MENA, USA, MEA, Europe, APAC
Maya Braine
Case Study: Digitisation Support
Case Study: Digitisation Support
Europe, USA, MENA, MEA, FFE, APAC
Guest User
FinTech Approaches to Sanction Regimes
FinTech Approaches to Sanction Regimes
APAC, Europe, USA, MEA
James Nurse
How to use Compliance as an enabler in Digital ...
How to use Compliance as an enabler in Digital Transformation
MEA
Guest User
Islamic FinTech and Financial Crime: A ...
Islamic FinTech and Financial Crime: A different risk profile?
Europe, USA, APAC, MEA
Guest User
How Social Media is used to Further Financial ...
How Social Media is used to Further Financial Crime - Part 1
, ,

2020 The Future of Financial Crime - MISC Journal

, ,

The past century has seen a huge shift in the financial services landscape – from the growth of retail banking (as we know it) in the late 1800s; to Diners Club developing the first credit card in 1950; and the elusive Satoshi Nakamoto’s invention of Bitcoin, the world’s first fully virtual currency, in 2008. The evolution in financial services has been complemented by the rapid development of enabling technology, the internet, a huge growth in connectivity, and the successful emergence of mobile and flexible payment channels. Collectively, these exciting developments are opening up financial services to new markets and users, as well as offering customers better value and more choice. With such developments – which are often rapid and occasionally chaotic – the risks and opportunities for both legitimate consumers and financial criminals have evolved and expanded. This article produced by the team at FINTRAIL explores the future of financial crime, its evolution and likely impact on the financial services industry as we move towards 2020.

 

 

Talent, Fintech & Compliance

Many companies now expend a huge amount of time, effort and money finding the right cultural and technical fit when it comes to recruiting new members of a team and this is no more prevalent than in financial services and FinTech. In this post we will explore what it takes to source top compliance and financial crime risk management talent for FinTech.

You can have the best business plan, latest systems and whizzy offices but unless your people have the right culture, technical competencies and personal attributes you will struggle to create the effective and sustainable results many businesses crave. While it is not new, it is certainly worth re-iterating from a compliance perspective that people are both a critical part of any business framework but they are also a risk. We will examine insider and conduct risk in more detail in a later post but for now we will focus on finding the right talent for your team.

We turned to our friends from FinTech legal and compliance recruitment company Series B and their founder Will Pedley who has placed dozens of professionals in the sector for his insights:

Question: When you are speaking with clients do they know what they are looking for in a compliance or financial crime hire?

Most clients are pretty clued up on what they need, but always appreciate some guidance. Some, of course, are completely new to the market or the geography and will look for advice, such as level of experience required for their business, salary, benefits, flexibility (including contract or permanent). My advice to any client would be to hire experience first and build a team around them.

Question: In your experience have you had any challenges finding good quality candidates to fill compliance and financial crime risk management roles for FinTech and new payment firms?

If you’re looking for experience, you’ll certainly find a great variety of quality candidates in the market, both contract and permanent. The difficulty is finding the right culture fit. There are a lot of great FinTech companies to work for and the space is becoming harder to define so, depending on what a company is looking for, you can spread the net quite wide into areas such as Media, Regulation, Tech and Banking, in order to find the skills and mind-set your client needs.

Question: Are firms/clients still recruiting generalist compliance roles or are they focusing on financial crime as a specific topic?

It depends on the size of the company and the team. If you’re a start-up with limited funds and it’s difficult to tell what you might need, then you’ll typically go for a generalist who possibly has a strength in a key area. If you have the resources to allow an individual to focus their time on a specific area of compliance, then of course you’ll consider narrowing your search. In the US, for example, licensing experience is important for payments businesses, but in the UK I tend to be asked to look for generalists.

Question: Where does financial crime risk management and compliance feature on start-ups’ priority list?

From my experience, it’s a key requirement that most companies are willing to budget for as an internal function. Occasionally a start-up might look for a contractor to set up procedures and put systems in place. I work with a lot of companies who need a compliance officer when applying for a license in the UK, so it’s not really a choice. Wherever you are, geographically, there are plenty of FinTech events and meet-ups, so business leaders are becoming more aware of what’s required. Strong data and financial security are all features a business should promote, so you should find start-up companies are prioritising compliance alongside product advancement and marketing.

Question: Are there any personal qualities you look for in candidates that make them suitable for compliance roles in FinTech?

