MENA, USA, MEA, Europe, APAC
Maya Braine
Case Study: Digitisation Support
Case Study: Digitisation Support
Europe, USA, MENA, MEA, FFE, APAC
Guest User
FinTech Approaches to Sanction Regimes
FinTech Approaches to Sanction Regimes
APAC, Europe, USA, MEA
James Nurse
How to use Compliance as an enabler in Digital ...
How to use Compliance as an enabler in Digital Transformation
MEA
Guest User
Islamic FinTech and Financial Crime: A ...
Islamic FinTech and Financial Crime: A different risk profile?
Europe, USA, APAC, MEA
Guest User
How Social Media is used to Further Financial ...
How Social Media is used to Further Financial Crime - Part 1
, , , ,

Relationship Management During Covid-19

, , , ,

We don’t really do the whole cold-calling thing at FINTRAIL. We are all pretty personable and we love to get out and chat to industry peers, whether over a coffee or a cheeky glass of wine. This is our best and most powerful way of building strong relationships with the community. So when Covid-19 emerged and we were all put on lockdown, naturally this put a spanner in the works for us at FINTRAIL. Remaining open minded and not being afraid of taking on the difficult challenges, we knew we still had to reach out to our network.

However, after week three of lockdown, as it dawned on everyone that we were in this for the long haul, the community remained strong. We found the majority of people were more than happy to have a 10 minute phone call/video chat. I can only put this down to a severe and sudden withdrawal of human interaction and a realisation that this was a long term predicament.

Below is a light-hearted summary of the reality of the effects of the lockdown:

  • No one has worn proper clothes for a while; changing out of yoga pants and hoodies to put on “real” clothes seems absurd now. Which ties in with point number 2..

  • There is a general worry that no one will fit into their “real” clothes again as the daily step count has gone from 10,000 down to 100.

  • Most people are binge watching Tiger King, except me who is binge watching Billions (in both cases, we’re classifying these shows as work-related “research”).

  • A home workout was attempted 3 weeks ago, but you forget how loud the music is in a gym class; it blocks out certain noises. I could very clearly hear myself gasping for breath which was enough to put me off trying that again.

  • I have found common ground with others, who like me, walk over to their fridge, open it, stare inside and sit back down again. We have a secret hope that a magical bar of chocolate (that we didn’t put in there) will appear. Leading onto number 5..

  • As that magical chocolate bar didn’t appear, some resorted to eating their Easter eggs a week before Easter.

We are all experiencing the same thing in varying degrees; whether that be trying to homeschool two kids while working from home, having your dog barking in the background just as it’s your turn to speak on a conference call or needing a banner that pops up at the start of every VC call saying “this is not my house, don’t judge me on my parents’ decor”.

If you fancy a break and a random chat, feel free to contact us at FINTRAIL; after all we are all human. There’s a time for business and a time to be human (who knows, we might even manage to have a productive conversation and do both)!

, ,

How Social Media is used to Further Financial Crime - Part 2

, ,

Similarly to most 18-year-olds, “Carlos” is glued to his phone, constantly refreshing his social media feeds and scrolling through friends’ pictures. In contrast with many other teenagers though, Carlos’ uploaded photographs illustrate a level of opulence and a life of excess. Carlos and his friends are pictured holding wads of cash, draped in designer clothes, Rolex watches on their wrists, and driving around London in a Mercedes. This seems quite implausible for an individual who left school after GCSEs and is now a junior employee at a central London restaurant (1).

 

Is the use of social media helping to fuel this problem? The HM Inspectorate of Probation’s report, ‘The Work of Youth Offending Teams to Protect the Public’, have described social media platforms as the “catalyst for some of the most serious and violent crime offences” (2). This is of no surprise as there has been a generational shift, with youngsters now living in a progressive online world which some adults just cannot get to grips with.

 

In Part 1 of this series, FINTRAIL used four basic money-mule associated search terms to pre-identify social media accounts of interest and those assessed to be associated with potential mule activity. These search terms were “Legit money UK”, “Easy Money UK”, “Flip Money” and “Instant Cash UK”. This investigation now seeks to focus on the initial phase of money mule recruitment and how by disrupting this critical stage it can disrupt the rest of the money mule value chain. However, it is important to first understand the money mule life cycle  which looks like this:

A simple diagram breaking down money muling into four steps; step 1 how to entice on social media, step 2 where they get a DM and get money deposited, step 3 the mule transfers money across their accounts, step 4 the mule gets caught and faces the c…

Honing in on Step 1 i.e. contact over Social Media, FINTRAIL have identified a number of key indicators of which combined together likely indicate an attempt to lure someone into Money Muling; these fall into two categories, visuals and language.

The likelihood of money muling being carried out on the internet depicted as visuals, e.g the images of cash etc to lure and the language used e.g. quick cash etc.

Visuals: There are a combination of images used that show instant gratification; key features include cash, cars, watches and evidence that large sums have been transferred into bank accounts. Further to this, many of the pages had adverts in their “stories” asking people to DM them if they want to make money quickly and requested people with very specific bank accounts to get in touch.

Language: By doing a simple drag and drop of Facebook, Instagram and Twitter pages into a tag cloud generator, FINTRAIL identified the types of language used across all platforms; the more popular the word, the larger it appears. The language used on the accounts really highlighted three key areas; fraudsters would request a specific bank account whether Barclays, Lloyds etc, then offer free fast easy money and explain that this was only a DM or whatsapp message away.

High chance of money muling: The combination of these images linked with these words are likely to indicate and point to something unsavoury and potentially illicit. This combination of factors can be used by social platforms to limit the likelihood of false positives when monitoring behaviour on their platforms and if kept up to date with evolving typological information, would create a far more effective disruption to wholesale financial crime scams than the over reliance on the regulated financial sector, by which point the damage is already done and the act of money laundering has already occurred.

So What Next? 

For FINTRAIL our money-mule journey on the social media platforms ended with the phrases “DM me for more info” or “whatsapp me”. However, in reality we know that this is only the beginning. We know that from here, behind the scenes, bank details are exchanged and money transfers are being made. This is where law enforcement has a critical role to play, coordinated with social media platforms, so that more can be done upstream to reduce the impact and have far more effect, reducing harm across the value chain of money mule activity.

 

Instagram as well as Facebook, use a new AI system Deep Text to essentially deal with and counteract major issues such as cyber bullying as well as malicious posts and comments. If the Instagram algorithm detects or finds provoking content, it’s discarded immediately. This demonstrates that technology already exists that can have an enormous impact on how social media platforms are abused (3).

A robust disruption of Step 1 of the money-mule cycle that is facilitated by social platforms will have a significant downstream impact where the end result would likely amount to a positive reduction in;

  • harm and exploitation of vulnerable people

  • costs to law enforcement effort (investigating money-mule cases)

  • the burden on the UK and global Suspicious Reporting Regimes

  • the burden placed on those operating in the regulated financial service sector


Very clearly, this needs to be an industry wide coordinated effort with law enforcement at the forefront and social media platforms on board. During the fifth Europol Money Mule Action (EMMA 5) week, 3883 money mules were identified alongside 386 money mule recruiters; 228 of these were arrested. As a major catalyst of money muling recruitment, social media platforms should share the burden and play their part in the deterrence of money muling by utilising technology they already have.

Get in Touch
If you are interested in speaking to the FINTRAIL team about the topics discussed here or any other anti-financial crime topics, please feel free to get in touch with one of our team or at contact@fintrail.co.uk

(1) How teenage money mules funnel millions from online fraud

(2) Monitor social media of young offenders to prevent crime says watchdog

(3)  Instagram leverages AI and big data

, , , ,

Keep Calm and Keep Planning: Pandemic Planning for FinCrime

, , , ,

No business sector has been left unaffected by the outbreak of the coronavirus. The financial sector, including FinTechs, is no exception. In times like this, working together as a community is more important than ever.

