MENA, USA, MEA, Europe, APAC
Maya Braine
Case Study: Digitisation Support
Case Study: Digitisation Support
Europe, USA, MENA, MEA, FFE, APAC
Guest User
FinTech Approaches to Sanction Regimes
FinTech Approaches to Sanction Regimes
APAC, Europe, USA, MEA
James Nurse
How to use Compliance as an enabler in Digital ...
How to use Compliance as an enabler in Digital Transformation
MEA
Guest User
Islamic FinTech and Financial Crime: A ...
Islamic FinTech and Financial Crime: A different risk profile?
Europe, USA, APAC, MEA
Guest User
How Social Media is used to Further Financial ...
How Social Media is used to Further Financial Crime - Part 1

FINTRAIL Monthly REG-CAP Sep 2020

FINTRAIL is producing a monthly regulatory summary of any FinCrime changes that may be occurring in Europe and beyond.

This one pager will cover:

  1. Key updates from global and local regulators

  2. Key updates from industry guidelines

  3. Additional insights identified from financial intelligence units

September 2020

In September’s issue we cover FATF’s report identifying red flag indicators of money laundering and terrorist financing through the use of virtual assets.


Other highlights include new UK sanctions issued against Alexander Lukashenko and his associates following election rigging in Belarus, and some interesting new insights from Companies House on additional controls being brought in to help fight fraud and money laundering.

What other regulations changes caught your eye in September?

If you are interested in speaking to the FINTRAIL team about any of the items in the REG-CAP, have any ideas for inclusion or want to discuss any other financial crime topic please get in touch at: contact@fintrail.co.uk

, , , , ,

FinTech Approaches to Sanction Regimes

, , , , ,

Announcing Expert Working Groups and Topic 1: Sanctions compliance

The FFE have kicked off a series of topical roundtable discussions among industry leaders, with the aim of connecting senior decision makers to discuss their own internal approaches to common challenges. These Expert Working Groups are under Chatham House Rule, with FINTRAIL acting as secretariat to facilitate discussion amongst experts. Thanks to RDC and RUSI, too, for providing expert insights alongside our FinTech experts.

Our first Expert Working Group focused on FinTech approaches to sanctions regimes, and gathered 18 sanctions experts from 8 different FinTech industries. After just two in-depth sessions, we were able to glean insight on best practices that we hope you find useful when benchmarking your own approach. 

As a sneak peek into some of those insights:

  • Around 30% of the FinTechs we spoke with have a sanctions-specific risk assessment to support their risk-based approach, with several more working to create one.

  • Unanimously, Expert Working Group participants are typically using conservative (or even very conservative) fuzzy matching thresholds ranging from 70%-85%, especially compared to industry averages closer to 85%-92%.  

  • C-Suite and board members are increasingly expected to have sight of the Sanctions program and/or Sanctions-specific policies, vs. just the broader Compliance or Anti-Money Laundering program.

Check out the full report for more, and reach out to us at ffe_admin@fintrail.co.uk to share any insights of your own. And be sure to stay tuned for further Expert Working Group insights!

, , , ,

ON DEMAND: ComplyAdvantage Webinar - The Rise of Money Muling

, , , ,

*** Now available on demand ***

ComplyAdvantage Webinar banner: The Rise of Money Muling, with Charles Delingpole Founder and CEO of ComplyAdvantage, Gemma Rogers, Co-FOunder at FINTRAIL, Tom Keatinge, Director, Centre for Financial Crime and Security Studies (CFCS) at The Royal U…

Due to rapidly changing global circumstances, high unemployment and uncertainty surrounded the future, money muling is tragically on the rise.

It is a crime that often disproportionately affects the most vulnerable and financially illiterate. Criminals involved in money muling often survive by tricking ‘clean’ individuals with no criminal history but who is ultimately responsible for educating and helping to prevent this insidious form of money laundering: individuals, banks, governments, regulators, social media platforms?

Join our expert panel including:

  • Charles Delingpole, Founder & CEO, ComplyAdvantage

  • Gemma Rogers, Co-Founder, FINTRAIL

  • Tom Keatinge, Director, Centre for Financial Crime & Security Studies, RUSI

  • Adam Hadley, Director, Tech Against Terrorism

In this thought-provoking webinar, the panel will be exploring:

  • The role that social media platforms play in recruitment, advertisement, and propagation

  • Why this issue deserves urgent and serious attention now

  • What the financial services sector and the regulator is and should be doing to stop money muling

FINTRAIL Monthly REG-CAP Aug 2020

FINTRAIL is producing a monthly regulatory summary of any FinCrime changes that may be occurring in Europe and beyond.

This one pager will cover:

  1. Key updates from global and local regulators

  2. Key updates from industry guidelines

  3. Additional insights identified from financial intelligence units

If you are interested in speaking to the FINTRAIL team about any of the items in the REG-CAP, have any ideas for inclusion or want to discuss any other financial crime topic please get in touch at: contact@fintrail.co.uk

, , ,

ON DEMAND: FINTRAIL- Elliptic Cryptoasset Compliance Virtual Bootcamp

, , ,

***NOW AVAILABLE ON DEMAND***

For financial crime compliance professionals, cryptoassets are one of the hottest topics around. With regulators and global watchdogs like the Financial Action Task Force zeroing in on cryptoassets, any compliance team that isn’t educated on cryptoassets has a major blind spot. 

Cryptoassets are no longer a fringe financial technology: cryptoassets have a total market value of more than $250 million; bitcoin is among the top ten currencies globally in terms of the overall value of banknotes and coins in circulation; and over $500 billion flows between the banking sector and cryptoasset businesses annually. Cryptoassets are now a feature of the financial landscape. This exciting technology presents both compliance challenges and business opportunities for teams not only at cryptoasset businesses, but also for banks and FinTechs who can no longer ignore this burgeoning asset class.  

That’s why we’re partnering with the team at Elliptic to launch our first ever cryptoasset compliance virtual bootcamp. Originally launched on 30 June 2020, this online bootcamp is one we’ve designed to assist banks, FinTechs, and cryptoasset firms alike in identifying strategies for managing financial crime risks in this new phase of cryptoassets. We’ve launched this initiative to help compliance teams in their journey, and to educate and ensure the wider regulated sector understands the cryptoasset industry, how it may affect their business, and how best to practically address the risks while harnessing new opportunities. The bootcamp focuses on how your business can apply an effective risk based approach towards cryptoassets. This ensures the highest risks to your business are the focus of your compliance efforts, with less impactful risks sitting lower down the priority list. 

Led by FINTRAIL’s Danielle Jukes and Elliptic’s David Carlisle, and featuring guest speakers from around the financial crime compliance space, this complementary virtual bootcamp will include three engaging sessions across June and July. Each session will focus on the key pillars that we see as vital to a strong cryptoasset financial crime risk management framework. Content for the sessions will include: 

SESSION 1: CRYPTOASSET RISKS . . . WHAT’S YOUR APPETITE? 

Effective risk management starts by defining your risk appetite. If you are a cryptoasset business, have you articulated to your staff which risks you’re willing to accept? For example, are there certain countries that present especially high cryptoasset risks and with which you won’t do business? And if you are a FinTech or bank, have you clearly defined what degree of interaction your business will or won’t have with cryptoassets, and do your staff understand how to ensure adherence to that risk appetite? Until you’ve defined your risk appetite, you can’t expect your compliance team to develop an effective response. In this session, we’ll provide you with a conceptual framework for defining your cryptoasset risk appetite and using that foundation for effective risk management.

  • Key takeaways: an understanding of how you can develop a risk appetite statement on crypto, and how it can affect your business, relevant examples of statements related to cryptoassets.

SESSION 2: ASSESSING AND GETTING TO GRIPS WITH THE FINCRIME RISKS:

Cryptoassets present specific financial crime risks and feature heavily in some typologies more than others. Understanding these risks and executing a crypto-specific risk assessment is critical to managing risk exposure, whether your platform offers cryptoasset services directly or not. If you are a cryptoasset business, do you understand which fincrime typologies present the highest risks to your platform? Do you offer privacy coins or other services that may present an elevated risk to your profile? If you are a FinTech or bank, while you may not offer cryptoasset services, do you understand crypto-specific typologies that may expose your business to indirect cryptoasset risks that are sometimes very difficult to detect? This session will equip you with the know-how you require to conduct an effective cryptoasset risk assessment for your business. 

  • Key takeaways: an understanding of different types financial crime risks, how they present themselves within cryptoassets, and how your business can assess these risks.

