Matthew Redhead (Senior Associate, FINTRAIL) & Krista Tongring (Managing Director, Guidepost)

Matthew Redhead is a financial crime risk and intelligence specialist, who has undertaken a range of senior operational, change management and leadership roles in financial services, consultancy and government. He works with FinTechs and challengers to build responsive and smart compliance frameworks that encourage innovation whilst minimising risk. 

Krista Tongring oversees a variety of compliance issues and investigations for clients including AML, trade compliance and anti-corruption matters. Previously, she had an accomplished career at the U.S. Department of Justice having most recently served as the Acting Section Chief at the Drug Enforcement Administration Office of Compliance. She led policy discussions and developed strategies to implement new and revised policies. She also worked to establish a more efficient policy review process. Ms. Tongring spent a significant portion of her career as a federal prosecutor where she investigated and prosecuted complex criminal matters, including racketeering, money laundering, abusive trust and other tax matters, international organized crime, criminal asset forfeiture, and violations of the Bank Secrecy Act.

As close partners of FINTRAIL Solutions are aware, we have been concerned about the impact of fentanyl - a powerful and highly addictive opioid used legally for the relief of extreme pain, but also produced and sold illegally - since early last year. The illegal use of the drug is at epidemic proportions in North America, and based on Canadian government warnings, we highlighted to clients and collaborators the potential financial crime risks that the burgeoning trade in the drug posed directly to FinTechs and their customers. 

As professionals in risk management, it is easy to look at issues like fentanyl and treat them as technical problems alone: risks to be identified and mitigate. However, the fentanyl epidemic highlights the underlying human tragedies that often drive the financial crime we seek to tackle. Overdoses of illegal fentanyl are reported to have killed the singers Prince and Tom Petty,[1] while the US Centers for Disease Control and Prevention (CDC) reported in December 2018 that fentanyl is now one of the main drugs involved in overdose deaths across the US.[2]

 This blog post is the first in a series which will look at the social causes and contexts of financial crime. The aim is to look at the problem in the round - its character, causes and impact - to help remind us why it is not only important to fight the financial crime the problem engenders, but also consider the reality for people who are caught up in these illegal trades - the mules, the users and the small time dealers, who, in truth, are victims too.

The Fentanyl Problem

Fentanyl is an opioid: a category of drug that suppresses feelings of pain in the brain, whilst also engendering states of relief and relaxation. In its legally manufactured form, it is usually prescribed for extreme, chronic pain, and is rated as being up to 100 times stronger than a sister opioid, morphine. Legitimate fentanyl is usually taken as a patch, lozenge or injection, but care has to be taken, as there is a very real risk of overdose and death.[3] Fentanyl can also be illegally sourced, either through the theft and diversion of legitimate supplies, or the purchase of synthetically produced illegal variations, usually coming as a white powder that can be ‘cooked’ and injected, snorted or ingested, either on its own, or in combination with other illegal drugs, especially cocaine and heroin.[4]

 Even in the legal variety of the drug is extremely dangerous, and is classified in the top category of most countries’ controlled substance schedules.[5] Indeed, the drug is so powerful that in August 2018 it was used in Nebraska to execute Carey Dean Moore by lethal injection,[6] and has allegedly been banned on some drug supplier websites on the darknet, according to a 2018 report by the UK paper The Guardian.[7]

The Market

 There is little doubt that the current epicentre of the fentanyl epidemic is North America. In the US, the drug has had a devastating effect; in a recently published report from December 2018, the US Centers for Disease Control and Prevention (CDC) stated that, as of 2016, fentanyl is now linked to 29 percent of all overdose deaths.[8] Overall, more US citizens were killed by all opioids - of which fentanyl is most prominent - than were killed by guns or car accidents.[9] This CDC chart of opioid related deaths in the US gives some indication of the dramatic rise of the problem, and fentanyl’s role within it.

In Canada, the problem is equally significant. In June 2018, the Canadian authorities reported that over 4,000 Canadians had died from opioid overdoses in 2017, a new record, of which 72% were fentanyl or pseudo-fentanyl analogs.[11] Outside of North America, there has also been a reported rise in deaths by fentanyl in Australia,[12] New Zealand[13] and the UK[14] over recent years, although rates do not yet appear to have reached US levels. The EU Monitoring Centre for Drugs and Drug Addiction states on its website that fentanyl is a more marginal problem in the EU, affecting primarily Estonia, Germany, Belgium and Austria. However, EU statistics show that opioids as a class are becoming a greater problem in Ireland, France, Italy and Portugal.[15]

The Mechanics of the US Trade

The DEA and Department of Homeland Security (DHS) believe that the primary source of the illicit versions of the drug is China - one of the most popular terms for a range of fentanyl analogs is in fact ‘China White.’ Laboratories run by Chinese organised crime gangs produce high volumes of fentanyl, which are then marketed to other transnational traffickers, including the Mexican cartels, who move the drugs into North America. Fentanyl flows across the Pacific to Canada and Mexico via mail order services and smuggling, where it is often mixed with other drugs, and then smuggled into the US via the north eastern and south eastern borders.[16] The drug often comes in a powdered form, or disguised as the tablet forms of legal pharmaceuticals, such as oxycodone and hydrocodone.[17] 

The secondary source, and one of growing significance, is Mexico itself. In 2016, the DEA reported its suspicion that the Mexican cartels were ‘branching out’ into the production of fentanyl, using imported precursor chemicals from the US and China.[18] Over the last year this assessment has been confirmed by busts in Mexico, including one in December in the capital, that have revealed the existence of cartel-managed fentanyl labs.[19]

