FinTech

A look forward: what does 2021 have in store for the anti-financial crime community?

2020 was a rollercoaster for us all, not least professionals in the anti-financial crime (AFC) space who had to deal with regulatory change continuing, and criminals upping their game and exploiting the pandemic in tragically ingenious ways.  You can read more about the impact of the global pandemic, and other key regulatory and typological developments in our lookback papers from our Europe, Middle East and Africa, and Asia Pacific teams.  But, let’s now take a moment to look ahead to 2021 and what we might expect to see as AFC practitioners over the year and what we plan to do as FINTRAIL. Normally, we shy away from predictions, but nothing could have been stranger than the reality that was 2020, so we thought we would give it a go!

Effectiveness and Outcomes-focussed Compliance

We’ve already started to see a shift in this direction in the AFC community, in both larger, traditional banks, as well as in the FinTech community as the pressure from regulators for firms to achieve good outcomes in financial crime prevention increases.  Even as far back as 2019, the then-interim Chief Executive of the UK’s Financial Conduct Authority noted: “One thing is already clear – we are moving from a narrower compliance with the rules, to a focus on delivering the outcomes we want for the users of financial services.” While not specific to anti-financial crime, it is clear that all financial services firms want good outcomes for their customers, particularly when it comes to preventing crime against them or involving them. 

What is likely to come this year, in our opinion, is a greater focus from regulators on how those outcomes are measured and therefore how confident a firm can be that its controls and AFC risk mitigants are indeed effective at tackling financial crime. Presently, measuring effectiveness can be challenging and is often unsystematic, relying on annual Money Laundering Reporting Officer (MLRO) reports that pull together proxy measures of effectiveness from a wide range of sources, which is manual, time consuming and potentially error prone if the data is not tracked on a more regular basis, and unusual findings pulled out and scrutinised. Using technology to address this problem in the future is at the heart of the solution. In our view, not only will an outcomes focussed approach increase the relevance of reporting that AFC provides to its senior leadership teams - as it will be able to demonstrate clear Key Performance Indicators (KPIs) and markers of improvement over time - it will also drive positive developments in AFC controls by helping to understand better whether those controls are working to actively reduce crime and illicit funds flowing through the financial services ecosystem. 

So what are we doing about this at FINTRAIL to ensure our clients adjust to the shift in focus? Our immediate response is to embed ‘effectiveness’ into all of our service offerings in 2021 from advisory to assurance; our consultancy teams are putting it at the heart of everything they do for our clients.

Secondly, FINTRAIL is now an investor in Cable.tech that is headed by the fantastic Natasha Vernier and Katie Savitz who both bring great pedigrees from the likes of Monzo and Square. Cable is focused on finding a technical solution to the challenge of AFC effectiveness. We are super excited by what the team there is building and are sure as 2021 progresses they will be taking the industry by storm. 

Increasing specialisation in AFC Compliance

A few years ago and anecdotally at FINTRAIL, we noticed a shift from quite siloed AFC teams with specific areas of focus across the different crime types (e.g. Head of Fraud), to a more homogenous AFC team structure with experts in a number of areas working together and collaborating. A particularly notable change in some organisations was the inclusion of Fraud teams into wider AFC compliance teams, where Fraud had sometimes more traditionally been placed alongside operations or in security and cyber security teams.  This flatter approach was especially popular in newly established AFC teams in startups and FinTechs. 

Our prediction for 2021 is that we are going to see an increasing specialisation of AFC compliance professionals in the product areas that they oversee and risk manage. For example, Fintech AFC compliance officers might well be broken down further into payments AFC specialists, Foreign Exchange (FX) AFC specialists and Banking as a Service (BaaS) AFC specialists. These specialist product skills will help AFC officers really pinpoint the risks their firm’s products are facing and thereby design more nuanced controls to manage those risks.

As such, it seems increasingly likely that these skills will be required by FinTech firms when recruiting and that candidates coming from more generalist backgrounds will need to demonstrate additional competencies in order to compete with the more specialist compliance officers out there. 

We have responded to this development and the growing, critical need for certified qualification in the FinTech industry by partnering with ACAMS to offer the Certified AML FinTech Compliance Associate (CAFCA) qualification and examination. This sets a new standard for the global FinTech industry and brings credibility and parity to an industry that has historically faced questions about competence. As our colleague Kate Hotten put it “It's for FinTechs, but it's so much more: it explores how scale, inclusion, new financial models and technical skills impact how we work in AML. We really worked hard to make sure this wasn't the same old AML blah-blah.”

Wellbeing is critical

2020 gave us all time to reflect on what wellbeing really meant to us as individuals, and firms are starting to do more to ensure that their staff are engaged, resilient and are looking after their physical and mental health. Not only is doing so beneficial for the employees involved, but it also has proven and wide ranging benefits on productivity, employee retention and engagement, inter alia. Staff in AFC teams are no exception to this, and in these roles especially dealing with the negative sides of society that we see when we investigate some pretty horrendous crimes, wellbeing should be prioritised.  Further, the sometimes relentless pressure - whether it’s from criminals breaching your perimeter controls to the more generalised stress of working in a regulated industry - can take its toll, and mental health and wellbeing should be taken seriously. Plus, with crime continuing to increase during the pandemic, this focus has never been more needed. And, just because we are working remotely doesn’t mean that wellbeing can be discounted, in fact it’s just the opposite.

At FINTRAIL, we are proud to offer the services of app-based therapy provider, Spill to our colleagues, and are also looking forward to exploring some more bespoke options with Your Virtual Wellbeing Hub, a research-backed one-stop-shop for employers looking to introduce, add to, or kick-start their employee wellbeing offering. We hope that these efforts will make sure that our team’s wellbeing is central to our company ethos.

For the wider FinTech FinCrime Exchange (FFE) community, we are excited to be offering a series of free, donation-based yoga classes from March onwards to help our members disconnect from their day jobs and find that all important “me” time, making them even better crime fighters.


So, whether you are looking to hone your compliance skills, take some time out for yourself from a busy day or are looking at how to revitalize your compliance programme over the next year, we hope you’ve enjoyed reading this piece, and if you would like to contact us about any of the topics raised in this article, or about any other anti-financial crime compliance needs, please reach out at contact@fintrail.co.uk

Partners Against Crime: FinTech-Banking Partnerships in the GCC

With particular thanks to Banque Saudi Fransi, First Abu Dhabi Bank, Jingle Pay, Rise, Xpence, and Ziina.

Although the FinTech sector in the GCC has developed significantly in recent years, it is still relatively underdeveloped in global terms and has huge potential for future growth.  One major obstacle often cited by FinTech start-ups is the difficulty of establishing partnerships with incumbent banks.  These are essential since FinTechs generally operate under a bank’s licence rather than obtain their own, and rely on the banks’ payment rails.


However, banks in the GCC are often reluctant to onboard FinTech partners, for both commercial and compliance reasons.  Many are creating their own digital product offerings and see FinTechs as competition.  However, another major issue is the banks’ worry around the financial crime risks posed by customer-facing FinTechs.  In a region already recognised by external parties as high-risk, and facing numerous financial crime threats from money laundering and terrorist financing to sanctions evasion, many banks are reluctant to take on new high-risk business and consider FinTechs to be outside their risk appetite.  


While financial crime considerations are clearly relevant in every region, an additional complication in the GCC is the fact regional banks are concerned about their correspondent banking partnerships, which enable them to transact in foreign currencies.  Widespread derisking has caused many global banks to cut ties with their Middle Eastern counterparts, meaning regional banks can’t endanger their remaining partnerships by taking on new business their partners will deem high-risk.  Effectively, regional banks can’t define their own risk appetite and have to follow that of their international partners.


As well as correspondent banking partners, regional banks must also satisfy increasingly strict local regulators.  The introduction of more rigorous regulations and enforcement by GCC regulators to meet international expectations has resulted in significant de-risking within the GCC itself, with banks terminating relationships rather than accepting and managing the associated risks.  In this environment, signing up new, high-risk FinTech businesses is a tough sell.


