USA

Into the Tigers Den

*WARNING - Tiger King Spoilers Ahead*


Hey all you cool cats and kittens,

Most people reading this have probably seen or at least heard of the hit Netflix show, Tiger King, with its outstanding viewership of 34.3 million within its first 10 days of release. At first glance, the docuseries looks to focus on the captivity of big cats in the US; however the involvement of Joe Exotic soon pivots the focus to his love-life, rivalry with the owner of a non-profit animal sanctuary, Carole Baskin, and ultimately to the murder-for-hire plot of said sanctuary owner for which Joe Exotic is currently serving 22 years in prison. A $1 million lawsuit with Carole Baskin’s Big Cat Rescue Group is also ongoing. 


Whilst watching the captivating series, we at FINTRAIL noticed a reoccuring theme outside of big cats and cowboy boots. Financial crime. Episode after episode, it became evident that owning a roadside zoo in America comes with its own ecosystem of problems and characters, lots of whom have had their fair share of interactions with the law. This gave us an idea - let's set up our own big cat park ourselves! In this blog post we use Tiger King as a reference point, and walk you through how to set up your own zoo step by step, and ensure that the zoo and your activities can stay clear of the law.  Of course, this isn’t actually our goal. We’re aiming here to highlight how easy it is to do this, and the grey areas in the current US system. We take a look at:

  • The ease of obtaining a permit for a roadside zoo, making it a prime target for exploitation

  • The complex ownership structure hinted at in the Tiger King that could be used to hide beneficial ownership

  • How the trafficking of big cats can be used as part of a wider money laundering operation


Joe may seem exotic himself but some of the themes and activities highlighted on the show are a sad reality, and are an open door for criminal exploitation.


License to own big cats, but not buy or breed them. But obviously there are ways to get round this...

The first step of this process is to apply for a government permit which will allow you to own a roadside zoo to show off your cats. Luckily, in many states in the US this is easy to do. 

If you claim to be displaying the animals as an ‘exhibitor’, you can easily obtain a licence from the United States Department of Agriculture (USDA) for as little as $40. As a criminal looking to exploit any system available for financial gain, this is a prime opportunity to use a cash heavy business to launder profits through:

  • purchasing exotic animals with funds gained illegally

  • faking the sale of exotic animals to justify the transfer of funds

  • inflating the number of visitors to account for the increase of funds on the accounts

  • inflating construction costs for the park itself

  • inflating costs of upkeep for the animals and park


When applying, not much is asked about the applicant; as long as you have a social security number, you are eligible to exhibit big cats. Multiple previous convictions? Not a problem. Jeff Lowe and Mario Tabraue had convictions, including jail time, but this did not raise any red flags when submitting their applications. Surely, in a trade such as exotic animals where there are easy ways to make illegal profit, deeper checks into applicants should be crucial. It seems like the USDA just want to check you can pay them, rather than recognising the risk that is created by this lax entry criteria. 


Joe who?

Whilst there is nothing illicit or illegal about changing your name, it can make tracing ownership and finding records and media related to a person more difficult than for someone who has had one, or maybe two, registered names. The first thing to note about Joe Exotic is the multitude of names which he goes by. In court documents he is often referenced by upwards of five different names. Joe has been married three times, and has changed his name each time, sometimes making a double-barrelled name. He also has his ‘stage name’ of Joe Exotic, which he uses in everyday life. Information such as previous names, or aliases that an individual goes by can be crucial when assessing what risk an individual may pose. For example, adverse media checks conducted on only one of Joe’s many names may yield very different results compared to a search on a different alias. 

Old zoo, new zoo

When trying to hide assets, or even evade taxes, you may consider shutting down an existing business, and opening a completely new and fresh one. All the assets of the old business can be moved to the new business, however they are now under a separate legal entity, and in the case of tax evasion that business is unlikely to have any taxable profits. 

In legal records from the case between Joe Exotic and Big Cat Rescue, we found some interesting narration around the creation of a ‘new zoo’, and dissolution of the ‘old zoo’. The G.W. Exotic Animal Memorial Foundation, referenced as the ‘old zoo’, was created in 1999 by Joe Exotic and his parents, Shirley and Francis Schreibvogel. Shortly after the lawsuit in 2013 involving Carole Baskin and the $1 million judgement, a request was made to the Oklahoma Secretary of State by John Finlay (the old zoo’s vice president/director, and Joe Exotic’s husband at the time), to request a reservation of the name “The Garold Wayne Interactive Zoological Foundation", and a day later The Garold Wayne Interactive Zoological Foundation (‘new zoo’) was incorporated. The incorporation of the new zoo was paid for using the funds of the old zoo, the old zoo was then dissolved, and within this dissolution assets including vendor accounts and the gift shop inventory were transferred to the new zoo. However, the new zoo did not assume any of the old zoo’s liabilities. 

On paper, the two companies are different. Different names, possibly different ownership/management hierarchy structures - however it is clear to see that these two companies are intended to do the same thing, benefit the same parties, and ultimately have been created to hide, disguise, and try to put assets out of reach. This is an age old trick, and not one unique to the big cat or roadside zoo industry. As a result, law enforcement and the courts are well aware of this tactic. The court case recognised the new company was just being used as a vehicle to move and hide assets, and ordered the newly created Garold Wayne Interactive Zoological Foundation to also be held accountable for the $1million judgement in the lawsuit. If you are trying to hide your assets, it would be wise not to try this while in the middle of a court case when you are already under scrutiny of the courts. 

Keeping it in the family, and under the radar

Ultimate beneficial ownership (UBO) is a hot topic at the moment, particularly in the UK, where it is a legal requirement for all companies to disclose their ultimate owners to the corporate registrar. However in the US the landscape is wildly different. No state currently requires a company to declare the UBO, meaning it is easy to disguise the true beneficiary of a company. There is even talk at the moment within the US of relaxing the rules further in light of COVID-19

Complex ownership structures can be exploited to hide assets, and conceal individuals’ investments and involvements in business ventures. Joe Exotic made use of this tactic, and is even heard within the docuseries saying proudly to the camera, “Look around! I don’t own anything!”  When we had a look at some of the court documents surrounding the Tiger King, Joe was indeed right. He didn’t appear to own any assets at the zoo, or the zoo itself. 

As mentioned in the previous section, the original GW Zoo was founded in 1999 by Joe, under his original name of Joe Schreibvogel, and his parents Shirley and Francis. It is quite clear from the show that the zoo is Joe’s, legally or otherwise; he makes all the decisions and it is his responsibility to run it day to day.

The Big Cat Rescue Group settlement agreement outlined the continued involvement of Shirley in the zoo’s finances, without her having much actual involvement in the zoo itself. On paper, Shirley was the landowner and leased the land to the GW Zoo; however the settlement stated that these were not ‘arm’s length’ leases, and instead were used to transfer funds and assets to Shirley, so that they would remain out of reach of the ongoing lawsuit against GW Zoo/Joe Exotic. 

The settlement also states the ownership status of many vehicles and trailers within the zoo, and surprise surprise, they are all owned or leased by Shirley. Once again, this is a ploy to move all of the assets out of Joe’s name, and therefore supposedly out of reach of the court case. 

Lions and tigers and bears, oh my!

Arguably the most important aspect of establishing a zoo is the animals. 

You may think that getting hold of exotic animals would be difficult, but in many states it is simpler to purchase a tiger than to adopt a puppy. The Endangered Species Act of 1973 makes it illegal to sell endangered wildlife interstate or through foreign commerce in the course of a commercial activity. However you can be exempt from this Act if you are a USDA licensee, which is relatively easy as shown at the beginning of this piece, or an accredited sanctuary.

If we look at how Joe Exotic accumulated more than 200 tigers within GW Zoo, this was primarily done through breeding at the zoo. To care for a tiger, the food cost alone is between $7,500 and $10,000 per year, therefore Joe was not able to keep the whole litter and would sell the cubs. With the price of a large cat ranging anywhere from $900 for a bobcat to $7500 for a tiger cub, you can see why this is an attractive business and why Joe Exotic sold 168 tigers between 2010 and 2018 (the below map shows the far-reaching transfers of tigers from GW Zoo). Before 2016, there were fewer restrictions on the sale of captive-bred tigers as they were not considered important to conservationists and therefore could be freely traded, making it easier to trade across state lines. 

map.png

As you can see from the above, the amount of money that passes through a roadside zoo can be extensive, and this isn’t even including the admission and tour fees - some establishments charge nearly $400 per person for a tour. 

Not only can a zoo be used to move funds from other illicit activities, but there is great opportunity to use the zoo to commit illegal acts:

  • Purchasing or selling endangered wildlife in a banned state or without the appropriate licence 

  • Trading wildlife that has been illegally obtained 

  • Laundering cash through inflating prices of wildlife sales

  • Storing illegal drugs, as allegedly done by Mario Tabraue, who appears in the docuseries, before his arrest in 1987. 


The purchasing, breeding or exhibiting of exotic wildlife without the appropriate licence is illegal and therefore makes these animals criminal property. Profits from the subsequent trade of these animals are therefore the proceeds of specified unlawful activities (SUA), and money laundering is added to the long list of crimes that can be committed by these zoos. 

So where do I sign up? 

Absolutely do not set up a roadside zoo. 

The opportunities to conduct financial crime from a roadside zoo are extensive. The process of constructing a zoo itself presents the perfect opportunity as you can deal with high amounts of invoices for builders/supplies and deal with cash intensive industries to move illicit money. The subsequent running of the zoo creates more opportunity from buying and selling exotic wildlife illegally, to moving illicit funds through the zoo with inflated ticket prices and upkeep of the park. And as with other business types, you can set up constantly changing complex ownership structures to hide your assets.

As we have shown throughout this analysis, things aren’t always as they seem. Something that from the outside may look like a legitimate business can be used in numerous illicit ways. For financial institutions that service corporate clients, it is vital to analyse the industry lists in the context of your product offering, jurisdictional coverage and client base and see if something that might generically pose a low risk of financial crime, could actually be used extensively for financial crime purposes.  Hopefully this article has given you some red flags to watch out for, such as unnecessarily complex ownership structures, repeated changes in ownership, multiple name changes or aliases, or historic involvement in lawsuits or criminal prosecutions.

