FINTRAIL and RUSI, in partnership with Holland FinTech and bunq, are pleased to announce the launch of the Dutch FinTech FinCrime Exchange (FFE NL)!
The FFE NL is a local network connecting the Dutch fintechs to enable sharing of information and typologies, to help strengthen the sector’s ability to detect and counter the global threat of financial crime. The launch of the FFE NL also marks the FFE’s first step toward global expansion and the development of an international, interconnected network for financial crime information sharing.
The initiative leverages on the success of the FinTech FinCrime Exchange (FFE) UK and builds on its best practices, while also connecting local actors. The FFE UK is a member organisation of over 45 of the UK’s leading FinTechs, who share information and financial crime typologies and controls. The FFE network produces white papers to exchange best practice on financial crime risk and compliance mechanisms, and share experiences and inform relevant stakeholders in law enforcement, government and regulatory bodies.
The global scope of financial crime and the shared threats faced by all major FinTech hubs particularly underscore the need for the FFE NL, which will give its members not only a trusted place to exchange information, but also access to an increasingly far-reaching network of resources and perspectives.
The first FFE NL meeting will be held on 30 May in Amsterdam, designed to align with the ACAMS 14th Annual AML & Financial Crime Conference Europe.
The FFE network is currently free for members. For more information on FFE NL or to register interest in membership, please contact firstname.lastname@example.org.
The FFE was founded in January 2017 by FINTRAIL, a financial crime risk management consultancy, and the Centre for Financial Crime and Security Studies at the Royal United Services Institute (RUSI).
Due diligence - a term bandied about readily with much confidence across many different sectors - broadly accepted as a process that underpins a thorough and confident appraisal of a specific business proposition, perhaps a significant merger, acquisition or other investment. At its most effective, due diligence arms a business with the facts it needs to make confident, astute decisions. At its worst, poor due diligence muddies already murky waters and potentially guides businesses down the wrong path.
To avoid the latter outcome, it’s best to avoid an off the shelf, one-size-fits-all process and instead adopt a bespoke approach that accounts for all inherent risks associated with a particular proposition.
Venture capital (VC) investment in FinTech - a booming industry - is a case in point. VCs have to understand complex business models and cutting-edge technology to pinpoint viable investment opportunities. Armed with millions, or indeed billions - $1.8billion was raised by UK FinTechs in 2017 - and facing fierce competition from other VCs, the panoply of risks presented by startup FinTechs could appear daunting.
VCs will often feel most comfortable assessing the viability of the business model, legal and financial aspects and will engage experts to evaluate the technology. That makes perfect sense. The success of a FinTech largely hinges on a successful combination of those areas and, more often than not, those are the risks most familiar to VCs. However, other stones sometimes remain unturned..
People risk is often overlooked or considered addressed through a simple criminal background check. With the wealth of information sources now available it’s perhaps remiss not to take a closer look at those who you’re investing in. Start-up scams are not uncommon in Silicon Valley; an early 2017 Fortune article explored the sector’s “unethical underside”. Are the founders who they say they are? How accurate are CVs and other stated accomplishments - the CEO of Wkriot pleaded guilty to fraud last month. Have failed attempts to fund other start-ups been disclosed, what about other initiatives that crashed spectacularly? Are other business interests in play that conflict with those of the VC? Many a business leader and politician have fallen foul of skeletons discovered in cupboards they’d long since forgotten about.
How about the culture of the firm? Is there evidence of unethical practices in the founders’ previous businesses? What does social media tell us? The merest hint of unethical behaviour could have a huge impact on culture of the firm, which in turn could lead to corners being cut, regulations not properly adhered to and risk decisions ignored or taken well outside of risk appetite.
Thorough due diligence of a FinTech couldn’t be considered complete without a close look at how its offer might be exposed to financial crime risk. The fledgling nature of the firm will mean a full risk assessment isn’t possible, but early inspection of the proposal will allow for an early judgement to be made on the type of controls and framework needed to deliver a compliant and secure product.
An effective due diligence exercise should alert a VC or other investment firm to concerns in any of these areas. However, if risks go unflagged through neglectful or absent due diligence they hold the potential to manifest further down the line with grave consequences for the VC and other stakeholders.
FINTRAIL would be delighted to discuss structuring a bespoke due diligence process for any aspect of prospective investments. Our team have deep experience in conducting due diligence for global banks, investors and government agencies and have a wealth of cutting edge tools at our disposal.
It’s a truth universally acknowledged that cryptocurrencies have the power to create a more dynamic, mobile and accessible financial ecosystem, and the enormous potential of the underpinning distributed ledger technology (DLT) for application outside the financial sector is nowhere near being realised.
But as with most great strides in innovation, there are concerns and risks to address, understand and mitigate as early as possible. FINTRAIL has a keen interest in this fast-paced arena and is working with the UK FinTech FinCrime Exchange (FFE) to publish a white paper later this month exploring FinTech perspectives on and experiences of cryptocurrencies.
In the meantime, UK MPs are launching an inquiry into cryptocurrencies, including exploring the financial crime risks related to cryptocurrencies.
A government review of the need for cryptocurrency regulation is no surprise. The explosion of growth in the sector continues unabated. The German and French governments have called for greater regulatory coordination ahead of November’s G20 meeting. And the US Securities and Exchange Commission (SEC) has described cryptocurrency as an “across the border priority.” The UK inquiry also coincides with news that seven of the UK’s largest crypto companies have formed a self-regulatory body, CryptoUK, with the intention of promoting best practice and working with the government and regulators.