However, there are clearly major benefits for both banks and FinTech start-ups to successfully form partnerships with the right counterparts.  The key is for the banks to be comfortable with the FinTechs’ compliance frameworks and controls, and to be able to convince their correspondent partners and local regulators that they have suitable systems in place for assessing and managing the risks associated with these partnerships.  


So in practical terms, what do regional banks and FinTechs need to do?  FINTRAIL has looked in a previous blog at FinTech-bank partnerships in the US, and some key ways the two parties can ensure a successful partnership by aligning risk appetites, expectations, and operating practices.  Many of the key takeaways, such as the need for clear roles and responsibilities, a documented escalation process, and regular communication, are clearly of global relevance and just as important for GCC firms as those elsewhere in the world.  


In addition, to address the specific challenges in the GCC, regional banks should ensure they can demonstrate the following:

  1. A clearly defined risk appetite for FinTech partnerships and the type of business and levels of associated risks the bank is happy to accept

  2. Tailored onboarding and customer risk assessment processes for FinTechs, to ensure the bank fully understands the risks of each relationship and manages them accordingly, with the appropriate level of due diligence

  3. Special due diligence controls designed for FinTechs, such as nuanced AML questionnaires, onsite visits, and bespoke transaction monitoring, to give the bank insight into its partner’s compliance controls and activity


Regional banks should also seek to educate their correspondent partners on the local regulatory environment, such as FinTech licensing requirements and local KYC regulations, to help them better understand the true nature of the underlying customers.  This could help dispel misconceptions about the level of risk posed.


Ultimately, there is no doubting the potential of the FinTech sector in the GCC, and the opportunity for all parties to benefit.  Regional banks recognise that FinTechs are shaking up the industry and forcing innovation in terms of product offerings and customer service.  Digitising their own offerings will only go so far towards meeting this challenge, and partnering with the right start-ups will offer them the chance to benefit themselves from this innovation.  Especially given the current economic situation in the region, the prospect of new revenue streams is not easy to dismiss.  Banks who can think creatively about how to manage the compliance risks associated with FinTech partnerships and can demonstrate a rigorous programme to their own internal stakeholders and to external partners stand to make tremendous gains.


FINTRAIL has experience working on both sides of the table helping FinTechs and their partner banks manage financial crime risks. We can assist by helping banks determine their risk appetite and design robust onboarding and ongoing monitoring programmes for FinTech partners, and by performing assessments of FinTechs’ financial crime exposure and compliance programmes and controls.

If you’d like to learn more, please contact Maya Braine, MD for Middle East and Africa, or email us at: contact@fintrail.co.uk.

Case Study: Digitisation Support

Designing Financial Crime Compliance Programme for Africa-Focused Digital Product

A case study of how FINTRAIL helped an international banking group launch a new digital product, by designing an innovative, tech-focused financial crime compliance programme.

See how FINTRAIL designed bespoke policies and procedures, processes for customer onboarding and ongoing monitoring, to ensure full regulatory compliance, effective risk mitigation, and great customer experience.

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch with the team at: contact@fintrail.co.uk

ON DEMAND: ComplyAdvantage Webinar - The Rise of Money Muling

*** Now available on demand ***

ComplyAdvantage Webinar banner: The Rise of Money Muling, with Charles Delingpole Founder and CEO of ComplyAdvantage, Gemma Rogers, Co-FOunder at FINTRAIL, Tom Keatinge, Director, Centre for Financial Crime and Security Studies (CFCS) at The Royal U…

Due to rapidly changing global circumstances, high unemployment and uncertainty surrounded the future, money muling is tragically on the rise.

It is a crime that often disproportionately affects the most vulnerable and financially illiterate. Criminals involved in money muling often survive by tricking ‘clean’ individuals with no criminal history but who is ultimately responsible for educating and helping to prevent this insidious form of money laundering: individuals, banks, governments, regulators, social media platforms?

Join our expert panel including:

  • Charles Delingpole, Founder & CEO, ComplyAdvantage

  • Gemma Rogers, Co-Founder, FINTRAIL

  • Tom Keatinge, Director, Centre for Financial Crime & Security Studies, RUSI

  • Adam Hadley, Director, Tech Against Terrorism

In this thought-provoking webinar, the panel will be exploring:

  • The role that social media platforms play in recruitment, advertisement, and propagation

  • Why this issue deserves urgent and serious attention now

  • What the financial services sector and the regulator is and should be doing to stop money muling

ON DEMAND: FINTRAIL- Elliptic Cryptoasset Compliance Virtual Bootcamp

***NOW AVAILABLE ON DEMAND***

For financial crime compliance professionals, cryptoassets are one of the hottest topics around. With regulators and global watchdogs like the Financial Action Task Force zeroing in on cryptoassets, any compliance team that isn’t educated on cryptoassets has a major blind spot. 

Cryptoassets are no longer a fringe financial technology: cryptoassets have a total market value of more than $250 million; bitcoin is among the top ten currencies globally in terms of the overall value of banknotes and coins in circulation; and over $500 billion flows between the banking sector and cryptoasset businesses annually. Cryptoassets are now a feature of the financial landscape. This exciting technology presents both compliance challenges and business opportunities for teams not only at cryptoasset businesses, but also for banks and FinTechs who can no longer ignore this burgeoning asset class.  

That’s why we’re partnering with the team at Elliptic to launch our first ever cryptoasset compliance virtual bootcamp. Originally launched on 30 June 2020, this online bootcamp is one we’ve designed to assist banks, FinTechs, and cryptoasset firms alike in identifying strategies for managing financial crime risks in this new phase of cryptoassets. We’ve launched this initiative to help compliance teams in their journey, and to educate and ensure the wider regulated sector understands the cryptoasset industry, how it may affect their business, and how best to practically address the risks while harnessing new opportunities. The bootcamp focuses on how your business can apply an effective risk based approach towards cryptoassets. This ensures the highest risks to your business are the focus of your compliance efforts, with less impactful risks sitting lower down the priority list. 

Led by FINTRAIL’s Danielle Jukes and Elliptic’s David Carlisle, and featuring guest speakers from around the financial crime compliance space, this complementary virtual bootcamp will include three engaging sessions across June and July. Each session will focus on the key pillars that we see as vital to a strong cryptoasset financial crime risk management framework. Content for the sessions will include: 

SESSION 1: CRYPTOASSET RISKS . . . WHAT’S YOUR APPETITE? 

Effective risk management starts by defining your risk appetite. If you are a cryptoasset business, have you articulated to your staff which risks you’re willing to accept? For example, are there certain countries that present especially high cryptoasset risks and with which you won’t do business? And if you are a FinTech or bank, have you clearly defined what degree of interaction your business will or won’t have with cryptoassets, and do your staff understand how to ensure adherence to that risk appetite? Until you’ve defined your risk appetite, you can’t expect your compliance team to develop an effective response. In this session, we’ll provide you with a conceptual framework for defining your cryptoasset risk appetite and using that foundation for effective risk management.

  • Key takeaways: an understanding of how you can develop a risk appetite statement on crypto, and how it can affect your business, relevant examples of statements related to cryptoassets.

SESSION 2: ASSESSING AND GETTING TO GRIPS WITH THE FINCRIME RISKS:

Cryptoassets present specific financial crime risks and feature heavily in some typologies more than others. Understanding these risks and executing a crypto-specific risk assessment is critical to managing risk exposure, whether your platform offers cryptoasset services directly or not. If you are a cryptoasset business, do you understand which fincrime typologies present the highest risks to your platform? Do you offer privacy coins or other services that may present an elevated risk to your profile? If you are a FinTech or bank, while you may not offer cryptoasset services, do you understand crypto-specific typologies that may expose your business to indirect cryptoasset risks that are sometimes very difficult to detect? This session will equip you with the know-how you require to conduct an effective cryptoasset risk assessment for your business. 

