Machine Learning & Artificial Intelligence - Financial Crime

It seems that everyone is talking about Artificial Intelligence (AI) at the moment: whether it’s Elon Musk and Mark Zuckerberg disagreeing publicly on the doomsday type scenarios that AI might bring [1], or banks predicting AI to be the primary way in which they interact with customers in the future [2], there’s wide-ranging interest in what AI can do for society as a whole, companies and individuals. But, to be clear, and before going further, what exactly is the difference between Machine Learning and AI, or is there indeed a difference?  The clearest explanation we’ve seen goes something like this:

·      Artificial Intelligence – this is the high level concept that machines can do something in a way that we, as humans, would consider “smart”

·      Machine Learning - is a current application of AI based around the idea that we should really just be able to give machines access to data and let them learn for themselves [3]. (Thanks Forbes!)

Similarly, in the financial crime space, numerous articles exist about how AI and Machine Learning can help to combat illegal activity in banking and beyond [4].

At FINTRAIL, we believe that AI and Machine Learning have huge potential to deliver great results in the financial crime space.  Whether it’s AI helping investigators to detect previously unknown connections between entities and typologies, or Machine Learning helping refine transaction-monitoring rules by different customer sets and behaviour, the benefits for companies and their customers are huge. Imagine for a moment that your bank could tell whether purchases made at a high-end online retailer at midnight just after you received a bonus cheque were genuine or fraudulent, based on your previous behaviour in a similar scenario.  Great, right?  No annoying text messages, or blocked transactions if it were genuine, and peace of mind that that kind of transaction would be blocked if it were fraudulent, and you didn’t actually have a compulsive online shopping habit (ahem).

But, as with anything new and relatively untested, there are pitfalls.  One of the key ones is making sure that any Machine Learning models start off with relevant data, such that they can begin the learning process appropriately, and you don’t program in algorithmic bias.  Typically – and let’s take the case of a Machine Learning engine for transaction monitoring -  this is relatively easy to build: you have a known scenario, which is fed into the engine for it to learn and refine over time as the transactional data is processed and fed into it.  However, this can be tricky in financial crime situations, as ideally you don’t want any money laundering or bribery (for example) to go through your system before you work out what the scenario or relevant data for the Machine Learning engine is. 

So, how do we address this?  Well, something we are passionate about at FINTRAIL is making sure that firms have a thorough risk assessment; truly understanding your business model and the ways in which criminals might seek to exploit it will help to build the best scenarios for any future financial crime Machine Learning engine. These can then be used to create the baseline relevant data that goes into the Machine Learning engine, such that it can start to learn behaviours. Examples here might include understanding your typical customer profile, such that you can build a Machine Learning model to automatically categorise them by risk profile, or Machine Learning models that take into account transactional behaviour and a range identifying particulars to reduce sanction re-screening hits.

Another tactic we’ve seen is to combine more traditional models with Machine Learning.  Again, in the transaction monitoring space, combining a rules-based approach with Machine Learning is a great way of teaching the engine to learn, and giving good baseline scenarios that it can work from.

So, all in all, we’re on Mark Zuckerberg’s side of this particular argument – we think AI has great potential, but that it, and Machine Learning in particular, needs strong data to support it, and as with humans, the right conditions to succeed.

 

[1] http://fortune.com/2017/07/26/mark-zuckerberg-argues-against-elon-musks-view-of-artificial-intelligence-again/

[2] http://uk.reuters.com/article/us-banks-ai-accenture-idUKKBN16Z1AH

[3] https://www.forbes.com/sites/bernardmarr/2016/12/06/what-is-the-difference-between-artificial-intelligence-and-machine-learning/#6ac626162742

[4] https://www.finextra.com/blogposting/14225/artificial-intelligence-the-next-step-in-financial-crime-compliance-evolution

Image Courtesy: Saad Faruque, Flickr (Creative Commons)

Protecting Customers Through Financial Crime Intelligence

FINTRAIL has recently launched its Financial Crime Intelligence and Investigations practice, something we’re really excited and passionate about.  We believe that intelligence and investigation form critical and complementary parts of any robust financial crime risk management program. Before we explain why that is, we’ll kick off with a couple of definitions:

Intelligence: This is information about an event that you receive in advance of it happening.  Examples from history include the intelligence gathering (on both sides) about troop movements in the Second World War.  Examples in financial crime include receiving information from an issuing bank about an account that is purportedly connected to fraudulent transactions in another account.

Investigation: This is the process that takes place after an event occurs, and usually tries to figure out what went wrong or what is going on once a credible threat has been identified.  So, following a terrorist attack, for instance, the police will launch an investigation to try to understand as much about the attacker’s background as possible, and exactly what happened to support any formal judicial or enquiry process.

Although we’ve separated out the two concepts theoretically, they are intrinsically linked with each feeding the other.  To use another example, a firm might look at new typologies that criminals are developing to commit fraud, and proactively add new rulesets to transaction monitoring to detect similar behaviour before the fraud takes place. This process will flag a number of customers, some of whose accounts will need to be closed or who may be vulnerable.  It might also flag other accounts with suspicious behaviour, but which appear to display a different typology.  These accounts can be individually investigated, but if there are enough of theme, there may be sufficient information to identify a new typology (intelligence), and therefore a new set of rules stemming from the new activity observed - it’s a cyclical process!

So, what is FINTRAIL doing in this space?  Well, we’re bringing together the leading technology and new data, along with our expertise (if you look at our Team page, you’ll see we’ve all been doing this kind of work for years!) to provide intelligence and investigations expertise as an outsourced service. In start-ups, this can help keep small financial crime teams lean while still having access to the best capabilities in this area and removing the more complex work around intelligence and investigations from the fast-paced environment of a start-up. And for more established firms, this provides access to the latest technology, and can help with resourcing challenges on a long or short-term basis. We hone in on customer protection and solid recommendations for system, rule or other structural improvements on the basis of our findings; and this is why intelligence and investigations are such a crucial part of any financial crime risk management framework, as it actively helps to inform and improve existing systems and processes, keeping them up-to-date, proactive and targeted at the most serious threats.

Best Practice in Customer Due Diligence (CDD) Among FinTech - FFE White Paper

The team at FINTRAIL is really excited to have worked with UK FinTech Financial Crime Exchange (FFE) members to produce this White Paper. An extract and the full paper are below.

Financial technology companies (fintechs) leverage online and mobile applications to offer new financial services with efficient and cost-effective customer experience. However, the non-face-to-face (non-f2f) nature of fintech businesses poses risks that fraudsters or other criminals may seek to exploit these remote platforms and related products.

Robust customer due diligence (CDD) is one element of an overall risk management architecture that can mitigate these threats. Fintechs are uniquely suited to harness and develop innovative CDD approaches, owing to their dynamic business models and comfort in using technological solutions. This white paper describes examples of best practice in CDD among members of the FinTech Financial Crime Exchange (FFE), offering practical insight for fintech companies and other stakeholders – such as banks and regulators – seeking to better understand the industry. It provides examples of how fintechs are utilising innovative CDD approaches to manage risks while also enabling a high-quality customer experience. For example:

• Fintechs are leveraging numerous data points and employing innovative analytical approaches to enable a dynamic and holistic view of customer risk.