Get in Touch

If you are interested in speaking to the FINTRAIL team about the topics discussed here or any other anti-financial crime topics, please feel free to get in touch with one of our team or at contact@fintrail.co.uk.

Relationship Management During Covid-19

We don’t really do the whole cold-calling thing at FINTRAIL. We are all pretty personable and we love to get out and chat to industry peers, whether over a coffee or a cheeky glass of wine. This is our best and most powerful way of building strong relationships with the community. So when Covid-19 emerged and we were all put on lockdown, naturally this put a spanner in the works for us at FINTRAIL. Remaining open minded and not being afraid of taking on the difficult challenges, we knew we still had to reach out to our network.

However, after week three of lockdown, as it dawned on everyone that we were in this for the long haul, the community remained strong. We found the majority of people were more than happy to have a 10 minute phone call/video chat. I can only put this down to a severe and sudden withdrawal of human interaction and a realisation that this was a long term predicament.

Below is a light-hearted summary of the reality of the effects of the lockdown:

  • No one has worn proper clothes for a while; changing out of yoga pants and hoodies to put on “real” clothes seems absurd now. Which ties in with point number 2..

  • There is a general worry that no one will fit into their “real” clothes again as the daily step count has gone from 10,000 down to 100.

  • Most people are binge watching Tiger King, except me who is binge watching Billions (in both cases, we’re classifying these shows as work-related “research”).

  • A home workout was attempted 3 weeks ago, but you forget how loud the music is in a gym class; it blocks out certain noises. I could very clearly hear myself gasping for breath which was enough to put me off trying that again.

  • I have found common ground with others, who like me, walk over to their fridge, open it, stare inside and sit back down again. We have a secret hope that a magical bar of chocolate (that we didn’t put in there) will appear. Leading onto number 5..

  • As that magical chocolate bar didn’t appear, some resorted to eating their Easter eggs a week before Easter.

We are all experiencing the same thing in varying degrees; whether that be trying to homeschool two kids while working from home, having your dog barking in the background just as it’s your turn to speak on a conference call or needing a banner that pops up at the start of every VC call saying “this is not my house, don’t judge me on my parents’ decor”.

If you fancy a break and a random chat, feel free to contact us at FINTRAIL; after all we are all human. There’s a time for business and a time to be human (who knows, we might even manage to have a productive conversation and do both)!

How Social Media is used to Further Financial Crime - Part 2

Similarly to most 18-year-olds, “Carlos” is glued to his phone, constantly refreshing his social media feeds and scrolling through friends’ pictures. In contrast with many other teenagers though, Carlos’ uploaded photographs illustrate a level of opulence and a life of excess. Carlos and his friends are pictured holding wads of cash, draped in designer clothes, Rolex watches on their wrists, and driving around London in a Mercedes. This seems quite implausible for an individual who left school after GCSEs and is now a junior employee at a central London restaurant (1).

 

Is the use of social media helping to fuel this problem? The HM Inspectorate of Probation’s report, ‘The Work of Youth Offending Teams to Protect the Public’, have described social media platforms as the “catalyst for some of the most serious and violent crime offences” (2). This is of no surprise as there has been a generational shift, with youngsters now living in a progressive online world which some adults just cannot get to grips with.

 

In Part 1 of this series, FINTRAIL used four basic money-mule associated search terms to pre-identify social media accounts of interest and those assessed to be associated with potential mule activity. These search terms were “Legit money UK”, “Easy Money UK”, “Flip Money” and “Instant Cash UK”. This investigation now seeks to focus on the initial phase of money mule recruitment and how by disrupting this critical stage it can disrupt the rest of the money mule value chain. However, it is important to first understand the money mule life cycle  which looks like this:

A simple diagram breaking down money muling into four steps; step 1 how to entice on social media, step 2 where they get a DM and get money deposited, step 3 the mule transfers money across their accounts, step 4 the mule gets caught and faces the c…

Honing in on Step 1 i.e. contact over Social Media, FINTRAIL have identified a number of key indicators of which combined together likely indicate an attempt to lure someone into Money Muling; these fall into two categories, visuals and language.

The likelihood of money muling being carried out on the internet depicted as visuals, e.g the images of cash etc to lure and the language used e.g. quick cash etc.

Visuals: There are a combination of images used that show instant gratification; key features include cash, cars, watches and evidence that large sums have been transferred into bank accounts. Further to this, many of the pages had adverts in their “stories” asking people to DM them if they want to make money quickly and requested people with very specific bank accounts to get in touch.

Language: By doing a simple drag and drop of Facebook, Instagram and Twitter pages into a tag cloud generator, FINTRAIL identified the types of language used across all platforms; the more popular the word, the larger it appears. The language used on the accounts really highlighted three key areas; fraudsters would request a specific bank account whether Barclays, Lloyds etc, then offer free fast easy money and explain that this was only a DM or whatsapp message away.

High chance of money muling: The combination of these images linked with these words are likely to indicate and point to something unsavoury and potentially illicit. This combination of factors can be used by social platforms to limit the likelihood of false positives when monitoring behaviour on their platforms and if kept up to date with evolving typological information, would create a far more effective disruption to wholesale financial crime scams than the over reliance on the regulated financial sector, by which point the damage is already done and the act of money laundering has already occurred.

So What Next? 

For FINTRAIL our money-mule journey on the social media platforms ended with the phrases “DM me for more info” or “whatsapp me”. However, in reality we know that this is only the beginning. We know that from here, behind the scenes, bank details are exchanged and money transfers are being made. This is where law enforcement has a critical role to play, coordinated with social media platforms, so that more can be done upstream to reduce the impact and have far more effect, reducing harm across the value chain of money mule activity.

 

Instagram as well as Facebook, use a new AI system Deep Text to essentially deal with and counteract major issues such as cyber bullying as well as malicious posts and comments. If the Instagram algorithm detects or finds provoking content, it’s discarded immediately. This demonstrates that technology already exists that can have an enormous impact on how social media platforms are abused (3).

A robust disruption of Step 1 of the money-mule cycle that is facilitated by social platforms will have a significant downstream impact where the end result would likely amount to a positive reduction in;

  • harm and exploitation of vulnerable people

  • costs to law enforcement effort (investigating money-mule cases)

  • the burden on the UK and global Suspicious Reporting Regimes

  • the burden placed on those operating in the regulated financial service sector


Very clearly, this needs to be an industry wide coordinated effort with law enforcement at the forefront and social media platforms on board. During the fifth Europol Money Mule Action (EMMA 5) week, 3883 money mules were identified alongside 386 money mule recruiters; 228 of these were arrested. As a major catalyst of money muling recruitment, social media platforms should share the burden and play their part in the deterrence of money muling by utilising technology they already have.

Get in Touch
If you are interested in speaking to the FINTRAIL team about the topics discussed here or any other anti-financial crime topics, please feel free to get in touch with one of our team or at contact@fintrail.co.uk

(1) How teenage money mules funnel millions from online fraud

(2) Monitor social media of young offenders to prevent crime says watchdog

(3)  Instagram leverages AI and big data

Keep Calm and Keep Planning: Pandemic Planning for FinCrime

No business sector has been left unaffected by the outbreak of the coronavirus. The financial sector, including FinTechs, is no exception. In times like this, working together as a community is more important than ever.

This document collates examples of how COVID-19 has impacted the FinCrime operations of FinTech FinCrime Exchange (FFE) members and how the teams have responded as they pivot to almost exclusively remote operations, as well as presenting some best practice guidance for a business continuity plan (BCP) and remote anti-financial crime (AFC) compliance.

It looks at how international bodies, financial regulators and law enforcement agencies across the globe have responded so far to the ongoing coronavirus situation, highlighting specific areas FinTechs should focus their attention on. 

The document also discusses differences between traditional business continuity planning and pandemic planning which may present unique challenges to Fintechs management teams. Finally, in its annex, the document collates information on COVID-19 related scams divided into four categories: imposter, product scams, investment scams, and insider trading. 

This guidance is based on research conducted by FINTRAIL across the FFE community. This includes a survey sent to all global members, review of 31 responses, 15 follow-up interviews, and additional research and analysis conducted by FINTRAIL. The survey and interviews were conducted during the week commencing 16 March 2020.

A black line drawing of the FinTech FinCrime logo and accompanying text title
 

With thanks to members of the FinTech FinCrime Exchange for sharing best practices.


How Social Media is used to Further Financial Crime - Part 1

Introduction

Facebook, Instagram and other social media platforms have created simple methods of association. This in itself is both social media’s greatest strength and greatest weakness. You can share friendships globally but those with nefarious intent also have the mechanisms to create connections and identify vulnerable individuals that can be exploited to further their criminal activity.

Over the course of one week (pre-Covid-19 crisis) and as a follow up to our last article on this topic “The Role of Social Media in Furthering Financial Crime”, FINTRAIL conducted research on three key social media platforms, to assess the exposure of the platforms to financial crime activity - specifically money muling. This exercise should be considered a basic benchmark of the problem; our analysis suggests the scale is significant and likely to be systemic to the way money mule networks operate. This is further emphasised when you consider all the available social platforms likely to be used and private/DM functionality that keeps much of the content private. 

Methodology

Research material was obtained through passive observation, some of the groups identified were joined but at no time was there any form of direct engagement. FINTRAIL used four basic money-mule associated search terms to pre-identify accounts of interest and those assessed to be associated with potential mule activity. These were then manually reviewed to assess the group activity.

For this benchmarking FINTRAIL focused on three platforms; Facebook, Twitter and Instagram. The below infographic depicts the findings. Note: there has been no formal network analysis done to identify any crossover between platforms.

Findings

Image with textual findings of money mule search terms across social media, with images on the right hand side of examples of the types of messaging that is seen on social media.


