MEA

Islamic FinTech and Financial Crime: A different risk profile?

With particular thanks to insha, Kestrl, MyAhmed and Niyah.

Just like every other sector of the global financial industry, Islamic finance is increasingly going digital.  There is a growing number of start-ups positioning themselves to benefit from the rapid global development of the FinTech market, coupled with the booming growth of Islamic finance.  Islamic finance is sometimes considered a niche area, but this ignores the actual size of the sector, with a consumer base of 1.8 billion Muslims globally and an estimated market value of $2.5 trillion in 2018, forecast to grow 40% by 2024.  These start-ups sit at the convergence of these two growth areas, and believe that young Muslims in particular will be drawn to products designed to facilitate integrating their faith and ethics with all aspects of their daily life, plus the ease and superior design features of a digital product.  

Most growth in Islamic finance in recent years has been rooted in traditional banking services, but change and dynamism in the sector is translating more and more into digital offerings and FinTech startups.  In 2019 there were an estimated 93 Islamic FinTech startups globally, including challenger banks for retail and SMEs (e.g. Kestrl, MyAhmed and Niyah in the UK and insha in Germany) as well as wealth management (e.g. US-based Wahed Invest), crowdfunding (e.g. Ethis Ventures in Malaysia and Indonesia) and crypto (e.g. Dubai-based trading platform Huulk).  P2P finance and InsureTech are cited as top sectors for growth in 2020.  Existing Islamic banks have also jumped on the digital bandwagon, especially in the Gulf, such as Bahrain Islamic Bank which launched the first fully-fledged Islamic digital bank in 2019.  The largest market for Islamic FinTech startups is Indonesia, followed by the US, the UAE and the UK. 

It’s interesting to note that many shariah-compliant FinTechs are keen to reach out to potential customers beyond the Muslim population in recognition of many people’s dislike and distrust of conventional financial services and desire for a more ethical, partnership-based approach.  To this end, many Europe-based FinTechs in particular notably focus on the ethical dimensions of their product rather than just guaranteeing shariah-compliance, and market themselves as ‘ethical’ or ‘values driven’ rather than explicitly as Islamic, halal or sharia-compliant.  This is also reportedly popular with Muslim customers, especially the young, who are more interested in services that focus on ethical considerations rather than “tick-box” shariah compliance.

Islamic Finance and FinCrime 

Islamic and conventional finance most obviously differ in terms of the products offered and the target client base.  But what of the risks they face, specifically financial crime?  Are there certain financial crime risks which Islamic finance institutions are more exposed to, or conversely where the specificities of Islamic finance help protect them?  And are there particular things Islamic FinTechs should be thinking about as they design and build their financial crime programmes?

This piece isn’t going to get into the complexities of Islamic finance and how transactions are structured.  However, there are a couple of key concepts that are useful to set out here.  Firstly, Islamic finance prohibits earning or paying interest, with a focus instead of profit (and risk) sharing.  This results in a model where banks and their customers act as ‘partners’, which differs from the usual client relationship.  Islamic finance also prohibits business in sectors considered forbidden or haram, such as alcohol, gambling, pork or adult entertainment.  And finally, Islamic finance does not condone excessive uncertainty or speculation.

On an academic level, relatively little attention has been paid to financial crime risks in relation to Islamic finance and there have been few, if any, studies on relevant money laundering/terrorist financing methods and trends.  International standards for AML/CTF regimes (such as those issued by FATF) make no provisions for Islamic finance, and are adopted wholesale even by countries with sizeable Islamic finance sectors without any adjustments.  The papers which have been published (e.g. by ACAMS) tend to conclude there’s no evidence the ML/TF risks in Islamic finance are different from those in conventional finance, or that it faces unique typologies or methods.  If anything, they conclude certain features of Islamic finance are likely to lower the ML/TF risks, such as the ‘partnership’ relationship between the financial institution and the borrower/lender, and the fact transactions are structured around the purchase/sale of underlying assets, which ties them to real-world valuations and makes it harder to disguise illicit flows.  

FinCrime for Islamic Fintechs

So what does this mean for Islamic FinTechs in particular?  Given the relatively scant attention paid to the topic by regulators and external bodies, and the prevailing tendency of conventional Islamic banks to treat financial crime the same way as everyone else, it is hardly surprising we’ve yet to see Islamic FinTechs formulate a specific approach to financial crime.  And nor is it clear that they need one, given the current state of the market and the product types that most existing Islamic FinTechs offer.  Where the academic studies do identify differences between conventional and Islamic finance, it is generally in relation to complex products such as trade finance and investment banking.  These are areas which have yet to be targeted by Islamic FinTechs, which so far are mostly focused on P2P lending / crowdfunding and retail banking.  In these areas, it is hard to see many ways in which the shariah-compliant aspects of the products could affect the AML/CTF risks.  The one concrete example is almost a coincidental positive for Islamic finance - several of the sectors considered prohibited are also ones recognised as high risk for financial crime, such as gambling, adult entertainment and arms/defence.  However the lack of any other discernible differences is borne out by a number of Islamic FinTech start-ups consulted by FINTRAIL, who confirmed that they don’t approach financial crime risk differently to their conventional counterparts and aren’t aware of any nuances or differences in the risks they face.  For instance, one European challenger bank confirmed it uses a banking-as-a-platform provider to manage compliance, meaning it is comfortable using an off-the-shelf solution designed initially for non-Islamic institutions.  

So, looking at the products and business models of Islamic FinTechs on paper indicates no real distinction.  However there is one real-world factor which does make a difference - customer base.  One standout issue is the provision of services to mosques and religious charities, which collect huge amounts of zakat donations, and can find conventional financial institutions reluctant to deal with them (and often Islamic institutions too).  Charities, especially religious charities, are recognised as a high risk sector for AML/CTF risks, and coupled with payment corridors to high-risk countries where Islamic charities are likely to operate, places them outside of risk appetite for many conventional banks.  Specialist Islamic FinTechs may be more prepared to find ways to mitigate the risks and serve these clients, as part of their ethical mission.  

In Europe, concentration risk and the makeup of the target client base may also pose particular challenges (but also opportunities) for Islamic FinTechs.  Their customers will be particularly homogenous, which may make them more vulnerable if a fraudster can work out a successful way to target this group.  This would involve knowing how to mimic real customers’ identities and activities, as well as frauds designed to exploit religious sentiment, e.g. by using fake charity appeals during Ramadan.  Beyond fraud, while many customers will be UK/EEA nationals, those who are foreign nationals are more likely to come from countries deemed high risk for ML/TF, and popular payment corridors for cross-border payments are also likely to involve such countries.  This will all result in a high level of declined applications, high-risk clients, and transaction monitoring alerts, especially if companies use generic risk appetites and customer risk assessments or off-the-shelf monitoring solutions, or outsource their compliance programmes to banking-as-a-platform companies.  