The mixture or ‘cutting’ of fentanyl with other drugs, such as cocaine or heroin, makes the combined hybrid drug even stronger and more addictive, and further help us understand why its market is so sustainable. First, selling fentanyl keeps the costs of the traffickers and pushers down, because a small amount, though dangerous and potentially toxic, is relatively easy to produce and ship, yet has extreme potency. Second, the potency of the drug, especially when combined with other narcotics, means that users become quickly and highly dependent, ensuring that the suppliers have a captive market. Some of the strongest markets for fentanyl are in US states that already have high rates of opioid addiction.  This is borne out by a DEA report indicating that many of the younger users of fentanyl turned to the drug once they could no longer obtain and/or afford illicit pharmaceutical opioids.[20]

The prospects of breaking this market in the short-term appear bleak. The problem has become so great that the US President, Donald Trump, has pressured his Chinese counterpart, Xi Jinping, to take action against the Asian end of the trade, most recently at the November/December 2018 G20 summit in Argentina. Although President Xi was supportive, it is likely to take some time before practical action occurs.[21] Moreover, recent Canadian requests to China for similar help have been less warmly met, largely because of ongoing disputes over the return of Chinese fugitives to Canada.[22] As long as the Canadian and Mexican gateways to the US remain open, the scourge of fentanyl in North America is likely to continue.

Fentanyl, FinCrime & FinTechs 

What role then for FinTechs?

 For the last five years, there has been media ‘hype’ about the roles that FinTech platforms might play in the purchase of illegal drugs. Payments providers have been put out of business because their platforms have allowed individuals to buy illegal items unimpeded. In 2013, for example, the US Department of Justice (DoJ) closed Liberty Reserve, a digital payment processor, for facilitating the sale of drugs and child pornography, while cryptocurrencies are of particular current concern. In June 2018 the US media reported a DoJ enforcement action named ‘Operation Dark Gold,’ to stop the darknet sales of drugs using Bitcoin and other cryptocurrencies. [23]

Our clients’ experience tends to be more prosaic than some of these more sensational media cases. As a recent FinTech FinCrime Exchange (FFE) survey of UK FinTechs demonstrated, most financial crime typologies experienced in the UK cryptocurrency sector were around varieties of customer fraud. Nonetheless, we still believe that FinTechs have a responsibility to take these issues seriously. There are potentially striking indicators that, in combination, should raise concern (see breakout box), and we would urge all FinTechs working in payments services, retail accounts, prepaid cards and crypto transmission and exchange providers to give them due attention in their financial crime investigations.

●      Unusual Chinese transactions: Customers buying items from China, especially where this does not fit with the customer transaction profile or nature of businesses, along with multiple unconnected payments to a single individual in China;

●      Unusual health products: Firms offering apparently pharmaceutical or health products who demonstrate other unusual indicators such as those listed here;

●      High use of currency exchanges: Multiple payments from global currency and cryptocurrency exchanges, usually in small amounts; and

●      Tags and nicknames: Payments including nicknames such as Apache, China Girl and China Town, or precursor references such as NPP or ANPP.

For more details, contact FINTRAIL Solutions at contact@fintrailsolutions.com

At the same time, the case of fentanyl drives home the need for FinTechs to take a longer term view too about the types of business they are doing. As regular readers of the FINTRAIL and FINTRAIL Solutions blogs will know, we recommend some basic prevention methods that include active risk assessment and defined risk appetite. We have found that its critical for FinTechs to take basic risk management seriously from the beginning - asking themselves questions about the vulnerabilities of their product and the risks that opens them up to. If you think your company is vulnerable, then take action. Get the basics right. Because it is in no one’s interest to facilitate the sale of a drug like fentanyl.

If you would like to know more about how FINTRAIL Solutions and how we can help you and our business better manage financial crime risks, please contact us at contact@fintrailsolutions.com.

[1] https://www.rollingstone.com/music/music-features/musics-fentanyl-crisis-inside-the-drug-that-killed-prince-and-tom-petty-666019/

[2] https://www.cdc.gov/nchs/data/nvsr/nvsr67/nvsr67_09-508.pdf

[3] https://bnf.nice.org.uk/drug/fentanyl.html; https://adf.org.au/drug-facts/fentanyl/

[4] https://adf.org.au/drug-facts/fentanyl/

[5] https://www.dea.gov/drug-scheduling; https://napra.ca/nds/fentanyl; https://www.gov.uk/government/publications/controlled-drugs-list--2/list-of-most-commonly-encountered-drugs-currently-controlled-under-the-misuse-of-drugs-legislation

[6] https://www.independent.co.uk/news/world/americas/carey-dean-moore-fentanyl-capital-punishment-death-penalty-nebraska-execute-a8491671.html

[7] https://www.theguardian.com/society/2018/dec/01/dark-web-dealers-voluntary-ban-deadly-fentanyl

[8] https://www.cdc.gov/nchs/data/nvsr/nvsr67/nvsr67_09-508.pdf, p.1

[9] https://www.centeronaddiction.org/the-buzz-blog/we-asked-you-answered-did-guns-car-crashes-or-drug-overdoses-kill-more-people-2017

[10] https://www.cdc.gov/nchs/data/nvsr/nvsr67/nvsr67_09-508.pdf, p.4

[11] https://globalnews.ca/news/4282699/canada-opioid-death-statistics-2017/

[12] https://www.theguardian.com/science/2018/may/13/he-was-gone-fentanyl-and-the-opioid-deaths-destroying-australian-families

[13] https://www.newsroom.co.nz/2018/09/03/220753/drug-cartels-dealing-illicit-prescription-drugs-eye-new-zealand

[14] https://www.theguardian.com/society/2018/aug/06/fentanyl-drug-deaths-rise-nearly-third-england-wales

[15] http://www.emcdda.europa.eu/html.cfm/indexEN.html

[16] https://www.hsdl.org/?view&did=797265, p.70

[17] http://facethefentanyl.ca/?page_id=15

[18] https://www.hsdl.org/?view&did=797265, p.65

[19] https://www.washingtonpost.com/world/the_americas/mexico-raids-lab-producing-fentanyl-in-capital/2018/12/12/fd21ee18-fe55-11e8-a17e-162b712e8fc2_story.html?noredirect=on&utm_term=.06db3fad0ad1