• This includes the use of facial recognition techniques, interactive user interfaces, innovative document scanning and analysis, Internet Protocol (IP) geolocation, predictive analytics and machine learning.

• These solutions can enable fintechs to employ a genuinely risk-based approach to CDD as their customer base and service offerings evolve. 

This paper also assesses areas where fintechs can benefit from further development and exploration. For example:

• Fintechs should carefully consider the appropriate balance of in-house and third party solutions for their business model.

• Fintechs must be prepared to conduct thorough and formal assurance testing of both in-house and third-party solutions and outsourced services.

• As they scale, it is important that fintechs have in place adequate governance arrangements to manage risks that come with changes to their CDD systems and controls.

UK FinTech Working Together to Combat Financial Crime

In January 2017 FINTRAIL (www.fintrail.co.uk) and the Royal United Services Institute (RUSI) (www.rusi.org) launched the UK FinTech Financial Crime Exchange (FFE). The FFE brings together 17 of the UK’s leading Financial Technology (FinTech) firms who have agreed to collaborate, by sharing best practice and pooling information on financial crime typologies in order to protect their customers and strengthen their sector’s ability to detect and counter the global threat of financial crime, including money laundering, terrorist financing, bribery and corruption, tax evasion and market manipulation.

The UK FinTech sector is at the forefront of the global FinTech revolution, accounting for a total of £783m investment in 2016. This coincides with a growth in the risk of financial crime driven by the expansion of digital channels and the increasingly interconnected nature of global finance and business. 

As the UK continues to lead the global FinTech revolution, UK FFE members are taking a proactive and robust stance against financial crime and the negative impact it can have on customers, communities and the financial services industry. Through collaboration members are sharing information on typologies and leveraging advanced technology to deter, prevent and detect criminality.



“The FFE gives senior management a forum to share industry knowledge, and gain an understanding of best practices specifically relating to Fintechs.”

James Nurse – Head of Fraud and Payments, Pockit

“Our company's core value is collaboration. Thanks to the FFE and participating members, we have been able to share and learn from industry leaders. This, ultimately, will lead to a more secure sector.”

Merlin Gore – Head Engineer, Bud

“At Ozan.com, we’ve developed innovative and dynamic financial crime tools to keep our customers safe. The FFE’s network of fintech industry experts provides insights enabling us to continually improve our risk management products to continually mitigate fraud and other criminal behaviour.”

Ozan Ozerk – Co-Founder, Ozan.com

“Fintech businesses are using tech solutions to address today’s problems. We use AI and Machine Learning in our day-to-day business, ensuring UK businesses receive meaningful working capital quickly which they need to grow. In this endeavour, we must also have the capabilities to tackle financial crime. We look forward to collaborating with FFE members to ensure high standards and to secure the industry’s defences.”

Anil Stocker, CEO and co-founder, Marketinvoice

“The FFE helps Monzo share knowledge and get a better understanding of financial crime across the industry as part of our mission to build the best current account in the world”

Natasha Vernier, Monzo

“As an online mortgage lending and investment platform we deal with customer finances and data every day, so security is at the heart of our online systems and processes. Forums like the FFE are invaluable to ensure that as an industry we share our experiences and solutions in the rapidly evolving fintech space so that together, we can keep our customers safe.”

Julian Cork, Chief Operating Officer, Landbay

For any enquiries on the FFE please contact Rebecca.marriott@fintrail.co.uk

ACAMS Webinar - FinTech, Crowd Funding and Innovative Businesses

On 21 April 2017 FINTRAIL co-founder Robert Evans joined Samantha Sheen from ACAMS and Laurence Twelvetrees from Revolut to deliver an interactive educational webinar on FinTech and financial crime risk within innovate business. With an average audience of over 1150 attendees from over 80 countries, it demonstrates the ongoing interest in the rapidly developing world of FinTech and disruptive financial services.

The session focused on three training objectives:

  • Gaining a clear understanding of the risk profiles of innovative business firms and their risk characteristics as they relate to financial crime

  • Obtaining greater awareness about the steps taken by these types of businesses to mitigate the risk of their possible misuse in order to launder the proceeds of crime

  • Developing a wider comprehension about the information that should be sought and understood in order to undertake an appropriate and accurate risk assessment of these types of business relationships

You can listen to the full webinar by visiting the ACAMS webinar library via the button below and searching for - "FinTech, Crowdfunding and Other Innovative Businesses."

Two Sides of the Compliance Coin

FinTech is a term that has entered the collective public consciousness in recent years. There is an increasing awareness of the disruption and exciting opportunities FinTech is bringing to financial services and consumers alike. This article looks at the benefits of FinTech, some of the challenges, and examines how the world of financial crime compliance and FinTech complement each other.

Originally published in the March-May 2017 ACAMS Today magazine, a publication of ACAMS © 2017.

The Role Of Deterrence In Managing Financial Crime For FinTech

The open and engaging way in which FinTechs attract customers and their razor sharp focus on customer experience presents an exciting opportunity to build-in and enhance the concept of deterrence as an effective and efficient part of their financial crime risk management.

The act of deterrence has become a common sight on the streets of many european capital cities, where armed police now patrol in response to the terrorist threat. Their very presence is designed to inhibit the confidence of a terrorist to physically act or target the venue where they are present. The presence of the police officer is both a physical control but also creates a perception of security. This is similar to airport screening, where the signs on approach to the screening points are designed to increase the perceived pressure on those seeking to breach the screening process, before they even get to X-ray machine. How many of you now spend the time in the airport queue tapping your pockets checking that you have no metal present as you don't want to be delayed for a few minutes? Imagine the feeling of stress that an individual would be feeling if they actually were trying to by-pass the screening process. Not only does this deter some uncommitted actors, it also presents additional opportunities to detect the activity.

In financial crime risk management terms deterrence is often discussed in the context of controls, where they physically stop illicit actors gaining access to an account, and this is a critical component; however, a credible and efficient deterrence process can and should be applied well before your customers start to interact with a physical control. If you think about it in purely operational and monetary terms, reducing the attempts of illicit actors that come into contact with your physical controls by 10%, say, results in potentially 10% fewer KYC matches or anomalies that need to be reviewed at cost, a percentage fewer transaction monitoring alerts that need to be investigated, and a reduction in the chances of a potential regulatory breach.

If we refer back to our analogy of the armed police officer standing outside a museum - do you need to physically interact with the officer to know he means business? Generally the answer would be no - you get a perception that he is there to do a job. This same theory can be applied to the perception you build of your company's financial crime controls and your corporate position when it comes to managing and dealing with financial crime.

Criminals are equally vulnerable to human emotions and will avoid firms where they feel the risk reward is not balanced in their favour. In some cases, they won't even try and test or breach your actual controls - turning their attention on those services they feel are more vulnerable. As with the analogy of the armed police officer, perceived deterrence is not enough and must be backed up by sound protection, detection and disruption activities/controls but perceived deterrence can be a hugely powerful and have tangible benefits.

