The global, connected web of financial criminality is difficult to unpick.  However, investigations over the past few years have shed light on the few, yet critically important bad apples amongst the network of financial institutions that enable this web to go un-checked. While many of these simply may lack the adequate controls to tackle money laundering or terrorist financing, other financial institutions have taken a much more direct role in criminal activity. The use of financial intelligence and investigation techniques present an opportunity for the regulated sectors to disrupt criminality at scale and efficiently. As such we are excited to announce the appointment of Nick Herrod as head of our Financial Intelligence and Investigations practice, who will help us drive solutions for clients that continue to deliver impact.

During a recent event hosted by Thomson Reuters, OCCRP Executive Director Paul Radu was asked how the international community should tackle the global and seemingly untouchable scourge of financial crime. His response was telling — go after the financial institutions, big or small, that facilitate the criminal activity. This is an interesting strategy to take, and targeting the institutions facilitating criminal activity presents an opportunity to disrupt criminality on a wholesale basis. The team at FINTRAIL decided to examine this subject in more detail, yielding some interesting results. Through our research we have found that one of the most significant red flags when it comes to these types of institutions (and counterparty risk) is the influence of high risk individuals/PEPs within the ownership structure. To better understand this, two public case studies are detailed below—the Global Laundromat and the BGFIBank Democratic Republic of Congo (DRC)/Hezbollah connection. It is evident that the links between financial institutions and owners more susceptible to criminal motivations can affect the robustness of an institution’s compliance regime and undermine industry efforts to counter financial crime. Taking an intelligence-led approach and exploiting a range of data sources allows us to highlight additional red flags and begin targeting the key nodes and facilitators of this volume criminal activity.

The Global (Russian) Laundromat: This laundromat, exposed by the OCCRP[1] three years ago, funnelled more than $20.8 billion from Russia into Europe. OCCRP reports show that it involved approximately 500 people, from oligarchs to FSB-affiliated individuals.

Igor Putin, cousin to current Russian President Vladimir Putin was a manager and executive board member for the Russian Land Bank (RZB), an institution whose accounts reportedly processed more than $9.7 billion, or nearly half of the total funds involved in the laundromat case. Funds were sent from RZB to Moldindconbank in Moldova, where they were then sent to Trasta Komercbanka in Latvia and from there to the rest of Europe. The OCCRP adds that Igor Putin was brought into RZB initially by Alexander Grigoriev, who allegedly has ties to the FSB and whom the Guardian identified as one of the main ringleaders of the Laundromat. Grigoriev headed the RZB during the laundromat’s operation until the time of his arrest. Putin and Grigoriev were also connected through other companies where Putin was a board member and Grigoriev a shareholder. Putin left the RZB board in 2014 contending he left after becoming aware of ‘the real situation.’[2]

BGFIBank DRC and Hezbollah: According to a recent Sentry report[3], BGFIBank DRC, run by the brother and sister of the president of the DRC, Joseph Kabila, reportedly allowed transactions from companies connected to a known financial contributor to Hezbollah: Kasim Tajideen. Tajideen, and his brothers Ali and Husayn, were subject to US sanctions, as were entities under their control. Despite this, and despite warnings from BGFIBank DRC employees, the financial ties between the bank and the sanctioned parties reportedly remained intact. Subsidiaries of Ovlas Trading, owned by Kassim Tajideen, would make transfers through BGFIBank DRC to subsidiaries of Congo Futur, managed by Kassim’s non-sanctioned brother, Ahmed Tajideen. Both Ovlas Trading and Congo Futur are under US sanctions, though Ahmed is not. Despite employee awareness of the risks involved, transactions from the sanctioned entities were allowed to continue, and BGFIBank DRC even went as far as to request the US Treasury unblock a transaction involving one of Tajideen’s companies and another bank. BGFIBank DRC had previously been alleged of diverting millions of dollars in public funds, further calling in to question the AML/CTF regime of BGFIBank DRC and the role the bank’s leadership played in the activity.

These two sample cases demonstrate how financial institution ownership from individuals more susceptible to criminal motivations can encourage complicity or active participation in criminal networks facilitating financial crime. In both, banks with ties to PEPs and high-risk individuals allowed significant cash flows to be laundered and used for criminal purposes. Though only two cases are discussed here, the findings still show how the use of financial crime intelligence and investigations can be utilised to go beyond the basic information generated by many static compliance controls, help better the understanding of evolving typologies and surface new opportunities to counter the capricious threat of financial crime.

