MENA, USA, MEA, Europe, APAC
Maya Braine
Case Study: Digitisation Support
Case Study: Digitisation Support
Europe, USA, MENA, MEA, FFE, APAC
Guest User
FinTech Approaches to Sanction Regimes
FinTech Approaches to Sanction Regimes
APAC, Europe, USA, MEA
James Nurse
How to use Compliance as an enabler in Digital ...
How to use Compliance as an enabler in Digital Transformation
MEA
Guest User
Islamic FinTech and Financial Crime: A ...
Islamic FinTech and Financial Crime: A different risk profile?
Europe, USA, APAC, MEA
Guest User
How Social Media is used to Further Financial ...
How Social Media is used to Further Financial Crime - Part 1

The Digitisation of Hong Bao

The world is quickly moving towards a cashless society, and with the rise of digital wallets and mobile payments, where does this leave the Lunar New Year tradition of gifting little red packets of cash, known as hong bao? The digitisation of hong bao has been on the rise in recent years and with the pandemic looming over this year's Lunar New Year festivities, we are likely to see even more people sending and receiving e-hong bao than usual. FINTRAIL and transaction monitoring and screening solution provider, ComplyAdvantage, explore what payment services and financial institutions may see from a payments and transaction monitoring perspective during this period.

Rise in ‘e-hong bao’

Recent years have seen a gradual shift towards “e-hong bao” with the first of this type of product being launched by Chinese mobile payment and digital wallet provider, WeChat Pay, in 2014. Since then, other payment and banking providers such as PayNow, GrabPay and DBS have followed suit introducing new, creative ways for people to send and receive hong bao without the use of cash. DBS’ ‘QR Hong Bao’, for example, allows its PayLah! App customers to load money onto a physical card via their banking app using a QR code, in which the recipient can then redeem the value by scanning the QR code. PayNow uses its peer-to-peer fund transfer service which allows money to be transferred to a recipient using only their phone number or National Registration Identity Card (NRIC) for Singaporean customers. Most recently, Revolut Singapore revealed its designs for its new gifting feature which allows customers to send e-hong bao in any of its 28 in-app currencies for free. Just like physical red packets, Revolut customers can choose from a selection of designs with customisable greetings and schedule them to be sent on a specific day. 

Today, with the pandemic looming over this year's Lunar New Year festivities, celebrations are likely to look a little different, with families no longer crossing borders to celebrate with loved ones, mass celebrations being replaced with virtual gatherings, and the gifting of hong bao also going digital. In Singapore, there has been a government push to encourage the adoption of e-hong bao and e-gifting. The Monetary Authority of Singapore (MAS) has encouraged those who celebrate Lunar New Year to give out e-hong baos, as it will not only help to reduce queues for new notes from a Covid-friendly perspective, but also has the benefit of being significantly more eco-friendly, as it will reduce the printing and subsequent wastage of red envelopes and new notes returned to banks after each festive season. Likewise, the Association of Banks in Singapore (ABS) has also supported MAS’ stance, as it claims e-gifting enables the tradition of giving hong baos to continue safely and complements the existing safe management measures in place. In Singapore, this effort is further encouraged through the MAS incentive of rewarding the most innovative FinTech e-gifting solution with a special recognition at the Singapore FinTech Festival in November this year.

Key trends

So, what does going cashless and the rise of e-hong bao mean for payment services and financial institutions when it comes to monitoring customer activity during the Lunar New Year period? FINTRAIL and ComplyAdvantage explore some key trends that have been identified across the industry and provide payment services and financial institutions some high-level considerations when it comes to monitoring customer activity during this time. 

  • Payment services and financial institutions are likely to see a spike in transaction monitoring and payment alerts during the Lunar New Year period, as a result of the increased volume of payments being sent by customers. This is due to traditions like the gifting of hong bao or other traditional customs, such as paying off any debts and loans, including mortgages, as well the gifting of shares in companies. For many payment services and financial institutions this includes two distinct spikes associated with pre-new year and post-new year activities. 

  • Financial institutions may also see an increase in payments through alternative channels, for example, if they only offer their e-gifting products at certain times of the year. For these seasonal specific products, banking providers may see an increase in account openings during this period, for accounts that are purely set up for e-gifting purposes, and are only used at this time of year. Accordingly these accounts may remain dormant until the following year. This pattern of customer activity may trigger a number of alerts involving dormant accounts. 

  • Customers are likely to be sending payments to a wider audience and beneficiary group compared to their average payment history. This may include both local and cross border payments to a wider variety of individuals in their network including friends, relatives, business partners, and employees. E-hong bao can also be gifted from a range of customer segments including wholesale and business customers. This includes gifting between businesses, from businesses to its employees, and between business partners. This variety of payments may increase the number of payment screening alerts for payment services and financial institutions. 

With these trends in mind, mainly relating to the increase in volume of payments and associated transaction monitoring and payment screening alerts, what are some considerations financial institutions and payment services should take into account to manage these spikes and assess financial crime risk appropriately? Ahead of the Lunar New Year, Compliance teams may want to consider the following:

  • Work with data analysis teams and transaction monitoring system owners to calibrate rules to address the expected spikes and volumes during this period, for example by increasing thresholds for cash base rules, to reduce the volume of single or aggregated alerts

  • Perform sandbox testing to provide assurance that any new or modified rules have been tested sufficiently and are effective in identifying typology risk. Calibration and testing will ensure operational efficiency during this period but also ensure Compliance teams are adequately resourced to address any spikes in volume of alerts as well as manage BAU processes.

  • Leverage resources from other regional transaction monitoring and investigation teams that do not celebrate Lunar New Year to assist with any potential spikes and backlogs. This may also present itself as an opportunity for teams to provide analysis on any patterns and trends identified through analysing the data from afar.

  • Increase staff awareness around the cultural traditions of Lunar New Year and any nuances of how it is celebrated between countries. Taking the traditional customs of paying off debts, loans and mortgages, compliance professionals will need to understand what financial crime risks and red flags may be associated with early repayments and how to appropriately assess these risks and distinguish between early repayments from legitimate sources of funds compared to illicit funds. 

  • Increase staff awareness around seasonal scams and frauds perpetrated by bad actors using the increase in volumes expected and business closures during the Lunar New Year period to integrate illicit funds. This may include paying increased attention to local and global regulators publishing any regulatory updates or warning notices pertaining to seasonal scams.

If you would like to contact us about any of the topics raised in this article, or about your financial crime compliance needs in the APAC region, please contact sara.abbasi@fintrail.com 

ComplyAdvantage is an AI-driven financial crime risk data and detection technology company transforming financial crime detection. The company actively identifies tens of thousands of risk events from millions of structured and unstructured data points every single day. ComplyAdvantage has four global hubs located in New York, London, Singapore and Cluj-Napoca and is backed by Ontario Teachers’, Index Ventures and Balderton Capital. Learn more at complyadvantage.com.

, , ,

Love is in the air.. Or is it?

, , ,

With increasing restrictions placed upon our lives due to COVID-19, millions of people have turned to online dating sites to meet someone and spark human interaction. In some instances, it is genuinely love at first sight, but not in others. In such an emotionally charged environment some enter this not for love but for financial gain and tragically, many stumble upon con artists who are eager to take advantage of people looking to make a connection. The fraudster builds up rapport by making up a story and, once they have established enough trust, moves onto the real reason they are there, asking for money. According to UK Finance, there was a 20% increase in bank transfer fraud linked to romance scams in 2019 compared to 2018. However, the damage to the victim often goes much deeper than the financial loss suffered. Navigating relationships can be fraught at the best of times, but here are few things that may help you identify if it is a scammer or not.

Liar liar

Red flags that might help you spot scammers include:

  • Asking a lot personal questions about you while avoiding answering personal questions about themselves

  • Trying to establish a bond quickly by telling you “this is the first time they’ve felt like this before”, giving you an endearing pet name or even that they are in love with you

  • Preferring to move the communication away from dating websites and towards texting or phone calls as the scammers know that the dating website will have no proof of them asking you for money

  • Asking for financial help by making up lies (which is covered below)

  • never meeting them in person as they are either “out of the country at the moment” or have made up excuses about why they had to cancel - sometimes these include financial reasons

Scammers are inventive when it comes to creating a facade with which to lure victims. Some frequently used lies by scammers in order to request funds include paying:

  • For a plane ticket or other travel expenses

  • For surgery or other medical expenses

  • Customs fees

  • Off gambling debts

  • For a visa or other official travel documents

Scammers usually request funds via wiring money, putting money on a gift card, or loading money onto a prepaid card. Scammers know that this way, they can get cash quickly and remain anonymous and the transactions are almost impossible to reverse.

Protect yourself

Never send money to a romantic interest you haven’t met in person. If you suspect a romance scam:

  • Stop communicating with the person immediately

  • Do a search for the type of job the person has to see if other people have heard similar stories. For example, you could do a search for “UK Army scammer

  • Do a reverse image search of the person's profile picture to see if it’s associated with another name or with details that don’t match up

  • Contact Action Fraud on 0300 123 2040

If you’d like to learn more, please contact Ishima Romain, consultant or email us at: contact@fintrail.com.