Application of this key concept does not mean that you need to have big scary signs (digital or physical) that turn-off your customers and impact customer experience, in fact quite the opposite. Intelligent and credible deterrence can be integrated seamlessly into the open and engaging way new financial services are interacting with their actual or prospective customers while also reinforcing the point that FinTech businesses take the protection of the their customers and corporate responsibility seriously. For example, engaging your customer and user base through considered content is not only an open and transparent way to communicate exciting progress but it also presents the opportunity to get a strong deterrence message into the public domain. That messaging is then front and centre when the illicit actors are researching and scoping opportunities. 

It goes without saying that you do not want to compromise the effectiveness of your actual controls by disclosing sensitive features such as specific KYC conditions or transaction monitoring methodology but this should not inhibit the use of the deterrence concept as part of an effective layered financial crime framework, where its use can maximise efficiency, improve operational performance and also positively reinforce your customer engagement and protection objectives.

 

The team at FINTRAIL work with FinTech and regulated businesses to implement intelligent and risk-focused financial crime controls. Please contact the team at FINTRAIL for further information.

 

Intelligence Delivers Excellence - FinTech & Financial Crime - MISC Article

Why Adopting a Threat-Focused and Intelligent Approach to Financial Crime Will Help Drive Fintech Success.

The 21st century has been characterized by an interconnectedness that impacts every aspect of business and society. This level of connection itself is not new, especially in business, where there have always been long, connected chains of actors, actions, and goods. Two key forces have increased this global interconnectedness in recent years: the globalization of business and society in all forms – including friendships, cultural influence, criminality, and terrorism – and the rapid development of information and communication technology.

A new set of assumptions is emerging about operating in this technology-enabled, interconnected financial services environment. Actions and relationships are expected to be fast (if not instantaneous), and they should be rendered both transparent and permanent by the information and communications technology that enable them. Moreover, regulators’ expectations of what one needs to know about the connections within any given financial system have also increased.

In 2016, a large-scale leak of client data from Panamanian law firm Mossack Fonseca revealed details of offshore companies and transactions, some of which were alleged by investigative journalists to involve criminality in various forms. The response from global government bodies was to request information from financial institutions almost indiscriminately – even the governments themselves did not know which actors and activities were illicit or licit. Financial institutions faced a choice: investigate every actor and transaction with a potential link to Mossack Fonseca, or explain to government institutions what they knew about their exposure to Mossack Fonseca and their understanding of the financial crime risk associated with that exposure.

Though the latter choice was manifestly less labor intensive, it required companies to know, in detail, who their clients were at any given point in time. This was the only way they could state with confidence whether their business with various clients fell within or exceeded the company’s desired level of risk. In other words, companies needed to know who their clients were, what they were doing, and what they were expected to be doing – they needed good intelligence.

Academic debate on the definition of intelligence continues to rage, but for the purposes of this article, we regard it as the ongoing process of gathering requirements (a need for information, a need for a service), collecting information pertinent to those requirements (market data, customer profiles), and analyzing and assessing that information to draw out conclusions. This, in turn, drives the next set of actions (product development) or requirements (more research). Intelligence in practice is a constant iterative cycle of activity that matures as a company learns and gathers more information.

The concept of applying an intelligence process is not new for fintech or financial services companies on the product side of business. An examination of how successful firms build and iterate their products is enough to illustrate that the ability to generate good intelligence already exists within the core DNA of how fintech companies operate. The methods they apply to product development are a great example. Fintech companies identify a market opportunity or process that is prime for disruption before collecting supporting data, planning a method or solution, producing a product, issuing it to customers, and then learning from their feedback. They are continuously iterating at pace. In fact, many good fintech CEOs state that they value the feedback loop with users most, as this feedback allows them to identify areas for improvement and focus on the things customers really want and are willing to pay for.

Donald Gillies, CEO of PassFort, a rapidly growing technology firm that provides anti-money laundering (AML) and know your customer (KYC) solutions for regulated business, elaborated on this: “For companies that are truly innovating, there is no more valuable commodity than engagement and feedback from customers. It’s more valuable than revenue. More valuable than funding. It’s feedback and, more specifically, the learning that results from it that allows you to deliver excellence. Minimizing the time between feedback being given by a customer, that feedback being understood and evaluated by the product team, and evolving [that feedback] into tangible product outcomes enhances process credibility. Enhanced process credibility increases customers’ willingness to devote time and resources to contribute more feedback. In such a set up, more feedback leads to better product outcomes.”

Gillies goes on to state that “excellence itself is where such efficiency and desirable outcomes are achieved repeatedly. This ability to repeatedly deliver excellent outcomes is what enables businesses to scale quickly and efficiently – no matter what line of business they operate in.”

It is this innate mindset and thirst for knowledge and feedback that positions fintech firms to have an exciting opportunity to build the same intelligence-led concepts and associated excellence into the financial crime controls they develop. There is huge potential commercial benefit as these companies build proportionate, progressive controls that foster trust across customers, partners, and regulators while also addressing the complexity of interconnected, diversified, and evolving global financial crime risks.

In February 2002, then US Secretary of State for Defense, Donald Rumsfeld, stated the now globally recognized words: “There are known knowns. There are things we know that we know. There are known unknowns. That is to say, there are things that we now know we don’t know.” This phrase has become synonymous with the often explored and debated issues around intelligence and analysis, but its sentiment also rings very true in the battle against financial crime. The application of a very static, compliance-only financial crime risk-management methodology will always enable a company to identify and deal with the known knowns. However, in most cases it is not the known knowns that cause debilitating consequences. These come more often from the left field of known unknowns. However, our work with fintech firms has brought an interesting trend to our attention: an increasing appetite for and ability to look for known unknowns.

This development is probably being driven by the personality type of those working in fast-paced fintech firms in combination with increases in access to data and technical knowledge. This new trend is exciting and has the potential not only to effect positive change in how the financial services industry addresses financial crime, but also to delineate additional areas of competitive advantage for fintech. Developing intelligent processes and working to fill the void of information created by known unknowns will drive excellence across all fronts: it will enable competitors to disrupt existing structures, processes, and services; it will allow them to see opportunity in risk and manage it proactively and intelligently; and, crucially for startups in the financial services space, it will allow them to drive customer trust through their effective and frictionless financial crime risk management practices. In the context of globalization and interconnectedness, intelligence and excellence are a powerful combination. This combination can rebalance the complex equation behind the efficient management of financial crime without hindering the exciting commercial and social potential of disruptive financial services. Fintech can lead that charge, as they already have the inbuilt personality traits, data, and technical capabilities to think intelligently about financial crime controls. And, in this sense, intelligence leads to excellence.

The team at FINTRAIL work with FinTech and regulated businesses to implement intelligent and risk-focused financial crime controls. Please contact the team at FINTRAIL for further information.

To read this article on the fantastic MISC website please visit - https://miscmagazine.com/intelligence-delivers-excellence/

Image Credit: The Digital Way

 

New Initiative to Explore FinTech and Financial Crime

RUSI’s Centre for Financial Crime and Security Studies will host the first meeting of the FinTech and Fincrime Exchange (FFE), a new initiative to promote an increased understanding of financial crime by the FinTech industry. 