Without a doubt, I look for versatility. Value for money is as important in FinTech as it is anywhere else, so I’m always looking for someone who’s actively sought to gain experience in a variety of areas as I think that reflects on their personality and, culturally, is something companies are looking for. With digital and commercial skills constantly improving and the ease in which candidates can find and apply for new roles, you need to be able to stand out and I think a strong work ethic is simply something you have or you don’t. A good compliance professional will see the value in the work they do and actively seek to generate solutions for their company, rather than close doors.

Question: What sort of experience would you be looking for and do you look for any specific qualifications?

It depends on the location of the role and the size of the business. Legal and compliance is becoming more of a dual role, particularly at a senior level, and so a legal background is always a plus. In the US, as I’ve mentioned, licensing experience is great for payments companies and an understanding of NMLS. Generally, you can’t go far wrong with industry experience but, naturally, if you have more strings to your bow then you have more to offer a new business. To counter that, however, as with many roles there are the more mundane, day to day elements that are as important as the varied, exciting projects and cases. I need to be able to find someone comfortable with the day to day, which is a skill in itself.

Question: Generally, what are candidates looking for when they move into FinTech and payments – is it all about the money?

Quite the opposite, it’s rarely all about money. Sure, people need to pay their bills and have a life outside of work, but candidates who really understand the industry realise that there is a real opportunity there. Experienced candidates want excitement and variety and to work with cutting edge products, surrounded by intelligent, forward thinking people. Add to all that the stock options, dress down offices, saunas, table tennis, flexible working hours and company holidays… I’ve seen candidates halve their salary in order to find a good role with a FinTech business.

Question: What excites candidates and how does FinTech compete with the high salaries currently offered in traditional financial services?

Candidates know they’re part of the future by joining a challenger bank or payments company. Of course, banks, hedge funds and the like are all looking into new technologies and creating ‘innovation labs’ and a department of intrapreneurs to better understand the technology, but they’re still seen as a bank or hedge fund. Pure FinTech businesses, particularly the new generation, are nimble, creative and exciting with an aggressive marketing strategy. There are risks, such as lack of funding, but RBS have cut nearly 3,000 jobs this year. The salaries aren’t that bad, in fact they’re very competitive, so with all of the above plus bonuses, stock and additional benefits, FinTech companies have a great offering in comparison with traditional financial services.

Question: Any exciting developments or areas of focus in next 12 months?

Personally I think it’ll be exciting to see how the rise of the challenger banks starts to turn out, both in the UK and in Europe. I was at the PayExpo in London recently and there were some great discussions on what actually makes these banks any different to the ones millions of us already use. Starling have just been granted their license and guys like Mondo, Tandem and Atom are gaining a lot of interest. Will they offer something truly innovative and disruptive? Time will tell; but competition always brings about great ideas and I’m looking forward to seeing what the next 12 months brings. And of course, with more companies using digital wallets and holding more consumer funds and data, the focus on compliance, data security and financial crime prevention, increases.

Brexit, FinTech & the Risk of Financial Crime

There is no denying the seriousness of the decision taken by the UK to leave the EU. Time will tell what the impact will be on the UK and Europe’s finances as well as the direct impact on the UK’s blossoming FinTech sector.

FinTech strategist Devie Mohan stated

A lot of London-based fintech startups are run by non-UK born entrepreneurs. This will now reduce, with difficult immigration and a reduced available market. London-based fintechs will now be looking at a more complex web of regulations and trading laws for UK and EU. Economies of scale will reduce. Survival will be harder! Berlin, Stockholm, Sin, HK will emerge as hubs.”

So what does this decision mean from a financial crime risk perspective for FinTech’s operating in the UK market?

Firstly let’s focus on AML and financial crime regulation. The UK is due to implement the 4th EU Money Laundering Directive (4MLD) by June 2017 . The 4MLD is enhancing existing regulatory standards already in operation across the UK and Europe and in fact the UK AML and counter-terror financing regulation is already front running the pack in its completeness and effectiveness. Amongst other factors the 4MLD provides additional requirements on the application of the risk based approach, identification of beneficial ownership, PEP identification and coverage of high value goods. These enhancements are based on the Financial Action Task Force (FATF) 40 recommendations and as the UK is member of FATF it would still need to comply with these recommendations, whether in the form of 4MLD or not. Brexit is unlikely to have any material impact on the requirement to enhance controls in-line with the FATF recommendations. Does this make things easier or more complicated for the FinTech sector? Our view is that companies need to focus on the risks they face first and regulatory compliance a natural second. So the requirement to understand and manage financial crime risks in support of sustainable business does not change. The long term regulatory landscape may look a little more complex but the short and medium term requirements based on FATF recommendations and 4MLD won’t change.

