regulation

FINTRAIL MONTHLY REG-CAP Jan 2021

FINTRAIL is producing a monthly regulatory summary of any FinCrime changes that may be occurring in Europe and beyond.

This one pager will cover:

  1. Key updates from global and local regulators

  2. Key updates from industry guidelines

  3. Additional insights identified from financial intelligence units

January 2021

This RegCap summarises any regulatory updates within January 2021.

Some highlights include the update of the Corruption Perception Index being published and a paper from RUSI on the impact of fraud on the UK’s national security landscape.

What other regulations changes caught your eye in January?


If you are interested in speaking to the FINTRAIL team about any of the items in the REG-CAP, have any ideas for inclusion or want to discuss any other financial crime topic please get in touch at: contact@fintrail.co.uk

Goodbye 2020: Highlights of the year from the Europe team

Regulatory Changes

Throughout 2020, the financial sector saw a number of changes - including regulatory change. Whilst the year had its fair share of bad press around the adoption of regulation, there were also a number of positives to come out of 2020.  The implementation of the Fifth Anti-Money Laundering Directive (5AMLD) at the start of the year and the newly updated UK National Risk Assessment were long awaited updates that will help to drive positive change within the financial sector and beyond.   

Fifth Anti-Money Laundering Directive 

The 5AMLD came into force on January 10th 2020. The directive brought a number of changes, which now applied to firms that were previously unregulated. The 5AMLD now covers cryptocurrency firms, high value dealers (anything over 10,000 euro), and estate agencies. In 2020, cryptocurrency firms started to bolster and refine their anti-financial crime frameworks  - a sure result of 5AMLD.  

UK National Risk Assessment

Towards the end of the year the UK released it’s 2020 National Risk Assessment - an update on the 2017 Risk Assessment. The changes (highlighted in our December 2020 RegCap) included a number of increased risk levels for some specific industries such as property and trust/company service providers. The assessment also included initial ratings of newly regulated sectors such as estate agents. No areas saw their risk levels lowered, either for money laundering or terrorist financing. 

FINTRAIL Projects: Europe

Whilst the year wasn’t quite as many had planned, we at FINTRAIL continued to work with our global client base to deliver the best of anti-financial crime consultancy. The year saw us work on a number of different projects, from risk assessments to creating due diligence policies. Two areas that increased in popularity this year were audits and training. 

Audits often get a bad reputation. They are a regulatory requirement and often seen as a burden. However, these can be extremely useful tools and help to shape and prioritise the year ahead for your anti-financial crime function. We conducted several audits in 2020, from a crypto firm’s first audit to working with a challenger bank who is well versed in the audit process. 

Firms have also looked to either increase their knowledge or change the way they are learning and conducting training. Despite the challenges of working from home, FINTRAIL delivered bespoke, specialist training - albeit from behind a screen. This appetite for training stretched across most companies with an increase in requests for training of more junior members of staff as well as the more senior compliance employees. RegTechs also requested training in 2020, to ensure their sales teams were attuned to the latest regulations; understand where their product fits into their potential clients’ lives; and were aware of the problems it solves. Alongside RegTech partners, our clients within the training space in 2020 included challenger banks, crypto firms and law enforcement agencies to name a few. This trend for increased training is likely to continue into 2021.

Another highlight of the year was conducting work in the investigations space. One particularly interesting project included a due diligence review and evaluation of the specific risks posed by a particularly high-risk client. FINTRAIL also assessed the current control measures in place and offered suggestions for enhancements to the financial crime control framework to mitigate the risk further. 

Part of  2020 was also spent leading a major transformation project within a bank's anti-financial crime function. This large scale project was great to work on, as it involved delivering various pieces of work from an enterprise wide risk assessment to customer due diligence policies, right the way through to the training programme for its employees. FINTRAIL successfully helped to shape a more effective compliance framework for the bank, entirely through remote delivery.  

Looking to the future

Entering into 2021, we look forward to working with our existing and any new clients that the year may bring. There are already early signs that the year could be an eventful one, with rapidly changing crypto regulation through to Brexit finally being realised. 2021 is sure to bring its challenges - and opportunities.


