Say “risk assessment” to a financial crime compliance professional, and you’re sure to invoke hesitation or even fear.  Though mandatory, risk assessments can be daunting, resource-intensive exercises. With new typologies and financial crime threats emerging all the time, how can firms practically rethink risk assessments for a better and more effective approach? 

In a conversation with VP of EverC Melissa Sutherland, FINTRAIL’s CEO Robert Evans and Managing Director Maya Braine unpacked some of the essential considerations for rethinking risk assessments. As risk assessments are the bedrock of your financial crime programme, getting it right is fundamental to your overall success.

Key definitions

Upholding a risk-based approach

A risk assessment is a key component of adopting a risk-based approach. Two-pronged, the exercise involves identifying your firm’s potential risks and then critically assessing them. Which risks are more likely to occur?  What is the severity of their impact? This assessment process will help dictate how you prioritise and distribute your resources. Because compliance resources are finite, moving efforts to a higher-priority risk area will mean less attention to lower-priority areas. While many firms are reluctant to shift resources away from a threat, this triaging is intrinsic to a risk-based approach. We must recognise that low risk is not the same as no risk. However, by prioritising the mitigation measures for highly-likely and high-impact threats, you are taking a risk-based approach which is, ultimately, what regulators expect. 

As new financial crime risks continue to emerge, simply adding them to a risk assessment can make it unmanageable and unsustainable. To counter this, risks should be checked and challenged. Look at the evidence and ask: is this risk still present and relevant?  If not, should it be deprioritised or removed from the assessment? It’s vital to be proportionate with your risk assessment and consider removing extinct threats as well as adding new ones.  Otherwise, the process will balloon to unmanageable proportions and your resources and effectiveness will become diluted.

Establishing cadence

Risk assessments are typically conducted once a year; however, a strictly annual approach is outdated. Ideally, and depending on the nature of the firm, risk assessments should be updated more regularly. As new financial crime risks emerge and more data is available to the compliance function, risk assessments should be re-examined. Especially for rapidly scaling firms, setting up a dynamic approach to risk assessments, which is intrinsic to how the business grows and scales, is vital.

Once a risk assessment is established, cross-reference it with output indicators, such as SARs filed. Are the real risks observed in line with those in the risk assessment? By having a lookback process, you can simultaneously address any assumptions, such as one particular jurisdiction or sector being high-risk, as well as capture changes.

Data, data, data!

One common problem with risk assessments is they can often be based on assumptions rather than factual information.  Both internal and external data sources can give you more factual indicators of where your risks truly lie.  For instance, your internal data may show you which industry types regularly see suspicious activity and feature in more investigations or SARs, which will likely be more accurate than generic “high risk industry lists” which are not tailored to your firm.  

As firms get better at capturing and utilising multiple data points, it’s important to make sure you utilise all relevant information while avoiding being overwhelmed. Risk assessments should balance using consistent data points and incorporating newer, evolving data points. Consistent and high-quality data points are important for benchmarking so a firm can track its compliance efforts and identify trends. When deciding which data points to use, consider your most significant threats. For example, if fraud is a top concern, concentrating on device ID information or biometrics might make the most sense. Allow your top-risk concerns to guide you on where to focus your efforts and which granular data points to include.

Garner insights from business teams

Suspicious activities are typically anomalous. Understanding risk and atypical behaviour requires identifying what is typical as well. Involving other stakeholders in your firm, such as customer-facing teams like relationship managers, can give meaningful insight into what regular activity looks like. As these teams have more exposure to standard day-to-day activity, they can help the compliance department create a better picture of risk factors. Without engagement between business teams, firms may have a skewed perspective of risk. For early-stage firms, having meaningful discussions with the CEO or key founders can help determine: who is the target customer base, and how would a typical user use the product? 

Document your decisions

Unsurprisingly, it’s vital to document decisions and actions when it comes to your risk assessment.  Have a clear and articulate methodology statement: what methodology are you applying, and how do the calculations work? Use data to support your decisions. For example, if there have been no SARs filed or transaction monitoring alerts raised for a particular typology, then document that as part of your justification for its removal or de-prioritisation.

At FINTRAIL, we combine deep financial crime risk management with industry expertise to optimise your anti-financial crime programmes. With extensive experience assisting financial services businesses with building and conducting their enterprise and product risk assessments and customer risk assessments, we’re here to support you.

While environmental issues are front and centre of public discourse, environmental crime often takes a backseat. Yet environmental crime impacts every country and is considered ‘low risk, high reward,’ meaning those who commit it face inadequate consequences despite reaping massive financial gains.

