Non–profit organisations (NPOs) are often regarded as high–risk by financial institutions. There is a gap between the extent of the perceived and actual risks present in the NPO sector, and that financial services should bear some key factors in mind when working with the sector.
How to Manage Financial Crime Investigations
SOME KEY TAKEAWAYS FROM OUR HOW TO MANAGE FINANCIAL CRIME INVESTIGATIONS WEBINAR, 26 APRIL 2022
Our key insights cover:
Best practice for managing and conducting financial crime investigations
Engaging with law enforcement
Finding the right talent
Making the Most of RegTech for Financial Crime Compliance
Some key takeaways from the IBF Singapore / FINTRAIL masterclass, 25 April 2022
What is Regulatory Technology (“RegTech”)?
RegTech is a subset of financial technology (“FinTech”) centred on technologies that effectively facilitate the delivery of regulatory requirements. There are many different types of RegTechs on the market that serve an expansive ecosystem of services, not limited to financial crime.
Risks involved in adopting RegTech
While there is no doubt adopting RegTech solutions can improve the efficiency and effectiveness of your financial crime-fighting functionalities, there are multiple risk factors to consider throughout the various phases of engagement:
Technical risks including any technical issues from integration to BAU operations
Business continuity risks including core risks that may impact your firm’s ability to operate
Vendor management risks including any service level agreement issues, contractual risks, and obligations around change management…
FINTRAIL’s thoughts: The FCA review of challenger banks’ FinCrime programmes
The Financial Conduct Authority has conducted a review of “Financial crime controls at challenger banks”. The basis of the review was a statement in the 2020 UK National Risk Assessments that criminals may be attracted to faster/streamlined onboarding processes.
The FINTRAIL team have been discussing the report and associated media coverage, and as you might expect, had a number of thoughts!
Media coverage somewhat obscures the fact the FCA declares, “we remain of the view that there are limited differences in the inherent financial crime risks faced by challenger banks, compared with traditional retail banks.” This is borne out by the fact the findings largely align with the topics raised in the FCA’s previous “Dear CEO Letter” to traditional retail banks, indicating there isn't a significant difference between challenger and traditional institutions.
This chimes with assessments within the industry of the risks associated with challenger vs. incumbent banks, which some of our team have been involved. They found that the way challenger banks were used by criminals differed to the way the same criminals used incumbent banks - challenger banks were typically used for high volume low value movements, whereas incumbent banks were used for low volume, high value crimes. In other words, neither type of financial institution was necessarily riskier than the other; it was how they were used by criminals that was the clear separator.
The FCA criticises lenders for failing to take details of customers’ income and occupation. Strong views on this one - there is absolutely no regulatory requirement to do so, and it’s questionable what value such self-declared, unverified information would provide. This ‘failing’ has been highlighted in the media (e.g. the Financial Times), with no mention of the fact banks are not actually obliged to collect this information.
The FCA cites a 'substantial' increase in the number of SARs filed last year, but this could either mean an increase in suspicious activity, OR that firms are getting better at identifying it, making it hard to draw conclusions from this statistic in isolation.
Many of the areas of weakness are key components of a good financial crime programme, requiring a ‘back to basics’ review by banks:
Lack of / poor customer risk assessment frameworks
Inadequate resources to manage alerts
Inconsistent or undocumented enhanced due diligence (EDD) procedures, including for PEPs
Weakness management of FinCrime change programmes, meaning control frameworks are not keeping up with rapid levels of growth and changes to business models.
The FCA is reportedly struggling with high levels of job vacancies. This is a common theme across every organisation involved in fighting financial crime (and crime more broadly) - from Companies House to regulators and supervisory bodies and all branches of law enforcement. This must be addressed at the government level - adequate resources must be given to institutions involved in the fight against financial crime.
Why Financial Institutions Must Keep on Top of Fraud
An ever-present threat, fraud has been rising sharply in recent years, exacerbated by the pandemic which disrupted standard behaviour and moved financial services further online. In the UK alone, fraud offences have increased by 36% since 2021. Against this backdrop, the UK’s Financial Conduct Authority (FCA) recently launched its three-year strategy to protect consumers, with a heavy focus on fraud. It plans to develop a new approach for supervising anti-fraud systems and controls of regulated firms as well as undertaking assessments to understand and evaluate firms’ ability to protect consumers from fraud.
Given this increased regulatory focus, financial institutions must be agile in responding to emerging fraud threats, adopting a proactive rather than reactive approach, and be able to demonstrate that they have taken steps to actively assess and mitigate the risks they face.
Exploiting crisis
The last few years have seen a myriad of international crises ushering in change and uncertainty. Within this chaotic climate, fraudsters have been able to thrive and exploit human and technological vulnerabilities. Frauds take different shapes and sizes, from manipulative romance scams to lucrative push payment frauds — leaning on social engineering and impersonation techniques. Online investment scams, particularly in the realm of cryptocurrency, are also booming as people look for quick ways to make money online. Criminal networks often recruit money mules with changing demographics to move the money before it can be frozen, increasingly targeting middle-aged individuals less likely to be detected.
What financial institutions need to know
In light of the whirlwind of frauds and increased regulatory focus, financial institutions need to be proactive and prepared. Moments of particular vulnerability include the launch of new products or features, which entice fraudsters to exploit potentially immature controls. However, due to the rapidly evolving world of fraud, businesses should also continuously reassess their controls to ensure they are developing along with their offerings and firmly secure detective controls and preventative measures.
At FINTRAIL, we are experts in developing and deploying counter-fraud, anti-financial crime, and risk management controls. If you would like support with building, refining or auditing your fraud controls, please get in touch; see our full range of fraud services here. We’re also here to support you in assessing and testing customer and product risk, offering remediation support, and providing context-based training to your teams. Please email us at contact@fintrail.com
Russia Sanctions: Unprecedented, Creative … Effective?
The unparalleled onslaught of sanctions imposed on Russia in the past month has by some measures created its desired effect. The so-called ‘economic blitzkrieg’ against the Russian state has pushed the economy into free-fall with the ruble collapsing dramatically, leading to panic buying and stringent capital controls. To maximise economic impacts and dissuade Russia from continuing its brutal attack on Ukraine, the international community has gone beyond adding yet more names to sanctions lists to come up with more creative, targeted, and (it is hoped) effective ways to sanction the country. It has targeted strategic sectors and areas of financial activity to push Russia’s economy to the brink, in the hope of forcing a change in behaviour and reaching a political solution.