, , , , ,

FinTech and Law Enforcement partnerships

, , , , ,

Expert Working Group Topic 2: Law Enforcement partnerships

We’ve just wrapped up our second Expert Working Group, following last year’s EWG on FinTech Approaches to Sanctions Regimes. This time, we gathered 16 experts from FinTechs along with law enforcement leaders to chat about our partnerships with law enforcement.

This working group made it clear that finding the right contact or information can be tricky. Please do not hesitate to reach out to the FFE secretariat at ffe_admin@fintrail.co.uk if you need help making contact on an important law enforcement matter—this goes for law enforcement, FIUs and FinTechs. We’re happy to help you find the information you need, quickly.

A sneak peek into just a few of the insights that came from our discussions, which covered FinTech best practices for receiving and responding to requests, SAR feedback, asset freezing, stay-open requests and more: 

  • Public/private partnerships and industry groups are tough nuts to crack—58% feel they’ve struggled to get traction with groups that share high-value law enforcement information

  • We hear from law enforcement a lot. Half of us receive several requests per week.

  • MLROs rarely act as the central point of contact. If you’re an MLRO, and you’re still taking all the phone calls, delegate away—today is your day!

Check out the full report for more, and reach out to us at ffe_admin@fintrail.co.uk to share any insights of your own. And, of course, stay tuned for further Expert Working Groups!

FINTRAIL MONTHLY REG-CAP Jan 2021

FINTRAIL is producing a monthly regulatory summary of any FinCrime changes that may be occurring in Europe and beyond.

This one pager will cover:

  1. Key updates from global and local regulators

  2. Key updates from industry guidelines

  3. Additional insights identified from financial intelligence units

January 2021

This RegCap summarises any regulatory updates within January 2021.

Some highlights include the update of the Corruption Perception Index being published and a paper from RUSI on the impact of fraud on the UK’s national security landscape.

What other regulations changes caught your eye in January?


If you are interested in speaking to the FINTRAIL team about any of the items in the REG-CAP, have any ideas for inclusion or want to discuss any other financial crime topic please get in touch at: contact@fintrail.co.uk

The New Crypto Rules in Town

The crypto world has certainly started 2021 with a bang. All time highs for bitcoin prices (reaching around $40,000 in the first week of January) and a hotly debated rule proposal from FinCEN meant that cryptocurrencies were certainly at the forefront of many people's minds as we left 2020 and entered 2021. 

There has been lots of talk recently on the newest proposed FinCEN crypto rule; however, if you are not directly part of the crypto community, it is very easy to lose track of the different proposed regulations and rules. This blog post aims to summarise the key differences between the previously proposed FATF travel rule, and the newly proposed FinCEN crypto rule, for a non-crypto savvy audience.  

The FATF Travel Rule

In June 2019, an amendment was made to the Financial Action Task Force (FATF) recommendations. The change, known as ‘the travel rule’, was made to Recommendation 16, which was previously in place to help combat money laundering and terrorist financing with relation to wire transfers. This recommendation required that counterparty information be shared when conducting a wire transfer and that banks assume responsibility in reporting suspicious activity. Previously only applying to banks, Recommendation 16 was updated to include virtual asset service providers (VASPs) as well. A VASP is considered a business that provides crypto-to-fiat (Euro, British Pound, U.S. Dollar, etc) or crypto-to-crypto exchange, or any other transfer of crypto on behalf of its clients. Recommendation 10 was also updated to ensure VASPs conduct due diligence where appropriate.

The updates were as follows:

  • For occasional transactions above 1000 USD/EUR, VASPs must conduct customer due diligence (Recommendation 10);

  • The obligation to obtain, hold, and transmit required originator and beneficiary information, immediately and securely, when conducting virtual asset transfers (Recommendation 16).

This proposal caused a stir within the community in 2019, with questions being raised about how feasible it was to implement this, and its impacts on the crypto community. A key point to understand here is that this rule was proposed to only affect VASPs, and transactions between VASPs. This is a key differential between the Travel Rule and the below discussed FinCEN rules. 

The Proposed FinCEN Crypto Rule

FinCEN, a bureau of the US Department of Treasury that defines rules for combating money laundering and terrorist financing, has been vocal in ensuring cryptocurrency is regulated over the years. The most recent of these attempts is a proposal released in December 2020. This rule was not well received by the community and has an ever-growing number of comments submitted against them. The proposed rule is quite different to the above Travel Rule, and reads as follows:

  • exchanges (read - VASPs) would have to collect names and home addresses for the owners of private crypto wallets (also referred to as self-hosted wallets, unhosted wallets or sometimes just “wallets”) receiving more than $3,000 in cryptocurrencies in aggregate in a day. If a wallet receives more than $10,000, the exchange would be required to file a Currency Transaction Report (CTR) to FinCEN.

These rules would cover all “convertible virtual currency” (CVC) transactions. This is a FinCEN-specific term for cryptocurrencies (bitcoin, litecoin, etc) that can be exchanged for fiat currencies. Note, unlike the travel rule - this covers “wallets”, which were previously outside of the scope of the FATF travel rule, which covered VASPs only.

The differences

The travel rule is built on an existing standard of rules, previously used for wire transfers. Whilst the rule itself may be difficult to implement within the world of cryptocurrencies, there is an understanding that this will bring cryptocurrencies up to the standard of the wire transfer regulations. 

The main difference with the newly proposed FinCEN rule is that it is completely new regulation, and goes above and beyond requirements of a standard cash transaction. The current 7,000+comments against the proposed FinCEN rules vary with reasons as to why this rule should not be brought into action. To name just a few, some comments are around the effectiveness of the rules, while others focus on the data privacy implications.

To illustrate the differences, some scenarios are outlined below.

Context: Person A has an account on Exchange A. Person B has an account on Exchange B. Person C has a self-hosted wallet (i.e. doesn’t hold funds with a VASP).

Crypto+diagrams-01.jpg


  1. Person A wants to transfer $4,000 worth of bitcoin to Person B. This will involve funds being transferred from Exchange A, to Exchange B.

    1. FATF Travel Rule: This transaction would be in scope. Exchange A would have to share details of Person A, with Exchange B. 

    2. FinCEN rule: This transaction would be out of scope (covered by Travel Rule).

Crypto diagrams-02.png

 

  1. Person B wants to transfer $4,000 worth of bitcoin to Person C. This will involve funds being transferred from Exchange B, to Person C directly. 

    1. FATF Travel Rule: This transaction would be out of scope. The receiving counter party is not a VASP. 

    2. FinCEN rule: This transaction would be in scope. Exchange B would be required to collect the name and home address of Person C.

Crypto diagrams-03.png

What next?

As the regulation continues to evolve, there will certainly be new terms and methodologies produced, which is why it’s always important to ensure the differences between new rules and recommendations are understood. 

The Travel Rule has already had standards approved and will surely remain a focus of the year to come. There are still many challenges with implementing this rule, and therefore it currently has a low adoption rate. The June 2020 12 month FATF review of VASPs states that “FATF is not aware yet that there are sufficient holistic technological solutions for global travel rule implementation that have been established and widely adopted”. Until the problem of a viable technological solution is solved, it is unlikely that it will become widely implemented. 

The output of the FinCEN rules will also be a hot topic in the coming weeks and months. The comment period for these rules was extended by FinCEN for a further 60 days. This conversation certainly isn’t over, and no doubt 2021 will bring more regulation to the crypto space - whether the industry agrees or not.



If you’d like to learn more, please contact Danielle Jukes, consultant or email us at: contact@fintrail.co.uk.

FINTRAIL APAC REG-CAP Jan 2021

FINTRAIL is producing a monthly regulatory summary of any FinCrime changes that may be occurring across APAC.

This issue will cover:

  1. Key updates from regional and local regulators

  2. Key updates from industry guidelines

  3. Additional insights identified from financial intelligence units

Q4 2020 - Jan 2021

This Reg-Cap summarises some of the main regulatory updates across APAC countries within the last quarter of 2020 and beginning of January 2021. Key highlights include changes to national AML/CTF laws across the region, specifically relating to Virtual Asset Service Providers (VASPs) to align the scope of local regulation with FATF Standards on AML/CTF for VASPs.

What other regulations changes caught your eye at the start of 2021?

If you are interested in speaking to the FINTRAIL team about any of the items in the REG-CAP, have any ideas for inclusion or want to discuss any other financial crime topic please get in touch at: contact@fintrail.co.uk

, , , ,

A look forward: what does 2021 have in store for the anti-financial crime community?

, , , ,

2020 was a rollercoaster for us all, not least professionals in the anti-financial crime (AFC) space who had to deal with regulatory change continuing, and criminals upping their game and exploiting the pandemic in tragically ingenious ways.  You can read more about the impact of the global pandemic, and other key regulatory and typological developments in our lookback papers from our Europe, Middle East and Africa, and Asia Pacific teams.  But, let’s now take a moment to look ahead to 2021 and what we might expect to see as AFC practitioners over the year and what we plan to do as FINTRAIL. Normally, we shy away from predictions, but nothing could have been stranger than the reality that was 2020, so we thought we would give it a go!

