Money Laundering

A look forward: what does 2021 have in store for the anti-financial crime community?

2020 was a rollercoaster for us all, not least professionals in the anti-financial crime (AFC) space who had to deal with regulatory change continuing, and criminals upping their game and exploiting the pandemic in tragically ingenious ways.  You can read more about the impact of the global pandemic, and other key regulatory and typological developments in our lookback papers from our Europe, Middle East and Africa, and Asia Pacific teams.  But, let’s now take a moment to look ahead to 2021 and what we might expect to see as AFC practitioners over the year and what we plan to do as FINTRAIL. Normally, we shy away from predictions, but nothing could have been stranger than the reality that was 2020, so we thought we would give it a go!

Effectiveness and Outcomes-focussed Compliance

We’ve already started to see a shift in this direction in the AFC community, in both larger, traditional banks, as well as in the FinTech community as the pressure from regulators for firms to achieve good outcomes in financial crime prevention increases.  Even as far back as 2019, the then-interim Chief Executive of the UK’s Financial Conduct Authority noted: “One thing is already clear – we are moving from a narrower compliance with the rules, to a focus on delivering the outcomes we want for the users of financial services.” While not specific to anti-financial crime, it is clear that all financial services firms want good outcomes for their customers, particularly when it comes to preventing crime against them or involving them. 

What is likely to come this year, in our opinion, is a greater focus from regulators on how those outcomes are measured and therefore how confident a firm can be that its controls and AFC risk mitigants are indeed effective at tackling financial crime. Presently, measuring effectiveness can be challenging and is often unsystematic, relying on annual Money Laundering Reporting Officer (MLRO) reports that pull together proxy measures of effectiveness from a wide range of sources, which is manual, time consuming and potentially error prone if the data is not tracked on a more regular basis, and unusual findings pulled out and scrutinised. Using technology to address this problem in the future is at the heart of the solution. In our view, not only will an outcomes focussed approach increase the relevance of reporting that AFC provides to its senior leadership teams - as it will be able to demonstrate clear Key Performance Indicators (KPIs) and markers of improvement over time - it will also drive positive developments in AFC controls by helping to understand better whether those controls are working to actively reduce crime and illicit funds flowing through the financial services ecosystem. 

So what are we doing about this at FINTRAIL to ensure our clients adjust to the shift in focus? Our immediate response is to embed ‘effectiveness’ into all of our service offerings in 2021 from advisory to assurance; our consultancy teams are putting it at the heart of everything they do for our clients.

Secondly, FINTRAIL is now an investor in Cable.tech that is headed by the fantastic Natasha Vernier and Katie Savitz who both bring great pedigrees from the likes of Monzo and Square. Cable is focused on finding a technical solution to the challenge of AFC effectiveness. We are super excited by what the team there is building and are sure as 2021 progresses they will be taking the industry by storm. 

Increasing specialisation in AFC Compliance

A few years ago and anecdotally at FINTRAIL, we noticed a shift from quite siloed AFC teams with specific areas of focus across the different crime types (e.g. Head of Fraud), to a more homogenous AFC team structure with experts in a number of areas working together and collaborating. A particularly notable change in some organisations was the inclusion of Fraud teams into wider AFC compliance teams, where Fraud had sometimes more traditionally been placed alongside operations or in security and cyber security teams.  This flatter approach was especially popular in newly established AFC teams in startups and FinTechs. 

Our prediction for 2021 is that we are going to see an increasing specialisation of AFC compliance professionals in the product areas that they oversee and risk manage. For example, Fintech AFC compliance officers might well be broken down further into payments AFC specialists, Foreign Exchange (FX) AFC specialists and Banking as a Service (BaaS) AFC specialists. These specialist product skills will help AFC officers really pinpoint the risks their firm’s products are facing and thereby design more nuanced controls to manage those risks.

As such, it seems increasingly likely that these skills will be required by FinTech firms when recruiting and that candidates coming from more generalist backgrounds will need to demonstrate additional competencies in order to compete with the more specialist compliance officers out there. 

We have responded to this development and the growing, critical need for certified qualification in the FinTech industry by partnering with ACAMS to offer the Certified AML FinTech Compliance Associate (CAFCA) qualification and examination. This sets a new standard for the global FinTech industry and brings credibility and parity to an industry that has historically faced questions about competence. As our colleague Kate Hotten put it “It's for FinTechs, but it's so much more: it explores how scale, inclusion, new financial models and technical skills impact how we work in AML. We really worked hard to make sure this wasn't the same old AML blah-blah.”

Wellbeing is critical

2020 gave us all time to reflect on what wellbeing really meant to us as individuals, and firms are starting to do more to ensure that their staff are engaged, resilient and are looking after their physical and mental health. Not only is doing so beneficial for the employees involved, but it also has proven and wide ranging benefits on productivity, employee retention and engagement, inter alia. Staff in AFC teams are no exception to this, and in these roles especially dealing with the negative sides of society that we see when we investigate some pretty horrendous crimes, wellbeing should be prioritised.  Further, the sometimes relentless pressure - whether it’s from criminals breaching your perimeter controls to the more generalised stress of working in a regulated industry - can take its toll, and mental health and wellbeing should be taken seriously. Plus, with crime continuing to increase during the pandemic, this focus has never been more needed. And, just because we are working remotely doesn’t mean that wellbeing can be discounted, in fact it’s just the opposite.