Environmental crime is one of the most profitable proceeds-generating crimes in the world, with the latest figures estimating it generates $110-281 billion annually, in line with the likes of drug trafficking and counterfeit goods. The repercussions of environmental crimes are far-reaching and potentially catastrophic, including climate change and ecological disasters, disease risk, food contamination, and negative impacts on human health including reduced life expectancy and death. And it’s not just the impact of the environmental crime itself - these nefarious activities fund non-state armed groups and militia, making up 38% of their income, and have links to human trafficking and slave labour.

Given its status as a growing threat, the European Union added environmental crime to its list of predicate offences in the Sixth AML Directive. However, it remains a difficult crime to identify due to its wide-reaching nature. This article looks at two areas in which organised crime groups (OCGs) have involved themselves, forestry crime and waste trafficking, and identifies ways for financial institutions to tackle the issue.

Illegal deforestation and logging 🌲🪵

Forestry crimes can generally be grouped into two camps: illegal logging and land clearing.

Illegal logging - When timber is harvested, processed, transported, bought, or sold in breach of laws and regulations
Illicit land clearing - The unlawful acquisition and clearing of land for farming, building or real estate speculation

Both of these types of green crime often involve deep-seated corruption, from illegally-obtained logging licences to illegal timber plantations. A recent investigation by the International Consortium of Journalists (ICIJ) exposes how unregulated the forestry industry is, with ‘green certifications’ being given to products linked to illegal clear-cutting and authoritarian regimes such as in Myanmar.

Beyond the obvious destruction of wildlife and ecosystems, illegal logging destroys communities, causes human rights violations, and causes massive tax revenue losses for governments. Like in wildlife trafficking, intermediaries, exporters, and retailers stand to make the bulk of profits, with lower-level actors in the supply chain receiving only minimal amounts of the proceeds. As illegal logging is the most profitable natural resource crime in the world, bribery, fraud, and corruption are commonplace. Criminals have even resorted to hacking government websites to obtain permits. 

One difficulty with identifying illegal logging is the tendency for criminals to commingle goods, blending illegal wood with legally sourced timber. Illegal goods like tinder are challenging to differentiate from their legal counterparts, unlike narcotics which are easier to identify.

Waste trafficking  🗑

Garbage is big money and dirty business. A grossly under-discussed crime, waste trafficking is a lucrative business estimated to generate $10-12 billion annually. Illegal activities concerning waste trafficking involve trade that violates import or export bans (for example, the Basel Convention, which bans the movement of hazardous waste from OECD countries to developing countries) or the illegal and improper treatment of waste through disposal, incineration, or recycling. 

Both legitimate waste management businesses and criminal organisations can engage in illicit waste trafficking, with the latter often using legitimate waste management companies. With this strategy, criminals can easily blend illicit proceeds with legitimate funds, masking their nefarious origin. Criminals may also forge documents to mislabel waste as recycling or second-hand goods or to miscategorise hazardous waste as non-hazardous.

Illegal dumping

OCGs using waste management front companies employ sub-standard disposal or storage processes, sometimes engaging in illegal dumping. These practices have tremendous cleanup costs and pose a direct threat to public safety. One example that made headlines worldwide was the Camorra, an Italian mafia group centred around Naples, that burned toxic waste in the Italian countryside for decades, contributing to increased cancer rates. More recently, a 46-hectare site in Northern Ireland, known as the Mobuoy dump, was exposed as one of Europe’s largest illegal waste sites. As a result of Mobuoy, toxins have leached into the groundwater and river, causing serious health effects on communities and the ecosystem. Among the dangerous materials are asbestos and arsenic, with a cleanup cost estimated to be £100 million.

Sadly, because of the trajectory of global waste flows, most illicit waste ends up in the developing world. In its research, the Financial Action Task Force (FATF) identifies parts of Sub-Saharan Africa, Southeast Asia, and Central and South America as primary destinations. However, recent media reports have revealed Romania and Bulgaria as growing sites for illicit waste from Western Europe.

Aside from the environmental impacts, the waste industry has ties to human trafficking as a source of cheap labour. According to one non-profit organisation, two-thirds of modern slavery victims have worked within the waste industry in the UK. There is growing evidence that illicit waste trafficking is converging with other illegal goods, including instances of waste businesses used as a front for prostitution and drug trafficking. In one case, cocaine and other narcotics were hidden in garbage to avoid detection, before being shipped to Turkey.

