Remediation programmes are often complex, protracted, and not a lot of fun. Whether it’s due to a spike of alerts, remedying control failings, or fixing regulatory findings, managing it alongside the day-to-day can be tough.

Our recent paper, ‘Follow The Yellow Brick Road: A Pathway to Successful Remediation’ highlights that a crucial part of remediation planning is knowing when to seek external support. Often firms wait too long to engage external consultancy support; things have already gone wrong, deadlines have been missed, and the pressure to deliver is high.

How to determine whether you need support

There is no one size fits all approach to managing remediation programmes. Sometimes, your remediation programme may not need a consultancy firm to assist; you may have surplus resources to deploy or the scope is small. In our paper we shared some key questions you should consider when assessing if your remediation needs external support.

1. Can you realistically balance BAU with any remediation activity required?

2. Do you have the expertise to resolve the root cause which is prompting the remediation in the first place?

3. Did current operational processes cause the remediation, and does this need to be enhanced prior to commencing?

4. Do you have the internal skill-set to run or execute the remediation?

5. Do you need access to a flexible pool of resources? How quickly can they be deployed? 

6. If you hire contractors, do you have the internal team leadership resources to manage them? 

7. What level of resources do you need - analysts, project managers, etc.?

6 best practices for remediation programmes

At FINTRAIL, we believe there are some fundamental elements to managing remediation programmes which we outline below. Working with a trusted partner means you have access to the right resources, dedicated focus and support to deliver a sustainable and successful remediation programme.

1. Do it early 

If you are considering bringing in an external firm to support a remediation project, we advise doing it early. Getting your programme structure and plan right from the outset is needed to ensure you deliver on budget and on time. We have learnt that remediations can get very complicated very quickly. Having a trusted partner to manage and troubleshoot can avoid spiralling costs and deadlines.

2. Root it out

Recent regulatory enforcements have shown that poorly managed remediation or transformation programmes can compound the original issue and lead to even more costly programmes to resolve. Remediations are often more than hiring temporary workers to clear the backlog of alerts. What comes before that is understanding and fixing the root cause to ensure that the forward-looking process is fit for purpose and, more importantly, avoid issues down the line.

3. Project management

Many heads of compliance are not project managers. While much of the role is managing different deadlines, resources and budgets, the skillset needed to deliver a remediation project differs. And more often than not, business as usual (BAU) is managed alongside remediation. Navigating remediations requires experienced teams with proven processes and methodologies.

4. Manage the narrative

This is a key theme throughout. Working with external consultants can help you define the narrative in your remediation. What are you remediating? Why are you remediating it? How will you remediate it? When will you remediate it? These are all critical components of your remediation narrative, but it's often easy to lose sight of them. Working with an external consultant can help you stick to this narrative, deal with new workstreams as they arise (they often do!), and manage the communication flow to all stakeholders.

5. Think about the end game

The relief of clearing a backlog or fixing a control is immense. But doing it without appropriate oversight and governance could come back and bite you. Managing quality through the project and having independent assurance to sign off a remediation programme is crucial. The proper oversight, challenge, and sign-off of your remediation programme will mean that you don’t need to worry about the issue rearing its head again down the line.

6. Flex your resources

Knowing how many resources you need and how to manage them can be a complicated process. What you need in phase one, will not be the same in a later phase. Different skill sets will be required at different stages, and for varying lengths of time. Having access to pre-vetted flexible resources that can be deployed at pace, and with the right skills can make a big difference on both output quality and your bottom line.

Whether you need someone to manage the project end-to-end, provide specialist advice, deploy flexible resources or provide independent sign-off, FINTRAIL supports remediation activities of different types and scales.

We all agree that working collectively is the only way to make headway in the fight against financial crime. To that end, FINTRAIL and the FinTech FinCrime Exchange (FFE) have been proud to participate in several industry initiatives in 2022, working with a range of private and public sector organisations.

1. The FFE has participated in the National Crime Agency (NCA) SAR Reform Programme monthly sessions, and in a number of working cells of the National Economic Crime Centre (NECC) Public-Private Partnerships.