At FINTRAIL we have seen an unprecedented level of interest in the financial intelligence and investigation capabilities we offer to our financial service clients, from start-ups to established firms. As such, Nick’s arrival to lead FINTRAIL’s Financial Intelligence and Investigations practice could not be more timely. Nick brings an exceptional pedigree to the experienced team at FINTRAIL after completing a range of public and private sector roles, culminating in his position as the Head of Global Intelligence Team within HSBC’s Financial Intelligence Unit where he was responsible for overseeing a significant portfolio of investigations that focused predominately on large, multi-jurisdictional networks facilitating illicit financial activity. Nick will continue to build on FINTRAIL’s strategy in this area, understanding the needs of our clients of all sizes and ensuring that we are delivering a suite of capabilities and solutions to help our clients mitigate the negative impacts of financial crime.

[1] https://www.occrp.org/en/laundromat/the-russian-laundromat-exposed/

[2] https://www.occrp.org/en/laundromat/the-russian-banks-and-putins-cousin/

[3] https://cdn.thesentry.org/wp-content/uploads/2016/09/TerroristsTreasury_TheSentry_October2017_final.pdf

Human trafficking has sadly become a widespread and global issue; from the woman forced into prostitution and kept locked up in a house, to the man working on a construction site, stripped of his documents and any salary taken from him. Every 30 seconds, the criminal industry of human trafficking makes more than $30,000; bringing in approximately $32 billion a year.

In the world of financial crime, human trafficking is a predicate offence (the criminal activity and the proceeds money laundering), the revenues of which may touch financial services as the profits are laundered. Financial services may also be used to facilitate these offences, providing the ability to pay subsistence for accommodation, book flights for a trafficked person and other activities traffickers rely on. As the awareness of human trafficking increases and pressure is applied to the criminals that make huge sums from the exploitation of others, the criminals may be forced to look at alternative financial arrangements or exploit new technologies to their advantage.

There are numerous behavioural patterns characterising the organised crime groups involved. Having analysed the most often occurring subtleties, it is evident that tools such as the Internet and other communication devices are utilised expansively. The most intimidating organised crime groups are mainly those capable of governing the entire course of trafficking, from the recruitment of victims to the reinvestment of the criminal proceeds.

Through our industry engagement, FINTRAIL has seen an increase in FinTechs’ awareness of the fight against human trafficking and subsequently, human trafficking was the subject of the October 2017 FinTech Financial Crime Exchange (FFE). Members presented case studies and industry experts provided insights on the changing nature of the threat and industry initiatives to tackle the problem. Many of the FFE members were able to give examples of cases where they had detected indicators of financial crime involving human trafficking or exploitation, demonstrating this is not only an issue that impacts large financial institutions but may also directly impact the FinTech industry. In fact, some of the features common to modern FinTech such as non-face-to-face onboarding and ease of account management/overview may make it potentially attractive to those involved in trafficking and exploitation. As a result, FinTechs are conducting enhanced Know Your Customer (KYC) checks and are scrutinizing onboarding documentation in an attempt to combat human trafficking.

The FFE session identified specific typologies that may be relevant in a FinTech environment and what mitigations and actions industry may be able to apply. Some basic example indicators or red flags are detailed below:

- Customers taking selfies or completing onboarding checks, appear to be under control of someone else. This may appear as someone in close proximity as the images are being taken or controlling what is done or said.

- A customer may not be in possession of their own legal documents and may add unreasonable delay while they get them from someone else.

- Recurring payments being made from one account to multiple accounts for wages at unreasonably low amounts.

- Multiple point-of-sale transactions at car rental agencies, airline ticket purchases and train ticket purchases with no subsequent spend in that destination.

- High expenditure payments at fast food outlets, supermarket outlets, clothing stores, drug stores etc.

The FFE and its members will continue to focus on human trafficking and its negative impact on society and implications for financial services. In addition, FINTRAIL will track the evolution of financial crime typologies associated with human trafficking in order to identify any shift by those criminals to target financial services as a tool to further their illicit and damaging behaviours.

If you would like to discuss human trafficking further, learn more about the FFE and how FINTRAIL can help your organisation identify and combat human trafficking get in touch.

On 17 October 2017 Thomson Reuters held the first in a series of events on Financial Crime. This event explored the recent investigations conducted by the team at the Organised Crime & Corruption Reporting Project (OCCRP) into the global laundromats. The brave and fascinating work by the team at OCCRP exposed the complex and globally connected money laundering networks that via a web of hundreds of companies and associated financial institutions have laundered over $20 billion.

Although the laundromats are money laundering on a huge and global scale, and it may seem like a problem only big financial institutions may have to deal with, OCCRP Executive Director Paul Radu stated that every laundromat case he’s worked on has involved myriad UK companies. This means the issue is right here on our UK doorstep.

Although money laundering through complex laundromats can seem like a victimless crime, they are in fact part of networks taking huge sums via corruption of national pensions, financing groups involved in serious organised crime like human trafficking, funding terrorist organisations, and destroying lives.