Organised in collaboration with FINTRAIL, a financial crime risk management company, this initiative has been conceived due to the recognition that as a rapidly growing industry, FinTech providers, much like traditional financial institutions, must ensure that their organisations are not misused for financial crime purposes. 

Technological innovation has undeniably reshaped the financial landscape, in which efficiency, customer experience and ease of use is prioritised by FinTech providers – in a sharp contrast to traditional financial institutions. Nonetheless, the key financial crime threats and vulnerabilities remain, as criminals and terrorists will seek to exploit the system for their own gain, including money laundering, terrorist financing, cybercrime, bribery and fraud, to name a few. 

Whilst there is gradually increasing awareness of these issues, there are few spaces in which relevant personnel from FinTech can engage with one another, discuss shared challenges and foster a greater level of financial crime understanding. 

This initiative seeks to fill this gap through the creation of the FFE, which will aim to meet once every two months to discuss key issues as identified by its members. Its objective is to inform, debate, and develop knowledge and best practices in financial crime that both policy makers and regulators can adopt. 

For more information on this project, please contact Florence Keen, Centre for Financial Crime and Security Studies, or Rebecca Marriott, FINTRAIL.

 

https://rusi.org/rusi-news/new-initiative-explore-fintech-and-financial-crime

Free Financial Crime and Cyber Security Surgeries - FinTech and Financial Services

We at FINTRAIL are pleased to launch our free Financial Crime and Cyber Security Surgeries.  

Launching on Tuesday 31st January, we will be running free monthly surgeries providing early stage companies in financial services, including FinTechs, with friendly informal advice and counsel.  We are passionate about helping businesses manage their financial crime risks effectively (money laundering, terrorist financing, fraud, sanctions compliance, tax evasions, bribery & corruption) through a risk based approach, as well as demystifying financial crime risk and compliance.

Our experts will be available to;
- answer any questions you have on financial crime or cyber security
- brainstorm ideas or approaches to your financial crime risk
- advise on how to prevent regulations from inhibiting your business and demystify the regulatory requirements
- prioritise and plan your roadmap
- have a chat about anything else really!

Come and talk to our experts!

Date: Tuesday 31st January & Tuesday 28th February (follow us on social media for future dates)
Time: 45 minute sessions available from 1400hrs
Address: WeWork, 9 Devonshire Square, London EC2M 4YD (please let us know if you are not based in London and we can make alternative arrangements)
How to book: Email rebecca.marriott@fintrail.co.uk

We look forward to meeting you!

www.fintrail.co.uk

FinTech : Our Hot Topics for 2017

After what has been an exciting year for FINTRAIL, and FinTech, we look ahead to what we think will be three hot topics that will shape the industry in 2017.

1.    Indian Demonetisation

November 2016 saw the Indian Prime Minister make his demonetisation announcement, where all 500 and 1,000 rupee banknotes are no longer recognised as legal tender in a drive to combat ‘black money’ and financial crime, predominately terrorism financing and tax evasion.  These two notes comprise around 86% of the currency in circulation in India.

There is a known correlation between cash-heavy societies and crime – cash fuels black market activities, and that cash then needs to be laundered.  The extent to which India can successfully reduce financial crime through demonetisation, without creating more financial crime than they began with, remains to be seen and will be an interesting test case in 2017.

So what will the world learn about this drive to digitalisation, particularly in emerging markets?  A move to digitalisation increases transparency and traceability of funds but it can also open up new channels or risk vectors such as an increase in cybercrime and internet fraud.

There are already some Indian FinTechs in existence, and benefiting from the demonetisation already. Paytm, an Indian-based FinTech that offers products such as bill payments and e-commerce, had 5 million customers join shortly after the demonetisation announcement, and such rapid onboarding can of course create potential risks unless managed very carefully.

India’s move away from cash and to digital solutions presents huge opportunity for the regional FinTech sector as it moves in to 2017, as well as an opportunity for us to understand more about how financial crime risks materialise when markets make a sudden and rapid transition from cash to digital.

2.    RegTech in 2017 – KYC for Businesses

RegTech is going from strength to strength, whether it be the UK Financial Conduct Authority (FCA) creating the RegTech Sandbox (shortly to take its second cohort) or the likes of Deloitte calling RegTech ‘the new FinTech’. We’ve seen some brilliantly innovative tools in 2016, and it looks like 2017 will continue to be a great year for RegTech.  So what do we think will be big in the operational world of RegTech and specifically financial crime compliance focused RegTech for 2017?

There’s now many RegTech companies offering Identification and Verification (ID&V) and/or Know Your Customer (KYC) for retail customers, transforming the way innovative businesses now onboard customers, enhancing the customer experience and offering a key point of difference over incumbents.  However, the same cannot be said for onboarding business customers. As FinTechs that have to date catered for a retail focused customer base go in search of higher margins offered by business products, we at FINTRAIL think that KYC for businesses will be the focus in 2017.

KYC for businesses is more challenging and has a higher number of complexities than KYC for an individual. In simplistic terms conducting KYC on an individual usually involves confirming their individual identity. However, KYC for a company requires more layered information, which can be far more challenging to obtain and confirm.  For example, there can be many company directors linked to the business, it can be difficult to identify the beneficial owner, the company can have a convoluted corporate structure with multiple subsidiaries, those subsidiaries could be based in different jurisdictions, it can be challenging to verify the company’s trading activities, source of funds, industry and whether it is in your risk appetite, and so on. 

The fact that so much information is required to complete KYC on a business is partly why incumbent banks can take many months to onboard a client. However, it is important to get it right as the risks in providing products for businesses can be higher, as there is the potential for more money, counterparties and individuals to be involved.

3. FinTech, Financial Crime and Information Sharing.  

Information sharing between companies or financial institutions to combat financial crime seems obvious, yet it has only recently begun to gain traction, with the UK Joint Money Laundering Intelligence Taskforce (JMLIT) becoming BAU in May 2016. Major banks only make up a small proportion of the UK and international financial eco-system, and their market share is being eroded as disruptors offer new and innovate products. This means there is potential for a significant gap in knowledge and information exchange that could undermine efforts to collectively address financial crime risks. To address that in-balance FINTRAIL, in partnership with Royal United Services Institute (RUSI), is excited to be launching the FinTech FinCrime Exchange (FFE) in early 2017.  

The FFE is a non-commercial information sharing forum for FinTechs, which addresses an industry requirement to build financial crime risk management knowledge and capability within FinTech and the disruptive finance space.  It will do so through sharing experiences of dealing with financial crime, developing typologies and trends, and helping FinTech members learn from each other.  The FFE will also improve public/private engagement on financial crime risk issues in FinTech. 

Good information sharing can have a profound impact on a FinTechs ability to effectively manage their financial crime risk, and help stop criminals using their products or services for illicit purposes. 

If you would like more information on the FFE, or to become a member, please contact the FINTRAIL team.