Conventional indicators and methodologies may thus not enable Islamic FinTechs to assess their client bases intelligently, and to work out if there are ways to mitigate any inherent  risks in line with their own risk appetites.  If they choose to accept these risks, they’ll need to ensure they can identify the most high-risk activity on their books, and dedicate their attention and resources appropriately.  And if done right, they are uniquely well-placed to do so - they can use their greater familiarity with these client groups and any existing data to benchmark usual, unconcerning behaviour vs. activity they deem suspicious.  For instance, huge cash deposits from a mosque during the last ten days of Ramadan would be immediately understood and contextualised.  And while a conventional retail bank may see all payments marked as ‘zakat’ as high risk, an Islamic FinTech can use their richer datasets and contextual understanding to refine their monitoring systems and investigate hits to identify the most high-risk of these payments, to make sure they are allocating their time and resources effectively. In doing so, they have the potential to play a positive social role by ensuring inclusion - enabling fair and affordable access to financial services to those frequently excluded or disadvantaged by conventional financial institutions.

So to summarise, the distinctive financial crime concerns of Islamic FinTechs lie not in the theoretical nature of how they operate or the mechanics of their product offering, but in the real-life nature of their client bases.  This idea is not unique to Islamic entities; in the increasingly crowded FinTech sphere, more and more firms are seeking a niche and are catering to specific client groups that pose a heightened financial crime risk on paper, such as expatriates sending remittances to specific high-risk countries, or sectors such as gambling or crypto that struggle to open accounts with conventional banks.  The lesson for all these companies is that, while they must recognise the inherent risks posed by their client bases, they can and should tailor their financial crime programmes to adopt a risk-based approach, identify their own top risks, and allocate their resources appropriately.

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic, or any other elements of building or refining a customised financial crime programme, please get in touch with contact@fintrail.co.uk or maya.braine@fintrail.co.uk

There is also further guidance available on the FINTRAIL website, including on defining a risk appetite, using data to drive a financial crime programme, and promoting financial inclusion.

Into the Tigers Den

*WARNING - Tiger King Spoilers Ahead*


Hey all you cool cats and kittens,

Most people reading this have probably seen or at least heard of the hit Netflix show, Tiger King, with its outstanding viewership of 34.3 million within its first 10 days of release. At first glance, the docuseries looks to focus on the captivity of big cats in the US; however the involvement of Joe Exotic soon pivots the focus to his love-life, rivalry with the owner of a non-profit animal sanctuary, Carole Baskin, and ultimately to the murder-for-hire plot of said sanctuary owner for which Joe Exotic is currently serving 22 years in prison. A $1 million lawsuit with Carole Baskin’s Big Cat Rescue Group is also ongoing. 


Whilst watching the captivating series, we at FINTRAIL noticed a reoccuring theme outside of big cats and cowboy boots. Financial crime. Episode after episode, it became evident that owning a roadside zoo in America comes with its own ecosystem of problems and characters, lots of whom have had their fair share of interactions with the law. This gave us an idea - let's set up our own big cat park ourselves! In this blog post we use Tiger King as a reference point, and walk you through how to set up your own zoo step by step, and ensure that the zoo and your activities can stay clear of the law.  Of course, this isn’t actually our goal. We’re aiming here to highlight how easy it is to do this, and the grey areas in the current US system. We take a look at:

  • The ease of obtaining a permit for a roadside zoo, making it a prime target for exploitation

  • The complex ownership structure hinted at in the Tiger King that could be used to hide beneficial ownership

  • How the trafficking of big cats can be used as part of a wider money laundering operation


Joe may seem exotic himself but some of the themes and activities highlighted on the show are a sad reality, and are an open door for criminal exploitation.


License to own big cats, but not buy or breed them. But obviously there are ways to get round this...

The first step of this process is to apply for a government permit which will allow you to own a roadside zoo to show off your cats. Luckily, in many states in the US this is easy to do. 

If you claim to be displaying the animals as an ‘exhibitor’, you can easily obtain a licence from the United States Department of Agriculture (USDA) for as little as $40. As a criminal looking to exploit any system available for financial gain, this is a prime opportunity to use a cash heavy business to launder profits through:

  • purchasing exotic animals with funds gained illegally

  • faking the sale of exotic animals to justify the transfer of funds

  • inflating the number of visitors to account for the increase of funds on the accounts

  • inflating construction costs for the park itself

  • inflating costs of upkeep for the animals and park


When applying, not much is asked about the applicant; as long as you have a social security number, you are eligible to exhibit big cats. Multiple previous convictions? Not a problem. Jeff Lowe and Mario Tabraue had convictions, including jail time, but this did not raise any red flags when submitting their applications. Surely, in a trade such as exotic animals where there are easy ways to make illegal profit, deeper checks into applicants should be crucial. It seems like the USDA just want to check you can pay them, rather than recognising the risk that is created by this lax entry criteria. 


Joe who?

Whilst there is nothing illicit or illegal about changing your name, it can make tracing ownership and finding records and media related to a person more difficult than for someone who has had one, or maybe two, registered names. The first thing to note about Joe Exotic is the multitude of names which he goes by. In court documents he is often referenced by upwards of five different names. Joe has been married three times, and has changed his name each time, sometimes making a double-barrelled name. He also has his ‘stage name’ of Joe Exotic, which he uses in everyday life. Information such as previous names, or aliases that an individual goes by can be crucial when assessing what risk an individual may pose. For example, adverse media checks conducted on only one of Joe’s many names may yield very different results compared to a search on a different alias. 

Old zoo, new zoo

When trying to hide assets, or even evade taxes, you may consider shutting down an existing business, and opening a completely new and fresh one. All the assets of the old business can be moved to the new business, however they are now under a separate legal entity, and in the case of tax evasion that business is unlikely to have any taxable profits. 

In legal records from the case between Joe Exotic and Big Cat Rescue, we found some interesting narration around the creation of a ‘new zoo’, and dissolution of the ‘old zoo’. The G.W. Exotic Animal Memorial Foundation, referenced as the ‘old zoo’, was created in 1999 by Joe Exotic and his parents, Shirley and Francis Schreibvogel. Shortly after the lawsuit in 2013 involving Carole Baskin and the $1 million judgement, a request was made to the Oklahoma Secretary of State by John Finlay (the old zoo’s vice president/director, and Joe Exotic’s husband at the time), to request a reservation of the name “The Garold Wayne Interactive Zoological Foundation", and a day later The Garold Wayne Interactive Zoological Foundation (‘new zoo’) was incorporated. The incorporation of the new zoo was paid for using the funds of the old zoo, the old zoo was then dissolved, and within this dissolution assets including vendor accounts and the gift shop inventory were transferred to the new zoo. However, the new zoo did not assume any of the old zoo’s liabilities. 

On paper, the two companies are different. Different names, possibly different ownership/management hierarchy structures - however it is clear to see that these two companies are intended to do the same thing, benefit the same parties, and ultimately have been created to hide, disguise, and try to put assets out of reach. This is an age old trick, and not one unique to the big cat or roadside zoo industry. As a result, law enforcement and the courts are well aware of this tactic. The court case recognised the new company was just being used as a vehicle to move and hide assets, and ordered the newly created Garold Wayne Interactive Zoological Foundation to also be held accountable for the $1million judgement in the lawsuit. If you are trying to hide your assets, it would be wise not to try this while in the middle of a court case when you are already under scrutiny of the courts. 

Keeping it in the family, and under the radar

Ultimate beneficial ownership (UBO) is a hot topic at the moment, particularly in the UK, where it is a legal requirement for all companies to disclose their ultimate owners to the corporate registrar. However in the US the landscape is wildly different. No state currently requires a company to declare the UBO, meaning it is easy to disguise the true beneficiary of a company. There is even talk at the moment within the US of relaxing the rules further in light of COVID-19

Complex ownership structures can be exploited to hide assets, and conceal individuals’ investments and involvements in business ventures. Joe Exotic made use of this tactic, and is even heard within the docuseries saying proudly to the camera, “Look around! I don’t own anything!”  When we had a look at some of the court documents surrounding the Tiger King, Joe was indeed right. He didn’t appear to own any assets at the zoo, or the zoo itself. 