So what does this mean for the FinTech community? There is real excitement about the commercial opportunities for challengers in the business and commercial customer segments and this is very much true, but this segment also brings with it a very different set of financial crime risks that really need to be understood and factored in to an effective and proportionate financial crime risk management framework. When you consider the factors that may impact on financial crime risk, the customer type (i.e. complex corporate ownerships), geographies (i.e dealing with suppliers/customers across a range of geographies), product type (i.e. high value transactions or products) and channel (i.e. often in a FinTech this is non face-to-face), can all have a material impact on the potential risks a FinTech targeting this segment may face.

So what can FinTechs targeting these new and exciting customer segments do to assist in the fight against these laundromats, comply with applicable regulations and do their bit to reduce money laundering? We have provided a few helpful hints below:

- Ensure you have a financial crime risk assessment that accurately reflects your unique circumstances. All companies and products will have their own unique factors to be considered and may impact on your risk profile. In many cases, it is not only a regulatory requirement to have a risk assessment but it is also a hugely powerful tool to help you define and navigate your compliance and risk frameworks.

- Understand your customers. Just because you are targeting customers who may be registered in the UK or other equally regulated markets, it does not mean they may not get involved in illicit activity. This goes beyond basic identification of your customers to ensure you understand the nature of your customer’s business and how they intend to use your product/s. Without that knowledge, it becomes very difficult to monitor effectively and can/will cause negative customer experience in the long-term.

- Understand the typologies and red flags that you and your team should be looking for. By staying current on evolving typologies allows you to keep pace or even out-pace the criminals and reduces the long term negative impacts criminals may have on your business.

Paul Radu said at the event "it takes a network to fight a network" and although he was referring to an international network of the likes of law enforcement and financial institutions working together to tackle it, the growth of alternative financial services further diversifies the pool. The FinTech FinCrime Exchange (FFE) is one such network, where FinTechs come together to effectively collaborate and combat financial crime such as money laundering.

If you would like to discuss money laundering, or any of the topics raised in this post please don’t hesitate to contact the team at FINTRAIL.

For the last nine months FINTRAIL has been working with the awesome team at the Antwerp World Diamond Centre (AWDC) who represent 1700 Antwerp based diamond traders, to address some of the challenges their members and industry as a whole are having with access to viable bank accounts. The issues they've been having are due to the perceived high financial crime risk within the diamond industry and the associated bank de-risking phenomenon.

The short video below highlights one of the exciting developments coming from our work with AWDC and is a great example of where Financial Technology (FinTech) and Regulatory Technology (RegTech) can combine to offer solutions to some really complex challenges for traditional and non-traditional financial services. Our focus has been on how we can re-affirm trust across all stakeholders and ensure there is a sustainable and commercially viable solution for all parties.

FINTRAIL is very excited to announce the release of a new white paper by the FinTech Financial Crime Exchange (FFE), a FinTech industry forum we co-founded in January with the Centre for Financial Crime and Security Studies (CFCS) at RUSI, a London-based defence and security think tank.

All too often, discussions about FinTech and money laundering risk are greatly oversimplified. Much of the discussion starts from a blanket assumption that new technologies will inevitably make life easier for money launderers, and that FinTech companies are therefore uniformly “high risk.”

One downside to this perception is that FinTechs have been subject to “derisking” – or losing access to vital banking services because the risks associated with FinTechs are perceived as very high.

As this new white paper shows, labelling the entire FinTech sector as “high risk” for money laundering purposes is unhelpful and oversimplifies the true picture.

After all, the FinTech sector is an incredibly diverse one. It features prepaid cards, peer-to-peer lenders, service aggregators, payment service providers, and a host of other products and services with very different features. The way money laundering risks appear from one FinTech to another is as diverse as the sector itself – and the picture is not always one of just “high risks.”

There’s certainly little reason to think that all FinTechs are necessarily higher risk than banks or other types of financial institutions when it comes to money laundering.

For example, while some FinTech products can be used for “money mule” or “smurfing” activity, they’re usually not very useful for high-end money laundering, or the laundering of the proceeds of crimes like major tax evasion or international corruption that feature in scandals such as the Panama Papers or the recent Laundromat cases.

It’s important that this nuance is understood, so that FinTechs aren’t all stigmatised as “high risk” where it isn’t warranted.

As the paper points out, because FinTechs often only see a limited piece of a much larger financial puzzle, establishing an intelligence picture of money laundering activity across the sector can be a huge challenge. Coming to a true understanding of the nature of risks across the sector requires further detailed study - and the FFE intends to do just that through its future meetings and research.

In addition to describing this overarching picture, the paper also provides recommendations for various stakeholders.

·      FinTechs should work to clarify the true picture of money laundering risk they face, and demonstrate that they are building resiliency against those risks.