Financial mechanisms
The once hotly-debated ban from SWIFT was partially implemented on 12 March 2022, effectively eliminating seven designated Russian entities and their Russia-based subsidiaries from the important international messaging system used between financial institutions. The sanctioned institutions were strategically selected for their involvement with Russian industry, foreign investments, security and defence, while attempting to prevent the harshest negative impact on business and energy-reliant European countries. Russia’s biggest bank Sberbank and third-largest lender Gazprombank are notably missing from the list.
In principle, excluding these key institutions will make dealings burdensome and slower as financial institutions will be forced to use less secure and outdated methods of interbank communication or Russia’s own domestic system, which has noted significant challenges. While some analysts allege the ban’s impact will ultimately be minimal, estimates from 2014 claimed that a SWIFT ban could lead to a 5% drop in Russian GDP.
Sanctions have also been placed on Russia’s Central Bank by the EU, US, UK and others. By effectively freezing Russia’s access to its foreign exchange reserves, international payments are made more difficult, as is the ability to keep the ruble stable. Expanding on measures taken in 2014 that strategically targeted entities in specific sectors, Western governments have imposed new and extended capital market sanctions. 70% of the Russian banking system and vital government and state-owned companies will no longer be able to refinance in EU capital markets, and the issue of trading in Russian sovereign bonds has been suspended in key financial centres, including the US and the UK.
Trade restrictions
In an effort to constrain Russia’s technological and military capabilities, sanctions have been placed on targeted strategic sectors including export bans on technologies that support oil refining, defence and security, aviation and space. Airbus and Boeing have even halted maintenance supplies and support to Russian airlines, which is expected to lead to long-term operational issues across the country.
Other dual-use goods such as computers, telecoms, and semiconductors have also been subject to export bans. Semiconductor chips, which are used in everything from mobile phones and computers to military drones and supersonic jets, are prohibited from sale to Russia if they contain US inputs (which includes chips made in Taiwan and elsewhere). The US is the dominant player in chip design, research, and development, and holds many patents for high-end chips. The government believes banning their export will have “massive consequences” for Russia’s military-industrial complex, given the increasingly technological nature of modern warfare. Putin himself said in 2017 that the leader in artificial intelligence will ultimately become “the ruler of the world”, and so the hope is that stymying Russian access to crucial technology will be a significant blow that will thwart his ambitions.
Travel and shipping
In an attempt to physically isolate Russia, measures have been imposed to restrict the movement of goods and people. The Russian national carrier Aeroflot has been barred from EU and UK airspace, and Russian registered ships are prohibited from entering UK ports. Some ports are also refusing to unload Russian cargoes, even where this is not actually prohibited under current restrictions. To further curtail operations in this strategic sector, the UK has also blocked Russian aviation and space companies from accessing its distinguished insurance sector, likely leaving Russia’s commercial airlines to turn to China.
Energy
Despite general unity on the new sanctions approach, the energy sector remains an important exception. Less-dependant states have taken action: the US (which relies on Russia for only about 3% of its oil) has banned the import of Russian oil, liquified natural gas, and coal, and the UK has initiated a plan to phase out Russian oil imports by the end of 2022. However, the EU’s heavy though unevenly distributed reliance on Russian energy makes for a fragmented response. While the Baltic states have halted the import of Russian gas and turned to reserves stored in Latvia, countries like Germany, which imports 55% of its gas from Russia, are resistant to an all-out embargo. In addition, heavily discounted Russian oil is still being purchased by countries including India and China, which would limit the effect of a total Western embargo.
The energy sector is a significant vulnerability for the Russian economy; oil accounts for a striking 44% of Russia’s exports and contributed 40% of last year’s budget revenue. Oil and gas exports bring in hard currency and will complement the Central Bank’s efforts to control the ruble, with signs that the banking system may be gradually stabilising. However, as the atrocities of war crimes in Ukraine unravel further, intensifying pressure on key EU decision-makers may result in the imposition of harsher energy sanctions.
“Self Sanctions”
Driven by pressure from public opinion and shareholders, many Western companies have gone beyond complying with obligatory sanctions to divest or pull out of Russian markets. Visa, Mastercard and PayPal services have been suspended, and energy companies including BP and Shell have divested or withdrawn their operations. The German pharmaceutical and life sciences company Bayer has even threatened to suspend crop supply sales for next year’s harvest. Unsurprisingly, iconic Western fast-food brands like McDonalds, Coca-Cola, and Starbucks have followed suit in closing their doors, leading to significant job losses. French luxury house Chanel has closed its stores in Russia and even stopped selling goods elsewhere to people who intend to take them to Russia, which it claims is to comply with EU sanctions banning the sale of luxury goods to the country. Globally, many shops in the West have voluntarily removed Russian vodka from their shelves in an expression of solidarity, though inflicting little economic impact.
Culturally, Russia has also been banned from multiple international cultural and sporting events including football, hockey, ice skating and even the Eurovision song contest. While these measures mainly carry cultural weight, they signal collective disapproval that will isolate Russia further.
Will the sanctions work?
The international community has been swift in implementing a range of sanctions, taking a broad approach and identifying innovative and strategic ways to hurt Russia's economy while bracing for the inevitable impacts on their own. Yet Russia shows no sign of abandoning its attack on Ukraine — bringing to question the reality that sanctions may not have their intended effect on Putin and the war, but instead impact everyday citizens the most. Moreover, analysts warn that Western governments must be clear about what the sanctions are expected to achieve. The aim is to convince Putin that de-escalation is preferable to continuing aggression, which means it must be clear under what circumstances the sanctions will be lifted. Permanently crippling the Russian economy may satisfy ‘righteous’ punitive instincts, but is ineffective as a bargaining tool.
What does this mean for compliance?
Evidently the vast array of measures outlined above pose a challenge for compliance professionals. The first stage has to be ensuring that their firms have a robust sanctions screening process in place. Any organisations still using manual processes need to urgently look at switching to automated, ongoing screening. Firms that do use screening tools need to interrogate the lists on which the tools are based to ensure they are up-to-date and fully comprehensive. They should obtain granular details on how associated parties, e.g. subsidiaries of designated institutions, are identified. All firms should ensure they understand how aggregated ownership is calculated by the relevant regulators (the UK, US and EU all take a different approach).