At FINTRAIL, we are proud to offer the services of app-based therapy provider, Spill to our colleagues, and are also looking forward to exploring some more bespoke options with Your Virtual Wellbeing Hub, a research-backed one-stop-shop for employers looking to introduce, add to, or kick-start their employee wellbeing offering. We hope that these efforts will make sure that our team’s wellbeing is central to our company ethos.

For the wider FinTech FinCrime Exchange (FFE) community, we are excited to be offering a series of free, donation-based yoga classes from March onwards to help our members disconnect from their day jobs and find that all important “me” time, making them even better crime fighters.


So, whether you are looking to hone your compliance skills, take some time out for yourself from a busy day or are looking at how to revitalize your compliance programme over the next year, we hope you’ve enjoyed reading this piece, and if you would like to contact us about any of the topics raised in this article, or about any other anti-financial crime compliance needs, please reach out at contact@fintrail.co.uk

Goodbye 2020: Highlights of the year from the Europe team

Regulatory Changes

Throughout 2020, the financial sector saw a number of changes - including regulatory change. Whilst the year had its fair share of bad press around the adoption of regulation, there were also a number of positives to come out of 2020.  The implementation of the Fifth Anti-Money Laundering Directive (5AMLD) at the start of the year and the newly updated UK National Risk Assessment were long awaited updates that will help to drive positive change within the financial sector and beyond.   

Fifth Anti-Money Laundering Directive 

The 5AMLD came into force on January 10th 2020. The directive brought a number of changes, which now applied to firms that were previously unregulated. The 5AMLD now covers cryptocurrency firms, high value dealers (anything over 10,000 euro), and estate agencies. In 2020, cryptocurrency firms started to bolster and refine their anti-financial crime frameworks  - a sure result of 5AMLD.  

UK National Risk Assessment

Towards the end of the year the UK released it’s 2020 National Risk Assessment - an update on the 2017 Risk Assessment. The changes (highlighted in our December 2020 RegCap) included a number of increased risk levels for some specific industries such as property and trust/company service providers. The assessment also included initial ratings of newly regulated sectors such as estate agents. No areas saw their risk levels lowered, either for money laundering or terrorist financing. 

FINTRAIL Projects: Europe

Whilst the year wasn’t quite as many had planned, we at FINTRAIL continued to work with our global client base to deliver the best of anti-financial crime consultancy. The year saw us work on a number of different projects, from risk assessments to creating due diligence policies. Two areas that increased in popularity this year were audits and training. 

Audits often get a bad reputation. They are a regulatory requirement and often seen as a burden. However, these can be extremely useful tools and help to shape and prioritise the year ahead for your anti-financial crime function. We conducted several audits in 2020, from a crypto firm’s first audit to working with a challenger bank who is well versed in the audit process. 

Firms have also looked to either increase their knowledge or change the way they are learning and conducting training. Despite the challenges of working from home, FINTRAIL delivered bespoke, specialist training - albeit from behind a screen. This appetite for training stretched across most companies with an increase in requests for training of more junior members of staff as well as the more senior compliance employees. RegTechs also requested training in 2020, to ensure their sales teams were attuned to the latest regulations; understand where their product fits into their potential clients’ lives; and were aware of the problems it solves. Alongside RegTech partners, our clients within the training space in 2020 included challenger banks, crypto firms and law enforcement agencies to name a few. This trend for increased training is likely to continue into 2021.

Another highlight of the year was conducting work in the investigations space. One particularly interesting project included a due diligence review and evaluation of the specific risks posed by a particularly high-risk client. FINTRAIL also assessed the current control measures in place and offered suggestions for enhancements to the financial crime control framework to mitigate the risk further. 

Part of  2020 was also spent leading a major transformation project within a bank's anti-financial crime function. This large scale project was great to work on, as it involved delivering various pieces of work from an enterprise wide risk assessment to customer due diligence policies, right the way through to the training programme for its employees. FINTRAIL successfully helped to shape a more effective compliance framework for the bank, entirely through remote delivery.  

Looking to the future

Entering into 2021, we look forward to working with our existing and any new clients that the year may bring. There are already early signs that the year could be an eventful one, with rapidly changing crypto regulation through to Brexit finally being realised. 2021 is sure to bring its challenges - and opportunities.


Snakes and Property Ladders

How is one of the most exciting moments in someone’s life also the most stressful? 

Passports. Bank statements. Proof of employment. Payslips. So many different documents provided to so many different people.

For most people buying a house, whether for the first time or finally finding your “forever home”, is meant to be one of the best moments in their lives. But this is often soured by several journeys to the estate agents/solicitors to prove you are who you say you are or by needing to send numerous personal documents by post. 