Effectiveness and Outcomes-focussed Compliance

We’ve already started to see a shift in this direction in the AFC community, in both larger, traditional banks, as well as in the FinTech community as the pressure from regulators for firms to achieve good outcomes in financial crime prevention increases.  Even as far back as 2019, the then-interim Chief Executive of the UK’s Financial Conduct Authority noted: “One thing is already clear – we are moving from a narrower compliance with the rules, to a focus on delivering the outcomes we want for the users of financial services.” While not specific to anti-financial crime, it is clear that all financial services firms want good outcomes for their customers, particularly when it comes to preventing crime against them or involving them. 

What is likely to come this year, in our opinion, is a greater focus from regulators on how those outcomes are measured and therefore how confident a firm can be that its controls and AFC risk mitigants are indeed effective at tackling financial crime. Presently, measuring effectiveness can be challenging and is often unsystematic, relying on annual Money Laundering Reporting Officer (MLRO) reports that pull together proxy measures of effectiveness from a wide range of sources, which is manual, time consuming and potentially error prone if the data is not tracked on a more regular basis, and unusual findings pulled out and scrutinised. Using technology to address this problem in the future is at the heart of the solution. In our view, not only will an outcomes focussed approach increase the relevance of reporting that AFC provides to its senior leadership teams - as it will be able to demonstrate clear Key Performance Indicators (KPIs) and markers of improvement over time - it will also drive positive developments in AFC controls by helping to understand better whether those controls are working to actively reduce crime and illicit funds flowing through the financial services ecosystem. 

So what are we doing about this at FINTRAIL to ensure our clients adjust to the shift in focus? Our immediate response is to embed ‘effectiveness’ into all of our service offerings in 2021 from advisory to assurance; our consultancy teams are putting it at the heart of everything they do for our clients.

Secondly, FINTRAIL is now an investor in Cable.tech that is headed by the fantastic Natasha Vernier and Katie Savitz who both bring great pedigrees from the likes of Monzo and Square. Cable is focused on finding a technical solution to the challenge of AFC effectiveness. We are super excited by what the team there is building and are sure as 2021 progresses they will be taking the industry by storm. 

Increasing specialisation in AFC Compliance

A few years ago and anecdotally at FINTRAIL, we noticed a shift from quite siloed AFC teams with specific areas of focus across the different crime types (e.g. Head of Fraud), to a more homogenous AFC team structure with experts in a number of areas working together and collaborating. A particularly notable change in some organisations was the inclusion of Fraud teams into wider AFC compliance teams, where Fraud had sometimes more traditionally been placed alongside operations or in security and cyber security teams.  This flatter approach was especially popular in newly established AFC teams in startups and FinTechs. 

Our prediction for 2021 is that we are going to see an increasing specialisation of AFC compliance professionals in the product areas that they oversee and risk manage. For example, Fintech AFC compliance officers might well be broken down further into payments AFC specialists, Foreign Exchange (FX) AFC specialists and Banking as a Service (BaaS) AFC specialists. These specialist product skills will help AFC officers really pinpoint the risks their firm’s products are facing and thereby design more nuanced controls to manage those risks.

As such, it seems increasingly likely that these skills will be required by FinTech firms when recruiting and that candidates coming from more generalist backgrounds will need to demonstrate additional competencies in order to compete with the more specialist compliance officers out there. 

We have responded to this development and the growing, critical need for certified qualification in the FinTech industry by partnering with ACAMS to offer the Certified AML FinTech Compliance Associate (CAFCA) qualification and examination. This sets a new standard for the global FinTech industry and brings credibility and parity to an industry that has historically faced questions about competence. As our colleague Kate Hotten put it “It's for FinTechs, but it's so much more: it explores how scale, inclusion, new financial models and technical skills impact how we work in AML. We really worked hard to make sure this wasn't the same old AML blah-blah.”

Wellbeing is critical

2020 gave us all time to reflect on what wellbeing really meant to us as individuals, and firms are starting to do more to ensure that their staff are engaged, resilient and are looking after their physical and mental health. Not only is doing so beneficial for the employees involved, but it also has proven and wide ranging benefits on productivity, employee retention and engagement, inter alia. Staff in AFC teams are no exception to this, and in these roles especially dealing with the negative sides of society that we see when we investigate some pretty horrendous crimes, wellbeing should be prioritised.  Further, the sometimes relentless pressure - whether it’s from criminals breaching your perimeter controls to the more generalised stress of working in a regulated industry - can take its toll, and mental health and wellbeing should be taken seriously. Plus, with crime continuing to increase during the pandemic, this focus has never been more needed. And, just because we are working remotely doesn’t mean that wellbeing can be discounted, in fact it’s just the opposite.

At FINTRAIL, we are proud to offer the services of app-based therapy provider, Spill to our colleagues, and are also looking forward to exploring some more bespoke options with Your Virtual Wellbeing Hub, a research-backed one-stop-shop for employers looking to introduce, add to, or kick-start their employee wellbeing offering. We hope that these efforts will make sure that our team’s wellbeing is central to our company ethos.

For the wider FinTech FinCrime Exchange (FFE) community, we are excited to be offering a series of free, donation-based yoga classes from March onwards to help our members disconnect from their day jobs and find that all important “me” time, making them even better crime fighters.


So, whether you are looking to hone your compliance skills, take some time out for yourself from a busy day or are looking at how to revitalize your compliance programme over the next year, we hope you’ve enjoyed reading this piece, and if you would like to contact us about any of the topics raised in this article, or about any other anti-financial crime compliance needs, please reach out at contact@fintrail.co.uk

Goodbye 2020: Highlights of the year from the Europe team

Regulatory Changes

Throughout 2020, the financial sector saw a number of changes - including regulatory change. Whilst the year had its fair share of bad press around the adoption of regulation, there were also a number of positives to come out of 2020.  The implementation of the Fifth Anti-Money Laundering Directive (5AMLD) at the start of the year and the newly updated UK National Risk Assessment were long awaited updates that will help to drive positive change within the financial sector and beyond.   

Fifth Anti-Money Laundering Directive 

The 5AMLD came into force on January 10th 2020. The directive brought a number of changes, which now applied to firms that were previously unregulated. The 5AMLD now covers cryptocurrency firms, high value dealers (anything over 10,000 euro), and estate agencies. In 2020, cryptocurrency firms started to bolster and refine their anti-financial crime frameworks  - a sure result of 5AMLD.  

UK National Risk Assessment

Towards the end of the year the UK released it’s 2020 National Risk Assessment - an update on the 2017 Risk Assessment. The changes (highlighted in our December 2020 RegCap) included a number of increased risk levels for some specific industries such as property and trust/company service providers. The assessment also included initial ratings of newly regulated sectors such as estate agents. No areas saw their risk levels lowered, either for money laundering or terrorist financing. 

FINTRAIL Projects: Europe

Whilst the year wasn’t quite as many had planned, we at FINTRAIL continued to work with our global client base to deliver the best of anti-financial crime consultancy. The year saw us work on a number of different projects, from risk assessments to creating due diligence policies. Two areas that increased in popularity this year were audits and training. 

Audits often get a bad reputation. They are a regulatory requirement and often seen as a burden. However, these can be extremely useful tools and help to shape and prioritise the year ahead for your anti-financial crime function. We conducted several audits in 2020, from a crypto firm’s first audit to working with a challenger bank who is well versed in the audit process. 

Firms have also looked to either increase their knowledge or change the way they are learning and conducting training. Despite the challenges of working from home, FINTRAIL delivered bespoke, specialist training - albeit from behind a screen. This appetite for training stretched across most companies with an increase in requests for training of more junior members of staff as well as the more senior compliance employees. RegTechs also requested training in 2020, to ensure their sales teams were attuned to the latest regulations; understand where their product fits into their potential clients’ lives; and were aware of the problems it solves. Alongside RegTech partners, our clients within the training space in 2020 included challenger banks, crypto firms and law enforcement agencies to name a few. This trend for increased training is likely to continue into 2021.

Another highlight of the year was conducting work in the investigations space. One particularly interesting project included a due diligence review and evaluation of the specific risks posed by a particularly high-risk client. FINTRAIL also assessed the current control measures in place and offered suggestions for enhancements to the financial crime control framework to mitigate the risk further. 

Part of  2020 was also spent leading a major transformation project within a bank's anti-financial crime function. This large scale project was great to work on, as it involved delivering various pieces of work from an enterprise wide risk assessment to customer due diligence policies, right the way through to the training programme for its employees. FINTRAIL successfully helped to shape a more effective compliance framework for the bank, entirely through remote delivery.  

Looking to the future

Entering into 2021, we look forward to working with our existing and any new clients that the year may bring. There are already early signs that the year could be an eventful one, with rapidly changing crypto regulation through to Brexit finally being realised. 2021 is sure to bring its challenges - and opportunities.