In many ways, ensuring compliance with sanctions against designated entities is the easy part. The second thing to consider is how to ensure compliance with the broader range of measures discussed in this article against specific types of financial transactions, goods and services, sectors etc. Here compliance professionals must engage with the business teams to fully understand the nature of services being offered or goods forming the subject of transactions, and should be prepared to ask for additional information, conduct their own enhanced research, or seek external advice where necessary. There can be no one-size-fits-all approach, as every firm will have a different level of exposure based on its individual products and services, and its customer base.
Finally, it is also clear that financial institutions should consider the reputational impact of any Russia-associated business as well as their regulatory obligations. Certain types of business or certain Russian customers or counterparties may remain permissible, but the risk of any business activity undermining sanctions measures or causing reputational damage to the firm should be considered. This must be weighed up carefully against heavy-handed ostracising of all Russian-related companies and individuals, which could amount to deliberate and potentially even unlawful exclusion.
How FINTRAIL can help
At FINTRAIL, we combine deep financial crime risk management with geopolitical expertise to help you keep your anti-financial crime and sanction programmes in step with current events. Please get in touch if you would like support with refining, enhancing or testing your sanctions or transaction monitoring programmes. We’re here to support you in conducting due diligence on higher-risk situations, providing context-based training to your analytical team, and helping you navigate the situation as it unfolds. Please email us at contact@fintrail.com.
Advisory Notice: Russian Asset Flight
Ongoing tensions between Russia and Ukraine mean that financial institutions (“FIs”) need to be adequately prepared for potential new sanctions measures. The uncertainty caused by the conflict has likely resulted in funds flowing out of Russia, which FIs should be actively monitoring. FINTRAIL has compiled the following overview of typologies and red flags to assist with identifying cases of asset flight from Russian state-owned enterprises, oligarchs, and senior officials
The Optimal Path to AI Implementation for Financial Crime Compliance
Implementing AI is not as simple as flipping a switch, and in the initial stages it can be difficult to identify where to start.
Together with Napier we developed a 12-step path that guides you through AI implementation and provides answers to some of the most common challenges you might face in this process.
Anti-Money Laundering Essentials for Startups
For many early-stage, fast-growing fintechs, implementing anti-money laundering compliance tools and processes can be a challenge. We’ve produced this guide with ComplyAdvantage to provide practical tips on building a compliance function that can scale with your business.
Download the guide to explore questions including:
What are KYC and Digital ID processes, and why do they matter?
What is the latest on the regulatory landscape in the UK, US and European Union?
How should firms look to appoint an MLRO?
Hiring a Diverse and Inclusive FinCrime Team
At FINTRAIL, we strive to improve diversity, equity and inclusion (DE&I) in all aspects of anti-financial crime. We co-created the FinCrime Principles of Inclusion to increase awareness of this important area and to provide practical, implementable guidance. One of the fundamental places to address this topic is hiring — DE&I considerations need to be front and centre when building and scaling financial crime teams.
Why does having a diverse group of anti-financial crime professionals matter?
Many organisations do not have a formal strategy for improving diversity and inclusion. Yet studies show companies with a more diverse workforce outperform their peers financially. They attract stronger talent, support better decision making, and improve risk management. A Forbes Insight survey found that diversity fosters creativity and innovation, and more than 75% of job seekers state that diversity is a key factor when considering companies and job offers.
With regards to financial crime teams in particular, a diverse and innovative team will bring different perspectives to better identify and manage risk, and to build onboarding and risk assessment processes that are not discriminatory. More diverse teams can better spot unintentional bias in both your manual and automated control frameworks, ensuring more effective risk mitigation. They can also play an important role in minimising financial exclusion, reaping commercial benefits and ensuring you provide fair access and treatment for all customers.
The benefits of a diverse team are thus all-encompassing and well established. Here are some questions you can ask yourself to kick start the conversation on creating a more equal and inclusive workforce, and make sure you’re reaping the benefits:
Are all your requirements necessary? Stipulating unnecessary requirements will limit the pool of potential candidates. To open up a more diverse pool and promote a multidisciplinary and thriving environment, focus on hiring for skills, aptitude and a passion for financial crime.
Do you need to have formal tertiary education for your role profiles? Not everyone follows traditional educational paths, but this does not mean they are not as passionate, determined or capable as those that do.
Do you specify local regulatory experience? This can alienate those from other countries, who may have a wealth of transferable knowledge.
Is industry experience truly essential? For certain roles, candidates from other industries may be able to demonstrate transferable skills and knowledge, while also bringing additional insights to the table.
How do you source candidates? Specify your diversity requirements to recruitment firms and ask for evidence of how they incorporate DE&I into their process. Explore new recruitment channels that attract diverse candidates. Use diversity-focused networking events, job fairs or job sites. Consider how you use social media to promote roles - LinkedIn is often used as a primary platform, but this can limit the profile and demographic of candidates to people already in your personal network. There is a large pool of diverse candidates out there – you can find them with a bit of effort and change in approach.
How can you address unconscious bias? It is important to understand how bias can manifest itself, and how easy it can be to overlook qualified diverse candidates. A US study found that ‘applicants with Black-sounding names received 14% fewer interview offers than their otherwise identical white counterparts’. Consider removing unnecessary identifiers like names, gender, or other personal information and photographs from applications and CVs, to reduce biased first impressions.
Train your staff to identify bias and support a more inclusive interview process.
Have a diverse group of decision-makers involved in the hiring process.
Decision-making criteria must be clear and evidence-based against relevant competencies.
Is your language inclusive? The language used in role profiles and interviews is powerful – a window into your company's culture. Each role profile is an opportunity to hook in new talent and demonstrate your company’s values.
Are you inclusive in how you frame your roles? Studies show that gender-coded words can significantly reduce the number of female candidates, and that “aggressive” language can put off both women and mature applicants. The use of words like ‘expert’ can also alienate many underrepresented groups.
Are you using pronouns correctly in the process?
Be clear about how you can support candidates with different personal setups. Flexible, hybrid or remote roles can attract new pools of people.