Getting tough in 2020: Lessons learned from a landmark year of AML fines in APAC

APAC has overtaken the US in terms of the value of enforcement actions for the first time since 2015 with regulators imposing approximately USD 5.1 billion in fines for AML and KYC violations in 2020.¹ This is a result of two landmark fines imposed against Goldman Sachs for its involvement in 1Malaysia Development Berhad (1MBD) and Australian bank Westpac for its money laundering scandal with links to serious crimes. As a result of this landmark year for penalties, what are some of the key high level takeaways for APAC and how can financial institutions prevent these occurrences happening in future? 

Back to Basics

The material failures of Goldman Sachs and Westpac highlight that there is a need for financial institutions to go back to the very basics in understanding the underlying reasons for AML laws and why financial crime controls and oversight is so important. So often financial institutions approach financial crime compliance with a checklist attitude failing to understand the complex and evolving nature of financial crime risk, as well as forgetting the human impact of the underlying predicate crimes of money laundering. After the material failings of this year, compliance professionals, senior members of staff and board members should pause to reflect and ask themselves why AML and KYC controls are so critical in not only mitigating money laundering risk but also in preventing harm to the victims of financial crime. 

Both landmark cases of 2020 highlight there were significant failings of financial institutions in performing adequate customer due diligence. In the case of Goldman Sachs, the initial red flags identified in regards to the source of wealth and suitability of Malaysian businessman Jho Low as a private banking customer were allegedly dismissed by the deals team and business was actively pursued with Jho Low and his associates indirectly through the three 1MDB bonds held with Goldman Sachs. Whilst the wrongful actions of the deals team highlight a fundamental cultural concern within the bank, the fact that Goldman’s ongoing monitoring and due diligence controls do not identify the ongoing connection between the 1MDB bond transactions and Jho Low is also an area of concern. This ability to circumvent controls by the deals team as well as failures in the ongoing monitoring of customers and transactions highlight several lessons for financial institutions:

  • Due diligence is by no means a one time event. It should be conducted at the start of a relationship but also holistically and throughout all relationships.

  • All business decisions should be recorded in sufficient detail and accessible to all business areas. If at any point the relationship is terminated or declined a clear rationale should be recorded in the customers due diligence records and used as intelligence for ongoing monitoring activity.

  • Deliberate dismissal of financial crime red flags for the purpose of lucrative and unsavory business or the personal gain of employees may exist and there must be adequate internal controls and oversight to mitigate this type of behavior

Similarly, the Westpac scandal in which Westpac has admitted to “breaking the law by failing to monitor whether a dozen customers were making transactions consistent with child exploitation” also touches upon the importance of ongoing customer due diligence and monitoring.² Allegedly it was known to the bank that a customer had an existing conviction for child exploitation offences and was one of many customers sending funds to the Philippines where child exploitation is a serious concern. AUSTRAC have identified this as a failure to carry out appropriate customer due diligence in relation to suspicious transactions associated with possible child exploitation cases. Here we can learn that:

  • Customer risk evolves and ongoing monitoring solutions should be robust enough to detect and monitor any changes to customer behavior or suspicious activity, particularly those customers and transactions that are considered higher risk. 

  • AML professionals should be regularly trained on current and evolving money laundering typologies by regions, products, service offerings, customers types etc. Criminal groups and those responsible for laundering money are getting smarter. It is therefore important for transaction monitoring systems to stay relevant but also for the individuals monitoring the alerts. 

Financial Crime Compliance is everyone’s responsibility 

In this increasingly competitive climate with traditional banks losing footing to digital and neo-banks, the reputational damage and hefty fines as a result of AML/CTF breaches is no longer something banks can take lightly. As such, financial crime compliance should be at the forefront of everyone’s agenda across the business including at the most senior levels. The Goldman Sachs scandal showcases how the siloed approach between the sales team, senior management and the compliance function lead to information slipping between the cracks, and exposing Goldman to bribery and corruption. 