A Year in Review: Financial Crime in the Middle East and Africa in 2020

2020 has clearly been a year like no other.  Both businesses and criminals have had to adapt to the abrupt and far-reaching impacts of the COVID-19 pandemic.  This has drastically accelerated the shift away from cash to digital payments, and encouraged both governments and global actors such as the Financial Action Task Force (FATF) to promote a shift towards digitisation.  The pandemic also provided ample opportunities for criminals to devise new schemes and take advantage of a rapidly changing, uncertain environment.  Many financial institutions in the Middle East, particularly the Gulf Cooperation Council (GCC) struggled with sluggish performance, but most still planned to grow their compliance teams and increase compliance spend over the course of the year, with a focus on technology.  

Below are some of the key financial crime stories and trends from the year across the MEA region:

Fraud and COVID-19

COVID-19 has created opportunities for organised criminals and fraudsters across the globe, and MEA is no exception.  The region has traditionally been dominated by cash payments, but the pandemic accelerated a huge shift to digital transactions (e.g. a PwC survey shows 53% of Middle East respondents making purchases online).  This change, coupled with public anxiety which left people vulnerable to scams, led to a massive increase in fraud including phishing, online shopping fraud, impersonation fraud, and fake charitable appeals. The UAE, for instance, saw a 250% increase last year in cyberattacks, including phishing and ransomware incidents.

Financial institutions need to respond by re-examining their fraud controls, conducting risk assessments to capture the latest threats, and educating their customers on new risks and typologies.  Informal collaboration or industry groups such as the regional charters of the FinTech FinCrime Exchange can be invaluable here.

Spotlight on digital onboarding and eKYC

Regulators in the Middle East and Africa were already moving towards greater digitisation and use of technology to fight financial crime, and this trend has only been accelerated by the COVID-19 pandemic.  In April 2020 the Arab Monetary Fund published a report on ‘Digital Identity and e-KYC Guidelines for the Arab Countries’ to further the debate on adopting digital onboarding tools.  Within the Middle East, the UAE and Bahrain have been the national frontrunners - Bahrain launched an eKYC project mandated by the Central Bank of Bahrain in 2019, to facilitate KYC data sharing amongst participating financial institutions which has continued to develop over the course of 2020, and the UAE introduced its own eKYC platform which went live in July last year.   

As more and more firms look to digitise their compliance processes, against this backdrop of growing official support, care must be taken to select technological solutions which allow firms to reduce any potential risk exposure, and that their use and integration is properly assessed and re-evaluated on an ongoing basis.

FATF Mutual Evaluation Report on the UAE

One major regional news story in 2020 was the publication of FATF’s critical Mutual Evaluation Report on the UAE’s money laundering and terrorist financing controls.  FATF stated the UAE needed to make “fundamental and major improvements” to its AML/CTF systems, and placed it under a year-long observation to ensure that it is properly implementing its recently adopted laws.

The UAE has faced other criticism last year.  It was the only GCC state included in a list of 82 major money laundering jurisdictions identified by the US State Department in March.  A report from the Carnegie Endowment in July on financial crime in Dubai highlighted a number of risk areas and stated that “Dubai’s prosperity is a steady stream of illicit proceeds borne from corruption and crime.”  The investigative and policy organisation The Sentry issued a report in November on how Dubai has become the main destination for illicit gold from Africa.

While the UAE government works to meet FATF requirements over the next 12 months, individual financial institutions need to ensure they have up-to-date risk assessments that reflect the financial crime threats relating to the country highlighted by these external sources, and then align their procedures and controls to address and mitigate the risks.

MEA regulators start to warm up to cryptocurrencies

The growth of cryptocurrency remained relatively low-scale but continued to show promise across both Africa and the Middle East.  Commentators believe the growing level of interest in Africa in particular, and compelling crypto use cases (the instability of fiat currencies and high remittance fees) will force regulators’ hands and encourage the issue of crypto-specific regulations in the near future.  2020 saw the issue of new regulations in Nigeria, South Africa and the UAE, with other jurisdictions such as Kenya and potentially Saudi Arabia likely to follow soon.  The UAE and Bahrain (which issued crypto regulations in early 2019) have both granted licenses to crypto exchanges under the relevant regulations, and currently have a number of crypto companies in their sandbox programmes.

The growing adoption and acceptance of cryptocurrencies in the MEA region will not only require crypto firms themselves to establish robust compliance programmes, but also other companies with potential exposure to them, such as conventional banks.  Crypto is perceived to be a high-risk sector but this does not mean it should be off-limits, and with greater knowledge and training on the associated risks and necessary controls, an increasing number of financial institutions are likely to engage with it in the coming years.

Slow steps towards greater transparency and access to data

Finally, 2020 has seen some positive developments relating to one of the region’s key issues in financial crime compliance, namely transparency and accessibility of data.  A small number of governments have made moves to align themselves with international standards, such as the UAE, Egypt and Kenya, which all introduced new requirements in 2020 for companies to declare their ultimate beneficial owners.  The onus is now on industry bodies to lobby to make all this information public, and on financial institutions to work out how best to integrate these new sources of information into their onboarding, customer risk assessment, and ongoing due diligence processes. Once again, technology is likely to play an increasing role here.

FINTRAIL in 2020

2020 was a key year for FINTRAIL’s coverage of the Middle East and Africa, with the appointment of Maya Braine as managing director, allowing for dedicated coverage and enhancing our understanding and expertise.  We completed several exciting projects with a focus on the region, including an ongoing assignment to provide training to compliance teams across Kenya, Nigeria and South Africa, and the launch of a digital product focusing on the African diaspora.  We also became a Venture Acceleration Partner  of Bahrain FinTech Bay, one of the world’s leading FinTech hubs.  We have ambitious plans for the region in 2021, so watch this space!

If you would like to contact us about any of the topics raised in this article, or about your financial crime compliance needs in the MEA region, please contact maya.braine@fintrail.co.uk. FINTRAIL can assist with performing risk assessments, providing training, implementing RegTech solutions, composing policies and procedures, and designing and reviewing FinCrime controls. For more details on our services, please visit our website.

Inauguration Day: What does the Biden Administration mean for FinCrime?

January 20, 2021. Inauguration Day. The end of an era. Following four years under President Donald Trump, the United States will have a new president. 

What should we expect under the administration of President Joe Biden and Vice President Kamala Harris? Your answer to this question will likely depend on your top priorities. At FINTRAIL, we have been working to help our clients understand and prepare for any and all financial crime-related changes that are anticipated under the new administration. While some specifics are up in the air, it is clear that tackling illicit finance will be a top priority. 

Broadly, we can expect to see some changes from the top down. The new Deputy Treasury Secretary, Adewale Adeyemo, has promised a review of the Office of Terrorism and Financial Intelligence’s programs, including FinCEN, with plans to increase both staffing and budget. With new resources, there is likely to be new guidance and potentially new enforcement measures coming into force. 

Let’s explore in a bit more detail what we are and aren’t likely to see across the major financial crime areas over the next four years:


Money Laundering

At the start of the year, Congress passed the latest National Defense Authorization Act (NDAA), which the Biden Administration will be responsible for implementing. The NDAA outlined several major changes for BSA/AML professionals, particularly the development of a beneficial ownership register. Once implemented, this register will have a huge impact on CDD for legal entities.  Professionals should also keep an eye out for the Biden Administration’s top AML priorities, which must be published within 6 months of the NDAA going into effect, as well as the results of Treasury reviews of existing AML/CTF regulations (especially those around SAR filing) and specific studies on emerging technologies, trade-based money laundering and money laundering to China. While not immediate, these outputs may lead to further significant revisions to the existing AML/CTF landscape.

Compliance changes could also come about through other legislation. For example, with Democrats now in control of both houses of Congress, there is likely to be another push to pass the Safe Banking Act, which would give financial institutions a pass to bank the cannabis industry. This would mean needing to revamp your risk appetite and potentially your screening program, as many firms currently screen against lists of legal cannabis providers that cannot yet be banked under federal law.

Terrorist Financing

Two-thirds of US terrorist attacks in the first eight months of 2020 were from far right wing domestic terrorist groups or individuals, and especially in light of the recent Capitol attack, it is likely that far right wing extremism will remain the most pressing terrorism threat to the United States. This will be a top concern for the Biden Administration, and Biden has promised to pass a new law against domestic terrorism. Even before the recent events at the Capitol, Biden was meeting with advocacy groups, such as the Anti-Defamation League, illustrating a unique commitment and exploration of strategies to counter far-right-wing extremism. Practitioners have struggled with the lack of a specific federal crime for domestic terrorism, and there has not yet been a discussion of exactly what elements of counter-terrorism and counter-extremism the Biden Administration will prioritize. There is more explicit counter-terrorist financing legislation around the financing of foreign terrorist groups, for example, and any changes to laws against domestic terrorism could have knock-on effects for our understanding of terrorist financing. In the short term, some measures within the NDAA can be used to improve counter-terrorist financing efforts, particularly through improved public-private information sharing. 


Bribery and Corruption

Countering corruption at home and abroad is expected to be a central focus of Biden’s overall agenda. Some of the changes made within the NDAA, especially regarding whistleblower protection and requirements around ownership disclosure, directly play into this. However, for many financial institutions, it is unlikely that there will be major changes in day-to-day anti-bribery and corruption exercises, at least in the short term. FinCEN issued an updated statement on PEPs in August 2020, and while further clarification may come along during the Biden administration, there has been no explicit discussion around the position changing in the near future. 