[20] https://www.dea.gov/sites/default/files/2018-10/PA%20Opioid%20Report%20Final%20FINAL.pdf, p.28

[21] https://edition.cnn.com/2018/12/01/politics/fentanyl-us-china-g20-talks/index.html

[22] https://globalnews.ca/news/4658188/fentanyl-china-canada-diplomatic-tensions/

[23] https://www.theverge.com/2018/6/27/17509444/dark-web-drug-market-money-laundering-hsi-dark-gold

Just over a month ago, the final text of the Fifth Anti-Money Laundering Directive (5AMLD) was published, kicking off the 18-month countdown until it comes into play. Its precise, full impact is unknown for now, but it is expected to significantly impact the way governments, regulators and businesses in Europe have to approach financial crime risk.

What’s the rush?

This new directive followed the former surprisingly quickly in large part due to the rising popularity of digital currencies combined with the hysteria following the Panama Papers. Given it’s only been 2 years since the last AMLD was adopted (some countries are still trying to implement it), compared to the 12-year gap between the previous AMLDs, it is clear the European Commission is focused on reassuring people and businesses that they are on top of new and developing issues.

What does 5AMLD actually change?

The key change from the 4AMLD comes in the definition of “obliged entities”, increasing its scope to include virtual currencies, anonymous prepaid cards and other digital currencies. Previously, there have been no specific laws aimed to cope with the risks of virtual currencies and it’s clear that with this new directive, the European Commission is intent on making sure that virtual currencies do not become a safe space for criminality. It also shows clear signs of their move to increase the scope of the fight against money laundering (ML) and terrorist financing (TF), as criminals can take advantage of the anonymity of virtual and digital currencies.

The other key aspect of the 5AMLD is that it further clarifies the requirements and timings for the implementation of the required beneficial ownership registers introduced in the 4AMLD. Essentially, member states and the European Commission will be required to keep accurate and up to date registers that must be interconnected to the European central platform. This integration will allow for more efficient information sharing, making it easier to combat ML and TF.

Other features include the adjustments made to address Politically Exposed Persons (PEPs), expanding the definition and pledging to publish a combined list of EU and Member states’ lists of all prominent public functions. Traditionally, a “one size fits all” and “once a PEP, always a PEP” approach has been used, but this system is not adequately risk-based. The new regulations hope to address this issue by integrating a more nuanced and comprehensive approach to identifying and managing the financial crime risked linked to PEPs.

There is also set to be enhanced co-operation and information sharing among EU Financial Intelligence Units (FIUs) in the hope that this will make information more easily accessible and align with international best practices. FIUs across the EU receive broader powers under the 5AMLD as they will no longer need be limited to the identification of a predicate offence or suspicious activity report prior to filing an information request.

So, how to prepare?

With this new directive being introduced, here are a few things firms may want to consider in preparation:

1)    Virtual Currencies – 5AMLD will require obliged entities, i.e. providers engaged in exchange services between virtual and fiat currencies, to be registered and to comply with AML and CFT requirements. National authorities will be authorized to obtain all the associated information and regulate them accordingly. Exchanges that fall under the definition of an obliged entity will need to start benchmarking their existing frameworks against existing EU and jurisdiction specific AML & CTF controls and making any appropriate enhancements.

2)    PEP Categorisation – With changes being made to PEPs, firms may want to start thinking about how they categorise PEPs and how they apply different levels of monitoring such that when the new categorisation criteria come in, they are prepared

3)    Increased Reporting – Under new business ownership discrepancy rules, firms will be obliged to report discrepancies they find between the beneficial ownership information available in the central registers and their own registers. In the case of reported discrepancies, Member States will be obliged to ensure that appropriate actions be taken to resolve the discrepancies in a timely manner.

4)    Due Diligence Advances – 5AMLD will require a specific Enhanced Due Diligence list to be applied when dealing with high-risk countries defined by the European Commission. You should review and update your due diligence processes to ensure full compliance.

If you need any help scoping enhancements for implementation or indeed reviewing whether your current procedures meet the requirements of EU or jurisdiction specific requirements, FINTRAIL will be happy to offer assistance.

GDPR no longer needs any introduction, and here at FINTRAIL, we loved collaborating with the team at Jumio to help them launch their GDPR e-booklet, which you can download here.  

Together, we came up with 5 key principles that we think best help data controllers understand the activity of their online identity verification providers, and whether or not they’re fully GDPR compliant. Data processors in this space handle vast amounts of sensitive, personal data that, while integral to ensuring customers are who they say they are, can also be exploited or mishandled.  As such, GDPR compliant practices are key.

In brief, these are the main questions that controllers can ask of their processors which will help frame their thinking on this important aspect of compliance:

1. Human Review: How are verification decisions made and what recourse do data subjects have to challenge those decisions?

   • GDPR gives individuals the right not to have significant decisions made about them solely on the basis of automated processing.

2. Compliant Machine Learning: Does the data processor employ Compliant Machine Learning?

   • Under GDPR, vendors can only develop specific AI models trained on the data of a given customer and cannot leverage data from other customers to create more comprehensive models.

3. Data Retention: Can data retention policies be tailored to your business requirements?

   • Clear processes around data retention and deletion help processors and controllers deal with the stipulations around Subject Access Requests.

4. Data Breach Notifications: Do you have a data breach notification process in place and has it been tested?

   • Processors, as well as controllers need to be able to inform relevant parties of any data breach in a timely fashion; having clear and verified processes around this is one step in the right direction.

5. Data Encryption: Is personal data encrypted and protected appropriately?

   • Proper data protection and encryption reduces the likelihood of a breach and increases the privacy of citizens’ information. GDPR stipulates that personal data is properly protected.