As mentioned in the previous section, the original GW Zoo was founded in 1999 by Joe, under his original name of Joe Schreibvogel, and his parents Shirley and Francis. It is quite clear from the show that the zoo is Joe’s, legally or otherwise; he makes all the decisions and it is his responsibility to run it day to day.

The Big Cat Rescue Group settlement agreement outlined the continued involvement of Shirley in the zoo’s finances, without her having much actual involvement in the zoo itself. On paper, Shirley was the landowner and leased the land to the GW Zoo; however the settlement stated that these were not ‘arm’s length’ leases, and instead were used to transfer funds and assets to Shirley, so that they would remain out of reach of the ongoing lawsuit against GW Zoo/Joe Exotic. 

The settlement also states the ownership status of many vehicles and trailers within the zoo, and surprise surprise, they are all owned or leased by Shirley. Once again, this is a ploy to move all of the assets out of Joe’s name, and therefore supposedly out of reach of the court case. 

Lions and tigers and bears, oh my!

Arguably the most important aspect of establishing a zoo is the animals. 

You may think that getting hold of exotic animals would be difficult, but in many states it is simpler to purchase a tiger than to adopt a puppy. The Endangered Species Act of 1973 makes it illegal to sell endangered wildlife interstate or through foreign commerce in the course of a commercial activity. However you can be exempt from this Act if you are a USDA licensee, which is relatively easy as shown at the beginning of this piece, or an accredited sanctuary.

If we look at how Joe Exotic accumulated more than 200 tigers within GW Zoo, this was primarily done through breeding at the zoo. To care for a tiger, the food cost alone is between $7,500 and $10,000 per year, therefore Joe was not able to keep the whole litter and would sell the cubs. With the price of a large cat ranging anywhere from $900 for a bobcat to $7500 for a tiger cub, you can see why this is an attractive business and why Joe Exotic sold 168 tigers between 2010 and 2018 (the below map shows the far-reaching transfers of tigers from GW Zoo). Before 2016, there were fewer restrictions on the sale of captive-bred tigers as they were not considered important to conservationists and therefore could be freely traded, making it easier to trade across state lines. 

map.png

As you can see from the above, the amount of money that passes through a roadside zoo can be extensive, and this isn’t even including the admission and tour fees - some establishments charge nearly $400 per person for a tour. 

Not only can a zoo be used to move funds from other illicit activities, but there is great opportunity to use the zoo to commit illegal acts:

  • Purchasing or selling endangered wildlife in a banned state or without the appropriate licence 

  • Trading wildlife that has been illegally obtained 

  • Laundering cash through inflating prices of wildlife sales

  • Storing illegal drugs, as allegedly done by Mario Tabraue, who appears in the docuseries, before his arrest in 1987. 


The purchasing, breeding or exhibiting of exotic wildlife without the appropriate licence is illegal and therefore makes these animals criminal property. Profits from the subsequent trade of these animals are therefore the proceeds of specified unlawful activities (SUA), and money laundering is added to the long list of crimes that can be committed by these zoos. 

So where do I sign up? 

Absolutely do not set up a roadside zoo. 

The opportunities to conduct financial crime from a roadside zoo are extensive. The process of constructing a zoo itself presents the perfect opportunity as you can deal with high amounts of invoices for builders/supplies and deal with cash intensive industries to move illicit money. The subsequent running of the zoo creates more opportunity from buying and selling exotic wildlife illegally, to moving illicit funds through the zoo with inflated ticket prices and upkeep of the park. And as with other business types, you can set up constantly changing complex ownership structures to hide your assets.

As we have shown throughout this analysis, things aren’t always as they seem. Something that from the outside may look like a legitimate business can be used in numerous illicit ways. For financial institutions that service corporate clients, it is vital to analyse the industry lists in the context of your product offering, jurisdictional coverage and client base and see if something that might generically pose a low risk of financial crime, could actually be used extensively for financial crime purposes.  Hopefully this article has given you some red flags to watch out for, such as unnecessarily complex ownership structures, repeated changes in ownership, multiple name changes or aliases, or historic involvement in lawsuits or criminal prosecutions.

Get in Touch

If you are interested in speaking to the FINTRAIL team about the topics discussed here or any other anti-financial crime topics, please feel free to get in touch with one of our team or at contact@fintrail.co.uk.

Relationship Management During Covid-19

We don’t really do the whole cold-calling thing at FINTRAIL. We are all pretty personable and we love to get out and chat to industry peers, whether over a coffee or a cheeky glass of wine. This is our best and most powerful way of building strong relationships with the community. So when Covid-19 emerged and we were all put on lockdown, naturally this put a spanner in the works for us at FINTRAIL. Remaining open minded and not being afraid of taking on the difficult challenges, we knew we still had to reach out to our network.

However, after week three of lockdown, as it dawned on everyone that we were in this for the long haul, the community remained strong. We found the majority of people were more than happy to have a 10 minute phone call/video chat. I can only put this down to a severe and sudden withdrawal of human interaction and a realisation that this was a long term predicament.

Below is a light-hearted summary of the reality of the effects of the lockdown:

  • No one has worn proper clothes for a while; changing out of yoga pants and hoodies to put on “real” clothes seems absurd now. Which ties in with point number 2..

  • There is a general worry that no one will fit into their “real” clothes again as the daily step count has gone from 10,000 down to 100.

  • Most people are binge watching Tiger King, except me who is binge watching Billions (in both cases, we’re classifying these shows as work-related “research”).

  • A home workout was attempted 3 weeks ago, but you forget how loud the music is in a gym class; it blocks out certain noises. I could very clearly hear myself gasping for breath which was enough to put me off trying that again.

  • I have found common ground with others, who like me, walk over to their fridge, open it, stare inside and sit back down again. We have a secret hope that a magical bar of chocolate (that we didn’t put in there) will appear. Leading onto number 5..

  • As that magical chocolate bar didn’t appear, some resorted to eating their Easter eggs a week before Easter.

We are all experiencing the same thing in varying degrees; whether that be trying to homeschool two kids while working from home, having your dog barking in the background just as it’s your turn to speak on a conference call or needing a banner that pops up at the start of every VC call saying “this is not my house, don’t judge me on my parents’ decor”.

If you fancy a break and a random chat, feel free to contact us at FINTRAIL; after all we are all human. There’s a time for business and a time to be human (who knows, we might even manage to have a productive conversation and do both)!

Keep Calm and Keep Planning: Pandemic Planning for FinCrime

No business sector has been left unaffected by the outbreak of the coronavirus. The financial sector, including FinTechs, is no exception. In times like this, working together as a community is more important than ever.

This document collates examples of how COVID-19 has impacted the FinCrime operations of FinTech FinCrime Exchange (FFE) members and how the teams have responded as they pivot to almost exclusively remote operations, as well as presenting some best practice guidance for a business continuity plan (BCP) and remote anti-financial crime (AFC) compliance.