·      Countries’ financial intelligence units and law enforcement agencies should share information with FinTechs on criminal typologies.

·      Regulators should provide detailed guidance that is relevant to sub-sectors of the FinTech community.

·      International organisations like the Financial Action Task Force can help build an understanding of the picture globally. 

To find out more about the FFE, contact rebecca.marriott@fintrail.co.uk 

It seems that everyone is talking about Artificial Intelligence (AI) at the moment: whether it’s Elon Musk and Mark Zuckerberg disagreeing publicly on the doomsday type scenarios that AI might bring [1], or banks predicting AI to be the primary way in which they interact with customers in the future [2], there’s wide-ranging interest in what AI can do for society as a whole, companies and individuals. But, to be clear, and before going further, what exactly is the difference between Machine Learning and AI, or is there indeed a difference?  The clearest explanation we’ve seen goes something like this:

·      Artificial Intelligence – this is the high level concept that machines can do something in a way that we, as humans, would consider “smart”

·      Machine Learning - is a current application of AI based around the idea that we should really just be able to give machines access to data and let them learn for themselves [3]. (Thanks Forbes!)

Similarly, in the financial crime space, numerous articles exist about how AI and Machine Learning can help to combat illegal activity in banking and beyond [4].

At FINTRAIL, we believe that AI and Machine Learning have huge potential to deliver great results in the financial crime space.  Whether it’s AI helping investigators to detect previously unknown connections between entities and typologies, or Machine Learning helping refine transaction-monitoring rules by different customer sets and behaviour, the benefits for companies and their customers are huge. Imagine for a moment that your bank could tell whether purchases made at a high-end online retailer at midnight just after you received a bonus cheque were genuine or fraudulent, based on your previous behaviour in a similar scenario.  Great, right?  No annoying text messages, or blocked transactions if it were genuine, and peace of mind that that kind of transaction would be blocked if it were fraudulent, and you didn’t actually have a compulsive online shopping habit (ahem).

But, as with anything new and relatively untested, there are pitfalls.  One of the key ones is making sure that any Machine Learning models start off with relevant data, such that they can begin the learning process appropriately, and you don’t program in algorithmic bias.  Typically – and let’s take the case of a Machine Learning engine for transaction monitoring -  this is relatively easy to build: you have a known scenario, which is fed into the engine for it to learn and refine over time as the transactional data is processed and fed into it.  However, this can be tricky in financial crime situations, as ideally you don’t want any money laundering or bribery (for example) to go through your system before you work out what the scenario or relevant data for the Machine Learning engine is. 

So, how do we address this?  Well, something we are passionate about at FINTRAIL is making sure that firms have a thorough risk assessment; truly understanding your business model and the ways in which criminals might seek to exploit it will help to build the best scenarios for any future financial crime Machine Learning engine. These can then be used to create the baseline relevant data that goes into the Machine Learning engine, such that it can start to learn behaviours. Examples here might include understanding your typical customer profile, such that you can build a Machine Learning model to automatically categorise them by risk profile, or Machine Learning models that take into account transactional behaviour and a range identifying particulars to reduce sanction re-screening hits.

Another tactic we’ve seen is to combine more traditional models with Machine Learning.  Again, in the transaction monitoring space, combining a rules-based approach with Machine Learning is a great way of teaching the engine to learn, and giving good baseline scenarios that it can work from.

So, all in all, we’re on Mark Zuckerberg’s side of this particular argument – we think AI has great potential, but that it, and Machine Learning in particular, needs strong data to support it, and as with humans, the right conditions to succeed.

[1] http://fortune.com/2017/07/26/mark-zuckerberg-argues-against-elon-musks-view-of-artificial-intelligence-again/

[2] http://uk.reuters.com/article/us-banks-ai-accenture-idUKKBN16Z1AH

[3] https://www.forbes.com/sites/bernardmarr/2016/12/06/what-is-the-difference-between-artificial-intelligence-and-machine-learning/#6ac626162742

[4] https://www.finextra.com/blogposting/14225/artificial-intelligence-the-next-step-in-financial-crime-compliance-evolution

Image Courtesy: Saad Faruque, Flickr (Creative Commons)

FINTRAIL has recently launched its Financial Crime Intelligence and Investigations practice, something we’re really excited and passionate about.  We believe that intelligence and investigation form critical and complementary parts of any robust financial crime risk management program. Before we explain why that is, we’ll kick off with a couple of definitions:

Intelligence: This is information about an event that you receive in advance of it happening.  Examples from history include the intelligence gathering (on both sides) about troop movements in the Second World War.  Examples in financial crime include receiving information from an issuing bank about an account that is purportedly connected to fraudulent transactions in another account.