2. In partnership with the Royal United Service Institute (RUSI), FINTRAIL has formed a ‘FinTech Financial Crime Policy Group’ which brings senior members of the FinTech community together to discuss regulatory issues which prevent them from efficiently and effectively combating financial crime. We have hosted sessions with HM Treasury, the Home Office and the Payment Systems Regulator on amendments to the Money Laundering Regulations, AML regime effectiveness and authorised push payment (APP) fraud mandatory reimbursement.

3. Also alongside RUSI, we have provided training sessions on FinTech and terrorism financing as part of Project CRAAFT (Collaboration, Research and Analysis Against the Financing of Terrorism), an academic research and community-building initiative enhancing CTF capacity across the EU.

4. We have taken part in an APP Fraud TechSprint held by the Financial Conduct Authority (FCA), and have applied to be a rotating member of the FCA’s Innovation Advisory Group next year.

5. We participate in events organised by the Singapore Fintech Association (SFA) and the British Chamber of Commerce and UK Department of International Trade (DIT) in Singapore, which have included round table discussions with the Monetary Authority of Singapore (MAS) and the FCA.
   

We look forward to continuing these partnerships and forming others over the course of 2023 💪 

Happy New Year from everyone at FINTRAIL! 

We’re excited to jump back into action and get stuck into our plans for the year.  A LOT happened in the financial crime world in 2022, and 2023 is likely to be just as busy.  

While making predictions is a fool’s game, here are some key themes we think are likely to be on the agenda this year:

• Increasing efforts to tackle fraud in multiple jurisdictions, including the UK where the House of Lords issued a report on “Fighting Fraud” and the Payment Systems Regulator introduced a plan for mandatory reimbursement of authorised push payment fraud.

• Increasingly mature and rigorous regulatory frameworks for cryptocurrency, especially following the explosive collapse of FTX in November 2022

• Evolving discussions on transparency and beneficial ownership in Europe, following the European Court of Justice’s November ruling that unrestricted public access to beneficial ownership registers violates the Charter of Fundamental Rights of the European Union

• A growing focus by regulators and industry bodies on effectiveness and outcomes over tick-box compliance

What’s happening at FINTRAIL?

Closer to home, here’s a quick overview of what we are up to over the next few months, and where we plan to focus our efforts over the coming year.

1. We’re refining our key services for financial institutions including audits, remediations, regulatory enforcement assistance, and target operating models. As ever the focus will be on innovative tech-driven approaches that focus on demonstrable and effective outcomes as well as regulatory compliance.

2. We will continue to work with and offer services to RegTechs and other vendors servicing the financial sector, covering advisory support, regulatory and market research, and the production of financial crime thought leadership including white papers, blogs, multimedia content, and webinars.

3. We’ve been developing a suite of off-the-shelf products for smaller or scaling financial institutions. So far we have launched transaction monitoring keyword lists, merchant category codes list, standard industry classification list, and outline AML / CTF policy. Keep an eye out for new releases including an MLRO report template and board reporting pack.

4. And finally, come and join us at one of our upcoming events! We’re hard at work on the plans for our annual conference in May - FFECON23, as well as a webinar on regulatory enforcement trends in January, an FFE social event in February, and a bootcamp on financial crime investigations in February / March.

We look forward to engaging with our wonderful network of clients, partners and friends in the coming months and wish you all a very prosperous and successful 2023!

At the start of a new academic year, we are asking ourselves a question - what can financial industry practitioners, educators and government authorities learn about teaching young people about financial crime? This topic has sparked a lot of interest in the FFE community when we’ve raised it before, most notably in one of our most popular FFECON sessions, with the VICE journalist Obi Juwah (available to watch on demand).

We’re revisiting this topic through the eyes of a student - Stefan Wlodarczyk, who recently completed a stint of work experience at FINTRAIL. We asked him to investigate what students his age know about financial crime, particularly money muling.