SESSION 3: SYSTEMS AND CONTROLS - MANAGING YOUR CRYPTOASSET RISKS IN PRACTICE 

Managing cryptoasset risks requires access to systems and controls that can detect and protect against bespoke risks. Your compliance team should be working to solve the following questions:.

  • For cryptoasset businesses, do you have access to these bespoke cryptoasset monitoring tools tools, and are they configured appropriately to your business needs? 

  • For banks and fintechs, are you able to detect and assess risks related to counterparties who may be dealing in cryptoassets? Solutions exist that can enable you to do so, but they require expertise your business may not possess. 

  • Filing SARs and undertaking reporting obligations related to cryptoassets can present specific challenges. Are you equipped to navigate these challenges? 

  • Key takeaways: an understanding of what systems and controls are out there, and how they can fit into your wider anti-financial crime framework.

This bootcamp will help your compliance team work through these and other questions, and in doing so, will empower you to execute on a vital component of your financial crime risk management framework. If these three pillars are executed effectively, then your compliance team can confidently tackle the risks associated with cryptoassets. 

You don’t want to miss out on this opportunity to learn from FINTRAIL and Elliptic’s experts in cryptoasset compliance.

How to conduct Customer Risk Profiling in the Gaming Industry

Regulations and Guidance

As part of the regulated sector within the UK, those in the gambling sector classified as remote or non-remote operators, are required to meet their obligations within the Money Laundering Regulations 2017. One of these requirements is to assess the level of risk a client may represent to the business and apply appropriate due diligence to match that risk. 

The Gambling Commission, in its industry guidance for the prevention of money laundering and combating the financing of terrorism under section 6.2, also highlights the need for operators to perform risk profiling against its customers.  

Paragraph 6.2 from the Gambling Commission’s industry guidance for the prevention of money laundering and combating the financing of terrorism.

What does this mean practically?

Having a clear understanding of the inherent financial crime risk within the business is important. This is likely to be already done through a risk assessment process but when thinking about financial crime in the gambling sector the most prevalent risks are probably fraud or traditional money laundering. 

An example could look like:

A table of financial crime inherent risk ratings with levels for the gambling industry

Once the inherent financial crime risk is understood, it allows for better context of what risks the operator may be exposed to and subsequently what needs to be considered when assessing the risk of the customer. 

Consideration can then be made on the data points used which would initially be obtained through the registration process and any due diligence information collected. Whilst data points like country are still important, given that the key financial crime risk may be fraud, operators may wish to consider additional data points such as the email address, phone number or device to be included.

Now the data points have been established, in line with the inherent financial crime risks, an operator can consider how the scoring itself will work. Whilst you may think a complex risk profiling model is best, that may not be the case as it needs to be scalable, easily modifiable and explainable to the regulators.

Finally once the scoring is complete, ensuring you map the output to your due diligence process is the final step. This will enable an operator to offer a lower friction process for lower risk customers whilst still being able to identify higher risk customers allowing the application of enhanced due diligence. 

Dynamic Model

The profiling of an operator’s customers shouldn’t stop at onboarding though. In order to operate an effective customer risk profiling model which meets the regulatory requirements, mitigates the risk of financial crime and protects customers from harm from a responsible gambling perspective, operators should ensure it is dynamic. This means that rather than just using the data collected at onboarding to assess the customers risk, operators should use data collected from how the customer interacts with the product and also any additional due diligence obtained.  

Responsible Gambling

It is no surprise that some of the more recent fines coming from the Gambling Commission relate to operators failure to protect its customers from a responsible gambling perspective alongside failures to have appropriate controls to guard against money laundering.

In May the Gambling Commission published tighter measures to be implemented by operators, as part of their COVID-19 response, to protect their customers during lockdown. These measures include various points on assessing their clients:

  • Review thresholds and triggers for new customers to reflect the operator’s lack of knowledge of that individual’s play and spend patterns

  • Conduct affordability assessments for individuals picked up by existing or new thresholds and triggers which indicate consumers experiencing harm - limiting or blocking further play until those checks have been concluded and supporting evidence obtained, and;

  • Implement processes that ensure the continual monitoring of their customer base – identifying patterns of play, spend or behaviours have changed in recent weeks.

Responsible gambling has strong links to financial crime with various cases documented being linked to those who were using stolen funds to spend. This means that responsible gambling is an important risk factor to be included within any operator's customer risk profiling model alongside the traditional financial crime risks mentioned above. Data points for consideration could be methods of payment, deposits and behavioural patterns.

If operator’s continue to ineffectively implement custom risk assessment models, and choose to not include a responsible gambling aspect, we can only expect more fines to be issued in the near future for both responsible gambling and money laundering failures.


How to approach creating a new customer risk assessment model

Here are FINTRAIL and TruNarrative’s key takeaways when considering a customer risk profiling model:

  • Understand the inherent risk your customers represent to the business

  • Ensure you select the correct data points unique to your clients and product offering

  • Make sure the risk profiling is dynamic and doesn’t just stop once the customer is onboarded

  • Consider the inclusion of responsible gambling within your customer risk profiling 

  • Marry your due diligence process to your customer risk profiling

  • Take into consideration how you would implement your model using technology providers like TruNarrative to ensure if a players risk or behaviour changes, you get an instant alert and action

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch with the team at: contact@fintrail.co.uk

This article is also available via TruNarrative’s website.

, , ,

How to use Compliance as an enabler in Digital Transformation

, , ,

Digital transformation for onboarding is a hot topic at the moment, given that much of the world is currently living their life from their sofas and managing their day-to-day financial needs from home. Having worked on transformation projects before with traditional FI’s, alongside assisting various FinTechs in the creation of new digital offerings, we at FINTRAIL thought it would be a good opportunity to move the spotlight onto compliance, and fly the financial crime flag by discussing some of the common misconceptions.

 

Front end change is just the tip of the iceberg

The ‘tip of the iceberg’ cliche has never been more appropriate when it comes to describing common misconceptions towards digital transformation. The main message is that a good user experience isn’t solely dependent on a minimal field registration journey, and that there are other components that need to be considered which the customer can’t see. Getting these components implemented effectively are equally as important and the focal point is our good friend - ‘a risk-based approach’. Having a robust risk-based approach can be the key for a slick user experience and dictate your approach to CDD, custom screening and risk management, enabling you to target your controls on your highest risk areas.

Image of front end change is the tip of the iceberg. Registration depicted above water, while the rest of the compliance processes depicted underwater as the main body of the iceberg

Less is more

It would be logical to assume that the less information you collect from your customer the better, and that allowing a customer to sign up by just inserting an email and password will drive your Trustpilot reviews through the roof. Ignoring the fact that this probably doesn’t actually meet your ID&V requirements, we would like to suggest that less isn’t always more. By creating a shortened registration process you may well get more sign ups, but if you subsequently need to perform downstream due diligence to address gaps, you could be creating a poor user experience further down the line, perhaps even in a critical situation when dealing with a vulnerable customer whose account has been frozen and they need urgent access to funds.  We don’t necessarily mean your registration process should be 100 fields deep across 10 pages but there is certainly a happy medium. 


Business enabling Anti-Financial Crime (AFC)

A common misconception is that financial crime compliance can be the blocker when it comes to innovation in these projects. It probably comes as no surprise that we at FINTRAIL would offer a healthy challenge to those naysayers. 

So, you are 6 months into your digital transformation project, it’s all on JIRA (other platforms are available) or you have a lovely Gantt chart. You have lined up all your sprints and it suddenly occurs to you that you should speak to your compliance team. After 45 minutes debriefing your compliance team, they have a bunch of questions and recommendations before you can move the project forward, resulting in you putting a big red “Stuck” against it. While you may have translated this into a no, these recommendations do not necessarily mean no, and even if it is a no, is that really surprising considering you have only introduced them as stakeholders so late on? Obviously we are focusing on the negatives here to emphasise our point and the above is certainly not a reflection on most businesses’ these days.

Some of the most successful projects we have been part of are the ones where AFC stakeholders have been included as part of the journey rather than just at sign off. There is a new breed of financial crime professionals who want to be viewed as business enablers and able to offer a great user experience as much as the next product owner.

A RACI (responsible, accountable, consulted, informed) matrix is often used in project delivery to divvy up people’s roles. With that in mind your approach may have been previously to assign compliance a consulted duty, but we would encourage you to increase their involvement in order to reduce blockers downstream and increase compliant innovation.

RACI project management chart with Compliance/financial crime function moved from consulted to responsible/accountable

Being a Compliance Champion

Equally it is not just the business that needs to take ownership of transformation, it can also be the fincrime function itself. Embracing change has never been more important in a digital enabled world and as fincrime professionals we should be just as excited by these new developments. Whether it is the implementation of a new due diligence process or screening programme, don’t be afraid to rip up the policy and start again. There is no reason why the financial crime team cannot be the driver for change.