You can read more detail in the e-booklet of course, and find out even more information about GDPR, its implications for processors, how best to approach these questions, and exactly how Jumio is helping controllers maintain and manage their GDPR compliance through its innovative identity verification solutions and careful approach to data privacy.

Due diligence - a term bandied about readily with much confidence across many different sectors - broadly accepted as a process that underpins a thorough and confident appraisal of a specific business proposition, perhaps a significant merger, acquisition or other investment. At its most effective, due diligence arms a business with the facts it needs to make confident, astute decisions. At its worst, poor due diligence muddies already murky waters and potentially guides businesses down the wrong path.

To avoid the latter outcome, it’s best to avoid an off the shelf, one-size-fits-all process and instead adopt a bespoke approach that accounts for all inherent risks associated with a particular proposition.

Venture capital (VC) investment in FinTech - a booming industry - is a case in point. VCs have to understand complex business models and cutting-edge technology to pinpoint viable investment opportunities. Armed with millions, or indeed billions - $1.8billion was raised by UK FinTechs in 2017 - and facing fierce competition from other VCs, the panoply of risks presented by startup FinTechs could appear daunting.

VCs will often feel most comfortable assessing the viability of the business model, legal and financial aspects and will engage experts to evaluate the technology. That makes perfect sense. The success of a FinTech largely hinges on a successful combination of those areas and, more often than not, those are the risks most familiar to VCs. However, other stones sometimes remain unturned..

People risk is often overlooked or considered addressed through a simple criminal background check. With the wealth of information sources now available it’s perhaps remiss not to take a closer look at those who you’re investing in. Start-up scams are not uncommon in Silicon Valley; an early 2017 Fortune article explored the sector’s “unethical underside”. Are the founders who they say they are? How accurate are CVs and other stated accomplishments - the CEO of Wkriot pleaded guilty to fraud last month. Have failed attempts to fund other start-ups been disclosed, what about other initiatives that crashed spectacularly? Are other business interests in play that conflict with those of the VC? Many a business leader and politician have fallen foul of skeletons discovered in cupboards they’d long since forgotten about.

How about the culture of the firm? Is there evidence of unethical practices in the founders’ previous businesses? What does social media tell us? The merest hint of unethical behaviour could have a huge impact on culture of the firm, which in turn could lead to corners being cut, regulations not properly adhered to and risk decisions ignored or taken well outside of risk appetite.

Thorough due diligence of a FinTech couldn’t be considered complete without a close look at how its offer might be exposed to financial crime risk. The fledgling nature of the firm will mean a full risk assessment isn’t possible, but early inspection of the proposal will allow for an early judgement to be made on the type of controls and framework needed to deliver a compliant and secure product.

An effective due diligence exercise should alert a VC or other investment firm to concerns in any of these areas. However, if risks go unflagged through neglectful or absent due diligence they hold the potential to manifest further down the line with grave consequences for the VC and other stakeholders.

FINTRAIL would be delighted to discuss structuring a bespoke due diligence process for any aspect of prospective investments. Our team have deep experience in conducting due diligence for global banks, investors and government agencies and have a wealth of cutting edge tools at our disposal.

Dealing with a financial crime crisis - whether that be a backlog of suspicious reporting that has built up, facing de-risking by a partner or finding out that a sanctions process has been working ineffectively - can be an especially stressful time for clients, particularly if the issues could lead to regulatory intervention, potential losses or the restriction of banking or payments facilities.

This is not to mention the obvious and negative impacts that such a crisis can have on customer trust and the potential reputational impact; in many cases, it can be a matter of survival for the business and brand, where trust is hard won but so easily lost.

So, we wanted to share some insight on how our team approaches these tasks to help readers be better prepared and have a head-start if you find yourself in the position of crisis managing a response to financial crime issues.

• Understand the nature of the problem. This sounds like an obvious place to start but it is absolutely critical to everything that follows. If you do not genuinely understand the root cause of the issue your are facing, it makes it very difficult to put in place a response that is effective and proportionate. So for example, if you are dealing with a significant up-tick in fraud or failings in AML or sanctions controls, you need to efficiently and effectively understand the nature of the problem so you can identify the core contributing factors and develop a proportionate response.

• Develop a considered plan of action. Once you have identified the root cause/s of an issue, you need to ensure that you develop a response plan that is action focused and targeted on addressing those specific items as well as factoring in any linked or dependency tasks. For example, it is pointless implementing a new tool or process unless you train those involved in using the tool, otherwise you may just make things worse by increasing operational risk. It is worth bearing in mind that you must be able to demonstrate to your stakeholders that tangible action has been undertaken.  

• Mobilise effectively. This covers not only how you engage the services of and mobilise external parties but also those internal stakeholders or your support network. This is a careful balancing-act against the needs of normal daily business. Depending on the nature of the issue, segregating resources to focus on the crisis can be most effective. Our view of mobilisation is making sure all those involved very clearly understand the issues at hand and are aligned to the common goal of solving the problem, and that those involved have the commensurate level of accountability and authorisation from senior management. This is no time for egoes or political wranglings.

• Ensure transparency. We often get asked ‘what should we say to our bank partner’ or similar. Our advice is always the same and that is you should be transparent. In a crisis scenario, you are aiming to maintain the trust you have built with all your stakeholders and transparency and openness are key values underpinning trust. We can confidently tell you from experience that one of the fastest ways to make a difficult situation even worse is by developing an opaque strategy with your partners - when they find out, trust goes out of the window, making the situation far worse. Instead, communicating the issue, along with regular situation reports and plans for resolution will really help to continue the trust you’ve worked so hard to earn.