From an operational perspective what impacts may Brexit have?

As Devie Mohan quite rightly highlighted access to high quality resources may be impacted in the medium term by complexities in immigration rules and visa considerations. This may have an impact on financial crime and compliance expertise available to support the growth of FinTechs and the eco-system as a whole as recent history has shown a growth in resources coming from European countries to supplement the UK’s shortage in credible compliance resources across the whole UK financial services industry.  This may be antagonised by the unique skill-set required for a start-up environment where broad financial crime and compliance expertise (across all financial crimes) is required rather than very specific SME knowledge (such as AML only) required by many large incumbents. The reliance on outsourcing compliance processes such as KYC to eastern Eurpean countries such as Poland may also be affected by changes to information and data sharing arrangements although that may open up the market and competition even further.

Will financial crime risk increase?

There is no denying that difficult economic conditions and uncertainty can create conditions that increase the risk of financial crime. We do not yet know whether Brexit will cause a contraction in the UK economy but early indications of market reaction and pre-vote statements from the Bank of England suggest it is a possibility. A 2009 Time Magazine article titled ‘The Reason Fraud Spikes During a Recession” stated some interesting observations:

“a U.S. firm that runs compliance and corporate-governance hotlines for about half the Fortune 500, fraud-related calls amounted to 21% of all reports in the first quarter of this year, up from 14% in the same period in 2007.”

“A majority of members of the U.S. Association of Certified Fraud Examiners who were polled in February and March 2009 said they had seen the number of company fraud cases climb in the previous 12 months; the bulk of those experts attributed the rise to heavier financial pressure.”

“According to a survey published in February (2009) by British insurer RSA, 3% of adult Britons said hard economic times made committing insurance fraud more acceptable. We’re seeing that already: the number of fraudulent claims rose 17% in the U.K. last year, with commercial claims accounting for a third of their value.”

Additionally in January 2014 UK police records showed a 4 per cent rise in shoplifting and a 7 per cent rise in “theft from the person”, such as thieves snatching expensive mobile phones from passers-by. Nick Gargan, chief constable of Avon and Somerset Constabulary, told the Financial Times that police leaders were starting to talk about an “austerity bulge” in crime figures.

So an uncertain and distressed market can create a higher financial crime environment and set conditions for criminals to exploit the prevailing scenario although some of the statistics may be explainable by general social changes such as mobile usage.

What Next?

There is certainly no need to panic and in many cases it remains business as normal. Are we going to see changes and impacts – yes but the scope and scale will take some time to determine. However, it pays to be prepared and think these issues through carefully. At FINTRAIL we are able to support our clients during this uncertain period, whether enhancing risk assessments or helping structure your compliance plans in response to the Brexit decision.

, ,

Sucre Highs and Sucre Lows; Money Laundering and Virtual Currency

, ,

Sucre, the virtual trade currency set up to facilitate transactions between Venezuela, Ecuador, Cuba, Bolivia and Nicaragua, and subject to a 2014 investigation by the Ecuadorian authorities amid allegations of serious abuse and money laundering control issues, is still a relevant use case that demonstrates the importance of implementing the proper financial crime and network risk management controls to ensure that what was in essence a perfect solution to a commercial challenge is not undermined by involvement – albeit inadvert – in financial crime.

Background

Sucre, an invention of Hugo Chávez in 2010, stands for the Unified System of Regional Compensation (in Spanish) and is also the last name of the 19th century Venezuelan leader, Antonio José de Sucre y Alcalá. It is primarily a trading currency managed by a board of central bankers, which is used by importers and exporters to make and receive payments in their local currencies. As The Wall Street Journal points out, “Sucre’s appeal lies in its implicit payment guarantee…In a typical sucre transaction, a company in Ecuador sends the Venezuelan importer an invoice denominated in U.S. dollars, which is Ecuador’s national currency. The Venezuelan company then sends that invoice to the Venezuelan central bank, handing over bolívares. The Venezuelan central bank converts the bolívares to sucre and transfers the sucre to Ecuador’s central bank. There, it is converted into U.S. dollars, Ecuador’s national currency, and the exporting company receives its payments.”

Criminal opportunity

In 2014 a joint investigation between the Ecuadorian and Venezuelan authorities was launched into abuses of Sucre transactions, primarily focussed on the use of so-called “ghost companies” which over-invoiced for goods received and took advantage of favourable exchange rates, a common tactic used in money laundering. Ecuadorian newspaper El Universo and the Miami daily El Nuevo Herald reviewed and highlighted schemes involving various transactions carried out with Sucre currency. The investigation found that Sucre served as a platform for at least 60 Venezuelan companies and 30 Ecuadorian firms to carry out multi-million dollar operations involving fictitious exports and ghost companies — as well as bank accounts in Panama, the Bahamas, and Anguilla. Reporting indicates that at the time up to 5% of Sucre transactions were suspicious in nature – which FINTRAIL assess to be very high by current bank standards.