Include a diversity statement in role profiles that aligns to your company values.
Are you stigmatising career breaks? A recent survey highlighted that 62% of people globally have taken a career break, yet 20% of hiring managers would reject such candidates. Career breaks come in many different forms; they may mean full-time parenting, caregiving, travelling or other life events. These life experiences can create valuable skills and experiences for the workplace. Those restarting a career after a break should not find it as challenging as they do. Reframe your hiring criteria and interview questions to explore how experience from a career break can add value to your team.
Are you using data? Data analytics can inform where barriers may exist for candidates in the recruitment process and allow you to address it. Start by establishing the target goals and metrics you will use to track your progress. Making data-driven hiring decisions helps companies transform their recruiting processes and build truly diverse teams. The FCA and PRA have indicated they are planning to include diversity criteria in how they regulate, and to look at the effective use of data to track progress and enhance DE&I strategies. Understanding the data behind your hiring choices can inform and educate your future strategy.
Does culture matter? Yes! Having an employer brand that celebrates diversity at all levels of the organisation is an important factor for many. This translates to a diverse workforce from C–level to entry level that supports growth and development for all. Put your strategy into action. Showcase it to potential employees – hearing from their peers via your careers materials or website is a powerful way to reflect your commitment.
How to look at DE&I beyond hiring
DE&I must not be a one-off focus at hiring – it needs to be in the DNA and values of the organisation. Crucial to this is making people feel supported and included across the employee lifecycle. Factors to consider include:
Ensuring your HR policies such as flexible working and parental leave are as supportive as possible for all employees
Access to development, mentoring or networking for all
Creating networks and forums that collaborate to amplify everyone’s voices
Creating events and activities to promote and celebrate diversity
An effective strategy needs a clear purpose linked to an organsiational and people strategy to avoid it being tokenistic. The goal is to achieve a strong culture of inclusivity.
We want to inspire change through financial crime hiring best practices. Gender, race, family circumstances, religion, sexual orientation, disability and other factors must not disadvantage anyone.
How else are the FINTRAIL team exploring diversity issues? Each team member has personal accountability in raising awareness and promoting diversity, and we have a company-wide dedicated Diversity Equality and Inclusion (DEI) strategy.
A few of our activities include partnering with ACAMS to promote financial crime internships for BAME professionals, widening our candidate pool when hiring, and the creation of an internal DEI forum for team members to openly discuss adversity and share best practice.
We’d love to hear what you are doing either individually or as a firm to enable a diverse and inclusive workplace. If you are interested in speaking to the FINTRAIL team about the topics discussed here or any other anti-financial crime topics, please email us at: contact@fintrail.com
Human Trafficking in Relation to the Ukraine Crisis
The refugee crisis caused by the Russia-Ukraine war has seen more than 2.8 million refugees fleeing war-torn Ukraine. Many Ukrainians are seeking asylum in bordering nations or moving onwards to stay with relatives elsewhere in Europe. These individuals, mainly women and children, are extremely vulnerable to exploitative actors. In light of this ongoing risk, financial institutions (“FIs”) should review common typologies associated with human trafficking, particularly for activity in jurisdictions neighbouring Ukraine and elsewhere in Europe. FINTRAIL has compiled the following advisory guide and overview of red flags to assist FIs in identifying instances of human trafficking.
Your Ultimate Guide to Hiring Financial Crime Analysts
Building an effective financial crime workforce is a critical component for every financial organisation. However, there is no ‘one size fits all’ approach to determining what the ideal team looks like in terms of structure and people. Your operational analysts are the grassroots of your financial crime team, yet often there is little structured thinking of what constitutes the right skill set for this role.
When building and scaling your team you’ll probably aim for a mix of experience and talent across different aspects of the industry and financial crime ecosystem. Nevertheless, it is important to recognise that often the right talent for analyst roles may not be in the obvious and usual places. Embracing a diverse pool of candidates for the cornerstone of your operational activities will broaden the insights and outputs that you achieve from these teams.
This guide serves as an outline, based on our experiences at FINTRAIL, of what we see as the key considerations for organisations looking to build or scale at the financial crime analyst level.
Fit and Proper: Football’s ‘See No Evil, Hear No Evil’ Approach to Investment
Football is not the national sport of Russia (that accolade goes to ‘bandy’, a form of ice hockey), but it is the most watched sport in that country. As such, it should come as no surprise that since the creation of the Premier League in 1992, and the huge TV and sponsorship deals that went hand in hand with it, club ownership has become an attractive proposition for those who can afford it, including Russian oligarchs.
In 2003, Roman Abramovich bought Chelsea Football Club from Ken Bates for a sum of £140m and, arguably, changed English football forever. In the 19 years since he took over, and under his patronage, he has seen Chelsea FC win multiple trophies, including five Premier League titles and two Champions League trophies (arguably the biggest competition in club football). Nevertheless, success has come at a cost, with Abramovich reportedly having loaned the club around £1.5bn over the years.
However, Abramovich’s tenure in West London appears to have come to an abrupt end. With the conflict in Ukraine raging, Abramovich’s ties to the Russian state (he was elected to the State Duma in 1999, served as Governor of Chukotka between 2000 and 2008, and most crucially is said to have a very close personal relationship with Vladimir Putin) have seen him fall under worldwide scrutiny . In particular, the UK Government announced on 10 March 2022 that it was imposing sanctions on Abramovich and freezing his UK assets, including Chelsea FC.
Russian-Uzbek billionaire Alisher Usmanov, a close ally of Putin’s, who previously owned a 30% share in Arsenal FC (2007-2018) and now holds a financial interest in Everton FC, was also sanctioned by the UK government earlier this month. Everton FC announced that they have cut all ties with him.
Abramovich’s takeover in 2003 started an arms race of spending amongst clubs, with many consequently opening their doors to any ‘benevolent’ billionaire looking to invest. Technically, this should not have been a problem. The ‘fit-and-proper-person test’ or director's test, introduced into UK football in 2004 after Abramovich’s takeover, was supposed to prevent corrupt or untrustworthy people from becoming owners and directors of major British football clubs. It is safe to say its success has been limited.
Just Russian money?
Whilst the Russian invasion of Ukraine has crystallised the issue of foreign investment in football clubs, owning a football club is not just the preserve of oligarchs.