• Accurate and effective communication. This needs to focus on the communication intra-team  but also the flow of information to wider internal and external stakeholders. In our view there is a big difference between communicating and communicating effectively. We define effective communication as ensuring the content is received, understood and a behaviour influenced, i.e. action is taken. Accuracy in communication and information is important in a crisis scenario and at times is an area that can suffer from the impact of stress. There are times when a 70% solution on time is going to be better than 90% that is late but accuracy becomes really important when you start to communicate with stakeholders, especially those externally. Accurate and simple communication (underpinned by high quality and accurate information) creates a sense of confidence that the situation is in-hand and under control.

• Continuous Evaluation. Once you have expended effort developing a response to the issue or crisis and have started to execute, it is vital to constantly evaluate progress and impact. Has anything changed? If it has, what are you going to do about it, how and when? The re-evaluation should be ongoing but it is also a critical process once you get to a point you have achieved your objectives and exited the crisis management situation. A wash-up and/or de-brief is a vital activity as it captures lessons learned and facilitates organisational learning.

The FINTRAIL team has developed deep expertise supporting international banks, FinTech, payments and regulated sectors in response to financial crime or regulatory crisis scenarios, drawing on our capabilities across financial intelligence & investigations, compliance advisory, technology, legal and communications. Our multidisciplinary response team can mobilise rapidly in support of a client crisis, providing executive level guidance and peace-of-mind while also delivering operational impact, all backed up by a support network and follow-on technical capacity as required.

If you would like to discuss managing a crisis further, learn more about how FINTRAIL can help your organisation or to discuss any other financial crime topic feel free to get in touch with the team.

FinTechs have been ahead of the curve in understanding certain criminal typologies thanks to the holistic and data centric approach they often take to tackling financial crime. However, there has been little focus on tax fraud as a criminal enterprise and how that may effect the FinTech community.

With the recent release of the Paradise Papers and Panama Papers, tax evasion and tax avoidance are back under public debate as governments and individuals ponder how best to ensure that everyone pays the taxes they owe. The data leaked by the Paradise and Panama Papers put into the spotlight the blurred lines between tax avoidance and tax evasion, which are often facilitated using the same complex mechanisms and can confuse our understanding of what is acceptable tax reduction and what is not. This has put international governments under pressure to address the growing consensus that tax avoidance and the exploitation of tax loopholes has gone too far.

For the FinTech sector, this means that in the near-to-medium future, our understanding of tax fraud and tax evasion could fundamentally shift. To stay ahead of the curve, we therefore have to ask ourselves: how does tax fraud affect FinTechs and what are our responsibilities in combating it?

One of the major confusions around tax fraud, tax evasion and tax avoidance is the definitions used. So, here are some definitions to help us clarify the issue at hand:

Tax Avoidance: tax avoidance is reducing one’s tax burden within the letter of the law (but often not within the spirit of the law). Examples include tax deductions or establishing an offshore company or trust in a tax haven to reduce tax liability.

Tax Fraud: tax fraud, according to HMRC, is illegally avoiding paying taxes. It is made up of three components—tax evasion, criminal attacks and participation in the hidden economy.

Tax Evasion: tax evasion is one type of tax fraud concerning individuals or businesses who intentionally misreport information to reduce their tax liabilities.

In terms of regulation, tax fraud has never received the attention given to sexier crimes such as money laundering or terrorist financing. However, this is beginning to change. At the end of September 2017, the Criminal Finances Act came into force in the UK, which made companies more liable for failing to prevent tax evasion, including facilitating the evasion of UK taxes by international entities and facilitating the evasion of foreign taxes by UK entities. The best way for FinTech companies to avoid liability is through robust risk management and a strong compliance programme.

Not only are FinTechs more liable for tax fraud than before, but the problem of tax fraud is growing. The current gap between taxes owed and taxes due is £34 billion, half of which is due to tax fraud.

There are several ways that tax fraud can touch the FinTech sector, including:

• Using FinTech products to collect bogus tax refunds or to facilitate tax fraud.

• Using FinTech products to process funds derived from the hidden economy.

• Using FinTech products to mask the origin of funds

So what can FinTechs do to protect themselves and reduce the negative social impact of tax fraud? Here are our recommendations:

1.     File SARs in a timely fashion. A quarter of all HMRC tax investigations are stimulated by SARs, so filing these properly is critical in the fight against tax fraud. You can also contact HMRC direct via the link here.

2.     Ensure robust onboarding and KYC policies to a) decrease the anonymity of the product and b) avoid liability in tax fraud cases.

3.     Impose reasonable transaction limits and limits on the number of accounts held in order to decrease the attractiveness of the product to tax fraudsters. Keep these limits under constant review based on changing typologies.

4.     Monitor relationships in an ongoing fashion and watch out for red flags such as

• Suspiciously large transactions sent for ‘expenses’

• Spending that does not reflect expected income

• Unexplained payments into customer accounts from sources linked to work or employment

• Multiple tax refunds coming into one account

• Multiple transfers to financial institutions in high-risk tax jurisdictions

If you would like to discuss tax fraud further and learn about how FINTRAIL can help identify and combat tax fraud typologies, please do not hesitate to contact us.

The global, connected web of financial criminality is difficult to unpick.  However, investigations over the past few years have shed light on the few, yet critically important bad apples amongst the network of financial institutions that enable this web to go un-checked. While many of these simply may lack the adequate controls to tackle money laundering or terrorist financing, other financial institutions have taken a much more direct role in criminal activity. The use of financial intelligence and investigation techniques present an opportunity for the regulated sectors to disrupt criminality at scale and efficiently. As such we are excited to announce the appointment of Nick Herrod as head of our Financial Intelligence and Investigations practice, who will help us drive solutions for clients that continue to deliver impact.