Laundering the proceeds of environmental crime 💵

Money laundering methods for environmental crimes are similar to other predicate offences. Front companies and front persons are commonly used to commingle profits with varying degrees of sophistication, though experts have noted waste trafficking operations can be less complex than forestry crimes.

Like other transnational crimes, shell companies are frequently used to hide beneficial owners. In addition to intermediaries such as lawyers, accountants, trust and corporate service providers, freight forwarders and customs brokers play a notable role in facilitating the illicit trade. Trade-based money laundering techniques are also used, including forging import and export documents, under- or over-invoicing, issuing multiple invoices of goods, over-shipments and under-shipments, or the complete fabrication of transactions.

What should financial institutions be doing?

For financial institutions looking to strengthen their anti-financial crime programmes against environmental crime, assessing screening procedures is vital. Non-governmental organisations that focus on reporting and investigating environmental crimes can help firms identify bad actors, with links identified through adverse media screening. Additionally, financial institutions should consider putting customers involved in higher-risk industries such as forestry, wildlife, and waste management under enhanced due diligence measures.

At FINTRAIL, we combine deep financial crime risk management with industry expertise to optimise your anti-financial crime programmes. We’re here to support you in creating robust policies and procedures; refining, enhancing or testing your systems and processes; and providing context-based training to your teams. Get in touch to find out how we can help you fortify your controls against environmental crimes in a practical and efficient way.

Remediation programmes are often complex, protracted, and not a lot of fun. Whether it’s due to a spike of alerts, remedying control failings, or fixing regulatory findings, managing it alongside the day-to-day can be tough.

Our guide, ‘Follow The Yellow Brick Road: A Pathway to Successful Remediation’ highlights that a crucial part of remediation planning is knowing when to seek external support. Often firms wait too long to engage external consultancy support; things have already gone wrong, deadlines have been missed, and the pressure to deliver is high.

How to determine whether you need support

There is no one size fits all approach to managing remediation programmes. Sometimes, your remediation programme may not need a consultancy firm to assist; you may have surplus resources to deploy or the scope is small. In our guide we shared some key questions you should consider when assessing if your remediation needs external support.

1. Can you realistically balance BAU with any remediation activity required?

2. Do you have the expertise to resolve the root cause which is prompting the remediation in the first place?

3. Did current operational processes cause the remediation, and does this need to be enhanced prior to commencing?

4. Do you have the internal skill-set to run or execute the remediation?

5. Do you need access to a flexible pool of resources? How quickly can they be deployed? 

6. If you hire contractors, do you have the internal team leadership resources to manage them? 

7. What level of resources do you need - analysts, project managers, etc.?

6 best practices for remediation programmes

At FINTRAIL, we believe there are some fundamental elements to managing remediation programmes which we outline below. Working with a trusted partner means you have access to the right resources, dedicated focus and support to deliver a sustainable and successful remediation programme.

1. Do it early 

If you are considering bringing in an external firm to support a remediation project, we advise doing it early. Getting your programme structure and plan right from the outset is needed to ensure you deliver on budget and on time. We have learnt that remediations can get very complicated very quickly. Having a trusted partner to manage and troubleshoot can avoid spiralling costs and deadlines.

2. Root it out

Recent regulatory enforcements have shown that poorly managed remediation or transformation programmes can compound the original issue and lead to even more costly programmes to resolve. Remediations are often more than hiring temporary workers to clear the backlog of alerts. What comes before that is understanding and fixing the root cause to ensure that the forward-looking process is fit for purpose and, more importantly, avoid issues down the line.

3. Project management

Many heads of compliance are not project managers. While much of the role is managing different deadlines, resources and budgets, the skillset needed to deliver a remediation project differs. And more often than not, business as usual (BAU) is managed alongside remediation. Navigating remediations requires experienced teams with proven processes and methodologies.

4. Manage the narrative

This is a key theme throughout. Working with external consultants can help you define the narrative in your remediation. What are you remediating? Why are you remediating it? How will you remediate it? When will you remediate it? These are all critical components of your remediation narrative, but it's often easy to lose sight of them. Working with an external consultant can help you stick to this narrative, deal with new workstreams as they arise (they often do!), and manage the communication flow to all stakeholders.

5. Think about the end game

The relief of clearing a backlog or fixing a control is immense. But doing it without appropriate oversight and governance could come back and bite you. Managing quality through the project and having independent assurance to sign off a remediation programme is crucial. The proper oversight, challenge, and sign-off of your remediation programme will mean that you don’t need to worry about the issue rearing its head again down the line.