In 2007, despite a history of human rights violations during the brutal drugs war in Thailand and allegations of corruption, Thai politician and businessman Thaksin Shinawatra was allowed to buy Manchester City FC.
Similarly, Carson Yeung, who had been convicted of financial crimes in Hong Kong in 2004, was allowed to buy Birmingham City FC in 2009 after it was decided that the offences for which he had been convicted, namely 14 counts of failing to disclose shares he owned in a stock exchange-listed company, were not criminal offences in the UK. He was subsequently convicted of money laundering and sentenced to six years in prison in 2014. Some of the laundered funds were identified as having been used to purchase the club in 2009.
Most recently, the protracted takeover of Newcastle United FC by the Saudi Arabian Public Investment Fund (PIF), the national sovereign wealth fund, was finally completed in October 2021. Despite Newcastle United providing legally binding assurances that the Kingdom of Saudi Arabia will not control the club, the takeover has seen public condemnation due to the involvement of the controversial Mohammed bin Salman, who is the Crown Prince of Saudi Arabia and the chairman of PIF.
‘Sportswashing’
The purchase of Newcastle United led to many claims that the Saudi state was attempting to engage in ‘sportswashing’, effectively diverting attention away from its human rights record by association with a more positive brand. Its image has been severely tarnished by its actions in the vicious civil war in Yemen since 2014, in which it has been accused of leading an indiscriminate bombing campaign targeting civilian areas, and by the murder of Saudi journalist Jamal Khashoggi in 2018.
Club ownership is not the only way for individuals to ‘launder’ their reputations. Ever since Germany hosted the 1936 Olympics, nation states have entertained ways to improve their global standing by sponsoring or hosting major sporting events. Gazprom, a Russian majority state owned energy company whose chairman is a close ally of Putin’s, has sponsored German club FC Schalke since 2007 and the UEFA Champions League since 2012 (both deals now having ended following the invasion of Ukraine).
In 2010, Russia and Qatar were chosen to host the 2018 and 2022 football World Cups respectively. Russia’s winning bid followed the assassination of Alexander Litvinenko in 2006 and the invasion of Georgia in 2008, neither of which seemed to negatively influence the judges’ decision. In Qatar, neither a history of human rights abuses or the safety of LGBT fans or players appear to have been taken into consideration before awarding the tournament.
In 2010, Lord Triesman, the head of England’s bid to host the 2018 World Cup, resigned after being secretly recorded making allegations that rival countries had engaged in bribery attempts to secure the tournament. Lord Triesman specifically named Russia and Qatar. Whilst the allegations were not proven, his predictions of which countries would be successful at the bidding process were accurate.
Where does football go from here?
Football undoubtedly has a money problem. When Roman Abramovich walked into Chelsea in 2003, there were cries from many quarters - fans and journalists alike - that he ‘bought’ the club’s success and that his money had ruined the game. Whilst this is hugely simplistic (and rooted mostly in a classist ‘old v new money’ paradigm), it does beg the question of whether football is intrinsically greedy. Are the owners, directors, players and even the fans so enamoured with the thought of success that they are willing to turn a blind eye to the origins of the wealth?
Investor due diligence is a key tenet of anti-financial crime work. Identifying a potential investor’s source of wealth and funds is a prerequisite for running a regulatory compliant financial institution. So why, for years, has football been given a free pass?
The Premier League’s chief executive has said the organisation is reviewing the owners’ and directors’ test and looking at whether more tests need to be added and whether independent scrutiny needs to be included. Some remain sceptical about how much will actually change, given Abramovich’s links to the Kremlin and the concerns around his source of wealth were clear to all from the start. But ultimately, if this moment is to represent a turning point, momentum and change must come from the top. It is unrealistic to expect clubs to apply too much scrutiny and turn away investment, thereby making themselves uncompetitive, when their peers are not and when no one is compelling them to do so. So the onus must be on the governing bodies to strengthen the regime and give it real teeth.
However, while recognising that it is likely naive to expect clubs to turn down money, the Chelsea saga does show how a permissive approach can backfire. Like financial institutions, football clubs need to actively consider their risk appetite and what risks they are prepared to accept, and then carry out adequate due diligence to determine where funds are coming from and what the legal and reputational implications may be. And financial institutions who bank football clubs, professional bodies and other related parties need to be aware of the sector’s vulnerabilities, and know how to interrogate and assess their clients so they can take a nuanced, risk-based approach and identify good and bad actors.
FINTRAIL Pioneer: FinCrime Guidance for Small Businesses and Start-Ups
FINTRAIL launched Pioneer in November last year to ensure all businesses, no matter how small, had access to the right support in the fight against financial crime. Its aim is to focus on how to create a fincrime compliance programme from scratch, embed it in the company’s operations, and establish the right culture on a limited budget. Also, it often isn’t appropriate to fixate on “best in class” or aspirational solutions if they are not achievable, proportionate or suitable. So what do small businesses need to know about fincrime compliance, and how can they get it right from the start?
Advisory Notice: Russia-Ukraine Crisis Fundraising Scams
As the war in Ukraine captures the international community’s attention, opportunistic criminals are seizing the chance to take advantage of the crisis. In addition to navigating wide-ranging new sanctions against Russia, financial institutions (“FIs”) should familiarise themselves with the types of crimes that fraudsters are likely to commit. FINTRAIL has compiled the following typologies and red flags to assist with preparing and identifying fraudulent activity in light of the Russia-Ukraine crisis.
UK Government’s Commitment to Economic Crime Bill
After months of rising tensions, last week finally saw Russia take definitive action and begin its long-anticipated invasion of Ukraine. The US, UK, EU and others have imposed targeted sanctions on Kremlin-affiliated individuals and banks, and cut off some Russian banks’ access to SWIFT, with more measures still to follow.
Alongside the universal condemnation of Putin’s actions, we believe it is vitally important for the UK to look at its own relationship with Russia and consider how it enables the Kremlin. Demands that this moment should mark a turning point have come from politicians on both sides of the aisle, media outlets of all persuasions, and anti-corruption campaigners. But such demands are not new. The UK Parliament’s Intelligence and Security Committee published a damning report in July 2020 which accused successive governments of allowing dirty Russian funds to infiltrate the UK: “The UK welcomed Russian money, and few questions – if any – were asked about the provenance of this considerable wealth.” Chatham House has published a report entitled “The UK’s Kleptocracy Problem”, and Transparency International has revealed the volume of UK property owned by Russians accused of corruption or linked to the Kremlin (worth in excess of £1.5bn). The US has also raised concerns: a spokesman for the Center for American Progress, a Biden-aligned think tank, has said “there is clear concern in the US government about the influence of Russian money in the UK”.