The Treasury Committee will no doubt consider the late-2017 revision of the EU 4th Anti-Money Laundering Directive (4AMLD), known as 5AMLD that delivers a definition of “virtual currencies,” which include cryptocurrencies, for all member states to adopt in AML legislation.
In addition to the definition, the 5AMLD aims to mitigate risks associated with the use of virtual currencies for terrorist financing. To do so, the 5AMLD extended the scope of “obliged entities”, which previously included financial institutions, accountants, lawyers, estate agents etc., to include cryptocurrencies and other related services such as exchanges and custodial wallet providers. This is significant as it acknowledges that cryptocurrencies and their supporting services carry the risks of money laundering and terrorist financing and that KYC policies, EDD controls and transaction monitoring are required alongside the immediate submission of suspicious activity reports to law enforcement.
While adoption of the new rules into national legislation will take time the principles of the 5AMLD and the obvious appetite from EU member states, the US and the cryptocurrency sector itself to bring about a more coordinated regulatory position, will inevitably play an important role in the deliberations of the Treasury Committee.
Regardless of the outcome of the inquiry, government scrutiny of cryptocurrency at a time when uncertainty and volatility pervade the sector is an encouraging development.
As to the 5MLD, further work is needed to ensure legislation keeps up with the high-tempo cryptocurrency risk landscape; however, for the time being, EU acknowledgement that cryptocurrency carries financial crime risk is a much-needed starting block.
 Virtual currency is not synonymous with cryptocurrency. Virtual currencies are tradable digital representations of value that are not issued by any government and don't have status as legal tender. Virtual currencies can have a central administrator (as in the case of services like WebMoney, or game-based currencies like World of Warcraft Gold); or they can be decentralised cryptocurrencies, which use cryptography to validate and confirm transactions.
Scaling up is a natural part of any FinTech’s journey. This typically involves the exciting opportunity of offering your product or services in new jurisdictions overseas. However, this growth comes with significant regulatory and practical know your customer (‘KYC’) complexity that may expose you to regulatory risk.
Here are some factors to consider when adjusting your onboarding policies and procedures to support customers from new jurisdictions:
You may think setting up in a new country just means copying and pasting your current onboarding portal into another language. Unfortunately, it’s not that simple. Some countries may have different legal entity types or have entity types that do not translate directly. There are also different types of identification numbers in some countries that are given to sole traders and businesses, so make sure to request the correct number. Be careful to ensure your initial KYC questions are clear in all languages on your websites and apps to prevent customer confusion.
UK Joint Money Laundering Steering Group (‘JMLSG’) guidance recommends asking for an individual’s name, date of birth and address. But be aware, some countries require more information! In half of the countries we’ve looked at, national identification numbers, like social security numbers, were required. Place of birth and nationality were other common identification asks in other countries. This could require several operational changes, from rewriting some of your procedures, to redoing parts on your onboarding portal.
Verification of Companies
In the UK, many FinTechs will verify the identities of legal entities against Companies House. However, there is no registry for sole traders. In other countries, it is important to check if there is a register for sole traders that should be used for verifying identities as part of KYC, as around two-thirds of countries we’ve looked at had some searchable registry of sole traders. Furthermore, other countries’ corporate registries may not be as easy to navigate as Companies House--requiring you to purchase certain documents or existing as one of multiple company registries. Third party providers should be checked to ensure they are accessing data directly from your jurisdictions’ registries. Understanding verification options for companies and sole traders is important for simplifying your operations.
In the UK, a primary government-issued photo ID includes a passport, identity card, driving license, biometric residence permit or firearms license. However, in several countries, a drivers licence is not actually considered a primary form of photo ID for compliance purposes. For secondary documentation, while a document from a bank or utility provider may be acceptable in the UK, this is not always the case in other jurisdictions.
While the 4th MLD made it a requirement for countries to have a publicly-accessible beneficial ownership registry, this is still slowly being implemented in some countries. Of the EU/EEA countries we’ve checked, a UBO register was only available a little more than half of the time. Many countries outside of the EU have shown very little progress on the issue of a publicly-accessible registry of beneficial owners. Not being able to refer to a public registry of beneficial owners may add unforeseen operational costs and considerations that should be taken into account to ensure a smooth rollout.
JMLSG clearly outlines requirements for identifying a legal entity’s directors and senior management when commencing a business relationship. However, the vast majority of countries we’ve checked do not have explicit policies around the identification of directors. Some may include directors in their definition of beneficial owners, however. This ambiguity could lead you to having to rethink your AML/CTF standard operating procedure on who to identify.
When information is not easily available to verify through eKYC or checks against a registry, you may need to request certified documentation. Be sure to know the professional bodies of accountants and solicitors in each jurisdiction you operate in order to check the status of whomever has certified your customer’s documents. This will help you avoid any operational hiccups down the line.
Expanding your business into new countries or regions is really exciting, but is not a simple or risk-free process. The amount of nuance and complexity involved in each jurisdiction highlights the need for assessing the financial crime and compliance risks posed in each jurisdiction where you plan to operate. Not only is it important to check for regulatory differences that may create operational challenges in different countries, but also to check areas for higher corruption, identity fraud, money laundering and terrorist financing risks in order to determine whether you need to rethink any parts of your KYC policy.
If you ever have any questions on or need any assistance with managing the financial crime regulatory landscape of a new country or jurisdiction, don’t hesitate to get in touch for more information.
Today we are extremely excited to announce the launch of the brand new AML for FinTech certificate launched by ACAMS!
FINTRAIL have been working in partnership with ACAMS to bring this online training course to the FinTech community. The course has been designed for FinTechs by FinTechs to give delegates the knowledge and confidence to create and implement an Anti-Financial Crime plan for their organisation.