6. Flex your resources

Knowing how many resources you need and how to manage them can be a complicated process. What you need in phase one, will not be the same in a later phase. Different skill sets will be required at different stages, and for varying lengths of time. Having access to pre-vetted flexible resources that can be deployed at pace, and with the right skills can make a big difference on both output quality and your bottom line.

Whether you need someone to manage the project end-to-end, provide specialist advice, deploy flexible resources or provide independent sign-off, FINTRAIL supports remediation activities of different types and scales.

We all agree that working collectively is the only way to make headway in the fight against financial crime. To that end, FINTRAIL and the FinTech FinCrime Exchange (FFE) have been proud to participate in several industry initiatives in 2022, working with a range of private and public sector organisations.

1. The FFE has participated in the National Crime Agency (NCA) SAR Reform Programme monthly sessions, and in a number of working cells of the National Economic Crime Centre (NECC) Public-Private Partnerships.

2. In partnership with the Royal United Service Institute (RUSI), FINTRAIL has formed a ‘FinTech Financial Crime Policy Group’ which brings senior members of the FinTech community together to discuss regulatory issues which prevent them from efficiently and effectively combating financial crime. We have hosted sessions with HM Treasury, the Home Office and the Payment Systems Regulator on amendments to the Money Laundering Regulations, AML regime effectiveness and authorised push payment (APP) fraud mandatory reimbursement.

3. Also alongside RUSI, we have provided training sessions on FinTech and terrorism financing as part of Project CRAAFT (Collaboration, Research and Analysis Against the Financing of Terrorism), an academic research and community-building initiative enhancing CTF capacity across the EU.

4. We have taken part in an APP Fraud TechSprint held by the Financial Conduct Authority (FCA), and have applied to be a rotating member of the FCA’s Innovation Advisory Group next year.

5. We participate in events organised by the Singapore Fintech Association (SFA) and the British Chamber of Commerce and UK Department of International Trade (DIT) in Singapore, which have included round table discussions with the Monetary Authority of Singapore (MAS) and the FCA.
   

We look forward to continuing these partnerships and forming others over the course of 2023 💪 

Happy New Year from everyone at FINTRAIL! 

We’re excited to jump back into action and get stuck into our plans for the year.  A LOT happened in the financial crime world in 2022, and 2023 is likely to be just as busy.  

While making predictions is a fool’s game, here are some key themes we think are likely to be on the agenda this year:

• Increasing efforts to tackle fraud in multiple jurisdictions, including the UK where the House of Lords issued a report on “Fighting Fraud” and the Payment Systems Regulator introduced a plan for mandatory reimbursement of authorised push payment fraud.

• Increasingly mature and rigorous regulatory frameworks for cryptocurrency, especially following the explosive collapse of FTX in November 2022

• Evolving discussions on transparency and beneficial ownership in Europe, following the European Court of Justice’s November ruling that unrestricted public access to beneficial ownership registers violates the Charter of Fundamental Rights of the European Union

• A growing focus by regulators and industry bodies on effectiveness and outcomes over tick-box compliance

What’s happening at FINTRAIL?

Closer to home, here’s a quick overview of what we are up to over the next few months, and where we plan to focus our efforts over the coming year.

1. We’re refining our key services for financial institutions including audits, remediations, regulatory enforcement assistance, and target operating models. As ever the focus will be on innovative tech-driven approaches that focus on demonstrable and effective outcomes as well as regulatory compliance.

2. We will continue to work with and offer services to RegTechs and other vendors servicing the financial sector, covering advisory support, regulatory and market research, and the production of financial crime thought leadership including white papers, blogs, multimedia content, and webinars.

3. We’ve been developing a suite of off-the-shelf products for smaller or scaling financial institutions. So far we have launched transaction monitoring keyword lists, merchant category codes list, standard industry classification list, and outline AML / CTF policy. Keep an eye out for new releases including an MLRO report template and board reporting pack.

4. And finally, come and join us at one of our upcoming events! We’re hard at work on the plans for our annual conference in May - FFECON23, as well as a webinar on regulatory enforcement trends in January, an FFE social event in February, and a bootcamp on financial crime investigations in February / March.

We look forward to engaging with our wonderful network of clients, partners and friends in the coming months and wish you all a very prosperous and successful 2023!

At the start of a new academic year, we are asking ourselves a question - what can financial industry practitioners, educators and government authorities learn about teaching young people about financial crime? This topic has sparked a lot of interest in the FFE community when we’ve raised it before, most notably in one of our most popular FFECON sessions, with the VICE journalist Obi Juwah (available to watch on demand).