Stefan:

Financial crime is an increasingly common problem, with younger generations becoming more and more at risk. As a 15-year-old secondary student doing work experience at FINTRAIL, I investigate whether my generation is even aware of these risks.

To provide some background:

• The UK’s 2020 National Risk Assessment of money laundering and terrorist financing states that there were 42,482 suspected cases of mule activity in 2019, a 32% increase since 2017. 📈

• The National Risk Assessment recorded cases of children as young as 13 and 14 being approached on the playground to carry out these operations. 🚸

Teenagers through to university students are being recruited to become mules via social media. 📱Social media has the greatest influence on younger generations since it has become such an ingrained part of society. This makes it so dangerous, and so easy for people to become accidentally involved in money laundering.

Furthermore, the recent COVID-19 pandemic exacerbated the number of financial crime cases due to more people being online. 

In 2020, the European Money Mule Action EMMA6 programme identified at least 227 money mule recruiters who recruited over 4,000 mules. According to Cifas, cases of under 21-year-olds being used as money mules fell by 12% in 2020 compared to the previous year, which is still a 27% higher number of cases than in 2017. The change may be due to lockdown restrictions which forced teenagers to stay indoors rather than being recruited to carry out mule work.

The survey: Are younger generations aware of money mules?

I interviewed ten people around my age (15) from four different schools to explore this further.

1. Have you received any education regarding financial crime?

Three out of ten students (30%) said they had received financial crime education, two of them went to the same school. 70% said they had not received any education about financial crime. This is despite Cifas and the PSHE Association (the national body for Personal, Social, Health and Economic education) creating an Anti-Fraud Education campaign targeted at 11-16 year olds.

2. Do you know what money muling is?

Four out of ten respondents said that they knew what money muling was. Out of the four who said yes, three had received education on financial crime.

3. Where did you learn about money muling and financial crime?

Out of the four respondents who knew about money muling and financial crime, three said they learnt about it at school, and one said they had learnt about money muling on YouTube. 

4. Have you ever seen an advertisement for money muling on social media?

All respondents said no. 

5. Have you ever been approached by someone asking you to use your bank account (if you have one)?

Again, all respondents said no.

6. Have you ever been a victim of fraud linked to social media (e.g. purchase of goods which never arrived, or arrived and did not match the description)?

Only one out of ten respondents said yes. This student frequently uses eBay to buy and sell items, and has been a victim of authorised push payment fraud (being deceived into authorising a payment to a criminal).

7. Have you ever been encouraged on social media to invest in cryptocurrency or any other high-return investments?

Five out of ten respondents said yes to this question, having seen adverts on the internet rather than actually being approached directly on social media. However, I am fairly confident that at least one respondent was actively encouraged to invest.

8. What social media platform do you believe is the most likely to expose you to financial crime?

Five respondents said they believed that Instagram was the social media platform most likely to offer exposure to financial crime, and four said they thought it to be Facebook/Meta. 

The results

The results of my survey show that most (70%) of the respondents have not received any education on financial crime.  One respondent stated:

“To be honest, our school doesn't teach us anything on finance stuff.”

Interestingly, of two people interviewed from the same school, only one of them said they had received an education on this topic, which they had received the same day I conducted the survey. 

Consequently, all students who received an education on financial crime knew what money muling was, yet of those students that did not receive this education only one knew what money muling was. This is because they had seen a video on YouTube about the topic, demonstrating how effective social media can be at spreading information (or encouraging people to become mules).

Thankfully none of my respondents said that they had seen adverts encouraging money muling, or had been approached to become one. Unfortunately though, one respondent said they were a victim of fraud.

“I was dumb enough to send someone money, but the product never arrived. The bank said that I had been scammed, and they gave us our money back.”

The results of question six (on high-risk investments) may be skewed by legitimate online advertisements or social media influencers encouraging people to invest, rather than shady offerings. Although one respondent said,

“A lot of scammers on YouTube are promoting their apps for investment.”

Noting this, I would recommend more research into this area, and the impact of this.