Build, Buy or Both?

Like the ‘tip of the iceberg’, ‘build or buy’ is also becoming a bit of a cliche. What we do know is that you will likely need to partner with some technology providers in order to achieve your future state goals. Equally, even if you partner with someone, there will be an element of building that goes hand in hand. There are a variety of great providers available with a range of capabilities but we would like to reposition the ‘build or buy’ question. No single provider will solve all of your needs, and equally, to build everything in house isn’t logical when there are specialist systems available. This potentially means that the ‘build or buy’ question is a goose chase and in fact an amalgamation of the two is the best approach to adopt. 

Takeaways

Here are our top takeaways to be a compliance champion when it comes to digital transformation:

  • User experience does not stop on the physical registration page; it continues throughout the customer lifecycle

  • Less is not always more when it comes to identification programmes

  • Treat your compliance/ fincrime team as business enablers, engaging them in discussions earlier

  • Answer your build, buy or both question

  • A risk-based approach marries itself perfectly with transformation projects

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch at: contact@fintrail.co.uk

Partners Against Crime: Building Strong Partnerships on the AML Frontlines

It is safe to say that the US FinTech market has hit its stride. Global FinTech funding soared past $34 billion last year, and the US makes up around half of the global FinTech market. More and more consumers are turning to FinTech products to transform the way they manage their finances, paychecks, loans and insurance. With COVID-19 keeping us all socially distanced for the time being, the move toward digital finance is only going to pick up more steam. 


But the FinTech sector isn’t built on standalone infrastructure. As Banks attempt to stay on the forefront of innovation and as FinTechs seek the regulatory and compliance infrastructure they require, FinTech/Bank partnerships have become the new normal. This has been particularly important for the growing internationalization of FinTechs - as successful European FinTechs seek to cross the pond, having a legacy partner helps them gain a foothold.


These partnerships can take a variety of different forms - though for the sake of this piece, we’re going to focus on community banks that handle the banking back end of FinTech products, such as holding FinTech customer deposits and ensuring they are FDIC-insured or offering for benefit of (FBO) accounts to FinTech MSBs. As part of these relationships, FinTechs end up not directly regulated, and it’s up to the partner to ensure the FinTech remains compliant with BSA regulations. This means that banks have to be careful to select the right possible FinTech partners, and the same goes for FinTechs! Wirecard’s recent collapse, which has sent FinTechs all over the world scrambling for new partners, particularly highlights the level of overall due diligence and care that is needed when forming and sustaining a banking partner relationship.


What Happens When It Doesn’t Work Out?

We’ve seen first hand how FinTechs and their partners are pushing forward to innovate not just on customer-driven financial services, but also on financial crime prevention. However, the risks of getting partnerships wrong still need to be taken seriously and inform a firm’s approach to stakeholder management. 


So what does it look like when things go wrong? 

For some FinTechs, it means not getting very far. US partner banks tend to have steep compliance requirements and expectations - that means being able to demonstrate your BSA/AML compliance capability up front through risk assessments, policies and procedures, training, and effective control integration. Partner banks like Cross River weed out the majority of prospective FinTech partners due to the amount of compliance required. For FinTechs, failing to get a partner bank relationship set up can mean the difference between a successful funding round and going back to the drawing board. For European FinTechs and other international players with their eyes set on the US market, failing to obtain a banking partner due to compliance reasons could potentially shut off millions of new customers and dramatically set back scaling plans. 


A few bad actors could also risk the current environment of strong partnerships. Across-the-board de-risking of correspondent banking illustrates what can happen when the difficulties managing AML/CTF controls within a partner relationship cannot be prudently resolved.


The picture isn’t great for partner institutions either. Building out relationships with the FinTech sector is becoming a profitable lifeline for institutions looking for ways to innovate and reach new client segments outside of their traditional stomping grounds; turning off the taps can obviously have an impact. And on the compliance side, as FinCEN expects financial institutions to ensure the compliance of their FinTech partners, failure to do so could risk steep fines and penalties. 


In fact, one of the most frustrating obstacles to successful partner bank/FinTech relationships can be the current regulatory landscape, according to Robin Garrison, VP of Compliance at MainStreet Bank, who presented on making the most of partner bank relationships at the FinTech FinCrime Exchange (FFE). Certain regulators can hold traditional and sometimes out-of-date perspectives on risk and financial crime - and the absence of a unified approach between different US regulators (the Office of the Comptroller of Currency (OCC), for instance, has been much more proactive in supporting FinTech innovation than some of their counterparts), can only add complication. To really get the regulator onboard, Robin added, it’s important for FinTechs and their partner banks to work together to ensure appropriate testing has been done to evidence to the regulator that any financial crime risks are being appropriately mitigated.


Even if a FinTech and partnering bank do succeed in getting a relationship off the ground, poor relationship management can hinder positive efforts to prevent financial crime. High volumes of manual work, a lack of knowledge on how the other party is operating, and long delays in communication can mean that even if a partnership looks successful on the outside, it may still be struggling with balancing financial crime compliance and customer experience. 

How Do You Make It Work?

Looking at the risks involved with setting up a successful partnership, it’s no wonder that it can be difficult for a startup to break into the FinTech space or for a legacy institution to take the leap into a new relationship in a digital world. But there are plenty of examples of where partnerships have taken off. What are they getting right? 


1. They set a strong foundation. 

This is something that features in all of the industry reading on how to make the most of a partner bank relationship. And that really is relevant here too! If you don’t have a strong, open, and transparent partnership in other parts of the business - such as making sure your financials are sorted and growth strategies are aligned - then it’s going to be difficult to build a relationship that allows you to successfully fight financial crime. In fact the best approach to building a positive relationship is to ensure that BSA/AML compliance isn’t segregated. From day one, compliance should be considered as an integral building block in wider relationship management efforts. This will ensure it doesn’t come back to bite once the relationship progresses on the commercial side.


Strong, positive foundations also go beyond shared values. Robin left FFE members with an important message about selecting the best banking partner. “Don’t go with the first partner bank willing to accept you. It can be very difficult to ensure that your data can be fed into and processed by your partner bank, so think about how well your technical systems will integrate when picking your banking partner.” Without aligned systems, anti-financial crime processes become a greater operational burden, and it becomes far more difficult for the partner bank to have the information they need in order to conduct robust assurance on the activity of their FinTech partners.


2. They establish clear roles and responsibilities.

Establishing clear roles and responsibilities is important for any business relationship, but it’s especially important from a financial crime perspective. When laying out the contractual arrangement, FinTechs and partner banks should try to agree up front and in writing who will be responsible for which part of the BSA/AML control framework and who the key points of contact are. 


For example, does the partner bank need to review all KYC files on a FinTech’s new customers before they onboard, or will the partner bank perform assurance on the KYC process through periodic (e.g. quarterly) spot checks? If the FinTech is managing KYC, who should they talk to about trialling a new ID verification provider? Who will be responsible for OFAC screening at onboarding, throughout the business relationship, and for customer screening? To what extent should the FinTech establish their own transaction monitoring tool? Or will they be able to rely on the TM system offered by the partner bank?


There may be circumstances where the partner bank and FinTech relationship is so intertwined that setting rigidly defined roles and responsibilities just isn’t feasible. Anthony Jerkovic, Head of Data & Risk at Bank Novo, explained that, in Bank Novo’s partner banking relationship, roles and responsibilities often require a certain level of flexibility in order to effectively address the dynamic problems faced day-to-day. “If everyone touches a case, it is hard to precisely draw the lines of responsibility. Instead, we focus on close communication and working together and try to see them as an extension of our own team.”


If partnering firms aren’t able to develop a close working relationship or meaningfully outline roles and responsibilities, problems will inevitably arise. At best, it may take longer for both parties to process financial crime-related tasks, such as the investigation of unusual or suspicious activity, but at worst, serious financial crime cases could go undetected, as no one was formally designated as being responsible for identifying red flags.



3. They have a clear escalation process.

As part of laying out a clear delineation of roles and responsibilities, partner banks and FinTechs should also work together to establish clear escalation paths. The goal is to determine when the hand off happens and how. A lot of this will come down to the partner bank’s risk appetite, as they are the ones ultimately liable for any financial crime activity that occurs. But depending on the relationship, there may be certain activities that the FinTech can respond to without immediately escalating to their partner bank.


For example, one partner bank may be comfortable with a FinTech making a decision on whether to accept a customer with an adverse media finding against them, while another partner bank may require all adverse media hits to be escalated to their compliance team for review. 