  • Key takeaways: an understanding of different types financial crime risks, how they present themselves within cryptoassets, and how your business can assess these risks.

SESSION 3: SYSTEMS AND CONTROLS - MANAGING YOUR CRYPTOASSET RISKS IN PRACTICE 

Managing cryptoasset risks requires access to systems and controls that can detect and protect against bespoke risks. Your compliance team should be working to solve the following questions:.

  • For cryptoasset businesses, do you have access to these bespoke cryptoasset monitoring tools tools, and are they configured appropriately to your business needs? 

  • For banks and fintechs, are you able to detect and assess risks related to counterparties who may be dealing in cryptoassets? Solutions exist that can enable you to do so, but they require expertise your business may not possess. 

  • Filing SARs and undertaking reporting obligations related to cryptoassets can present specific challenges. Are you equipped to navigate these challenges? 

  • Key takeaways: an understanding of what systems and controls are out there, and how they can fit into your wider anti-financial crime framework.

This bootcamp will help your compliance team work through these and other questions, and in doing so, will empower you to execute on a vital component of your financial crime risk management framework. If these three pillars are executed effectively, then your compliance team can confidently tackle the risks associated with cryptoassets. 

You don’t want to miss out on this opportunity to learn from FINTRAIL and Elliptic’s experts in cryptoasset compliance.

Partners Against Crime: Building Strong Partnerships on the AML Frontlines

It is safe to say that the US FinTech market has hit its stride. Global FinTech funding soared past $34 billion last year, and the US makes up around half of the global FinTech market. More and more consumers are turning to FinTech products to transform the way they manage their finances, paychecks, loans and insurance. With COVID-19 keeping us all socially distanced for the time being, the move toward digital finance is only going to pick up more steam. 


But the FinTech sector isn’t built on standalone infrastructure. As Banks attempt to stay on the forefront of innovation and as FinTechs seek the regulatory and compliance infrastructure they require, FinTech/Bank partnerships have become the new normal. This has been particularly important for the growing internationalization of FinTechs - as successful European FinTechs seek to cross the pond, having a legacy partner helps them gain a foothold.


These partnerships can take a variety of different forms - though for the sake of this piece, we’re going to focus on community banks that handle the banking back end of FinTech products, such as holding FinTech customer deposits and ensuring they are FDIC-insured or offering for benefit of (FBO) accounts to FinTech MSBs. As part of these relationships, FinTechs end up not directly regulated, and it’s up to the partner to ensure the FinTech remains compliant with BSA regulations. This means that banks have to be careful to select the right possible FinTech partners, and the same goes for FinTechs! Wirecard’s recent collapse, which has sent FinTechs all over the world scrambling for new partners, particularly highlights the level of overall due diligence and care that is needed when forming and sustaining a banking partner relationship.


What Happens When It Doesn’t Work Out?

We’ve seen first hand how FinTechs and their partners are pushing forward to innovate not just on customer-driven financial services, but also on financial crime prevention. However, the risks of getting partnerships wrong still need to be taken seriously and inform a firm’s approach to stakeholder management. 


So what does it look like when things go wrong? 

For some FinTechs, it means not getting very far. US partner banks tend to have steep compliance requirements and expectations - that means being able to demonstrate your BSA/AML compliance capability up front through risk assessments, policies and procedures, training, and effective control integration. Partner banks like Cross River weed out the majority of prospective FinTech partners due to the amount of compliance required. For FinTechs, failing to get a partner bank relationship set up can mean the difference between a successful funding round and going back to the drawing board. For European FinTechs and other international players with their eyes set on the US market, failing to obtain a banking partner due to compliance reasons could potentially shut off millions of new customers and dramatically set back scaling plans. 


A few bad actors could also risk the current environment of strong partnerships. Across-the-board de-risking of correspondent banking illustrates what can happen when the difficulties managing AML/CTF controls within a partner relationship cannot be prudently resolved.


The picture isn’t great for partner institutions either. Building out relationships with the FinTech sector is becoming a profitable lifeline for institutions looking for ways to innovate and reach new client segments outside of their traditional stomping grounds; turning off the taps can obviously have an impact. And on the compliance side, as FinCEN expects financial institutions to ensure the compliance of their FinTech partners, failure to do so could risk steep fines and penalties. 


In fact, one of the most frustrating obstacles to successful partner bank/FinTech relationships can be the current regulatory landscape, according to Robin Garrison, VP of Compliance at MainStreet Bank, who presented on making the most of partner bank relationships at the FinTech FinCrime Exchange (FFE). Certain regulators can hold traditional and sometimes out-of-date perspectives on risk and financial crime - and the absence of a unified approach between different US regulators (the Office of the Comptroller of Currency (OCC), for instance, has been much more proactive in supporting FinTech innovation than some of their counterparts), can only add complication. To really get the regulator onboard, Robin added, it’s important for FinTechs and their partner banks to work together to ensure appropriate testing has been done to evidence to the regulator that any financial crime risks are being appropriately mitigated.


Even if a FinTech and partnering bank do succeed in getting a relationship off the ground, poor relationship management can hinder positive efforts to prevent financial crime. High volumes of manual work, a lack of knowledge on how the other party is operating, and long delays in communication can mean that even if a partnership looks successful on the outside, it may still be struggling with balancing financial crime compliance and customer experience. 

How Do You Make It Work?

Looking at the risks involved with setting up a successful partnership, it’s no wonder that it can be difficult for a startup to break into the FinTech space or for a legacy institution to take the leap into a new relationship in a digital world. But there are plenty of examples of where partnerships have taken off. What are they getting right? 


1. They set a strong foundation. 

This is something that features in all of the industry reading on how to make the most of a partner bank relationship. And that really is relevant here too! If you don’t have a strong, open, and transparent partnership in other parts of the business - such as making sure your financials are sorted and growth strategies are aligned - then it’s going to be difficult to build a relationship that allows you to successfully fight financial crime. In fact the best approach to building a positive relationship is to ensure that BSA/AML compliance isn’t segregated. From day one, compliance should be considered as an integral building block in wider relationship management efforts. This will ensure it doesn’t come back to bite once the relationship progresses on the commercial side.


Strong, positive foundations also go beyond shared values. Robin left FFE members with an important message about selecting the best banking partner. “Don’t go with the first partner bank willing to accept you. It can be very difficult to ensure that your data can be fed into and processed by your partner bank, so think about how well your technical systems will integrate when picking your banking partner.” Without aligned systems, anti-financial crime processes become a greater operational burden, and it becomes far more difficult for the partner bank to have the information they need in order to conduct robust assurance on the activity of their FinTech partners.


2. They establish clear roles and responsibilities.

Establishing clear roles and responsibilities is important for any business relationship, but it’s especially important from a financial crime perspective. When laying out the contractual arrangement, FinTechs and partner banks should try to agree up front and in writing who will be responsible for which part of the BSA/AML control framework and who the key points of contact are. 


For example, does the partner bank need to review all KYC files on a FinTech’s new customers before they onboard, or will the partner bank perform assurance on the KYC process through periodic (e.g. quarterly) spot checks? If the FinTech is managing KYC, who should they talk to about trialling a new ID verification provider? Who will be responsible for OFAC screening at onboarding, throughout the business relationship, and for customer screening? To what extent should the FinTech establish their own transaction monitoring tool? Or will they be able to rely on the TM system offered by the partner bank?


There may be circumstances where the partner bank and FinTech relationship is so intertwined that setting rigidly defined roles and responsibilities just isn’t feasible. Anthony Jerkovic, Head of Data & Risk at Bank Novo, explained that, in Bank Novo’s partner banking relationship, roles and responsibilities often require a certain level of flexibility in order to effectively address the dynamic problems faced day-to-day. “If everyone touches a case, it is hard to precisely draw the lines of responsibility. Instead, we focus on close communication and working together and try to see them as an extension of our own team.”