This document collates examples of how COVID-19 has impacted the FinCrime operations of FinTech FinCrime Exchange (FFE) members and how the teams have responded as they pivot to almost exclusively remote operations, as well as presenting some best practice guidance for a business continuity plan (BCP) and remote anti-financial crime (AFC) compliance.

It looks at how international bodies, financial regulators and law enforcement agencies across the globe have responded so far to the ongoing coronavirus situation, highlighting specific areas FinTechs should focus their attention on. 

The document also discusses differences between traditional business continuity planning and pandemic planning which may present unique challenges to Fintechs management teams. Finally, in its annex, the document collates information on COVID-19 related scams divided into four categories: imposter, product scams, investment scams, and insider trading. 

This guidance is based on research conducted by FINTRAIL across the FFE community. This includes a survey sent to all global members, review of 31 responses, 15 follow-up interviews, and additional research and analysis conducted by FINTRAIL. The survey and interviews were conducted during the week commencing 16 March 2020.

A black line drawing of the FinTech FinCrime logo and accompanying text title
 

With thanks to members of the FinTech FinCrime Exchange for sharing best practices.


FINTRAIL on the Captivated Audience - Season 1, Episode 12

In this episode, FINTRAIL’s Greg Wlodarczyk, joins hosts Sam Sheen and Marie Lundberg on the Captivated Audience podcast.

Listen as they discuss the importance of technology and people for FinTechs, the FinTech FinCrime Exchange (FFE), how changes in consumer behaviour affect AI and transaction monitoring and the inside track on FINTRAIL’s upcoming survey results on the business continuity activities of the FinTech community.

EUROMONEY - Regulation: For AML, FinTech is both problem and answer

Set against a number of high profile money laundering scandals in the sector, FINTRAIL Co Founder, Robert Evans was interviewed by Dominic O’Neill, EUROMONEY, along with some key industry leaders to discuss AML and FinTech and how technology, particularly RegTech, can help support financial institutions in upholding their regulatory requirements in the global fight against financial crime.

Rob discussing the negative press around FinTech:

“Because of the online nature of the communities they serve, they can be vulnerable to pressure applied by legitimate customers with legitimate complaints and vulnerable to misinformation,” says Evans, discussing the neobanks. “Fraudsters have learnt that applying pressure via social media is a way to release funds that have been frozen for good reasons.”

VIXIO PaymentsCompliance - Payment Firms Scramble To Counter Corona Fraud As Spending Shifts

As warnings abound over the frauds and scams taking advantage of the coronavirus crisis, the flexibility of financial institutions to react and adapt to the emerging threat is being tested.

Gemma Rogers, Co Founder at FINTRAIL was interviewed by Douglas Clarke-Williams, VIXIO PaymentsCompliance about how criminals are using the Covid-19 situation to their advantage to carry out financial crime related activity. Gemma also discusses some of the measures and adaptation an anti-financial team should think about to counter it.

"As you get into the detection methodology, reading up and being aware of these scams, and being aware of how they will manifest, is key," she told VIXIO PaymentsCompliance. "Then you can start to tune your transaction monitoring rules to look for the behaviours which might indicate that a customer has been scammed - or perhaps, worst case scenario, that a customer is perpetrating one of these scams."

****You will need to have a subscription or sign up for a trial subscription to view the full article. ****

, , ,

How Social Media is used to Further Financial Crime - Part 1

, , ,

Introduction

Facebook, Instagram and other social media platforms have created simple methods of association. This in itself is both social media’s greatest strength and greatest weakness. You can share friendships globally but those with nefarious intent also have the mechanisms to create connections and identify vulnerable individuals that can be exploited to further their criminal activity.

Over the course of one week (pre-Covid-19 crisis) and as a follow up to our last article on this topic “The Role of Social Media in Furthering Financial Crime”, FINTRAIL conducted research on three key social media platforms, to assess the exposure of the platforms to financial crime activity - specifically money muling. This exercise should be considered a basic benchmark of the problem; our analysis suggests the scale is significant and likely to be systemic to the way money mule networks operate. This is further emphasised when you consider all the available social platforms likely to be used and private/DM functionality that keeps much of the content private. 

Methodology

Research material was obtained through passive observation, some of the groups identified were joined but at no time was there any form of direct engagement. FINTRAIL used four basic money-mule associated search terms to pre-identify accounts of interest and those assessed to be associated with potential mule activity. These were then manually reviewed to assess the group activity.

For this benchmarking FINTRAIL focused on three platforms; Facebook, Twitter and Instagram. The below infographic depicts the findings. Note: there has been no formal network analysis done to identify any crossover between platforms.

Findings

Image with textual findings of money mule search terms across social media, with images on the right hand side of examples of the types of messaging that is seen on social media.


Summary

Pre-Covid-19, many people were already anxious about their financial situation, making them vulnerable to exploitation by criminal gangs seeking to develop mule networks. Research completed by Barclays revealed 6 in 10 people (60%) of respondents were worried about their finances on a weekly basis. 

Since Covid-19 started to bite globally, significantly more people have become financially vulnerable with more people out of work and in dire need of money to cover living costs. These factors create the ideal conditions for criminal gangs to target the vulnerable and there is likely to be a significant increase in the number of people who fall into the trap of money muling.

We will be investigating further into this topic in Part 2 looking to provide some practical information that social media platforms (and others) could use to help in identifying and preventing this kind of activity.


If you have any comments or would like to discuss the issues in this post, or wider anti-financial crime topics, please feel free to get in touch with one of our team or at contact@fintrail.co.uk

, , , ,

Stop. Collaborate and Listen

, , , ,

In our latest thought leadership piece we explore the idea of collaboration. This joint piece between FINTRAIL/FFE and RDC demonstrates the vital role that collaboration plays. We discuss the impact it has on the global fight against financial crime whilst highlighting some of the current collaborative efforts within both the public and private sector to date, showing their effectiveness within the FinTech and Banking industries.

Our ultimate conclusion is that the dispersal of information to a variety of individuals closely involved in the fight against financial crime is essential to any successful AML initiative.

The Impact of Coronavirus on Financial Crime is Bigger Than You Think

From war to pandemic, there is always a class of profiteers seeking to take advantage of a country or world in crisis. Unsurprisingly, the behaviour has emerged once more in response to the escalating international outbreak of COVID-19. US cyber security firms and news agencies have repeatedly warned about the rise in coronavirus phishing scams, where emails purporting to be from trusted authorities like the Center for Disease Control and Prevention (CDC) and World Health Organization (WHO) are being sent to unsuspected victims, tempting them into downloading malware onto their devices. Scam cures, such as colloidal silver and essential oils, are also on the rise. The Federal Trade Commission (FTC) and Food and Drug Administration (FDA) have even issued warning letters to several companies, who may be found to have violated federal law for selling unapproved products using false claims. 

Unfortunately for financial crime compliance professionals, coronavirus risks go far beyond old scams targeting new fears. The landscape and scale of financial crime compliance risks are fundamentally changing, and without sound risk management, we might find ourselves among other overwhelmed, underprepared industries in the face of a pandemic. 

It’s Not Just Fraud

While fraud has understandably received the most immediate financial crime-focused coverage, this is not the only financial crime area that we should analyse for potential spikes. 