Let’s look at another example, which illustrates how escalation and communication paths work both ways. For instance, if a FinTech is doing their own customer screening, they may be expected to escalate all confirmed PEPs to the partner bank for approval prior to the start of any business relationship but only do so after clearing the alert and requesting necessary due diligence documents on source of wealth and source of funds. By contrast, if the partner bank does the customer screening, they may have to reach out to the FinTech to communicate with the customer to obtain EDD documentation.


Without getting the escalation process right, FinTechs and partner banks will run into the same problems as with roles and responsibilities - difficulty maintaining BSA/AML compliance and operating effectively. 

4. They regularly communicate on all things fincrime. 

The whole goal of outlining roles and responsibilities as well as escalation paths is to ensure that communication on financial crime issues remains robust throughout the partnership. This is especially important when both parties are closely involved in day to day financial crime operations. Without close communication, unusual customer activity can’t be investigated quickly, leaving funds suspended in a way that can damage a customer’s experience if they’re innocent. Given how quickly funds can move in and out of a FinTech account, without close cooperation, a partnership may fail to stop significant volumes being laundered through an account. 


Samuel Peters, BSA Manager at Middlesex Federal, Bank Novo’s partner bank, highlighted that “especially when dealing with those in traditional banking, communication is key.” Depending on the nature of the relationship, frequent and regular touchpoints may be needed, even multiple times per week. Though, Samuel also flagged that it was important to ensure that both FinTechs and their partner banks understood that there would always be some level of risk involved in the arrangement. “Traditional banks and FinTechs are going to have different risk appetites; regular and open communication is the best way to help close the gap.”


Of course, there are also regulatory expectations with regards to reporting. Partner banks are currently expected to file a suspicious activity report (“SAR”) within 30 days of the initial detection of the suspicious activity, provided there’s a suspect. This means that the FinTech has to move quickly to escalate any unusual activity and work closely to support any investigation from the partner bank in order to meet the deadline. 


Even in cases where FinTechs are given a good degree of autonomy, they should still work closely with their partner bank to ensure that both remain on the same page in terms of risk appetite. This means keeping the partner bank up to date on any new product developments, target customer segments, and geographic expansion plans, as all of these would impact the FinTech’s financial crime risk profile. 


What Next?

FinTech relationships with partner banks aren’t going away and do come with their share of risks. But through successful stakeholder management efforts taken with a fincrime focus, both parties can work together to stop criminals exploiting the US financial ecosystem.

We have experience working on both sides of the table to help FinTechs and their partner banks manage financial crime risks. If you’d like to discuss this more, please contact our US team or email us at: contact@fintrail.co.uk

The Payment Services Act - A unique risk based approach to regulation or an overly complicated set of standards?

In January 2020 the anticipated Payments Services Act (‘PSA’) came into force in Singapore. According to the Monetary Authority of Singapore (‘MAS’) the act is:

 

“A forward looking and flexible framework for the regulation of payment systems and payment service providers in Singapore. It provides for regulatory certainty and consumer safeguards, while encouraging innovation and growth of payment services and FinTech.”

 

In this paper we look to understand:

  • the genesis of the PSA

  • what approach has been taken to licensing new payment methods

  • what are the differences to the approach taken in Europe, and

  • whether the implementation of the PSA in Singapore will succeed in promoting innovation

Why Virtual Asset Service Providers in South Korea Must Act Now

South Korea remains the third-largest market for virtual currency, behind the United States and Japan. During the Bitcoin bull run of 2017, an estimated 1 in 3 office workers owned cryptocurrencies.

This crypto gold rush existed alongside limited regulatory oversight which created a fertile breeding ground for exploitation. This is evidenced through numerous controversies including  exit scams, exchange hacks, price manipulation, and fake trading volume. Data from the Korean Ministry of Justice indicates that South Koreans lost $2.7 billion USD in cryptocurrency scams between July 2017 and June 2019. The ministry also said it has indicted and detained 132 individuals accused of cryptocurrency fraud and indicted another 288 individuals without detaining them.

In March this year,  South Korea’s National Assembly passed an important new legislative amendment to their Financial Information Act that effectively legitimizes virtual asset ownership and trading and aligning the country requirements with international anti-money laundering and counter-terrorism funding (AML/CFT) standards. All Korean Virtual Asset Service Providers (‘VASPs’) must be fully compliant with the Act no later than September 2021.

Whilst formally bringing crypto exchanges into the regulatory fold, these requirements are not without their challenges. All Korean exchanges are now legally required to establish a verified real-name individual account with an authorized Korean bank. The exchange’s designated individual account holder will be responsible for withdrawing and depositing fiat currency between the exchange and the bank by way of a single bank account. South Korea introduced the real-name verification system in January 2018. Although not a requirement, crypto exchanges were encouraged to partner with approved banks to use the system. However, so far, only the largest exchanges — Bithumb, Upbit, Coinone, and Korbit — have been able to use this system, as banks have been reluctant to provide this service to small and medium-sized exchanges.  Under the new Act the VASP  is required to report their business and real-name bank account before September 2021, or else potentially face a 5-year prison sentence or 50 million Korean Won fine.

In addition, each Korean VASP must apply for an Information Security Management System (ISMS) certificate from the Korea Internet & Security Agency (KISA) in order to do business. To receive ISMS certification, they’ll need to implement new AML/KYC measures such as Recommendation 16 travel rule which requires VASPs to exchange customers’ personally identifiable information.

As crypto exchanges look to build / enhance their AML programme to meet regulatory requirements and also  secure banking partnerships, what should they be focusing on?

  • Know Your Customer:

    • This goes beyond simply to collation of ID documents - which is just one piece ( arguably the easiest piece) of the puzzle. 

    • Think about proportionality. Perhaps you do not need to collect ID when your customer registers, but only when they start actively trading. The amount of KYC you collect can be tailored to your clients activity and wallet caps included to limit exposure. 

    • VASPs may also consider using some more enhanced data points to better understand their customer such 

  • Transaction monitoring:

    • Whilst companies are able to apply a risk based approach to the collection of documentation at onboarding, the key to understanding your customers behaviour is to have robust monitoring in place. 

    • The monitoring of both fiat transactions, and the crypto transactions is very important. A customer's transaction profile should be considered by looking at both of these elements. 

    • An increasingly popular request from banks is that they require a look back on the VASPs transactions over a set period of time. This usually forms a report, and is facilitated by the bank by either asking the VASP directly, or requesting this information through a third party blockchain analysis provider. 

  • Governance:

    • The usual governance applies, however this should also be extended to include an audit and regular reviews of the crypto transaction monitoring systems, as well as a review of the crypto-assets themselves that the VASPs are listing. 

  • Sanctions:

    • OFAC have now started including cryptocurrency addresses as part of their sanctions regime. This is an extremely important area to focus on, and something that is vital for your transaction monitoring. When liaising with vendors for blockchain analysis, a key question should be around how they deal with sanctioned addresses, and how often those lists are updated. 

The newly passed law forces any non-compliant VASPs to either quickly reform their AML/KYC programme or cease their operations. While a handful of the biggest Korean exchanges already comply with most of these measures, there is a real chance that many of the other VASPs that have not adequately considered AML protocols as they have built and scaled, will struggle to implement these new regulations.  Some may even be forced to cease operations all together. 

FINTRAIL are currently working with crypto exchanges globally to build, scale and test their AML and CTF programmes  to not only meet regulatory requirements, but also to secure banking partnerships and help them proactively manage their financial crime risks, thereby helping to strengthen the AML health and wellbeing of the sector.

If you are interested in speaking to the FINTRAIL team about the issues discussed in this article or any other financial crime topic please get in touch via contact@fintrail.co.uk.

, , ,

FINTRAIL- Elliptic Cryptoasset Compliance Virtual Bootcamp

, , ,

For financial crime compliance professionals, cryptoassets are one of the hottest topics around. With regulators and global watchdogs like the Financial Action Task Force zeroing in on cryptoassets, any compliance team that isn’t educated on cryptoassets has a major blind spot. 

Cryptoassets are no longer a fringe financial technology: cryptoassets have a total market value of more than $250 million; bitcoin is among the top ten currencies globally in terms of the overall value of banknotes and coins in circulation; and over $500 billion flows between the banking sector and cryptoasset businesses annually. Cryptoassets are now a feature of the financial landscape. This exciting technology presents both compliance challenges and business opportunities for teams not only at cryptoasset businesses, but also for banks and FinTechs who can no longer ignore this burgeoning asset class.  