Summary

Pre-Covid-19, many people were already anxious about their financial situation, making them vulnerable to exploitation by criminal gangs seeking to develop mule networks. Research completed by Barclays revealed 6 in 10 people (60%) of respondents were worried about their finances on a weekly basis. 

Since Covid-19 started to bite globally, significantly more people have become financially vulnerable with more people out of work and in dire need of money to cover living costs. These factors create the ideal conditions for criminal gangs to target the vulnerable and there is likely to be a significant increase in the number of people who fall into the trap of money muling.

We will be investigating further into this topic in Part 2 looking to provide some practical information that social media platforms (and others) could use to help in identifying and preventing this kind of activity.


If you have any comments or would like to discuss the issues in this post, or wider anti-financial crime topics, please feel free to get in touch with one of our team or at contact@fintrail.co.uk

Stop. Collaborate and Listen

In our latest thought leadership piece we explore the idea of collaboration. This joint piece between FINTRAIL/FFE and RDC demonstrates the vital role that collaboration plays. We discuss the impact it has on the global fight against financial crime whilst highlighting some of the current collaborative efforts within both the public and private sector to date, showing their effectiveness within the FinTech and Banking industries.

Our ultimate conclusion is that the dispersal of information to a variety of individuals closely involved in the fight against financial crime is essential to any successful AML initiative.

The Impact of Coronavirus on Financial Crime is Bigger Than You Think

From war to pandemic, there is always a class of profiteers seeking to take advantage of a country or world in crisis. Unsurprisingly, the behaviour has emerged once more in response to the escalating international outbreak of COVID-19. US cyber security firms and news agencies have repeatedly warned about the rise in coronavirus phishing scams, where emails purporting to be from trusted authorities like the Center for Disease Control and Prevention (CDC) and World Health Organization (WHO) are being sent to unsuspected victims, tempting them into downloading malware onto their devices. Scam cures, such as colloidal silver and essential oils, are also on the rise. The Federal Trade Commission (FTC) and Food and Drug Administration (FDA) have even issued warning letters to several companies, who may be found to have violated federal law for selling unapproved products using false claims. 

Unfortunately for financial crime compliance professionals, coronavirus risks go far beyond old scams targeting new fears. The landscape and scale of financial crime compliance risks are fundamentally changing, and without sound risk management, we might find ourselves among other overwhelmed, underprepared industries in the face of a pandemic. 

It’s Not Just Fraud

While fraud has understandably received the most immediate financial crime-focused coverage, this is not the only financial crime area that we should analyse for potential spikes. 

For example, we could see spikes in certain types of money laundering activity. Look at money mules - who are often recruited online through fake social media employment or romance scams. As individuals lose their jobs or have to find work from home, the prospect of being able to earn funds quickly through moving money from one account to another may become even more attractive. Some sites are even directly recruiting money mules in the name of supporting coronavirus victims. 

It’s not all bad, however! Cash-based activity is on the decline in countries hard hit by coronavirus, and potentially cash-based money laundering along with it. Major international terrorist groups, such as the Islamic State, are advising their fighters not to travel to Western countries undergoing severe outbreaks of coronavirus, which could impact terrorist financing flows. 

The best thing for financial crime professionals to do is to spend time thinking about how the pandemic may impact the specific financial crime risks they face as a business. They can then adapt their controls accordingly, to best mitigate the evolving threat landscape. 

Investigation and Enforcement

Investigations are beginning to stall in the face of coronavirus as well, hindering the ability to meaningfully prosecute complex, cross-border cases involving bribery and corruption, organised crime and sanctions evasion. As the pandemic spreads across the globe, with travel bans, home working and quarantines being used as containment measures, compliance officers and lawyers investigating bribery and corruption have been forced to delay meetings and interviews, which could allow cases to drag on and bad behaviour to continue to proliferate. 

In addition to stalling investigations potentially allowing for compliance risks to slip through the cracks, law enforcement is also facing pressure to keep up with demand. Police in the US are now shifting gears to enforce coronavirus rules and in some areas, have been urged to avoid “unnecessary arrests” as this could only lead to the virus spreading. Law enforcement priorities are fundamentally shifting, and financial crime is unlikely to get the focus or resources it needs. 

Compliance Ops

Particularly in FinTech hubs like New York City and San Francisco, the latter of which is under a shelter-in-place order, employees are having to work from home in order to keep the business running smoothly, and this includes BSA/AML compliance operations staff and analysts. While FinTech workplaces generally encourage more working from home and may have better controls in place to ensure data security, the hasty transition can still generate problems if not managed effectively. 

While internal fraud is often viewed as less of a concern in small and medium sized FinTechs, given the close and collaborative nature of their teams, this risk should still be fully mitigated. More than half of all frauds committed against business are done so either internally or by an internal actor colluding with an external one. And this is something we have increasingly begun to see in the FinTech sector. We have personally experienced cases where FinTechs have had to engage in trying internal fraud investigations, or where staff have been contacted by organised crime groups asking them to engage in fraud. 

Generally speaking though, the vast majority of internal staff are team members trying their best for the company. Front line team members need to be supported now more than ever in the work that they complete. Staff may fall ill, leaving others having to balance heavier workloads. Staff may not find it as easy reaching out for help evaluating a new alert. And responding to crises can also detract from other important financial crime tasks, like filing SARs (if this is the case, make sure to contact FinCEN). In-person training and support that staff need in order to thrive, excel and finish work on time may not be readily available. By taking steps to ensure regular team communication, health, wellbeing, and safety, as well as access to educational resources, firms can build out more resilient teams. 

Recession?

Finally, we get to the elephant in the room: it’s difficult to find an economist that doesn’t think the coronavirus pandemic will bring the global economy into recession, especially as we seemed to be nearing one prior to the outbreak. With transportation and hospitality industries suffering major blows, and with outbreak hotspots like Italy already facing a delicate economic balance, we should start looking at what impacts a recession could have on financial crime levels now. 

Data from the last global recession indicates that financial crime and crime generally can go up during a recession. The first 6 months of 2009 for example had the highest fraud rate observed to that point in KPMG’s Fraud Barometer, and 36% of senior executives reported to Kroll that they believed fraud risks had increased due to the recession. 

One report from the World Economic Forum indicated that, for young people struggling to find employment during a recession, the arrest rate increases by 10.2%. The difficulties in pursuing legitimate employment make criminal enterprise more attractive; what’s worse - once involved in criminal activity, it can be very difficult for these individuals to leave, making the level of recession-rooted crime increase further. 

When thinking about financial crime contingency planning in the face of coronavirus, we need to think even bigger than just the short term impacts and start evaluating what our response will be in the face of possible recession. This also includes considering what typologies may evolve or proliferate, such as benefit fraud as more people apply for unemployment.

What You Can Do 

There is a lot of uncertainty out there in the face of coronavirus, and we will benefit as an industry by working collaboratively to tackle financial crime challenges as they occur. The below are just a few tips and tricks for how to tackle coronavirus as a financial crime threat:

  • Reconsider your BSA/AML risk assessment. Which inherent risks are more or less impactful in the face of coronavirus? Which controls might be weakened?

  • Evaluate whether your second line controls can provide the same level assurance in the current situation. For where external expertise is needed, work with digitally-focused consultancies who can easily support you remotely. 

  • Check up on your internal fraud procedures, to ensure strong whistleblowing protocols are in place, as well as appropriate access rights and 4 eyes checks.

  • Increase staff engagement through financial crime catch ups, remote training and clear lines of communication. 

  • Don’t stop contingency planning, and add a potential recession to the list of events you’re planning for. 

We are working hard with the FinTech FinCrime Exchange community to learn more about what specific steps the international FinTech sector is taking in response to coronavirus as part of their contingency planning. Stay tuned for future insights.

If you have questions about how your business should proactively take on financial crime in the context of coronavirus, reach out to Megan Millard or Meredith Beeston.

Celebrating International Women's Day at FINTRAIL

Purple banner for with the logo and title for International Women’s Day with #EachForEqual and #IWD2020

International Women's Day (8th March) is a global day celebrating the social, economic, cultural and political achievements of women. The day also marks a call to action for accelerating women's equality. At FINTRAIL we are committed to equality and wanted to join in celebrating the women that contribute to making FINTRAIL a great place to work.


Photo of Gemma Rogers Co Founder at FINTRAIL

Gemma Rogers

I co-founded FINTRAIL in 2016.

“My FINTRAIL highlight so far was realising that we had achieved gender parity among our leadership team. 💪”


Maya Braine

I’m the newest member of FINTRAIL, and joined the team two months ago.  

“I joined FINTRAIL because I wanted to work in a dynamic, growing team where I could challenge myself, take the initiative, and feel my contributions make a real difference.”

Maya Braine - Senior Consultant at FINTRAIL

Payal Patel - APAC Managing Director at FINTRAIL

Payal Patel

I have been part of the FINTRAIL team for almost a year.

“My plans for FINTRAIL Asia this year are to continue to work with the most innovative and exciting FinTech companies in the region and to expand the rapidly growing FFE network.”


Lauren Vincent

 I have been part of the FINTRAIL team for 8 months.  

“The best part of my job is how much knowledge I am able to gain from my colleagues on a day to day basis.’'

Lauren Vincent - Global Team Coordinator at FINTRAIL

Danielle Jukes - Consultant at FINTRAIL

Danielle Jukes

I have been part of the FINTRAIL team for 4 months.

“If I had to sum up the FINTRAIL team I would say that we’re a diverse team and all share a passion for our work.”


Meredith Beeston

I have been part of the FINTRAIL team for 2 and a half years.

“I chose to work in FinTech FinCrime because I wanted to work alongside a growing industry and help find innovative ways to use technology in the fight against financial crime.”

Meredith Beeston - Consultant at FINTRAIL

Photo of Ishima Romain - Analyst at FINTRAIL

Ishima Romain

I have been part of the FINTRAIL team for almost 3 years.

“The top 3 things I've learned during my time at FINTRAIL: Personal - a traditional background isn’t required to be part of FINTRAIL. Technical - many processes that businesses conduct independently, as they usually align to wider controls, should be done collectively. General - to be adaptable in this ever evolving disruptive industry.”