For example, we could see spikes in certain types of money laundering activity. Look at money mules - who are often recruited online through fake social media employment or romance scams. As individuals lose their jobs or have to find work from home, the prospect of being able to earn funds quickly through moving money from one account to another may become even more attractive. Some sites are even directly recruiting money mules in the name of supporting coronavirus victims. 

It’s not all bad, however! Cash-based activity is on the decline in countries hard hit by coronavirus, and potentially cash-based money laundering along with it. Major international terrorist groups, such as the Islamic State, are advising their fighters not to travel to Western countries undergoing severe outbreaks of coronavirus, which could impact terrorist financing flows. 

The best thing for financial crime professionals to do is to spend time thinking about how the pandemic may impact the specific financial crime risks they face as a business. They can then adapt their controls accordingly, to best mitigate the evolving threat landscape. 

Investigation and Enforcement

Investigations are beginning to stall in the face of coronavirus as well, hindering the ability to meaningfully prosecute complex, cross-border cases involving bribery and corruption, organised crime and sanctions evasion. As the pandemic spreads across the globe, with travel bans, home working and quarantines being used as containment measures, compliance officers and lawyers investigating bribery and corruption have been forced to delay meetings and interviews, which could allow cases to drag on and bad behaviour to continue to proliferate. 

In addition to stalling investigations potentially allowing for compliance risks to slip through the cracks, law enforcement is also facing pressure to keep up with demand. Police in the US are now shifting gears to enforce coronavirus rules and in some areas, have been urged to avoid “unnecessary arrests” as this could only lead to the virus spreading. Law enforcement priorities are fundamentally shifting, and financial crime is unlikely to get the focus or resources it needs. 

Compliance Ops

Particularly in FinTech hubs like New York City and San Francisco, the latter of which is under a shelter-in-place order, employees are having to work from home in order to keep the business running smoothly, and this includes BSA/AML compliance operations staff and analysts. While FinTech workplaces generally encourage more working from home and may have better controls in place to ensure data security, the hasty transition can still generate problems if not managed effectively. 

While internal fraud is often viewed as less of a concern in small and medium sized FinTechs, given the close and collaborative nature of their teams, this risk should still be fully mitigated. More than half of all frauds committed against business are done so either internally or by an internal actor colluding with an external one. And this is something we have increasingly begun to see in the FinTech sector. We have personally experienced cases where FinTechs have had to engage in trying internal fraud investigations, or where staff have been contacted by organised crime groups asking them to engage in fraud. 

Generally speaking though, the vast majority of internal staff are team members trying their best for the company. Front line team members need to be supported now more than ever in the work that they complete. Staff may fall ill, leaving others having to balance heavier workloads. Staff may not find it as easy reaching out for help evaluating a new alert. And responding to crises can also detract from other important financial crime tasks, like filing SARs (if this is the case, make sure to contact FinCEN). In-person training and support that staff need in order to thrive, excel and finish work on time may not be readily available. By taking steps to ensure regular team communication, health, wellbeing, and safety, as well as access to educational resources, firms can build out more resilient teams. 

Recession?

Finally, we get to the elephant in the room: it’s difficult to find an economist that doesn’t think the coronavirus pandemic will bring the global economy into recession, especially as we seemed to be nearing one prior to the outbreak. With transportation and hospitality industries suffering major blows, and with outbreak hotspots like Italy already facing a delicate economic balance, we should start looking at what impacts a recession could have on financial crime levels now. 

Data from the last global recession indicates that financial crime and crime generally can go up during a recession. The first 6 months of 2009 for example had the highest fraud rate observed to that point in KPMG’s Fraud Barometer, and 36% of senior executives reported to Kroll that they believed fraud risks had increased due to the recession. 

One report from the World Economic Forum indicated that, for young people struggling to find employment during a recession, the arrest rate increases by 10.2%. The difficulties in pursuing legitimate employment make criminal enterprise more attractive; what’s worse - once involved in criminal activity, it can be very difficult for these individuals to leave, making the level of recession-rooted crime increase further. 

When thinking about financial crime contingency planning in the face of coronavirus, we need to think even bigger than just the short term impacts and start evaluating what our response will be in the face of possible recession. This also includes considering what typologies may evolve or proliferate, such as benefit fraud as more people apply for unemployment.

What You Can Do 

There is a lot of uncertainty out there in the face of coronavirus, and we will benefit as an industry by working collaboratively to tackle financial crime challenges as they occur. The below are just a few tips and tricks for how to tackle coronavirus as a financial crime threat:

  • Reconsider your BSA/AML risk assessment. Which inherent risks are more or less impactful in the face of coronavirus? Which controls might be weakened?

  • Evaluate whether your second line controls can provide the same level assurance in the current situation. For where external expertise is needed, work with digitally-focused consultancies who can easily support you remotely. 

  • Check up on your internal fraud procedures, to ensure strong whistleblowing protocols are in place, as well as appropriate access rights and 4 eyes checks.

  • Increase staff engagement through financial crime catch ups, remote training and clear lines of communication. 

  • Don’t stop contingency planning, and add a potential recession to the list of events you’re planning for. 

We are working hard with the FinTech FinCrime Exchange community to learn more about what specific steps the international FinTech sector is taking in response to coronavirus as part of their contingency planning. Stay tuned for future insights.

If you have questions about how your business should proactively take on financial crime in the context of coronavirus, reach out to Megan Millard or Meredith Beeston.

The Role of Social Media in Furthering Financial Crime

Content warning: discussion of topics linked to suicide and child exploitation

Recently in the UK we’ve seen the suicide of a reality TV presenter, and in March 2019, the father of Molly Russell urged the government to introduce regulation on social media platforms in response to his 14-year-old daughter taking her own life. She was found to have viewed content related to depression and suicide on Instagram before her death.  While neither of these tragic instances can be solely attributed to social media, many are discussing the arguably significant role that online media played in both cases.  

Following on from these instances, in early 2020 the government announced that Ofcom - the communications regulator - was to be given the power to fine social media companies in a bid to protect children from harmful online content. Ofcom will not only be able to fine companies that fail to remove illegal content - such as the promotion of terrorism or child pornography - but online platforms will also be required to stipulate what behaviour and content is acceptable on their sites, and enforce those rules consistently and transparently

Clearly, the priority for Ofcom and social media firms has to be removing the most immediately harmful content - that which promotes suicide and child exploitation being critical.  However, there is also an argument for Ofcom and the social media firms to ensure that other types of content are correctly classified as illegal and are therefore removed. The other types of content that we at FINTRAIL believed should be more heavily moderated and removed pertains to financial crime.  

From our consulting experience in the FinTech sector, we have seen a multitude of financial crime cases where the schemes start on social media. In fact many of the low level criminal activities are facilitated and can only be effective due to social media.  A few examples include:

  • Promoting the sale of goods on social media platforms; victims agree to purchase the goods, transfer the money to an account (often in the scammer’s own name, using their real identity) and the goods never materialise.  These are also known as advanced fee fraud.

  • Money launderers recruit people - and pay them for access to their bank accounts - via social media profiles.  The launderers use the access to the recruits’ accounts to wash the proceeds of crime. This is known as money muling, and is worryingly common, even among young people.  

  • Scammers can further advertise purported investments schemes online, attracting potentially thousands of users and defrauding them of large sums of money, sometimes even their life savings.

Social Media adverts enticing users into money muling
Social Media Advert - man sat with piles of £20 notes enticing money muling

Images from social media used to entice individuals into money muling and other get rich quick scams.

Even in isolation, the results of these scams and schemes are incredibly harmful to the individuals involved; in some cases causing them to be blacklisted from banks (for having perpetrated money laundering through their accounts in the case of money mules), or in others to lose significant amounts of money.  However, it is also important to recognise the wider harm that such behaviour has on the rest of society.