That’s why we’re partnering with the team at Elliptic to launch our first ever cryptoasset compliance virtual bootcamp. Launching on June 30, this online bootcamp is one we’ve designed to assist banks, FinTechs, and cryptoasset firms alike in identifying strategies for managing financial crime risks in this new phase of cryptoassets. We’ve launched this initiative to help compliance teams in their journey, and to educate and ensure the wider regulated sector understands the cryptoasset industry, how it may affect their business, and how best to practically address the risks while harnessing new opportunities. The bootcamp focuses on how your business can apply an effective risk based approach towards cryptoassets. This ensures the highest risks to your business are the focus of your compliance efforts, with less impactful risks sitting lower down the priority list. 

Led by FINTRAIL’s Danielle Jukes and Elliptic’s David Carlisle, and featuring guest speakers from around the financial crime compliance space, this complementary virtual bootcamp will include three engaging sessions across June and July. Each session will focus on the key pillars that we see as vital to a strong cryptoasset financial crime risk management framework. Content for the sessions will include: 

Session 1: Cryptoasset risks . . . What’s your appetite? 

Effective risk management starts by defining your risk appetite. If you are a cryptoasset business, have you articulated to your staff which risks you’re willing to accept? For example, are there certain countries that present especially high cryptoasset risks and with which you won’t do business? And if you are a FinTech or bank, have you clearly defined what degree of interaction your business will or won’t have with cryptoassets, and do your staff understand how to ensure adherence to that risk appetite? Until you’ve defined your risk appetite, you can’t expect your compliance team to develop an effective response. In this session, we’ll provide you with a conceptual framework for defining your cryptoasset risk appetite and using that foundation for effective risk management.

  • Key takeaways: an understanding of how you can develop a risk appetite statement on crypto, and how it can affect your business, relevant examples of statements related to cryptoassets.

Session 2: Assessing and Getting to Grips with the FinCrime Risks:

Cryptoassets present specific financial crime risks and feature heavily in some typologies more than others. Understanding these risks and executing a crypto-specific risk assessment is critical to managing risk exposure, whether your platform offers cryptoasset services directly or not. If you are a cryptoasset business, do you understand which fincrime typologies present the highest risks to your platform? Do you offer privacy coins or other services that may present an elevated risk to your profile? If you are a FinTech or bank, while you may not offer cryptoasset services, do you understand crypto-specific typologies that may expose your business to indirect cryptoasset risks that are sometimes very difficult to detect? This session will equip you with the know-how you require to conduct an effective cryptoasset risk assessment for your business. 

  • Key takeaways: an understanding of different types financial crime risks, how they present themselves within cryptoassets, and how your business can assess these risks.

Session 3: Systems and Controls - Managing Your Cryptoasset Risks in Practice 

Managing cryptoasset risks requires access to systems and controls that can detect and protect against bespoke risks. Your compliance team should be working to solve the following questions:.

  • For cryptoasset businesses, do you have access to these bespoke cryptoasset monitoring tools tools, and are they configured appropriately to your business needs? 

  • For banks and fintechs, are you able to detect and assess risks related to counterparties who may be dealing in cryptoassets? Solutions exist that can enable you to do so, but they require expertise your business may not possess. 

  • Filing SARs and undertaking reporting obligations related to cryptoassets can present specific challenges. Are you equipped to navigate these challenges? 

  • Key takeaways: an understanding of what systems and controls are out there, and how they can fit into your wider anti-financial crime framework.

This bootcamp will help your compliance team work through these and other questions, and in doing so, will empower you to execute on a vital component of your financial crime risk management framework. If these three pillars are executed effectively, then your compliance team can confidently tackle the risks associated with cryptoassets. 

You don’t want to miss out on this opportunity to learn from FINTRAIL and Elliptic’s experts in cryptoasset compliance. You will also be awarded a certificate of attendance after attending all three sessions. 

, , , ,

Active Anti-Racism in Anti-Financial Crime: Our Next Steps for Combatting Discrimination

, , , ,

At FINTRAIL, our US and global teams have been closely watching the swell of protests unfolding in response to the shocking deaths of George Floyd and Breonna Taylor - the latest victims of ongoing and unjustifiable police brutality against black people. However, racism isn’t just the existence of bad actors engaging in criminal acts of violence; police brutality emerges from systematic and deep-rooted racism that has infected justice systems in the US and around the world for centuries. And unfortunately, the anti-financial crime sector, integral for feeding information on suspected money launderers and terrorist financiers to police, has been complicit in this institutional racism. At FINTRAIL, we are constantly working to do more to promote diversity within our ranks and to support and learn from black voices. But we can do more as a firm to not just avoid racism but actively reject it, particularly through our work supporting anti-financial crime teams. Together, as consultants and as community leaders in the FinTech FinCrime Exchange (FFE), we can help make meaningful change to improve the treatment of black customers and to hold ourselves accountable when we get it wrong. 

  1. We promise to help champion and support non-white perspectives within our own team and the teams we work with. Implicit biases exist not only in day-to-day anti-financial crime activity, but also in senior level decision-making. People can unfortunately be prone to ignoring or undermining opinions given by black people in the room - and this is even more so the case for black women. In the worst cases - the room may be entirely white, eliminating the chance for non-white voices and perspectives to influence decisions on financial crime. How else can we be held accountable and understand the impact of our processes and decisions across all areas of financial crime risk management without ensuring black people are involved in the work and have the space to make constructive challenges? Thus, as FINTRAIL, we will make sure that we use our privilege to ensure there is always diversity in the room and that we listen to any and all challenges to our approach, especially from black people.

  2. We promise to work with clients to take extreme caution in the consideration of demographic factors when evaluating customer risk.  Firms building out their customer risk assessment (CRA) models may choose to include demographic factors, including nationality. While under very specific circumstances, demographics may be strongly correlated with risk (e.g. cheaply purchased nationalities), we will not advise or support the inclusion of demographic risk factors into a CRA methodology in a way that could unfairly lead to the application of enhanced due diligence (EDD) measures to a customer solely based on their racial, ethnic or socioeconomic background. In practice, this means strongly questioning whether such a factor is necessary in a CRA model in the first place and, if included, ensuring that only specific risks to the business are targeted and that there is no undue bias in the weighting of such a risk factor.

  3. We promise to be aware of racial biases that may exist within ourselves and our clients when it comes to clearing and investigating screening or monitoring alerts. Even when demographic factors have not been included in the calculation of a customer’s risk, racial biases can still cloud our judgment when evaluating one customer’s financial activity versus another’s. It is well documented that people are prone to more negative perceptions of those with darker skin, often without even realizing they are doing it. This can have dangerous effects for a customer, leading to their account being frozen or offboarded and their activity being reported to police. To help mitigate implicit and explicit bias in alert clearing, we will seek to support internal and external anti-racism bias training in the context of alert clearance and will push for the provision of clear decision trees to help analysts more objectively work through potential suspicious activity.

  4. We promise to do more to recognise and help mitigate the racial biases that can exist within European and American identity verification RegTech platforms. Within the US and Europe, we are really lucky to have a variety of robust identity verification tools to suggest to our clients that help automate the onboarding process. Innovative solutions allow for FinTechs to match customer selfies, live selfies or videos to a verified ID document - allowing them to onboard the customer within only a couple minutes. However, some solutions can struggle with non-white faces as their facial recognition technology hasn’t been adequately trained in correctly matching non-white faces to IDs. This can lead to serious negative consequences - non-white victims of identity fraud may have their documents stolen and used to open financial accounts without being spotted, or alternatively, genuine customers may be routed through a laborious manual review process simply because they aren’t white. We will work closely with FinTechs and RegTechs in the community to identify practical solutions to ensure that identity verification tools can more effectively verify non-white customers.

  5. We promise to take more initiative to build out innovative onboarding solutions for non-standard non-face-to-face situations. Under some circumstances, customers may not have the typical documentation needed to onboard - they may not have a passport or driving licence, or they may have recently moved country and have no address history. The good news is that more and more regulators expect financial institutions to have onboarding processes in place for customers who may be unable to provide traditional documentation - though some regulators go farther than others in their guidance. The bad news is that, in the absence of meaningful guidance, firms may end up with extremely manual onboarding processes, which require robust sensitivity training for front-line staff and which can delay financial access for those most in need of it. Some firms may even inadvertently avoid establishing a written approach to non-standard identity verification cases. We will do more to work with clients to help them establish more innovative approaches to non-standard onboarding and ensure that the approach is well-documented and that necessary training has been given to the front-line.

By working with the community on these practical steps, we hope to help inspire greater change within anti-financial crime best practice. No one should have a worse banking experience or be treated as a criminal solely based on the color of their skin, and we are committed to actively fighting for an actively anti-racist approach to financial crime.