If partnering firms aren’t able to develop a close working relationship or meaningfully outline roles and responsibilities, problems will inevitably arise. At best, it may take longer for both parties to process financial crime-related tasks, such as the investigation of unusual or suspicious activity, but at worst, serious financial crime cases could go undetected, as no one was formally designated as being responsible for identifying red flags.



3. They have a clear escalation process.

As part of laying out a clear delineation of roles and responsibilities, partner banks and FinTechs should also work together to establish clear escalation paths. The goal is to determine when the hand off happens and how. A lot of this will come down to the partner bank’s risk appetite, as they are the ones ultimately liable for any financial crime activity that occurs. But depending on the relationship, there may be certain activities that the FinTech can respond to without immediately escalating to their partner bank.


For example, one partner bank may be comfortable with a FinTech making a decision on whether to accept a customer with an adverse media finding against them, while another partner bank may require all adverse media hits to be escalated to their compliance team for review. 


Let’s look at another example, which illustrates how escalation and communication paths work both ways. For instance, if a FinTech is doing their own customer screening, they may be expected to escalate all confirmed PEPs to the partner bank for approval prior to the start of any business relationship but only do so after clearing the alert and requesting necessary due diligence documents on source of wealth and source of funds. By contrast, if the partner bank does the customer screening, they may have to reach out to the FinTech to communicate with the customer to obtain EDD documentation.


Without getting the escalation process right, FinTechs and partner banks will run into the same problems as with roles and responsibilities - difficulty maintaining BSA/AML compliance and operating effectively. 

4. They regularly communicate on all things fincrime. 

The whole goal of outlining roles and responsibilities as well as escalation paths is to ensure that communication on financial crime issues remains robust throughout the partnership. This is especially important when both parties are closely involved in day to day financial crime operations. Without close communication, unusual customer activity can’t be investigated quickly, leaving funds suspended in a way that can damage a customer’s experience if they’re innocent. Given how quickly funds can move in and out of a FinTech account, without close cooperation, a partnership may fail to stop significant volumes being laundered through an account. 


Samuel Peters, BSA Manager at Middlesex Federal, Bank Novo’s partner bank, highlighted that “especially when dealing with those in traditional banking, communication is key.” Depending on the nature of the relationship, frequent and regular touchpoints may be needed, even multiple times per week. Though, Samuel also flagged that it was important to ensure that both FinTechs and their partner banks understood that there would always be some level of risk involved in the arrangement. “Traditional banks and FinTechs are going to have different risk appetites; regular and open communication is the best way to help close the gap.”


Of course, there are also regulatory expectations with regards to reporting. Partner banks are currently expected to file a suspicious activity report (“SAR”) within 30 days of the initial detection of the suspicious activity, provided there’s a suspect. This means that the FinTech has to move quickly to escalate any unusual activity and work closely to support any investigation from the partner bank in order to meet the deadline. 


Even in cases where FinTechs are given a good degree of autonomy, they should still work closely with their partner bank to ensure that both remain on the same page in terms of risk appetite. This means keeping the partner bank up to date on any new product developments, target customer segments, and geographic expansion plans, as all of these would impact the FinTech’s financial crime risk profile. 


What Next?

FinTech relationships with partner banks aren’t going away and do come with their share of risks. But through successful stakeholder management efforts taken with a fincrime focus, both parties can work together to stop criminals exploiting the US financial ecosystem.

We have experience working on both sides of the table to help FinTechs and their partner banks manage financial crime risks. If you’d like to discuss this more, please contact our US team or email us at: contact@fintrail.co.uk

FINTRAIL- Elliptic Cryptoasset Compliance Virtual Bootcamp

For financial crime compliance professionals, cryptoassets are one of the hottest topics around. With regulators and global watchdogs like the Financial Action Task Force zeroing in on cryptoassets, any compliance team that isn’t educated on cryptoassets has a major blind spot. 

Cryptoassets are no longer a fringe financial technology: cryptoassets have a total market value of more than $250 million; bitcoin is among the top ten currencies globally in terms of the overall value of banknotes and coins in circulation; and over $500 billion flows between the banking sector and cryptoasset businesses annually. Cryptoassets are now a feature of the financial landscape. This exciting technology presents both compliance challenges and business opportunities for teams not only at cryptoasset businesses, but also for banks and FinTechs who can no longer ignore this burgeoning asset class.  

That’s why we’re partnering with the team at Elliptic to launch our first ever cryptoasset compliance virtual bootcamp. Launching on June 30, this online bootcamp is one we’ve designed to assist banks, FinTechs, and cryptoasset firms alike in identifying strategies for managing financial crime risks in this new phase of cryptoassets. We’ve launched this initiative to help compliance teams in their journey, and to educate and ensure the wider regulated sector understands the cryptoasset industry, how it may affect their business, and how best to practically address the risks while harnessing new opportunities. The bootcamp focuses on how your business can apply an effective risk based approach towards cryptoassets. This ensures the highest risks to your business are the focus of your compliance efforts, with less impactful risks sitting lower down the priority list. 

Led by FINTRAIL’s Danielle Jukes and Elliptic’s David Carlisle, and featuring guest speakers from around the financial crime compliance space, this complementary virtual bootcamp will include three engaging sessions across June and July. Each session will focus on the key pillars that we see as vital to a strong cryptoasset financial crime risk management framework. Content for the sessions will include: 

Session 1: Cryptoasset risks . . . What’s your appetite? 

Effective risk management starts by defining your risk appetite. If you are a cryptoasset business, have you articulated to your staff which risks you’re willing to accept? For example, are there certain countries that present especially high cryptoasset risks and with which you won’t do business? And if you are a FinTech or bank, have you clearly defined what degree of interaction your business will or won’t have with cryptoassets, and do your staff understand how to ensure adherence to that risk appetite? Until you’ve defined your risk appetite, you can’t expect your compliance team to develop an effective response. In this session, we’ll provide you with a conceptual framework for defining your cryptoasset risk appetite and using that foundation for effective risk management.

  • Key takeaways: an understanding of how you can develop a risk appetite statement on crypto, and how it can affect your business, relevant examples of statements related to cryptoassets.

Session 2: Assessing and Getting to Grips with the FinCrime Risks:

Cryptoassets present specific financial crime risks and feature heavily in some typologies more than others. Understanding these risks and executing a crypto-specific risk assessment is critical to managing risk exposure, whether your platform offers cryptoasset services directly or not. If you are a cryptoasset business, do you understand which fincrime typologies present the highest risks to your platform? Do you offer privacy coins or other services that may present an elevated risk to your profile? If you are a FinTech or bank, while you may not offer cryptoasset services, do you understand crypto-specific typologies that may expose your business to indirect cryptoasset risks that are sometimes very difficult to detect? This session will equip you with the know-how you require to conduct an effective cryptoasset risk assessment for your business. 

  • Key takeaways: an understanding of different types financial crime risks, how they present themselves within cryptoassets, and how your business can assess these risks.

Session 3: Systems and Controls - Managing Your Cryptoasset Risks in Practice 

Managing cryptoasset risks requires access to systems and controls that can detect and protect against bespoke risks. Your compliance team should be working to solve the following questions:.

  • For cryptoasset businesses, do you have access to these bespoke cryptoasset monitoring tools tools, and are they configured appropriately to your business needs? 

  • For banks and fintechs, are you able to detect and assess risks related to counterparties who may be dealing in cryptoassets? Solutions exist that can enable you to do so, but they require expertise your business may not possess. 

  • Filing SARs and undertaking reporting obligations related to cryptoassets can present specific challenges. Are you equipped to navigate these challenges? 

  • Key takeaways: an understanding of what systems and controls are out there, and how they can fit into your wider anti-financial crime framework.

This bootcamp will help your compliance team work through these and other questions, and in doing so, will empower you to execute on a vital component of your financial crime risk management framework. If these three pillars are executed effectively, then your compliance team can confidently tackle the risks associated with cryptoassets. 