Firstly, not only do many of the fraud and laundering schemes detailed above connect back into wider organised crime, involving the predicate offences of illegal drugs sales, human trafficking, corruption, arms trafficking, kidnapping and extortion (inter alia), all of which have an enormous human cost; secondly, the estimated cost of financial crime to global economy is conservatively estimated at between USD 1.6 trillion and USD 2.2 trillion. A Global Financial Integrity report from 2017 underscores how transnational crime undermines economies, societies, and governments, particularly in developing countries, often preventing those who are most vulnerable from getting the support they need, ironically, increasing the chances that they too become embroiled in a life of crime.

So, it’s with these huge human, societal and economic costs in mind that Ofcom needs to work closely not only with the social media firms themselves, but also with financial services firms, financial services regulators and law enforcement to best determine what content should be categorised as illegal and harmful, and seek to include this in their regulatory scope.  

In the same way that financial services firms are heavily regulated - because of the harm the provision of their services can cause - social media firms should also be required to take more proactive steps to prevent, deter and detect illegal and harmful content pertaining to financial crime from appearing on their sites.  

Practical steps social media firms can take mimic those applied in the financial services sector, such as Knowing Your Customer (KYC) processes  - including identity verification such that they can more effectively block repeat offenders - and more intelligent activity (transaction) monitoring, such that they can proactively identify higher risk profiles that should be subject to enhanced monitoring. This doesn’t have to be an arduous process: the FinTech sector has demonstrated that frictionless processes can exist, whilst maintaining compliance and gathering an appropriate level of customer due diligence in the process.

Clearly, any of these processes will have to be implemented proportionately, particularly to ensure the continued freedom of expression and speech.  However, considering the harm that social media appears to be, if not causing then at least amplifying, spending time, effort and money combating these issues and working to ensure proportionality is key for the ongoing success and safe utilisation of social media platforms in today’s society.

Get in Touch
If you are interested in speaking to the FINTRAIL team about the topics discussed here or any other anti-financial crime topics in an increasingly digital FinTech world, please feel free to get in touch with one of our team or at contact@fintrail.co.uk

, , ,

Celebrating International Women's Day at FINTRAIL

, , ,
Purple banner for with the logo and title for International Women’s Day with #EachForEqual and #IWD2020

International Women's Day (8th March) is a global day celebrating the social, economic, cultural and political achievements of women. The day also marks a call to action for accelerating women's equality. At FINTRAIL we are committed to equality and wanted to join in celebrating the women that contribute to making FINTRAIL a great place to work.

Photo of Gemma Rogers Co Founder at FINTRAIL

Gemma Rogers

I co-founded FINTRAIL in 2016.

“My FINTRAIL highlight so far was realising that we had achieved gender parity among our leadership team. 💪”

Maya Braine

I’m the newest member of FINTRAIL, and joined the team two months ago.  

“I joined FINTRAIL because I wanted to work in a dynamic, growing team where I could challenge myself, take the initiative, and feel my contributions make a real difference.”

Maya Braine - Senior Consultant at FINTRAIL
Payal Patel - APAC Managing Director at FINTRAIL

Payal Patel

I have been part of the FINTRAIL team for almost a year.

“My plans for FINTRAIL Asia this year are to continue to work with the most innovative and exciting FinTech companies in the region and to expand the rapidly growing FFE network.”

Lauren Vincent

 I have been part of the FINTRAIL team for 8 months.  

“The best part of my job is how much knowledge I am able to gain from my colleagues on a day to day basis.’'

Lauren Vincent - Global Team Coordinator at FINTRAIL
Danielle Jukes - Consultant at FINTRAIL

Danielle Jukes

I have been part of the FINTRAIL team for 4 months.

“If I had to sum up the FINTRAIL team I would say that we’re a diverse team and all share a passion for our work.”

Meredith Beeston

I have been part of the FINTRAIL team for 2 and a half years.

“I chose to work in FinTech FinCrime because I wanted to work alongside a growing industry and help find innovative ways to use technology in the fight against financial crime.”

Meredith Beeston - Consultant at FINTRAIL
Photo of Ishima Romain - Analyst at FINTRAIL

Ishima Romain

I have been part of the FINTRAIL team for almost 3 years.

“The top 3 things I've learned during my time at FINTRAIL: Personal - a traditional background isn’t required to be part of FINTRAIL. Technical - many processes that businesses conduct independently, as they usually align to wider controls, should be done collectively. General - to be adaptable in this ever evolving disruptive industry.”

Rachel Clark

I have been part of the FINTRAIL team for 6 months.

“This year I am most excited about hearing the new FFE Podcast which will give interesting insights into individuals experiences with FinCrime in the FinTech sector.”

Photo of Rachel Clark - Consultant at FINTRAIL
, , ,

Investor Due Diligence: A Two Way Street

, , ,

Zopa: Scandal in the Boardroom

Last week, UK peer-to-peer lending firm Zopa found itself in the news when board member Kapil Wadhawan was forced to resign following his arrest in India over money laundering allegations.  Wadhawan, the chairman of Wadhawan Global Capital and the owner of a large property finance group in India, co-led a £32m investment in Zopa which secured him a seat on the company’s board.  He was arrested by the Enforcement Directorate, an Indian government agency responsible for policing financial crime, in late January in connection with a money laundering probe.

This incident highlights the importance of knowing who you’re doing business with - not only employees, partners, and vendors but also investors.  In the thrill of securing financing, it can be tempting not to scrutinise your potential backers too closely, but as the Zopa case shows this is a potentially risky area.  This is the start of a long term partnership, so both sides need confidence in who they’re dealing with. “Investor due diligence” should cut both ways, and target companies should be prepared to conduct “know your investor” research.  Investors with poor reputations can have a knock-on effect on portfolio companies’ credibility, and their ability to raise future funds. And in a worse case scenario, these companies could even find their investors or directors involved in criminal proceedings, as in the Zopa case, or discover that the investment consisted of illicit funds.  

Doing your Homework: Reputational and Integrity Due Diligence 

Reputational and integrity due diligence should form part of the wider due diligence process alongside financial, commercial and legal diligence, and is vital for understanding financial crime risks.  It can be relatively straightforward to ascertain the track record and reputation of well-established investors, but for more niche investors, those based overseas, or new figures in the market, this may not be so straightforward.   

The obvious questions for an investee to ask are whether the investors are well-established figures with a good track record and a logical interest in investing in the company in question.  How long has their firm been incorporated, has it made successful investments in the past, and does it have discernible experience in the sector? Does it seem to be in good financial standing?  Are there any indications the investors have been involved in any previous scandals or legal or regulatory issues? It’s also important to understand their modus operandi and if they have ever been involved in dubious or aggressive business practices, or disputes with partners, competitors or other investees.  This may involve determining if they are the subject of any inquiries by regulators or law enforcement agencies which haven’t yet reached the stage of formal proceedings.

In addition to the above, there are further issues to consider for investors from overseas jurisdictions with lower standards of transparency and higher levels of financial crime.  What is the source of funds - how did the investor initially make their money? In some countries, analysing this information may require understanding of the country and its history - for example, anyone who established their fortune in Russia and the former USSR in the privatisation programmes of the 1990s.  In many countries, it will be important to understand political patronage - whether your investors have political influence or connections, whether this could have helped them make money illegally or unethically or to avoid legal actions, and whether their position may be threatened by changes to the current political regime.  