Rachel Clark

I have been part of the FINTRAIL team for 6 months.

“This year I am most excited about hearing the new FFE Podcast which will give interesting insights into individuals experiences with FinCrime in the FinTech sector.”

Photo of Rachel Clark - Consultant at FINTRAIL

Investor Due Diligence: A Two Way Street

Zopa: Scandal in the Boardroom

Last week, UK peer-to-peer lending firm Zopa found itself in the news when board member Kapil Wadhawan was forced to resign following his arrest in India over money laundering allegations.  Wadhawan, the chairman of Wadhawan Global Capital and the owner of a large property finance group in India, co-led a £32m investment in Zopa which secured him a seat on the company’s board.  He was arrested by the Enforcement Directorate, an Indian government agency responsible for policing financial crime, in late January in connection with a money laundering probe.

This incident highlights the importance of knowing who you’re doing business with - not only employees, partners, and vendors but also investors.  In the thrill of securing financing, it can be tempting not to scrutinise your potential backers too closely, but as the Zopa case shows this is a potentially risky area.  This is the start of a long term partnership, so both sides need confidence in who they’re dealing with. “Investor due diligence” should cut both ways, and target companies should be prepared to conduct “know your investor” research.  Investors with poor reputations can have a knock-on effect on portfolio companies’ credibility, and their ability to raise future funds. And in a worse case scenario, these companies could even find their investors or directors involved in criminal proceedings, as in the Zopa case, or discover that the investment consisted of illicit funds.  

Doing your Homework: Reputational and Integrity Due Diligence 

Reputational and integrity due diligence should form part of the wider due diligence process alongside financial, commercial and legal diligence, and is vital for understanding financial crime risks.  It can be relatively straightforward to ascertain the track record and reputation of well-established investors, but for more niche investors, those based overseas, or new figures in the market, this may not be so straightforward.   

The obvious questions for an investee to ask are whether the investors are well-established figures with a good track record and a logical interest in investing in the company in question.  How long has their firm been incorporated, has it made successful investments in the past, and does it have discernible experience in the sector? Does it seem to be in good financial standing?  Are there any indications the investors have been involved in any previous scandals or legal or regulatory issues? It’s also important to understand their modus operandi and if they have ever been involved in dubious or aggressive business practices, or disputes with partners, competitors or other investees.  This may involve determining if they are the subject of any inquiries by regulators or law enforcement agencies which haven’t yet reached the stage of formal proceedings.

In addition to the above, there are further issues to consider for investors from overseas jurisdictions with lower standards of transparency and higher levels of financial crime.  What is the source of funds - how did the investor initially make their money? In some countries, analysing this information may require understanding of the country and its history - for example, anyone who established their fortune in Russia and the former USSR in the privatisation programmes of the 1990s.  In many countries, it will be important to understand political patronage - whether your investors have political influence or connections, whether this could have helped them make money illegally or unethically or to avoid legal actions, and whether their position may be threatened by changes to the current political regime.  

Sources of Information 

In practical terms, where can investees find the answers to these questions?  They will likely start gathering information in-house through basic steps like online research - sources like the investor’s own website, news reports, and Google searches.  Speaking to others in the marketplace will help provide a sense of the investor’s track record and general reputation. To ensure consistency and transparency, investees can implement an ‘investor due diligence’ process (a project which FINTRAIL is ideally placed to facilitate), which in many ways mirrors a customer onboarding process.  It will allow the investee to make sound, defendable decisions by establishing a methodology to collect consistent information from defined sources, analyse it in line with clear criteria and parameters, and establish transparent escalation and decision-making processes.

In some cases, it will be advisable to seek expert help in conducting this due diligence research, especially if early red flags are identified or if there are discernible high-risk factors such as the investor’s main country of operations.  Expert due diligence research will look at the online sources mentioned above plus specialist media databases, local and overseas litigation and corporate records, regulatory watch lists, foreign language media reports, and cached online materials.  If required, researchers can also conduct enquiries with human sources operating in the relevant sector and country, to help explain the investor’s history, modus operandi, other business interests, perceived probity and general reputation. This is particularly useful in countries with undeveloped media landscapes, poor press freedom, or limited public records.  Appropriate sources may include founders or employees of existing portfolio companies, other investors or business figures operating in the sector, journalists, and former partners or employees. Conducting successful enquiries requires an excellent network of contacts, as well as understanding the specificities of the investor’s operations, in terms of the sector, type of business, and jurisdiction.  

FINTRAIL’s Experience

The FINTRAIL team has extensive experience in both designing due diligence processes and conducting reputational and integrity due diligence.  We have lately finished building and implementing an investor due diligence process for a UK-based FinTech. We have also recently worked with a client to conduct research on a potential investor, in a case which showed clearly how important it is for growing FinTechs to identify the right partners.  FINTRAIL investigated a venture capitalist from Russia looking to invest in a UK-based FinTech, using our expert country knowledge and language skills; searches in Russian, US and EU litigation and bankruptcy records, criminal records and regulatory agency checks; and adverse media research in English and Russian.  This uncovered concerns about the investor’s source of wealth and modus operandi including political connections to the Kremlin, business interests in opaque jurisdictions held through apparent shell companies, and UK corporate interests which bore similarities to those of the Hajiyev family, the subject of the UK’s first Unexplained Wealth Order (UWO).  These concerns ultimately led to the FinTech deciding not to accept the investment - a potential disappointment in the short term, but an important decision to head off major issues in the future. 

Get in Touch
If you are interested in speaking to the FINTRAIL team about due diligence or any other anti-financial crime topics in an increasingly digital FinTech world, please feel free to get in touch with one of our team or at contact@fintrail.co.uk

FINTRAIL's Fave Podcasts

Like everyone, the team at FINTRAIL are living for podcasts at the moment. Whether we are on our daily commute or grabbing a coffee we are tuning into our favourite shows. For those of you that are keen to explore some new FinTech/ FinCrime related podcasts - here are some of our recommendations:


Payal Patel - APAC Managing Director at FINTRAIL

FinTech Insider / Blockchain Insider

“I love the variety and quality of speakers and the relaxed, but informed style of both these podcasts which cover the most recent developments in the FinTech and Blockchain world. Living in Singapore, these shows provide me with the regular global update and industry expertise I need.”


Gemma Rogers - Co Founder at FINTRAIL

Bribe, Swindle or Steal

This podcast by the anti-bribery business organisation TRACE International looks at examples of financial crime cases and typologies, and at what can be done to tackle them through interviews with experts in the field.  The topics covered are really varied - regulatory developments and best practice, diverse crime types such as doping in sport or wildlife poaching, and major international scandals such as the Luanda Leaks and the Volkswagen emissions scandal. Having this broad scope and including interviews with such diverse practitioners throws up interesting perspectives and shows how many forms financial crime can take.


Maya Braine - Senior Consultant at FINTRAIL and MENA specialist

Caliphate and Conflicted

I’m pursuing an extremism and terrorism financing theme at the moment.  Caliphate is a series following Rukmini Callimachi of the New York Times as she reports on the Islamic State and the fall of Mosul. You are hooked from the very beginning and the insights provided on the inner workings of ISIS are fascinating. And for even more incredible insider information, I recommend Conflicted by Aimen Dean, a former jihadist turned British double agent inside Al Qaeda. This podcast combines incredible first-hand insights with expert analysis, and breaks down the complexities of history, religion and politics of the Middle East and puts them in a global context.


John-Paul Eaton - Global Community Director at FINTRAIL - FinTech FinCrime Exchange

The Missing Cryptoqueen by Jamie Bartlett

The pyra-ponzi scheme that shook the world. The ‘Bitcoin killer’ that through an elaborate social engineering scam destroyed thousands of families and swindled billions of dollars. We were extremely privileged to have Jamie Bartlett share his OneCoin investigation at FFECON19. And through the FFE community, it has been awesome to open doors for Jamie to take his investigation to the next level. Breaking News: there will be a Missing Crypto Queen TV series.  Can’t wait for Jamie to share his progress at FFECON20!


Robert Evans - Co Founder at FINTRAIL

Financial crime matters with Kieran Beer from ACAMS

This is my go to for all the latest insights on trending Financial Crime topics.


Get in touch to let us know what your favourite podcasts are- we are always keen to add to our ever-growing list. Happy listening.

FINTRAIL's Focus for 2020

At FINTRAIL, like many of the clients we work with, we like to be as transparent as possible about our plans, successes and failures.  So with that in mind, Gemma and I wanted to write a quick summary of 2019 and give you a view on what we are planning for 2020.

Thanks to our amazing team, partners and clients we had a pretty awesome 2019! We worked with over 30+ different FinTech and financial institution clients across Europe, Asia, North America and Latin America. 

Amongst other things, the FINTRAIL team have helped our clients build compliant FinTech products, transform legacy financial crime infrastructure, conducted audits and worked with leading technology, people and process to change how modern financial service providers can address the threat of financial crime.

Additionally, we have continued to invest in and grow the global FinTech FinCrime Exchange (FFE), we now have over 170+ FinTech firms big and small that have joined the fight against financial crime across the US, Europe and Asia.

As we continue to grow as a firm, we are of course going to see some challenges.  Firstly, setting a cohesive international strategy is hard, especially as a small and very busy team. Bringing the US and Asia markets online brought significant challenges, some of which we had just not thought about. With so many ideas on what we could and can do, it can be difficult to curb our enthusiasm sometimes. I think it would be fair to say that 2019 was a year of learning on this topic but we have taken that onboard and are now accelerating in to 2020.

We built out our team significantly - clearly this is a brilliant problem to have - but we did have to think more carefully about the culture and structure of our team. Just throwing bodies at an opportunity is not the right answer but we really think we have made great progress in refining what the FINTRAIL organisation and culture looks like and this will continue to be a constant priority for us moving forward.