Anti-Financial Crime (AFC) regulatory obligations that apply to FinTechs
The types of financial crime risks faced by FinTechs
Key components of a FinTech AFC control framework
Real-life case studies illustrating the risks and countermeasures applied
The first class starts on 21 February 2018 and will be run a number of times over the coming months. You can register to attend the certificate by visiting the ACAMS website via the button below.
Dealing with a financial crime crisis - whether that be a backlog of suspicious reporting that has built up, facing de-risking by a partner or finding out that a sanctions process has been working ineffectively - can be an especially stressful time for clients, particularly if the issues could lead to regulatory intervention, potential losses or the restriction of banking or payments facilities.
This is not to mention the obvious and negative impacts that such a crisis can have on customer trust and the potential reputational impact; in many cases, it can be a matter of survival for the business and brand, where trust is hard won but so easily lost.
So, we wanted to share some insight on how our team approaches these tasks to help readers be better prepared and have a head-start if you find yourself in the position of crisis managing a response to financial crime issues.
Understand the nature of the problem. This sounds like an obvious place to start but it is absolutely critical to everything that follows. If you do not genuinely understand the root cause of the issue your are facing, it makes it very difficult to put in place a response that is effective and proportionate. So for example, if you are dealing with a significant up-tick in fraud or failings in AML or sanctions controls, you need to efficiently and effectively understand the nature of the problem so you can identify the core contributing factors and develop a proportionate response.
Develop a considered plan of action. Once you have identified the root cause/s of an issue, you need to ensure that you develop a response plan that is action focused and targeted on addressing those specific items as well as factoring in any linked or dependency tasks. For example, it is pointless implementing a new tool or process unless you train those involved in using the tool, otherwise you may just make things worse by increasing operational risk. It is worth bearing in mind that you must be able to demonstrate to your stakeholders that tangible action has been undertaken.
Mobilise effectively. This covers not only how you engage the services of and mobilise external parties but also those internal stakeholders or your support network. This is a careful balancing-act against the needs of normal daily business. Depending on the nature of the issue, segregating resources to focus on the crisis can be most effective. Our view of mobilisation is making sure all those involved very clearly understand the issues at hand and are aligned to the common goal of solving the problem, and that those involved have the commensurate level of accountability and authorisation from senior management. This is no time for egoes or political wranglings.
Ensure transparency. We often get asked ‘what should we say to our bank partner’ or similar. Our advice is always the same and that is you should be transparent. In a crisis scenario, you are aiming to maintain the trust you have built with all your stakeholders and transparency and openness are key values underpinning trust. We can confidently tell you from experience that one of the fastest ways to make a difficult situation even worse is by developing an opaque strategy with your partners - when they find out, trust goes out of the window, making the situation far worse. Instead, communicating the issue, along with regular situation reports and plans for resolution will really help to continue the trust you’ve worked so hard to earn.
Accurate and effective communication. This needs to focus on the communication intra-team but also the flow of information to wider internal and external stakeholders. In our view there is a big difference between communicating and communicating effectively. We define effective communication as ensuring the content is received, understood and a behaviour influenced, i.e. action is taken. Accuracy in communication and information is important in a crisis scenario and at times is an area that can suffer from the impact of stress. There are times when a 70% solution on time is going to be better than 90% that is late but accuracy becomes really important when you start to communicate with stakeholders, especially those externally. Accurate and simple communication (underpinned by high quality and accurate information) creates a sense of confidence that the situation is in-hand and under control.
Continuous Evaluation. Once you have expended effort developing a response to the issue or crisis and have started to execute, it is vital to constantly evaluate progress and impact. Has anything changed? If it has, what are you going to do about it, how and when? The re-evaluation should be ongoing but it is also a critical process once you get to a point you have achieved your objectives and exited the crisis management situation. A wash-up and/or de-brief is a vital activity as it captures lessons learned and facilitates organisational learning.
The FINTRAIL team has developed deep expertise supporting international banks, FinTech, payments and regulated sectors in response to financial crime or regulatory crisis scenarios, drawing on our capabilities across financial intelligence & investigations, compliance advisory, technology, legal and communications. Our multidisciplinary response team can mobilise rapidly in support of a client crisis, providing executive level guidance and peace-of-mind while also delivering operational impact, all backed up by a support network and follow-on technical capacity as required.
Fintechs have been ahead of the curve in understanding certain criminal typologies thanks to the holistic and data centric approach they often take to tackling financial crime. However, there has been little focus on tax fraud as a criminal enterprise and how that may effect the Fintech community.
With the recent release of the Paradise Papers and Panama Papers, tax evasion and tax avoidance are back under public debate as governments and individuals ponder how best to ensure that everyone pays the taxes they owe. The data leaked by the Paradise and Panama Papers put into the spotlight the blurred lines between tax avoidance and tax evasion, which are often facilitated using the same complex mechanisms and can confuse our understanding of what is acceptable tax reduction and what is not. This has put international governments under pressure to address the growing consensus that tax avoidance and the exploitation of tax loopholes has gone too far.
For the Fintech sector, this means that in the near-to-medium future, our understanding of tax fraud and tax evasion could fundamentally shift. To stay ahead of the curve, we therefore have to ask ourselves: how does tax fraud affect Fintechs and what are our responsibilities in combatting it?
One of the major confusions around tax fraud, tax evasion and tax avoidance is the definitions used. So, here are some definitions to help us clarify the issue at hand:
Tax Avoidance: tax avoidance is reducing one’s tax burden within the letter of the law (but often not within the spirit of the law). Examples include tax deductions or establishing an offshore company or trust in a tax haven to reduce tax liability.