Sources of Information 

In practical terms, where can investees find the answers to these questions?  They will likely start gathering information in-house through basic steps like online research - sources like the investor’s own website, news reports, and Google searches.  Speaking to others in the marketplace will help provide a sense of the investor’s track record and general reputation. To ensure consistency and transparency, investees can implement an ‘investor due diligence’ process (a project which FINTRAIL is ideally placed to facilitate), which in many ways mirrors a customer onboarding process.  It will allow the investee to make sound, defendable decisions by establishing a methodology to collect consistent information from defined sources, analyse it in line with clear criteria and parameters, and establish transparent escalation and decision-making processes.

In some cases, it will be advisable to seek expert help in conducting this due diligence research, especially if early red flags are identified or if there are discernible high-risk factors such as the investor’s main country of operations.  Expert due diligence research will look at the online sources mentioned above plus specialist media databases, local and overseas litigation and corporate records, regulatory watch lists, foreign language media reports, and cached online materials.  If required, researchers can also conduct enquiries with human sources operating in the relevant sector and country, to help explain the investor’s history, modus operandi, other business interests, perceived probity and general reputation. This is particularly useful in countries with undeveloped media landscapes, poor press freedom, or limited public records.  Appropriate sources may include founders or employees of existing portfolio companies, other investors or business figures operating in the sector, journalists, and former partners or employees. Conducting successful enquiries requires an excellent network of contacts, as well as understanding the specificities of the investor’s operations, in terms of the sector, type of business, and jurisdiction.  

FINTRAIL’s Experience

The FINTRAIL team has extensive experience in both designing due diligence processes and conducting reputational and integrity due diligence.  We have lately finished building and implementing an investor due diligence process for a UK-based FinTech. We have also recently worked with a client to conduct research on a potential investor, in a case which showed clearly how important it is for growing FinTechs to identify the right partners.  FINTRAIL investigated a venture capitalist from Russia looking to invest in a UK-based FinTech, using our expert country knowledge and language skills; searches in Russian, US and EU litigation and bankruptcy records, criminal records and regulatory agency checks; and adverse media research in English and Russian.  This uncovered concerns about the investor’s source of wealth and modus operandi including political connections to the Kremlin, business interests in opaque jurisdictions held through apparent shell companies, and UK corporate interests which bore similarities to those of the Hajiyev family, the subject of the UK’s first Unexplained Wealth Order (UWO).  These concerns ultimately led to the FinTech deciding not to accept the investment - a potential disappointment in the short term, but an important decision to head off major issues in the future. 

Get in Touch
If you are interested in speaking to the FINTRAIL team about due diligence or any other anti-financial crime topics in an increasingly digital FinTech world, please feel free to get in touch with one of our team or at contact@fintrail.co.uk

, , , ,

FINTRAIL's Fave Podcasts

, , , ,

Like everyone, the team at FINTRAIL are living for podcasts at the moment. Whether we are on our daily commute or grabbing a coffee we are tuning into our favourite shows. For those of you that are keen to explore some new FinTech/ FinCrime related podcasts - here are some of our recommendations:

Payal Patel - APAC Managing Director at FINTRAIL

FinTech Insider / Blockchain Insider

“I love the variety and quality of speakers and the relaxed, but informed style of both these podcasts which cover the most recent developments in the FinTech and Blockchain world. Living in Singapore, these shows provide me with the regular global update and industry expertise I need.”

Gemma Rogers - Co Founder at FINTRAIL

Bribe, Swindle or Steal

This podcast by the anti-bribery business organisation TRACE International looks at examples of financial crime cases and typologies, and at what can be done to tackle them through interviews with experts in the field.  The topics covered are really varied - regulatory developments and best practice, diverse crime types such as doping in sport or wildlife poaching, and major international scandals such as the Luanda Leaks and the Volkswagen emissions scandal. Having this broad scope and including interviews with such diverse practitioners throws up interesting perspectives and shows how many forms financial crime can take.

Maya Braine - Senior Consultant at FINTRAIL and MENA specialist

Caliphate and Conflicted

I’m pursuing an extremism and terrorism financing theme at the moment.  Caliphate is a series following Rukmini Callimachi of the New York Times as she reports on the Islamic State and the fall of Mosul. You are hooked from the very beginning and the insights provided on the inner workings of ISIS are fascinating. And for even more incredible insider information, I recommend Conflicted by Aimen Dean, a former jihadist turned British double agent inside Al Qaeda. This podcast combines incredible first-hand insights with expert analysis, and breaks down the complexities of history, religion and politics of the Middle East and puts them in a global context.

John-Paul Eaton - Global Community Director at FINTRAIL - FinTech FinCrime Exchange

The Missing Cryptoqueen by Jamie Bartlett

The pyra-ponzi scheme that shook the world. The ‘Bitcoin killer’ that through an elaborate social engineering scam destroyed thousands of families and swindled billions of dollars. We were extremely privileged to have Jamie Bartlett share his OneCoin investigation at FFECON19. And through the FFE community, it has been awesome to open doors for Jamie to take his investigation to the next level. Breaking News: there will be a Missing Crypto Queen TV series.  Can’t wait for Jamie to share his progress at FFECON20!

Robert Evans - Co Founder at FINTRAIL

Financial crime matters with Kieran Beer from ACAMS

This is my go to for all the latest insights on trending Financial Crime topics.

Get in touch to let us know what your favourite podcasts are- we are always keen to add to our ever-growing list. Happy listening.

FINTRAIL on RUSI's: The Suspicious Transaction Report - Ep.10 Leaks, Links and Brexit

In this episode, host Isabella Chase is joined by guests to discuss the most recent money laundering leaks, UK-linked financial crime cases, and the impact that Brexit will have on the financial crime landscape. To discuss the latest news and headlines, Isabella is joined by our very own Gemma Rogers and Nick Parfitt from Acuris Risk Intelligence. In the deep dive, Isabella discusses the UK’s Economic Crime Plan with CFCS Associate Fellow, Helena Wood.

You can access the full podcast here: The Suspicious Transaction Report and also catch up on previous episodes.

If you would like to discuss the topics in the podcast, or if you want to know more about FINTRAIL, please feel free to get in touch with one of our team or at contact@fintrail.co.uk.

, , , ,

FINTRAIL's Focus for 2020

, , , ,

At FINTRAIL, like many of the clients we work with, we like to be as transparent as possible about our plans, successes and failures.  So with that in mind, Gemma and I wanted to write a quick summary of 2019 and give you a view on what we are planning for 2020.

Thanks to our amazing team, partners and clients we had a pretty awesome 2019! We worked with over 30+ different FinTech and financial institution clients across Europe, Asia, North America and Latin America. 

Amongst other things, the FINTRAIL team have helped our clients build compliant FinTech products, transform legacy financial crime infrastructure, conducted audits and worked with leading technology, people and process to change how modern financial service providers can address the threat of financial crime.

Additionally, we have continued to invest in and grow the global FinTech FinCrime Exchange (FFE), we now have over 170+ FinTech firms big and small that have joined the fight against financial crime across the US, Europe and Asia.

As we continue to grow as a firm, we are of course going to see some challenges.  Firstly, setting a cohesive international strategy is hard, especially as a small and very busy team. Bringing the US and Asia markets online brought significant challenges, some of which we had just not thought about. With so many ideas on what we could and can do, it can be difficult to curb our enthusiasm sometimes. I think it would be fair to say that 2019 was a year of learning on this topic but we have taken that onboard and are now accelerating in to 2020.

We built out our team significantly - clearly this is a brilliant problem to have - but we did have to think more carefully about the culture and structure of our team. Just throwing bodies at an opportunity is not the right answer but we really think we have made great progress in refining what the FINTRAIL organisation and culture looks like and this will continue to be a constant priority for us moving forward.