It looks at how international bodies, financial regulators and law enforcement agencies across the globe have responded so far to the ongoing coronavirus situation, highlighting specific areas FinTechs should focus their attention on. 

The document also discusses differences between traditional business continuity planning and pandemic planning which may present unique challenges to Fintechs management teams. Finally, in its annex, the document collates information on COVID-19 related scams divided into four categories: imposter, product scams, investment scams, and insider trading. 

This guidance is based on research conducted by FINTRAIL across the FFE community. This includes a survey sent to all global members, review of 31 responses, 15 follow-up interviews, and additional research and analysis conducted by FINTRAIL. The survey and interviews were conducted during the week commencing 16 March 2020.

A black line drawing of the FinTech FinCrime logo and accompanying text title
 

With thanks to members of the FinTech FinCrime Exchange for sharing best practices.


How Social Media is used to Further Financial Crime - Part 1

Introduction

Facebook, Instagram and other social media platforms have created simple methods of association. This in itself is both social media’s greatest strength and greatest weakness. You can share friendships globally but those with nefarious intent also have the mechanisms to create connections and identify vulnerable individuals that can be exploited to further their criminal activity.

Over the course of one week (pre-Covid-19 crisis) and as a follow up to our last article on this topic “The Role of Social Media in Furthering Financial Crime”, FINTRAIL conducted research on three key social media platforms, to assess the exposure of the platforms to financial crime activity - specifically money muling. This exercise should be considered a basic benchmark of the problem; our analysis suggests the scale is significant and likely to be systemic to the way money mule networks operate. This is further emphasised when you consider all the available social platforms likely to be used and private/DM functionality that keeps much of the content private. 

Methodology

Research material was obtained through passive observation, some of the groups identified were joined but at no time was there any form of direct engagement. FINTRAIL used four basic money-mule associated search terms to pre-identify accounts of interest and those assessed to be associated with potential mule activity. These were then manually reviewed to assess the group activity.

For this benchmarking FINTRAIL focused on three platforms; Facebook, Twitter and Instagram. The below infographic depicts the findings. Note: there has been no formal network analysis done to identify any crossover between platforms.

Findings

Image with textual findings of money mule search terms across social media, with images on the right hand side of examples of the types of messaging that is seen on social media.


Summary

Pre-Covid-19, many people were already anxious about their financial situation, making them vulnerable to exploitation by criminal gangs seeking to develop mule networks. Research completed by Barclays revealed 6 in 10 people (60%) of respondents were worried about their finances on a weekly basis. 

Since Covid-19 started to bite globally, significantly more people have become financially vulnerable with more people out of work and in dire need of money to cover living costs. These factors create the ideal conditions for criminal gangs to target the vulnerable and there is likely to be a significant increase in the number of people who fall into the trap of money muling.

We will be investigating further into this topic in Part 2 looking to provide some practical information that social media platforms (and others) could use to help in identifying and preventing this kind of activity.


If you have any comments or would like to discuss the issues in this post, or wider anti-financial crime topics, please feel free to get in touch with one of our team or at contact@fintrail.co.uk

Stop. Collaborate and Listen

In our latest thought leadership piece we explore the idea of collaboration. This joint piece between FINTRAIL/FFE and RDC demonstrates the vital role that collaboration plays. We discuss the impact it has on the global fight against financial crime whilst highlighting some of the current collaborative efforts within both the public and private sector to date, showing their effectiveness within the FinTech and Banking industries.

Our ultimate conclusion is that the dispersal of information to a variety of individuals closely involved in the fight against financial crime is essential to any successful AML initiative.

Celebrating International Women's Day at FINTRAIL

Purple banner for with the logo and title for International Women’s Day with #EachForEqual and #IWD2020

International Women's Day (8th March) is a global day celebrating the social, economic, cultural and political achievements of women. The day also marks a call to action for accelerating women's equality. At FINTRAIL we are committed to equality and wanted to join in celebrating the women that contribute to making FINTRAIL a great place to work.


Photo of Gemma Rogers Co Founder at FINTRAIL

Gemma Rogers

I co-founded FINTRAIL in 2016.

“My FINTRAIL highlight so far was realising that we had achieved gender parity among our leadership team. 💪”


Maya Braine

I’m the newest member of FINTRAIL, and joined the team two months ago.  

“I joined FINTRAIL because I wanted to work in a dynamic, growing team where I could challenge myself, take the initiative, and feel my contributions make a real difference.”

Maya Braine - Senior Consultant at FINTRAIL

Payal Patel - APAC Managing Director at FINTRAIL

Payal Patel

I have been part of the FINTRAIL team for almost a year.

“My plans for FINTRAIL Asia this year are to continue to work with the most innovative and exciting FinTech companies in the region and to expand the rapidly growing FFE network.”


Lauren Vincent

 I have been part of the FINTRAIL team for 8 months.  

“The best part of my job is how much knowledge I am able to gain from my colleagues on a day to day basis.’'

Lauren Vincent - Global Team Coordinator at FINTRAIL

Danielle Jukes - Consultant at FINTRAIL

Danielle Jukes

I have been part of the FINTRAIL team for 4 months.

“If I had to sum up the FINTRAIL team I would say that we’re a diverse team and all share a passion for our work.”


Meredith Beeston

I have been part of the FINTRAIL team for 2 and a half years.

“I chose to work in FinTech FinCrime because I wanted to work alongside a growing industry and help find innovative ways to use technology in the fight against financial crime.”

Meredith Beeston - Consultant at FINTRAIL

Photo of Ishima Romain - Analyst at FINTRAIL

Ishima Romain

I have been part of the FINTRAIL team for almost 3 years.

“The top 3 things I've learned during my time at FINTRAIL: Personal - a traditional background isn’t required to be part of FINTRAIL. Technical - many processes that businesses conduct independently, as they usually align to wider controls, should be done collectively. General - to be adaptable in this ever evolving disruptive industry.”


Rachel Clark

I have been part of the FINTRAIL team for 6 months.

“This year I am most excited about hearing the new FFE Podcast which will give interesting insights into individuals experiences with FinCrime in the FinTech sector.”

Photo of Rachel Clark - Consultant at FINTRAIL

Investor Due Diligence: A Two Way Street

Zopa: Scandal in the Boardroom

Last week, UK peer-to-peer lending firm Zopa found itself in the news when board member Kapil Wadhawan was forced to resign following his arrest in India over money laundering allegations.  Wadhawan, the chairman of Wadhawan Global Capital and the owner of a large property finance group in India, co-led a £32m investment in Zopa which secured him a seat on the company’s board.  He was arrested by the Enforcement Directorate, an Indian government agency responsible for policing financial crime, in late January in connection with a money laundering probe.

This incident highlights the importance of knowing who you’re doing business with - not only employees, partners, and vendors but also investors.  In the thrill of securing financing, it can be tempting not to scrutinise your potential backers too closely, but as the Zopa case shows this is a potentially risky area.  This is the start of a long term partnership, so both sides need confidence in who they’re dealing with. “Investor due diligence” should cut both ways, and target companies should be prepared to conduct “know your investor” research.  Investors with poor reputations can have a knock-on effect on portfolio companies’ credibility, and their ability to raise future funds. And in a worse case scenario, these companies could even find their investors or directors involved in criminal proceedings, as in the Zopa case, or discover that the investment consisted of illicit funds.  