On Demand Webinar: How to Implement eKYC & Keep Online Customers Safe

The recent shift towards digitisation has pushed businesses to review their KYC processes, and implement new strategies to protect their customers online.

In this on demand webinar, Robert Evans Fintrail co-founder and Claire Galbois-Alcaix at Jumio will discuss:

- The impact of digitisation on businesses and their customers
- The latest risks and compliance challenges
- How to implement a successful eKYC
- Tech innovations that help organisations keep their customers engaged
- Changes to the regulatory landscape and the future of eKYC

As people spend more time online, they leave a digital trail of information that can be used against them if put in the wrong hands. The convergence of online and offline has opened up entire new pathways for fraudsters, money launderers, and identity thieves to assume another person’s identity.

KYC (Know Your Customer) refers to the process of verifying the identity of your customers, either before or during the time when they start doing business with your organisation. With eKYC, businesses are able to perform identity verification and due diligence electronically, but must ensure they have the correct end-to-end identity verification strategies in place.

Rob and Claire will share tips and best practices organisations can follow to simplify their eKYC.

Islamic FinTech and Financial Crime: A different risk profile?

With particular thanks to insha, Kestrl, MyAhmed and Niyah.

Just like every other sector of the global financial industry, Islamic finance is increasingly going digital.  There is a growing number of start-ups positioning themselves to benefit from the rapid global development of the FinTech market, coupled with the booming growth of Islamic finance.  Islamic finance is sometimes considered a niche area, but this ignores the actual size of the sector, with a consumer base of 1.8 billion Muslims globally and an estimated market value of $2.5 trillion in 2018, forecast to grow 40% by 2024.  These start-ups sit at the convergence of these two growth areas, and believe that young Muslims in particular will be drawn to products designed to facilitate integrating their faith and ethics with all aspects of their daily life, plus the ease and superior design features of a digital product.  

Most growth in Islamic finance in recent years has been rooted in traditional banking services, but change and dynamism in the sector is translating more and more into digital offerings and FinTech startups.  In 2019 there were an estimated 93 Islamic FinTech startups globally, including challenger banks for retail and SMEs (e.g. Kestrl, MyAhmed and Niyah in the UK and insha in Germany) as well as wealth management (e.g. US-based Wahed Invest), crowdfunding (e.g. Ethis Ventures in Malaysia and Indonesia) and crypto (e.g. Dubai-based trading platform Huulk).  P2P finance and InsureTech are cited as top sectors for growth in 2020.  Existing Islamic banks have also jumped on the digital bandwagon, especially in the Gulf, such as Bahrain Islamic Bank which launched the first fully-fledged Islamic digital bank in 2019.  The largest market for Islamic FinTech startups is Indonesia, followed by the US, the UAE and the UK. 

It’s interesting to note that many shariah-compliant FinTechs are keen to reach out to potential customers beyond the Muslim population in recognition of many people’s dislike and distrust of conventional financial services and desire for a more ethical, partnership-based approach.  To this end, many Europe-based FinTechs in particular notably focus on the ethical dimensions of their product rather than just guaranteeing shariah-compliance, and market themselves as ‘ethical’ or ‘values driven’ rather than explicitly as Islamic, halal or sharia-compliant.  This is also reportedly popular with Muslim customers, especially the young, who are more interested in services that focus on ethical considerations rather than “tick-box” shariah compliance.

Islamic Finance and FinCrime 

Islamic and conventional finance most obviously differ in terms of the products offered and the target client base.  But what of the risks they face, specifically financial crime?  Are there certain financial crime risks which Islamic finance institutions are more exposed to, or conversely where the specificities of Islamic finance help protect them?  And are there particular things Islamic FinTechs should be thinking about as they design and build their financial crime programmes?

This piece isn’t going to get into the complexities of Islamic finance and how transactions are structured.  However, there are a couple of key concepts that are useful to set out here.  Firstly, Islamic finance prohibits earning or paying interest, with a focus instead of profit (and risk) sharing.  This results in a model where banks and their customers act as ‘partners’, which differs from the usual client relationship.  Islamic finance also prohibits business in sectors considered forbidden or haram, such as alcohol, gambling, pork or adult entertainment.  And finally, Islamic finance does not condone excessive uncertainty or speculation.

On an academic level, relatively little attention has been paid to financial crime risks in relation to Islamic finance and there have been few, if any, studies on relevant money laundering/terrorist financing methods and trends.  International standards for AML/CTF regimes (such as those issued by FATF) make no provisions for Islamic finance, and are adopted wholesale even by countries with sizeable Islamic finance sectors without any adjustments.  The papers which have been published (e.g. by ACAMS) tend to conclude there’s no evidence the ML/TF risks in Islamic finance are different from those in conventional finance, or that it faces unique typologies or methods.  If anything, they conclude certain features of Islamic finance are likely to lower the ML/TF risks, such as the ‘partnership’ relationship between the financial institution and the borrower/lender, and the fact transactions are structured around the purchase/sale of underlying assets, which ties them to real-world valuations and makes it harder to disguise illicit flows.  

FinCrime for Islamic Fintechs

So what does this mean for Islamic FinTechs in particular?  Given the relatively scant attention paid to the topic by regulators and external bodies, and the prevailing tendency of conventional Islamic banks to treat financial crime the same way as everyone else, it is hardly surprising we’ve yet to see Islamic FinTechs formulate a specific approach to financial crime.  And nor is it clear that they need one, given the current state of the market and the product types that most existing Islamic FinTechs offer.  Where the academic studies do identify differences between conventional and Islamic finance, it is generally in relation to complex products such as trade finance and investment banking.  These are areas which have yet to be targeted by Islamic FinTechs, which so far are mostly focused on P2P lending / crowdfunding and retail banking.  In these areas, it is hard to see many ways in which the shariah-compliant aspects of the products could affect the AML/CTF risks.  The one concrete example is almost a coincidental positive for Islamic finance - several of the sectors considered prohibited are also ones recognised as high risk for financial crime, such as gambling, adult entertainment and arms/defence.  However the lack of any other discernible differences is borne out by a number of Islamic FinTech start-ups consulted by FINTRAIL, who confirmed that they don’t approach financial crime risk differently to their conventional counterparts and aren’t aware of any nuances or differences in the risks they face.  For instance, one European challenger bank confirmed it uses a banking-as-a-platform provider to manage compliance, meaning it is comfortable using an off-the-shelf solution designed initially for non-Islamic institutions.  

So, looking at the products and business models of Islamic FinTechs on paper indicates no real distinction.  However there is one real-world factor which does make a difference - customer base.  One standout issue is the provision of services to mosques and religious charities, which collect huge amounts of zakat donations, and can find conventional financial institutions reluctant to deal with them (and often Islamic institutions too).  Charities, especially religious charities, are recognised as a high risk sector for AML/CTF risks, and coupled with payment corridors to high-risk countries where Islamic charities are likely to operate, places them outside of risk appetite for many conventional banks.  Specialist Islamic FinTechs may be more prepared to find ways to mitigate the risks and serve these clients, as part of their ethical mission.  

In Europe, concentration risk and the makeup of the target client base may also pose particular challenges (but also opportunities) for Islamic FinTechs.  Their customers will be particularly homogenous, which may make them more vulnerable if a fraudster can work out a successful way to target this group.  This would involve knowing how to mimic real customers’ identities and activities, as well as frauds designed to exploit religious sentiment, e.g. by using fake charity appeals during Ramadan.  Beyond fraud, while many customers will be UK/EEA nationals, those who are foreign nationals are more likely to come from countries deemed high risk for ML/TF, and popular payment corridors for cross-border payments are also likely to involve such countries.  This will all result in a high level of declined applications, high-risk clients, and transaction monitoring alerts, especially if companies use generic risk appetites and customer risk assessments or off-the-shelf monitoring solutions, or outsource their compliance programmes to banking-as-a-platform companies.  

Conventional indicators and methodologies may thus not enable Islamic FinTechs to assess their client bases intelligently, and to work out if there are ways to mitigate any inherent  risks in line with their own risk appetites.  If they choose to accept these risks, they’ll need to ensure they can identify the most high-risk activity on their books, and dedicate their attention and resources appropriately.  And if done right, they are uniquely well-placed to do so - they can use their greater familiarity with these client groups and any existing data to benchmark usual, unconcerning behaviour vs. activity they deem suspicious.  For instance, huge cash deposits from a mosque during the last ten days of Ramadan would be immediately understood and contextualised.  And while a conventional retail bank may see all payments marked as ‘zakat’ as high risk, an Islamic FinTech can use their richer datasets and contextual understanding to refine their monitoring systems and investigate hits to identify the most high-risk of these payments, to make sure they are allocating their time and resources effectively. In doing so, they have the potential to play a positive social role by ensuring inclusion - enabling fair and affordable access to financial services to those frequently excluded or disadvantaged by conventional financial institutions.