Finally, I think it would be fair to say that as co-founders, we learnt a lot about ourselves in 2019. We have put a lot of effort into FINTRAIL and it is sometimes hard to step back and empower your team to take that forward. We are super fortunate that we now have a team that believes in our mission and have the enthusiasm and capabilities to take that forward. As a team and individuals we are not going to get everything right the first time but we are committed to learning at every opportunity and we aim to make FINTRAIL one of the best places to work, doing super important work for the best clients in the world. 

However, this is all history and we cannot take our eye off the ball. So 2020 is going to be an even bigger year for FINTRAIL our clients and community we support and and this is how we are going to do it:

Continue to invest in our consulting teams to bring our clients the best and most relevant expertise and support. In 2019 we grew our global team and launched our businesses in the US and Asia; we have seen a rapid growth in demand for what we do. Without the right people, culture and infrastructure we simply cannot do what we do.

In Asia, led by our local Managing Director Payal Patel, we are already working with some of the largest regional players to ensure they build robust anti-financial crime provisions into their products and business plans. Payal will be building out our regional offering and scale her team across the region over the course of 2020.

In the US, led by our local lead Megan Millard, we have been working with established global players to transform their vision of compliance and anti-financial crime as well as working with new and highly innovative businesses to ensure they start their journey in a secure and compliant fashion. There will be a big focus on the US market in 2020 as we continue to grow the business there.

In Europe, led by our local Managing Director James Nurse, we have been supporting clients big and small through their compliance and anti-financial crime journey. This shows no sign of slowing down and we will be bringing our specialist skills to new markets in the region and continuing to grow the team out to cover the different European jurisdictions.

Data, Data, Data - there is no question that the fight against globally connected financial crime requires us to take a connected, community and data driven approach to have any meaningful impact. Over the last 3.5 years through the FFE we have seen the power of connecting people and sharing insight.

We have been exploring what FINTRAIL and our FFE community can bring to this challenge and we think we have a way forward.

We have now agreed a partnership with one of the leading global RegTech providers to start connecting our global community in that fight through the development of real-time threat data sharing. Gasps I hear, what about data privacy? Well this is not going to be some half-baked attempt to deliver data sharing. FINTRAIL and our partner are doing this properly - we have an existing community of motivated and technically savvy FFE members who are proactively asking for this, we can leverage our connections with global regulators, law enforcement and wider privacy community to get this right. Combine that with leading technology and world-class technical expertise and we have a solid combination.

Are we going to solve it overnight, absolutely not but It is going to be a key priority for us and the FFE community over 2020 and coming years. More specific details will follow on this topic in the coming weeks.

Continue to grow the community. The FFE is unique. It is the only global FinTech community dedicated to the fight against financial crime - and it is free. It is something that all of us at FINTRAIL are extremely proud of and we would not be able to make happen without the support of our partners at Regulatory Data Corps (RDC). We have big big plans for the FFE for 2020:

Meet-ups - in 2020 we will be hosting somewhere in the region of 20 meet-ups across the three regions and our aim is to make these even more relevant to the community. We will continue to strive to bring the global FinTech community together in a common cause and have a meaningful impact on the scourge of financial crime.

Podcast - yes, that’s right 2020 is the year we are launching our FFE podcast series and it looks like it will be a cracker. We are going to use this opportunity to dive into the topics that matter to members and learn more about the people and issues that impact our lives every day. The 12 part podcast series will feature all three FFE regions and we can't wait to see this mature for the FFE community and other interested parties that want to learn a bit more about it.

Expert Working Groups - we want the FFE to have a voice that has tangible impact. In 2020 we will be hosting a series of Expert Working Groups that will bring together Compliance and Anti-Financial Crime leaders from across the FinTech and financial services industry to dive deep into the key topics affecting the industry and come up with a common way forward. We will then use that platform to bring about change through our engagements with partners, regulators, law enforcement and customer communities. 

Engagement with global law enforcement - in 2019 our team spent a significant amount of time engaging with law enforcement and regulatory enforcement bodies from around the world. This was about spreading the word about the FFE and educating on FinTech, but also the opportunities to collaborate effectively. We have built amazing relationships with partners such as the Metropolitan Police, City of London Police, HMRC, National Crime Agency, Europol, Department of Homeland Security, Federal Bureau of Investigation and many many others around the globe. This will continue into 2020 with even more vigour. The private sector has a critical role to play in supporting law enforcement efforts against criminality in all its forms and the FFE community is at the front of that effort.

FFECON - we had a ball at FFECON19 and based on the feedback we had after the event from all involved it is something that will be back for November 2020 (block your diaries). Our goal for 2020 is not necessarily to make this bigger for the sake of it, but rather focus on the quality of this event for our community and that is what we will achieve. In addition, we will be taking FFECON on the road for 2020, in either Asia or US market (TBC, so stay tuned) with the aim to make this forum accessible to the growing community and interested parties globally.

So there you have it, a transparent roadmap of what to expect from FINTRAIL and the FFE in 2020. It is going to be a blast but seriously hard work and I know the team at FINTRAIL are super focused on making this another year to remember. We can’t wait and on behalf of the team at FINTRAIL we wish everyone all the best for 2020!

If you would like to discuss the topics in this post, or if you want to know more about FINTRAIL and our 2020 plans, please feel free to get in touch with one of our team or at contact@fintrail.co.uk.

The Social Causes and Impact of Financial Crime - A Curve Talk

At this Curve Talks event hosted on 10 Sep 19, Gemma Rogers, co-founder of FINTRAIL, shared her knowledge about the socio-economic effects of financial crime. She tackled the individual-level impacts of crimes such as human trafficking and explore “why” this sits behind current anti-money laundering legislation.

Gemma has a passion for changing the terms of debate around financial crime risk management, debunking the lethargic tick-box concepts of old and focusing on intelligent, inclusive and business-focused solutions.

For more Curve Talks see https://www.eventbrite.co.uk/o/curve-19344651260

Slideshow

CRYPTOCURRENCY REGULATION IS WORKING, BUT CAN IT BE IMPROVED? DFS, FOR ONE, SAYS “MAYBE”

As regulators and legislators dash to keep up with developments in financial services technology and markets, cryptocurrency remains a central focus. At a recent fintech forum held at Georgetown University, Superintendent Linda Lacewell indicated that the New York State Department of Financial Services (DFS) would be reviewing its existing licensing scheme for cryptocurrency businesses operating in New York. It was reported that Superintendent Lacewell said, “This is a good time to take a look . . . and see how our regime is fitting the current market and . . . what if any adjustments should we think about making to continue to adapt to sort of a changing industry[.]”

REGULATION OF CRYPTOCURRENCY

After blockchain emerged as an effective mechanism for the exchange of value, Bitcoin (introduced in 2009) became the dominant cryptocurrency. In response to the expanding use of Bitcoin and other cryptocurrencies, as well as misconduct like the collapse of Mt. Gox, state and federal regulators sought to adapt existing regulatory schemes to these developments. In 2013, for example, FINCEN issued regulations that extended registration and compliance requirements of the federal Bank Secrecy Act (BSA) to cryptocurrency firms. And in 2015, following several public hearings and reports, DFS enacted a comprehensive regulatory scheme to allow for the issuance of a license to operate a cryptocurrency business in New York, known as a “BitLicense.”

BSA/AML/OFAC COMPLIANCE

Central to both the FINCEN and DFS regulations are requirements for compliance with well-established rules to combat money laundering and illicit financial transactions. Both sets of rules require cryptocurrency firms to implement the key pillars of BSA/AML compliance, including “know your customer” rules, transaction monitoring and the filing of suspicious activity reports, where applicable. The DFS Bitlicense goes further to protect markets and consumers — for example, requiring compliance functionality that screens out transactions that violate federal sanctions (OFAC) laws, prevents market manipulation, has mandatory cybersecurity obligations, and imposes requirements for capital reserves and enhanced reporting.

THE REGULATIONS ARE WORKING

There is substantial evidence that the federal and state regulations are working. One recent example involves an international criminal enforcement sweep against a child pornography video distributor and its customers. After the distributor was arrested in South Korea in 2018, law enforcement authorities used the proprietary Chainalysis software to analyze blockchain transactions and map out both the contributors and users of the child pornography website. This information allowed criminal investigators to contact cryptocurrency exchanges for more information on the wallet addresses sending a crypto payment to the video site. Because compliant cryptoexchanges will have performed competent Know Your Customer processes, some were able to provide copies of identification, addresses, and other relevant transactions associated with those accounts to law enforcement. As a result, the U.S. Justice Department charged more than 35 individuals who either contributed or purchased child pornography from the video site.

In New York, DFS has now granted licenses to operate a cryptocurrency business to 22 different firms. Experience to date suggests these entities are growing and maturing in this regulated environment. (See, e.g., “Gemini Launches Custody Product With 18 Cryptos Including Ethereum Tokens.) Apparently, though, not every firm deserves a license — as DFS strongly stated in its rejection this year of the BitLicense application submitted by Bittrex. After a lengthy review, DFS determined that Bittrex’s compliance program failed to meet the necessary KYC, transaction monitoring, and sanctions filtering requirements, among other apparent deficiencies. (See “DFS Denies the Application of Bittrex, Inc. for New York Virtual Currency and Money Transmitter Licenses.) Keeping out non-compliant businesses is both good for protecting consumers and markets, and for preserving a level playing field for entities able to achieve mandated compliance.

CRITICISM OF FEDERAL AND STATE REGULATIONS

Unsurprisingly, there has been criticism leveled against the FINCEN regulations and DFS Bitlicense. Some have taken issue with the broad applicability of both sets of regulations. Others find fault with the $5,000 application fee for the New York Bitlicense or argue that other requirements of the license are too onerous. Despite criticism, the regulators are not going away. At the same Georgetown University conference, the head of FINCEN, Kenneth Blanco, reportedly told the audience that “[t]he expectation is that you will comply with existing regulation… Whether you’re stablecoin, centralized, decentralized – [it] doesn’t matter. You’ll still have to be able to comply.” That being the case, regulators should still make good faith efforts to be forward looking.