You don’t want to miss out on this opportunity to learn from FINTRAIL and Elliptic’s experts in cryptoasset compliance. You will also be awarded a certificate of attendance after attending all three sessions. 

Islamic FinTech and Financial Crime: A different risk profile?

With particular thanks to insha, Kestrl, MyAhmed and Niyah.

Just like every other sector of the global financial industry, Islamic finance is increasingly going digital.  There is a growing number of start-ups positioning themselves to benefit from the rapid global development of the FinTech market, coupled with the booming growth of Islamic finance.  Islamic finance is sometimes considered a niche area, but this ignores the actual size of the sector, with a consumer base of 1.8 billion Muslims globally and an estimated market value of $2.5 trillion in 2018, forecast to grow 40% by 2024.  These start-ups sit at the convergence of these two growth areas, and believe that young Muslims in particular will be drawn to products designed to facilitate integrating their faith and ethics with all aspects of their daily life, plus the ease and superior design features of a digital product.  

Most growth in Islamic finance in recent years has been rooted in traditional banking services, but change and dynamism in the sector is translating more and more into digital offerings and FinTech startups.  In 2019 there were an estimated 93 Islamic FinTech startups globally, including challenger banks for retail and SMEs (e.g. Kestrl, MyAhmed and Niyah in the UK and insha in Germany) as well as wealth management (e.g. US-based Wahed Invest), crowdfunding (e.g. Ethis Ventures in Malaysia and Indonesia) and crypto (e.g. Dubai-based trading platform Huulk).  P2P finance and InsureTech are cited as top sectors for growth in 2020.  Existing Islamic banks have also jumped on the digital bandwagon, especially in the Gulf, such as Bahrain Islamic Bank which launched the first fully-fledged Islamic digital bank in 2019.  The largest market for Islamic FinTech startups is Indonesia, followed by the US, the UAE and the UK. 

It’s interesting to note that many shariah-compliant FinTechs are keen to reach out to potential customers beyond the Muslim population in recognition of many people’s dislike and distrust of conventional financial services and desire for a more ethical, partnership-based approach.  To this end, many Europe-based FinTechs in particular notably focus on the ethical dimensions of their product rather than just guaranteeing shariah-compliance, and market themselves as ‘ethical’ or ‘values driven’ rather than explicitly as Islamic, halal or sharia-compliant.  This is also reportedly popular with Muslim customers, especially the young, who are more interested in services that focus on ethical considerations rather than “tick-box” shariah compliance.

Islamic Finance and FinCrime 

Islamic and conventional finance most obviously differ in terms of the products offered and the target client base.  But what of the risks they face, specifically financial crime?  Are there certain financial crime risks which Islamic finance institutions are more exposed to, or conversely where the specificities of Islamic finance help protect them?  And are there particular things Islamic FinTechs should be thinking about as they design and build their financial crime programmes?

This piece isn’t going to get into the complexities of Islamic finance and how transactions are structured.  However, there are a couple of key concepts that are useful to set out here.  Firstly, Islamic finance prohibits earning or paying interest, with a focus instead of profit (and risk) sharing.  This results in a model where banks and their customers act as ‘partners’, which differs from the usual client relationship.  Islamic finance also prohibits business in sectors considered forbidden or haram, such as alcohol, gambling, pork or adult entertainment.  And finally, Islamic finance does not condone excessive uncertainty or speculation.

On an academic level, relatively little attention has been paid to financial crime risks in relation to Islamic finance and there have been few, if any, studies on relevant money laundering/terrorist financing methods and trends.  International standards for AML/CTF regimes (such as those issued by FATF) make no provisions for Islamic finance, and are adopted wholesale even by countries with sizeable Islamic finance sectors without any adjustments.  The papers which have been published (e.g. by ACAMS) tend to conclude there’s no evidence the ML/TF risks in Islamic finance are different from those in conventional finance, or that it faces unique typologies or methods.  If anything, they conclude certain features of Islamic finance are likely to lower the ML/TF risks, such as the ‘partnership’ relationship between the financial institution and the borrower/lender, and the fact transactions are structured around the purchase/sale of underlying assets, which ties them to real-world valuations and makes it harder to disguise illicit flows.  

FinCrime for Islamic Fintechs

So what does this mean for Islamic FinTechs in particular?  Given the relatively scant attention paid to the topic by regulators and external bodies, and the prevailing tendency of conventional Islamic banks to treat financial crime the same way as everyone else, it is hardly surprising we’ve yet to see Islamic FinTechs formulate a specific approach to financial crime.  And nor is it clear that they need one, given the current state of the market and the product types that most existing Islamic FinTechs offer.  Where the academic studies do identify differences between conventional and Islamic finance, it is generally in relation to complex products such as trade finance and investment banking.  These are areas which have yet to be targeted by Islamic FinTechs, which so far are mostly focused on P2P lending / crowdfunding and retail banking.  In these areas, it is hard to see many ways in which the shariah-compliant aspects of the products could affect the AML/CTF risks.  The one concrete example is almost a coincidental positive for Islamic finance - several of the sectors considered prohibited are also ones recognised as high risk for financial crime, such as gambling, adult entertainment and arms/defence.  However the lack of any other discernible differences is borne out by a number of Islamic FinTech start-ups consulted by FINTRAIL, who confirmed that they don’t approach financial crime risk differently to their conventional counterparts and aren’t aware of any nuances or differences in the risks they face.  For instance, one European challenger bank confirmed it uses a banking-as-a-platform provider to manage compliance, meaning it is comfortable using an off-the-shelf solution designed initially for non-Islamic institutions.  

So, looking at the products and business models of Islamic FinTechs on paper indicates no real distinction.  However there is one real-world factor which does make a difference - customer base.  One standout issue is the provision of services to mosques and religious charities, which collect huge amounts of zakat donations, and can find conventional financial institutions reluctant to deal with them (and often Islamic institutions too).  Charities, especially religious charities, are recognised as a high risk sector for AML/CTF risks, and coupled with payment corridors to high-risk countries where Islamic charities are likely to operate, places them outside of risk appetite for many conventional banks.  Specialist Islamic FinTechs may be more prepared to find ways to mitigate the risks and serve these clients, as part of their ethical mission.  

In Europe, concentration risk and the makeup of the target client base may also pose particular challenges (but also opportunities) for Islamic FinTechs.  Their customers will be particularly homogenous, which may make them more vulnerable if a fraudster can work out a successful way to target this group.  This would involve knowing how to mimic real customers’ identities and activities, as well as frauds designed to exploit religious sentiment, e.g. by using fake charity appeals during Ramadan.  Beyond fraud, while many customers will be UK/EEA nationals, those who are foreign nationals are more likely to come from countries deemed high risk for ML/TF, and popular payment corridors for cross-border payments are also likely to involve such countries.  This will all result in a high level of declined applications, high-risk clients, and transaction monitoring alerts, especially if companies use generic risk appetites and customer risk assessments or off-the-shelf monitoring solutions, or outsource their compliance programmes to banking-as-a-platform companies.  

Conventional indicators and methodologies may thus not enable Islamic FinTechs to assess their client bases intelligently, and to work out if there are ways to mitigate any inherent  risks in line with their own risk appetites.  If they choose to accept these risks, they’ll need to ensure they can identify the most high-risk activity on their books, and dedicate their attention and resources appropriately.  And if done right, they are uniquely well-placed to do so - they can use their greater familiarity with these client groups and any existing data to benchmark usual, unconcerning behaviour vs. activity they deem suspicious.  For instance, huge cash deposits from a mosque during the last ten days of Ramadan would be immediately understood and contextualised.  And while a conventional retail bank may see all payments marked as ‘zakat’ as high risk, an Islamic FinTech can use their richer datasets and contextual understanding to refine their monitoring systems and investigate hits to identify the most high-risk of these payments, to make sure they are allocating their time and resources effectively. In doing so, they have the potential to play a positive social role by ensuring inclusion - enabling fair and affordable access to financial services to those frequently excluded or disadvantaged by conventional financial institutions.