This blog looks at the documentation and due diligence behind house buying - and how it can be simplified whilst still mitigating the risks. At FINTRAIL, some of the team have been lucky enough to have bought a place within the last 12 months. We have all experienced the good, the bad and the ugly during the process but surprisingly not all in the same area. We are going to discuss the risks associated with property purchases, compare and contrast our journeys, look at how this market differs from FinTechs and gain insight from Thirdfort, a firm which specialises in providing identity verification and source of funds checks for lawyers in the property market. 

What are the risks?

Before we dive into the FINTRAIL team’s experience of property purchases, we should look into the risks associated with the property market. Laundering money through the purchase of property is often described as one of the oldest known ways to legitimise ill-gotten gains. As property purchases naturally involve high prices, it is an easy way to move large sums of criminal proceeds. Properties can also be used operationally in a criminal’s organisation - potentially as a way to generate legitimate income via rent or as a location for other illicit activity. Another risk to be aware of, which is highlighted in HMRC’s risk assessment for estate agency businesses, is the risk of overseas buyers, especially from higher-risk jurisdictions. Property purchases may be made with the proceeds of crimes committed in other jurisdictions, including but not limited to bribery and corruption and even sanctions evasion. Transparency International published a paper in 2015 which showed the extent of this risk: 40,725 London property titles were held by foreign companies of which 4.89% were held by companies incorporated in secrecy jurisdictions. 

As the risks faced by the parties in the property sector are being increasingly highlighted by numerous governmental and non-governmental organisations, it is not surprising that the property sector in the UK has come under scrutiny by both law enforcement and the supervisor under the Money Laundering Regulations, HMRC. Unexplained wealth orders (UWOs) are a type of court order used in the UK to compel the target to reveal the sources of their unexplained wealth. It uses the reverse onus principle, where the burden of proof shifts to the target. We have seen the majority of UWOs being issued to find out how multiple high-value properties had been financed, and in the most recent case saw nearly £10m of assets handed to the National Crime Agency. This shines a light on the need to understand the source of funds used to purchase a property and if this is in line with the individual’s profile. In 2019, HMRC fined Purplebricks for breaches concerning failures in having the correct policies, controls and procedures, conducting due diligence and timing of verification. This highlights the need for the sector to have the correct level of customer due diligence in place, which involves understanding and verifying who your customer is. 


Our Journeys 

house buying-01.png

Where is the technology? 

The first interesting observation is the lack of technology in most of our journeys. Lauren was lucky as her solicitors used an app for verification and a portal to update on progress. Being able to take a picture of your ID and upload a selfie is something we now come to expect in the FinTech space, which was replicated here. However, for Rachel and JP, the methods used to verify their identity, including certifying copies of documents or having to see someone face-to-face, were time consuming, costly and quite surprising given the online methods we know work very well in identifying and verifying individuals today.  At the time of JP’s purchase, the national lockdown was underway and COVID restrictions were in place for all businesses. To require face-to-face contact when businesses should have been operating as “COVID secure” does not seem logical, especially with the numerous contactless options that are available.  

Thirdfort have noted that the legal sector is embracing technology at an increasing rate, and certain developments mean that this trend is likely to continue apace. The HM Land Registry recently announced that they are now accepting digital signatures, and the Ministry of Justice temporarily accepted video witnessing of wills during this year’s lockdown. At the same time, law firms have had to digitalise their approach to client due diligence due to social distancing and lockdown restrictions, so it seems that the process of buying or selling a property is set to become more tech-focused. 



So what if the industry took more of a risk-based approach?

Using a risk-based approach is an expected element in a risk management framework. Within the conveyancing process, a risk-based approach could include collecting different levels of information and documentation for identity verification, varying the beneficial ownership threshold for verification, and collecting different levels of evidence for source of funds/wealth all in line with the risk of the customer. To help define that risk-based approach, a risk assessment should be conducted to identify the areas with the biggest risk exposure and tailor the procedures to mitigate those risks. HMRC recently published guidance to help estate and letting agents identify and understand where those risks could lie. 

 

In our cases, there appeared to be a lack of a risk-based approach for Lauren with her source of deposit checks from the solicitors.  A small percentage was kindly gifted by her mum, who was then asked to prove her source of funds with numerous bank statement requests. Given Lauren’s mum has been a working professional for a number of years and has accumulated savings over those years, the level of detail required for her to prove this seems excessive. This point is emphasised more when you look at JP’s source of funds check.  His proceeds came from the sale of another house, but this was not investigated in detail to ensure the funds did not come from another source. At FINTRAIL we encourage all our clients to treat their anti-financial crime checks as something more than a “tick box exercise”, which does not seem to be the case in relation to JPs SoF checks.

What next? 

Here are some key takeaways for the property market to consider:

  • Conduct a risk assessment to ensure you identify and better understand the key financial crime risks you are facing. 