We’re revisiting this topic through the eyes of a student - Stefan Wlodarczyk, who recently completed a stint of work experience at FINTRAIL. We asked him to investigate what students his age know about financial crime, particularly money muling.

Stefan:

Financial crime is an increasingly common problem, with younger generations becoming more and more at risk. As a 15-year-old secondary student doing work experience at FINTRAIL, I investigate whether my generation is even aware of these risks.

To provide some background:

• The UK’s 2020 National Risk Assessment of money laundering and terrorist financing states that there were 42,482 suspected cases of mule activity in 2019, a 32% increase since 2017. 📈

• The National Risk Assessment recorded cases of children as young as 13 and 14 being approached on the playground to carry out these operations. 🚸

Teenagers through to university students are being recruited to become mules via social media. 📱Social media has the greatest influence on younger generations since it has become such an ingrained part of society. This makes it so dangerous, and so easy for people to become accidentally involved in money laundering.

Furthermore, the recent COVID-19 pandemic exacerbated the number of financial crime cases due to more people being online. 

In 2020, the European Money Mule Action EMMA6 programme identified at least 227 money mule recruiters who recruited over 4,000 mules. According to Cifas, cases of under 21-year-olds being used as money mules fell by 12% in 2020 compared to the previous year, which is still a 27% higher number of cases than in 2017. The change may be due to lockdown restrictions which forced teenagers to stay indoors rather than being recruited to carry out mule work.

The survey: Are younger generations aware of money mules?

I interviewed ten people around my age (15) from four different schools to explore this further.

1. Have you received any education regarding financial crime?

Three out of ten students (30%) said they had received financial crime education, two of them went to the same school. 70% said they had not received any education about financial crime. This is despite Cifas and the PSHE Association (the national body for Personal, Social, Health and Economic education) creating an Anti-Fraud Education campaign targeted at 11-16 year olds.

2. Do you know what money muling is?

Four out of ten respondents said that they knew what money muling was. Out of the four who said yes, three had received education on financial crime.

3. Where did you learn about money muling and financial crime?

Out of the four respondents who knew about money muling and financial crime, three said they learnt about it at school, and one said they had learnt about money muling on YouTube. 

4. Have you ever seen an advertisement for money muling on social media?

All respondents said no. 

5. Have you ever been approached by someone asking you to use your bank account (if you have one)?

Again, all respondents said no.

6. Have you ever been a victim of fraud linked to social media (e.g. purchase of goods which never arrived, or arrived and did not match the description)?

Only one out of ten respondents said yes. This student frequently uses eBay to buy and sell items, and has been a victim of authorised push payment fraud (being deceived into authorising a payment to a criminal).

7. Have you ever been encouraged on social media to invest in cryptocurrency or any other high-return investments?

Five out of ten respondents said yes to this question, having seen adverts on the internet rather than actually being approached directly on social media. However, I am fairly confident that at least one respondent was actively encouraged to invest.

8. What social media platform do you believe is the most likely to expose you to financial crime?

Five respondents said they believed that Instagram was the social media platform most likely to offer exposure to financial crime, and four said they thought it to be Facebook/Meta. 

The results

The results of my survey show that most (70%) of the respondents have not received any education on financial crime.  One respondent stated:

“To be honest, our school doesn't teach us anything on finance stuff.”

Interestingly, of two people interviewed from the same school, only one of them said they had received an education on this topic, which they had received the same day I conducted the survey. 

Consequently, all students who received an education on financial crime knew what money muling was, yet of those students that did not receive this education only one knew what money muling was. This is because they had seen a video on YouTube about the topic, demonstrating how effective social media can be at spreading information (or encouraging people to become mules).

Thankfully none of my respondents said that they had seen adverts encouraging money muling, or had been approached to become one. Unfortunately though, one respondent said they were a victim of fraud.

“I was dumb enough to send someone money, but the product never arrived. The bank said that I had been scammed, and they gave us our money back.”

The results of question six (on high-risk investments) may be skewed by legitimate online advertisements or social media influencers encouraging people to invest, rather than shady offerings. Although one respondent said,

“A lot of scammers on YouTube are promoting their apps for investment.”

Noting this, I would recommend more research into this area, and the impact of this.

My last question on which social media platforms are most likely to expose users to financial crime had interesting results with Instagram and Facebook/Meta being most commonly highlighted. During my interviews, Instagram came under fire for allegedly having “a lot of ads'' that were “really fake”.  Interestingly, one respondent said that they believed that YouTube is the riskiest regarding exposure to financial crime due to the large amount of adverts put out by influencers encouraging people to invest in their apps or programs.