NEXT STEPS FOR REGULATORS

Most would agree that no regulatory scheme is perfect; many would also agree that no regulator requires perfection from the entities it supervises. Accordingly, efforts by regulators to synthesize regulations and set out the ground rules in a clear fashion remain necessary for fintech businesses to thrive. Recent efforts by FINCEN to provide more systematic guidance to crypto businesses and the suggestion by DFS that it will take another look at its Bitlicense, are thus welcome. So is the effort by the Conference on State Banking Supervisors to devise a model payments law that may encompass cryptocurrency transactions.

Expecting dramatic change is unrealistic. As noted above, FINCEN intends to remain focused on BSA/AML compliance by fintechs and crypto businesses. DFS Superintendent Lacewell reportedly indicated that the current Bitlicense regime is “working well” and that the audience should not “get too excited” about major alterations to the licensing regulation. That said, Superintendent Lacewell said that DFS “wants to hear from industry participants to see what improvements, if any, the agency could implement. This is a good time for existing cryptocurrency businesses, or start ups, to jump right in.


Photo of Matthew Levine-President Finance & Regulatory Compliance Services

ABOUT THE AUTHOR:

Matthew Levine

President, Financial & Regulatory Compliance Services

Matt Levine served until recently as Executive Deputy Superintendent for Enforcement for the New York State Department of Financial Services. In this role, he supervised investigations and enforcement actions, including matters involving money laundering, terrorist financing, cybercrime and cybersecurity, virtual currency fraud, market manipulation, and consumer fraud, as well as monitorships implemented by DFS. Matt is a former federal prosecutor and trial lawyer with significant experience involving financial markets and regulatory matters. For nearly a decade, he served as an Assistant U.S. Attorney, first in the District of Columbia and later in the Eastern District of New York. There, he served as Acting Chief of the Business & Securities Fraud Section, supervising federal prosecutors conducting securities fraud, money laundering, cybercrime and other white-collar prosecutions. Matt can be reached at mlevine@guidepostsolutions.com.

The Dangers around Data Quality: How Poor Data Quality Can Harm Your Ability to Fight Financial Crime

FinTechs and RegTechs are at the forefront of using data innovatively and efficiently to help facilitate everyday financial services. When managed correctly, this data can also help strengthen AML/CTF defences and help you pick out unusual or suspicious behaviour and customers. However, that doesn’t mean that FinTechs and RegTechs are immune to missteps when gathering, transporting and utilising data. When data quality goes wrong, the dangers can have a hugely damaging impact on the strength of anti-financial crime controls. Here are a few areas to take into consideration when evaluating how your data quality impacts your AML/CTF operation. 

What are the risks?

FinTechs tend to collect non-standard data on their customers. This not only covers the use of electronic ID verification, selfie matching and address verification technology, but also the collection of non-standard data points, such as IP address, geolocation and device ID. While this provides FinTechs with a number of benefits, including a more dynamic risk profile along with a more seamless user experience for customers, there can be major risks to meaningful financial crime prevention if the data collected isn’t robust. 

A FinTech could run into trouble if:

  • Non-standard data becomes limited data

    • This is when collecting less information from your customer and more information about your customer crosses the line into not enough information on your customer at all. Not only is there a regulatory implication of this, but it could also hinder your ability to implement a number of key financial crime controls - from transaction monitoring based on customer behaviour to customer screening against PEPs, sanctions and adverse media databases. 

  • The onboarding experience is over-prioritised 

    • One of the key benefits FinTechs offer is a more streamlined customer experience, so that customers can start using a product within a few minutes of signing up on the app or website. However, if too much priority is placed on having a seamless onboarding journey, it could lead to not enough information being collected on a customer to form a useful profile on their risk level and expected behaviour. FinTechs can consider limiting access to their product based on information collected or adding a few extra steps for customers deemed high risk in order to help combat this concern.

  • Data isn’t refreshed 

    • Obligations to know your customer don’t stop with onboarding; it’s imperative to keep customer data accurate and up-to-date. Without refreshing customer data, it may be more difficult to truly understand whether a customer’s behaviour is unusual or suspicious, and it may likewise become difficult to fully understand the risk they pose. 

  • Data is entered manually 

    • While most data a FinTech collects will be gathered automatically, some data requested from customers through in-app chats or help desks may require manual entry. Entering data manually, without robust four-eyes checks or routine assurance, can leave a FinTech open to problems from inaccurate data that can make it difficult to truly know who your customer is and their risk profile.

FinTechs can also run into trouble with gathering, analysing and responding to management information (MI). Especially when starting up and building out a compliance framework, MI collection, storage and analysis may not be their top priority. In the worst cases, important macro-level data on SAR volumes, customer breakdowns and risk types and TM alerts could go undervalued. Without regular MI collection, easy access to data and trend analysis, quality assurance on AML/CTF controls becomes more difficult. This has knock-on effects, making it harder to update your risk assessment and risk appetite and accurately reflect your product to the board and regulators. Poor MI can even prevent you from being able to advocate for the resources you need on a financial crime team.

What about RegTechs?

Given the digital and innovative nature of their products, FinTechs tend to rely heavily on RegTechs, especially at the point of onboarding. This means that it is incredibly important for FinTechs to understand how and what data RegTechs access, use and provide and consider how this can best support their AML/CTF operations. When considering the use of RegTechs there are some key risks that FinTechs should be aware of: 

  • ID&V Providers

    • RegTechs have spearheaded major innovations in digitising the ID verification process, making it easier to reliably onboard customers in minutes and spot fraud indicators that the human eye struggles to detect. The main data quality risk we’ve seen with ID&V providers is potential inaccurate transposition. In this case, data that is automatically pulled from ID and proof of address documents into customer forms and profiles doesn’t match the actual data on the ID. When data pulled from an ID is incorrect, it can lead to poor records being kept on a customer that make future customer screening and  investigation of suspicious activity more cumbersome, weakening the wider AML/CTF controls infrastructure at the FinTech.

  • Customer Screening Tools

    • The use of RegTechs for customer screening generally gives FinTech customers access to vast amounts of information that can be customised to the FinTech’s specific product offering and customer base. However, with the amount of quality data provided, there can still sometimes be gaps that need filling. Particularly with PEPs and their relatives and close associates (RCAs), we have seen databases missing key information, including dates of birth, photos, activity, nationality, citizenship and address. We have also seen the inclusion of deceased PEPs and RCAs and some PEPs and RCAs who haven’t been active for decades. When this information is screened against, it can be more difficult for an analyst to clear alerts and can generate large volumes of false positives that require clearance. 

Once again, MI is worth considering. When RegTech providers offer poor analytics on the services they are providing, that can be easily categorised and sorted, then their FinTech customers will have to rely on manual processes in order to gather and assess crucial information that informs risk and control frameworks. MI needs to be able to provide detail where required and show changes over time. Access is also critical; in our experience, certain RegTech providers’ systems are difficult to access, with support teams that take time to respond to requests for additional information. The best approach we see is when RegTechs and FinTechs work together dynamically in order to ensure information can be swiftly accessed.

Top Takeaways 

While many of the FinTechs and RegTechs we engage with are taking the needed steps to ensure the comprehensiveness and effective usage of their data, there are still some pitfalls that indicate the negative impact when things go wrong. There needs to be more awareness of how poor data quality can emerge and how it can affect our anti-financial crime operations. Ongoing quality assurance, testing and audit are essential to ensuring that we remain out in front of any potential data quality errors. 

So what should we do?

FinTechs:

  • Take a risk-based approach to KYC and the gathering of customer data, gathering more data on higher risk customers to ensure you’re able to understand their behaviour and your ongoing risk exposure. 

  • Perform regular KYC refreshes and take a risk-based approach to these as well, to ensure you have the highest quality, most accurate data on your customers.

  • Implement robust assurance on manual processes, perform rigorous testing on RegTech providers, and ensure financial crime compliance has input into data storage practices.

  • Collect MI on all key aspects of your anti-financial crime programme, including on customer risk, customer due diligence and screening, transactions, suspicious activities and exits for financial crime. This information should be regularly shared and easily accessible for the second and third lines of defence.

RegTechs:

  • Consider a data quality review by a third party to get ahead of any potential complaints that clients may identify when it comes to the data you provide and transpose. 

  • Internally review the transposition of data pulled from documents and other sources to ensure it is being accurately reflected. Consider implementing a human review element depending on the data quality risks.

  • Devote research analysts to building out PEP profiles to encourage more efficient alert clearance, and build in filtering options so that firms can filter out deceased or inactive PEPs, RCAs and sanctions targets. 

  • Build robust analytics and reporting functions with access that can easily be determined by clients to meet their specific needs. 

  • Ensure requests from clients for additional information are responded to promptly and properly, and that this practice is expressed within agreed SLAs. 


If you or anyone on your team would like to discuss or explore how data quality concerns may affect your company and what steps you need to take to improve your approach, please feel free to get in touch contact@fintrail.co.uk.

FinTech and the New Frontier in the Fight Against Modern Slavery

On 31st January 1865 the US House of Representatives passed the 13th Amendment to the Constitution of the United States of America. Spearheaded by President Abraham Lincoln, it put an end to the most heinous blemish on the face of human history, and followed in the footsteps of such legislation as the 1833 British Slavery Abolition Act and the 1848 French second abolition act, abolishing slavery and involuntary servitude. Abolition in the USA represented the culmination of the career of one of the world’s most tenacious and revered leaders, and marked the final end to a bloody internecine conflict between North and South in the form of the US Civil War. To know that a modern reprise of slavery and human trafficking continues to blight vulnerable populations across the globe to this day, despite the practice being illegal in every country in the world, would likely have Honest Abe turning in his grave. To know that Southeast Asia and APAC more broadly represent a hotbed of such activities, a predicate money laundering offence, should leave readers in the region feeling somewhat discomfited. 



Source: ILO & Walk Free Foundation, 2017 and ILO, 2012.

Source: ILO & Walk Free Foundation, 2017 and ILO, 2012.