During a recent event hosted by Thomson Reuters, OCCRP Executive Director Paul Radu was asked how the international community should tackle the global and seemingly untouchable scourge of financial crime. His response was telling — go after the financial institutions, big or small, that facilitate the criminal activity. This is an interesting strategy to take, and targeting the institutions facilitating criminal activity presents an opportunity to disrupt criminality on a wholesale basis. The team at FINTRAIL decided to examine this subject in more detail, yielding some interesting results. Through our research we have found that one of the most significant red flags when it comes to these types of institutions (and counterparty risk) is the influence of high risk individuals/PEPs within the ownership structure. To better understand this, two public case studies are detailed below—the Global Laundromat and the BGFIBank Democratic Republic of Congo (DRC)/Hezbollah connection. It is evident that the links between financial institutions and owners more susceptible to criminal motivations can affect the robustness of an institution’s compliance regime and undermine industry efforts to counter financial crime. Taking an intelligence-led approach and exploiting a range of data sources allows us to highlight additional red flags and begin targeting the key nodes and facilitators of this volume criminal activity.

The Global (Russian) Laundromat: This laundromat, exposed by the OCCRP[1] three years ago, funnelled more than $20.8 billion from Russia into Europe. OCCRP reports show that it involved approximately 500 people, from oligarchs to FSB-affiliated individuals.

Igor Putin, cousin to current Russian President Vladimir Putin was a manager and executive board member for the Russian Land Bank (RZB), an institution whose accounts reportedly processed more than $9.7 billion, or nearly half of the total funds involved in the laundromat case. Funds were sent from RZB to Moldindconbank in Moldova, where they were then sent to Trasta Komercbanka in Latvia and from there to the rest of Europe. The OCCRP adds that Igor Putin was brought into RZB initially by Alexander Grigoriev, who allegedly has ties to the FSB and whom the Guardian identified as one of the main ringleaders of the Laundromat. Grigoriev headed the RZB during the laundromat’s operation until the time of his arrest. Putin and Grigoriev were also connected through other companies where Putin was a board member and Grigoriev a shareholder. Putin left the RZB board in 2014 contending he left after becoming aware of ‘the real situation.’[2]

BGFIBank DRC and Hezbollah: According to a recent Sentry report[3], BGFIBank DRC, run by the brother and sister of the president of the DRC, Joseph Kabila, reportedly allowed transactions from companies connected to a known financial contributor to Hezbollah: Kasim Tajideen. Tajideen, and his brothers Ali and Husayn, were subject to US sanctions, as were entities under their control. Despite this, and despite warnings from BGFIBank DRC employees, the financial ties between the bank and the sanctioned parties reportedly remained intact. Subsidiaries of Ovlas Trading, owned by Kassim Tajideen, would make transfers through BGFIBank DRC to subsidiaries of Congo Futur, managed by Kassim’s non-sanctioned brother, Ahmed Tajideen. Both Ovlas Trading and Congo Futur are under US sanctions, though Ahmed is not. Despite employee awareness of the risks involved, transactions from the sanctioned entities were allowed to continue, and BGFIBank DRC even went as far as to request the US Treasury unblock a transaction involving one of Tajideen’s companies and another bank. BGFIBank DRC had previously been alleged of diverting millions of dollars in public funds, further calling in to question the AML/CTF regime of BGFIBank DRC and the role the bank’s leadership played in the activity.

These two sample cases demonstrate how financial institution ownership from individuals more susceptible to criminal motivations can encourage complicity or active participation in criminal networks facilitating financial crime. In both, banks with ties to PEPs and high-risk individuals allowed significant cash flows to be laundered and used for criminal purposes. Though only two cases are discussed here, the findings still show how the use of financial crime intelligence and investigations can be utilised to go beyond the basic information generated by many static compliance controls, help better the understanding of evolving typologies and surface new opportunities to counter the capricious threat of financial crime.

At FINTRAIL we have seen an unprecedented level of interest in the financial intelligence and investigation capabilities we offer to our financial service clients, from start-ups to established firms. As such, Nick’s arrival to lead FINTRAIL’s Financial Intelligence and Investigations practice could not be more timely. Nick brings an exceptional pedigree to the experienced team at FINTRAIL after completing a range of public and private sector roles, culminating in his position as the Head of Global Intelligence Team within HSBC’s Financial Intelligence Unit where he was responsible for overseeing a significant portfolio of investigations that focused predominately on large, multi-jurisdictional networks facilitating illicit financial activity. Nick will continue to build on FINTRAIL’s strategy in this area, understanding the needs of our clients of all sizes and ensuring that we are delivering a suite of capabilities and solutions to help our clients mitigate the negative impacts of financial crime.

[1] https://www.occrp.org/en/laundromat/the-russian-laundromat-exposed/

[2] https://www.occrp.org/en/laundromat/the-russian-banks-and-putins-cousin/

[3] https://cdn.thesentry.org/wp-content/uploads/2016/09/TerroristsTreasury_TheSentry_October2017_final.pdf

Human trafficking has sadly become a widespread and global issue; from the woman forced into prostitution and kept locked up in a house, to the man working on a construction site, stripped of his documents and any salary taken from him. Every 30 seconds, the criminal industry of human trafficking makes more than $30,000; bringing in approximately $32 billion a year.

In the world of financial crime, human trafficking is a predicate offence (the criminal activity and the proceeds money laundering), the revenues of which may touch financial services as the profits are laundered. Financial services may also be used to facilitate these offences, providing the ability to pay subsistence for accommodation, book flights for a trafficked person and other activities traffickers rely on. As the awareness of human trafficking increases and pressure is applied to the criminals that make huge sums from the exploitation of others, the criminals may be forced to look at alternative financial arrangements or exploit new technologies to their advantage.

There are numerous behavioural patterns characterising the organised crime groups involved. Having analysed the most often occurring subtleties, it is evident that tools such as the Internet and other communication devices are utilised expansively. The most intimidating organised crime groups are mainly those capable of governing the entire course of trafficking, from the recruitment of victims to the reinvestment of the criminal proceeds.