  • Look out for red flags of suspicious activity, which may include:

    • Anonymous or difficult to identity owner 

    • Unusual or inconsistent income 

    • Over or under estimated property prices

  • Take advantage of the technology out there to create a smoother customer journey while still mitigating risks.

  • Apply a risk-based approach to your financial crime framework to ensure you are focussing your attention on the highest risk areas, especially when it comes to verifying source of funds.

  • Apply more targeted client due diligence and enhanced due diligence to specific areas of risks identified, rather than applying the same standard measures across the board. This allows firms to mitigate the actual risk posed by the customer rather than just conducting a tick box exercise.

  • Look out for HM Land Registries guidance on digital identity checking in conveyancing.

  • In light of the Covid-19 pandemic, companies such as Thirdfort have shown the importance of individuals being able to complete their due diligence checks in the comfort of their own home. It is important to hit a comfortable ground between ensuring firms can verify clients and manage risk compliantly and taking some of the pain-points out of property transactions for the client.


If you’d like to learn more, please contact Lauren Vincent, Team Coordinator, or email us directly at: contact@fintrail.com.

FINTRAIL Monthly REG-CAP Nov 2020

FINTRAIL is producing a monthly regulatory summary of any FinCrime changes that may be occurring in Europe and beyond.

This one pager will cover:

  1. Key updates from global and local regulators

  2. Key updates from industry guidelines

  3. Additional insights identified from financial intelligence units

November 2020

In November’s issue, we cover post-Brexit sanctions.


Other highlights include two important reports published by Europol.

What other regulations changes caught your eye in November?

If you are interested in speaking to the FINTRAIL team about any of the items in the REG-CAP, have any ideas for inclusion or want to discuss any other financial crime topic please get in touch at: contact@fintrail.co.uk

FINTRAIL Monthly REG-CAP Oct 2020

FINTRAIL is producing a monthly regulatory summary of any FinCrime changes that may be occurring in Europe and beyond.

This one pager will cover:

  1. Key updates from global and local regulators

  2. Key updates from industry guidelines

  3. Additional insights identified from financial intelligence units

October 2020

In October’s issue, we cover FATF’s response to Weapons of Mass Destruction proliferation financing.


Other highlights include the INTERPOL-EUROPOL 8th cybercrime conference and the removal of Sudan from the US sanctions list.

What other regulations changes caught your eye in October?

If you are interested in speaking to the FINTRAIL team about any of the items in the REG-CAP, have any ideas for inclusion or want to discuss any other financial crime topic please get in touch at: contact@fintrail.co.uk

FINTRAIL Monthly REG-CAP Sep 2020

FINTRAIL is producing a monthly regulatory summary of any FinCrime changes that may be occurring in Europe and beyond.

This one pager will cover:

  1. Key updates from global and local regulators

  2. Key updates from industry guidelines

  3. Additional insights identified from financial intelligence units

September 2020

In September’s issue we cover FATF’s report identifying red flag indicators of money laundering and terrorist financing through the use of virtual assets.


Other highlights include new UK sanctions issued against Alexander Lukashenko and his associates following election rigging in Belarus, and some interesting new insights from Companies House on additional controls being brought in to help fight fraud and money laundering.

What other regulations changes caught your eye in September?

If you are interested in speaking to the FINTRAIL team about any of the items in the REG-CAP, have any ideas for inclusion or want to discuss any other financial crime topic please get in touch at: contact@fintrail.co.uk

How to conduct Customer Risk Profiling in the Gaming Industry

Regulations and Guidance

As part of the regulated sector within the UK, those in the gambling sector classified as remote or non-remote operators, are required to meet their obligations within the Money Laundering Regulations 2017. One of these requirements is to assess the level of risk a client may represent to the business and apply appropriate due diligence to match that risk. 

The Gambling Commission, in its industry guidance for the prevention of money laundering and combating the financing of terrorism under section 6.2, also highlights the need for operators to perform risk profiling against its customers.  

Paragraph 6.2 from the Gambling Commission’s industry guidance for the prevention of money laundering and combating the financing of terrorism.

What does this mean practically?

Having a clear understanding of the inherent financial crime risk within the business is important. This is likely to be already done through a risk assessment process but when thinking about financial crime in the gambling sector the most prevalent risks are probably fraud or traditional money laundering. 

An example could look like:

A table of financial crime inherent risk ratings with levels for the gambling industry

Once the inherent financial crime risk is understood, it allows for better context of what risks the operator may be exposed to and subsequently what needs to be considered when assessing the risk of the customer. 

Consideration can then be made on the data points used which would initially be obtained through the registration process and any due diligence information collected. Whilst data points like country are still important, given that the key financial crime risk may be fraud, operators may wish to consider additional data points such as the email address, phone number or device to be included.

Now the data points have been established, in line with the inherent financial crime risks, an operator can consider how the scoring itself will work. Whilst you may think a complex risk profiling model is best, that may not be the case as it needs to be scalable, easily modifiable and explainable to the regulators.

Finally once the scoring is complete, ensuring you map the output to your due diligence process is the final step. This will enable an operator to offer a lower friction process for lower risk customers whilst still being able to identify higher risk customers allowing the application of enhanced due diligence. 