Addressing The Threat of De-Risking in Payments, Remittance and FinTech - Practical Advice

FINTRAIL co-founder Robert Evans recently spoke at the PayExpo MENA event in Dubai on the issue of de-risking, the impacts it is having on the correspondent banking, payments, remittance and FinTech sectors as well as offering business owners and leaders in the audience some practical advice on minimising the risk to their business. We thought it would be worth sharing some of the insight for our readers.

What is de-risking?

The Financial Action Task Force (FATF) defines de-risking as:

"Situations where financial institutions terminate or restrict business relationships with categories of customer to avoid rather than manage risk - such as respondent banks, NGO’s, gaming/gambling entities and money service businesses (MSBs)."

Within the financial institution community the term de-risking is seen as unhelpful, but we use it today as it has become a widespread and recognised label that carries a level of industry recognition.

As global correspondent and clearing banks have felt increased regulatory pressure in markets such as the UK and US, that has in-turn filtered down to regional correspondents, local respondents, issuers and all those that rely on the banks for their accounts and services. 

There has been lots of debate about the issue of de-risking, with papers published by industry, regulators and global bodies and many industry initiatives underway to address the strategic drivers behind the trend. We are not going to re-hash that content here but instead focus on it from the other direction - bottom up.

We want to give business owners and leaders some advice based on our direct knowledge of leading de-risking decisions and some of the drivers behind it, in order that vulnerability and weakness can be addressed.   

Reducing vulnerability to de-risking.

While we recognise that pan-industry efforts are critical to solving some of the fundamental drivers to de-risking (such as over regulation and cost of KYC), we also think as an industry we have not done enough to understand and articulate at a micro or individual level what drives some of the operational decisions that often lead to a de-risking or refusal to onboard scenario.

Historically during previous employment, our team have sat in client interviews, reviewed business profiles, business plans and looked at transactional flows that were very high risk, and in some cases that was totally new to those individuals we were talking to. Interestingly, and a cause for concern, was that some of the worst cases were not in those markets that were deemed to be traditionally ‘high risk’, but those within for example supposedly heavily regulated European countries. While we can potentially point the finger at the regulators and big bad banks, we think there is also a need for personal accountability amongst the industry, business leaders and individuals to look very carefully at their business models and ensure they understand the risks.

It will cost a bank somewhere in the region of £40-100k to onboard a new respondent, and it is not too dissimilar for payments firms, depending on the risk profile. In addition there are significant ongoing compliance costs that quickly mount up. In a high risk scenario annual due diligence could easily run to tens of thousands of pounds when you consider increased monitoring and onsite visitation requirements. In a pure correspondent banking scenario that is fairly easy to imagine but when onboarding or retaining a payments provider that is not so easy, especially where the margins for the bank are relatively small. Some of the core industry initiatives that are underway can and will drive down the associated costs, but making some of those items genuinely operational is still some way off.

All of this means that as a payment provider seeking an account or wishing to maintaining banking services you need to do everything you can to positively influence that risk vs reward equation. We are not going to focus on the commercials, especially as there may be little margin to improve that, particularly in the early days, but more on the risk side of the balancing act as that is one area we have seen can be significantly enhanced and make businesses more bankable.

FINTRAIL want to give you some simplified and distilled points drawn from direct experiences of assessing the risk reward equation - what were we and others really looking for when balancing that equation and how can you as a business owner and key industry leader help shape the tone of the discussion.

While some of these points may have slightly grand sounding titles or definitions, they are really real-world activities that will help you position your business and conversations far more effectively:

1. Understand and use a financial crime risk appetite.

All financial service firms should have an appreciation of their appetite for financial crime risk and how that correlates to their business strategy that in turn drives how you manage the day-to-day operations of your business. In simplistic terms we define a risk appetite as a formal statement of intent that guides and should underpin how you approach financial crime risk as a business and should really form part of your company DNA.

It is really important to acknowledge you can not operate a successful financial services business with zero financial crime risk, but you should be able to articulate and evidence how you are managing your business within a defined appetite that is based on an honest assessment of your control environment and the risks you face.

That is all very theoretical but how does this manifest itself in the real world? Your risk appetite is a neat and concise way to articulate your overall risk profile to a potential partner that further underpins your ongoing dialogue regarding controls and flows. It also underpins policy decisions about clients and markets as it can be used to guide strategy.

We have seen a number of beautifully crafted risk appetite statements but we continue to see very poor operationalisation of the intent behind the statement. You may ask why risk appetite is so important - and our answer is that the process of developing a risk appetite forces you to consider and genuinely understand your likely exposure to financial crime risk and possibly even more important, assess how effective your controls actually are.

If for example a business stated to us that they have no appetite for defence and arms related business, we would expect that it manifests itself in policies and procedures, restricting those clients at onboarding and in turn this should be further reflected in the transactional flow.

You must always allow a margin of error and potential differences in definitions but systemic failings call into question the efficacy of the control framework and would be an immediate red flag of wider issues.

2. Know and understand your customer base.

This links quite nicely to our observation about risk appetite and is one of the ways we would assess how a risk appetite is operationalised.

Would we expect you to know every single client by name? No, but you should have a view of your customer base and risk segmentation, especially when it comes to those customers that may fall into the high risk categories such as PEP’s or in a bank context, MSBs/payment firms.

It builds confidence that controls are well established and effective if you are able to accurately articulate the segmentation of your customer base and evidence that coherently. It also goes a long way to building open and transparent relationships with your partners as you are able to identify anything particularly high risk that you may wish to disclose or discuss. It is worth noting that depending on the exact nature of the transactional relationship, your partner will be able to see roughly what your customer base looks like so hiding it is not helpful. This will magnify the issues if something contentious is identified.

3. Transparency and Openness

We have always believed that fighting financial crime should be a team sport pan industry, between public and private sector and especially between partners. As an industry have we always approached it that way? Probably not but there is growing recognition that we need to do more.

When engaging with partners it is about building a relationship of trust and that requires transparency. Bring your partners along on your journey. If you have a weakness, don't hide it but explain what it is and what is being done about it - it builds trust.

Make sure you start your compliance dialogue at an early stage and take the time to understand the drivers on both sides of the conversation - it will help you articulate the message and information more effectively.

Make sure you clearly understand the questions that your partner is asking and they understand exactly what you need from them. We have seen confusion lead to a rapid break down in trust.

Additionally, try and make sure your data and materials are easy to understand and relevant. We are not suggesting you need beautiful designed templates and dashboards but it really helps the dialogue if your materials and data make sense.

4. Controls

We do not necessarily mean some of the more mundane items but more specifically, what you are doing to manage the higher risk business categories. For example are you processing payments from locations that may be transit countries for foreign terrorist fighters? How do you control and mitigate the risks of that?

You need to be able to clearly articulate to your partners what the risks are, what controls you are applying, and the icing on the cake is when you can evidence the control is effective.

One of the best working examples of this we have seen in previous employment was a UK based entity who had a relatively large component of gaming and gambling activity. Transactional analysis had identified what appeared to be fairly high risk activity that was on face value outside our risk appetite but our engagement with the client soon allayed specific fears as they were very quickly able to articulate precisely what additional controls they were applying to that activity, and prove effectiveness - we allowed them to continue to process that flow.