Tax Fraud: tax fraud, according to HMRC, is illegally avoiding paying taxes. It is made up of three components—tax evasion, criminal attacks and participation in the hidden economy.
Tax Evasion: tax evasion is one type of tax fraud concerning individuals or businesses who intentionally misreport information to reduce their tax liabilities.
In terms of regulation, tax fraud has never received the attention given to sexier crimes such as money laundering or terrorist financing. However, this is beginning to change. At the end of September 2017, the Criminal Finances Act came into force in the UK, which made companies more liable for failing to prevent tax evasion, including facilitating the evasion of UK taxes by international entities and facilitating the evasion of foreign taxes by UK entities. The best way for Fintech companies to avoid liability is through robust risk management and a strong compliance programme.
Not only are Fintechs more liable for tax fraud than before, but the problem of tax fraud is growing. The current gap between taxes owed and taxes due is £34 billion, half of which is due to tax fraud.
There are several ways that tax fraud can touch the Fintech sector, including:
Using Fintech products to collect bogus tax refunds or to facilitate tax fraud.
Using Fintech products to process funds derived from the hidden economy.
Using Fintech products to mask the origin of funds
So what can Fintechs do to protect themselves and reduce the negative social impact of tax fraud? Here are our recommendations:
1. File SARs in a timely fashion. A quarter of all HMRC tax investigations are stimulated by SARs, so filing these properly is critical in the fight against tax fraud. You can also contact HMRC direct via the link here.
2. Ensure robust onboarding and KYC policies to a) decrease the anonymity of the product and b) avoid liability in tax fraud cases.
3. Impose reasonable transaction limits and limits on the number of accounts held in order to decrease the attractiveness of the product to tax fraudsters. Keep these limits under constant review based on changing typologies.
4. Monitor relationships in an ongoing fashion and watch out for red flags such as
Suspiciously large transactions sent for ‘expenses’
Spending that does not reflect expected income
Unexplained payments into customer accounts from sources linked to work or employment
Multiple tax refunds coming into one account
Multiple transfers to financial institutions in high-risk tax jurisdictions
If you would like to discuss tax fraud further and learn about how FINTRAIL can help identify and combat tax fraud typologies, please do not hesitate to get in touch.
The global, connected web of financial criminality is difficult to unpick. However, investigations over the past few years have shed light on the few, yet critically important bad apples amongst the network of financial institutions that enable this web to go un-checked. While many of these simply may lack the adequate controls to tackle money laundering or terrorist financing, other financial institutions have taken a much more direct role in criminal activity. The use of financial intelligence and investigation techniques present an opportunity for the regulated sectors to disrupt criminality at scale and efficiently. As such we are excited to announce the appointment of Nick Herrod as head of our Financial Intelligence and Investigations practice, who will help us drive solutions for clients that continue to deliver impact.
During a recent event hosted by Thomson Reuters, OCCRP Executive Director Paul Radu was asked how the international community should tackle the global and seemingly untouchable scourge of financial crime. His response was telling — go after the financial institutions, big or small, that facilitate the criminal activity. This is an interesting strategy to take, and targeting the institutions facilitating criminal activity presents an opportunity to disrupt criminality on a wholesale basis. The team at FINTRAIL decided to examine this subject in more detail, yielding some interesting results. Through our research we have found that one of the most significant red flags when it comes to these types of institutions (and counterparty risk) is the influence of high risk individuals/PEPs within the ownership structure. To better understand this, two public case studies are detailed below—the Global Laundromat and the BGFIBank Democratic Republic of Congo (DRC)/Hezbollah connection. It is evident that the links between financial institutions and owners more susceptible to criminal motivations can affect the robustness of an institution’s compliance regime and undermine industry efforts to counter financial crime. Taking an intelligence-led approach and exploiting a range of data sources allows us to highlight additional red flags and begin targeting the key nodes and facilitators of this volume criminal activity.
The Global (Russian) Laundromat: This laundromat, exposed by the OCCRP three years ago, funnelled more than $20.8 billion from Russia into Europe. OCCRP reports show that it involved approximately 500 people, from oligarchs to FSB-affiliated individuals.
Igor Putin, cousin to current Russian President Vladimir Putin was a manager and executive board member for the Russian Land Bank (RZB), an institution whose accounts reportedly processed more than $9.7 billion, or nearly half of the total funds involved in the laundromat case. Funds were sent from RZB to Moldindconbank in Moldova, where they were then sent to Trasta Komercbanka in Latvia and from there to the rest of Europe. The OCCRP adds that Igor Putin was brought into RZB initially by Alexander Grigoriev, who allegedly has ties to the FSB and whom the Guardian identified as one of the main ringleaders of the Laundromat. Grigoriev headed the RZB during the laundromat’s operation until the time of his arrest. Putin and Grigoriev were also connected through other companies where Putin was a board member and Grigoriev a shareholder. Putin left the RZB board in 2014 contending he left after becoming aware of ‘the real situation.’