Dynamic Model

The profiling of an operator’s customers shouldn’t stop at onboarding though. In order to operate an effective customer risk profiling model which meets the regulatory requirements, mitigates the risk of financial crime and protects customers from harm from a responsible gambling perspective, operators should ensure it is dynamic. This means that rather than just using the data collected at onboarding to assess the customers risk, operators should use data collected from how the customer interacts with the product and also any additional due diligence obtained.  

Responsible Gambling

It is no surprise that some of the more recent fines coming from the Gambling Commission relate to operators failure to protect its customers from a responsible gambling perspective alongside failures to have appropriate controls to guard against money laundering.

In May the Gambling Commission published tighter measures to be implemented by operators, as part of their COVID-19 response, to protect their customers during lockdown. These measures include various points on assessing their clients:

  • Review thresholds and triggers for new customers to reflect the operator’s lack of knowledge of that individual’s play and spend patterns

  • Conduct affordability assessments for individuals picked up by existing or new thresholds and triggers which indicate consumers experiencing harm - limiting or blocking further play until those checks have been concluded and supporting evidence obtained, and;

  • Implement processes that ensure the continual monitoring of their customer base – identifying patterns of play, spend or behaviours have changed in recent weeks.

Responsible gambling has strong links to financial crime with various cases documented being linked to those who were using stolen funds to spend. This means that responsible gambling is an important risk factor to be included within any operator's customer risk profiling model alongside the traditional financial crime risks mentioned above. Data points for consideration could be methods of payment, deposits and behavioural patterns.

If operator’s continue to ineffectively implement custom risk assessment models, and choose to not include a responsible gambling aspect, we can only expect more fines to be issued in the near future for both responsible gambling and money laundering failures.


How to approach creating a new customer risk assessment model

Here are FINTRAIL and TruNarrative’s key takeaways when considering a customer risk profiling model:

  • Understand the inherent risk your customers represent to the business

  • Ensure you select the correct data points unique to your clients and product offering

  • Make sure the risk profiling is dynamic and doesn’t just stop once the customer is onboarded

  • Consider the inclusion of responsible gambling within your customer risk profiling 

  • Marry your due diligence process to your customer risk profiling

  • Take into consideration how you would implement your model using technology providers like TruNarrative to ensure if a players risk or behaviour changes, you get an instant alert and action

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch with the team at: contact@fintrail.co.uk

This article is also available via TruNarrative’s website.

On Demand Webinar: How to Implement eKYC & Keep Online Customers Safe

The recent shift towards digitisation has pushed businesses to review their KYC processes, and implement new strategies to protect their customers online.

In this on demand webinar, Robert Evans Fintrail co-founder and Claire Galbois-Alcaix at Jumio will discuss:

- The impact of digitisation on businesses and their customers
- The latest risks and compliance challenges
- How to implement a successful eKYC
- Tech innovations that help organisations keep their customers engaged
- Changes to the regulatory landscape and the future of eKYC

As people spend more time online, they leave a digital trail of information that can be used against them if put in the wrong hands. The convergence of online and offline has opened up entire new pathways for fraudsters, money launderers, and identity thieves to assume another person’s identity.

KYC (Know Your Customer) refers to the process of verifying the identity of your customers, either before or during the time when they start doing business with your organisation. With eKYC, businesses are able to perform identity verification and due diligence electronically, but must ensure they have the correct end-to-end identity verification strategies in place.

Rob and Claire will share tips and best practices organisations can follow to simplify their eKYC.

Islamic FinTech and Financial Crime: A different risk profile?

With particular thanks to insha, Kestrl, MyAhmed and Niyah.

Just like every other sector of the global financial industry, Islamic finance is increasingly going digital.  There is a growing number of start-ups positioning themselves to benefit from the rapid global development of the FinTech market, coupled with the booming growth of Islamic finance.  Islamic finance is sometimes considered a niche area, but this ignores the actual size of the sector, with a consumer base of 1.8 billion Muslims globally and an estimated market value of $2.5 trillion in 2018, forecast to grow 40% by 2024.  These start-ups sit at the convergence of these two growth areas, and believe that young Muslims in particular will be drawn to products designed to facilitate integrating their faith and ethics with all aspects of their daily life, plus the ease and superior design features of a digital product.  

Most growth in Islamic finance in recent years has been rooted in traditional banking services, but change and dynamism in the sector is translating more and more into digital offerings and FinTech startups.  In 2019 there were an estimated 93 Islamic FinTech startups globally, including challenger banks for retail and SMEs (e.g. Kestrl, MyAhmed and Niyah in the UK and insha in Germany) as well as wealth management (e.g. US-based Wahed Invest), crowdfunding (e.g. Ethis Ventures in Malaysia and Indonesia) and crypto (e.g. Dubai-based trading platform Huulk).  P2P finance and InsureTech are cited as top sectors for growth in 2020.  Existing Islamic banks have also jumped on the digital bandwagon, especially in the Gulf, such as Bahrain Islamic Bank which launched the first fully-fledged Islamic digital bank in 2019.  The largest market for Islamic FinTech startups is Indonesia, followed by the US, the UAE and the UK. 