Their approach was so effective, because they had already done step 1, 2 and 3.

In Summary

We have deliberately simplified some points to fit them into a short article and we recognise that some of these items are not new and not necessarily easy to do, especially when you add scale and global presence into the mix, but hopefully the sentiment of what we are suggesting is evident.

Do we need to do more to address the strategic issues driving de-risking - absolutely. However there is also more self help that smaller businesses can do to engage effectively with partners at both the initiation of the relationship and an ongoing basis. We have seen first hand that there is far more that the industry can be doing to make themselves attractive customers, especially in the early stages where the commercials may not tip the balance in that all important risk vs reward equation.

The team at FINTRAIL are uniquely positioned to help organisations address the issues and challenges presented by de-risking and a risk-off appetite as well as supporting businesses to effectively engage Partners in higher risk scenarios. Please contact the team at FINTRAIL for further information.

Conducting Due Diligence on a FinTech Business

At FINTRAIL, we were really excited to present at the recent ACAMS seminar, KYC/CDD for the 21st Century. It was an excellent day, with some great presentations and speakers.


The theme for the day focused on applying a risk based approach to KYC and CDD and examined developing trends in the industry, with an audience drawn from across the financial services spectrum. FINTRAIL provided the audience with a simple methodology for conducting risk based due diligence on a FinTech business, examining some of the challenges, but also the opportunities the sector and approach may bring.

Delegates worked through a case study, which showed that although there are risks, the entrepreneurial spirit that defines FinTech can often be appropriately harnessed to improve financial crime controls such as onboarding and KYC. In turn this can result in more efficient and effective processes - reducing the perceived risks a FinTech may pose to issuing banks and Partners.

There is no denying that accessing banking facilities remains a significant challenge for payments providers and FinTech, driven by the continuing fall-out associated with de-risking/risk-off appetite and a general perception that the FinTech sector is of higher risk from financial crime. This session highlighted that a risk based approach to both the onboarding and ongoing due diligence of a FinTech business presents an opportunity to build a strong relationship between the provider and client, where the perceived or actual risks are understood, appropriately managed and the parties are then empowered to collectively capitalise on exciting commercial opportunities the sector is creating.


Our thanks again to ACAMS and Samantha Sheen for organising such a great event.

 

Please feel free to contact the team at FINTRAIL if you would like further information.

Cyber Myths - The Dark Art of Cyber Security

We are living in an increasingly connected and digital world and one where the delivery and consumption of financial services is moving online. This is driving a hugely positive and rapid evolution in financial services, offering customers more choice and a generally more convenient and focused experience. However this positive evolution has potential to be undermined by a break down in trust for companies, their partners, customers and regulators driven by failures to protect against cyber enabled crime. This is even more important in fledgling financial service businesses such as FinTech where hard won customers can be quickly lost via a breakdown in trust.

There is a complex dictionary that accompanies cyber security, complimented by huge numbers of confusing and expensive systems hitting the market that claim to combat the risk of cyber enabled crime. For those who do not have the depth of experience in cyber and data security it can be daunting to get your head around, never mind simplistically understand what you should be doing to better protect your customers and business. We are often asked by our clients and contacts to help them simplify the discussion around cyber and data security - so that is what we are going to do over the next few months. FINTRAIL are going to strip it back to the fundamental basics, in a language that everyone can understand and provide some useful pointers that should help readers think logically about the risks they face. Where we do use a technical term, you will find it hyper-linked to its definition.

Understand the scale of the problem

The aims of the cyber criminal will determine a business’s attractiveness as a potential target. As a general rule any business could be a target of ransomware style attack as this tends to be a volume approach - infect everyone and see who pays up. However, the nature and construct of a particular business model or system will have characteristics that make it potentially more or less attractive to cyber criminals. For example, do you provide customer accounts or facilitate value transfer? Do you collect and store lots of data on customers? Do you integrate with or have partners accessing your network/system? Answering yes to any of these may, at face value, make you more attractive to cyber criminals as the dividend or reward for them is higher than that of an individual.

In this edition we are going to focus on the logical and most simplistic place to start and forms our basic step number 1 - understand the risks and scale of the problem.

We have been watching with interest over the last few years as the boundaries between physical and digital crime have become increasingly blurred. If you read the news in any given week there are usually a number of cyber related stories hitting the headlines, whether it be well-sourced and detailed allegations of state-sponsored interference with National elections, cyber fraud targeting retail banking customers or institutional banking systems targeted. It can make for daunting and at times confusing reading but it is really important to set this issue within the context of your business. 

The 2016 UK National Crime Agency (NCA) Cyber Crime Assessment made a number of interesting observations:

  • The accelerating pace of technology and criminal cyber capability development currently outpaces the collective response to cyber crime. This ‘cyber arms race’ is likely to be an enduring challenge, and an effective response requires collaborative action from government, law enforcement, industry regulators and, critically, business leaders.

  • The NCA assesses that the most advanced and serious cyber crime threat is the direct or indirect result of activity by a few hundred international cyber criminals, typically operating in organised groups, who target businesses to commit highly profitable malware- facilitated fraud.

  • Although the most serious threat comes, directly or indirectly, from international crime groups, the majority of cyber criminals have relatively low technical capability. Their attacks are increasingly enabled by the growing online criminal marketplace, which provides easy access to sophisticated and bespoke tools and expertise, allowing these less skilled cyber criminals to exploit a wide range of vulnerabilities. 

  •  A ‘compliance approach’ that aims to meet minimum standards does not adequately deal with intelligent and evolving adversaries, as threats are evolving faster than most defensive technologies and security practices. 

As the NCA assessment above highlights, cyber criminals will often need to expend effort and resources to target a business effectively. Much of this is now achieved via relatively old vulnerability 'exploits' that are cheap and easy to come by and can be deployed at scale by the criminals. The newer exploits are becoming cost prohibitive for anything but the most sophisticated and well-funded cyber criminals.

Criminals have made a large pivot recently from using technical system exploits that require minimal user interaction to an old approach that focuses on applying social engineering tactics (Any act that influences a person to take an action that may or may not be in their best interest) to convince victims to click or run infected documents. These techniques date back to the mid-90’s but are really easy to scale.

The growth in the online criminal marketplace has now enabled cyber criminals to focus on niche areas of expertise, buying in the skills or access they need. The marketplace also helps them to scale up quickly – with tools such as exploit packs designed to automatically find the best possible web exploit for a target, packaging tools much like commercial SaaS solutions. They even use the terms ‘conversion rates’ when advertising the solutions to the criminal customers!

Example of how an Exploit Pack works - Microsoft.

Example of how an Exploit Pack works - Microsoft.

By taking some time to understand what is happening in the industry and how it applies to your business model, you will be able to contextualise developments and understand their significance. In our next post we are going to focus on the need to complete a risk assessment to structure and formalise some of the thinking about data and cyber security. Turning it into a user friendly and simple format that can help you make decisions and build a responsive and proportionate plan to mitigate the risks.