My last question on which social media platforms are most likely to expose users to financial crime had interesting results with Instagram and Facebook/Meta being most commonly highlighted. During my interviews, Instagram came under fire for allegedly having “a lot of ads'' that were “really fake”.  Interestingly, one respondent said that they believed that YouTube is the riskiest regarding exposure to financial crime due to the large amount of adverts put out by influencers encouraging people to invest in their apps or programs.

Is enough being done?

Personally, I don’t think enough is being done to educate teenagers and younger children on financial crime risks. I cannot remember ever being taught about this at school, and I only first learned about it by watching a documentary on money muling and from my work experience at FINTRAIL. 

The UK government and some financial organisations have released educational resources such as the Don't Be Fooled programme, yet they do not appear to have reached their targeted audience. The reason seems to be because money muling and financial crime isn't exactly a topic that teenagers are interested in or actively seeking out information on.

School is an important educator in spreading awareness about financial crime.
One student I interviewed wasn't happy about the level of education he received. He said, “I did it [finance] at the start of Year 10, and I don't remember much of it. We’re getting weighed down by exams and tests; we need lessons that refresh consistently on that stuff”.

In my opinion, the logical solution would be to designate personal, social, health and economic (PSHE) sessions at schools in the UK to educate students on this hugely important matter. However, I think that it shouldn’t just be one-off lessons but, as suggested by one respondent, “repeat [these] important topics every year”.

Looking ahead: Beyond secondary school students

The problem goes beyond secondary students. A Nationwide Building Society poll found that 56% of university students (compared to 60% of secondary students) did not know what a money mule was. The high percentage illustrates a failure to properly educate students on financial crime issues. The same study states that 61% of the students believed they were susceptible to such advertisements, and 37% admitted that they would respond to or click on such advertisements. 🤯

I believe that in addition to more education, social media companies themselves should do more to prevent mule handlers from recruiting mules in the first place. They can do this by regularly screening users with suspicious hashtags or other indicators similar to “make money quick” in order to see if the user is actively attempting to contact potential victims. 

To read more about money mules and their use of social media and common typologies check out FINTRAIL’s blog posts here. 

If you want to get in touch for dedicated money mule training or create educational materials, give us a shout at contact@fintrail.com.

FinTechs are used to conducting enhanced due diligence (EDD) on customers as a matter of course - to meet their KYC obligations and to identify red flags. But what about their own business operations? How confident are they that they know who they’re partnering with, where their money is coming from, and who’s getting involved in their business?

There are several scenarios in which FinTechs should seriously consider conducting EDD investigations into investors or business associates. These include:

Why are enhanced due diligence investigations important?

What do we mean by EDD investigations? The kind of research called for in these cases goes a long way beyond standard watchlist and adverse media screening. We have seen countless cases of subjects with chequered histories that raise serious red flags sail through screening. When managing high-risk customers, screening is generally the most appropriate option - you can’t conduct bespoke investigations on each customer. But when you are embarking on a one-off acquisition or conducting a funding round worth millions of pounds, there is the opportunity and the expectation to go further.

What Does an Enhanced Due Diligence Investigation Include?

EDD investigations provide a full picture of a subject, allowing firms to really know their counterparties and to understand their backgrounds and source of funds.

• Background, track record, modus operandi and reputation of the counterparty

• Thorough review of corporate records, seeking to confirm information presented and even complex ownership structures, and to reveal any undisclosed beneficiaries or hidden interests.

• Details of civil or criminal litigation or other regulatory or legal proceedings, which are often publicly available but not discoverable through standard screening searches

• Details of any business disputes, or improper or illegal conduct

• Any political exposure or relations with government officials, beyond that captured in PEP screening lists

A full enhanced due diligence investigation involves in-depth research of both the surface and deep web (gated, subscription-only and database sources) ideally using a mix of advanced AI tools, including sophisticated natural language processing, and expert human analysis. It may require research in multiple languages, the manual retrieval of records in jurisdictions where these are not available online, or consultation with vetted human sources.