BGFIBank DRC and Hezbollah: According to a recent Sentry report, BGFIBank DRC, run by the brother and sister of the president of the DRC, Joseph Kabila, reportedly allowed transactions from companies connected to a known financial contributor to Hezbollah: Kasim Tajideen. Tajideen, and his brothers Ali and Husayn, were subject to US sanctions, as were entities under their control. Despite this, and despite warnings from BGFIBank DRC employees, the financial ties between the bank and the sanctioned parties reportedly remained intact. Subsidiaries of Ovlas Trading, owned by Kassim Tajideen, would make transfers through BGFIBank DRC to subsidiaries of Congo Futur, managed by Kassim’s non-sanctioned brother, Ahmed Tajideen. Both Ovlas Trading and Congo Futur are under US sanctions, though Ahmed is not. Despite employee awareness of the risks involved, transactions from the sanctioned entities were allowed to continue, and BGFIBank DRC even went as far as to request the US Treasury unblock a transaction involving one of Tajideen’s companies and another bank. BGFIBank DRC had previously been alleged of diverting millions of dollars in public funds, further calling in to question the AML/CTF regime of BGFIBank DRC and the role the bank’s leadership played in the activity.
These two sample cases demonstrate how financial institution ownership from individuals more susceptible to criminal motivations can encourage complicity or active participation in criminal networks facilitating financial crime. In both, banks with ties to PEPs and high-risk individuals allowed significant cash flows to be laundered and used for criminal purposes. Though only two cases are discussed here, the findings still show how the use of financial crime intelligence and investigations can be utilised to go beyond the basic information generated by many static compliance controls, help better the understanding of evolving typologies and surface new opportunities to counter the capricious threat of financial crime.
At FINTRAIL we have seen an unprecedented level of interest in the financial intelligence and investigation capabilities we offer to our financial service clients, from start-ups to established firms. As such, Nick’s arrival to lead FINTRAIL’s Financial Intelligence and Investigations practice could not be more timely. Nick brings an exceptional pedigree to the experienced team at FINTRAIL after completing a range of public and private sector roles, culminating in his position as the Head of Global Intelligence Team within HSBC’s Financial Intelligence Unit where he was responsible for overseeing a significant portfolio of investigations that focused predominately on large, multi-jurisdictional networks facilitating illicit financial activity. Nick will continue to build on FINTRAIL’s strategy in this area, understanding the needs of our clients of all sizes and ensuring that we are delivering a suite of capabilities and solutions to help our clients mitigate the negative impacts of financial crime.
Human trafficking has sadly become a widespread and global issue; from the woman forced into prostitution and kept locked up in a house, to the man working on a construction site, stripped of his documents and any salary taken from him. Every 30 seconds, the criminal industry of human trafficking makes more than $30,000; bringing in approximately $32 billion a year.
In the world of financial crime, human trafficking is a predicate offence (the criminal activity and the proceeds money laundering), the revenues of which may touch financial services as the profits are laundered. Financial services may also be used to facilitate these offences, providing the ability to pay subsistence for accommodation, book flights for a trafficked person and other activities traffickers rely on. As the awareness of human trafficking increases and pressure is applied to the criminals that make huge sums from the exploitation of others, the criminals may be forced to look at alternative financial arrangements or exploit new technologies to their advantage.
There are numerous behavioural patterns characterising the organised crime groups involved. Having analysed the most often occurring subtleties, it is evident that tools such as the Internet and other communication devices are utilised expansively. The most intimidating organised crime groups are mainly those capable of governing the entire course of trafficking, from the recruitment of victims to the reinvestment of the criminal proceeds.
Through our industry engagement, FINTRAIL has seen an increase in Fintechs’ awareness of the fight against human trafficking and subsequently, human trafficking was the subject of the October 2017 FinTech Financial Crime Exchange (FFE). Members presented case studies and industry experts provided insights on the changing nature of the threat and industry initiatives to tackle the problem. Many of the FFE members were able to give examples of cases where they had detected indicators of financial crime involving human trafficking or exploitation, demonstrating this is not only an issue that impacts large financial institutions but may also directly impact the Fintech industry. In fact, some of the features common to modern Fintech such as non-face-to-face onboarding and ease of account management/overview may make it potentially attractive to those involved in trafficking and exploitation. As a result, Fintechs are conducting enhanced Know Your Customer (KYC) checks and are scrutinizing onboarding documentation in an attempt to combat human trafficking.
The FFE session identified specific typologies that may be relevant in a Fintech environment and what mitigations and actions industry may be able to apply. Some basic example indicators or red flags are detailed below:
- Customers taking selfies or completing onboarding checks, appear to be under control of someone else. This may appear as someone in close proximity as the images are being taken or controlling what is done or said.
- A customer may not be in possession of their own legal documents and may add unreasonable delay while they get them from someone else.
- Recurring payments being made from one account to multiple accounts for wages at unreasonably low amounts.
- Multiple point-of-sale transactions at car rental agencies, airline ticket purchases and train ticket purchases with no subsequent spend in that destination.
- High expenditure payments at fast food outlets, supermarket outlets, clothing stores, drug stores etc.
The FFE and its members will continue to focus on human trafficking and its negative impact on society and implications for financial services. In addition, FINTRAIL will track the evolution of financial crime typologies associated with human trafficking in order to identify any shift by those criminals to target financial services as a tool to further their illicit and damaging behaviours.
If you would like to discuss human trafficking further, learn more about the FFE and how FINTRAIL can help your organisation identify and combat human trafficking get in touch.
On 17 October 2017 Thomson Reuters held the first in a series of events on Financial Crime. This event explored the recent investigations conducted by the team at the Organised Crime & Corruption Reporting Project (OCCRP) into the global laundromats. The brave and fascinating work by the team at OCCRP exposed the complex and globally connected money laundering networks that via a web of hundreds of companies and associated financial institutions have laundered over $20 billion.
Although the laundromats are money laundering on a huge and global scale, and it may seem like a problem only big financial institutions may have to deal with, OCCRP Executive Director Paul Radu stated that every laundromat case he’s worked on has involved myriad UK companies. This means the issue is right here on our UK doorstep.