Through our industry engagement, FINTRAIL has seen an increase in FinTechs’ awareness of the fight against human trafficking and subsequently, human trafficking was the subject of the October 2017 FinTech Financial Crime Exchange (FFE). Members presented case studies and industry experts provided insights on the changing nature of the threat and industry initiatives to tackle the problem. Many of the FFE members were able to give examples of cases where they had detected indicators of financial crime involving human trafficking or exploitation, demonstrating this is not only an issue that impacts large financial institutions but may also directly impact the FinTech industry. In fact, some of the features common to modern FinTech such as non-face-to-face onboarding and ease of account management/overview may make it potentially attractive to those involved in trafficking and exploitation. As a result, FinTechs are conducting enhanced Know Your Customer (KYC) checks and are scrutinizing onboarding documentation in an attempt to combat human trafficking.

The FFE session identified specific typologies that may be relevant in a FinTech environment and what mitigations and actions industry may be able to apply. Some basic example indicators or red flags are detailed below:

- Customers taking selfies or completing onboarding checks, appear to be under control of someone else. This may appear as someone in close proximity as the images are being taken or controlling what is done or said.

- A customer may not be in possession of their own legal documents and may add unreasonable delay while they get them from someone else.

- Recurring payments being made from one account to multiple accounts for wages at unreasonably low amounts.

- Multiple point-of-sale transactions at car rental agencies, airline ticket purchases and train ticket purchases with no subsequent spend in that destination.

- High expenditure payments at fast food outlets, supermarket outlets, clothing stores, drug stores etc.

The FFE and its members will continue to focus on human trafficking and its negative impact on society and implications for financial services. In addition, FINTRAIL will track the evolution of financial crime typologies associated with human trafficking in order to identify any shift by those criminals to target financial services as a tool to further their illicit and damaging behaviours.

If you would like to discuss human trafficking further, learn more about the FFE and how FINTRAIL can help your organisation identify and combat human trafficking get in touch.

On 17 October 2017 Thomson Reuters held the first in a series of events on Financial Crime. This event explored the recent investigations conducted by the team at the Organised Crime & Corruption Reporting Project (OCCRP) into the global laundromats. The brave and fascinating work by the team at OCCRP exposed the complex and globally connected money laundering networks that via a web of hundreds of companies and associated financial institutions have laundered over $20 billion.

Although the laundromats are money laundering on a huge and global scale, and it may seem like a problem only big financial institutions may have to deal with, OCCRP Executive Director Paul Radu stated that every laundromat case he’s worked on has involved myriad UK companies. This means the issue is right here on our UK doorstep.

Although money laundering through complex laundromats can seem like a victimless crime, they are in fact part of networks taking huge sums via corruption of national pensions, financing groups involved in serious organised crime like human trafficking, funding terrorist organisations, and destroying lives.

So what does this mean for the FinTech community? There is real excitement about the commercial opportunities for challengers in the business and commercial customer segments and this is very much true, but this segment also brings with it a very different set of financial crime risks that really need to be understood and factored in to an effective and proportionate financial crime risk management framework. When you consider the factors that may impact on financial crime risk, the customer type (i.e. complex corporate ownerships), geographies (i.e dealing with suppliers/customers across a range of geographies), product type (i.e. high value transactions or products) and channel (i.e. often in a FinTech this is non face-to-face), can all have a material impact on the potential risks a FinTech targeting this segment may face.

So what can FinTechs targeting these new and exciting customer segments do to assist in the fight against these laundromats, comply with applicable regulations and do their bit to reduce money laundering? We have provided a few helpful hints below:

- Ensure you have a financial crime risk assessment that accurately reflects your unique circumstances. All companies and products will have their own unique factors to be considered and may impact on your risk profile. In many cases, it is not only a regulatory requirement to have a risk assessment but it is also a hugely powerful tool to help you define and navigate your compliance and risk frameworks.

- Understand your customers. Just because you are targeting customers who may be registered in the UK or other equally regulated markets, it does not mean they may not get involved in illicit activity. This goes beyond basic identification of your customers to ensure you understand the nature of your customer’s business and how they intend to use your product/s. Without that knowledge, it becomes very difficult to monitor effectively and can/will cause negative customer experience in the long-term.

- Understand the typologies and red flags that you and your team should be looking for. By staying current on evolving typologies allows you to keep pace or even out-pace the criminals and reduces the long term negative impacts criminals may have on your business.

Paul Radu said at the event "it takes a network to fight a network" and although he was referring to an international network of the likes of law enforcement and financial institutions working together to tackle it, the growth of alternative financial services further diversifies the pool. The FinTech FinCrime Exchange (FFE) is one such network, where FinTechs come together to effectively collaborate and combat financial crime such as money laundering.

If you would like to discuss money laundering, or any of the topics raised in this post please don’t hesitate to contact the team at FINTRAIL.

For the last nine months FINTRAIL has been working with the awesome team at the Antwerp World Diamond Centre (AWDC) who represent 1700 Antwerp based diamond traders, to address some of the challenges their members and industry as a whole are having with access to viable bank accounts. The issues they've been having are due to the perceived high financial crime risk within the diamond industry and the associated bank de-risking phenomenon.

The short video below highlights one of the exciting developments coming from our work with AWDC and is a great example of where Financial Technology (FinTech) and Regulatory Technology (RegTech) can combine to offer solutions to some really complex challenges for traditional and non-traditional financial services. Our focus has been on how we can re-affirm trust across all stakeholders and ensure there is a sustainable and commercially viable solution for all parties.

FINTRAIL is very excited to announce the release of a new white paper by the FinTech Financial Crime Exchange (FFE), a FinTech industry forum we co-founded in January with the Centre for Financial Crime and Security Studies (CFCS) at RUSI, a London-based defence and security think tank.