The due diligence failings relating to Jho Low provides one example of how a siloed approach to KYC allowed the sales team to circumvent controls and onboard Jho Low as an indirect customer via the 1MDB bonds. Similarly, allegations surrounding bribery in relation to the 1MDB transactions were allegedly known to Goldman, in which the Malaysian unit admitted to “knowingly and willing” paying bribes to foreign officials.³ These red flags were allegedly ignored by the relevant personnel instead of alerting higher-ups to problems with the bonds. Chief Executive, David Solomon, highlighted that ‘while many good people worked on these transactions and tried to do the right thing, we recognise that we did not adequately address red flags and scrutinise the representations of certain members of the deal team”. The 1MDB investigation highlights there was a problem with the corporate culture in the Malaysian division which looked to emphasize revenue and sales over honest business and compliance. 

Similarly, following the findings of AUSTRAC’s investigation and the headlines linking Westpac to child exploitation, Westpac’s Senior Management and Board of Directors have openly discussed and committed to address the concerns of its corporate culture and governance and accountability frameworks and practices, admitting that Westpac has “been focused on finding individuals to blame for problems when they arose rather than addressing systemic issues”⁴. According to Westpac, it follows the three lines of defence model to detect and combat risk, however, has admitted that this is not ‘consistently understood and embedded’ in the bank meaning that roles, responsibilities and accountabilities are often misunderstood and have allowed some things to fall through the cracks⁵. 

How can cultural and structural issues within a financial institution be addressed? Consider the following: 

  • Compliance is everyone’s job. Even within the sales team compliance should be at the forefront of the business agenda, ensuring that business is conducted honestly and transparently. Compliance should not be seen as a barrier to business but as a tool for the acquisition of good business to help achieve the firm's commercial and strategic objectives. 

  • A positive compliance culture lays the foundation for an effective AML/CFT framework. When talking about culture, this should include active engagement from the firm's leadership in terms of setting the ‘tone from the top,’ effectively integrating AML/CTF controls in business as usual and encouraging a healthy reward system where reward behaviour supports a positive AML culture

  • Allegations of bribery or misconduct should be taken seriously. Financial institutions should have in place suitable reporting and escalation policies and procedures to ensure red flags and concerns are identified and responded to by senior management where appropriate.

  • Financial institutions should ensure that their staff are aware of, and trained on, the escalation policies and procedures on a regular basis. 

  • A speak up culture should be encouraged, where no issue or concern is too small or unimportant. But most importantly, any concern should be addressed appropriately and by the relevant personnel. 

  • Roles and responsibilities should be clearly defined and understood in order to rapidly identify, prioritise, escalate and remediate issues.

Slipping through the cracks

Since the 1MDB scandal broke in 2016, a series of events have unfolded throughout the US, Switzerland, Malaysia, Singapore, Hong Kong and the UK. Central to the scheme were several senior Goldman bankers that managed to circumvent financial crime controls in place to siphon off approximately USD2.7 billion from 1MDB for their own personal gain as well as to pay a series of bribes to foreign officials. 

The Goldman case is notorious as not only was there criminal conduct by a number of Goldman executives but as we have seen there were a number of red flags from the onset and throughout the 1MDB relationship that were raised over the years that should have allowed Goldman Sachs to either identify misconduct and follow up on it or stop it altogether. Essentially the accumulation of letting things ‘fall through the cracks’ allowed for billions of dollars being laundered and stolen from the Malaysian people.

The series of failings linked to the 1MDB transactions highlight ineffective oversight of the internal money laundering controls at Goldman and also demonstrate a number of key takeaways: 

  • Documentation, record keeping and following up are so important. All decisions, rationales, investigations or resolutions made should be appropriately documented which will ensure that any risk is assessed and addressed at a point in time.

  • Corporate compliance programmes are not only adequate on paper, but companies need to ensure that they are adequately resourced, functioning properly, tested and that they can actually identify, stop and mitigate the type of conduct that lead to criminal charges.

  • Escalate, escalate, escalate. Where there is a concern escalate this through the relevant pathways and discuss these issues in a risk and compliance setting with individuals from the business and the compliance functions. 

  • Ensure there are appropriate measures in place to undergo “four eye” checks or reviews prior to opening or closing accounts, particularly high risk accounts, associated PEP accounts or accounts with any financial crime concerns. 