Investigation: This is the process that takes place after an event occurs, and usually tries to figure out what went wrong or what is going on once a credible threat has been identified.  So, following a terrorist attack, for instance, the police will launch an investigation to try to understand as much about the attacker’s background as possible, and exactly what happened to support any formal judicial or enquiry process.

Although we’ve separated out the two concepts theoretically, they are intrinsically linked with each feeding the other.  To use another example, a firm might look at new typologies that criminals are developing to commit fraud, and proactively add new rulesets to transaction monitoring to detect similar behaviour before the fraud takes place. This process will flag a number of customers, some of whose accounts will need to be closed or who may be vulnerable.  It might also flag other accounts with suspicious behaviour, but which appear to display a different typology.  These accounts can be individually investigated, but if there are enough of theme, there may be sufficient information to identify a new typology (intelligence), and therefore a new set of rules stemming from the new activity observed - it’s a cyclical process!

So, what is FINTRAIL doing in this space?  Well, we’re bringing together the leading technology and new data, along with our expertise (if you look at our Team page, you’ll see we’ve all been doing this kind of work for years!) to provide intelligence and investigations expertise as an outsourced service. In start-ups, this can help keep small financial crime teams lean while still having access to the best capabilities in this area and removing the more complex work around intelligence and investigations from the fast-paced environment of a start-up. And for more established firms, this provides access to the latest technology, and can help with resourcing challenges on a long or short-term basis. We hone in on customer protection and solid recommendations for system, rule or other structural improvements on the basis of our findings; and this is why intelligence and investigations are such a crucial part of any financial crime risk management framework, as it actively helps to inform and improve existing systems and processes, keeping them up-to-date, proactive and targeted at the most serious threats.

The team at FINTRAIL is really excited to have worked with UK FinTech Financial Crime Exchange (FFE) members to produce this White Paper. An extract and the full paper are below.

Financial technology companies (fintechs) leverage online and mobile applications to offer new financial services with efficient and cost-effective customer experience. However, the non-face-to-face (non-f2f) nature of fintech businesses poses risks that fraudsters or other criminals may seek to exploit these remote platforms and related products.

Robust customer due diligence (CDD) is one element of an overall risk management architecture that can mitigate these threats. Fintechs are uniquely suited to harness and develop innovative CDD approaches, owing to their dynamic business models and comfort in using technological solutions. This white paper describes examples of best practice in CDD among members of the FinTech Financial Crime Exchange (FFE), offering practical insight for fintech companies and other stakeholders – such as banks and regulators – seeking to better understand the industry. It provides examples of how fintechs are utilising innovative CDD approaches to manage risks while also enabling a high-quality customer experience. For example:

• Fintechs are leveraging numerous data points and employing innovative analytical approaches to enable a dynamic and holistic view of customer risk.

• This includes the use of facial recognition techniques, interactive user interfaces, innovative document scanning and analysis, Internet Protocol (IP) geolocation, predictive analytics and machine learning.

• These solutions can enable fintechs to employ a genuinely risk-based approach to CDD as their customer base and service offerings evolve. 

This paper also assesses areas where fintechs can benefit from further development and exploration. For example:

• Fintechs should carefully consider the appropriate balance of in-house and third party solutions for their business model.

• Fintechs must be prepared to conduct thorough and formal assurance testing of both in-house and third-party solutions and outsourced services.

• As they scale, it is important that fintechs have in place adequate governance arrangements to manage risks that come with changes to their CDD systems and controls.

FinTech is a term that has entered the collective public consciousness in recent years. There is an increasing awareness of the disruption and exciting opportunities FinTech is bringing to financial services and consumers alike. This article looks at the benefits of FinTech, some of the challenges, and examines how the world of financial crime compliance and FinTech complement each other.

Originally published in the March-May 2017 ACAMS Today magazine, a publication of ACAMS © 2017.

The open and engaging way in which FinTechs attract customers and their razor sharp focus on customer experience presents an exciting opportunity to build-in and enhance the concept of deterrence as an effective and efficient part of their financial crime risk management.

The act of deterrence has become a common sight on the streets of many european capital cities, where armed police now patrol in response to the terrorist threat. Their very presence is designed to inhibit the confidence of a terrorist to physically act or target the venue where they are present. The presence of the police officer is both a physical control but also creates a perception of security. This is similar to airport screening, where the signs on approach to the screening points are designed to increase the perceived pressure on those seeking to breach the screening process, before they even get to X-ray machine. How many of you now spend the time in the airport queue tapping your pockets checking that you have no metal present as you don't want to be delayed for a few minutes? Imagine the feeling of stress that an individual would be feeling if they actually were trying to by-pass the screening process. Not only does this deter some uncommitted actors, it also presents additional opportunities to detect the activity.