Doing your Homework: Reputational and Integrity Due Diligence 

Reputational and integrity due diligence should form part of the wider due diligence process alongside financial, commercial and legal diligence, and is vital for understanding financial crime risks.  It can be relatively straightforward to ascertain the track record and reputation of well-established investors, but for more niche investors, those based overseas, or new figures in the market, this may not be so straightforward.   

The obvious questions for an investee to ask are whether the investors are well-established figures with a good track record and a logical interest in investing in the company in question.  How long has their firm been incorporated, has it made successful investments in the past, and does it have discernible experience in the sector? Does it seem to be in good financial standing?  Are there any indications the investors have been involved in any previous scandals or legal or regulatory issues? It’s also important to understand their modus operandi and if they have ever been involved in dubious or aggressive business practices, or disputes with partners, competitors or other investees.  This may involve determining if they are the subject of any inquiries by regulators or law enforcement agencies which haven’t yet reached the stage of formal proceedings.

In addition to the above, there are further issues to consider for investors from overseas jurisdictions with lower standards of transparency and higher levels of financial crime.  What is the source of funds - how did the investor initially make their money? In some countries, analysing this information may require understanding of the country and its history - for example, anyone who established their fortune in Russia and the former USSR in the privatisation programmes of the 1990s.  In many countries, it will be important to understand political patronage - whether your investors have political influence or connections, whether this could have helped them make money illegally or unethically or to avoid legal actions, and whether their position may be threatened by changes to the current political regime.  

Sources of Information 

In practical terms, where can investees find the answers to these questions?  They will likely start gathering information in-house through basic steps like online research - sources like the investor’s own website, news reports, and Google searches.  Speaking to others in the marketplace will help provide a sense of the investor’s track record and general reputation. To ensure consistency and transparency, investees can implement an ‘investor due diligence’ process (a project which FINTRAIL is ideally placed to facilitate), which in many ways mirrors a customer onboarding process.  It will allow the investee to make sound, defendable decisions by establishing a methodology to collect consistent information from defined sources, analyse it in line with clear criteria and parameters, and establish transparent escalation and decision-making processes.

In some cases, it will be advisable to seek expert help in conducting this due diligence research, especially if early red flags are identified or if there are discernible high-risk factors such as the investor’s main country of operations.  Expert due diligence research will look at the online sources mentioned above plus specialist media databases, local and overseas litigation and corporate records, regulatory watch lists, foreign language media reports, and cached online materials.  If required, researchers can also conduct enquiries with human sources operating in the relevant sector and country, to help explain the investor’s history, modus operandi, other business interests, perceived probity and general reputation. This is particularly useful in countries with undeveloped media landscapes, poor press freedom, or limited public records.  Appropriate sources may include founders or employees of existing portfolio companies, other investors or business figures operating in the sector, journalists, and former partners or employees. Conducting successful enquiries requires an excellent network of contacts, as well as understanding the specificities of the investor’s operations, in terms of the sector, type of business, and jurisdiction.  

FINTRAIL’s Experience

The FINTRAIL team has extensive experience in both designing due diligence processes and conducting reputational and integrity due diligence.  We have lately finished building and implementing an investor due diligence process for a UK-based FinTech. We have also recently worked with a client to conduct research on a potential investor, in a case which showed clearly how important it is for growing FinTechs to identify the right partners.  FINTRAIL investigated a venture capitalist from Russia looking to invest in a UK-based FinTech, using our expert country knowledge and language skills; searches in Russian, US and EU litigation and bankruptcy records, criminal records and regulatory agency checks; and adverse media research in English and Russian.  This uncovered concerns about the investor’s source of wealth and modus operandi including political connections to the Kremlin, business interests in opaque jurisdictions held through apparent shell companies, and UK corporate interests which bore similarities to those of the Hajiyev family, the subject of the UK’s first Unexplained Wealth Order (UWO).  These concerns ultimately led to the FinTech deciding not to accept the investment - a potential disappointment in the short term, but an important decision to head off major issues in the future. 

Get in Touch
If you are interested in speaking to the FINTRAIL team about due diligence or any other anti-financial crime topics in an increasingly digital FinTech world, please feel free to get in touch with one of our team or at contact@fintrail.co.uk

FINTRAIL's Fave Podcasts

Like everyone, the team at FINTRAIL are living for podcasts at the moment. Whether we are on our daily commute or grabbing a coffee we are tuning into our favourite shows. For those of you that are keen to explore some new FinTech/ FinCrime related podcasts - here are some of our recommendations:


Payal Patel - APAC Managing Director at FINTRAIL

FinTech Insider / Blockchain Insider

“I love the variety and quality of speakers and the relaxed, but informed style of both these podcasts which cover the most recent developments in the FinTech and Blockchain world. Living in Singapore, these shows provide me with the regular global update and industry expertise I need.”


Gemma Rogers - Co Founder at FINTRAIL

Bribe, Swindle or Steal

This podcast by the anti-bribery business organisation TRACE International looks at examples of financial crime cases and typologies, and at what can be done to tackle them through interviews with experts in the field.  The topics covered are really varied - regulatory developments and best practice, diverse crime types such as doping in sport or wildlife poaching, and major international scandals such as the Luanda Leaks and the Volkswagen emissions scandal. Having this broad scope and including interviews with such diverse practitioners throws up interesting perspectives and shows how many forms financial crime can take.


Maya Braine - Senior Consultant at FINTRAIL and MENA specialist

Caliphate and Conflicted

I’m pursuing an extremism and terrorism financing theme at the moment.  Caliphate is a series following Rukmini Callimachi of the New York Times as she reports on the Islamic State and the fall of Mosul. You are hooked from the very beginning and the insights provided on the inner workings of ISIS are fascinating. And for even more incredible insider information, I recommend Conflicted by Aimen Dean, a former jihadist turned British double agent inside Al Qaeda. This podcast combines incredible first-hand insights with expert analysis, and breaks down the complexities of history, religion and politics of the Middle East and puts them in a global context.


John-Paul Eaton - Global Community Director at FINTRAIL - FinTech FinCrime Exchange

The Missing Cryptoqueen by Jamie Bartlett

The pyra-ponzi scheme that shook the world. The ‘Bitcoin killer’ that through an elaborate social engineering scam destroyed thousands of families and swindled billions of dollars. We were extremely privileged to have Jamie Bartlett share his OneCoin investigation at FFECON19. And through the FFE community, it has been awesome to open doors for Jamie to take his investigation to the next level. Breaking News: there will be a Missing Crypto Queen TV series.  Can’t wait for Jamie to share his progress at FFECON20!


Robert Evans - Co Founder at FINTRAIL

Financial crime matters with Kieran Beer from ACAMS

This is my go to for all the latest insights on trending Financial Crime topics.


Get in touch to let us know what your favourite podcasts are- we are always keen to add to our ever-growing list. Happy listening.

FINTRAIL's Focus for 2020

At FINTRAIL, like many of the clients we work with, we like to be as transparent as possible about our plans, successes and failures.  So with that in mind, Gemma and I wanted to write a quick summary of 2019 and give you a view on what we are planning for 2020.

Thanks to our amazing team, partners and clients we had a pretty awesome 2019! We worked with over 30+ different FinTech and financial institution clients across Europe, Asia, North America and Latin America. 

Amongst other things, the FINTRAIL team have helped our clients build compliant FinTech products, transform legacy financial crime infrastructure, conducted audits and worked with leading technology, people and process to change how modern financial service providers can address the threat of financial crime.