Although money laundering through complex laundromats can seem like a victimless crime, they are in fact part of networks taking huge sums via corruption of national pensions, financing groups involved in serious organised crime like human trafficking, funding terrorist organisations, and destroying lives.
So what does this mean for the FinTech community? There is real excitement about the commercial opportunities for challengers in the business and commercial customer segments and this is very much true, but this segment also brings with it a very different set of financial crime risks that really need to be understood and factored in to an effective and proportionate financial crime risk management framework. When you consider the factors that may impact on financial crime risk, the customer type (i.e. complex corporate ownerships), geographies (i.e dealing with suppliers/customers across a range of geographies), product type (i.e. high value transactions or products) and channel (i.e. often in a FinTech this is non face-to-face), can all have a material impact on the potential risks a FinTech targeting this segment may face.
So what can FinTechs targeting these new and exciting customer segments do to assist in the fight against these laundromats, comply with applicable regulations and do their bit to reduce money laundering? We have provided a few helpful hints below:
- Ensure you have a financial crime risk assessment that accurately reflects your unique circumstances. All companies and products will have their own unique factors to be considered and may impact on your risk profile. In many cases, it is not only a regulatory requirement to have a risk assessment but it is also a hugely powerful tool to help you define and navigate your compliance and risk frameworks.
- Understand your customers. Just because you are targeting customers who may be registered in the UK or other equally regulated markets, it does not mean they may not get involved in illicit activity. This goes beyond basic identification of your customers to ensure you understand the nature of your customer’s business and how they intend to use your product/s. Without that knowledge, it becomes very difficult to monitor effectively and can/will cause negative customer experience in the long-term.
- Understand the typologies and red flags that you and your team should be looking for. By staying current on evolving typologies allows you to keep pace or even out-pace the criminals and reduces the long term negative impacts criminals may have on your business.
Paul Radu said at the event "it takes a network to fight a network" and although he was referring to an international network of the likes of law enforcement and financial institutions working together to tackle it, the growth of alternative financial services further diversifies the pool. The FinTech FinCrime Exchange (FFE) is one such network, where FinTechs come together to effectively collaborate and combat financial crime such as money laundering.
If you would like to discuss money laundering, or any of the topics raised in this post please don’t hesitate to contact the team at FINTRAIL.
On 14 November 2017 FINTRAIL in collaboration with the the Central Bank of Malta will be delivering a workshop to invited guests from 25 Maltese banks focused on "Building Resilience To The De-Risking Agenda".
In recent years, there has been a gradual decline of intra-bank relationships with many economies throughout the world experiencing a decline in correspondent-banking services. The de-risking agenda of banks providing correspondent banking services is of concern. Surveys, reports and studies from the World Bank, the IMF, the Financial Stability Board and other various research organisations indicate that this is a problem affecting a number of countries and numerous banks.
While there is much public debate about the strategic implications of and solutions to de-risking, there has been little in the way of advice at the practitioner level as to how bankers across the first and second line of defence can respond to this threat.
Leveraging FINTRAIL's unique expertise in correspondent banking and financial crime compliance, this interactive workshop provides key individuals with the knowledge and confidence required to confront the issue of de-risking, establish a robust risk-based approach to financial crime compliance and build trust across key stakeholders including regulators, foreign correspondents and customers.
For the last nine months FINTRAIL has been working with the awesome team at the Antwerp World Diamond Centre (AWDC) who represent 1700 Antwerp based diamond traders, to address some of the challenges their members and industry as a whole are having with access to viable bank accounts. The issues they've been having are due to the perceived high financial crime risk within the diamond industry and the associated bank de-risking phenomenon.
The short video below highlights one of the exciting developments coming from our work with AWDC and is a great example of where Financial Technology (FinTech) and Regulatory Technology (RegTech) can combine to offer solutions to some really complex challenges for traditional and non-traditional financial services. Our focus has been on how we can re-affirm trust across all stakeholders and ensure there is a sustainable and commercially viable solution for all parties.
FINTRAIL is very excited to announce the release of a new white paper by the FinTech Financial Crime Exchange (FFE), a FinTech industry forum we co-founded in January with the Centre for Financial Crime and Security Studies (CFCS) at RUSI, a London-based defence and security think tank.
All too often, discussions about FinTech and money laundering risk are greatly oversimplified. Much of the discussion starts from a blanket assumption that new technologies will inevitably make life easier for money launderers, and that FinTech companies are therefore uniformly “high risk.”
One downside to this perception is that FinTechs have been subject to “derisking” – or losing access to vital banking services because the risks associated with FinTechs are perceived as very high.
As this new white paper shows, labelling the entire FinTech sector as “high risk” for money laundering purposes is unhelpful and oversimplifies the true picture.
After all, the FinTech sector is an incredibly diverse one. It features prepaid cards, peer-to-peer lenders, service aggregators, payment service providers, and a host of other products and services with very different features. The way money laundering risks appear from one FinTech to another is as diverse as the sector itself – and the picture is not always one of just “high risks.”
There’s certainly little reason to think that all FinTechs are necessarily higher risk than banks or other types of financial institutions when it comes to money laundering.
For example, while some FinTech products can be used for “money mule” or “smurfing” activity, they’re usually not very useful for high-end money laundering, or the laundering of the proceeds of crimes like major tax evasion or international corruption that feature in scandals such as the Panama Papers or the recent Laundromat cases.
It’s important that this nuance is understood, so that FinTechs aren’t all stigmatised as “high risk” where it isn’t warranted.