This is further compounded by allegations in the public domain that senior figures in the Ecuadorian and Venezuelan governments were privy to some of the money laundering schemes, specifically a company called Fonglocons (Global Construction Fund), which was incorporated just four days before the bilateral agreements between Venezuela and Ecuador were signed and which was created with the specific purpose of trading between the two countries. None of the allegations against Fonglocons has yet been proven, however.

On face value the potential attractiveness and vulnerability of the Sucre scheme to money launderers was clearly not fully considered in the strategy and planning mechanisms around the currency and its deployment, leaving it open to relatively easy misuse by criminal or otherwise corrupt enterprises, sullying its reputation as a reliable virtual trade currency and undermining its otherwise strong utility in markets trying to reduce their reliance on the US dollar. Appropriate network risk management through a comprehensive understanding of the threats facing a virtual currency such as Sucre and the implementation of a clear control infrastructure to mitigate particular vulnerabilities would likely have prevented such infractions.

, ,

The Reality of Financial Crime Risk in FinTech

, ,

As the global FinTech sector continues to grow – KPMG and CB Insights show the surge of investment continuing to a multi-year high of USD13.8 billion in 2015 – so are the instances of financial crimes at FinTech firms.  The examples of Trustbuddy, Mt. Gox, Ripple Labs and Ezubo (to name but a few) – which have been hit by financial crime scandals ranging from internal misconduct, money laundering, fraud and embezzlement – demonstrate this trend all too neatly, and underscore the need for FinTech firms, and their investors to ensure that the right financial crime risk management controls are in place, to protect their brands and their investments respectively.

Peer to peer (P2P) lending, mobile payments, virtual currency trading and crowdfunding platforms all offer an alternative and potentially more attractive solution to traditional banking. However, you only need to dig a little deeper to find examples of poor financial crime risk management, which if replicated across the FinTech industry have the potential to cause significant damage to the investment attractiveness of such firms and reputation of the industry.

Ezubo – where did all the money go?

Chinese courts last year handled 1.4 million cases involving P2P lending worth a total of CNY821 billion. As an example, just a few months ago, Chinese authorities pressed charges against Ezubo Ltd for defrauding investors out of CNY50bn through a Ponzi scheme. It is alleged that Ezubo sold fake investment products to nearly 1m investors, with promises of annual returns of up to 15 per cent.

The irony of Trustbuddy

Financial crime’s tainting of the P2P model is not confined to those markets with loose or limited regulation. Sweden-based Trustbuddy had a SEK 44 million discrepancy between the amount owed to lenders and the available balance of client bank accounts. This was discovered by the company’s new CEO, and just as he was hired, Trustbuddy filed for bankruptcy, with reports that internal misconduct had taken place since operations began in 2009.

Mt. Gox – on the rocks

In Japan, Mt. Gox, one of the world’s first BitCoin exchanges and at one point handling around 80% of the world’s bitcoin trades, filed for bankruptcy in 2014. The then-CEO Mark Karpeles was accused of manipulating trade volumes and taking JPY321 million from the company to fund personal projects. Interestingly Mark Karpeles had reportedly been sentenced to a year in custody on fraud accusations prior to founding Mt. Gox.

Ripple Labs – making waves for all the wrong reasons

In the US, Ripple Labs was subject to the first civil enforcement action brought against a digital currency exchange. The company reached a settlement with the US Department of Justice and Department of Treasury in excess of USD1.1 million, and admitted to not having an effective AML programme in placeIn the Financial Crimes Enforcement Network (FinCEN’s) ‘Statement of Facts and Violations’ report, it was noted inadequate KYC checks lead to a USD250,000 transaction taking place with an individual who had a previous federal felony conviction for dealing in, mailing, and storing explosive devices.

Crowdfunding – necesSARy notifications

According to FinCEN, there has been a 171% increase in Suspicious Activity Reports (SARs) filed between January 2015 and May 2015 for rewards-based crowdfunding, compared to those filed in the whole of 2013. Analysis indicates various forms of potential illicit use of platforms, including money laundering, fraud schemes, possible terrorist financing, and other criminal activities. It is important to stress that in the grand scheme of FinCEN SAR data the overall numbers of SARs associated with Crowdfunding are still relatively small.  The increase in SAR activity is likely driven by greater awareness of SAR reporting requirements, as well as the growing popularity of the product for ordinary customers as well as those with illicit intent.