Unlike routine customer due diligence, such investigations should be bespoke and allowed to develop based on the findings - there is no one-size-fits-all approach, as the information required and the research conducted will be different in each case. This calls for experienced investigators who know how to appraise findings critically and when to follow a lead, pursue a hunch, discount information or revise a theory.

How FINTRAIL Can Help

At FINTRAIL, we combine deep experience in financial crime risk management with proven due diligence capabilities to provide clear, actionable, risk-focused intelligence using advanced analytical skills and data discovery tools. We contextualise all findings using in-depth knowledge of the countries and sectors concerned, including geopolitical context. We keep you updated of our findings throughout, and deliver comprehensive final reports with network diagrams and visuals where appropriate.

What makes us unique and sets us apart from other intelligence and due diligence providers is that our team is drawn from the industries we support, and has extensive experience of risk management processes within financial institutions. We provide intelligence by compliance officers for compliance officers. We understand your needs and operational considerations, and can supply you with the targeted, relevant information you need alongside informed recommendations and advice to produce actionable outcomes, guided by your own risk appetite and decision-making framework.

To learn more about how we can help with your requirements - whether it’s a one-off report or outsourcing complex casework - please get in touch with our team.

Read more: Investor Due Diligence - A Two Way Street

The UK government has issued its much anticipated response to the call for evidence on the UK’s AML/ CTF regulatory and supervisory regime. It’s well considered, detailed … and perhaps a little safe.

Does it provide ground breaking changes? No.

Is it moving us forward? Slowly.

But realistically, this was never going to offer speedy and simple solutions. What it does do is recognise the importance of the fight against economic crime, and the vulnerabilities that exist, both at board level and on the streets. The report mostly serves to tell readers to ‘watch this space’, as this is “only the start of [the] reform agenda”, with further legislative measures to come this year via the second Economic Crime Bill and Companies House reform.

The foreword by Economic Secretary to the Treasury John Glen, highlights the need to continue to enhance efforts at home while working with the international community to influence and shape global standards. The report also recognises that in order to make a difference globally, the UK needs to strengthen and “harness the capabilities, expertise and information of both public and private sectors”.

This review is seen as only one part of the UK’s efforts. Along with the Economic Crime Plan Part II and reforms to Companies House, the UK is seeking to go beyond tick box compliance and “build a thorough and dynamic system of controls which responds to the real risks we face”.

The review has been structured around 3 key themes:

1. Systematic Effectiveness – what effectiveness looks like and how to measure it

2. Regulatory Effectiveness – equipping firms with a strong risk understanding and effective risk-based controls targeting areas of highest risk

3. Supervisory Effectiveness – reform of the supervision regime

The report builds on the work under the parallel updates to the Money Laundering Regulations (MLRs) and sets out the intention to develop an improved range of metrics to measure and evaluate the effectiveness of the MLRs in future.

The highlights:

• The National Risk Assessment (NRA) and existing public-private dialogue will be used to assess emerging risks and potential future changes to the MLRs.

• Post-Brexit, some areas of regulatory changes to support a risk-based approach have been identified, but other areas such as Suspicious Activity Reporting (SARs) and gatekeeping show limited need for regulatory change.

• The use of new technology and improving the AML guidance regime are potential areas for the government to support the private sector. Incremental improvements in collaboration with partners is the favoured approach

• Possible reforms of supervisory structure are considered with the aim of ensuring effective and consistent supervision across all sectors.

So how does this translate into action and what are the next steps? Below we summarise some of the key aspects of the review.