So to summarise, the distinctive financial crime concerns of Islamic FinTechs lie not in the theoretical nature of how they operate or the mechanics of their product offering, but in the real-life nature of their client bases.  This idea is not unique to Islamic entities; in the increasingly crowded FinTech sphere, more and more firms are seeking a niche and are catering to specific client groups that pose a heightened financial crime risk on paper, such as expatriates sending remittances to specific high-risk countries, or sectors such as gambling or crypto that struggle to open accounts with conventional banks.  The lesson for all these companies is that, while they must recognise the inherent risks posed by their client bases, they can and should tailor their financial crime programmes to adopt a risk-based approach, identify their own top risks, and allocate their resources appropriately.

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic, or any other elements of building or refining a customised financial crime programme, please get in touch with contact@fintrail.co.uk or maya.braine@fintrail.co.uk

There is also further guidance available on the FINTRAIL website, including on defining a risk appetite, using data to drive a financial crime programme, and promoting financial inclusion.

Remote Delivery: NuBank Financial Crime Compliance Project

In the current climate the notion of ‘working from home’ has become the new norm. This means that some businesses have had to rapidly adapt how they work, how they deliver their products and services to their clients, and how they remain top of their game. Whilst FINTRAIL do have physical offices in London, Singapore, the US, we operate flexible working for our employees, and have also conducted fully remote projects in the past. We feel that these projects and our working set up has allowed us to quickly adapt to this new normal and we thought we would share some of our insights with the wider community. 

One of our most recent fully remote projects involved working with NuBank on a Financial Crime Compliance project. NuBank is a Latin American neobank and they have one of the largest customer bases in the region and sector, and in January 2020 confirmed they hit the 20 million customer target. NuBank was a completely new client for FINTRAIL, and also one of our largest projects where there would be no face-to-face, or in person element at all.

The project spanned three jurisdictions; Brazil, Mexico, and the UK. This involved assessing, and analysing regulation from Brazil and Mexico, as well as scheduling calls to accommodate for two quite different time zones! After the project had been completed, we had a feedback session with NuBank to discuss what worked, and maybe what didn’t, when conducting a remote project. NuBank was very pleased with our work. They commented that we were aligned with them as a business, and the project results were above and beyond what was expected. We are confident that our work can be delivered in a fully remote nature, and this project only helped to solidify that confidence.

Infographic highlighting the key takeaways from the NuBank remote project and what the client liked.

Key learnings:

  • Get the basics right. This may sound simple, but the client should be clear on the project timelines and deliverables. Having this understanding at the start and throughout helps to ease both sides of any unnecessary stress, and improves time management and control of the project. When a project involves no face-to-face aspect, all communication becomes much more scheduled, and therefore understanding the scope and nature of the project is key. This extends to us as FINTRAIL too, we always ensure that we understand a company and its products to the best of our ability when conducting a project.

  • Communicate, communicate, communicate (with the relevant people). Ensuring that the correct people are involved in the conversation is very important, especially during a remote project. With often already packed diaries, no one wants to sit on a video call that they cannot contribute to, or that they are not needed for.  By inviting the correct and relevant stakeholders only to meetings where they are needed prevents video call fatigue within the project, helping for each conversation to be meaningful and for people to remain engaged. 

  • Leverage technology.  Tools such as Slack can really help with interim communication between larger video meetings. Slack allowed for timely access to key pieces of information, and to lay the groundwork for more in depth meetings. It was also crucial to have this kind of communication due to multiple time zones. Emails felt a bit stiff and formal, and could get lost in a pile, whereas the Slack messages could be picked up whenever suited, and answered quickly and easily.

Get in Touch

If you are interested in speaking to the FINTRAIL team about the topics discussed here or how we are working remotely with clients globally today on all aspects of their financial crime programme, please feel free to get in touch with one of our team or at contact@fintrail.co.uk.

Into the Tigers Den

*WARNING - Tiger King Spoilers Ahead*


Hey all you cool cats and kittens,

Most people reading this have probably seen or at least heard of the hit Netflix show, Tiger King, with its outstanding viewership of 34.3 million within its first 10 days of release. At first glance, the docuseries looks to focus on the captivity of big cats in the US; however the involvement of Joe Exotic soon pivots the focus to his love-life, rivalry with the owner of a non-profit animal sanctuary, Carole Baskin, and ultimately to the murder-for-hire plot of said sanctuary owner for which Joe Exotic is currently serving 22 years in prison. A $1 million lawsuit with Carole Baskin’s Big Cat Rescue Group is also ongoing. 


Whilst watching the captivating series, we at FINTRAIL noticed a reoccuring theme outside of big cats and cowboy boots. Financial crime. Episode after episode, it became evident that owning a roadside zoo in America comes with its own ecosystem of problems and characters, lots of whom have had their fair share of interactions with the law. This gave us an idea - let's set up our own big cat park ourselves! In this blog post we use Tiger King as a reference point, and walk you through how to set up your own zoo step by step, and ensure that the zoo and your activities can stay clear of the law.  Of course, this isn’t actually our goal. We’re aiming here to highlight how easy it is to do this, and the grey areas in the current US system. We take a look at:

  • The ease of obtaining a permit for a roadside zoo, making it a prime target for exploitation

  • The complex ownership structure hinted at in the Tiger King that could be used to hide beneficial ownership

  • How the trafficking of big cats can be used as part of a wider money laundering operation


Joe may seem exotic himself but some of the themes and activities highlighted on the show are a sad reality, and are an open door for criminal exploitation.


License to own big cats, but not buy or breed them. But obviously there are ways to get round this...

The first step of this process is to apply for a government permit which will allow you to own a roadside zoo to show off your cats. Luckily, in many states in the US this is easy to do. 

If you claim to be displaying the animals as an ‘exhibitor’, you can easily obtain a licence from the United States Department of Agriculture (USDA) for as little as $40. As a criminal looking to exploit any system available for financial gain, this is a prime opportunity to use a cash heavy business to launder profits through:

  • purchasing exotic animals with funds gained illegally

  • faking the sale of exotic animals to justify the transfer of funds

  • inflating the number of visitors to account for the increase of funds on the accounts

  • inflating construction costs for the park itself

  • inflating costs of upkeep for the animals and park


When applying, not much is asked about the applicant; as long as you have a social security number, you are eligible to exhibit big cats. Multiple previous convictions? Not a problem. Jeff Lowe and Mario Tabraue had convictions, including jail time, but this did not raise any red flags when submitting their applications. Surely, in a trade such as exotic animals where there are easy ways to make illegal profit, deeper checks into applicants should be crucial. It seems like the USDA just want to check you can pay them, rather than recognising the risk that is created by this lax entry criteria. 


Joe who?

Whilst there is nothing illicit or illegal about changing your name, it can make tracing ownership and finding records and media related to a person more difficult than for someone who has had one, or maybe two, registered names. The first thing to note about Joe Exotic is the multitude of names which he goes by. In court documents he is often referenced by upwards of five different names. Joe has been married three times, and has changed his name each time, sometimes making a double-barrelled name. He also has his ‘stage name’ of Joe Exotic, which he uses in everyday life. Information such as previous names, or aliases that an individual goes by can be crucial when assessing what risk an individual may pose. For example, adverse media checks conducted on only one of Joe’s many names may yield very different results compared to a search on a different alias. 

Old zoo, new zoo

When trying to hide assets, or even evade taxes, you may consider shutting down an existing business, and opening a completely new and fresh one. All the assets of the old business can be moved to the new business, however they are now under a separate legal entity, and in the case of tax evasion that business is unlikely to have any taxable profits. 