With this milestone year for APAC in terms of regulatory enforcement action, there are critical lessons that all financial institutions should take away to prevent being subject to hefty fines and reputational damage in future. Whether this is by encouraging firms to go back to the basics, pausing to reflect on the importance of a financial crime framework, ensuring that compliance is everyone’s responsibility or maintaining a robust control framework that is adequately tested to ensure nothing slips through the cracks, these are fundamental activities that financial institutions should undertake to protect the financial system and any victims from the perpetrators of financial crime.  

FINTRAIL in 2020

2020 was a challenging but exciting year for FINTRAIL in Asia. We further consolidated our presence in this region by working with a number of new clients on health checks, policy and procedure drafting, risk assessments and license preparation and application. We also continued to facilitate knowledge sharing within the FinTech community by taking our FFE meetings online. As demand for our services grew, we added to our team - we welcomed Sara in December who combines her industry experience working in financial crime operations for a range of financial institutions including private and investment banking and global payments services with expertise in agile project delivery. We have plenty in the pipeline for 2021 which promises to be our best year yet. 


If you would like to contact us about any of the topics raised in this article, or about your financial crime compliance needs in the APAC region, please contact payal.patel@fintrail.co.uk or sara.abbasi@fintrail.co.uk

¹Fenergo AML, KYC and Sanctions Fines for Global Financial Institutions reach 5.6 billion mid year
²
Westpac admits it broke law over customers' transactions allegedly linked to child exploitation
³
Goldman Sachs to pay $3bn over 1MDB corruption scandal
Westpac admits it has failed to fix culture that contributed to money-laundering scandal
⁵Westpac admits it has failed to fix culture that contributed to money-laundering scandal

Snakes and Property Ladders

How is one of the most exciting moments in someone’s life also the most stressful? 

Passports. Bank statements. Proof of employment. Payslips. So many different documents provided to so many different people.

For most people buying a house, whether for the first time or finally finding your “forever home”, is meant to be one of the best moments in their lives. But this is often soured by several journeys to the estate agents/solicitors to prove you are who you say you are or by needing to send numerous personal documents by post. 

This blog looks at the documentation and due diligence behind house buying - and how it can be simplified whilst still mitigating the risks. At FINTRAIL, some of the team have been lucky enough to have bought a place within the last 12 months. We have all experienced the good, the bad and the ugly during the process but surprisingly not all in the same area. We are going to discuss the risks associated with property purchases, compare and contrast our journeys, look at how this market differs from FinTechs and gain insight from Thirdfort, a firm which specialises in providing identity verification and source of funds checks for lawyers in the property market. 

What are the risks?

Before we dive into the FINTRAIL team’s experience of property purchases, we should look into the risks associated with the property market. Laundering money through the purchase of property is often described as one of the oldest known ways to legitimise ill-gotten gains. As property purchases naturally involve high prices, it is an easy way to move large sums of criminal proceeds. Properties can also be used operationally in a criminal’s organisation - potentially as a way to generate legitimate income via rent or as a location for other illicit activity. Another risk to be aware of, which is highlighted in HMRC’s risk assessment for estate agency businesses, is the risk of overseas buyers, especially from higher-risk jurisdictions. Property purchases may be made with the proceeds of crimes committed in other jurisdictions, including but not limited to bribery and corruption and even sanctions evasion. Transparency International published a paper in 2015 which showed the extent of this risk: 40,725 London property titles were held by foreign companies of which 4.89% were held by companies incorporated in secrecy jurisdictions. 

As the risks faced by the parties in the property sector are being increasingly highlighted by numerous governmental and non-governmental organisations, it is not surprising that the property sector in the UK has come under scrutiny by both law enforcement and the supervisor under the Money Laundering Regulations, HMRC. Unexplained wealth orders (UWOs) are a type of court order used in the UK to compel the target to reveal the sources of their unexplained wealth. It uses the reverse onus principle, where the burden of proof shifts to the target. We have seen the majority of UWOs being issued to find out how multiple high-value properties had been financed, and in the most recent case saw nearly £10m of assets handed to the National Crime Agency. This shines a light on the need to understand the source of funds used to purchase a property and if this is in line with the individual’s profile. In 2019, HMRC fined Purplebricks for breaches concerning failures in having the correct policies, controls and procedures, conducting due diligence and timing of verification. This highlights the need for the sector to have the correct level of customer due diligence in place, which involves understanding and verifying who your customer is. 