Defining Effectiveness

a. Objectives of the MLRs

The government has decided to refine the objectives for the MLRs, linked to the FATF methodology, by amending the following areas:

• Explicitly including the ‘provision of valuable intelligence’, aligning with the principle that effective prevention is more than just technical compliance

• Clarification of supervision - monitoring and enforcing compliance as part of a risk-based approach

• Collation of accurate information on beneficial ownership is not a primary objective but a means to identify and report suspicious activity.

b. Measuring Effectiveness

Many respondents questioned whether the specific requirements in the MLRs are having a direct impact on the scale and nature of disrupting ML/TF. The government will set out ‘outcomes focused’ metrics as part of the Economic Crime Plan to provide direct and clear feedback on the effectiveness of the MLRs.

c. High/low impact activity

Unsurprisingly, the regulated sector is in favour of reducing the number of mandatory requirements in the MLRs. Themes raised included:

• ‘High impact’ activity - consistent compliance with due diligence requirements and good quality suspicious activity reporting

• A disproportionate burden on ‘low impact’ areas of routine due diligence and transaction monitoring driven by mandatory requirements, and the inability to move resource to ‘higher impact’ areas

The government view is that firms have some discretion when adopting a risk-based approach, but resources and policies must be in place to meet the objectives of the MLRs. While there is scope to “dial down” less impactful activity, there is “insufficient evidence” to overhaul the MLRs.

d. Strategic national priorities

The UK will not publish standalone National Priorities such as exist in the US - the focus will be on developing the upcoming Economic Crime Plan and NRA to provide more strategic direction.

Regulated firms demanded more granular sharing of public-private intelligence, including in response to live threats and emerging risks. The government will explore how law enforcement agencies can provide more coordinated and timely communications. The NRA will be the primary vehicle for assessing emerging risks and identifying changes needed to the MLRs going forward.

Driving Effectiveness

a. Risk-based approach

Respondents felt that the MLRs contain too many prescriptive requirements, which goes against the premise of a risk-based approach. The government will not fundamentally shift the balance of mandatory requirements, but will consider the following factors:

• Small / new firms: Supervisors and the Office for Professional Body Anti-Money Laundering Supervision (OPBAS) will assess the support that can be offered to these firms to fulfill their obligations under a risk-based approach

• Guidance / information sharing: Law enforcement and supervisors will assess how information is currently shared and enhancements that could be made

• Supervisory approach: Supervisors will review how to ensure a risk-based approach is incorporated into supervision

• Enhanced due diligence (EDD): There are no plans to amend the mandatory requirement to perform EDD as listed in Regulation 33. However further work will be done on assessing the risk profile of domestic PEPs, removing the list of required checks for high-risk third countries, changing the wording of ‘complex or unusually large transactions’, and evaluating the effectiveness of EDD.

• Simplified Due Diligence (SDD): respondents highlighted that the time and effort to conduct SDD is the same as standard CDD, thus it is not useful. However, the government does not plan to change the components or description of SDD, with the exception of Pooled Client Accounts, where the government will consult on options to allow easier application.

b. New technologies

The government believes that inefficiencies and resource-intensive compliance processes are partly driven by failures to maximise the use of technology. Three workstreams will be established to find solutions and explore more effective models of engagement. As the MLRs are intended to be technology neutral, no specific changes will be made except for digital identity products., where the government is considering amendments to ensure greater clarity on electronic identity processes.

c. Supervisors’ role in SARs regime

Focus in this area should be on improvements to SAR technology and IT, an increased feedback loop, and better information and intelligence sharing. With a number of initiatives already underway, the government will keep a watching brief.

d. Gatekeeping function

There was broad agreement about the effectiveness of the gatekeeping function of supervisors surrounding the ‘approvals’ and ‘fit and proper’ test, with some consensus about enhancing this in higher-risk sectors such as crypto assets. The government will uphold the status quo and consult on specific feedback.

e. Guidance

Sector specific feedback is crucial, but it is too long, complex and inconsistent. Striking the right balance is difficult - there needs to be room for a risk-based approach. The result is we won’t see radical overhauls, but reform along the lines of three key principles:

• Sector specific guidance drafted by experts, including industry

• Improved approval process to streamline and speed up updates

• Improved quality control to ensure consistency, clarity and conciseness

AML/CFT supervision

The UK has 25 supervisors: three statutory supervisors (the Financial Conduct Authority (FCA), HMRC and the Gambling Commission) and 22 legal and accountancy Professional Body Supervisors (PBSs) who supervise the legal and accountancy sectors. This section considered potential structural reforms.