So to summarise, the distinctive financial crime concerns of Islamic FinTechs lie not in the theoretical nature of how they operate or the mechanics of their product offering, but in the real-life nature of their client bases.  This idea is not unique to Islamic entities; in the increasingly crowded FinTech sphere, more and more firms are seeking a niche and are catering to specific client groups that pose a heightened financial crime risk on paper, such as expatriates sending remittances to specific high-risk countries, or sectors such as gambling or crypto that struggle to open accounts with conventional banks.  The lesson for all these companies is that, while they must recognise the inherent risks posed by their client bases, they can and should tailor their financial crime programmes to adopt a risk-based approach, identify their own top risks, and allocate their resources appropriately.

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic, or any other elements of building or refining a customised financial crime programme, please get in touch with contact@fintrail.co.uk or maya.braine@fintrail.co.uk

There is also further guidance available on the FINTRAIL website, including on defining a risk appetite, using data to drive a financial crime programme, and promoting financial inclusion.

,

Remote Delivery: NuBank Financial Crime Compliance Project

,

In the current climate the notion of ‘working from home’ has become the new norm. This means that some businesses have had to rapidly adapt how they work, how they deliver their products and services to their clients, and how they remain top of their game. Whilst FINTRAIL do have physical offices in London, Singapore, the US, we operate flexible working for our employees, and have also conducted fully remote projects in the past. We feel that these projects and our working set up has allowed us to quickly adapt to this new normal and we thought we would share some of our insights with the wider community. 

One of our most recent fully remote projects involved working with NuBank on a Financial Crime Compliance project. NuBank is a Latin American neobank and they have one of the largest customer bases in the region and sector, and in January 2020 confirmed they hit the 20 million customer target. NuBank was a completely new client for FINTRAIL, and also one of our largest projects where there would be no face-to-face, or in person element at all.

The project spanned three jurisdictions; Brazil, Mexico, and the UK. This involved assessing, and analysing regulation from Brazil and Mexico, as well as scheduling calls to accommodate for two quite different time zones! After the project had been completed, we had a feedback session with NuBank to discuss what worked, and maybe what didn’t, when conducting a remote project. NuBank was very pleased with our work. They commented that we were aligned with them as a business, and the project results were above and beyond what was expected. We are confident that our work can be delivered in a fully remote nature, and this project only helped to solidify that confidence.

Infographic highlighting the key takeaways from the NuBank remote project and what the client liked.

Key learnings:

  • Get the basics right. This may sound simple, but the client should be clear on the project timelines and deliverables. Having this understanding at the start and throughout helps to ease both sides of any unnecessary stress, and improves time management and control of the project. When a project involves no face-to-face aspect, all communication becomes much more scheduled, and therefore understanding the scope and nature of the project is key. This extends to us as FINTRAIL too, we always ensure that we understand a company and its products to the best of our ability when conducting a project.

  • Communicate, communicate, communicate (with the relevant people). Ensuring that the correct people are involved in the conversation is very important, especially during a remote project. With often already packed diaries, no one wants to sit on a video call that they cannot contribute to, or that they are not needed for.  By inviting the correct and relevant stakeholders only to meetings where they are needed prevents video call fatigue within the project, helping for each conversation to be meaningful and for people to remain engaged. 

  • Leverage technology.  Tools such as Slack can really help with interim communication between larger video meetings. Slack allowed for timely access to key pieces of information, and to lay the groundwork for more in depth meetings. It was also crucial to have this kind of communication due to multiple time zones. Emails felt a bit stiff and formal, and could get lost in a pile, whereas the Slack messages could be picked up whenever suited, and answered quickly and easily.

Get in Touch

If you are interested in speaking to the FINTRAIL team about the topics discussed here or how we are working remotely with clients globally today on all aspects of their financial crime programme, please feel free to get in touch with one of our team or at contact@fintrail.co.uk.

FINTRAIL joins Tide on the Jumio Webinar: Covid-19 Anti Financial Crime Best Practices

Gemma Rogers, Co Founder at FINTRAIL joined Rebecca Marriott and Matthew Tataryn of Tide and Sam Duggan of Jumio for a live panel discussion moderated by Claire Galbois-Alcaix. In the webinar they cover:

  • The financial crime impact COVID-19 has had on financial services providers

  • The main financial crime threat factors that businesses are having to adjust to

  • How the FCA's latest recommendations can help businesses in the short term

, , ,

FINTRAIL’s Digital Anti-Financial Crime (AFC) Support

, , ,

As a tech first company we have always used technology to serve our clients in the best possible way. As the global financial service industry embraces new digital and virtual working practices, FINTRAIL is uniquely positioned to support global customers. We want to ensure that we continue to enable organisations to thrive while managing their financial crime risk and meeting their regulatory requirements. 

As such we have taken three of our offerings and fully digitised them to ensure that we are still delivering the same tailored approach and bespoke output without compromising on quality. Our products are designed to be outcomes-focused and immediately impactful. 


On any audit or health check booked between now and the end of July 2020, that is completed by the end of the year, we are offering a 5% discount. Additionally to play our part in the fight against Covid-19, we will donate a further 5% to the World Health Organisation (WHO) Covid-19 Response Fund.

Get in touch today to discuss this and how we are working remotely with clients globally today on all aspects of their financial crime programme, or find out more here:

Digital AFC Support

, , , ,

Into the Tigers Den

, , , ,

*WARNING - Tiger King Spoilers Ahead*


Hey all you cool cats and kittens,

Most people reading this have probably seen or at least heard of the hit Netflix show, Tiger King, with its outstanding viewership of 34.3 million within its first 10 days of release. At first glance, the docuseries looks to focus on the captivity of big cats in the US; however the involvement of Joe Exotic soon pivots the focus to his love-life, rivalry with the owner of a non-profit animal sanctuary, Carole Baskin, and ultimately to the murder-for-hire plot of said sanctuary owner for which Joe Exotic is currently serving 22 years in prison. A $1 million lawsuit with Carole Baskin’s Big Cat Rescue Group is also ongoing. 


Whilst watching the captivating series, we at FINTRAIL noticed a reoccuring theme outside of big cats and cowboy boots. Financial crime. Episode after episode, it became evident that owning a roadside zoo in America comes with its own ecosystem of problems and characters, lots of whom have had their fair share of interactions with the law. This gave us an idea - let's set up our own big cat park ourselves! In this blog post we use Tiger King as a reference point, and walk you through how to set up your own zoo step by step, and ensure that the zoo and your activities can stay clear of the law.  Of course, this isn’t actually our goal. We’re aiming here to highlight how easy it is to do this, and the grey areas in the current US system. We take a look at:

  • The ease of obtaining a permit for a roadside zoo, making it a prime target for exploitation

  • The complex ownership structure hinted at in the Tiger King that could be used to hide beneficial ownership

  • How the trafficking of big cats can be used as part of a wider money laundering operation


Joe may seem exotic himself but some of the themes and activities highlighted on the show are a sad reality, and are an open door for criminal exploitation.


License to own big cats, but not buy or breed them. But obviously there are ways to get round this...

The first step of this process is to apply for a government permit which will allow you to own a roadside zoo to show off your cats. Luckily, in many states in the US this is easy to do. 

If you claim to be displaying the animals as an ‘exhibitor’, you can easily obtain a licence from the United States Department of Agriculture (USDA) for as little as $40. As a criminal looking to exploit any system available for financial gain, this is a prime opportunity to use a cash heavy business to launder profits through:

  • purchasing exotic animals with funds gained illegally

  • faking the sale of exotic animals to justify the transfer of funds

  • inflating the number of visitors to account for the increase of funds on the accounts

  • inflating construction costs for the park itself

  • inflating costs of upkeep for the animals and park


When applying, not much is asked about the applicant; as long as you have a social security number, you are eligible to exhibit big cats. Multiple previous convictions? Not a problem. Jeff Lowe and Mario Tabraue had convictions, including jail time, but this did not raise any red flags when submitting their applications. Surely, in a trade such as exotic animals where there are easy ways to make illegal profit, deeper checks into applicants should be crucial. It seems like the USDA just want to check you can pay them, rather than recognising the risk that is created by this lax entry criteria. 


Joe who?