Finally, I think it would be fair to say that as co-founders, we learnt a lot about ourselves in 2019. We have put a lot of effort into FINTRAIL and it is sometimes hard to step back and empower your team to take that forward. We are super fortunate that we now have a team that believes in our mission and have the enthusiasm and capabilities to take that forward. As a team and individuals we are not going to get everything right the first time but we are committed to learning at every opportunity and we aim to make FINTRAIL one of the best places to work, doing super important work for the best clients in the world. 

However, this is all history and we cannot take our eye off the ball. So 2020 is going to be an even bigger year for FINTRAIL our clients and community we support and and this is how we are going to do it:

Continue to invest in our consulting teams to bring our clients the best and most relevant expertise and support. In 2019 we grew our global team and launched our businesses in the US and Asia; we have seen a rapid growth in demand for what we do. Without the right people, culture and infrastructure we simply cannot do what we do.

In Asia, led by our local Managing Director Payal Patel, we are already working with some of the largest regional players to ensure they build robust anti-financial crime provisions into their products and business plans. Payal will be building out our regional offering and scale her team across the region over the course of 2020.

In the US, led by our local lead Megan Millard, we have been working with established global players to transform their vision of compliance and anti-financial crime as well as working with new and highly innovative businesses to ensure they start their journey in a secure and compliant fashion. There will be a big focus on the US market in 2020 as we continue to grow the business there.

In Europe, led by our local Managing Director James Nurse, we have been supporting clients big and small through their compliance and anti-financial crime journey. This shows no sign of slowing down and we will be bringing our specialist skills to new markets in the region and continuing to grow the team out to cover the different European jurisdictions.

Data, Data, Data - there is no question that the fight against globally connected financial crime requires us to take a connected, community and data driven approach to have any meaningful impact. Over the last 3.5 years through the FFE we have seen the power of connecting people and sharing insight.

We have been exploring what FINTRAIL and our FFE community can bring to this challenge and we think we have a way forward.

We have now agreed a partnership with one of the leading global RegTech providers to start connecting our global community in that fight through the development of real-time threat data sharing. Gasps I hear, what about data privacy? Well this is not going to be some half-baked attempt to deliver data sharing. FINTRAIL and our partner are doing this properly - we have an existing community of motivated and technically savvy FFE members who are proactively asking for this, we can leverage our connections with global regulators, law enforcement and wider privacy community to get this right. Combine that with leading technology and world-class technical expertise and we have a solid combination.

Are we going to solve it overnight, absolutely not but It is going to be a key priority for us and the FFE community over 2020 and coming years. More specific details will follow on this topic in the coming weeks.

Continue to grow the community. The FFE is unique. It is the only global FinTech community dedicated to the fight against financial crime - and it is free. It is something that all of us at FINTRAIL are extremely proud of and we would not be able to make happen without the support of our partners at Regulatory Data Corps (RDC). We have big big plans for the FFE for 2020:

Meet-ups - in 2020 we will be hosting somewhere in the region of 20 meet-ups across the three regions and our aim is to make these even more relevant to the community. We will continue to strive to bring the global FinTech community together in a common cause and have a meaningful impact on the scourge of financial crime.

Podcast - yes, that’s right 2020 is the year we are launching our FFE podcast series and it looks like it will be a cracker. We are going to use this opportunity to dive into the topics that matter to members and learn more about the people and issues that impact our lives every day. The 12 part podcast series will feature all three FFE regions and we can't wait to see this mature for the FFE community and other interested parties that want to learn a bit more about it.

Expert Working Groups - we want the FFE to have a voice that has tangible impact. In 2020 we will be hosting a series of Expert Working Groups that will bring together Compliance and Anti-Financial Crime leaders from across the FinTech and financial services industry to dive deep into the key topics affecting the industry and come up with a common way forward. We will then use that platform to bring about change through our engagements with partners, regulators, law enforcement and customer communities. 

Engagement with global law enforcement - in 2019 our team spent a significant amount of time engaging with law enforcement and regulatory enforcement bodies from around the world. This was about spreading the word about the FFE and educating on FinTech, but also the opportunities to collaborate effectively. We have built amazing relationships with partners such as the Metropolitan Police, City of London Police, HMRC, National Crime Agency, Europol, Department of Homeland Security, Federal Bureau of Investigation and many many others around the globe. This will continue into 2020 with even more vigour. The private sector has a critical role to play in supporting law enforcement efforts against criminality in all its forms and the FFE community is at the front of that effort.

FFECON - we had a ball at FFECON19 and based on the feedback we had after the event from all involved it is something that will be back for November 2020 (block your diaries). Our goal for 2020 is not necessarily to make this bigger for the sake of it, but rather focus on the quality of this event for our community and that is what we will achieve. In addition, we will be taking FFECON on the road for 2020, in either Asia or US market (TBC, so stay tuned) with the aim to make this forum accessible to the growing community and interested parties globally.

So there you have it, a transparent roadmap of what to expect from FINTRAIL and the FFE in 2020. It is going to be a blast but seriously hard work and I know the team at FINTRAIL are super focused on making this another year to remember. We can’t wait and on behalf of the team at FINTRAIL we wish everyone all the best for 2020!

If you would like to discuss the topics in this post, or if you want to know more about FINTRAIL and our 2020 plans, please feel free to get in touch with one of our team or at contact@fintrail.co.uk.

Changes to the UK’s Money Laundering and Terrorist Financing Regime

Today, the UK is introducing changes to its anti-money laundering regime to implement the provisions of the EU’s Fifth Money Laundering Directive (“5MLD”).  The changes, introduced pursuant to the Money Laundering and Terrorist Financing (Amendment) Regulations 2019, are much less extensive than those introduced by the EU’s 4MLD.  They bring new business types within the scope of the regulations, and clarify obligations for existing regulated entities. The key changes are as follows:

New categories of regulated persons

The scope of “relevant persons” covered by the regulations has been expanded to cover crypto asset exchange providers, custodian wallet providers, art market participants where the value of the transaction exceeds €10,000 including traders, intermediaries and freeports storing works of art, and letting agents where the monthly rent exceeds €10,000.

Enhanced due diligence 

Relevant persons must perform enhanced due diligence (EDD) for business relationships with clients established in high-risk third countries or in relation to transactions where either party is established in a high-risk third country.  This means relevant persons must consider not only the location of their clients, but also those of their clients’ counterparties. The regulations also specify the EDD measures to be taken in such situations, derived from a new provision in 5MLD designed to ensure consistency across the EU, as interpretations of EDD previously provided on a national level was varied.  These measures include:

  • Obtaining additional information on:

  • The customer and the customer’s beneficial owner

  • The intended nature of the business relationship

  • The source of funds and source of wealth of the customer and beneficial owner

  • The reasons for the transactions

  • Obtaining senior management approval of the business relationship

  • Conducting enhanced transaction monitoring through additional and more frequent controls

Ownership

The regulations explicitly require relevant persons to “take reasonable measures to understand the ownership and control structures” of their customers.  Electronic identification processes are permitted, under certain conditions.  

Relevant persons must confirm the beneficial ownership of relevant legal entities before commencing a business relationship, and must report any discrepancies between the information provided to them as part of the due diligence process and that in the register of Persons of Significant Control to their local company registry.  In the UK, Companies House issued its own ancillary guidance for obliged entities on 10 January.

Risk assessment

Relevant persons must take appropriate measures to assess and mitigate money laundering and terrorist financing risks before adopting any new products and business practices (including delivery mechanisms), as well as new technologies.  