In financial crime risk management terms deterrence is often discussed in the context of controls, where they physically stop illicit actors gaining access to an account, and this is a critical component; however, a credible and efficient deterrence process can and should be applied well before your customers start to interact with a physical control. If you think about it in purely operational and monetary terms, reducing the attempts of illicit actors that come into contact with your physical controls by 10%, say, results in potentially 10% fewer KYC matches or anomalies that need to be reviewed at cost, a percentage fewer transaction monitoring alerts that need to be investigated, and a reduction in the chances of a potential regulatory breach.

If we refer back to our analogy of the armed police officer standing outside a museum - do you need to physically interact with the officer to know he means business? Generally the answer would be no - you get a perception that he is there to do a job. This same theory can be applied to the perception you build of your company's financial crime controls and your corporate position when it comes to managing and dealing with financial crime.

Criminals are equally vulnerable to human emotions and will avoid firms where they feel the risk reward is not balanced in their favour. In some cases, they won't even try and test or breach your actual controls - turning their attention on those services they feel are more vulnerable. As with the analogy of the armed police officer, perceived deterrence is not enough and must be backed up by sound protection, detection and disruption activities/controls but perceived deterrence can be a hugely powerful and have tangible benefits.

Application of this key concept does not mean that you need to have big scary signs (digital or physical) that turn-off your customers and impact customer experience, in fact quite the opposite. Intelligent and credible deterrence can be integrated seamlessly into the open and engaging way new financial services are interacting with their actual or prospective customers while also reinforcing the point that FinTech businesses take the protection of the their customers and corporate responsibility seriously. For example, engaging your customer and user base through considered content is not only an open and transparent way to communicate exciting progress but it also presents the opportunity to get a strong deterrence message into the public domain. That messaging is then front and centre when the illicit actors are researching and scoping opportunities. 

It goes without saying that you do not want to compromise the effectiveness of your actual controls by disclosing sensitive features such as specific KYC conditions or transaction monitoring methodology but this should not inhibit the use of the deterrence concept as part of an effective layered financial crime framework, where its use can maximise efficiency, improve operational performance and also positively reinforce your customer engagement and protection objectives.

The team at FINTRAIL work with FinTech and regulated businesses to implement intelligent and risk-focused financial crime controls. Please contact the team at FINTRAIL for further information.

Why Adopting a Threat-Focused and Intelligent Approach to Financial Crime Will Help Drive Fintech Success.

The 21st century has been characterized by an interconnectedness that impacts every aspect of business and society. This level of connection itself is not new, especially in business, where there have always been long, connected chains of actors, actions, and goods. Two key forces have increased this global interconnectedness in recent years: the globalization of business and society in all forms – including friendships, cultural influence, criminality, and terrorism – and the rapid development of information and communication technology.

A new set of assumptions is emerging about operating in this technology-enabled, interconnected financial services environment. Actions and relationships are expected to be fast (if not instantaneous), and they should be rendered both transparent and permanent by the information and communications technology that enable them. Moreover, regulators’ expectations of what one needs to know about the connections within any given financial system have also increased.

In 2016, a large-scale leak of client data from Panamanian law firm Mossack Fonseca revealed details of offshore companies and transactions, some of which were alleged by investigative journalists to involve criminality in various forms. The response from global government bodies was to request information from financial institutions almost indiscriminately – even the governments themselves did not know which actors and activities were illicit or licit. Financial institutions faced a choice: investigate every actor and transaction with a potential link to Mossack Fonseca, or explain to government institutions what they knew about their exposure to Mossack Fonseca and their understanding of the financial crime risk associated with that exposure.

Though the latter choice was manifestly less labor intensive, it required companies to know, in detail, who their clients were at any given point in time. This was the only way they could state with confidence whether their business with various clients fell within or exceeded the company’s desired level of risk. In other words, companies needed to know who their clients were, what they were doing, and what they were expected to be doing – they needed good intelligence.

Academic debate on the definition of intelligence continues to rage, but for the purposes of this article, we regard it as the ongoing process of gathering requirements (a need for information, a need for a service), collecting information pertinent to those requirements (market data, customer profiles), and analyzing and assessing that information to draw out conclusions. This, in turn, drives the next set of actions (product development) or requirements (more research). Intelligence in practice is a constant iterative cycle of activity that matures as a company learns and gathers more information.

The concept of applying an intelligence process is not new for fintech or financial services companies on the product side of business. An examination of how successful firms build and iterate their products is enough to illustrate that the ability to generate good intelligence already exists within the core DNA of how fintech companies operate. The methods they apply to product development are a great example. Fintech companies identify a market opportunity or process that is prime for disruption before collecting supporting data, planning a method or solution, producing a product, issuing it to customers, and then learning from their feedback. They are continuously iterating at pace. In fact, many good fintech CEOs state that they value the feedback loop with users most, as this feedback allows them to identify areas for improvement and focus on the things customers really want and are willing to pay for.