The European Securities and Markets Authority (ESMA) has explicitly said:

“Investment-based Crowdfunding carries a risk of misuse for terrorist financing, particularly where platforms carry out limited or no due diligence on project owners and their projects. Project owners could use investment-based Crowdfunding platforms to raise funds for terrorist financing, either overtly or secretly.” 

So What?

There is significant opportunity for strong financial performance within FinTech and its various facets, but these examples demonstrate the risks as well as rewards that apply to founders, investors and customers of these firms. Understanding and mitigating the potential financial crime risks ensures the protection of investments and the regulatory and reputational longevity of a firm.

 

https://flic.kr/p/Cgp24k | Flickr Creative Commons Waves | The stormy seas crashing on the rocks by Chris Dine

UK Action on Money Laundering and Terrorism Financing

This morning Theresa May announced what is being touted as “the most significant change to the UK’s anti-money laundering and terrorist finance regime in over a decade“.

The Action Plan promises “A more effective response to the threat, so that resources can be better targeted at areas of real risk, for example by removing duplication or conflicting compliance advice, will help lift unnecessary bureaucratic burdens that do not contribute to the fight against crime and help resource be used better elsewhere.

The Government is committed to reducing the regulatory burden on business, which can distract or make it harder for companies to focus on real risks and will also ensure that any additional burdens placed on businesses and individuals are targeted, proportionate and justified by evidence of significant need.”

The Action Plan for anti-money laundering and terrorist financing outlines legislative as well as operational actions designed to improve the UK’s response to the threat posed from illicit financial activity. Annex B to the report is the Findings from the Call for Information on the Suspicious Activity Reports (SARs) Regime that also provides some interesting insight on the state of the UK regime.

A few observations:

  1. Joint Money Laundering Intelligence Taskforce (JMLIT) – is perceived as a success and is now being moved to a permanent footing. This is a positive endorsement of public/private partnerships and how sharing expertise and knowledge can have significant impact when countering complex illicit finance. However, one glaring gap is that the representative cadre is still focused on the incumbent financial institutions. As disruption of financial services continues and customers diversify to non-core solutions there is a critical need to proactively address the gap in representation from disruptors as well as non-banking financials. After all this is meant to be a plan for the future.

  2. The importance of information sharing – The Action Plan makes it clear that a key priority is improving the UK’s framework for public/private and international information sharing. There is currently massive complexity and inefficiency in global anti-illicit finance and establishing clear frameworks will breakdown the current silos and present huge opportunities for public and private sector stakeholders.

  3. A need for greater awareness and better training – The plan calls for Prevent campaigns to raise awareness across regulated professionals. Interestingly comments collated in Annex B highlight weakness in the UK reporting and SAR process due to a lack of quality training and knowledge on typologies or ‘what to look for’. Considering that many regulated companies and industries are required to deliver AML and associated training at huge cost would suggest that the current approach is not working and training solutions need to be improved to ensure they are effective.

  4. To what extent are non-banks exposed – Comments in Annex B state “The banking sector is subject to considerable regulation, and is responsible for most SARs. Criminals may have recognised this, and will use other avenues where there is less reporting. Improved oversight, and rationalisation of supervisors in some of the non-bank sectors is required to address this.” There is no denying that criminals are versatile and looking for vulnerabilities to exploit. Businesses need to be alive to this risk and proactively consider and address their frameworks to avoid becoming the target or vehicle of choice.

  5. Information sharing on risks and threats – Respondents in Annex B suggest SAR filing is hampered as there is not enough support available on typologies and threats to help identify suspicious activity. This has wider implications as the foundation of a good financial crime risk management framework has to be built on knowledge of the threats faced, vulnerabilities to those threats and the impacts they may have. A lack of knowledge of the threats and vulnerabilities facing a business has a material impact on the ability to implement proportionate risk management and creates a ‘compliance’ focused strategy.

These reports provide an interesting insight into the current state of UK anti-illicit finance efforts and the perceived priorities for action. How that materialises into physical effect will be interesting to observe.

E-Money, Pre-Paid Cards, Virtual Currencies and Terrorist Financing

Do the terror attacks in Paris and Brussels mark a significant shift in terrorist financing typologies and what does it mean for EU Law Enforcement?