As the paper points out, because FinTechs often only see a limited piece of a much larger financial puzzle, establishing an intelligence picture of money laundering activity across the sector can be a huge challenge. Coming to a true understanding of the nature of risks across the sector requires further detailed study - and the FFE intends to do just that through its future meetings and research.
In addition to describing this overarching picture, the paper also provides recommendations for various stakeholders.
· FinTechs should work to clarify the true picture of money laundering risk they face, and demonstrate that they are building resiliency against those risks.
· Countries’ financial intelligence units and law enforcement agencies should share information with FinTechs on criminal typologies.
· Regulators should provide detailed guidance that is relevant to sub-sectors of the FinTech community.
· International organisations like the Financial Action Task Force can help build an understanding of the picture globally.
To find out more about the FFE, contact email@example.com
It seems that everyone is talking about Artificial Intelligence (AI) at the moment: whether it’s Elon Musk and Mark Zuckerberg disagreeing publicly on the doomsday type scenarios that AI might bring , or banks predicting AI to be the primary way in which they interact with customers in the future , there’s wide-ranging interest in what AI can do for society as a whole, companies and individuals. But, to be clear, and before going further, what exactly is the difference between Machine Learning and AI, or is there indeed a difference? The clearest explanation we’ve seen goes something like this:
· Artificial Intelligence – this is the high level concept that machines can do something in a way that we, as humans, would consider “smart”
· Machine Learning - is a current application of AI based around the idea that we should really just be able to give machines access to data and let them learn for themselves . (Thanks Forbes!)
Similarly, in the financial crime space, numerous articles exist about how AI and Machine Learning can help to combat illegal activity in banking and beyond .
At FINTRAIL, we believe that AI and Machine Learning have huge potential to deliver great results in the financial crime space. Whether it’s AI helping investigators to detect previously unknown connections between entities and typologies, or Machine Learning helping refine transaction-monitoring rules by different customer sets and behaviour, the benefits for companies and their customers are huge. Imagine for a moment that your bank could tell whether purchases made at a high-end online retailer at midnight just after you received a bonus cheque were genuine or fraudulent, based on your previous behaviour in a similar scenario. Great, right? No annoying text messages, or blocked transactions if it were genuine, and peace of mind that that kind of transaction would be blocked if it were fraudulent, and you didn’t actually have a compulsive online shopping habit (ahem).
But, as with anything new and relatively untested, there are pitfalls. One of the key ones is making sure that any Machine Learning models start off with relevant data, such that they can begin the learning process appropriately, and you don’t program in algorithmic bias. Typically – and let’s take the case of a Machine Learning engine for transaction monitoring - this is relatively easy to build: you have a known scenario, which is fed into the engine for it to learn and refine over time as the transactional data is processed and fed into it. However, this can be tricky in financial crime situations, as ideally you don’t want any money laundering or bribery (for example) to go through your system before you work out what the scenario or relevant data for the Machine Learning engine is.
So, how do we address this? Well, something we are passionate about at FINTRAIL is making sure that firms have a thorough risk assessment; truly understanding your business model and the ways in which criminals might seek to exploit it will help to build the best scenarios for any future financial crime Machine Learning engine. These can then be used to create the baseline relevant data that goes into the Machine Learning engine, such that it can start to learn behaviours. Examples here might include understanding your typical customer profile, such that you can build a Machine Learning model to automatically categorise them by risk profile, or Machine Learning models that take into account transactional behaviour and a range identifying particulars to reduce sanction re-screening hits.
Another tactic we’ve seen is to combine more traditional models with Machine Learning. Again, in the transaction monitoring space, combining a rules-based approach with Machine Learning is a great way of teaching the engine to learn, and giving good baseline scenarios that it can work from.
So, all in all, we’re on Mark Zuckerberg’s side of this particular argument – we think AI has great potential, but that it, and Machine Learning in particular, needs strong data to support it, and as with humans, the right conditions to succeed.
Image Courtesy: Saad Faruque, Flickr (Creative Commons)
FINTRAIL has recently launched its Financial Crime Intelligence and Investigations practice, something we’re really excited and passionate about. We believe that intelligence and investigation form critical and complementary parts of any robust financial crime risk management program. Before we explain why that is, we’ll kick off with a couple of definitions:
Intelligence: This is information about an event that you receive in advance of it happening. Examples from history include the intelligence gathering (on both sides) about troop movements in the Second World War. Examples in financial crime include receiving information from an issuing bank about an account that is purportedly connected to fraudulent transactions in another account.
Investigation: This is the process that takes place after an event occurs, and usually tries to figure out what went wrong or what is going on once a credible threat has been identified. So, following a terrorist attack, for instance, the police will launch an investigation to try to understand as much about the attacker’s background as possible, and exactly what happened to support any formal judicial or enquiry process.
Although we’ve separated out the two concepts theoretically, they are intrinsically linked with each feeding the other. To use another example, a firm might look at new typologies that criminals are developing to commit fraud, and proactively add new rulesets to transaction monitoring to detect similar behaviour before the fraud takes place. This process will flag a number of customers, some of whose accounts will need to be closed or who may be vulnerable. It might also flag other accounts with suspicious behaviour, but which appear to display a different typology. These accounts can be individually investigated, but if there are enough of theme, there may be sufficient information to identify a new typology (intelligence), and therefore a new set of rules stemming from the new activity observed - it’s a cyclical process!