In legal records from the case between Joe Exotic and Big Cat Rescue, we found some interesting narration around the creation of a ‘new zoo’, and dissolution of the ‘old zoo’. The G.W. Exotic Animal Memorial Foundation, referenced as the ‘old zoo’, was created in 1999 by Joe Exotic and his parents, Shirley and Francis Schreibvogel. Shortly after the lawsuit in 2013 involving Carole Baskin and the $1 million judgement, a request was made to the Oklahoma Secretary of State by John Finlay (the old zoo’s vice president/director, and Joe Exotic’s husband at the time), to request a reservation of the name “The Garold Wayne Interactive Zoological Foundation", and a day later The Garold Wayne Interactive Zoological Foundation (‘new zoo’) was incorporated. The incorporation of the new zoo was paid for using the funds of the old zoo, the old zoo was then dissolved, and within this dissolution assets including vendor accounts and the gift shop inventory were transferred to the new zoo. However, the new zoo did not assume any of the old zoo’s liabilities. 

On paper, the two companies are different. Different names, possibly different ownership/management hierarchy structures - however it is clear to see that these two companies are intended to do the same thing, benefit the same parties, and ultimately have been created to hide, disguise, and try to put assets out of reach. This is an age old trick, and not one unique to the big cat or roadside zoo industry. As a result, law enforcement and the courts are well aware of this tactic. The court case recognised the new company was just being used as a vehicle to move and hide assets, and ordered the newly created Garold Wayne Interactive Zoological Foundation to also be held accountable for the $1million judgement in the lawsuit. If you are trying to hide your assets, it would be wise not to try this while in the middle of a court case when you are already under scrutiny of the courts. 

Keeping it in the family, and under the radar

Ultimate beneficial ownership (UBO) is a hot topic at the moment, particularly in the UK, where it is a legal requirement for all companies to disclose their ultimate owners to the corporate registrar. However in the US the landscape is wildly different. No state currently requires a company to declare the UBO, meaning it is easy to disguise the true beneficiary of a company. There is even talk at the moment within the US of relaxing the rules further in light of COVID-19

Complex ownership structures can be exploited to hide assets, and conceal individuals’ investments and involvements in business ventures. Joe Exotic made use of this tactic, and is even heard within the docuseries saying proudly to the camera, “Look around! I don’t own anything!”  When we had a look at some of the court documents surrounding the Tiger King, Joe was indeed right. He didn’t appear to own any assets at the zoo, or the zoo itself. 

As mentioned in the previous section, the original GW Zoo was founded in 1999 by Joe, under his original name of Joe Schreibvogel, and his parents Shirley and Francis. It is quite clear from the show that the zoo is Joe’s, legally or otherwise; he makes all the decisions and it is his responsibility to run it day to day.

The Big Cat Rescue Group settlement agreement outlined the continued involvement of Shirley in the zoo’s finances, without her having much actual involvement in the zoo itself. On paper, Shirley was the landowner and leased the land to the GW Zoo; however the settlement stated that these were not ‘arm’s length’ leases, and instead were used to transfer funds and assets to Shirley, so that they would remain out of reach of the ongoing lawsuit against GW Zoo/Joe Exotic. 

The settlement also states the ownership status of many vehicles and trailers within the zoo, and surprise surprise, they are all owned or leased by Shirley. Once again, this is a ploy to move all of the assets out of Joe’s name, and therefore supposedly out of reach of the court case. 

Lions and tigers and bears, oh my!

Arguably the most important aspect of establishing a zoo is the animals. 

You may think that getting hold of exotic animals would be difficult, but in many states it is simpler to purchase a tiger than to adopt a puppy. The Endangered Species Act of 1973 makes it illegal to sell endangered wildlife interstate or through foreign commerce in the course of a commercial activity. However you can be exempt from this Act if you are a USDA licensee, which is relatively easy as shown at the beginning of this piece, or an accredited sanctuary.

If we look at how Joe Exotic accumulated more than 200 tigers within GW Zoo, this was primarily done through breeding at the zoo. To care for a tiger, the food cost alone is between $7,500 and $10,000 per year, therefore Joe was not able to keep the whole litter and would sell the cubs. With the price of a large cat ranging anywhere from $900 for a bobcat to $7500 for a tiger cub, you can see why this is an attractive business and why Joe Exotic sold 168 tigers between 2010 and 2018 (the below map shows the far-reaching transfers of tigers from GW Zoo). Before 2016, there were fewer restrictions on the sale of captive-bred tigers as they were not considered important to conservationists and therefore could be freely traded, making it easier to trade across state lines. 

map.png

As you can see from the above, the amount of money that passes through a roadside zoo can be extensive, and this isn’t even including the admission and tour fees - some establishments charge nearly $400 per person for a tour. 

Not only can a zoo be used to move funds from other illicit activities, but there is great opportunity to use the zoo to commit illegal acts:

  • Purchasing or selling endangered wildlife in a banned state or without the appropriate licence 

  • Trading wildlife that has been illegally obtained 

  • Laundering cash through inflating prices of wildlife sales

  • Storing illegal drugs, as allegedly done by Mario Tabraue, who appears in the docuseries, before his arrest in 1987. 


The purchasing, breeding or exhibiting of exotic wildlife without the appropriate licence is illegal and therefore makes these animals criminal property. Profits from the subsequent trade of these animals are therefore the proceeds of specified unlawful activities (SUA), and money laundering is added to the long list of crimes that can be committed by these zoos. 

So where do I sign up? 

Absolutely do not set up a roadside zoo. 

The opportunities to conduct financial crime from a roadside zoo are extensive. The process of constructing a zoo itself presents the perfect opportunity as you can deal with high amounts of invoices for builders/supplies and deal with cash intensive industries to move illicit money. The subsequent running of the zoo creates more opportunity from buying and selling exotic wildlife illegally, to moving illicit funds through the zoo with inflated ticket prices and upkeep of the park. And as with other business types, you can set up constantly changing complex ownership structures to hide your assets.

As we have shown throughout this analysis, things aren’t always as they seem. Something that from the outside may look like a legitimate business can be used in numerous illicit ways. For financial institutions that service corporate clients, it is vital to analyse the industry lists in the context of your product offering, jurisdictional coverage and client base and see if something that might generically pose a low risk of financial crime, could actually be used extensively for financial crime purposes.  Hopefully this article has given you some red flags to watch out for, such as unnecessarily complex ownership structures, repeated changes in ownership, multiple name changes or aliases, or historic involvement in lawsuits or criminal prosecutions.

Get in Touch

If you are interested in speaking to the FINTRAIL team about the topics discussed here or any other anti-financial crime topics, please feel free to get in touch with one of our team or at contact@fintrail.co.uk.

FINTRAIL on the Captivated Audience - Season 1, Episode 26

In this episode, FINTRAIL’s James Nurse, joins hosts Sam Sheen and Marie Lundberg on the Captivated Audience podcast.

In this episode James offers insights from recent FINTRAIL papers on Social Media and Financial Crime, and the iterative risk approach to pre and post pandemic working for FinTech.

How Social Media is used to Further Financial Crime - Part 2

Similarly to most 18-year-olds, “Carlos” is glued to his phone, constantly refreshing his social media feeds and scrolling through friends’ pictures. In contrast with many other teenagers though, Carlos’ uploaded photographs illustrate a level of opulence and a life of excess. Carlos and his friends are pictured holding wads of cash, draped in designer clothes, Rolex watches on their wrists, and driving around London in a Mercedes. This seems quite implausible for an individual who left school after GCSEs and is now a junior employee at a central London restaurant (1).

 

Is the use of social media helping to fuel this problem? The HM Inspectorate of Probation’s report, ‘The Work of Youth Offending Teams to Protect the Public’, have described social media platforms as the “catalyst for some of the most serious and violent crime offences” (2). This is of no surprise as there has been a generational shift, with youngsters now living in a progressive online world which some adults just cannot get to grips with.