a. Enforcement

Respondents highlighted inconsistencies across different sectors. They noted the level of fines brought against financial institutions is higher than other sectors, which has led to high levels of AML investment but has made banks risk-averse. There is a call for greater transparency and consistency of approach.

b. Supervisory gaps

Some supervisory gaps exist in the legal sector where practitioners are not members of one of the legal Professional Body Supervisors (PBSs) with a general consensus on creating a default supervisor for the sector.

c. Supervisory reform

With FATF identifying major deficiencies in the UK regime in its last evaluation report, it’s not surprising this is an area of focus. And it is still a work in progress. With some high-profile enforcement actions and steps taken to improve a risk-based approach, there is room for further reform.

The shortlisted options for reform include additional powers for OPBAS, consolidating and reducing the number of PBSs, or establishing a single supervisory body for professional services. A formal consultation will be issued to further understand the pros and cons of each.

So what next?

Well, the review has provided greater understanding on the barriers to effectiveness but some of the solutions are unclear, meaning further work and engagement is needed. The key areas of focus for the next phase of development of the MLRs and wider AML regime are:

• Potential supervisory reform

• Further evidence and understanding needed on MLRs

• New objectives to the MLRs with measurable metrics

• A focus through tools such as the NRA to improve risk understanding

• Further engagement on new technologies

• Case by case updates to guidance

So as we said at the start, watch this space - the second Economic Crime Plan is now the next much anticipated document!

At FINTRAIL, we combine deep financial crime risk management with regulatory expertise to help keep your anti-financial crime programmes and governance structures in step with the latest official guidance.

Please get in touch if you would like support with designing, reviewing or enhancing your anti-financial crime framework.

Today is World Refugee Day, an annual event organised by the UN to celebrate and honour refugees from around the world and to raise awareness of their plight and efforts to protect their human rights. In the past 12 months, the world has seen fresh flows of refugees from Afghanistan and Ukraine, adding to those continuing to flee from Syria, Venezuela, South Sudan and other conflict and crisis zones.

Access to financial services for refugees and asylum seekers is a well-recognised problem.  Most face barriers to opening accounts and accessing the products and services they need to find work and accommodation in order to rebuild their lives.  Some lack acceptable forms of identification or cannot provide documentation to prove their address or income.  In some countries in Europe, banks may even refuse to accept passports from certain refugee-producing countries, given the risk of fraud. There are also barriers which are not unique to refugees, such as language skills, the accessibility of branch locations, or familiarity with technology.  

Germany’s Passport Restrictions

Licensed banks in Germany are required to use a system run by the post office, Postbank, to check that potential clients meet KYC requirements. The Postbank has a list of nationalities for which it cannot process passports, including countries such as Syria, Afghanistan and Pakistan. This means that people from many of the top refugee-producing countries cannot access banking services with any licensed bank in Germany.  

This creates an odd situation for developing FinTechs, which may “outgrow” the refugee market.  EMIs without full banking licences can use alternative document-checking services which do not automatically preclude certain nationalities.  However, if they subsequently become a licensed bank they will have to use the Postbank system and decline high-risk passports.

The ongoing flux of refugees from Ukraine prompted the European Banking Authority (EBA) to instruct banks to make it easier for refugees to open accounts, and to state that both banks and supervisors must ensure refugees can access the EU’s financial system without having to zealously comply with AML rules.   (This follows a 2016 EBA paper in which it commented that a combination of country risk and uncertainty over ID documents means the ML/TF threat posed by refugees and asylum seekers is “unlikely to be low”, but that the risk could still be managed effectively.)

Some regulators have taken steps to address the problem. An EU regulation passed in 2015 requires banks to offer basic payment accounts to all customers legally residing in EU countries, including asylum seekers and refugees.    Banks need not insist on a passport or ID card, but should accept any official document containing a full name, nationality, date and place of birth and residence, such as a residency permit.  However, many EU national regulators have still not issued guidelines to implement this regulation. 