FINTRAIL’s cyber experts offer practical advice and commercially focused guidance to businesses looking to address the risk of cyber-crime. If you would like to discuss your cyber or data protection needs further, get in touch with the team at FINTRAIL. www.fintrail.co.uk

2020 The Future of Financial Crime - MISC Journal

The past century has seen a huge shift in the financial services landscape – from the growth of retail banking (as we know it) in the late 1800s; to Diners Club developing the first credit card in 1950; and the elusive Satoshi Nakamoto’s invention of Bitcoin, the world’s first fully virtual currency, in 2008. The evolution in financial services has been complemented by the rapid development of enabling technology, the internet, a huge growth in connectivity, and the successful emergence of mobile and flexible payment channels. Collectively, these exciting developments are opening up financial services to new markets and users, as well as offering customers better value and more choice. With such developments – which are often rapid and occasionally chaotic – the risks and opportunities for both legitimate consumers and financial criminals have evolved and expanded. This article produced by the team at FINTRAIL explores the future of financial crime, its evolution and likely impact on the financial services industry as we move towards 2020.

 

 

Talent, Fintech & Compliance

Many companies now expend a huge amount of time, effort and money finding the right cultural and technical fit when it comes to recruiting new members of a team and this is no more prevalent than in financial services and FinTech. In this post we will explore what it takes to source top compliance and financial crime risk management talent for FinTech.

You can have the best business plan, latest systems and whizzy offices but unless your people have the right culture, technical competencies and personal attributes you will struggle to create the effective and sustainable results many businesses crave. While it is not new, it is certainly worth re-iterating from a compliance perspective that people are both a critical part of any business framework but they are also a risk. We will examine insider and conduct risk in more detail in a later post but for now we will focus on finding the right talent for your team.

We turned to our friends from FinTech legal and compliance recruitment company Series B and their founder Will Pedley who has placed dozens of professionals in the sector for his insights:

Question: When you are speaking with clients do they know what they are looking for in a compliance or financial crime hire?

Most clients are pretty clued up on what they need, but always appreciate some guidance. Some, of course, are completely new to the market or the geography and will look for advice, such as level of experience required for their business, salary, benefits, flexibility (including contract or permanent). My advice to any client would be to hire experience first and build a team around them.

Question: In your experience have you had any challenges finding good quality candidates to fill compliance and financial crime risk management roles for FinTech and new payment firms?

If you’re looking for experience, you’ll certainly find a great variety of quality candidates in the market, both contract and permanent. The difficulty is finding the right culture fit. There are a lot of great FinTech companies to work for and the space is becoming harder to define so, depending on what a company is looking for, you can spread the net quite wide into areas such as Media, Regulation, Tech and Banking, in order to find the skills and mind-set your client needs.

Question: Are firms/clients still recruiting generalist compliance roles or are they focusing on financial crime as a specific topic?

It depends on the size of the company and the team. If you’re a start-up with limited funds and it’s difficult to tell what you might need, then you’ll typically go for a generalist who possibly has a strength in a key area. If you have the resources to allow an individual to focus their time on a specific area of compliance, then of course you’ll consider narrowing your search. In the US, for example, licensing experience is important for payments businesses, but in the UK I tend to be asked to look for generalists.

Question: Where does financial crime risk management and compliance feature on start-ups’ priority list?

From my experience, it’s a key requirement that most companies are willing to budget for as an internal function. Occasionally a start-up might look for a contractor to set up procedures and put systems in place. I work with a lot of companies who need a compliance officer when applying for a license in the UK, so it’s not really a choice. Wherever you are, geographically, there are plenty of FinTech events and meet-ups, so business leaders are becoming more aware of what’s required. Strong data and financial security are all features a business should promote, so you should find start-up companies are prioritising compliance alongside product advancement and marketing.

Question: Are there any personal qualities you look for in candidates that make them suitable for compliance roles in FinTech?

Without a doubt, I look for versatility. Value for money is as important in FinTech as it is anywhere else, so I’m always looking for someone who’s actively sought to gain experience in a variety of areas as I think that reflects on their personality and, culturally, is something companies are looking for. With digital and commercial skills constantly improving and the ease in which candidates can find and apply for new roles, you need to be able to stand out and I think a strong work ethic is simply something you have or you don’t. A good compliance professional will see the value in the work they do and actively seek to generate solutions for their company, rather than close doors.

Question: What sort of experience would you be looking for and do you look for any specific qualifications?

It depends on the location of the role and the size of the business. Legal and compliance is becoming more of a dual role, particularly at a senior level, and so a legal background is always a plus. In the US, as I’ve mentioned, licensing experience is great for payments companies and an understanding of NMLS. Generally, you can’t go far wrong with industry experience but, naturally, if you have more strings to your bow then you have more to offer a new business. To counter that, however, as with many roles there are the more mundane, day to day elements that are as important as the varied, exciting projects and cases. I need to be able to find someone comfortable with the day to day, which is a skill in itself.

Question: Generally, what are candidates looking for when they move into FinTech and payments – is it all about the money?

Quite the opposite, it’s rarely all about money. Sure, people need to pay their bills and have a life outside of work, but candidates who really understand the industry realise that there is a real opportunity there. Experienced candidates want excitement and variety and to work with cutting edge products, surrounded by intelligent, forward thinking people. Add to all that the stock options, dress down offices, saunas, table tennis, flexible working hours and company holidays… I’ve seen candidates halve their salary in order to find a good role with a FinTech business.

Question: What excites candidates and how does FinTech compete with the high salaries currently offered in traditional financial services?

Candidates know they’re part of the future by joining a challenger bank or payments company. Of course, banks, hedge funds and the like are all looking into new technologies and creating ‘innovation labs’ and a department of intrapreneurs to better understand the technology, but they’re still seen as a bank or hedge fund. Pure FinTech businesses, particularly the new generation, are nimble, creative and exciting with an aggressive marketing strategy. There are risks, such as lack of funding, but RBS have cut nearly 3,000 jobs this year. The salaries aren’t that bad, in fact they’re very competitive, so with all of the above plus bonuses, stock and additional benefits, FinTech companies have a great offering in comparison with traditional financial services.

Question: Any exciting developments or areas of focus in next 12 months?

Personally I think it’ll be exciting to see how the rise of the challenger banks starts to turn out, both in the UK and in Europe. I was at the PayExpo in London recently and there were some great discussions on what actually makes these banks any different to the ones millions of us already use. Starling have just been granted their license and guys like Mondo, Tandem and Atom are gaining a lot of interest. Will they offer something truly innovative and disruptive? Time will tell; but competition always brings about great ideas and I’m looking forward to seeing what the next 12 months brings. And of course, with more companies using digital wallets and holding more consumer funds and data, the focus on compliance, data security and financial crime prevention, increases.

Brexit, FinTech & the Risk of Financial Crime

There is no denying the seriousness of the decision taken by the UK to leave the EU. Time will tell what the impact will be on the UK and Europe’s finances as well as the direct impact on the UK’s blossoming FinTech sector.

FinTech strategist Devie Mohan stated

A lot of London-based fintech startups are run by non-UK born entrepreneurs. This will now reduce, with difficult immigration and a reduced available market. London-based fintechs will now be looking at a more complex web of regulations and trading laws for UK and EU. Economies of scale will reduce. Survival will be harder! Berlin, Stockholm, Sin, HK will emerge as hubs.”