 

In Part 1 of this series, FINTRAIL used four basic money-mule associated search terms to pre-identify social media accounts of interest and those assessed to be associated with potential mule activity. These search terms were “Legit money UK”, “Easy Money UK”, “Flip Money” and “Instant Cash UK”. This investigation now seeks to focus on the initial phase of money mule recruitment and how by disrupting this critical stage it can disrupt the rest of the money mule value chain. However, it is important to first understand the money mule life cycle  which looks like this:

A simple diagram breaking down money muling into four steps; step 1 how to entice on social media, step 2 where they get a DM and get money deposited, step 3 the mule transfers money across their accounts, step 4 the mule gets caught and faces the c…

Honing in on Step 1 i.e. contact over Social Media, FINTRAIL have identified a number of key indicators of which combined together likely indicate an attempt to lure someone into Money Muling; these fall into two categories, visuals and language.

The likelihood of money muling being carried out on the internet depicted as visuals, e.g the images of cash etc to lure and the language used e.g. quick cash etc.

Visuals: There are a combination of images used that show instant gratification; key features include cash, cars, watches and evidence that large sums have been transferred into bank accounts. Further to this, many of the pages had adverts in their “stories” asking people to DM them if they want to make money quickly and requested people with very specific bank accounts to get in touch.

Language: By doing a simple drag and drop of Facebook, Instagram and Twitter pages into a tag cloud generator, FINTRAIL identified the types of language used across all platforms; the more popular the word, the larger it appears. The language used on the accounts really highlighted three key areas; fraudsters would request a specific bank account whether Barclays, Lloyds etc, then offer free fast easy money and explain that this was only a DM or whatsapp message away.

High chance of money muling: The combination of these images linked with these words are likely to indicate and point to something unsavoury and potentially illicit. This combination of factors can be used by social platforms to limit the likelihood of false positives when monitoring behaviour on their platforms and if kept up to date with evolving typological information, would create a far more effective disruption to wholesale financial crime scams than the over reliance on the regulated financial sector, by which point the damage is already done and the act of money laundering has already occurred.

So What Next? 

For FINTRAIL our money-mule journey on the social media platforms ended with the phrases “DM me for more info” or “whatsapp me”. However, in reality we know that this is only the beginning. We know that from here, behind the scenes, bank details are exchanged and money transfers are being made. This is where law enforcement has a critical role to play, coordinated with social media platforms, so that more can be done upstream to reduce the impact and have far more effect, reducing harm across the value chain of money mule activity.

 

Instagram as well as Facebook, use a new AI system Deep Text to essentially deal with and counteract major issues such as cyber bullying as well as malicious posts and comments. If the Instagram algorithm detects or finds provoking content, it’s discarded immediately. This demonstrates that technology already exists that can have an enormous impact on how social media platforms are abused (3).

A robust disruption of Step 1 of the money-mule cycle that is facilitated by social platforms will have a significant downstream impact where the end result would likely amount to a positive reduction in;

  • harm and exploitation of vulnerable people

  • costs to law enforcement effort (investigating money-mule cases)

  • the burden on the UK and global Suspicious Reporting Regimes

  • the burden placed on those operating in the regulated financial service sector


Very clearly, this needs to be an industry wide coordinated effort with law enforcement at the forefront and social media platforms on board. During the fifth Europol Money Mule Action (EMMA 5) week, 3883 money mules were identified alongside 386 money mule recruiters; 228 of these were arrested. As a major catalyst of money muling recruitment, social media platforms should share the burden and play their part in the deterrence of money muling by utilising technology they already have.

Get in Touch
If you are interested in speaking to the FINTRAIL team about the topics discussed here or any other anti-financial crime topics, please feel free to get in touch with one of our team or at contact@fintrail.co.uk

(1) How teenage money mules funnel millions from online fraud

(2) Monitor social media of young offenders to prevent crime says watchdog

(3)  Instagram leverages AI and big data

Keep Calm and Keep Planning: Pandemic Planning for FinCrime

No business sector has been left unaffected by the outbreak of the coronavirus. The financial sector, including FinTechs, is no exception. In times like this, working together as a community is more important than ever.

This document collates examples of how COVID-19 has impacted the FinCrime operations of FinTech FinCrime Exchange (FFE) members and how the teams have responded as they pivot to almost exclusively remote operations, as well as presenting some best practice guidance for a business continuity plan (BCP) and remote anti-financial crime (AFC) compliance.

It looks at how international bodies, financial regulators and law enforcement agencies across the globe have responded so far to the ongoing coronavirus situation, highlighting specific areas FinTechs should focus their attention on. 

The document also discusses differences between traditional business continuity planning and pandemic planning which may present unique challenges to Fintechs management teams. Finally, in its annex, the document collates information on COVID-19 related scams divided into four categories: imposter, product scams, investment scams, and insider trading. 

This guidance is based on research conducted by FINTRAIL across the FFE community. This includes a survey sent to all global members, review of 31 responses, 15 follow-up interviews, and additional research and analysis conducted by FINTRAIL. The survey and interviews were conducted during the week commencing 16 March 2020.

A black line drawing of the FinTech FinCrime logo and accompanying text title
 

With thanks to members of the FinTech FinCrime Exchange for sharing best practices.


EUROMONEY - Regulation: For AML, FinTech is both problem and answer

Set against a number of high profile money laundering scandals in the sector, FINTRAIL Co Founder, Robert Evans was interviewed by Dominic O’Neill, EUROMONEY, along with some key industry leaders to discuss AML and FinTech and how technology, particularly RegTech, can help support financial institutions in upholding their regulatory requirements in the global fight against financial crime.

Rob discussing the negative press around FinTech:

“Because of the online nature of the communities they serve, they can be vulnerable to pressure applied by legitimate customers with legitimate complaints and vulnerable to misinformation,” says Evans, discussing the neobanks. “Fraudsters have learnt that applying pressure via social media is a way to release funds that have been frozen for good reasons.”

How Social Media is used to Further Financial Crime - Part 1

Introduction

Facebook, Instagram and other social media platforms have created simple methods of association. This in itself is both social media’s greatest strength and greatest weakness. You can share friendships globally but those with nefarious intent also have the mechanisms to create connections and identify vulnerable individuals that can be exploited to further their criminal activity.

Over the course of one week (pre-Covid-19 crisis) and as a follow up to our last article on this topic “The Role of Social Media in Furthering Financial Crime”, FINTRAIL conducted research on three key social media platforms, to assess the exposure of the platforms to financial crime activity - specifically money muling. This exercise should be considered a basic benchmark of the problem; our analysis suggests the scale is significant and likely to be systemic to the way money mule networks operate. This is further emphasised when you consider all the available social platforms likely to be used and private/DM functionality that keeps much of the content private. 

Methodology

Research material was obtained through passive observation, some of the groups identified were joined but at no time was there any form of direct engagement. FINTRAIL used four basic money-mule associated search terms to pre-identify accounts of interest and those assessed to be associated with potential mule activity. These were then manually reviewed to assess the group activity.

For this benchmarking FINTRAIL focused on three platforms; Facebook, Twitter and Instagram. The below infographic depicts the findings. Note: there has been no formal network analysis done to identify any crossover between platforms.

Findings

Image with textual findings of money mule search terms across social media, with images on the right hand side of examples of the types of messaging that is seen on social media.


Summary

Pre-Covid-19, many people were already anxious about their financial situation, making them vulnerable to exploitation by criminal gangs seeking to develop mule networks. Research completed by Barclays revealed 6 in 10 people (60%) of respondents were worried about their finances on a weekly basis. 

Since Covid-19 started to bite globally, significantly more people have become financially vulnerable with more people out of work and in dire need of money to cover living costs. These factors create the ideal conditions for criminal gangs to target the vulnerable and there is likely to be a significant increase in the number of people who fall into the trap of money muling.

We will be investigating further into this topic in Part 2 looking to provide some practical information that social media platforms (and others) could use to help in identifying and preventing this kind of activity.


If you have any comments or would like to discuss the issues in this post, or wider anti-financial crime topics, please feel free to get in touch with one of our team or at contact@fintrail.co.uk