Is enough being done?

Personally, I don’t think enough is being done to educate teenagers and younger children on financial crime risks. I cannot remember ever being taught about this at school, and I only first learned about it by watching a documentary on money muling and from my work experience at FINTRAIL. 

The UK government and some financial organisations have released educational resources such as the Don't Be Fooled programme, yet they do not appear to have reached their targeted audience. The reason seems to be because money muling and financial crime isn't exactly a topic that teenagers are interested in or actively seeking out information on.

School is an important educator in spreading awareness about financial crime.
One student I interviewed wasn't happy about the level of education he received. He said, “I did it [finance] at the start of Year 10, and I don't remember much of it. We’re getting weighed down by exams and tests; we need lessons that refresh consistently on that stuff”.

In my opinion, the logical solution would be to designate personal, social, health and economic (PSHE) sessions at schools in the UK to educate students on this hugely important matter. However, I think that it shouldn’t just be one-off lessons but, as suggested by one respondent, “repeat [these] important topics every year”.

Looking ahead: Beyond secondary school students

The problem goes beyond secondary students. A Nationwide Building Society poll found that 56% of university students (compared to 60% of secondary students) did not know what a money mule was. The high percentage illustrates a failure to properly educate students on financial crime issues. The same study states that 61% of the students believed they were susceptible to such advertisements, and 37% admitted that they would respond to or click on such advertisements. 🤯

I believe that in addition to more education, social media companies themselves should do more to prevent mule handlers from recruiting mules in the first place. They can do this by regularly screening users with suspicious hashtags or other indicators similar to “make money quick” in order to see if the user is actively attempting to contact potential victims. 

To read more about money mules and their use of social media and common typologies check out FINTRAIL’s blog posts here. 

If you want to get in touch for dedicated money mule training or create educational materials, give us a shout at contact@fintrail.com.

FinTechs are used to conducting enhanced due diligence (EDD) on customers as a matter of course - to meet their KYC obligations and to identify red flags. But what about their own business operations? How confident are they that they know who they’re partnering with, where their money is coming from, and who’s getting involved in their business?

There are several scenarios in which FinTechs should seriously consider conducting EDD investigations into investors or business associates. These include:

Why are enhanced due diligence investigations important?

What do we mean by EDD investigations? The kind of research called for in these cases goes a long way beyond standard watchlist and adverse media screening. We have seen countless cases of subjects with chequered histories that raise serious red flags sail through screening. When managing high-risk customers, screening is generally the most appropriate option - you can’t conduct bespoke investigations on each customer. But when you are embarking on a one-off acquisition or conducting a funding round worth millions of pounds, there is the opportunity and the expectation to go further.

What Does an Enhanced Due Diligence Investigation Include?

EDD investigations provide a full picture of a subject, allowing firms to really know their counterparties and to understand their backgrounds and source of funds.

• Background, track record, modus operandi and reputation of the counterparty

• Thorough review of corporate records, seeking to confirm information presented and even complex ownership structures, and to reveal any undisclosed beneficiaries or hidden interests.

• Details of civil or criminal litigation or other regulatory or legal proceedings, which are often publicly available but not discoverable through standard screening searches

• Details of any business disputes, or improper or illegal conduct

• Any political exposure or relations with government officials, beyond that captured in PEP screening lists

A full enhanced due diligence investigation involves in-depth research of both the surface and deep web (gated, subscription-only and database sources) ideally using a mix of advanced AI tools, including sophisticated natural language processing, and expert human analysis. It may require research in multiple languages, the manual retrieval of records in jurisdictions where these are not available online, or consultation with vetted human sources.

Unlike routine customer due diligence, such investigations should be bespoke and allowed to develop based on the findings - there is no one-size-fits-all approach, as the information required and the research conducted will be different in each case. This calls for experienced investigators who know how to appraise findings critically and when to follow a lead, pursue a hunch, discount information or revise a theory.

How FINTRAIL Can Help

At FINTRAIL, we combine deep experience in financial crime risk management with proven due diligence capabilities to provide clear, actionable, risk-focused intelligence using advanced analytical skills and data discovery tools. We contextualise all findings using in-depth knowledge of the countries and sectors concerned, including geopolitical context. We keep you updated of our findings throughout, and deliver comprehensive final reports with network diagrams and visuals where appropriate.