Donald Gillies, CEO of PassFort, a rapidly growing technology firm that provides anti-money laundering (AML) and know your customer (KYC) solutions for regulated business, elaborated on this: “For companies that are truly innovating, there is no more valuable commodity than engagement and feedback from customers. It’s more valuable than revenue. More valuable than funding. It’s feedback and, more specifically, the learning that results from it that allows you to deliver excellence. Minimizing the time between feedback being given by a customer, that feedback being understood and evaluated by the product team, and evolving [that feedback] into tangible product outcomes enhances process credibility. Enhanced process credibility increases customers’ willingness to devote time and resources to contribute more feedback. In such a set up, more feedback leads to better product outcomes.”

Gillies goes on to state that “excellence itself is where such efficiency and desirable outcomes are achieved repeatedly. This ability to repeatedly deliver excellent outcomes is what enables businesses to scale quickly and efficiently – no matter what line of business they operate in.”

It is this innate mindset and thirst for knowledge and feedback that positions fintech firms to have an exciting opportunity to build the same intelligence-led concepts and associated excellence into the financial crime controls they develop. There is huge potential commercial benefit as these companies build proportionate, progressive controls that foster trust across customers, partners, and regulators while also addressing the complexity of interconnected, diversified, and evolving global financial crime risks.

In February 2002, then US Secretary of State for Defense, Donald Rumsfeld, stated the now globally recognized words: “There are known knowns. There are things we know that we know. There are known unknowns. That is to say, there are things that we now know we don’t know.” This phrase has become synonymous with the often explored and debated issues around intelligence and analysis, but its sentiment also rings very true in the battle against financial crime. The application of a very static, compliance-only financial crime risk-management methodology will always enable a company to identify and deal with the known knowns. However, in most cases it is not the known knowns that cause debilitating consequences. These come more often from the left field of known unknowns. However, our work with fintech firms has brought an interesting trend to our attention: an increasing appetite for and ability to look for known unknowns.

This development is probably being driven by the personality type of those working in fast-paced fintech firms in combination with increases in access to data and technical knowledge. This new trend is exciting and has the potential not only to effect positive change in how the financial services industry addresses financial crime, but also to delineate additional areas of competitive advantage for fintech. Developing intelligent processes and working to fill the void of information created by known unknowns will drive excellence across all fronts: it will enable competitors to disrupt existing structures, processes, and services; it will allow them to see opportunity in risk and manage it proactively and intelligently; and, crucially for startups in the financial services space, it will allow them to drive customer trust through their effective and frictionless financial crime risk management practices. In the context of globalization and interconnectedness, intelligence and excellence are a powerful combination. This combination can rebalance the complex equation behind the efficient management of financial crime without hindering the exciting commercial and social potential of disruptive financial services. Fintech can lead that charge, as they already have the inbuilt personality traits, data, and technical capabilities to think intelligently about financial crime controls. And, in this sense, intelligence leads to excellence.

The team at FINTRAIL work with FinTech and regulated businesses to implement intelligent and risk-focused financial crime controls. Please contact the team at FINTRAIL for further information.

To read this article on the fantastic MISC website please visit - https://miscmagazine.com/intelligence-delivers-excellence/

Image Credit: The Digital Way

At FINTRAIL, we were really excited to present at the recent ACAMS seminar, KYC/CDD for the 21st Century. It was an excellent day, with some great presentations and speakers.

The theme for the day focused on applying a risk based approach to KYC and CDD and examined developing trends in the industry, with an audience drawn from across the financial services spectrum. FINTRAIL provided the audience with a simple methodology for conducting risk based due diligence on a FinTech business, examining some of the challenges, but also the opportunities the sector and approach may bring.

Delegates worked through a case study, which showed that although there are risks, the entrepreneurial spirit that defines FinTech can often be appropriately harnessed to improve financial crime controls such as onboarding and KYC. In turn this can result in more efficient and effective processes - reducing the perceived risks a FinTech may pose to issuing banks and Partners.

There is no denying that accessing banking facilities remains a significant challenge for payments providers and FinTech, driven by the continuing fall-out associated with de-risking/risk-off appetite and a general perception that the FinTech sector is of higher risk from financial crime. This session highlighted that a risk based approach to both the onboarding and ongoing due diligence of a FinTech business presents an opportunity to build a strong relationship between the provider and client, where the perceived or actual risks are understood, appropriately managed and the parties are then empowered to collectively capitalise on exciting commercial opportunities the sector is creating.

Our thanks again to ACAMS and Samantha Sheen for organising such a great event.

Please feel free to contact the team at FINTRAIL if you would like further information.