Sanctions Evasion

The Biden Administration has already promised a “top-to-bottom” review of OFAC’s sanctions program. As part of the Obama Administration, Biden did not shy away from the importance of sanctions as a foreign policy tool, so we shouldn’t expect a major shift in their continued use. With that said, there will likely be a shift in the specific regimes applied. Shifts will take time though, especially in light of the recent move to re-add Cuba to the state sponsors of terrorism list and the time that may be needed to renegotiate the Iran nuclear deal. In some areas, we can expect sanctions to tighten. For example, Biden’s Chief of Staff, Ron Klain, has already spoken about the introduction of new sanctions in response to the recent Russian cyber attacks against the US government. There is also emphasis on taking a more multilateral approach to issuing sanctions, which could see the roll back of secondary sanctions or the pursuance of joint US/UK or US/European sanctions targeting human rights violators. Make sure your list provider will be able to quickly and accurately provide you with updated OFAC lists and that you understand any new conditions, particularly if more complex sectoral regimes are applied.

Tax Evasion

President Biden’s pick for National Security Advisor, Jake Sullivan, has previously written about ramping up efforts against tax havens as a core pillar of US trade strategy. Biden has similarly written about the importance of closing tax loopholes and reducing tax avoidance. In the near term, the implementation of the 2021 NDAA will also help with efforts to clamp down on tax evasion, particularly through the targeting of anonymous shell companies. Practitioners should continue to watch this space, as efforts to clamp down on tax avoidance may push some activity that has been licit into being illicit. 

Fraud

Fraud is also likely to be prioritized by the incoming administration, but immediate and wide-ranging changes are unlikely.. In terms of prosecution, experts have noted that there is a “serious backlog” of fraud cases, which will likely take time to process. More practically, BSA/AML professionals should pay attention to when Biden’s new $1.9 trillion COVID relief package is passed - most likely sooner than later given the Democrats’ control of the Senate. This promises further government support for individuals and small businesses, which, like the Paycheck Protection Program, is likely to lead to an increase in related fraud typologies. Make sure your monitoring system is tuned to detect these typologies, especially based on any patterns detected during the prior waves of stimulus, and that you have the human and technical resources to manage any surges in fraud.

Market Manipulation

Experts predict there to be an increase in investigations into market manipulation and securities-related crimes, including insider trading and accounting scams. However, it is important to remember that securities prosecutions can take an especially long time, so we are unlikely to see anything immediate in this space. There has not been a substantial discussion around reforms the Biden Administration is planning, but Gary Gensler, the Administration’s likely pick to head the Securities Exchange Commission, has a history of pushing through stricter oversight regulation and “issuing hefty fines,” as seen during the Libor scandal.

There are going to be changes to the way we think about and operate financial crime programs under the Biden Administration. While it may take some time to see the true impact of these changes, the shift in mindset and priorities will hopefully help the US continue modernising its overall approach to anti-financial crime.


Getting tough in 2020: Lessons learned from a landmark year of AML fines in APAC

APAC has overtaken the US in terms of the value of enforcement actions for the first time since 2015 with regulators imposing approximately USD 5.1 billion in fines for AML and KYC violations in 2020.¹ This is a result of two landmark fines imposed against Goldman Sachs for its involvement in 1Malaysia Development Berhad (1MBD) and Australian bank Westpac for its money laundering scandal with links to serious crimes. As a result of this landmark year for penalties, what are some of the key high level takeaways for APAC and how can financial institutions prevent these occurrences happening in future? 

Back to Basics

The material failures of Goldman Sachs and Westpac highlight that there is a need for financial institutions to go back to the very basics in understanding the underlying reasons for AML laws and why financial crime controls and oversight is so important. So often financial institutions approach financial crime compliance with a checklist attitude failing to understand the complex and evolving nature of financial crime risk, as well as forgetting the human impact of the underlying predicate crimes of money laundering. After the material failings of this year, compliance professionals, senior members of staff and board members should pause to reflect and ask themselves why AML and KYC controls are so critical in not only mitigating money laundering risk but also in preventing harm to the victims of financial crime. 

Both landmark cases of 2020 highlight there were significant failings of financial institutions in performing adequate customer due diligence. In the case of Goldman Sachs, the initial red flags identified in regards to the source of wealth and suitability of Malaysian businessman Jho Low as a private banking customer were allegedly dismissed by the deals team and business was actively pursued with Jho Low and his associates indirectly through the three 1MDB bonds held with Goldman Sachs. Whilst the wrongful actions of the deals team highlight a fundamental cultural concern within the bank, the fact that Goldman’s ongoing monitoring and due diligence controls do not identify the ongoing connection between the 1MDB bond transactions and Jho Low is also an area of concern. This ability to circumvent controls by the deals team as well as failures in the ongoing monitoring of customers and transactions highlight several lessons for financial institutions:

  • Due diligence is by no means a one time event. It should be conducted at the start of a relationship but also holistically and throughout all relationships.

  • All business decisions should be recorded in sufficient detail and accessible to all business areas. If at any point the relationship is terminated or declined a clear rationale should be recorded in the customers due diligence records and used as intelligence for ongoing monitoring activity.

  • Deliberate dismissal of financial crime red flags for the purpose of lucrative and unsavory business or the personal gain of employees may exist and there must be adequate internal controls and oversight to mitigate this type of behavior

Similarly, the Westpac scandal in which Westpac has admitted to “breaking the law by failing to monitor whether a dozen customers were making transactions consistent with child exploitation” also touches upon the importance of ongoing customer due diligence and monitoring.² Allegedly it was known to the bank that a customer had an existing conviction for child exploitation offences and was one of many customers sending funds to the Philippines where child exploitation is a serious concern. AUSTRAC have identified this as a failure to carry out appropriate customer due diligence in relation to suspicious transactions associated with possible child exploitation cases. Here we can learn that:

  • Customer risk evolves and ongoing monitoring solutions should be robust enough to detect and monitor any changes to customer behavior or suspicious activity, particularly those customers and transactions that are considered higher risk. 

  • AML professionals should be regularly trained on current and evolving money laundering typologies by regions, products, service offerings, customers types etc. Criminal groups and those responsible for laundering money are getting smarter. It is therefore important for transaction monitoring systems to stay relevant but also for the individuals monitoring the alerts. 

Financial Crime Compliance is everyone’s responsibility 

In this increasingly competitive climate with traditional banks losing footing to digital and neo-banks, the reputational damage and hefty fines as a result of AML/CTF breaches is no longer something banks can take lightly. As such, financial crime compliance should be at the forefront of everyone’s agenda across the business including at the most senior levels. The Goldman Sachs scandal showcases how the siloed approach between the sales team, senior management and the compliance function lead to information slipping between the cracks, and exposing Goldman to bribery and corruption. 

The due diligence failings relating to Jho Low provides one example of how a siloed approach to KYC allowed the sales team to circumvent controls and onboard Jho Low as an indirect customer via the 1MDB bonds. Similarly, allegations surrounding bribery in relation to the 1MDB transactions were allegedly known to Goldman, in which the Malaysian unit admitted to “knowingly and willing” paying bribes to foreign officials.³ These red flags were allegedly ignored by the relevant personnel instead of alerting higher-ups to problems with the bonds. Chief Executive, David Solomon, highlighted that ‘while many good people worked on these transactions and tried to do the right thing, we recognise that we did not adequately address red flags and scrutinise the representations of certain members of the deal team”. The 1MDB investigation highlights there was a problem with the corporate culture in the Malaysian division which looked to emphasize revenue and sales over honest business and compliance. 

Similarly, following the findings of AUSTRAC’s investigation and the headlines linking Westpac to child exploitation, Westpac’s Senior Management and Board of Directors have openly discussed and committed to address the concerns of its corporate culture and governance and accountability frameworks and practices, admitting that Westpac has “been focused on finding individuals to blame for problems when they arose rather than addressing systemic issues”⁴. According to Westpac, it follows the three lines of defence model to detect and combat risk, however, has admitted that this is not ‘consistently understood and embedded’ in the bank meaning that roles, responsibilities and accountabilities are often misunderstood and have allowed some things to fall through the cracks⁵. 

How can cultural and structural issues within a financial institution be addressed? Consider the following: 

  • Compliance is everyone’s job. Even within the sales team compliance should be at the forefront of the business agenda, ensuring that business is conducted honestly and transparently. Compliance should not be seen as a barrier to business but as a tool for the acquisition of good business to help achieve the firm's commercial and strategic objectives. 

  • A positive compliance culture lays the foundation for an effective AML/CFT framework. When talking about culture, this should include active engagement from the firm's leadership in terms of setting the ‘tone from the top,’ effectively integrating AML/CTF controls in business as usual and encouraging a healthy reward system where reward behaviour supports a positive AML culture

  • Allegations of bribery or misconduct should be taken seriously. Financial institutions should have in place suitable reporting and escalation policies and procedures to ensure red flags and concerns are identified and responded to by senior management where appropriate.