The Liechtenstein Initiative for a Financial Sector Commission on Modern Slavery and Human Trafficking defines modern slavery as a “non-legal umbrella term, encompassing several forms of severe exploitation, including forced labour, forced marriage, servitude, debt bondage and human trafficking”. Human trafficking itself can be further defined as the recruitment, transfer, or obtaining of an individual through coercion, abduction, fraud, or force in order to exploit them. Exploitation can come in the form of anything from low-paid migrant workers to commercial sex work. The exploiter can be anyone, including strangers, neighbours, or even family members. In depth joint research by the International Labour Organisation and Walk Free foundation into global estimates of modern slavery indicate that over 40.3 million men, women, children experienced one or more forms of modern slavery exploitation in 2016; equivalent to one in every 185 people globally. Modern slavery is estimated to generate over $150 billion in profits every year and is on the rise. Between 2012 and 2016, global modern slavery increased by over 40%. This increase could possibly be attributed to increased awareness and as such increased reporting of the issue.  Asia accounted for $50 billion of this total, due in part to its high number of victims and high profits per victim.


Source: ILO & Walk Free Foundation, 2017 and ILO, 2012.

Source: ILO & Walk Free Foundation, 2017 and ILO, 2012.


More than a third of the proceeds of modern slavery are generated in developed countries. The developed vs. undeveloped country split emanates as a result of the fact that slavery risks are broadly higher in poor and developing countries than in wealthier, developed countries. They are higher for marginalised and excluded groups, including women, girls, low-caste individuals, refugees, those displaced by disaster and conflict, and migrant workers. Risks are higher for low-skilled workers than skilled workers, for those with lower education levels, and the vulnerable unbanked; all prevalent factors in Asia.


Source: https://www.globalslaveryindex.org/2018/findings/regional-analysis/asia-and-the-pacific/**Substantial gaps in data

Source: https://www.globalslaveryindex.org/2018/findings/regional-analysis/asia-and-the-pacific/

**Substantial gaps in data


Statistics compiled by Global Slavery Index (GSI) in 2016 estimate that modern slavery in Asia accounts for around 62% of the global total. The APAC region has the second highest prevalence of modern slavery in the world, with 6.1 per instances per 1000 people. GSI found that APAC had a high prevalence of forced labour (4.0 per 1000 people) and forced marriage (2.0 per 1000 people) compared with other regions. APAC also had the highest number of victims across all forms of modern slavery, accounting for 73% of victims of forced sexual exploitation, 68% of those forced to work by state authorities, 64% of those in forced labour exploitation, and 42% of all those in forced marriages. As highlighted in the above table, Southeast Asian countries feature high up on GSI’s rankings, with Cambodia in fourth place. Cambodia’s construction boom, fuelled largely by Western property firms funded by global banks, has seen a concurrent rise in the rates of debt-bonded labour in the country’s brick making industry. Myanmar sits at seventh in the rankings, Brunei Darussalam at eighth, and Laos, Thailand, and the Philippines in tenth, eleventh, and twelfth place respectively. Many will be surprised to see our own little red dot Singapore place 20th on GSI’s list.


Slavery is illegal in every country in the world, and by 2018 more than 170 countries had made firm public commitments to eradicating it, however only 122 had criminalised human trafficking in line with the UN Trafficking Protocol, and only 38 countries had criminalised forced marriage, according to GSI figures. In Singapore, the main legislation targeting modern day slavery is the Prevention of Human Trafficking Act 2014 (PHTA), which criminalises forced labour, and sex labour trafficking. In addition, it should be noted that human trafficking is a predicate crime of money laundering (a predicate offence is a crime that is a component of a more serious crime). Unlike other landmark global anti-slavery legislation such as the UK Modern Slavery Act 2015, and the Australian Modern Slavery Act (effective from 1st January 2019) however, Singapore’s PHTA does not contain a reporting requirement for corporates. Governmental and legislative pressure to report could be usefully applied in Singapore’s financial industry. The continued proliferation of modern slavery is irrevocably and inextricably correlated to the financial system and the ability to illegally launder proceeds through it. While the Financial Action Task Force (FATF) itself expressed the view that greater exposure to financial systems by both victim and perpetrator increases the opportunities for identifying money laundering as a result of modern slavery, unchecked and unbridled access, while reducing undetectable cash intensive transactions, may also facilitate rampant growth in modern slavery. 


In its first secretariat briefing paper the Liechtenstein Initiative highlights the role that financial innovation played in the abolition of slavery in the UK in the 1800s. Abolition was only possible because of an arrangement in 1834 comprising what was then the largest syndicated loan in history, to the British government, to finance compensation packages; regrettably not to slaves, but rather slave owners. The loan was equivalent to a staggering 40% of Britain’s national public expenditure at the time. The last interest on this loan was only finally repaid in 2015. Although the role of the private sector in combatting modern slavery will take a different, 21st century form, its clear that FinTechs can play a major part. 


We can draw striking parallels with British 19th century financial innovation in the abolition of chattel slavery with the role that financial innovation through FinTech must play in the fight against modern slavery in Asia. Not only because FinTechs such as e-payment firms and virtual banks represent today’s pioneering innovators, but also for reasons of financial inclusion. Major consumers of the FinTech revolution in Southeast Asia will be those populations of unbanked individuals in developing countries such as Cambodia and Laos. It is logical to suggest that those countries where modern slavery is prevalent are also those where financial inclusion rates are low because not having acess to the formal financial system limits formal emplpoyment opportunities. These populations are therefore those most at risk of falling victim to loan sharks and ultimately becoming victims of modern slavery as a result of debt-bonded labour. For the FinTech world to meaningfully lead the fight against modern slavery, firms must be aware of the financial crime risk faced by their enterprises, identify thematic risk typologies specific to the Southeast Asia region, and apply commensurate AML measures to their businesses. 

The onboarding process can play a critical role in flagging this typology. A close inspection of the ‘selfie’ can highlight victims of abuse and those being coerced. Whilst this typology is particularly difficult to monitor as it involves multiple people, varying operating schemes and geographical locations, there are a number of ‘red flags’:

  • Victims' accounts - these tend to show lots of transactions from unrelated individuals in, and then the majority of funds moved out to a single point of the contact (essentially, the gang leader)

  • Gang leader accounts - these accounts tend to show lots of transactions to travel companies.

  • The funds are typically in the form of cash and therefore the methods used to launder the illegal proceeds often include cash deposits e.g. with structuring pattern. 

  • Transactions may also appear to be related to loans or family support (usually victims will try to remit any funds to their families), which may be identified as significantly smaller cross-border transfers when compared to other migrant employees. 

  • Alternatively, victims may send funds to criminals stating these are family remittances. 

  • There might be multiple transactions on a criminal’s account related to accommodation, travels and the basic daily expenses of victims, appearing in transactions as details of unrelated individuals.


FATF have provided detailed guidance concerning financial crime risk typologies applicable to modern slavery. A key risk typology for Southeast Asia’s FinTechs to consider is sector and industry. Verité for example has developed a Forced Labor Commodity Atlas, which highlights commodities that are linked to human trafficking and modern slavery in global supply chains, such as cocoa, palm oil, sugar and cotton. Both palm oil (Indonesia, Malaysia, Thailand) and cotton (APAC is the largest producer of cotton in the world), are industries in relation to which FinTechs should exercise caution when considering modern slavery risk factors in the customer risk assessment. At an individual level, FATF guidance has suggested that no one indicator alone is likely to confirm money laundering from modern slavery and human trafficking. Wider contextual information may be the key to identifying both victims and perpetrators e.g. passport information, utility information (or lack of it), and non-traditional indicators such as financial data, social media activity, biometric information. Innovative means of meeting customer due diligence requirements could provide wider benefits for detection of modern slavery in this regard. 


Analysis at the individual level is important in the Southeast Asian financial crime context. As mentioned above, much of the region’s FinTech growth will come as a result of financial inclusion, bringing the most poor and vulnerable into the financial system. FATF’s Financial Flows from Human Trafficking report notes that the analysis to date has uncovered patterns primarily at the level of interaction between the sector (up until now typically banks) and victims, rather than at higher levels of trafficking organizations. Examples of such interactions might be: handling, and lending migrant workers money to pay improper recruitment fees; lending funds for visa purchases to people that, upon arrival in the new country on those visas, are forced into commercial sexual exploitation; operating credit cards, debit cards, and bank accounts in the name of victims of commercial sexual exploitation that are in fact controlled by recruiters and managers; facilitating transfers from illicit massage businesses to related businesses (restaurants, grocery stores, dry cleaners), which are used to launder the proceeds of crime; and operating the conversion of virtual currencies such as Bitcoin, used in illicit commercial sex businesses, to fiat currency.


The ability of FinTechs to effectively detect and manage modern slavery risks will also require cooperation from the region’s financial regulators who must understand the bigger picture at play. Over-zealous mass AML de-risking (terminating customer accounts) under regulatory pressure may actually increase the overall level of modern slavery in the region. As the Liechtenstein Initiative paper outlines, mass de-risking may push jettisoned business into informal illicit financing arrangements. It may also hinder financial inclusion, especially where financial institutions terminate correspondent banking relationships, which allow local banks to gain access to foreign financial markets and carry out cross-border transactions. Terminating these relationships may have a particularly negative impact on migrant worker remittances, pushing them out of the formal sector into the informal, cash intensive channels, where workers may be exposed to greater risks of exploitation.


Modern slavery not only exists but is on the rise. Asia remains a hotbed of modern slavery, particularly in Southeast Asia where higher risk commodities, an established commercial sex industry, a construction and development boom, and reliance on cheap migrant labour creates a macroenvironment conducive to nefarious actors. Despite slavery being illegal in every country in the world, human trafficking remains largely un-criminalised, and international legislation is either too recent to ascertain the success of its application (for example Australia’s 2019 Modern Slavery Act), or may be too limited in scope to facilitate meaningful change at a corporate level (e.g. Singapore’s PHTA). The role of the financial sector is therefore paramount – particularly FinTech. Although bringing more of the world’s population into the traditional financial system will as FATF suggests create more opportunity to detect both perpetrators and victims of modern slavery, this holds true only when effective AML measures are applied. Modern slavery will be best detected at the individual level and Southeast Asia’s FinTechs seeking to capitalise on regional financial inclusion of the most vulnerable will lead the charge in this regard. The region’s FinTechs will require cooperation from financial regulators, and the MAS in Singapore for example must give firms adequate breathing room to assess factors such as labour conditions in their corporate customers value chains, and familiarise themselves with Southeast Asia specific individual risk typologies, rather than knee jerk de-risking, which may serve to only exacerbate the problem.


