobank and they have one of the largest customer bases in the region and sector, and in January 2020 confirmed they hit the 20 million customer target. NuBank was a completely new client for FINTRAIL, and also one of our largest projects where there would be no face-to-face, or in person element at all.

The project spanned three jurisdictions; Brazil, Mexico, and the UK. This involved assessing, and analysing regulation from Brazil and Mexico, as well as scheduling calls to accommodate for two quite different time zones! After the project had been completed, we had a feedback session with NuBank to discuss what worked, and maybe what didn’t, when conducting a remote project. NuBank was very pleased with our work. They commented that we were aligned with them as a business, and the project results were above and beyond what was expected. We are confident that our work can be delivered in a fully remote nature, and this project only helped to solidify that confidence.

Infographic highlighting the key takeaways from the NuBank remote project and what the client liked.

Key learnings:

  • Get the basics right. This may sound simple, but the client should be clear on the project timelines and deliverables. Having this understanding at the start and throughout helps to ease both sides of any unnecessary stress, and improves time management and control of the project. When a project involves no face-to-face aspect, all communication becomes much more scheduled, and therefore understanding the scope and nature of the project is key. This extends to us as FINTRAIL too, we always ensure that we understand a company and its products to the best of our ability when conducting a project.

  • Communicate, communicate, communicate (with the relevant people). Ensuring that the correct people are involved in the conversation is very important, especially during a remote project. With often already packed diaries, no one wants to sit on a video call that they cannot contribute to, or that they are not needed for.  By inviting the correct and relevant stakeholders only to meetings where they are needed prevents video call fatigue within the project, helping for each conversation to be meaningful and for people to remain engaged. 

  • Leverage technology.  Tools such as Slack can really help with interim communication between larger video meetings. Slack allowed for timely access to key pieces of information, and to lay the groundwork for more in depth meetings. It was also crucial to have this kind of communication due to multiple time zones. Emails felt a bit stiff and formal, and could get lost in a pile, whereas the Slack messages could be picked up whenever suited, and answered quickly and easily.

Get in Touch

If you are interested in speaking to the FINTRAIL team about the topics discussed here or how we are working remotely with clients globally today on all aspects of their financial crime programme, please feel free to get in touch with one of our team or at contact@fintrail.co.uk.

FINTRAIL’s Digital Anti-Financial Crime (AFC) Support

As a tech first company we have always used technology to serve our clients in the best possible way. As the global financial service industry embraces new digital and virtual working practices, FINTRAIL is uniquely positioned to support global customers. We want to ensure that we continue to enable organisations to thrive while managing their financial crime risk and meeting their regulatory requirements. 

As such we have taken three of our offerings and fully digitised them to ensure that we are still delivering the same tailored approach and bespoke output without compromising on quality. Our products are designed to be outcomes-focused and immediately impactful. 


On any audit or health check booked between now and the end of July 2020, that is completed by the end of the year, we are offering a 5% discount. Additionally to play our part in the fight against Covid-19, we will donate a further 5% to the World Health Organisation (WHO) Covid-19 Response Fund.

Get in touch today to discuss this and how we are working remotely with clients globally today on all aspects of their financial crime programme, or find out more here:

Digital AFC Support