  • Financial institutions should ensure that their staff are aware of, and trained on, the escalation policies and procedures on a regular basis. 

  • A speak up culture should be encouraged, where no issue or concern is too small or unimportant. But most importantly, any concern should be addressed appropriately and by the relevant personnel. 

  • Roles and responsibilities should be clearly defined and understood in order to rapidly identify, prioritise, escalate and remediate issues.

Slipping through the cracks

Since the 1MDB scandal broke in 2016, a series of events have unfolded throughout the US, Switzerland, Malaysia, Singapore, Hong Kong and the UK. Central to the scheme were several senior Goldman bankers that managed to circumvent financial crime controls in place to siphon off approximately USD2.7 billion from 1MDB for their own personal gain as well as to pay a series of bribes to foreign officials. 

The Goldman case is notorious as not only was there criminal conduct by a number of Goldman executives but as we have seen there were a number of red flags from the onset and throughout the 1MDB relationship that were raised over the years that should have allowed Goldman Sachs to either identify misconduct and follow up on it or stop it altogether. Essentially the accumulation of letting things ‘fall through the cracks’ allowed for billions of dollars being laundered and stolen from the Malaysian people.

The series of failings linked to the 1MDB transactions highlight ineffective oversight of the internal money laundering controls at Goldman and also demonstrate a number of key takeaways: 

  • Documentation, record keeping and following up are so important. All decisions, rationales, investigations or resolutions made should be appropriately documented which will ensure that any risk is assessed and addressed at a point in time.

  • Corporate compliance programmes are not only adequate on paper, but companies need to ensure that they are adequately resourced, functioning properly, tested and that they can actually identify, stop and mitigate the type of conduct that lead to criminal charges.

  • Escalate, escalate, escalate. Where there is a concern escalate this through the relevant pathways and discuss these issues in a risk and compliance setting with individuals from the business and the compliance functions. 

  • Ensure there are appropriate measures in place to undergo “four eye” checks or reviews prior to opening or closing accounts, particularly high risk accounts, associated PEP accounts or accounts with any financial crime concerns. 

With this milestone year for APAC in terms of regulatory enforcement action, there are critical lessons that all financial institutions should take away to prevent being subject to hefty fines and reputational damage in future. Whether this is by encouraging firms to go back to the basics, pausing to reflect on the importance of a financial crime framework, ensuring that compliance is everyone’s responsibility or maintaining a robust control framework that is adequately tested to ensure nothing slips through the cracks, these are fundamental activities that financial institutions should undertake to protect the financial system and any victims from the perpetrators of financial crime.  

FINTRAIL in 2020

2020 was a challenging but exciting year for FINTRAIL in Asia. We further consolidated our presence in this region by working with a number of new clients on health checks, policy and procedure drafting, risk assessments and license preparation and application. We also continued to facilitate knowledge sharing within the FinTech community by taking our FFE meetings online. As demand for our services grew, we added to our team - we welcomed Sara in December who combines her industry experience working in financial crime operations for a range of financial institutions including private and investment banking and global payments services with expertise in agile project delivery. We have plenty in the pipeline for 2021 which promises to be our best year yet. 


If you would like to contact us about any of the topics raised in this article, or about your financial crime compliance needs in the APAC region, please contact payal.patel@fintrail.co.uk or sara.abbasi@fintrail.co.uk

¹Fenergo AML, KYC and Sanctions Fines for Global Financial Institutions reach 5.6 billion mid year
²Westpac admits it broke law over customers' transactions allegedly linked to child exploitation
³Goldman Sachs to pay $3bn over 1MDB corruption scandal
Westpac admits it has failed to fix culture that contributed to money-laundering scandal
⁵Westpac admits it has failed to fix culture that contributed to money-laundering scandal

FINTRAIL Monthly REG-CAP Dec 2020

FINTRAIL is producing a monthly regulatory summary of any FinCrime changes that may be occurring in Europe and beyond.

This one pager will cover:

  1. Key updates from global and local regulators

  2. Key updates from industry guidelines

  3. Additional insights identified from financial intelligence units

December 2020

This RegCap summarises any regulatory updates within the last month of 2020.

Some highlights include the UK releasing its long awaited 2020 National Risk Assessment, and FinCEN announcing several new regulatory proposals that will have a huge impact in the cryptoasset world.

What other regulations changes caught your eye in December?

If you are interested in speaking to the FINTRAIL team about any of the items in the REG-CAP, have any ideas for inclusion or want to discuss any other financial crime topic please get in touch at: contact@fintrail.co.uk

, , ,

Snakes and Property Ladders

, , ,

How is one of the most exciting moments in someone’s life also the most stressful? 

Passports. Bank statements. Proof of employment. Payslips. So many different documents provided to so many different people.

For most people buying a house, whether for the first time or finally finding your “forever home”, is meant to be one of the best moments in their lives. But this is often soured by several journeys to the estate agents/solicitors to prove you are who you say you are or by needing to send numerous personal documents by post. 

This blog looks at the documentation and due diligence behind house buying - and how it can be simplified whilst still mitigating the risks. At FINTRAIL, some of the team have been lucky enough to have bought a place within the last 12 months. We have all experienced the good, the bad and the ugly during the process but surprisingly not all in the same area. We are going to discuss the risks associated with property purchases, compare and contrast our journeys, look at how this market differs from FinTechs and gain insight from Thirdfort, a firm which specialises in providing identity verification and source of funds checks for lawyers in the property market. 

What are the risks?

Before we dive into the FINTRAIL team’s experience of property purchases, we should look into the risks associated with the property market. Laundering money through the purchase of property is often described as one of the oldest known ways to legitimise ill-gotten gains. As property purchases naturally involve high prices, it is an easy way to move large sums of criminal proceeds. Properties can also be used operationally in a criminal’s organisation - potentially as a way to generate legitimate income via rent or as a location for other illicit activity. Another risk to be aware of, which is highlighted in HMRC’s risk assessment for estate agency businesses, is the risk of overseas buyers, especially from higher-risk jurisdictions. Property purchases may be made with the proceeds of crimes committed in other jurisdictions, including but not limited to bribery and corruption and even sanctions evasion. Transparency International published a paper in 2015 which showed the extent of this risk: 40,725 London property titles were held by foreign companies of which 4.89% were held by companies incorporated in secrecy jurisdictions. 

As the risks faced by the parties in the property sector are being increasingly highlighted by numerous governmental and non-governmental organisations, it is not surprising that the property sector in the UK has come under scrutiny by both law enforcement and the supervisor under the Money Laundering Regulations, HMRC. Unexplained wealth orders (UWOs) are a type of court order used in the UK to compel the target to reveal the sources of their unexplained wealth. It uses the reverse onus principle, where the burden of proof shifts to the target. We have seen the majority of UWOs being issued to find out how multiple high-value properties had been financed, and in the most recent case saw nearly £10m of assets handed to the National Crime Agency. This shines a light on the need to understand the source of funds used to purchase a property and if this is in line with the individual’s profile. In 2019, HMRC fined Purplebricks for breaches concerning failures in having the correct policies, controls and procedures, conducting due diligence and timing of verification. This highlights the need for the sector to have the correct level of customer due diligence in place, which involves understanding and verifying who your customer is. 


Our Journeys 

house buying-01.png

Where is the technology? 

The first interesting observation is the lack of technology in most of our journeys. Lauren was lucky as her solicitors used an app for verification and a portal to update on progress. Being able to take a picture of your ID and upload a selfie is something we now come to expect in the FinTech space, which was replicated here. However, for Rachel and JP, the methods used to verify their identity, including certifying copies of documents or having to see someone face-to-face, were time consuming, costly and quite surprising given the online methods we know work very well in identifying and verifying individuals today.  At the time of JP’s purchase, the national lockdown was underway and COVID restrictions were in place for all businesses. To require face-to-face contact when businesses should have been operating as “COVID secure” does not seem logical, especially with the numerous contactless options that are available.  

Thirdfort have noted that the legal sector is embracing technology at an increasing rate, and certain developments mean that this trend is likely to continue apace. The HM Land Registry recently announced that they are now accepting digital signatures, and the Ministry of Justice temporarily accepted video witnessing of wills during this year’s lockdown. At the same time, law firms have had to digitalise their approach to client due diligence due to social distancing and lockdown restrictions, so it seems that the process of buying or selling a property is set to become more tech-focused. 



So what if the industry took more of a risk-based approach?

Using a risk-based approach is an expected element in a risk management framework. Within the conveyancing process, a risk-based approach could include collecting different levels of information and documentation for identity verification, varying the beneficial ownership threshold for verification, and collecting different levels of evidence for source of funds/wealth all in line with the risk of the customer. To help define that risk-based approach, a risk assessment should be conducted to identify the areas with the biggest risk exposure and tailor the procedures to mitigate those risks. HMRC recently published guidance to help estate and letting agents identify and understand where those risks could lie. 