What makes us unique and sets us apart from other intelligence and due diligence providers is that our team is drawn from the industries we support, and has extensive experience of risk management processes within financial institutions. We provide intelligence by compliance officers for compliance officers. We understand your needs and operational considerations, and can supply you with the targeted, relevant information you need alongside informed recommendations and advice to produce actionable outcomes, guided by your own risk appetite and decision-making framework.

To learn more about how we can help with your requirements - whether it’s a one-off report or outsourcing complex casework - please get in touch with our team.

Read more: Investor Due Diligence - A Two Way Street

The UK government has issued its much anticipated response to the call for evidence on the UK’s AML/ CTF regulatory and supervisory regime. It’s well considered, detailed … and perhaps a little safe.

Does it provide ground breaking changes? No.

Is it moving us forward? Slowly.

But realistically, this was never going to offer speedy and simple solutions. What it does do is recognise the importance of the fight against economic crime, and the vulnerabilities that exist, both at board level and on the streets. The report mostly serves to tell readers to ‘watch this space’, as this is “only the start of [the] reform agenda”, with further legislative measures to come this year via the second Economic Crime Bill and Companies House reform.

The foreword by Economic Secretary to the Treasury John Glen, highlights the need to continue to enhance efforts at home while working with the international community to influence and shape global standards. The report also recognises that in order to make a difference globally, the UK needs to strengthen and “harness the capabilities, expertise and information of both public and private sectors”.

This review is seen as only one part of the UK’s efforts. Along with the Economic Crime Plan Part II and reforms to Companies House, the UK is seeking to go beyond tick box compliance and “build a thorough and dynamic system of controls which responds to the real risks we face”.

The review has been structured around 3 key themes:

1. Systematic Effectiveness – what effectiveness looks like and how to measure it

2. Regulatory Effectiveness – equipping firms with a strong risk understanding and effective risk-based controls targeting areas of highest risk

3. Supervisory Effectiveness – reform of the supervision regime

The report builds on the work under the parallel updates to the Money Laundering Regulations (MLRs) and sets out the intention to develop an improved range of metrics to measure and evaluate the effectiveness of the MLRs in future.

The highlights:

• The National Risk Assessment (NRA) and existing public-private dialogue will be used to assess emerging risks and potential future changes to the MLRs.

• Post-Brexit, some areas of regulatory changes to support a risk-based approach have been identified, but other areas such as Suspicious Activity Reporting (SARs) and gatekeeping show limited need for regulatory change.

• The use of new technology and improving the AML guidance regime are potential areas for the government to support the private sector. Incremental improvements in collaboration with partners is the favoured approach

• Possible reforms of supervisory structure are considered with the aim of ensuring effective and consistent supervision across all sectors.

So how does this translate into action and what are the next steps? Below we summarise some of the key aspects of the review.

Defining Effectiveness

a. Objectives of the MLRs

The government has decided to refine the objectives for the MLRs, linked to the FATF methodology, by amending the following areas:

• Explicitly including the ‘provision of valuable intelligence’, aligning with the principle that effective prevention is more than just technical compliance

• Clarification of supervision - monitoring and enforcing compliance as part of a risk-based approach

• Collation of accurate information on beneficial ownership is not a primary objective but a means to identify and report suspicious activity.

b. Measuring Effectiveness

Many respondents questioned whether the specific requirements in the MLRs are having a direct impact on the scale and nature of disrupting ML/TF. The government will set out ‘outcomes focused’ metrics as part of the Economic Crime Plan to provide direct and clear feedback on the effectiveness of the MLRs.

c. High/low impact activity

Unsurprisingly, the regulated sector is in favour of reducing the number of mandatory requirements in the MLRs. Themes raised included:

• ‘High impact’ activity - consistent compliance with due diligence requirements and good quality suspicious activity reporting

• A disproportionate burden on ‘low impact’ areas of routine due diligence and transaction monitoring driven by mandatory requirements, and the inability to move resource to ‘higher impact’ areas

The government view is that firms have some discretion when adopting a risk-based approach, but resources and policies must be in place to meet the objectives of the MLRs. While there is scope to “dial down” less impactful activity, there is “insufficient evidence” to overhaul the MLRs.

d. Strategic national priorities

The UK will not publish standalone National Priorities such as exist in the US - the focus will be on developing the upcoming Economic Crime Plan and NRA to provide more strategic direction.

Regulated firms demanded more granular sharing of public-private intelligence, including in response to live threats and emerging risks. The government will explore how law enforcement agencies can provide more coordinated and timely communications. The NRA will be the primary vehicle for assessing emerging risks and identifying changes needed to the MLRs going forward.