It’s interesting to note that many shariah-compliant FinTechs are keen to reach out to potential customers beyond the Muslim population in recognition of many people’s dislike and distrust of conventional financial services and desire for a more ethical, partnership-based approach.  To this end, many Europe-based FinTechs in particular notably focus on the ethical dimensions of their product rather than just guaranteeing shariah-compliance, and market themselves as ‘ethical’ or ‘values driven’ rather than explicitly as Islamic, halal or sharia-compliant.  This is also reportedly popular with Muslim customers, especially the young, who are more interested in services that focus on ethical considerations rather than “tick-box” shariah compliance.

Islamic Finance and FinCrime 

Islamic and conventional finance most obviously differ in terms of the products offered and the target client base.  But what of the risks they face, specifically financial crime?  Are there certain financial crime risks which Islamic finance institutions are more exposed to, or conversely where the specificities of Islamic finance help protect them?  And are there particular things Islamic FinTechs should be thinking about as they design and build their financial crime programmes?

This piece isn’t going to get into the complexities of Islamic finance and how transactions are structured.  However, there are a couple of key concepts that are useful to set out here.  Firstly, Islamic finance prohibits earning or paying interest, with a focus instead of profit (and risk) sharing.  This results in a model where banks and their customers act as ‘partners’, which differs from the usual client relationship.  Islamic finance also prohibits business in sectors considered forbidden or haram, such as alcohol, gambling, pork or adult entertainment.  And finally, Islamic finance does not condone excessive uncertainty or speculation.

On an academic level, relatively little attention has been paid to financial crime risks in relation to Islamic finance and there have been few, if any, studies on relevant money laundering/terrorist financing methods and trends.  International standards for AML/CTF regimes (such as those issued by FATF) make no provisions for Islamic finance, and are adopted wholesale even by countries with sizeable Islamic finance sectors without any adjustments.  The papers which have been published (e.g. by ACAMS) tend to conclude there’s no evidence the ML/TF risks in Islamic finance are different from those in conventional finance, or that it faces unique typologies or methods.  If anything, they conclude certain features of Islamic finance are likely to lower the ML/TF risks, such as the ‘partnership’ relationship between the financial institution and the borrower/lender, and the fact transactions are structured around the purchase/sale of underlying assets, which ties them to real-world valuations and makes it harder to disguise illicit flows.  

FinCrime for Islamic Fintechs

So what does this mean for Islamic FinTechs in particular?  Given the relatively scant attention paid to the topic by regulators and external bodies, and the prevailing tendency of conventional Islamic banks to treat financial crime the same way as everyone else, it is hardly surprising we’ve yet to see Islamic FinTechs formulate a specific approach to financial crime.  And nor is it clear that they need one, given the current state of the market and the product types that most existing Islamic FinTechs offer.  Where the academic studies do identify differences between conventional and Islamic finance, it is generally in relation to complex products such as trade finance and investment banking.  These are areas which have yet to be targeted by Islamic FinTechs, which so far are mostly focused on P2P lending / crowdfunding and retail banking.  In these areas, it is hard to see many ways in which the shariah-compliant aspects of the products could affect the AML/CTF risks.  The one concrete example is almost a coincidental positive for Islamic finance - several of the sectors considered prohibited are also ones recognised as high risk for financial crime, such as gambling, adult entertainment and arms/defence.  However the lack of any other discernible differences is borne out by a number of Islamic FinTech start-ups consulted by FINTRAIL, who confirmed that they don’t approach financial crime risk differently to their conventional counterparts and aren’t aware of any nuances or differences in the risks they face.  For instance, one European challenger bank confirmed it uses a banking-as-a-platform provider to manage compliance, meaning it is comfortable using an off-the-shelf solution designed initially for non-Islamic institutions.  

So, looking at the products and business models of Islamic FinTechs on paper indicates no real distinction.  However there is one real-world factor which does make a difference - customer base.  One standout issue is the provision of services to mosques and religious charities, which collect huge amounts of zakat donations, and can find conventional financial institutions reluctant to deal with them (and often Islamic institutions too).  Charities, especially religious charities, are recognised as a high risk sector for AML/CTF risks, and coupled with payment corridors to high-risk countries where Islamic charities are likely to operate, places them outside of risk appetite for many conventional banks.  Specialist Islamic FinTechs may be more prepared to find ways to mitigate the risks and serve these clients, as part of their ethical mission.  