 

In our cases, there appeared to be a lack of a risk-based approach for Lauren with her source of deposit checks from the solicitors.  A small percentage was kindly gifted by her mum, who was then asked to prove her source of funds with numerous bank statement requests. Given Lauren’s mum has been a working professional for a number of years and has accumulated savings over those years, the level of detail required for her to prove this seems excessive. This point is emphasised more when you look at JP’s source of funds check.  His proceeds came from the sale of another house, but this was not investigated in detail to ensure the funds did not come from another source. At FINTRAIL we encourage all our clients to treat their anti-financial crime checks as something more than a “tick box exercise”, which does not seem to be the case in relation to JPs SoF checks.

What next? 

Here are some key takeaways for the property market to consider:

  • Conduct a risk assessment to ensure you identify and better understand the key financial crime risks you are facing. 

  • Look out for red flags of suspicious activity, which may include:

    • Anonymous or difficult to identity owner 

    • Unusual or inconsistent income 

    • Over or under estimated property prices

  • Take advantage of the technology out there to create a smoother customer journey while still mitigating risks.

  • Apply a risk-based approach to your financial crime framework to ensure you are focussing your attention on the highest risk areas, especially when it comes to verifying source of funds.

  • Apply more targeted client due diligence and enhanced due diligence to specific areas of risks identified, rather than applying the same standard measures across the board. This allows firms to mitigate the actual risk posed by the customer rather than just conducting a tick box exercise.

  • Look out for HM Land Registries guidance on digital identity checking in conveyancing.

  • In light of the Covid-19 pandemic, companies such as Thirdfort have shown the importance of individuals being able to complete their due diligence checks in the comfort of their own home. It is important to hit a comfortable ground between ensuring firms can verify clients and manage risk compliantly and taking some of the pain-points out of property transactions for the client.


If you’d like to learn more, please contact Lauren Vincent, Team Coordinator, or email us directly at: contact@fintrail.com.

, , ,

FINTRAIL Monthly REG-CAP Nov 2020

, , ,

FINTRAIL is producing a monthly regulatory summary of any FinCrime changes that may be occurring in Europe and beyond.

This one pager will cover:

  1. Key updates from global and local regulators

  2. Key updates from industry guidelines

  3. Additional insights identified from financial intelligence units

November 2020

In November’s issue, we cover post-Brexit sanctions.


Other highlights include two important reports published by Europol.

What other regulations changes caught your eye in November?

If you are interested in speaking to the FINTRAIL team about any of the items in the REG-CAP, have any ideas for inclusion or want to discuss any other financial crime topic please get in touch at: contact@fintrail.co.uk

, , , , ,

FINTRAIL Book Club: Anti-racism

, , , , ,

In October 2020, and to mark Black History Month, FINTRAIL ran a team book club dedicated to reading books authored by Black, Asian, Minority Ethnic and Inidigenous people and People of Colour (BAME and BIPOC). We did this to improve our understanding of racism and the issues faced by the BAME/BIPOC communities, as well as to facilitate an open discussion, ensuring that everyone in the team participated actively in a discussion about racism. We wanted to share how we set up the book club, our key takeaways and our next steps.

We devised a list of books by BAME and BIPOC authors, and asked each person in the team to pick one book to read. We asked a series of short, generic questions (what was the story, what did you learn, what challenged you about the book) and then all met (virtually of course in these COVID-19 times) and each ran through the book we’d read and answered the three general questions.  This meant everyone could share their individual take on the book they’d read and we got to learn about a wider range of books than if we’d simply picked one book for us all to read. The team at FINTRAIL offers a huge note of thanks to Meredith and Ishima for coordinating all of this.

We held a lively and engaging discussion, the main takeaway being that we all experienced an overwhelming feeling of shock and frankly horror at the injustices BAME and BIPOC individuals have faced on a continuous basis throughout history. We learned from Mikey’s reading of “In Black and White” [Alexandra Wilson] about the injustices faced by black criminal barristers in the UK, and how the mistreatment of black people in the legal profession - often mistaking them for defendants - negatively impacts how justice is served to our BAME populations in the UK. There is a horrible and unjust (pun fully intended) irony here. Meredith read “Indian Horse” [Richard Wagamese], centering on the author’s experiences as an Indigenous person in Canada of the residential care system. The practice of residential care for indigenous people was only disbanded in the 1960s in Canada, and it subjected indigenous children to religious cleansing, child labour and sexual abuse in many cases, turning on its head the notion that Canada has been sensitive in its handling of indigenous communities. 

We observed too that there were wild discrepancies between how much black history we had all covered at school; some colleagues had covered elements of black history in detail, whereas others hadn’t touched on anything specific.  For many of us, this discussion was one of the first opportunities we’d had (or taken) to discuss racism openly and learn about black history.  That all being said, and as Maya pointed out based on her reading of “Black and British” [David Olusoga], it became clear to us that we need to start teaching black history not as a history of black people in Britain, but as an integral part of the history of Britain. We lose important context if we do the former. As such, it seems critical that schools and educational institutions examine urgently how they are teaching history that fully encompasses the Black, Asian and Minority Ethnic/BIPOC experience. 

As regards other practical steps to be taken, we learned from James’s reading of “Why I’m No Longer Talking To White People About Race” [Reni Eddo-Lodge] that the need for black equality is not about inverting the power balance between black and white people, but rather rebalancing that power evenly. James noted - in a work-based example - that the notion therefore of hiring people solely on “merit” was no longer sustainable, and that to redress the imbalances caused by racism, more proactive hiring of BAME/BIPOC individuals is needed.  

Finally, we learned from a number of the books we read that white people have been conditioned not to talk about race, or deal with their privilege and that this has to change if we are to make inroads into the battle against racism. Therefore, a small, but important logistical observation stood out: running the book club the way we did - with each person reading and commenting on a different book -  facilitated a very open discussion.  In turn, this ensured that everyone participated and had to start that conversation about white privilege and Black, Asian and Minority Ethinc/BIPOC oppression with the group, and - most importantly - with themselves.

If you’d like to learn more, please contact Gemma Rogers, Co-Founder, or email us at: contact@fintrail.co.uk.

,

Partners Against Crime: FinTech-Banking Partnerships in the GCC

,

With particular thanks to Banque Saudi Fransi, First Abu Dhabi Bank, Jingle Pay, Rise, Xpence, and Ziina.

Although the FinTech sector in the GCC has developed significantly in recent years, it is still relatively underdeveloped in global terms and has huge potential for future growth.  One major obstacle often cited by FinTech start-ups is the difficulty of establishing partnerships with incumbent banks.  These are essential since FinTechs generally operate under a bank’s licence rather than obtain their own, and rely on the banks’ payment rails.


However, banks in the GCC are often reluctant to onboard FinTech partners, for both commercial and compliance reasons.  Many are creating their own digital product offerings and see FinTechs as competition.  However, another major issue is the banks’ worry around the financial crime risks posed by customer-facing FinTechs.  In a region already recognised by external parties as high-risk, and facing numerous financial crime threats from money laundering and terrorist financing to sanctions evasion, many banks are reluctant to take on new high-risk business and consider FinTechs to be outside their risk appetite.  


While financial crime considerations are clearly relevant in every region, an additional complication in the GCC is the fact regional banks are concerned about their correspondent banking partnerships, which enable them to transact in foreign currencies.  Widespread derisking has caused many global banks to cut ties with their Middle Eastern counterparts, meaning regional banks can’t endanger their remaining partnerships by taking on new business their partners will deem high-risk.  Effectively, regional banks can’t define their own risk appetite and have to follow that of their international partners.


As well as correspondent banking partners, regional banks must also satisfy increasingly strict local regulators.  The introduction of more rigorous regulations and enforcement by GCC regulators to meet international expectations has resulted in significant de-risking within the GCC itself, with banks terminating relationships rather than accepting and managing the associated risks.  In this environment, signing up new, high-risk FinTech businesses is a tough sell.


However, there are clearly major benefits for both banks and FinTech start-ups to successfully form partnerships with the right counterparts.  The key is for the banks to be comfortable with the FinTechs’ compliance frameworks and controls, and to be able to convince their correspondent partners and local regulators that they have suitable systems in place for assessing and managing the risks associated with these partnerships.  


So in practical terms, what do regional banks and FinTechs need to do?  FINTRAIL has looked in a previous blog at FinTech-bank partnerships in the US, and some key ways the two parties can ensure a successful partnership by aligning risk appetites, expectations, and operating practices.  Many of the key takeaways, such as the need for clear roles and responsibilities, a documented escalation process, and regular communication, are clearly of global relevance and just as important for GCC firms as those elsewhere in the world.  


In addition, to address the specific challenges in the GCC, regional banks should ensure they can demonstrate the following:

  1. A clearly defined risk appetite for FinTech partnerships and the type of business and levels of associated risks the bank is happy to accept

  2. Tailored onboarding and customer risk assessment processes for FinTechs, to ensure the bank fully understands the risks of each relationship and manages them accordingly, with the appropriate level of due diligence

  3. Special due diligence controls designed for FinTechs, such as nuanced AML questionnaires, onsite visits, and bespoke transaction monitoring, to give the bank insight into its partner’s compliance controls and activity


Regional banks should also seek to educate their correspondent partners on the local regulatory environment, such as FinTech licensing requirements and local KYC regulations, to help them better understand the true nature of the underlying customers.  This could help dispel misconceptions about the level of risk posed.