Since we drafted our first post on terror financing (available here) there have been a number of key developments worthy of consideration and comment. Firstly there is now more information available on the financial activity of the Paris attackers. The French finance ministry’s intelligence unit Tracfin said prepaid cards, some bought in Belgium, were used to pay for cars and apartments used by the assailants in the 48 hours preceding the attacks. French Finance Minister Michel Sapin told a news conference attackers financed the assault by amassing several “tiny sums” which are hard to track, notably by using prepaid credit cards and “The cost of these latest attacks, the financing of the attacks, represents a sum not exceeding €30,000“.

Secondly Europe has witnessed a second major terrorist incident in Brussels on 22 March 2016. Media and government sources are suggesting that both the Paris and Brussels attackers are linked and potentially part of the same network. A great piece of visual analysis by the NY Times (available here) provides a clear picture of the social and geographic relationships between the attackers and support networks.

Image: http://www.nytimes.com/interactive/2016/03/23/world/europe/how-the-brussels-and-paris-attackers-could-be-connected.html?_r=1

Image: http://www.nytimes.com/interactive/2016/03/23/world/europe/how-the-brussels-and-paris-attackers-could-be-connected.html?_r=1

While details in the public domain remain scant it would not be a stretch to assess it as highly likely that the Brussels attackers and support network used similar or the same financing mechanisms to facilitate their activities. The volumes are likely to be broadly similar as they rented accommodation, purchased pre-cursor material, manufactured TATP, bought weapons (AK-47’s) and other subsistence. As noted by French investigators some of the pre-paid cards used in the Paris attacks were “bought in Belgium” and the close association between key facilitators in Paris such as Salah Abdeslam and Najim Laachraoui would create the right conditions for them to leverage proven mechanisms to finance the Brussels attack planning.

If our assessment is proved to be accurate it would be the second significant terrorist incident in less than a year where pre-paid cards and E-Money played a role in terrorist activities, albeit it as part of the same overall network. Additionally it is the second incident to go un-detected by EU law enforcement and while terror financing can be exceptionally difficult to identify due to the small sums involved, it highlights a potential intelligence and enforcement gap across new forms of E-Money and virtual currencies. When combined with the existing mechanisms of terror financing across global informal money remitters and physical cash, it makes for a growing challenge.

The UK National Risk Assessment (NRA) of Money Laundering & Terrorist Financing published in October 2015 stated “The money laundering risk associated with e-money (inc pre-paid cards) is medium, however terrorist financing risk associated with e-money is low.” It clearly calls out the challenge of E-Money regulation across the EU “At the EU level there are discrepancies between the 3MLD and the Second E-money Directive (2EMD). This has led to other EU member states applying discretion in the application of AML/CFT legislation to agents and/or distributors and different rules applying to different entities in the transaction chain. Passporting within the EU can add a further layer of confusion.” Significant is the admission that “Understanding criminal exploitation of the e-money sector remains an intelligence gap for law enforcement agencies. This is compounded by operational challenges. For example, in the majority of cases, prepaid cards do not carry a marking to differentiate them from other credit or debit cards”. 

It is interesting to see the sea-change in opinion between the UK NRA and comments driven through the EU by the French post Paris. On 02 Feb 2016 the European Commission released a statement outlining proposals to strengthen regulations and controls, proposing the following targeted amendments to the Fourth Anti-Money Laundering Directive by the end of second quarter 2016 (only relevant amendments provided in this post):

  • Ensuring a high level of safeguards for financial flows from high risk third countries: The Commission will amend the Directive to include a list of all compulsory checks (due diligence measures) that financial institutions should carry out on financial flows from countries having strategic deficiencies in their national anti-money laundering and terrorist financing regimes. Applying the same measures in all Member States will avoid having loopholes in Europe, where terrorists could run operations through countries with lower levels of protection;

  • Centralised national bank and payment account registers or central data retrieval systems in all Member States: the Directive will be amended to give Financial Intelligence Units easier and faster access to information on the holders of bank and payment accounts;

  • Tackling terrorist financing risks linked to virtual currencies: to prevent their abuse for money laundering and terrorist financing purposes, the Commission proposes to bring virtual currency exchange platforms under the scope of the Anti-Money Laundering Directive, so that these platforms have to apply customer due diligence controls when exchanging virtual for real currencies, ending the anonymity associated with such exchanges;

    • As a first step the Commission will propose to bring anonymous currency exchanges under the control of competent authorities by extending the scope of the AMLD to include virtual currency exchange platforms, and have them supervised under Anti-Money Laundering / countering terrorist financing legislation at national level. In addition, applying the licensing and supervision rules of the Payment Services Directive (PSD) to virtual currency exchange platforms would promote a better control and understanding of the market. The Commission will examine this option further. The Commission will also examine whether to include virtual currency “wallet providers”.