So, what is FINTRAIL doing in this space? Well, we’re bringing together the leading technology and new data, along with our expertise (if you look at our Team page, you’ll see we’ve all been doing this kind of work for years!) to provide intelligence and investigations expertise as an outsourced service. In start-ups, this can help keep small financial crime teams lean while still having access to the best capabilities in this area and removing the more complex work around intelligence and investigations from the fast-paced environment of a start-up. And for more established firms, this provides access to the latest technology, and can help with resourcing challenges on a long or short-term basis. We hone in on customer protection and solid recommendations for system, rule or other structural improvements on the basis of our findings; and this is why intelligence and investigations are such a crucial part of any financial crime risk management framework, as it actively helps to inform and improve existing systems and processes, keeping them up-to-date, proactive and targeted at the most serious threats.
The team at FINTRAIL is really excited to have worked with UK FinTech Financial Crime Exchange (FFE) members to produce this White Paper. An extract and the full paper are below.
Financial technology companies (fintechs) leverage online and mobile applications to offer new financial services with efficient and cost-effective customer experience. However, the non-face-to-face (non-f2f) nature of fintech businesses poses risks that fraudsters or other criminals may seek to exploit these remote platforms and related products.
Robust customer due diligence (CDD) is one element of an overall risk management architecture that can mitigate these threats. Fintechs are uniquely suited to harness and develop innovative CDD approaches, owing to their dynamic business models and comfort in using technological solutions. This white paper describes examples of best practice in CDD among members of the FinTech Financial Crime Exchange (FFE), offering practical insight for fintech companies and other stakeholders – such as banks and regulators – seeking to better understand the industry. It provides examples of how fintechs are utilising innovative CDD approaches to manage risks while also enabling a high-quality customer experience. For example:
• Fintechs are leveraging numerous data points and employing innovative analytical approaches to enable a dynamic and holistic view of customer risk.
• This includes the use of facial recognition techniques, interactive user interfaces, innovative document scanning and analysis, Internet Protocol (IP) geolocation, predictive analytics and machine learning.
• These solutions can enable fintechs to employ a genuinely risk-based approach to CDD as their customer base and service offerings evolve.
This paper also assesses areas where fintechs can benefit from further development and exploration. For example:
• Fintechs should carefully consider the appropriate balance of in-house and third party solutions for their business model.
• Fintechs must be prepared to conduct thorough and formal assurance testing of both in-house and third-party solutions and outsourced services.
• As they scale, it is important that fintechs have in place adequate governance arrangements to manage risks that come with changes to their CDD systems and controls.
In January 2017 FINTRAIL (www.fintrail.co.uk) and the Royal United Services Institute (RUSI) (www.rusi.org) launched the UK FinTech Financial Crime Exchange (FFE). The FFE brings together 17 of the UK’s leading Financial Technology (FinTech) firms who have agreed to collaborate, by sharing best practice and pooling information on financial crime typologies in order to protect their customers and strengthen their sector’s ability to detect and counter the global threat of financial crime, including money laundering, terrorist financing, bribery and corruption, tax evasion and market manipulation.
The UK FinTech sector is at the forefront of the global FinTech revolution, accounting for a total of £783m investment in 2016. This coincides with a growth in the risk of financial crime driven by the expansion of digital channels and the increasingly interconnected nature of global finance and business.
As the UK continues to lead the global FinTech revolution, UK FFE members are taking a proactive and robust stance against financial crime and the negative impact it can have on customers, communities and the financial services industry. Through collaboration members are sharing information on typologies and leveraging advanced technology to deter, prevent and detect criminality.
“The FFE gives senior management a forum to share industry knowledge, and gain an understanding of best practices specifically relating to Fintechs.”
James Nurse – Head of Fraud and Payments, Pockit
“Our company's core value is collaboration. Thanks to the FFE and participating members, we have been able to share and learn from industry leaders. This, ultimately, will lead to a more secure sector.”
Merlin Gore – Head Engineer, Bud
“At Ozan.com, we’ve developed innovative and dynamic financial crime tools to keep our customers safe. The FFE’s network of fintech industry experts provides insights enabling us to continually improve our risk management products to continually mitigate fraud and other criminal behaviour.”
Ozan Ozerk – Co-Founder, Ozan.com
“Fintech businesses are using tech solutions to address today’s problems. We use AI and Machine Learning in our day-to-day business, ensuring UK businesses receive meaningful working capital quickly which they need to grow. In this endeavour, we must also have the capabilities to tackle financial crime. We look forward to collaborating with FFE members to ensure high standards and to secure the industry’s defences.”
Anil Stocker, CEO and co-founder, Marketinvoice
“The FFE helps Monzo share knowledge and get a better understanding of financial crime across the industry as part of our mission to build the best current account in the world”
Natasha Vernier, Monzo
“As an online mortgage lending and investment platform we deal with customer finances and data every day, so security is at the heart of our online systems and processes. Forums like the FFE are invaluable to ensure that as an industry we share our experiences and solutions in the rapidly evolving fintech space so that together, we can keep our customers safe.”
Julian Cork, Chief Operating Officer, Landbay
For any enquiries on the FFE please contact Rebecca.firstname.lastname@example.org
On 21 April 2017 FINTRAIL co-founder Robert Evans joined Samantha Sheen from ACAMS and Laurence Twelvetrees from Revolut to deliver an interactive educational webinar on FinTech and financial crime risk within innovate business. With an average audience of over 1150 attendees from over 80 countries, it demonstrates the ongoing interest in the rapidly developing world of FinTech and disruptive financial services.
The session focused on three training objectives:
Gaining a clear understanding of the risk profiles of innovative business firms and their risk characteristics as they relate to financial crime
Obtaining greater awareness about the steps taken by these types of businesses to mitigate the risk of their possible misuse in order to launder the proceeds of crime
Developing a wider comprehension about the information that should be sought and understood in order to undertake an appropriate and accurate risk assessment of these types of business relationships