All too often, discussions about FinTech and money laundering risk are greatly oversimplified. Much of the discussion starts from a blanket assumption that new technologies will inevitably make life easier for money launderers, and that FinTech companies are therefore uniformly “high risk.”

One downside to this perception is that FinTechs have been subject to “derisking” – or losing access to vital banking services because the risks associated with FinTechs are perceived as very high.

As this new white paper shows, labelling the entire FinTech sector as “high risk” for money laundering purposes is unhelpful and oversimplifies the true picture.

After all, the FinTech sector is an incredibly diverse one. It features prepaid cards, peer-to-peer lenders, service aggregators, payment service providers, and a host of other products and services with very different features. The way money laundering risks appear from one FinTech to another is as diverse as the sector itself – and the picture is not always one of just “high risks.”

There’s certainly little reason to think that all FinTechs are necessarily higher risk than banks or other types of financial institutions when it comes to money laundering.

For example, while some FinTech products can be used for “money mule” or “smurfing” activity, they’re usually not very useful for high-end money laundering, or the laundering of the proceeds of crimes like major tax evasion or international corruption that feature in scandals such as the Panama Papers or the recent Laundromat cases.

It’s important that this nuance is understood, so that FinTechs aren’t all stigmatised as “high risk” where it isn’t warranted.

As the paper points out, because FinTechs often only see a limited piece of a much larger financial puzzle, establishing an intelligence picture of money laundering activity across the sector can be a huge challenge. Coming to a true understanding of the nature of risks across the sector requires further detailed study - and the FFE intends to do just that through its future meetings and research.

In addition to describing this overarching picture, the paper also provides recommendations for various stakeholders.

·      FinTechs should work to clarify the true picture of money laundering risk they face, and demonstrate that they are building resiliency against those risks.

·      Countries’ financial intelligence units and law enforcement agencies should share information with FinTechs on criminal typologies.

·      Regulators should provide detailed guidance that is relevant to sub-sectors of the FinTech community.

·      International organisations like the Financial Action Task Force can help build an understanding of the picture globally. 

To find out more about the FFE, contact rebecca.marriott@fintrail.co.uk 

It seems that everyone is talking about Artificial Intelligence (AI) at the moment: whether it’s Elon Musk and Mark Zuckerberg disagreeing publicly on the doomsday type scenarios that AI might bring [1], or banks predicting AI to be the primary way in which they interact with customers in the future [2], there’s wide-ranging interest in what AI can do for society as a whole, companies and individuals. But, to be clear, and before going further, what exactly is the difference between Machine Learning and AI, or is there indeed a difference?  The clearest explanation we’ve seen goes something like this:

·      Artificial Intelligence – this is the high level concept that machines can do something in a way that we, as humans, would consider “smart”

·      Machine Learning - is a current application of AI based around the idea that we should really just be able to give machines access to data and let them learn for themselves [3]. (Thanks Forbes!)

Similarly, in the financial crime space, numerous articles exist about how AI and Machine Learning can help to combat illegal activity in banking and beyond [4].

At FINTRAIL, we believe that AI and Machine Learning have huge potential to deliver great results in the financial crime space.  Whether it’s AI helping investigators to detect previously unknown connections between entities and typologies, or Machine Learning helping refine transaction-monitoring rules by different customer sets and behaviour, the benefits for companies and their customers are huge. Imagine for a moment that your bank could tell whether purchases made at a high-end online retailer at midnight just after you received a bonus cheque were genuine or fraudulent, based on your previous behaviour in a similar scenario.  Great, right?  No annoying text messages, or blocked transactions if it were genuine, and peace of mind that that kind of transaction would be blocked if it were fraudulent, and you didn’t actually have a compulsive online shopping habit (ahem).

But, as with anything new and relatively untested, there are pitfalls.  One of the key ones is making sure that any Machine Learning models start off with relevant data, such that they can begin the learning process appropriately, and you don’t program in algorithmic bias.  Typically – and let’s take the case of a Machine Learning engine for transaction monitoring -  this is relatively easy to build: you have a known scenario, which is fed into the engine for it to learn and refine over time as the transactional data is processed and fed into it.  However, this can be tricky in financial crime situations, as ideally you don’t want any money laundering or bribery (for example) to go through your system before you work out what the scenario or relevant data for the Machine Learning engine is. 

So, how do we address this?  Well, something we are passionate about at FINTRAIL is making sure that firms have a thorough risk assessment; truly understanding your business model and the ways in which criminals might seek to exploit it will help to build the best scenarios for any future financial crime Machine Learning engine. These can then be used to create the baseline relevant data that goes into the Machine Learning engine, such that it can start to learn behaviours. Examples here might include understanding your typical customer profile, such that you can build a Machine Learning model to automatically categorise them by risk profile, or Machine Learning models that take into account transactional behaviour and a range identifying particulars to reduce sanction re-screening hits.

Another tactic we’ve seen is to combine more traditional models with Machine Learning.  Again, in the transaction monitoring space, combining a rules-based approach with Machine Learning is a great way of teaching the engine to learn, and giving good baseline scenarios that it can work from.

So, all in all, we’re on Mark Zuckerberg’s side of this particular argument – we think AI has great potential, but that it, and Machine Learning in particular, needs strong data to support it, and as with humans, the right conditions to succeed.

[1] http://fortune.com/2017/07/26/mark-zuckerberg-argues-against-elon-musks-view-of-artificial-intelligence-again/

[2] http://uk.reuters.com/article/us-banks-ai-accenture-idUKKBN16Z1AH

[3] https://www.forbes.com/sites/bernardmarr/2016/12/06/what-is-the-difference-between-artificial-intelligence-and-machine-learning/#6ac626162742

[4] https://www.finextra.com/blogposting/14225/artificial-intelligence-the-next-step-in-financial-crime-compliance-evolution

Image Courtesy: Saad Faruque, Flickr (Creative Commons)