Additionally, we have continued to invest in and grow the global FinTech FinCrime Exchange (FFE), we now have over 170+ FinTech firms big and small that have joined the fight against financial crime across the US, Europe and Asia.

As we continue to grow as a firm, we are of course going to see some challenges.  Firstly, setting a cohesive international strategy is hard, especially as a small and very busy team. Bringing the US and Asia markets online brought significant challenges, some of which we had just not thought about. With so many ideas on what we could and can do, it can be difficult to curb our enthusiasm sometimes. I think it would be fair to say that 2019 was a year of learning on this topic but we have taken that onboard and are now accelerating in to 2020.

We built out our team significantly - clearly this is a brilliant problem to have - but we did have to think more carefully about the culture and structure of our team. Just throwing bodies at an opportunity is not the right answer but we really think we have made great progress in refining what the FINTRAIL organisation and culture looks like and this will continue to be a constant priority for us moving forward.

Finally, I think it would be fair to say that as co-founders, we learnt a lot about ourselves in 2019. We have put a lot of effort into FINTRAIL and it is sometimes hard to step back and empower your team to take that forward. We are super fortunate that we now have a team that believes in our mission and have the enthusiasm and capabilities to take that forward. As a team and individuals we are not going to get everything right the first time but we are committed to learning at every opportunity and we aim to make FINTRAIL one of the best places to work, doing super important work for the best clients in the world. 

However, this is all history and we cannot take our eye off the ball. So 2020 is going to be an even bigger year for FINTRAIL our clients and community we support and and this is how we are going to do it:

Continue to invest in our consulting teams to bring our clients the best and most relevant expertise and support. In 2019 we grew our global team and launched our businesses in the US and Asia; we have seen a rapid growth in demand for what we do. Without the right people, culture and infrastructure we simply cannot do what we do.

In Asia, led by our local Managing Director Payal Patel, we are already working with some of the largest regional players to ensure they build robust anti-financial crime provisions into their products and business plans. Payal will be building out our regional offering and scale her team across the region over the course of 2020.

In the US, led by our local lead Megan Millard, we have been working with established global players to transform their vision of compliance and anti-financial crime as well as working with new and highly innovative businesses to ensure they start their journey in a secure and compliant fashion. There will be a big focus on the US market in 2020 as we continue to grow the business there.

In Europe, led by our local Managing Director James Nurse, we have been supporting clients big and small through their compliance and anti-financial crime journey. This shows no sign of slowing down and we will be bringing our specialist skills to new markets in the region and continuing to grow the team out to cover the different European jurisdictions.

Data, Data, Data - there is no question that the fight against globally connected financial crime requires us to take a connected, community and data driven approach to have any meaningful impact. Over the last 3.5 years through the FFE we have seen the power of connecting people and sharing insight.

We have been exploring what FINTRAIL and our FFE community can bring to this challenge and we think we have a way forward.

We have now agreed a partnership with one of the leading global RegTech providers to start connecting our global community in that fight through the development of real-time threat data sharing. Gasps I hear, what about data privacy? Well this is not going to be some half-baked attempt to deliver data sharing. FINTRAIL and our partner are doing this properly - we have an existing community of motivated and technically savvy FFE members who are proactively asking for this, we can leverage our connections with global regulators, law enforcement and wider privacy community to get this right. Combine that with leading technology and world-class technical expertise and we have a solid combination.

Are we going to solve it overnight, absolutely not but It is going to be a key priority for us and the FFE community over 2020 and coming years. More specific details will follow on this topic in the coming weeks.

Continue to grow the community. The FFE is unique. It is the only global FinTech community dedicated to the fight against financial crime - and it is free. It is something that all of us at FINTRAIL are extremely proud of and we would not be able to make happen without the support of our partners at Regulatory Data Corps (RDC). We have big big plans for the FFE for 2020:

Meet-ups - in 2020 we will be hosting somewhere in the region of 20 meet-ups across the three regions and our aim is to make these even more relevant to the community. We will continue to strive to bring the global FinTech community together in a common cause and have a meaningful impact on the scourge of financial crime.

Podcast - yes, that’s right 2020 is the year we are launching our FFE podcast series and it looks like it will be a cracker. We are going to use this opportunity to dive into the topics that matter to members and learn more about the people and issues that impact our lives every day. The 12 part podcast series will feature all three FFE regions and we can't wait to see this mature for the FFE community and other interested parties that want to learn a bit more about it.

Expert Working Groups - we want the FFE to have a voice that has tangible impact. In 2020 we will be hosting a series of Expert Working Groups that will bring together Compliance and Anti-Financial Crime leaders from across the FinTech and financial services industry to dive deep into the key topics affecting the industry and come up with a common way forward. We will then use that platform to bring about change through our engagements with partners, regulators, law enforcement and customer communities. 

Engagement with global law enforcement - in 2019 our team spent a significant amount of time engaging with law enforcement and regulatory enforcement bodies from around the world. This was about spreading the word about the FFE and educating on FinTech, but also the opportunities to collaborate effectively. We have built amazing relationships with partners such as the Metropolitan Police, City of London Police, HMRC, National Crime Agency, Europol, Department of Homeland Security, Federal Bureau of Investigation and many many others around the globe. This will continue into 2020 with even more vigour. The private sector has a critical role to play in supporting law enforcement efforts against criminality in all its forms and the FFE community is at the front of that effort.

FFECON - we had a ball at FFECON19 and based on the feedback we had after the event from all involved it is something that will be back for November 2020 (block your diaries). Our goal for 2020 is not necessarily to make this bigger for the sake of it, but rather focus on the quality of this event for our community and that is what we will achieve. In addition, we will be taking FFECON on the road for 2020, in either Asia or US market (TBC, so stay tuned) with the aim to make this forum accessible to the growing community and interested parties globally.

So there you have it, a transparent roadmap of what to expect from FINTRAIL and the FFE in 2020. It is going to be a blast but seriously hard work and I know the team at FINTRAIL are super focused on making this another year to remember. We can’t wait and on behalf of the team at FINTRAIL we wish everyone all the best for 2020!

If you would like to discuss the topics in this post, or if you want to know more about FINTRAIL and our 2020 plans, please feel free to get in touch with one of our team or at contact@fintrail.co.uk.

The Social Causes and Impact of Financial Crime - A Curve Talk

At this Curve Talks event hosted on 10 Sep 19, Gemma Rogers, co-founder of FINTRAIL, shared her knowledge about the socio-economic effects of financial crime. She tackled the individual-level impacts of crimes such as human trafficking and explore “why” this sits behind current anti-money laundering legislation.

Gemma has a passion for changing the terms of debate around financial crime risk management, debunking the lethargic tick-box concepts of old and focusing on intelligent, inclusive and business-focused solutions.

For more Curve Talks see https://www.eventbrite.co.uk/o/curve-19344651260

Slideshow

The Dangers around Data Quality: How Poor Data Quality Can Harm Your Ability to Fight Financial Crime

FinTechs and RegTechs are at the forefront of using data innovatively and efficiently to help facilitate everyday financial services. When managed correctly, this data can also help strengthen AML/CTF defences and help you pick out unusual or suspicious behaviour and customers. However, that doesn’t mean that FinTechs and RegTechs are immune to missteps when gathering, transporting and utilising data. When data quality goes wrong, the dangers can have a hugely damaging impact on the strength of anti-financial crime controls. Here are a few areas to take into consideration when evaluating how your data quality impacts your AML/CTF operation. 