Ultimately, there is no doubting the potential of the FinTech sector in the GCC, and the opportunity for all parties to benefit.  Regional banks recognise that FinTechs are shaking up the industry and forcing innovation in terms of product offerings and customer service.  Digitising their own offerings will only go so far towards meeting this challenge, and partnering with the right start-ups will offer them the chance to benefit themselves from this innovation.  Especially given the current economic situation in the region, the prospect of new revenue streams is not easy to dismiss.  Banks who can think creatively about how to manage the compliance risks associated with FinTech partnerships and can demonstrate a rigorous programme to their own internal stakeholders and to external partners stand to make tremendous gains.


FINTRAIL has experience working on both sides of the table helping FinTechs and their partner banks manage financial crime risks. We can assist by helping banks determine their risk appetite and design robust onboarding and ongoing monitoring programmes for FinTech partners, and by performing assessments of FinTechs’ financial crime exposure and compliance programmes and controls.

If you’d like to learn more, please contact Maya Braine, MD for Middle East and Africa, or email us at: contact@fintrail.co.uk.

FINTRAIL Monthly REG-CAP Oct 2020

FINTRAIL is producing a monthly regulatory summary of any FinCrime changes that may be occurring in Europe and beyond.

This one pager will cover:

  1. Key updates from global and local regulators

  2. Key updates from industry guidelines

  3. Additional insights identified from financial intelligence units

October 2020

In October’s issue, we cover FATF’s response to Weapons of Mass Destruction proliferation financing.


Other highlights include the INTERPOL-EUROPOL 8th cybercrime conference and the removal of Sudan from the US sanctions list.

What other regulations changes caught your eye in October?

If you are interested in speaking to the FINTRAIL team about any of the items in the REG-CAP, have any ideas for inclusion or want to discuss any other financial crime topic please get in touch at: contact@fintrail.co.uk

, , , ,

Case Study: Digitisation Support

, , , ,

Designing Financial Crime Compliance Programme for Africa-Focused Digital Product

A case study of how FINTRAIL helped an international banking group launch a new digital product, by designing an innovative, tech-focused financial crime compliance programme.

See how FINTRAIL designed bespoke policies and procedures, processes for customer onboarding and ongoing monitoring, to ensure full regulatory compliance, effective risk mitigation, and great customer experience.

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch with the team at: contact@fintrail.co.uk

COVID-19 and the rush to Digital Onboarding

By Jessica Cath (Senior Consultant, FINTRAIL)

In July 2020, FINTRAIL wrote about the hot topic of digital onboarding and how to use Compliance as an enabler to necessary digital transformation.  With much of the world living life from their sofas and managing their day-to-day financial needs from home, COVID-19 had kickstarted a rush for digital onboarding. 

Three months later, as we settle into the new normal, we have an opportunity to reflect on the potential risks of implementing new technologies in challenging circumstances, as well as the opportunity to refine the digital journey going forward.

Successful digital implementation in the long term depends on fully understanding the technology and the associated risks – and how these risks fit within your risk assessment and existing control frameworks.

FIRST IMPRESSIONS MATTER

A streamlined onboarding process is vital for both customers and firms. 

Onboarding is the first opportunity to showcase quality relationship management, build trust with new customers, and demonstrate both efficiency and technological prowess. Onboarding is also expensive and scattered with regulatory requirements, so it is vital for firms to get it right first time and in a short timeframe. 

Digital onboarding can offer solutions. Replacing or refining traditional and often paper-based onboarding channels can speed up the process, improve user experience, reduce costs and - if implemented correctly - enhance compliance with regulatory requirements.

COVID-19 AS AN ACCELERATOR

The arrival of COVID-19 meant that digital onboarding capabilities became a matter of priority. Lock down measures restricted face-to-face interactions and any paper-based onboarding was effectively halted. 

Today, despite the relaxation of restrictions, we still see fewer customers at physical locations and fewer face-to-face interactions. 

We have also seen more customers proactively choosing to use digital channels. Digital experiences during lock down have increased confidence in technology channels and most customers now expect fast, seamless and digital onboarding.

THE RISK OF RUSHING

Despite many benefits of digital onboarding, rushing into new technology can expose the firm to risks – particularly if new technology is implemented in haste.

Given the challenging circumstances of remote operations and the need to adopt technology at speed, these risks are heightened.

Network and data risks 

Risks to data and network security are particularly high. The pressure to maintain business continuity during COVID-19 may mean that compromises were made. New technology may have been implemented with quick-fix workarounds outside of the fundamental security principles. With limited time for comprehensive proof-of-concept testing or securing systems-by-design, new technology or its integration may have vulnerabilities and leave the firm exposed.

Financial crime risk 

Risk of exposure to financial crime is also high. COVID-19 has proven to be a fertile ground for fraud and cyber-enabled crime. Confusion, misinformation and fear make customers and firms more vulnerable to fraudsters. Any new onboarding technology must be properly configured to the firm’s specific client base in order to effectively mitigate new fraud risks. 

TIPS FOR SUCCESSFUL DIGITAL IMPLEMENTATION

To overcome these challenges, there are several considerations and top tips for successful digital implementation. Ideally these steps would be taken prior to implementation but also offer areas for reflection and refinement if the digital solution is already in place.

1. Understand the technology you are implementing

Fully understand the technology, data flows, security, configurations and the third-party provider themselves. 

The technology should be assessed and reviewed before implementation, with careful consideration given to secure, seamless integration. If workarounds are implemented to enable integration, these should be properly documented with appropriate debate, governance and oversight. Any workaround should also be reviewed periodically and re-assessed with a view to achieving a more permanent solution.

The third-party provider should also be assessed and subject to checks and screening in line with internal policy requirements. These checks should be documented with appropriate sign-off. If any of these checks were fast tracked during the lockdown period, now is the time to review and verify.

2. Ensure the technology fits within your risk appetite 

To ensure long-term success (not just to meet the needs of COVID-19 lock down), the technology should fit within the firm’s existing risk appetite and wider technology strategy. 

Despite the unprecedented circumstances, the Financial Conduct Authority (‘FCA’) made it clear that firms should not divert from established risk appetite. In their May 2020 publication on financial crime systems and controls, the FCA stated ‘firms should not seek to address operational issues by changing their risk appetite’. The functionality within any new onboarding solution should be reviewed in line with risk appetite, and any risk decisioning should be documented with appropriate governance and oversight. 

Any new digital solutions should also map against the firm’s digital journey in the long-term, instead of being implemented as a quick-fix solution. If there are discrepancies, these should be documented and addressed in the next iteration of the strategy to ensure alignment.

3. Update risk assessments and controls 

Similarly, risk assessments and control frameworks should be updated to reflect the use of new technology. 

Enterprise-wide risk assessments should be reviewed in light of COVID-19 and changing risk scenarios, as well as the implementation of digital solutions. New onboarding solutions may address some of the risk scenarios created by COVID-19 but can also create new risks that may need to be mitigated through other control measures.

For instance, new controls may need to be added to test the platform itself. As part of a digital onboarding solution, a new screening tool may have been integrated for faster sanctions, PEPs and adverse media screening of new customers. The firm must periodically test the screening platform – to verify the outputs and ensure it continues to work as expected, in line with parameters set by the firm’s risk appetite.

4. Ensure proper integration with infrastructure and process

Finally, to get the best out of new digital solutions in the long term, ensure it is fully integrated with both current infrastructure and streamlined processes.

Fully streamlined integration with existing infrastructure often requires comprehensive proof-of-concept testing. With limited time for testing during the COVID-19 lock down period, there may now be opportunities for refinement – both from an operational and security standpoint.

Firms should also take time to review operational processes sitting alongside the use of onboarding technology, to prevent duplication of process steps or error. New digital onboarding solutions offer opportunities for speed and efficiency, but only if old processes are adjusted and refined.

KEY TAKEAWAYS

  • Digital onboarding solutions can benefit user experience, process streamlining and regulatory compliance, but can also expose the firm to further risks

  • Successful implementation depends on fully understanding new technology and the associated risks - and how these sit within established risk appetite

  • Existing risk assessments, control frameworks and processes should be updated to reflect the implementation of new digital solutions

  • If any technology was implemented in haste for COVID-19 lockdown, now is the time to review and close any gaps!


If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch at: contact@fintrail.co.uk

, , ,

When you should carry out ongoing Due Diligence and how to remediate gaps

, , ,

The FINTRAIL and Jumio teams have been discussing why regulated businesses are expected to perform ongoing Due Diligence on clients, why it is important to remediate gaps identified, and the approach businesses should consider when performing this remediation.

In this report you will find examples of the different scenarios when you should consider refreshing your Due Diligence. It also highlights why it is important to remediate gaps and how you should seek to operationalise this process.

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch with the team at: contact@fintrail.co.uk

Free resources

Access free resources designed to help strengthen your anti-financial crime controls.

Partner with us

We love to support projects that combat financial crime -
get in touch to find out more.