Group policies

The new regulations explicitly state that parent entities must have group-wide policies to share information on customers, customer accounts and transactions, for the purposes of tackling money laundering/terrorist financing.

Prepaid cards

Recognising the potential use of pre-paid cards for financial crime, the new regulations reduce the limit at which customer due diligence must be conducted on holders of pre-paid cards from €250 to €150.

Conclusion

These legislative amendments oblige existing regulated entities to consider whether their programmes are still in line with the regulatory requirements, given the expanded obligations and clarifying details in the new legislation.  

However, the major impact of the legislation will be for companies which now classify as relevant persons for the first time, such as cryptocurrency firms, which must now take a more stringent approach to their financial crime risk management.  For FinTech firms, the most relevant changes may be the EDD requirements involving high-risk transactions and the need for group policies as they expand beyond their home markets. FINTRAIL has significant experience in designing and developing compliance programmes for a wide variety of companies, including market entrants or newly regulated firms, and can assist with defining risk appetite, building risk assessments, and developing proportionate and effective due diligence processes.

If you would like to discuss the issues in this post, or wider anti-financial crime topics, please feel free to get in touch with one of our team or at contact@fintrail.co.uk.

, , ,

The Social Causes and Impact of Financial Crime - A Curve Talk

, , ,

At this Curve Talks event hosted on 10 Sep 19, Gemma Rogers, co-founder of FINTRAIL, shared her knowledge about the socio-economic effects of financial crime. She tackled the individual-level impacts of crimes such as human trafficking and explore “why” this sits behind current anti-money laundering legislation.

Gemma has a passion for changing the terms of debate around financial crime risk management, debunking the lethargic tick-box concepts of old and focusing on intelligent, inclusive and business-focused solutions.

For more Curve Talks see https://www.eventbrite.co.uk/o/curve-19344651260

Slideshow

CRYPTOCURRENCY REGULATION IS WORKING, BUT CAN IT BE IMPROVED? DFS, FOR ONE, SAYS “MAYBE”

As regulators and legislators dash to keep up with developments in financial services technology and markets, cryptocurrency remains a central focus. At a recent fintech forum held at Georgetown University, Superintendent Linda Lacewell indicated that the New York State Department of Financial Services (DFS) would be reviewing its existing licensing scheme for cryptocurrency businesses operating in New York. It was reported that Superintendent Lacewell said, “This is a good time to take a look . . . and see how our regime is fitting the current market and . . . what if any adjustments should we think about making to continue to adapt to sort of a changing industry[.]”

REGULATION OF CRYPTOCURRENCY

After blockchain emerged as an effective mechanism for the exchange of value, Bitcoin (introduced in 2009) became the dominant cryptocurrency. In response to the expanding use of Bitcoin and other cryptocurrencies, as well as misconduct like the collapse of Mt. Gox, state and federal regulators sought to adapt existing regulatory schemes to these developments. In 2013, for example, FINCEN issued regulations that extended registration and compliance requirements of the federal Bank Secrecy Act (BSA) to cryptocurrency firms. And in 2015, following several public hearings and reports, DFS enacted a comprehensive regulatory scheme to allow for the issuance of a license to operate a cryptocurrency business in New York, known as a “BitLicense.”

BSA/AML/OFAC COMPLIANCE

Central to both the FINCEN and DFS regulations are requirements for compliance with well-established rules to combat money laundering and illicit financial transactions. Both sets of rules require cryptocurrency firms to implement the key pillars of BSA/AML compliance, including “know your customer” rules, transaction monitoring and the filing of suspicious activity reports, where applicable. The DFS Bitlicense goes further to protect markets and consumers — for example, requiring compliance functionality that screens out transactions that violate federal sanctions (OFAC) laws, prevents market manipulation, has mandatory cybersecurity obligations, and imposes requirements for capital reserves and enhanced reporting.

THE REGULATIONS ARE WORKING

There is substantial evidence that the federal and state regulations are working. One recent example involves an international criminal enforcement sweep against a child pornography video distributor and its customers. After the distributor was arrested in South Korea in 2018, law enforcement authorities used the proprietary Chainalysis software to analyze blockchain transactions and map out both the contributors and users of the child pornography website. This information allowed criminal investigators to contact cryptocurrency exchanges for more information on the wallet addresses sending a crypto payment to the video site. Because compliant cryptoexchanges will have performed competent Know Your Customer processes, some were able to provide copies of identification, addresses, and other relevant transactions associated with those accounts to law enforcement. As a result, the U.S. Justice Department charged more than 35 individuals who either contributed or purchased child pornography from the video site.

In New York, DFS has now granted licenses to operate a cryptocurrency business to 22 different firms. Experience to date suggests these entities are growing and maturing in this regulated environment. (See, e.g., “Gemini Launches Custody Product With 18 Cryptos Including Ethereum Tokens.) Apparently, though, not every firm deserves a license — as DFS strongly stated in its rejection this year of the BitLicense application submitted by Bittrex. After a lengthy review, DFS determined that Bittrex’s compliance program failed to meet the necessary KYC, transaction monitoring, and sanctions filtering requirements, among other apparent deficiencies. (See “DFS Denies the Application of Bittrex, Inc. for New York Virtual Currency and Money Transmitter Licenses.) Keeping out non-compliant businesses is both good for protecting consumers and markets, and for preserving a level playing field for entities able to achieve mandated compliance.

CRITICISM OF FEDERAL AND STATE REGULATIONS

Unsurprisingly, there has been criticism leveled against the FINCEN regulations and DFS Bitlicense. Some have taken issue with the broad applicability of both sets of regulations. Others find fault with the $5,000 application fee for the New York Bitlicense or argue that other requirements of the license are too onerous. Despite criticism, the regulators are not going away. At the same Georgetown University conference, the head of FINCEN, Kenneth Blanco, reportedly told the audience that “[t]he expectation is that you will comply with existing regulation… Whether you’re stablecoin, centralized, decentralized – [it] doesn’t matter. You’ll still have to be able to comply.” That being the case, regulators should still make good faith efforts to be forward looking.

NEXT STEPS FOR REGULATORS

Most would agree that no regulatory scheme is perfect; many would also agree that no regulator requires perfection from the entities it supervises. Accordingly, efforts by regulators to synthesize regulations and set out the ground rules in a clear fashion remain necessary for fintech businesses to thrive. Recent efforts by FINCEN to provide more systematic guidance to crypto businesses and the suggestion by DFS that it will take another look at its Bitlicense, are thus welcome. So is the effort by the Conference on State Banking Supervisors to devise a model payments law that may encompass cryptocurrency transactions.

Expecting dramatic change is unrealistic. As noted above, FINCEN intends to remain focused on BSA/AML compliance by fintechs and crypto businesses. DFS Superintendent Lacewell reportedly indicated that the current Bitlicense regime is “working well” and that the audience should not “get too excited” about major alterations to the licensing regulation. That said, Superintendent Lacewell said that DFS “wants to hear from industry participants to see what improvements, if any, the agency could implement. This is a good time for existing cryptocurrency businesses, or start ups, to jump right in.

Photo of Matthew Levine-President Finance & Regulatory Compliance Services

ABOUT THE AUTHOR:

Matthew Levine

President, Financial & Regulatory Compliance Services

Matt Levine served until recently as Executive Deputy Superintendent for Enforcement for the New York State Department of Financial Services. In this role, he supervised investigations and enforcement actions, including matters involving money laundering, terrorist financing, cybercrime and cybersecurity, virtual currency fraud, market manipulation, and consumer fraud, as well as monitorships implemented by DFS. Matt is a former federal prosecutor and trial lawyer with significant experience involving financial markets and regulatory matters. For nearly a decade, he served as an Assistant U.S. Attorney, first in the District of Columbia and later in the Eastern District of New York. There, he served as Acting Chief of the Business & Securities Fraud Section, supervising federal prosecutors conducting securities fraud, money laundering, cybercrime and other white-collar prosecutions. Matt can be reached at mlevine@guidepostsolutions.com.