In Europe, concentration risk and the makeup of the target client base may also pose particular challenges (but also opportunities) for Islamic FinTechs.  Their customers will be particularly homogenous, which may make them more vulnerable if a fraudster can work out a successful way to target this group.  This would involve knowing how to mimic real customers’ identities and activities, as well as frauds designed to exploit religious sentiment, e.g. by using fake charity appeals during Ramadan.  Beyond fraud, while many customers will be UK/EEA nationals, those who are foreign nationals are more likely to come from countries deemed high risk for ML/TF, and popular payment corridors for cross-border payments are also likely to involve such countries.  This will all result in a high level of declined applications, high-risk clients, and transaction monitoring alerts, especially if companies use generic risk appetites and customer risk assessments or off-the-shelf monitoring solutions, or outsource their compliance programmes to banking-as-a-platform companies.  

Conventional indicators and methodologies may thus not enable Islamic FinTechs to assess their client bases intelligently, and to work out if there are ways to mitigate any inherent  risks in line with their own risk appetites.  If they choose to accept these risks, they’ll need to ensure they can identify the most high-risk activity on their books, and dedicate their attention and resources appropriately.  And if done right, they are uniquely well-placed to do so - they can use their greater familiarity with these client groups and any existing data to benchmark usual, unconcerning behaviour vs. activity they deem suspicious.  For instance, huge cash deposits from a mosque during the last ten days of Ramadan would be immediately understood and contextualised.  And while a conventional retail bank may see all payments marked as ‘zakat’ as high risk, an Islamic FinTech can use their richer datasets and contextual understanding to refine their monitoring systems and investigate hits to identify the most high-risk of these payments, to make sure they are allocating their time and resources effectively. In doing so, they have the potential to play a positive social role by ensuring inclusion - enabling fair and affordable access to financial services to those frequently excluded or disadvantaged by conventional financial institutions.

So to summarise, the distinctive financial crime concerns of Islamic FinTechs lie not in the theoretical nature of how they operate or the mechanics of their product offering, but in the real-life nature of their client bases.  This idea is not unique to Islamic entities; in the increasingly crowded FinTech sphere, more and more firms are seeking a niche and are catering to specific client groups that pose a heightened financial crime risk on paper, such as expatriates sending remittances to specific high-risk countries, or sectors such as gambling or crypto that struggle to open accounts with conventional banks.  The lesson for all these companies is that, while they must recognise the inherent risks posed by their client bases, they can and should tailor their financial crime programmes to adopt a risk-based approach, identify their own top risks, and allocate their resources appropriately.

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic, or any other elements of building or refining a customised financial crime programme, please get in touch with contact@fintrail.co.uk or maya.braine@fintrail.co.uk

There is also further guidance available on the FINTRAIL website, including on defining a risk appetite, using data to drive a financial crime programme, and promoting financial inclusion.

FINTRAIL joins Tide on the Jumio Webinar: Covid-19 Anti Financial Crime Best Practices

Gemma Rogers, Co Founder at FINTRAIL joined Rebecca Marriott and Matthew Tataryn of Tide and Sam Duggan of Jumio for a live panel discussion moderated by Claire Galbois-Alcaix. In the webinar they cover:

  • The financial crime impact COVID-19 has had on financial services providers

  • The main financial crime threat factors that businesses are having to adjust to

  • How the FCA's latest recommendations can help businesses in the short term

How Social Media is used to Further Financial Crime - Part 2

Similarly to most 18-year-olds, “Carlos” is glued to his phone, constantly refreshing his social media feeds and scrolling through friends’ pictures. In contrast with many other teenagers though, Carlos’ uploaded photographs illustrate a level of opulence and a life of excess. Carlos and his friends are pictured holding wads of cash, draped in designer clothes, Rolex watches on their wrists, and driving around London in a Mercedes. This seems quite implausible for an individual who left school after GCSEs and is now a junior employee at a central London restaurant (1).

 

Is the use of social media helping to fuel this problem? The HM Inspectorate of Probation’s report, ‘The Work of Youth Offending Teams to Protect the Public’, have described social media platforms as the “catalyst for some of the most serious and violent crime offences” (2). This is of no surprise as there has been a generational shift, with youngsters now living in a progressive online world which some adults just cannot get to grips with.

 

In Part 1 of this series, FINTRAIL used four basic money-mule associated search terms to pre-identify social media accounts of interest and those assessed to be associated with potential mule activity. These search terms were “Legit money UK”, “Easy Money UK”, “Flip Money” and “Instant Cash UK”. This investigation now seeks to focus on the initial phase of money mule recruitment and how by disrupting this critical stage it can disrupt the rest of the money mule value chain. However, it is important to first understand the money mule life cycle  which looks like this:

A simple diagram breaking down money muling into four steps; step 1 how to entice on social media, step 2 where they get a DM and get money deposited, step 3 the mule transfers money across their accounts, step 4 the mule gets caught and faces the c…

Honing in on Step 1 i.e. contact over Social Media, FINTRAIL have identified a number of key indicators of which combined together likely indicate an attempt to lure someone into Money Muling; these fall into two categories, visuals and language.

The likelihood of money muling being carried out on the internet depicted as visuals, e.g the images of cash etc to lure and the language used e.g. quick cash etc.