  • Tackling risks linked to anonymous pre-paid instruments (e.g. pre-paid cards): the Commission proposes to lower thresholds for identification and widening customer verification requirements. Due account will be taken of proportionality, in particular with regard to the use of these cards by financially vulnerable citizens.

    • In order to address the above concerns, the Commission will present further changes to the AMLD, which could focus in particular on reducing existing exemptions such as thresholds below which identification is not required, notably for cards used face-to-face, and requiring customer identification and verification at the time of online activation of the prepaid cards. The Commission is currently exploring the detailed design of such measures, taking into account their impact and the need for proportionality.

While it is far too early to suggest we are seeing a wholesale change in how terror financing is being facilitated it is important to recognise the important milestone these incidents represent. The apparent success of the Paris and Brussels attackers to go un-detected during a period of what can only have been relatively intense attack planning is likely to highlight the vulnerabilities in intelligence coverage and general knowledge amongst regulators and law enforcement of these products and the associated risks. A challenge the industry and regulators will always face is balancing the benefits new products and technology bring against the risks. What is clear is there is a need for industry to further increase education and awareness efforts with regulators and law enforcement, closing the gaps and setting the conditions for a sustainable long-term relationship.

 

, ,

Learn From History; FinTech, New Payment Methods, Correspondent Banking and Financial Crime

, ,

FinTech should take advantage of the lessons learnt the hard way by established correspondent banking institutions, avoid repeating history and emerge stronger.

Established financial organisations have been battling the challenges of financial crime risks within correspondent banking for years, but in the last three to four that focus and complexity has increased as international regulators have rightly raised the level of oversight and enforcement. Collectively the fines have run into billions of dollars and have severely affected a number of international household banking names.

We would not be the first people to say FinTech and new payments technology are the new kids on-the-block with the ability to disrupt the status quo, improve financial inclusion and drive efficiency but there is also a need to learn the hard lessons of their forefathers in correspondent banking. Here are a few areas for consideration:

  1. Understand the financial crime threats your business faces – and we mean genuinely understand them! Are sanctions a concern because of the type of products you offer, or the markets you cover?  Or is money-laundering the primary concern because you’re operating in markets with limited transparency and weak legislation in the anti-money laundering arena? Understanding threats, and the risk they pose (the likelihood and impact of those threats materialising) is crucial to determining the next steps you take and should, in all truth, influence your overall strategy.

  2. Define and understand your risk appetite – once you’ve understood the threat landscape, define what and how much financial crime risk you can realistically manage and what will you do if it is exceeded. This will help shape and refine your strategy.

  3. Clearly understand your business strategy – use your knowledge of financial crime risks and overall risk appetite to set a cohesive strategy and monitor that it is working. You can’t blindly onboard or target new sectors, customers or markets without considering the impacts on your risk profile. Go into those decisions with your eyes open.

  4. Understand your network and its constituent parts – who are you doing business with, who provides you with services or facilitates your business, do you use exchanges, what financial crime controls are they applying and does your network pose any risk to you, your concept, product or reputation. Understand the core components of your internal (affiliated) and external network and the risks they pose.

  5. Identify and monitor the high risk parts of your network – once you understand your network and its components, identify those areas that are likely to present or incur financial crime risk and monitor them.

  6. Don’t just trust what people say – make sure your have due diligence and assurance processes in place to identify when things in your network start to go wrong and standards are not being adhered to.

  7. KYC, KYC, KYC – know your customer and understand what they should and actually are doing. Is it your customer or a customer’s customer? Do you know what KYC they have done? Effectively monitoring transactions, payments, transfers or associated deviations requires knowledge of the expected to recognise the abnormal. We don’t want to be too regulatory focused here but you really need to think carefully about what it is is you need to know about your customers.

  8. Understand what is normal and monitor for any deviation – do you expect to see a high volume of transfers or payments to high risk jurisdictions, locations or customer groups?  Has there been any increase or significant decrease in flow volume or value? You would be surprised at how rarely this is done effectively but can be one of the best indicators that something is going wrong.

Some of the points above seem obvious but the background for each is based on actual organisational failings evidenced in multiple publicly available documents such as the various Deferred Prosecution Agreements against international banks. There are hugely exciting opportunities to leverage developments in the FinTech and payments space to solve critical financial inclusion, transparency, efficiency and sustainability issues, but without learning from past experiences, and getting a grip on risk management early on, none of these opportunities for true disruption will be realised.

Photo by jarmoluk (Pixabay)

, ,

Ticking a box or managing financial crime?