We are living in an increasingly connected and digital world and one where the delivery and consumption of financial services is moving online. This is driving a hugely positive and rapid evolution in financial services, offering customers more choice and a generally more convenient and focused experience. However this positive evolution has potential to be undermined by a break down in trust for companies, their partners, customers and regulators driven by failures to protect against cyber enabled crime. This is even more important in fledgling financial service businesses such as FinTech where hard won customers can be quickly lost via a breakdown in trust.

There is a complex dictionary that accompanies cyber security, complimented by huge numbers of confusing and expensive systems hitting the market that claim to combat the risk of cyber enabled crime. For those who do not have the depth of experience in cyber and data security it can be daunting to get your head around, never mind simplistically understand what you should be doing to better protect your customers and business. We are often asked by our clients and contacts to help them simplify the discussion around cyber and data security - so that is what we are going to do over the next few months. FINTRAIL are going to strip it back to the fundamental basics, in a language that everyone can understand and provide some useful pointers that should help readers think logically about the risks they face. Where we do use a technical term, you will find it hyper-linked to its definition.

Understand the scale of the problem

The aims of the cyber criminal will determine a business’s attractiveness as a potential target. As a general rule any business could be a target of ransomware style attack as this tends to be a volume approach - infect everyone and see who pays up. However, the nature and construct of a particular business model or system will have characteristics that make it potentially more or less attractive to cyber criminals. For example, do you provide customer accounts or facilitate value transfer? Do you collect and store lots of data on customers? Do you integrate with or have partners accessing your network/system? Answering yes to any of these may, at face value, make you more attractive to cyber criminals as the dividend or reward for them is higher than that of an individual.

In this edition we are going to focus on the logical and most simplistic place to start and forms our basic step number 1 - understand the risks and scale of the problem.

We have been watching with interest over the last few years as the boundaries between physical and digital crime have become increasingly blurred. If you read the news in any given week there are usually a number of cyber related stories hitting the headlines, whether it be well-sourced and detailed allegations of state-sponsored interference with National elections, cyber fraud targeting retail banking customers or institutional banking systems targeted. It can make for daunting and at times confusing reading but it is really important to set this issue within the context of your business. 

The 2016 UK National Crime Agency (NCA) Cyber Crime Assessment made a number of interesting observations:

• The accelerating pace of technology and criminal cyber capability development currently outpaces the collective response to cyber crime. This ‘cyber arms race’ is likely to be an enduring challenge, and an effective response requires collaborative action from government, law enforcement, industry regulators and, critically, business leaders.

• The NCA assesses that the most advanced and serious cyber crime threat is the direct or indirect result of activity by a few hundred international cyber criminals, typically operating in organised groups, who target businesses to commit highly profitable malware- facilitated fraud.

• Although the most serious threat comes, directly or indirectly, from international crime groups, the majority of cyber criminals have relatively low technical capability. Their attacks are increasingly enabled by the growing online criminal marketplace, which provides easy access to sophisticated and bespoke tools and expertise, allowing these less skilled cyber criminals to exploit a wide range of vulnerabilities. 

•  A ‘compliance approach’ that aims to meet minimum standards does not adequately deal with intelligent and evolving adversaries, as threats are evolving faster than most defensive technologies and security practices. 

As the NCA assessment above highlights, cyber criminals will often need to expend effort and resources to target a business effectively. Much of this is now achieved via relatively old vulnerability 'exploits' that are cheap and easy to come by and can be deployed at scale by the criminals. The newer exploits are becoming cost prohibitive for anything but the most sophisticated and well-funded cyber criminals.

Criminals have made a large pivot recently from using technical system exploits that require minimal user interaction to an old approach that focuses on applying social engineering tactics (Any act that influences a person to take an action that may or may not be in their best interest) to convince victims to click or run infected documents. These techniques date back to the mid-90’s but are really easy to scale.

The growth in the online criminal marketplace has now enabled cyber criminals to focus on niche areas of expertise, buying in the skills or access they need. The marketplace also helps them to scale up quickly – with tools such as exploit packs designed to automatically find the best possible web exploit for a target, packaging tools much like commercial SaaS solutions. They even use the terms ‘conversion rates’ when advertising the solutions to the criminal customers!

By taking some time to understand what is happening in the industry and how it applies to your business model, you will be able to contextualise developments and understand their significance. In our next post we are going to focus on the need to complete a risk assessment to structure and formalise some of the thinking about data and cyber security. Turning it into a user friendly and simple format that can help you make decisions and build a responsive and proportionate plan to mitigate the risks.

FINTRAIL’s cyber experts offer practical advice and commercially focused guidance to businesses looking to address the risk of cyber-crime. If you would like to discuss your cyber or data protection needs further, get in touch with the team at FINTRAIL. www.fintrail.co.uk