, , ,

The Dangers around Data Quality: How Poor Data Quality Can Harm Your Ability to Fight Financial Crime

, , ,

FinTechs and RegTechs are at the forefront of using data innovatively and efficiently to help facilitate everyday financial services. When managed correctly, this data can also help strengthen AML/CTF defences and help you pick out unusual or suspicious behaviour and customers. However, that doesn’t mean that FinTechs and RegTechs are immune to missteps when gathering, transporting and utilising data. When data quality goes wrong, the dangers can have a hugely damaging impact on the strength of anti-financial crime controls. Here are a few areas to take into consideration when evaluating how your data quality impacts your AML/CTF operation. 

What are the risks?

FinTechs tend to collect non-standard data on their customers. This not only covers the use of electronic ID verification, selfie matching and address verification technology, but also the collection of non-standard data points, such as IP address, geolocation and device ID. While this provides FinTechs with a number of benefits, including a more dynamic risk profile along with a more seamless user experience for customers, there can be major risks to meaningful financial crime prevention if the data collected isn’t robust. 

A FinTech could run into trouble if:

  • Non-standard data becomes limited data

    • This is when collecting less information from your customer and more information about your customer crosses the line into not enough information on your customer at all. Not only is there a regulatory implication of this, but it could also hinder your ability to implement a number of key financial crime controls - from transaction monitoring based on customer behaviour to customer screening against PEPs, sanctions and adverse media databases. 

  • The onboarding experience is over-prioritised 

    • One of the key benefits FinTechs offer is a more streamlined customer experience, so that customers can start using a product within a few minutes of signing up on the app or website. However, if too much priority is placed on having a seamless onboarding journey, it could lead to not enough information being collected on a customer to form a useful profile on their risk level and expected behaviour. FinTechs can consider limiting access to their product based on information collected or adding a few extra steps for customers deemed high risk in order to help combat this concern.

  • Data isn’t refreshed 

    • Obligations to know your customer don’t stop with onboarding; it’s imperative to keep customer data accurate and up-to-date. Without refreshing customer data, it may be more difficult to truly understand whether a customer’s behaviour is unusual or suspicious, and it may likewise become difficult to fully understand the risk they pose. 

  • Data is entered manually 

    • While most data a FinTech collects will be gathered automatically, some data requested from customers through in-app chats or help desks may require manual entry. Entering data manually, without robust four-eyes checks or routine assurance, can leave a FinTech open to problems from inaccurate data that can make it difficult to truly know who your customer is and their risk profile.

FinTechs can also run into trouble with gathering, analysing and responding to management information (MI). Especially when starting up and building out a compliance framework, MI collection, storage and analysis may not be their top priority. In the worst cases, important macro-level data on SAR volumes, customer breakdowns and risk types and TM alerts could go undervalued. Without regular MI collection, easy access to data and trend analysis, quality assurance on AML/CTF controls becomes more difficult. This has knock-on effects, making it harder to update your risk assessment and risk appetite and accurately reflect your product to the board and regulators. Poor MI can even prevent you from being able to advocate for the resources you need on a financial crime team.

What about RegTechs?

Given the digital and innovative nature of their products, FinTechs tend to rely heavily on RegTechs, especially at the point of onboarding. This means that it is incredibly important for FinTechs to understand how and what data RegTechs access, use and provide and consider how this can best support their AML/CTF operations. When considering the use of RegTechs there are some key risks that FinTechs should be aware of: 

  • ID&V Providers

    • RegTechs have spearheaded major innovations in digitising the ID verification process, making it easier to reliably onboard customers in minutes and spot fraud indicators that the human eye struggles to detect. The main data quality risk we’ve seen with ID&V providers is potential inaccurate transposition. In this case, data that is automatically pulled from ID and proof of address documents into customer forms and profiles doesn’t match the actual data on the ID. When data pulled from an ID is incorrect, it can lead to poor records being kept on a customer that make future customer screening and  investigation of suspicious activity more cumbersome, weakening the wider AML/CTF controls infrastructure at the FinTech.

  • Customer Screening Tools

    • The use of RegTechs for customer screening generally gives FinTech customers access to vast amounts of information that can be customised to the FinTech’s specific product offering and customer base. However, with the amount of quality data provided, there can still sometimes be gaps that need filling. Particularly with PEPs and their relatives and close associates (RCAs), we have seen databases missing key information, including dates of birth, photos, activity, nationality, citizenship and address. We have also seen the inclusion of deceased PEPs and RCAs and some PEPs and RCAs who haven’t been active for decades. When this information is screened against, it can be more difficult for an analyst to clear alerts and can generate large volumes of false positives that require clearance. 

Once again, MI is worth considering. When RegTech providers offer poor analytics on the services they are providing, that can be easily categorised and sorted, then their FinTech customers will have to rely on manual processes in order to gather and assess crucial information that informs risk and control frameworks. MI needs to be able to provide detail where required and show changes over time. Access is also critical; in our experience, certain RegTech providers’ systems are difficult to access, with support teams that take time to respond to requests for additional information. The best approach we see is when RegTechs and FinTechs work together dynamically in order to ensure information can be swiftly accessed.

Top Takeaways 

While many of the FinTechs and RegTechs we engage with are taking the needed steps to ensure the comprehensiveness and effective usage of their data, there are still some pitfalls that indicate the negative impact when things go wrong. There needs to be more awareness of how poor data quality can emerge and how it can affect our anti-financial crime operations. Ongoing quality assurance, testing and audit are essential to ensuring that we remain out in front of any potential data quality errors. 

So what should we do?

FinTechs:

  • Take a risk-based approach to KYC and the gathering of customer data, gathering more data on higher risk customers to ensure you’re able to understand their behaviour and your ongoing risk exposure. 

  • Perform regular KYC refreshes and take a risk-based approach to these as well, to ensure you have the highest quality, most accurate data on your customers.

  • Implement robust assurance on manual processes, perform rigorous testing on RegTech providers, and ensure financial crime compliance has input into data storage practices.

  • Collect MI on all key aspects of your anti-financial crime programme, including on customer risk, customer due diligence and screening, transactions, suspicious activities and exits for financial crime. This information should be regularly shared and easily accessible for the second and third lines of defence.

RegTechs:

  • Consider a data quality review by a third party to get ahead of any potential complaints that clients may identify when it comes to the data you provide and transpose. 

  • Internally review the transposition of data pulled from documents and other sources to ensure it is being accurately reflected. Consider implementing a human review element depending on the data quality risks.

  • Devote research analysts to building out PEP profiles to encourage more efficient alert clearance, and build in filtering options so that firms can filter out deceased or inactive PEPs, RCAs and sanctions targets. 

  • Build robust analytics and reporting functions with access that can easily be determined by clients to meet their specific needs. 

  • Ensure requests from clients for additional information are responded to promptly and properly, and that this practice is expressed within agreed SLAs. 


If you or anyone on your team would like to discuss or explore how data quality concerns may affect your company and what steps you need to take to improve your approach, please feel free to get in touch contact@fintrail.co.uk.

Free resources

Access free resources designed to help strengthen your anti-financial crime controls.

Partner with us

We love to support projects that combat financial crime -
get in touch to find out more.