Driving Effectiveness

a. Risk-based approach

Respondents felt that the MLRs contain too many prescriptive requirements, which goes against the premise of a risk-based approach. The government will not fundamentally shift the balance of mandatory requirements, but will consider the following factors:

• Small / new firms: Supervisors and the Office for Professional Body Anti-Money Laundering Supervision (OPBAS) will assess the support that can be offered to these firms to fulfill their obligations under a risk-based approach

• Guidance / information sharing: Law enforcement and supervisors will assess how information is currently shared and enhancements that could be made

• Supervisory approach: Supervisors will review how to ensure a risk-based approach is incorporated into supervision

• Enhanced due diligence (EDD): There are no plans to amend the mandatory requirement to perform EDD as listed in Regulation 33. However further work will be done on assessing the risk profile of domestic PEPs, removing the list of required checks for high-risk third countries, changing the wording of ‘complex or unusually large transactions’, and evaluating the effectiveness of EDD.

• Simplified Due Diligence (SDD): respondents highlighted that the time and effort to conduct SDD is the same as standard CDD, thus it is not useful. However, the government does not plan to change the components or description of SDD, with the exception of Pooled Client Accounts, where the government will consult on options to allow easier application.

b. New technologies

The government believes that inefficiencies and resource-intensive compliance processes are partly driven by failures to maximise the use of technology. Three workstreams will be established to find solutions and explore more effective models of engagement. As the MLRs are intended to be technology neutral, no specific changes will be made except for digital identity products., where the government is considering amendments to ensure greater clarity on electronic identity processes.

c. Supervisors’ role in SARs regime

Focus in this area should be on improvements to SAR technology and IT, an increased feedback loop, and better information and intelligence sharing. With a number of initiatives already underway, the government will keep a watching brief.

d. Gatekeeping function

There was broad agreement about the effectiveness of the gatekeeping function of supervisors surrounding the ‘approvals’ and ‘fit and proper’ test, with some consensus about enhancing this in higher-risk sectors such as crypto assets. The government will uphold the status quo and consult on specific feedback.

e. Guidance

Sector specific feedback is crucial, but it is too long, complex and inconsistent. Striking the right balance is difficult - there needs to be room for a risk-based approach. The result is we won’t see radical overhauls, but reform along the lines of three key principles:

• Sector specific guidance drafted by experts, including industry

• Improved approval process to streamline and speed up updates

• Improved quality control to ensure consistency, clarity and conciseness

AML/CFT supervision

The UK has 25 supervisors: three statutory supervisors (the Financial Conduct Authority (FCA), HMRC and the Gambling Commission) and 22 legal and accountancy Professional Body Supervisors (PBSs) who supervise the legal and accountancy sectors. This section considered potential structural reforms.

a. Enforcement

Respondents highlighted inconsistencies across different sectors. They noted the level of fines brought against financial institutions is higher than other sectors, which has led to high levels of AML investment but has made banks risk-averse. There is a call for greater transparency and consistency of approach.

b. Supervisory gaps

Some supervisory gaps exist in the legal sector where practitioners are not members of one of the legal Professional Body Supervisors (PBSs) with a general consensus on creating a default supervisor for the sector.

c. Supervisory reform

With FATF identifying major deficiencies in the UK regime in its last evaluation report, it’s not surprising this is an area of focus. And it is still a work in progress. With some high-profile enforcement actions and steps taken to improve a risk-based approach, there is room for further reform.

The shortlisted options for reform include additional powers for OPBAS, consolidating and reducing the number of PBSs, or establishing a single supervisory body for professional services. A formal consultation will be issued to further understand the pros and cons of each.

So what next?

Well, the review has provided greater understanding on the barriers to effectiveness but some of the solutions are unclear, meaning further work and engagement is needed. The key areas of focus for the next phase of development of the MLRs and wider AML regime are:

• Potential supervisory reform

• Further evidence and understanding needed on MLRs

• New objectives to the MLRs with measurable metrics

• A focus through tools such as the NRA to improve risk understanding

• Further engagement on new technologies

• Case by case updates to guidance

So as we said at the start, watch this space - the second Economic Crime Plan is now the next much anticipated document!

At FINTRAIL, we combine deep financial crime risk management with regulatory expertise to help keep your anti-financial crime programmes and governance structures in step with the latest official guidance.

Please get in touch if you would like support with designing, reviewing or enhancing your anti-financial crime framework.