Visuals: There are a combination of images used that show instant gratification; key features include cash, cars, watches and evidence that large sums have been transferred into bank accounts. Further to this, many of the pages had adverts in their “stories” asking people to DM them if they want to make money quickly and requested people with very specific bank accounts to get in touch.

Language: By doing a simple drag and drop of Facebook, Instagram and Twitter pages into a tag cloud generator, FINTRAIL identified the types of language used across all platforms; the more popular the word, the larger it appears. The language used on the accounts really highlighted three key areas; fraudsters would request a specific bank account whether Barclays, Lloyds etc, then offer free fast easy money and explain that this was only a DM or whatsapp message away.

High chance of money muling: The combination of these images linked with these words are likely to indicate and point to something unsavoury and potentially illicit. This combination of factors can be used by social platforms to limit the likelihood of false positives when monitoring behaviour on their platforms and if kept up to date with evolving typological information, would create a far more effective disruption to wholesale financial crime scams than the over reliance on the regulated financial sector, by which point the damage is already done and the act of money laundering has already occurred.

So What Next? 

For FINTRAIL our money-mule journey on the social media platforms ended with the phrases “DM me for more info” or “whatsapp me”. However, in reality we know that this is only the beginning. We know that from here, behind the scenes, bank details are exchanged and money transfers are being made. This is where law enforcement has a critical role to play, coordinated with social media platforms, so that more can be done upstream to reduce the impact and have far more effect, reducing harm across the value chain of money mule activity.

 

Instagram as well as Facebook, use a new AI system Deep Text to essentially deal with and counteract major issues such as cyber bullying as well as malicious posts and comments. If the Instagram algorithm detects or finds provoking content, it’s discarded immediately. This demonstrates that technology already exists that can have an enormous impact on how social media platforms are abused (3).

A robust disruption of Step 1 of the money-mule cycle that is facilitated by social platforms will have a significant downstream impact where the end result would likely amount to a positive reduction in;

  • harm and exploitation of vulnerable people

  • costs to law enforcement effort (investigating money-mule cases)

  • the burden on the UK and global Suspicious Reporting Regimes

  • the burden placed on those operating in the regulated financial service sector


Very clearly, this needs to be an industry wide coordinated effort with law enforcement at the forefront and social media platforms on board. During the fifth Europol Money Mule Action (EMMA 5) week, 3883 money mules were identified alongside 386 money mule recruiters; 228 of these were arrested. As a major catalyst of money muling recruitment, social media platforms should share the burden and play their part in the deterrence of money muling by utilising technology they already have.

Get in Touch
If you are interested in speaking to the FINTRAIL team about the topics discussed here or any other anti-financial crime topics, please feel free to get in touch with one of our team or at contact@fintrail.co.uk

(1) How teenage money mules funnel millions from online fraud

(2) Monitor social media of young offenders to prevent crime says watchdog

(3)  Instagram leverages AI and big data

How Social Media is used to Further Financial Crime - Part 1

Introduction

Facebook, Instagram and other social media platforms have created simple methods of association. This in itself is both social media’s greatest strength and greatest weakness. You can share friendships globally but those with nefarious intent also have the mechanisms to create connections and identify vulnerable individuals that can be exploited to further their criminal activity.

Over the course of one week (pre-Covid-19 crisis) and as a follow up to our last article on this topic “The Role of Social Media in Furthering Financial Crime”, FINTRAIL conducted research on three key social media platforms, to assess the exposure of the platforms to financial crime activity - specifically money muling. This exercise should be considered a basic benchmark of the problem; our analysis suggests the scale is significant and likely to be systemic to the way money mule networks operate. This is further emphasised when you consider all the available social platforms likely to be used and private/DM functionality that keeps much of the content private. 

Methodology

Research material was obtained through passive observation, some of the groups identified were joined but at no time was there any form of direct engagement. FINTRAIL used four basic money-mule associated search terms to pre-identify accounts of interest and those assessed to be associated with potential mule activity. These were then manually reviewed to assess the group activity.

For this benchmarking FINTRAIL focused on three platforms; Facebook, Twitter and Instagram. The below infographic depicts the findings. Note: there has been no formal network analysis done to identify any crossover between platforms.

Findings

Image with textual findings of money mule search terms across social media, with images on the right hand side of examples of the types of messaging that is seen on social media.


Summary

Pre-Covid-19, many people were already anxious about their financial situation, making them vulnerable to exploitation by criminal gangs seeking to develop mule networks. Research completed by Barclays revealed 6 in 10 people (60%) of respondents were worried about their finances on a weekly basis. 

Since Covid-19 started to bite globally, significantly more people have become financially vulnerable with more people out of work and in dire need of money to cover living costs. These factors create the ideal conditions for criminal gangs to target the vulnerable and there is likely to be a significant increase in the number of people who fall into the trap of money muling.

We will be investigating further into this topic in Part 2 looking to provide some practical information that social media platforms (and others) could use to help in identifying and preventing this kind of activity.


If you have any comments or would like to discuss the issues in this post, or wider anti-financial crime topics, please feel free to get in touch with one of our team or at contact@fintrail.co.uk