What are the risks?

FinTechs tend to collect non-standard data on their customers. This not only covers the use of electronic ID verification, selfie matching and address verification technology, but also the collection of non-standard data points, such as IP address, geolocation and device ID. While this provides FinTechs with a number of benefits, including a more dynamic risk profile along with a more seamless user experience for customers, there can be major risks to meaningful financial crime prevention if the data collected isn’t robust. 

A FinTech could run into trouble if:

  • Non-standard data becomes limited data

    • This is when collecting less information from your customer and more information about your customer crosses the line into not enough information on your customer at all. Not only is there a regulatory implication of this, but it could also hinder your ability to implement a number of key financial crime controls - from transaction monitoring based on customer behaviour to customer screening against PEPs, sanctions and adverse media databases. 

  • The onboarding experience is over-prioritised 

    • One of the key benefits FinTechs offer is a more streamlined customer experience, so that customers can start using a product within a few minutes of signing up on the app or website. However, if too much priority is placed on having a seamless onboarding journey, it could lead to not enough information being collected on a customer to form a useful profile on their risk level and expected behaviour. FinTechs can consider limiting access to their product based on information collected or adding a few extra steps for customers deemed high risk in order to help combat this concern.

  • Data isn’t refreshed 

    • Obligations to know your customer don’t stop with onboarding; it’s imperative to keep customer data accurate and up-to-date. Without refreshing customer data, it may be more difficult to truly understand whether a customer’s behaviour is unusual or suspicious, and it may likewise become difficult to fully understand the risk they pose. 

  • Data is entered manually 

    • While most data a FinTech collects will be gathered automatically, some data requested from customers through in-app chats or help desks may require manual entry. Entering data manually, without robust four-eyes checks or routine assurance, can leave a FinTech open to problems from inaccurate data that can make it difficult to truly know who your customer is and their risk profile.

FinTechs can also run into trouble with gathering, analysing and responding to management information (MI). Especially when starting up and building out a compliance framework, MI collection, storage and analysis may not be their top priority. In the worst cases, important macro-level data on SAR volumes, customer breakdowns and risk types and TM alerts could go undervalued. Without regular MI collection, easy access to data and trend analysis, quality assurance on AML/CTF controls becomes more difficult. This has knock-on effects, making it harder to update your risk assessment and risk appetite and accurately reflect your product to the board and regulators. Poor MI can even prevent you from being able to advocate for the resources you need on a financial crime team.

What about RegTechs?

Given the digital and innovative nature of their products, FinTechs tend to rely heavily on RegTechs, especially at the point of onboarding. This means that it is incredibly important for FinTechs to understand how and what data RegTechs access, use and provide and consider how this can best support their AML/CTF operations. When considering the use of RegTechs there are some key risks that FinTechs should be aware of: 

  • ID&V Providers

    • RegTechs have spearheaded major innovations in digitising the ID verification process, making it easier to reliably onboard customers in minutes and spot fraud indicators that the human eye struggles to detect. The main data quality risk we’ve seen with ID&V providers is potential inaccurate transposition. In this case, data that is automatically pulled from ID and proof of address documents into customer forms and profiles doesn’t match the actual data on the ID. When data pulled from an ID is incorrect, it can lead to poor records being kept on a customer that make future customer screening and  investigation of suspicious activity more cumbersome, weakening the wider AML/CTF controls infrastructure at the FinTech.

  • Customer Screening Tools

    • The use of RegTechs for customer screening generally gives FinTech customers access to vast amounts of information that can be customised to the FinTech’s specific product offering and customer base. However, with the amount of quality data provided, there can still sometimes be gaps that need filling. Particularly with PEPs and their relatives and close associates (RCAs), we have seen databases missing key information, including dates of birth, photos, activity, nationality, citizenship and address. We have also seen the inclusion of deceased PEPs and RCAs and some PEPs and RCAs who haven’t been active for decades. When this information is screened against, it can be more difficult for an analyst to clear alerts and can generate large volumes of false positives that require clearance. 

Once again, MI is worth considering. When RegTech providers offer poor analytics on the services they are providing, that can be easily categorised and sorted, then their FinTech customers will have to rely on manual processes in order to gather and assess crucial information that informs risk and control frameworks. MI needs to be able to provide detail where required and show changes over time. Access is also critical; in our experience, certain RegTech providers’ systems are difficult to access, with support teams that take time to respond to requests for additional information. The best approach we see is when RegTechs and FinTechs work together dynamically in order to ensure information can be swiftly accessed.

Top Takeaways 

While many of the FinTechs and RegTechs we engage with are taking the needed steps to ensure the comprehensiveness and effective usage of their data, there are still some pitfalls that indicate the negative impact when things go wrong. There needs to be more awareness of how poor data quality can emerge and how it can affect our anti-financial crime operations. Ongoing quality assurance, testing and audit are essential to ensuring that we remain out in front of any potential data quality errors. 

So what should we do?

FinTechs:

  • Take a risk-based approach to KYC and the gathering of customer data, gathering more data on higher risk customers to ensure you’re able to understand their behaviour and your ongoing risk exposure. 

  • Perform regular KYC refreshes and take a risk-based approach to these as well, to ensure you have the highest quality, most accurate data on your customers.

  • Implement robust assurance on manual processes, perform rigorous testing on RegTech providers, and ensure financial crime compliance has input into data storage practices.

  • Collect MI on all key aspects of your anti-financial crime programme, including on customer risk, customer due diligence and screening, transactions, suspicious activities and exits for financial crime. This information should be regularly shared and easily accessible for the second and third lines of defence.

RegTechs:

  • Consider a data quality review by a third party to get ahead of any potential complaints that clients may identify when it comes to the data you provide and transpose. 

  • Internally review the transposition of data pulled from documents and other sources to ensure it is being accurately reflected. Consider implementing a human review element depending on the data quality risks.

  • Devote research analysts to building out PEP profiles to encourage more efficient alert clearance, and build in filtering options so that firms can filter out deceased or inactive PEPs, RCAs and sanctions targets. 

  • Build robust analytics and reporting functions with access that can easily be determined by clients to meet their specific needs. 

  • Ensure requests from clients for additional information are responded to promptly and properly, and that this practice is expressed within agreed SLAs. 


If you or anyone on your team would like to discuss or explore how data quality concerns may affect your company and what steps you need to take to improve your approach, please feel free to get in touch contact@fintrail.co.uk.

Addressing The Threat of De-Risking in Payments, Remittance and FinTech - Practical Advice

FINTRAIL co-founder Robert Evans recently spoke at the PayExpo MENA event in Dubai on the issue of de-risking, the impacts it is having on the correspondent banking, payments, remittance and FinTech sectors as well as offering business owners and leaders in the audience some practical advice on minimising the risk to their business. We thought it would be worth sharing some of the insight for our readers.

What is de-risking?

The Financial Action Task Force (FATF) defines de-risking as:

"Situations where financial institutions terminate or restrict business relationships with categories of customer to avoid rather than manage risk - such as respondent banks, NGO’s, gaming/gambling entities and money service businesses (MSBs)."

Within the financial institution community the term de-risking is seen as unhelpful, but we use it today as it has become a widespread and recognised label that carries a level of industry recognition.