Our Journeys 

house buying-01.png

Where is the technology? 

The first interesting observation is the lack of technology in most of our journeys. Lauren was lucky as her solicitors used an app for verification and a portal to update on progress. Being able to take a picture of your ID and upload a selfie is something we now come to expect in the FinTech space, which was replicated here. However, for Rachel and JP, the methods used to verify their identity, including certifying copies of documents or having to see someone face-to-face, were time consuming, costly and quite surprising given the online methods we know work very well in identifying and verifying individuals today.  At the time of JP’s purchase, the national lockdown was underway and COVID restrictions were in place for all businesses. To require face-to-face contact when businesses should have been operating as “COVID secure” does not seem logical, especially with the numerous contactless options that are available.  

Thirdfort have noted that the legal sector is embracing technology at an increasing rate, and certain developments mean that this trend is likely to continue apace. The HM Land Registry recently announced that they are now accepting digital signatures, and the Ministry of Justice temporarily accepted video witnessing of wills during this year’s lockdown. At the same time, law firms have had to digitalise their approach to client due diligence due to social distancing and lockdown restrictions, so it seems that the process of buying or selling a property is set to become more tech-focused. 



So what if the industry took more of a risk-based approach?

Using a risk-based approach is an expected element in a risk management framework. Within the conveyancing process, a risk-based approach could include collecting different levels of information and documentation for identity verification, varying the beneficial ownership threshold for verification, and collecting different levels of evidence for source of funds/wealth all in line with the risk of the customer. To help define that risk-based approach, a risk assessment should be conducted to identify the areas with the biggest risk exposure and tailor the procedures to mitigate those risks. HMRC recently published guidance to help estate and letting agents identify and understand where those risks could lie. 

 

In our cases, there appeared to be a lack of a risk-based approach for Lauren with her source of deposit checks from the solicitors.  A small percentage was kindly gifted by her mum, who was then asked to prove her source of funds with numerous bank statement requests. Given Lauren’s mum has been a working professional for a number of years and has accumulated savings over those years, the level of detail required for her to prove this seems excessive. This point is emphasised more when you look at JP’s source of funds check.  His proceeds came from the sale of another house, but this was not investigated in detail to ensure the funds did not come from another source. At FINTRAIL we encourage all our clients to treat their anti-financial crime checks as something more than a “tick box exercise”, which does not seem to be the case in relation to JPs SoF checks.

What next? 

Here are some key takeaways for the property market to consider:

  • Conduct a risk assessment to ensure you identify and better understand the key financial crime risks you are facing. 

  • Look out for red flags of suspicious activity, which may include:

    • Anonymous or difficult to identity owner 

    • Unusual or inconsistent income 

    • Over or under estimated property prices

  • Take advantage of the technology out there to create a smoother customer journey while still mitigating risks.

  • Apply a risk-based approach to your financial crime framework to ensure you are focussing your attention on the highest risk areas, especially when it comes to verifying source of funds.

  • Apply more targeted client due diligence and enhanced due diligence to specific areas of risks identified, rather than applying the same standard measures across the board. This allows firms to mitigate the actual risk posed by the customer rather than just conducting a tick box exercise.

  • Look out for HM Land Registries guidance on digital identity checking in conveyancing.

  • In light of the Covid-19 pandemic, companies such as Thirdfort have shown the importance of individuals being able to complete their due diligence checks in the comfort of their own home. It is important to hit a comfortable ground between ensuring firms can verify clients and manage risk compliantly and taking some of the pain-points out of property transactions for the client.


If you’d like to learn more, please contact Lauren Vincent, Team Coordinator, or email us directly at: contact@fintrail.com.

Case Study: Digitisation Support

Designing Financial Crime Compliance Programme for Africa-Focused Digital Product

A case study of how FINTRAIL helped an international banking group launch a new digital product, by designing an innovative, tech-focused financial crime compliance programme.

See how FINTRAIL designed bespoke policies and procedures, processes for customer onboarding and ongoing monitoring, to ensure full regulatory compliance, effective risk mitigation, and great customer experience.

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch with the team at: contact@fintrail.co.uk