We welcome the British government’s announcement that it is bringing forward legislation to address Russian corruption by creating a register for the beneficiaries of overseas firms. This will deliver on a government pledge made five years ago to end secret offshore ownership; draft legislation was drawn up in 2018, but has been put on hold ever since. However, momentum must not be lost with the passing of the Bill; every effort must be made to implement its provisions as soon as possible (official sources have warned this could take up to a year).
The government has also promised to make long-overdue reforms to the UK corporate registry Companies House, requiring anyone who owns, runs or controls a UK company to verify their identity. Companies House will also be given new powers to challenge information. Again, this promise is welcome but pressure must be maintained to make sure that this additional economic crime bill is brought before parliament, and that the reform measures are implemented, as soon as possible.
We support the calls of organisations such as Transparency International UK and anti-corruption figures such as Graham Barrow and Oliver Bullough, in calling for the UK government to take this moment to act. It is not a question of uncertainty over how to tackle the problem - there is general consensus on what needs to be done. What is lacking is adequate resourcing and political will. The invasion of Ukraine must be a turning point for these long-demanded reforms.
Beyond the immediate measures promised by the government, the UK should also commit to making progress on the following fronts:
Applying greater pressure to crown dependencies such as Jersey, Guernsey and the Isle of Man and to British oversees territories, such as the British Virgin Islands, to introduce much greater transparency and to introduce unrestricted public registers of company ownership. Transparency International UK has identified 2,189 BVI entities used in 48 Russian money laundering and corruption cases involving more than £82 billion worth of funds diverted by rigged procurement, bribery, embezzlement and the unlawful acquisition of state assets.
Conducting a retrospective review of the 200 “golden visas” issued to Russian millionaires over the past seven years (following the closure of the scheme last week).
Making greater use of Unexplained Wealth Orders, often cited by the government as a significant development in anti-kleptocracy efforts, despite the fact only four have been issued in four years (none under the current government, and none of which were brought against Russian nationals).
Reviewing the number of agencies involved in investigating and prosecuting kleptocracy cases following criticisms that too many agencies are involved (the National Crime Agency, the Serious Fraud Office, City of London police, and local forces).
Financial crime compliance professionals have long called for reforms in these areas, and have shown themselves willing to work with the authorities to achieve them. We hope that the new Economic Crime Bill marks a genuine change in stance, and that all parties involved can work together for maximum effect. We at FINTRAIL and the FinTech FinCrime Exchange are ready to do whatever we can to help support these efforts. It is regrettable that these measures were not taken sooner, but hopefully a meaningful shift in political will can reduce the role the UK plays in enabling not just the Kremlin but corrupt and dangerous regimes the world over.
Suisse Leaks: Swiss banking returns to the spotlight
Yesterday saw the announcement of yet another major financial leak, exposing details of the accounts and wealth of foreign clients of Credit Suisse, allegedly including “criminals, dictators, intelligence officials, sanctioned parties and political actors with outsized wealth”. Credit Suisse has issued the usual rebuttals - that many of the cases are historic, or are isolated incidents not representative of the bank’s overall business. And many believe Credit Suisse is unlikely to be an outlier, with the whole Swiss banking industry thrust into the spotlight.
Having worked in anti-financial crime for multinational banks with a significant presence in Switzerland, I’m acutely aware of the challenges of navigating its infamous secrecy laws, and the difficulties of implementing global financial crime programmes under these restrictions. I’ve also worked with a large number of Swiss compliance staff and relationship managers, and know that most do care about financial crime, and are far from the sinister or negligent figures they are often portrayed to be. Culture, governance and risk appetite obviously vary from bank to bank and can be very hard to assess from the outside, even with vast troves of leaked data. So putting aside the specific allegations against Credit Suisse, what do we need to understand about Switzerland and its legal and regulatory framework to better understand this story?
Switzerland is notorious for its banking secrecy. Its 1934 Federal Act on Banks and Savings Banks criminalises the disclosure of client banking information to any foreign authorities. The first major roll-back of this provision occurred in 2018, when Switzerland started sharing information under the Common Reporting Standard for the automatic exchange of banking information. (Side note: this development came about as the result of another whistleblowing incident, when a banker violated Swiss banking secrecy laws to tell US authorities how UBS Group was facilitating tax evasion by foreign customers.)
However, it is clearly wildly inaccurate to say (as some have done) that this was the end of Swiss banking secrecy. For a start, it is still impossible for countries which are not signed up to the common reporting standard to receive any information from Switzerland. It’s worth noting these are predominantly poorer nations, in many cases those most affected by the kleptocracy and capital flight Credit Suisse is accused of abetting. Notwithstanding this one area of concession, the law remains in place and has been accused of effectively criminalising whistleblowing, preventing people reporting illegal behaviour to the relevant authorities. It also restricts investigations by outside parties, with journalists inside Switzerland at risk of being prosecuted for publishing or even possessing private banking data. It also prohibits the sharing of information within financial groups, meaning Swiss subsidiaries of global banks cannot share any information with their parent bank, making holistic risk management impossible. A telling indicator of the authorities’ overall attitude has to be a legal revision in 2018 (the same year Switzerland started sharing tax information) raising the maximum sentence for breaching the law from six months to three years.
Many commentators believe that recriminations following this latest leak should be directed not just at Credit Suisse, but also the Swiss authorities for creating a lax regulatory environment and upholding laws that punish the exposure of illegal activities. They believe the various leaks and scandals that have emerged over recent years indicate wider failings in banking supervision, with insufficiently rigorous monitoring and oversight. The Swiss regulatory framework has also been criticised for being insufficiently robust. Organisations like Transparency International and Public Eye have said the Anti-Money Laundering Act is too narrow in scope, as it does not apply to parties such as lawyers, fiduciaries, trustees, and other consultants. This contravenes international best practice and the recommendations of the Financial Action Task Force (FATF). The number of SARs filed has also been criticised for being noticeably low given the overall volumes of funds flowing into the country, and the flows from overseas clients and high-risk jurisdictions.