As global correspondent and clearing banks have felt increased regulatory pressure in markets such as the UK and US, that has in-turn filtered down to regional correspondents, local respondents, issuers and all those that rely on the banks for their accounts and services. 

There has been lots of debate about the issue of de-risking, with papers published by industry, regulators and global bodies and many industry initiatives underway to address the strategic drivers behind the trend. We are not going to re-hash that content here but instead focus on it from the other direction - bottom up.

We want to give business owners and leaders some advice based on our direct knowledge of leading de-risking decisions and some of the drivers behind it, in order that vulnerability and weakness can be addressed.   

Reducing vulnerability to de-risking.

While we recognise that pan-industry efforts are critical to solving some of the fundamental drivers to de-risking (such as over regulation and cost of KYC), we also think as an industry we have not done enough to understand and articulate at a micro or individual level what drives some of the operational decisions that often lead to a de-risking or refusal to onboard scenario.

Historically during previous employment, our team have sat in client interviews, reviewed business profiles, business plans and looked at transactional flows that were very high risk, and in some cases that was totally new to those individuals we were talking to. Interestingly, and a cause for concern, was that some of the worst cases were not in those markets that were deemed to be traditionally ‘high risk’, but those within for example supposedly heavily regulated European countries. While we can potentially point the finger at the regulators and big bad banks, we think there is also a need for personal accountability amongst the industry, business leaders and individuals to look very carefully at their business models and ensure they understand the risks.

It will cost a bank somewhere in the region of £40-100k to onboard a new respondent, and it is not too dissimilar for payments firms, depending on the risk profile. In addition there are significant ongoing compliance costs that quickly mount up. In a high risk scenario annual due diligence could easily run to tens of thousands of pounds when you consider increased monitoring and onsite visitation requirements. In a pure correspondent banking scenario that is fairly easy to imagine but when onboarding or retaining a payments provider that is not so easy, especially where the margins for the bank are relatively small. Some of the core industry initiatives that are underway can and will drive down the associated costs, but making some of those items genuinely operational is still some way off.

All of this means that as a payment provider seeking an account or wishing to maintaining banking services you need to do everything you can to positively influence that risk vs reward equation. We are not going to focus on the commercials, especially as there may be little margin to improve that, particularly in the early days, but more on the risk side of the balancing act as that is one area we have seen can be significantly enhanced and make businesses more bankable.

FINTRAIL want to give you some simplified and distilled points drawn from direct experiences of assessing the risk reward equation - what were we and others really looking for when balancing that equation and how can you as a business owner and key industry leader help shape the tone of the discussion.

While some of these points may have slightly grand sounding titles or definitions, they are really real-world activities that will help you position your business and conversations far more effectively:

1. Understand and use a financial crime risk appetite.

All financial service firms should have an appreciation of their appetite for financial crime risk and how that correlates to their business strategy that in turn drives how you manage the day-to-day operations of your business. In simplistic terms we define a risk appetite as a formal statement of intent that guides and should underpin how you approach financial crime risk as a business and should really form part of your company DNA.

It is really important to acknowledge you can not operate a successful financial services business with zero financial crime risk, but you should be able to articulate and evidence how you are managing your business within a defined appetite that is based on an honest assessment of your control environment and the risks you face.

That is all very theoretical but how does this manifest itself in the real world? Your risk appetite is a neat and concise way to articulate your overall risk profile to a potential partner that further underpins your ongoing dialogue regarding controls and flows. It also underpins policy decisions about clients and markets as it can be used to guide strategy.

We have seen a number of beautifully crafted risk appetite statements but we continue to see very poor operationalisation of the intent behind the statement. You may ask why risk appetite is so important - and our answer is that the process of developing a risk appetite forces you to consider and genuinely understand your likely exposure to financial crime risk and possibly even more important, assess how effective your controls actually are.

If for example a business stated to us that they have no appetite for defence and arms related business, we would expect that it manifests itself in policies and procedures, restricting those clients at onboarding and in turn this should be further reflected in the transactional flow.

You must always allow a margin of error and potential differences in definitions but systemic failings call into question the efficacy of the control framework and would be an immediate red flag of wider issues.

2. Know and understand your customer base.

This links quite nicely to our observation about risk appetite and is one of the ways we would assess how a risk appetite is operationalised.

Would we expect you to know every single client by name? No, but you should have a view of your customer base and risk segmentation, especially when it comes to those customers that may fall into the high risk categories such as PEP’s or in a bank context, MSBs/payment firms.

It builds confidence that controls are well established and effective if you are able to accurately articulate the segmentation of your customer base and evidence that coherently. It also goes a long way to building open and transparent relationships with your partners as you are able to identify anything particularly high risk that you may wish to disclose or discuss. It is worth noting that depending on the exact nature of the transactional relationship, your partner will be able to see roughly what your customer base looks like so hiding it is not helpful. This will magnify the issues if something contentious is identified.

3. Transparency and Openness

We have always believed that fighting financial crime should be a team sport pan industry, between public and private sector and especially between partners. As an industry have we always approached it that way? Probably not but there is growing recognition that we need to do more.

When engaging with partners it is about building a relationship of trust and that requires transparency. Bring your partners along on your journey. If you have a weakness, don't hide it but explain what it is and what is being done about it - it builds trust.

Make sure you start your compliance dialogue at an early stage and take the time to understand the drivers on both sides of the conversation - it will help you articulate the message and information more effectively.

Make sure you clearly understand the questions that your partner is asking and they understand exactly what you need from them. We have seen confusion lead to a rapid break down in trust.

Additionally, try and make sure your data and materials are easy to understand and relevant. We are not suggesting you need beautiful designed templates and dashboards but it really helps the dialogue if your materials and data make sense.

4. Controls

We do not necessarily mean some of the more mundane items but more specifically, what you are doing to manage the higher risk business categories. For example are you processing payments from locations that may be transit countries for foreign terrorist fighters? How do you control and mitigate the risks of that?

You need to be able to clearly articulate to your partners what the risks are, what controls you are applying, and the icing on the cake is when you can evidence the control is effective.

One of the best working examples of this we have seen in previous employment was a UK based entity who had a relatively large component of gaming and gambling activity. Transactional analysis had identified what appeared to be fairly high risk activity that was on face value outside our risk appetite but our engagement with the client soon allayed specific fears as they were very quickly able to articulate precisely what additional controls they were applying to that activity, and prove effectiveness - we allowed them to continue to process that flow.

Their approach was so effective, because they had already done step 1, 2 and 3.

In Summary

We have deliberately simplified some points to fit them into a short article and we recognise that some of these items are not new and not necessarily easy to do, especially when you add scale and global presence into the mix, but hopefully the sentiment of what we are suggesting is evident.

Do we need to do more to address the strategic issues driving de-risking - absolutely. However there is also more self help that smaller businesses can do to engage effectively with partners at both the initiation of the relationship and an ongoing basis. We have seen first hand that there is far more that the industry can be doing to make themselves attractive customers, especially in the early stages where the commercials may not tip the balance in that all important risk vs reward equation.

The team at FINTRAIL are uniquely positioned to help organisations address the issues and challenges presented by de-risking and a risk-off appetite as well as supporting businesses to effectively engage Partners in higher risk scenarios. Please contact the team at FINTRAIL for further information.