Provisions may also vary depending on refugees’ country of origin, with many institutions making exceptions for Ukrainian nationals.  A number of digital banks including Wise, Revolut, and bunq, are offering free accounts and simplified account opening processes for Ukrainians (or in the case of Revolut, anyone fleeing Ukraine whatever their nationality).  In the UK, HSBC was one of the first institutions to allow Ukrainian refugees to apply for an account, introducing a new account opening process in March.

Some examples of best practice:

Lloyds Bank and the Lloyds Foundation

Through the Lloyds Foundation, LLoyds Bank works with charities supporting refugees, homeless people and victims of domestic abuse to understand their needs and identify areas where the bank should change its processes to allow access to its services.  It is looking at how to support people who do not speak English, again by partnering with charities to share expertise.

The bank has launched a programme to allow refugees and other vulnerable groups to use alternative sources of ID to access its services, including biometric residence permits or letters of recommendation from charities verified by the foundation, confirming the identities of applicants.

BNP Paribas

BNP Paribas offers refugees and other frequently unbanked individuals easy access to financial services through its FinTech company Nickel, with no need for a fixed address.  Rather than working with partner organisations to verify individuals’ identities, thus limiting support to individuals already ‘in the system’ and receiving support, Nickel enables users to access services directly at their nearest tobacconist and to use the address of temporary migrant housing or nearby service providers such as a laundrette or post office.  BNP Paribas also offers training to refugees and migrants through a series of partnerships, and supports lending to early-stage refugee-led enterprises.

Interestingly, Nickel is not run as a charitable initiative - it charges €20 a year for its services and a 2% fee for each transaction.  BNP Paribas says this shows that social businesses with a for-good imperative can also make money, thus making them more sustainable and resilient.

HSBC

HSBC has introduced a new account opening process for Ukrainian refugees, following on from earlier programmes to provide services to vulnerable users including survivors of domestic abuse and the homeless.  It is not clear if it intends to extend these processes to all refugees and asylum seekers.

HSBC says it has already helped over 1,000 victims of modern slavery and human trafficking through its Survivor Bank service, which provides access to a basic bank account without the need for photo ID or proof of address.  It accepts applications from people who are supported by a caseworker from the Salvation Army or one of 18 other charities that can verify their identify.  

HSBC provides a similar service to those without a fixed address. In partnership with the housing charity Shelter, the bank’s No Fixed Address programme enables caseworkers to verify the identity of individuals who lack the necessary documentation.

Recommendations for financial institutions

• Consider how you can meet your regulatory requirements on KYC and customer due diligence while removing unnecessary hurdles for vulnerable users including asylum seekers.  There is clear support for this approach from regulators and industry bodies, and major banking groups such as HSBC have already started leading the way.

• Consider manual or in-person alternatives to your automated, digital onboarding process.  This will benefit both refugees and other marginalised groups (such as the elderly or others less familiar with technology, or people with certain disabilities).

• Review your customer risk assessment model.  Many models are heavily but often unhelpfully influenced by nationality.  The combination of nationality, refugee status, employment status, and thin credit files can all combine to make refugees high-risk customers.  This may place them outside a firm’s risk appetite and denied access products and services, or require them to undergo additional due diligence (which they may well fail), or may mean they are subject to additional ongoing scrutiny.  This in turn can result in payments being blocked or accounts being frozen pending investigation, which can have serious knock-on effects, unfairly disadvantaging refugees and other affected groups.

At FINTRAIL, we strive to improve diversity, equity and inclusion (DE&I) in all aspects of anti-financial crime. We co-created the FinCrime Principles of Inclusion as part of Tech Nation’s Finclusion 2021 to increase awareness of this important area and to provide practical, implementable guidance. Find out more and download the principles here.  

If you would like to discuss any of the topics raised in this article, or how FINTRAIL can assist you review your existing controls and procedures to ensure inclusion for refugees and other vulnerable groups, please email us at contact@fintrail.com.