So what does this decision mean from a financial crime risk perspective for FinTech’s operating in the UK market?

Firstly let’s focus on AML and financial crime regulation. The UK is due to implement the 4th EU Money Laundering Directive (4MLD) by June 2017 . The 4MLD is enhancing existing regulatory standards already in operation across the UK and Europe and in fact the UK AML and counter-terror financing regulation is already front running the pack in its completeness and effectiveness. Amongst other factors the 4MLD provides additional requirements on the application of the risk based approach, identification of beneficial ownership, PEP identification and coverage of high value goods. These enhancements are based on the Financial Action Task Force (FATF) 40 recommendations and as the UK is member of FATF it would still need to comply with these recommendations, whether in the form of 4MLD or not. Brexit is unlikely to have any material impact on the requirement to enhance controls in-line with the FATF recommendations. Does this make things easier or more complicated for the FinTech sector? Our view is that companies need to focus on the risks they face first and regulatory compliance a natural second. So the requirement to understand and manage financial crime risks in support of sustainable business does not change. The long term regulatory landscape may look a little more complex but the short and medium term requirements based on FATF recommendations and 4MLD won’t change.

From an operational perspective what impacts may Brexit have?

As Devie Mohan quite rightly highlighted access to high quality resources may be impacted in the medium term by complexities in immigration rules and visa considerations. This may have an impact on financial crime and compliance expertise available to support the growth of FinTechs and the eco-system as a whole as recent history has shown a growth in resources coming from European countries to supplement the UK’s shortage in credible compliance resources across the whole UK financial services industry.  This may be antagonised by the unique skill-set required for a start-up environment where broad financial crime and compliance expertise (across all financial crimes) is required rather than very specific SME knowledge (such as AML only) required by many large incumbents. The reliance on outsourcing compliance processes such as KYC to eastern Eurpean countries such as Poland may also be affected by changes to information and data sharing arrangements although that may open up the market and competition even further.

Will financial crime risk increase?

There is no denying that difficult economic conditions and uncertainty can create conditions that increase the risk of financial crime. We do not yet know whether Brexit will cause a contraction in the UK economy but early indications of market reaction and pre-vote statements from the Bank of England suggest it is a possibility. A 2009 Time Magazine article titled ‘The Reason Fraud Spikes During a Recession” stated some interesting observations:

“a U.S. firm that runs compliance and corporate-governance hotlines for about half the Fortune 500, fraud-related calls amounted to 21% of all reports in the first quarter of this year, up from 14% in the same period in 2007.”

“A majority of members of the U.S. Association of Certified Fraud Examiners who were polled in February and March 2009 said they had seen the number of company fraud cases climb in the previous 12 months; the bulk of those experts attributed the rise to heavier financial pressure.”

“According to a survey published in February (2009) by British insurer RSA, 3% of adult Britons said hard economic times made committing insurance fraud more acceptable. We’re seeing that already: the number of fraudulent claims rose 17% in the U.K. last year, with commercial claims accounting for a third of their value.”

Additionally in January 2014 UK police records showed a 4 per cent rise in shoplifting and a 7 per cent rise in “theft from the person”, such as thieves snatching expensive mobile phones from passers-by. Nick Gargan, chief constable of Avon and Somerset Constabulary, told the Financial Times that police leaders were starting to talk about an “austerity bulge” in crime figures.

So an uncertain and distressed market can create a higher financial crime environment and set conditions for criminals to exploit the prevailing scenario although some of the statistics may be explainable by general social changes such as mobile usage.

What Next?

There is certainly no need to panic and in many cases it remains business as normal. Are we going to see changes and impacts – yes but the scope and scale will take some time to determine. However, it pays to be prepared and think these issues through carefully. At FINTRAIL we are able to support our clients during this uncertain period, whether enhancing risk assessments or helping structure your compliance plans in response to the Brexit decision.

Sucre Highs and Sucre Lows; Money Laundering and Virtual Currency

Sucre, the virtual trade currency set up to facilitate transactions between Venezuela, Ecuador, Cuba, Bolivia and Nicaragua, and subject to a 2014 investigation by the Ecuadorian authorities amid allegations of serious abuse and money laundering control issues, is still a relevant use case that demonstrates the importance of implementing the proper financial crime and network risk management controls to ensure that what was in essence a perfect solution to a commercial challenge is not undermined by involvement – albeit inadvert – in financial crime.

Background

Sucre, an invention of Hugo Chávez in 2010, stands for the Unified System of Regional Compensation (in Spanish) and is also the last name of the 19th century Venezuelan leader, Antonio José de Sucre y Alcalá. It is primarily a trading currency managed by a board of central bankers, which is used by importers and exporters to make and receive payments in their local currencies. As The Wall Street Journal points out, “Sucre’s appeal lies in its implicit payment guarantee…In a typical sucre transaction, a company in Ecuador sends the Venezuelan importer an invoice denominated in U.S. dollars, which is Ecuador’s national currency. The Venezuelan company then sends that invoice to the Venezuelan central bank, handing over bolívares. The Venezuelan central bank converts the bolívares to sucre and transfers the sucre to Ecuador’s central bank. There, it is converted into U.S. dollars, Ecuador’s national currency, and the exporting company receives its payments.”

Criminal opportunity

In 2014 a joint investigation between the Ecuadorian and Venezuelan authorities was launched into abuses of Sucre transactions, primarily focussed on the use of so-called “ghost companies” which over-invoiced for goods received and took advantage of favourable exchange rates, a common tactic used in money laundering. Ecuadorian newspaper El Universo and the Miami daily El Nuevo Herald reviewed and highlighted schemes involving various transactions carried out with Sucre currency. The investigation found that Sucre served as a platform for at least 60 Venezuelan companies and 30 Ecuadorian firms to carry out multi-million dollar operations involving fictitious exports and ghost companies — as well as bank accounts in Panama, the Bahamas, and Anguilla. Reporting indicates that at the time up to 5% of Sucre transactions were suspicious in nature – which FINTRAIL assess to be very high by current bank standards.

This is further compounded by allegations in the public domain that senior figures in the Ecuadorian and Venezuelan governments were privy to some of the money laundering schemes, specifically a company called Fonglocons (Global Construction Fund), which was incorporated just four days before the bilateral agreements between Venezuela and Ecuador were signed and which was created with the specific purpose of trading between the two countries. None of the allegations against Fonglocons has yet been proven, however.

On face value the potential attractiveness and vulnerability of the Sucre scheme to money launderers was clearly not fully considered in the strategy and planning mechanisms around the currency and its deployment, leaving it open to relatively easy misuse by criminal or otherwise corrupt enterprises, sullying its reputation as a reliable virtual trade currency and undermining its otherwise strong utility in markets trying to reduce their reliance on the US dollar. Appropriate network risk management through a comprehensive understanding of the threats facing a virtual currency such as Sucre and the implementation of a clear control infrastructure to mitigate particular vulnerabilities would likely have prevented such infractions.