Whilst there is nothing illicit or illegal about changing your name, it can make tracing ownership and finding records and media related to a person more difficult than for someone who has had one, or maybe two, registered names. The first thing to note about Joe Exotic is the multitude of names which he goes by. In court documents he is often referenced by upwards of five different names. Joe has been married three times, and has changed his name each time, sometimes making a double-barrelled name. He also has his ‘stage name’ of Joe Exotic, which he uses in everyday life. Information such as previous names, or aliases that an individual goes by can be crucial when assessing what risk an individual may pose. For example, adverse media checks conducted on only one of Joe’s many names may yield very different results compared to a search on a different alias. 

Old zoo, new zoo

When trying to hide assets, or even evade taxes, you may consider shutting down an existing business, and opening a completely new and fresh one. All the assets of the old business can be moved to the new business, however they are now under a separate legal entity, and in the case of tax evasion that business is unlikely to have any taxable profits. 

In legal records from the case between Joe Exotic and Big Cat Rescue, we found some interesting narration around the creation of a ‘new zoo’, and dissolution of the ‘old zoo’. The G.W. Exotic Animal Memorial Foundation, referenced as the ‘old zoo’, was created in 1999 by Joe Exotic and his parents, Shirley and Francis Schreibvogel. Shortly after the lawsuit in 2013 involving Carole Baskin and the $1 million judgement, a request was made to the Oklahoma Secretary of State by John Finlay (the old zoo’s vice president/director, and Joe Exotic’s husband at the time), to request a reservation of the name “The Garold Wayne Interactive Zoological Foundation", and a day later The Garold Wayne Interactive Zoological Foundation (‘new zoo’) was incorporated. The incorporation of the new zoo was paid for using the funds of the old zoo, the old zoo was then dissolved, and within this dissolution assets including vendor accounts and the gift shop inventory were transferred to the new zoo. However, the new zoo did not assume any of the old zoo’s liabilities. 

On paper, the two companies are different. Different names, possibly different ownership/management hierarchy structures - however it is clear to see that these two companies are intended to do the same thing, benefit the same parties, and ultimately have been created to hide, disguise, and try to put assets out of reach. This is an age old trick, and not one unique to the big cat or roadside zoo industry. As a result, law enforcement and the courts are well aware of this tactic. The court case recognised the new company was just being used as a vehicle to move and hide assets, and ordered the newly created Garold Wayne Interactive Zoological Foundation to also be held accountable for the $1million judgement in the lawsuit. If you are trying to hide your assets, it would be wise not to try this while in the middle of a court case when you are already under scrutiny of the courts. 

Keeping it in the family, and under the radar

Ultimate beneficial ownership (UBO) is a hot topic at the moment, particularly in the UK, where it is a legal requirement for all companies to disclose their ultimate owners to the corporate registrar. However in the US the landscape is wildly different. No state currently requires a company to declare the UBO, meaning it is easy to disguise the true beneficiary of a company. There is even talk at the moment within the US of relaxing the rules further in light of COVID-19

Complex ownership structures can be exploited to hide assets, and conceal individuals’ investments and involvements in business ventures. Joe Exotic made use of this tactic, and is even heard within the docuseries saying proudly to the camera, “Look around! I don’t own anything!”  When we had a look at some of the court documents surrounding the Tiger King, Joe was indeed right. He didn’t appear to own any assets at the zoo, or the zoo itself. 

As mentioned in the previous section, the original GW Zoo was founded in 1999 by Joe, under his original name of Joe Schreibvogel, and his parents Shirley and Francis. It is quite clear from the show that the zoo is Joe’s, legally or otherwise; he makes all the decisions and it is his responsibility to run it day to day.

The Big Cat Rescue Group settlement agreement outlined the continued involvement of Shirley in the zoo’s finances, without her having much actual involvement in the zoo itself. On paper, Shirley was the landowner and leased the land to the GW Zoo; however the settlement stated that these were not ‘arm’s length’ leases, and instead were used to transfer funds and assets to Shirley, so that they would remain out of reach of the ongoing lawsuit against GW Zoo/Joe Exotic. 

The settlement also states the ownership status of many vehicles and trailers within the zoo, and surprise surprise, they are all owned or leased by Shirley. Once again, this is a ploy to move all of the assets out of Joe’s name, and therefore supposedly out of reach of the court case. 

Lions and tigers and bears, oh my!

Arguably the most important aspect of establishing a zoo is the animals. 

You may think that getting hold of exotic animals would be difficult, but in many states it is simpler to purchase a tiger than to adopt a puppy. The Endangered Species Act of 1973 makes it illegal to sell endangered wildlife interstate or through foreign commerce in the course of a commercial activity. However you can be exempt from this Act if you are a USDA licensee, which is relatively easy as shown at the beginning of this piece, or an accredited sanctuary.

If we look at how Joe Exotic accumulated more than 200 tigers within GW Zoo, this was primarily done through breeding at the zoo. To care for a tiger, the food cost alone is between $7,500 and $10,000 per year, therefore Joe was not able to keep the whole litter and would sell the cubs. With the price of a large cat ranging anywhere from $900 for a bobcat to $7500 for a tiger cub, you can see why this is an attractive business and why Joe Exotic sold 168 tigers between 2010 and 2018 (the below map shows the far-reaching transfers of tigers from GW Zoo). Before 2016, there were fewer restrictions on the sale of captive-bred tigers as they were not considered important to conservationists and therefore could be freely traded, making it easier to trade across state lines. 

map.png

As you can see from the above, the amount of money that passes through a roadside zoo can be extensive, and this isn’t even including the admission and tour fees - some establishments charge nearly $400 per person for a tour. 

Not only can a zoo be used to move funds from other illicit activities, but there is great opportunity to use the zoo to commit illegal acts:

  • Purchasing or selling endangered wildlife in a banned state or without the appropriate licence 

  • Trading wildlife that has been illegally obtained 

  • Laundering cash through inflating prices of wildlife sales

  • Storing illegal drugs, as allegedly done by Mario Tabraue, who appears in the docuseries, before his arrest in 1987. 


The purchasing, breeding or exhibiting of exotic wildlife without the appropriate licence is illegal and therefore makes these animals criminal property. Profits from the subsequent trade of these animals are therefore the proceeds of specified unlawful activities (SUA), and money laundering is added to the long list of crimes that can be committed by these zoos. 

So where do I sign up? 

Absolutely do not set up a roadside zoo. 

The opportunities to conduct financial crime from a roadside zoo are extensive. The process of constructing a zoo itself presents the perfect opportunity as you can deal with high amounts of invoices for builders/supplies and deal with cash intensive industries to move illicit money. The subsequent running of the zoo creates more opportunity from buying and selling exotic wildlife illegally, to moving illicit funds through the zoo with inflated ticket prices and upkeep of the park. And as with other business types, you can set up constantly changing complex ownership structures to hide your assets.

As we have shown throughout this analysis, things aren’t always as they seem. Something that from the outside may look like a legitimate business can be used in numerous illicit ways. For financial institutions that service corporate clients, it is vital to analyse the industry lists in the context of your product offering, jurisdictional coverage and client base and see if something that might generically pose a low risk of financial crime, could actually be used extensively for financial crime purposes.  Hopefully this article has given you some red flags to watch out for, such as unnecessarily complex ownership structures, repeated changes in ownership, multiple name changes or aliases, or historic involvement in lawsuits or criminal prosecutions.

Get in Touch

If you are interested in speaking to the FINTRAIL team about the topics discussed here or any other anti-financial crime topics, please feel free to get in touch with one of our team or at contact@fintrail.co.uk.

,

FINTRAIL on the Sibylline Podcast: No Lockdown Here – Covid & Financial Crime

,

FINTRAIL’s APAC MD, Payal Patel, joins Sibylline COO Tamara Makarenko and Samantha Sheen for a conversation about the impact COVID is having on financial crime.

Their discussion covers why financial crime is ‘surviving’ lockdown, new financial crime trends, the regulatory response, and how companies can safeguard themselves. The podcast ultimately outlines a few ‘Golden Rules’ of how we can build our resilience to this unfolding financial crime environment.

,

FINTRAIL on the Captivated Audience - Season 1, Episode 26

,

In this episode, FINTRAIL’s James Nurse, joins hosts Sam Sheen and Marie Lundberg on the Captivated Audience podcast.

In this episode James offers insights from recent FINTRAIL papers on Social Media and Financial Crime, and the iterative risk approach to pre and post pandemic working for FinTech.

Free resources

Access free resources designed to help strengthen your anti-financial crime controls.

Partner with us

We love to support projects that combat financial crime -
get in touch to find out more.