Arguably, responsibility may even go beyond Switzerland itself - to international bodies and standard setters. Like most financial centres in economically developed countries, Switzerland receives positive ratings and assessments in nearly all global financial crime indices, such as the Basel AML Index and Transparency International’s Corruption Perceptions Index. In 2020, the OECD’s Global Forum rated Switzerland as “largely compliant” on issues relating to availability, access and exchange of ownership information on entities and bank accounts, even while contradictorily acknowledging that the availability of beneficial ownership information was not guaranteed. The Global Forum also noted that Switzerland would seemingly not respond to foreign requests for banking information if the request was based on “stolen data” (i.e. a leak) or if the requesting authority “actively sought out” the information outside of an administrative assistance procedure.
The aftermath of the 2007 whistleblowing case and the subsequent pressure by US authorities shows that outside parties can be effective in bringing about meaningful change. There is clearly much more international bodies can do to apply pressure to Switzerland to address specific loopholes and to change the overall tenor of its banking laws. Individual financial institutions can also consider how they treat Switzerland as a jurisdiction, and whether they are content to rely on international indices which do not call out issues around transparency and the availability of information.
FINTRAIL can help financial institutions to assess country risk using objective methodologies that go beyond the usual global risk tables. This can be aligned to custom designed risk-based CDD and ongoing monitoring controls. We also perform enhanced due diligence and investigations on customers, partner institutions and other third parties in jurisdictions where public information is hard to obtain. If you would like to speak to us about this or any other services, please do get in touch: contact@fintrail.com
SWIFT and the Financial Consequence of Russia Sanctions
As the whole world watches in anticipation while Russia continues to militarise near Ukraine’s borders, the financial sector is busy preparing for possible what-if scenarios. In 2014, sanctions were implemented after the annexation of Crimea, with Western powers deploying specific and limited sectoral sanctions designed to target those directly involved in the destabilisation of Ukraine. Now, as the US prepares a more severe “mother of all sanctions” package, more individuals within the Kremlin and parts of President Putin’s inner circle, including Putin himself, are at risk of being added to blacklists. Additionally, some of the harshest measures imposed on Russia, like exclusion from vital global banking infrastructures, are being seriously considered.
Overview: How did the world get here?
The latest conflict, stemming from ongoing disagreements with the imperfect 2015 Minsk peace deal, revolves around Russia seeking assurances that Ukraine will not join NATO. Western powers stand by the military alliance’s open-door policy, which touts the principle of national sovereignty and the right for all nations, including post-Soviet states, to decide for themselves on membership. Last year, Russian troops began mobilising at the Ukrainian border and sparked international criticism. Now in early 2022, an estimated 130,000 troops are believed to be at the border, and military drills with Russian ally Belarus are set to begin.
SWIFT and financial sanctions
As the international community speculates on Russia’s next exact move, retaliatory action in the form of sanctions is being actively discussed. One proposed measure, re-emerging from 2014 discussions, is the exclusion of Russia from the Society for Worldwide Interbank Financial Telecommunications (“SWIFT”).
SWIFT is a critical global electronic payment messaging system that on average handles 42 million daily messages. Barring Russia from the system has been coined the “Nuclear Option,” a move never before made against such a large economy. If implemented, both Western powers and Russia would surely face difficulties. Though it would exclude Russia from an important aspect of the international financial system, which allows it to accept global payments for gas, Russia has already prepared some cautionary measures. The Kremlin has created a domestic version of SWIFT known as the System for Transfer of Financial Messages (“SPFS”), which is made up of 400 member banks, including some from former Soviet states. While it has its limitations, SPFS exists as an alternative that could be incredibly useful during a painful adjustment period.
In addition to the EU’s business and financial interests in Russia, Europe is heavily dependent on Russia’s energy. This dependence is particularly true for key EU decision maker Germany. Excluding Russia from SWIFT would leave many member states vulnerable or scrambling to find a solution to pay for Russian gas. Moreover, fear of destabilisation surrounding the potential exclusion of Russia from SWIFT, is partly because of how it would impact the repayment of debts. Figures from the Bank for International Settlements (BIS) demonstrate that Italian and French banks carry the most Russian exposure, far surpassing that of the US. These factors have made the EU, in particular, wary of furthering this so-called “Nuclear Option”.
Another even more powerful option would be a US move to blacklist major Russian banks. While SWIFT is an important tool, ultimately, it is just that — a tool used for sending messages. Removing Russia from this system would certainly be a blow, but it would allow for loopholes and workarounds. Conversely, if major Russian banks like Sberbank, VTB or Gazprombank were blacklisted by the US, it would make it near-impossible for transactions to occur from anyone in the world. This move, which would result in the makings of a domestic financial crisis for Russia, would undeniably have global implications such as causing certain Western investment funds to fall. However, the US blacklisting of these big banks would have the most extensive and harshest direct impact.
Coordination necessary
Western sanctions effectiveness against Russia relies heavily on timely coordination among the US, EU, and the UK. Without a concerted, unified move, loopholes and asset flight can undermine sanction efforts.
Being a supranational organisation, the EU is required to reach an agreement on a sanctions package among its member states in what can be expected to be a lengthy bureaucratic process. As the UK assembled its own independent sanction regime as part of Brexit, it has been working closely with the US. The UK government has recently announced a new sanctions law that can extend to anyone who provides strategic support to Putin, including in significant sectors like chemical, defence, extractives, ICT and financial services. Critics, however, have noted the deep entrenchment of Russian oligarch wealth in London, which would hinder the effectiveness of such efforts.
As sanction discussions continue, the potential severity of forthcoming measures has settled in, with financial institutions preparing for different situations. Last month, the European Central Bank (“ECB”) asked lenders with significant Russian exposure how they would handle different sanction scenarios. Adding to the stress, financial regulators have warned major banks in the US, EU and the UK to prepare for possible Russian-sponsored cyber attacks, in the event sanctions are triggered by a Ukrainian invasion. However, until sanctions packages and their specific details are officially announced, in what will likely be an abrupt manner, financial institutions will continue preparing for what’s to come — calculating their exposure to Russian flows, reviewing Politically Exposed Persons (“PEP”) lists, assessing beneficial ownership and high-value accounts, and piecing together a reactionary compliance strategy.