, ,

Is solely complying with regulations really managing financial crime risk? FinTech and start-ups have the opportunity to carve a new path in risk management strategy

Over the years the term and structural title of Compliance has become associated with a perception of a tick box nature, obeying the rules or guidelines of regulation with little room for dynamism and flexibility.

Is that what the industry and regulators want? What does it conjure in your mind when you think of the word Compliance?  This is what the dictionary says:

The state or fact of according with or meeting rules or standards

It is not exactly inspirational and equally, in the rapidly evolving world of financial crime risk management it is not particularly accurate or effective. Do you want to meet rules or standards or do you want to manage risk? Do criminals operate within a framework of regulatory guidelines? No. They are far more agile in their ability to exploit vulnerabilities.

Adopting a tick box mentality can be hugely detrimental to the success of an organisation to manage and adapt to rapidly changing financial crime typologies. You need to be using innovation and working collaboratively across teams to hit the desired effect. Yes, the lines of defence model is there for a reason and you absolutely must comply with regulations as they apply to you but more importantly you must understand why you are applying them and how you may need to adapt the concepts and even go beyond in a dynamic way. As the situation dictates you may need to go beyond the regulatory guidelines in order to meet the risks head on. It is a dichotomy that large financial organisations have been battling for years.

Would it not be refreshing to hear more about the financial crime and regulatory professions empowering business strategy, on the front foot, going beyond the norms of regulation to add maximum value to the business they support.

We think part of the problem is in the title – Compliance.  Let’s talk about risk management strategy instead.

,

Guilt By Association; Reputational risk for FinTech and the changing dynamics of terrorist financing

,

Are FinTech firms and new payments providers doing enough to manage the financial crime and reputational risks associated with terrorist financing?

Lots has been written about the changing dynamic in terrorist funding in recent months after the revelations that a $28,500 loan may have been used by Syed Farooq and his wife in preparations for the San Bernadino attack, which took place on 02DEC15 and resulted in 14 killed and 22 seriously wounded. Pre-paid or value stored cards were reportedly used by the Paris attackers to fund preparations for their attack on 13NOV15 that resulted in 130 killed and 368 wounded.  Indeed in October 2015 weeks before the Paris attacks the Financial Action Task Force (FATF) released a paper ‘Emerging Terrorist Financing Risks’where they analysed some of the evolving typologies being reported by global contributors to the study.  Of particular interest under section B & C is the assessment of fundraising via social media and new payment products and services. The horrific incidents in Paris and San Bernadino are a sign of changing landscape but are not isolated in nature as the FATF report highlights. The abuse of product offerings by FInTech firms is likely to continue as terrorists and illicit actors continually seek new ways to transfer money globally to fund their activities.  Below, we examine the detail around the San Bernadino attack to highlight some of the areas FinTech firms need to be aware of when managing their financial crime risk, and the concomitant reputational risk appropriately.  We’ve sourced our findings from the likes of the FTAlphavilleWall Street Journal and LA Times.

To simplify the overall picture, Prosper Marketplace facilitated a loan to Syed Farooq via WebBank (the actual provider) and the packaged loan products were purchased by Citigroup for securitisation. We are not commenting here as to whether any of the organisations named in these articles did anything but complied with the applicable regulations, but even so the association is in itself likely to have an immediate or longer term reputational impact. The Google Trend analysis below clearly shows the spike of negative internet activity associated with WebBank and Prosper as a result of the San Bernadino shooting.

In fact the Wall Street Journal article suggests that Prosper Marketplace purchased the specific Farooq loan back from Citi not long after news broke of this issue, signifying the seriousness of the scenario and perceived reputational impact felt by both parties.  The FT Alphaville ‘ugly duckling’ blog post also paints a picture of WebBank as an organisation with a legacy of negative compliance findings but albeit a positive commercial outlook at the time of the San Bernadino attack.

Could or should more have been done in this specific scenario is a question we will not try and answer here and is best answered by the investigators close to the enquiry but it is a natural question that starts to pervade the commentary. One thing that is clear is that for those entrepreneurs, businesses, investors venturing into the exciting and rapidly evolving fintech, payments and online loan space it will always pay to take a long term view on how you manage these risks.  Is complying with regulation enough or when the chips are down can you or should you do more?

 

Photo credit: http://www.flickr.com/photos/21508313@N06/3210361238_not trying to be political via http://photopin.com

Free resources

Access free resources designed to help strengthen your anti-financial crime controls.

Partner with us

We love to support projects that combat financial crime -
get in touch to find out more.