---
At FINTRAIL, we combine deep financial crime risk management and geopolitical expertise to help you keep your anti-financial crime and sanction programmes in step with current events.
Please get in touch if you would like support with refining, enhancing, or testing your sanctions or transaction monitoring programme. We’re here to support you in conducting due diligence on higher-risk situations, providing context-based training to your analytical team, and helping you navigate the situation as it unfolds. Please email us at contact@fintrail.com.
What to consider when hiring an MLRO
FINTRAIL reviews the recent guidance published by the UK Financial Conduct Authority on suitable applicants for MLRO positions, and offers some insights of our own.
Read this two-page review for guidance on applicants for MLRO or Head of Compliance roles.
FinCrime End of Year Report
On Wednesday, FINTRAIL delivered a webinar on our “FinCrime End of Year Report: Lessons learned in 2021 and development points for 2022”. For those who weren’t able to make the session, here are our key takeaways:
2021 Key Learnings
The FCA sent a Dear CEO letter to retail banks in May 2021, highlighting actions needed in response to common control failings identified in anti-money laundering frameworks. It noted common weaknesses in key financial crime areas, including:
Governance and oversight including mature model with three lines of defence
Risk assessments covering all financial crime types beyond money laundering and fraud, and dynamic and effective customer risk assessment model
Due diligence including ongoing monitoring
Transaction monitoring including tailored rules and thresholds
We noted that these control areas should be considered holistically, as failings in one area will affect the whole programme. For instance, if you do not collect adequate due diligence information you cannot conduct effective ongoing monitoring.
While this letter was addressed to retail banks, the findings are also relevant to the digital financial sector, and align with FINTRAIL’s findings from audits and health checks of FinTechs conducted in 2021. The areas we most frequently identified as areas for improvement were:
Due diligence (including enhanced due diligence)
Screening
Audit, quality assurance and quality control
Governance and oversight
Transparency International UK published a report in December 2021 on the money laundering risks of e-payment firms, which said that the payments industry could become a “major gateway” for illicit funds. In FINTRAIL’s view, many of the risks highlighted are not unique to e-payment firms, and are faced by the whole financial sector. However, the report did highlight specific risks around the regulatory oversight of e-payment firms, and lack of due diligence on their owners and senior managers. We discussed the importance of the ‘tone from the top’ and the right compliance culture, and how a firm with compromised or criminal owners could be used to facilitate financial crime schemes. There is a clear need for the regulator to conduct suitable due diligence on owners and senior managers of firms applying for e-payment licences.
Technology and automation remained a hot topic in 2021, both in terms of the growth of digital banking and in the financial crime space. We reflected on the growth of the regulatory technology (RegTech) space, including greater adoption by conventional financial institutions, and the consolidation of the market through acquisitions. We also discussed how regulators and international bodies recognise the potential benefits of technological adoption but are also highlighting the risks. Firms must adhere to regulatory guidance, and must understand how their technology works and how to identify any gaps or weaknesses. Additionally, the FCA published a paper in 2021 on Implementing Technology Change which considered the need for good governance around the use of technology and outsourcing, and the potential impact of failures on customers. Firms must consider not just if but how to deploy technology, and how to fuse it successfully with human expertise.
2022 Focus Areas:
Effectiveness: Industry bodies and regulators including the FCA and FinCEN have increasingly promoted the idea of focusing on the effectiveness of financial crime controls. The Wolfsberg Group followed up its earlier Statement on Effectiveness with a paper on Demonstrating Effectiveness in June 2021. This offered practical guidance on how firms should assess risk in defined priority areas and demonstrate the effectiveness of their AML programmes in tackling them. While there is no regulatory obligation at this stage, measuring and demonstrating effectiveness is likely to be a focus area for regulators in 2022, and financial institutions should start considering how to articulate it.
The European Banking Authority (EBA) has launched EuReCA, a central EU database containing information on material AML/CTF weaknesses identified in individual financial institutions. This offers further encouragement for firms to ensure their controls are robust and effective, to avoid the ‘naughty list’.
Financial inclusion and the effects of de-risking: The Financial Action Task Force (FATF) issued a paper on Mitigating the Unintended Consequences of the FATF Standards in October 2021, which focused on financial exclusion, de-risking, the undue targeting of non-profit organisations (NPOs), and curtailment of human rights. There is a clear tension between reducing financial crime risks and ensuring equal access to financial products, affecting both individuals (e.g. migrants, those without a fixed address) and entire sectors. The EBA also issued an opinion last year on the consequences of de-risking, clarifying that EU AML.CTF laws do not require firms to refuse or terminate business relationships with entire categories of customers they deem high risk. The UK Treasury Committee’s Economic Crime Report, published on 2 February 2022, recommends the FCA reports annually on numbers of de-risking decisions and on progress to ensure that banks are not unfairly freezing bank accounts and de-risking customers.
Firms are not obliged to offer services to those they deem outside risk appetite, but should be aware of the implications of risk appetite decisions and make conscious decisions regarding inclusion and fair treatment. We recommend firms think through their risk appetite carefully, rather than automatically avoiding high-risk customers, as regulators may start asking them to fully justify de-risking decisions. FINTRAIL has partnered with Tech Nation as part of FinClusion 2021 to issue the FinCrime Principles of Inclusion which provides valuable guidance for designing inclusive FinCrime controls.
Humans versus machines: FATF published a paper on the ‘Opportunities and Challenges of New Technologies for AML/CTF’ in July 2021, which promoted the use of new technologies, but also urged firms to consider how to balance automation with human input and oversight. It stressed that manual review and human input remain hugely important. Regular audits and explainability is key, with firms able to explain how their technology works, and continuously confirming that it is operating as expected.
To stay up-to-date with regulatory developments, news and key reports, sign up to our newsletter and receive our monthly regulatory recap - the FINTRAIL RegCap (www.fintrail.com)
To understand whether your FinCrime programme is developed and mature enough to meet the meets of your business and current regulatory expectations, please speak to us about our Maturity Matrix and audit/health check services.
And if you would like any other support, or to discuss any of the topics discussed, please do get in touch with us at contact@fintrail.com.