Risk appetite: how hungry are you?

Anyone who has spent any time with the team at FINTRAIL will attest to the fact that we are passionate about anti-financial crime and how you balance effective controls with a great customer experience. To achieve this, we believe that setting a well considered financial crime risk appetite is critical. It is an often neglected area but something we think is vital for companies looking to scale their offering. In this piece we are going to explore what we mean by a financial crime risk appetite and how to use it.


What is it and why is it important?

A risk appetite sets out how much risk a firm is willing to take in a given area.  Ideally a risk appetite should align with the firm’s risk-based approach, and this is particularly pertinent  regarding financial crime. A risk appetite statement will allow firms to define boundaries at the early stages of a new business or product as it allows you to target your resources in line with your risk-based approach; it will also allow you to identify whether you are in or outside of the firm’s appetite, which is a key foundation to implementing a risk-based approach. If you would like more information on having a risk-based approach and how that is implemented into financial crime frameworks, have a look at our Risk Assessment blog post here.


A well defined risk appetite enables you to scale your financial crime operations effectively and removes some of the challenge that can be associated with subjective decision making. For example, what customer behaviours or industries are outside your business appetite? If this is clear, as you scale rapidly, you can operationalise controls to identify the activity and take prompt action to resolve it when it is outside of your risk appetite. Rather than spending time debating whether each individual customer or transaction it is or isn’t within your appetite, the decision has already been made at a firm/business level and therefore all operations have to do is execute the required action.


Risk Appetite Statement:


Firms take different approaches when writing their risk appetite statement. At FINTRAIL, we have found that a combination of a header statement of intent, aligned to quantified risk indicators from management information (MI) tends to prove most effective. We give a few examples of this below.


A risk appetite statement may look like:

“Bank ABC has a zero tolerance to financial crime and sanction breaches.”  


Although we would all like to see zero occurrences of financial crime, this statement is not realistic and will likely mean that the business is constantly operating outside of its risk appetite. The statement also does not provide any data or metrics useful in gauging success, or details about the financial crime risk that is seen within the business. For a more useful risk appetite statement, businesses could include the number of AML, fraud, tax evasion, corruption cases it will accept, the number of high risk customers/transactions processed or any industries it does not want to work with and any other relevant areas where MI is recorded.  

So for example this statement would be better written as:

'“Bank ABC has zero tolerance for sanction breaches”.

Bank ABC has a low tolerance for financial crime risk. Based on the risk assessment and risk-based approach, the group is operating within the risk appetite below:

Money laundering

Internal suspicious activity reports reviewed within 24 hours

Monthly total of funds subject to an external suspicious activity report not to exceed 3% of the total volume

Tax Evasion

Transactions to or from high risk tax jurisdictions not to exceed 20% of total transactions 

Corruption

No more than 10 staff over 30 days overdue for online anti-bribery and corruption training


Examples of financial crime risk indicators:
Internal and external suspicious activity or suspicious transaction reports are a great place to start. As shown above, if a business categorises their reports into the core financial crime threats of money laundering, terrorist financing, fraud, tax evasion, corruption and sanctions they will have good data points on their main financial crime risks. By using these risk indicators and assessing your exposure to these risks through your risk assessment and MI, you will be able to effectively see if you are operating outside of your risk appetite and should look to mitigate or accept the risk.

A more mature business may look to set a risk appetite for the percentage of high risk customers it accepts or how many high risk transactions it processes, although financial inclusion should be carefully considered here as limiting the number of customers in or transactions to certain jurisdictions could negatively impact particular customer groups. Customers may fall outside of a business’s risk appetite, be it through their behaviours or the cost of safely managing the risks and requirements posed by that customer type. For example, certain industries may be off-limits, and if a client refuses to provide information or documentation, the business relationship may be terminated. 

Backlogs can represent as big of a risk to financial crime exposure and suggests that a framework is either under resourced or not efficient. If a FinTech is continuously operating from a backlog that continues to grow, they will be unable to manage the operational processes that exist to help mitigate financial crime risks. If a business sets a risk appetite for outstanding processes such as sanctions screening, transaction monitoring alerts or SAR filing, they will know when any backlogs exceed their risk appetite. This will give the firm a clear indication that there is a need for better efficiency or further resource.

For new products or new business lines, a firm should consider setting an initial risk appetite to manage any new risks and monitor financial crime levels as they establish a control environment. This could include limits on transactions, such as cash deposits, or limits on the amount or type of customers onboarded. These appetite statements can and should evolve over time as the firm starts to understand where the major risks lie and what behaviours they are able to tolerate and manage, and which they are not.

Our Recommendations

  • Set a risk appetite early in your journey, and if you are a mature business without a risk appetite, set one now, and use your data to determine whether you have been operating within it.

  • Work with your senior management team to set your risk appetite limits.

  • Link your risk appetite to your risk assessment.

  • Quantify your risk appetite using reliable data points.

  • Consider how you then practically implement your tolerance to risk into your wider financial crime framework

  • Communicate your financial crime risk appetite so the business knows what is and what is not acceptable. 

  • Assess and escalate scenarios or key risk indicators that fall outside your risk appetite with a view to reject, accept or control.

  • Track deviations from the risk appetite as part of monthly MI

Get in Contact

If you would like to discuss the issues in this post, or wider anti-financial crime topics in an increasingly digital FinTech world, please feel free to get in touch with one of our team or at contact@fintrail.co.uk.






AI and FinTech: An intelligent choice or artificial hype?

The FFE and sponsor, the Regulatory DataCorp (RDC), have just released the FFE’s latest white paper on FinTechs’ use of Artificial Intelligence (AI).

In a survey of 18 members, the FFE found that 61% are currently either in the process of developing in house AI solutions or reviewing third party options for their fraud or AML programmes. 33% of surveyed FinTechs currently employ AI solutions developed in-house against 11% that use third party AI solutions.

Cost and data deficiencies, followed by human resources, were reported as the main barriers in implementing AI solutions by FinTechs. The lack of sufficient knowledge or understanding also appeared prominently as one of the top risks highlighted by respondents. 

FinTechs, who had managed to overcome the barriers and challenges, reported a number of benefits including better accuracy and fewer false positives, faster turnaround on onboarding and some improvements in fraud detection.

In the meantime, research and feedback from members suggests that the best approach to introducing AI tools appears to be to deploy them alongside traditional systems: monitor and audit both old and new tools until you are satisfied, and then you are able to rely on the new tool.

Clearly as outlined there are risks and challenges with AI, but anything that enhances the ability for the sector to combat financial crime should be explored for the overall positive benefits it will bring to the companies involved and the people it affects. As highlighted by the survey results, FinTechs are not only well placed but are actively seeking opportunities to integrate AI to enhance their AML framework.


Fintrail AI paper copy-01.png

CTF Strategies: Combating Common Terrorist Financing Misconceptions

At the end of last year, the US Department of Treasury released its National Terrorist Financing Risk Assessment. Despite the multiple attacks perpetrated by domestic extremists in 2018 - including the Pittsburgh synagogue shooting, Jeffersontown Kroger shooting and US mail bombing attempts in October alone - the assessment made no mention of domestic or far-right-wing extremism. 

Another misconception? When thinking of terrorism in Europe, we often break it down between far-right-wing and Islamist groups, when in actuality, according to the just published EU Terrorism Situation and Trend Report (TE-SAT), nearly two-thirds of all attempted or completed terrorist attacks were instigated by separatist groups. Without an understanding of the nature of terrorist financing, it becomes harder for financial institutions to know what to look for and to implement impactful counter-terrorist financing controls.

These examples only showcase some of the assumptions that can negatively affect our ability to prevent and detect funds travelling to terrorist groups. Based on our experience in the FinTech space, we’ve broken down a few more common terrorist financing misconceptions:  

Misconception 1: Terrorist financing exists in a silo.

Terrorist financing is most simply thought of as an activity pursued by someone with strong ideological affiliations to a terrorist group or cause. While this is certainly true in some cases, only thinking about direct and ideologically driven terrorist financing has the danger of concealing the wider nexus between terrorist financing and other types of financial crime. While the use of drug trafficking to fund terrorist activity has been well-recorded, other intersections between terrorist financing and criminal activity can be overlooked. For instance, one source of funding for the Charlie Hebdo attacks included fraudsters selling counterfeit goods. And yet terrorist financing goes beyond just the perpetrators of financial crime. Given that terrorist financing is about the destination of the funds, those seeking to purchase illegal goods, whether counterfeits, weapons or drugs, could also engage in terrorist financing unwittingly, being unaware of where the funds for their purchase end up. 

The terrorist financing network expands beyond the sale of illegal goods. A convicted ISIS fundraiser had tried to raise funds through financial aid fraud, and foreign terrorist fighters have been known to engage in bank and credit card fraud to help fund their movement. The mass enslavement of the Yazidi by ISIS is the most prominent example of how terrorist groups have used human trafficking to raise funds, though other groups such as Boko Haram and al-Shabaab have engaged in the practice as well. In addition to the direct sale of individuals, terrorist groups like ISIS have also been known to use online and social media advertising in the trafficking of persons or in ransoming them back to their families and have also been reported to engage in organ trafficking. 

To best combat terrorist financing, our approach to suspicious activity shouldn’t stop with our first instinct, as even cases of other types of financial crime may have links to terrorism, and individuals with links to criminal activity may be indirectly engaging in terrorist financing both wittingly and unwittingly. 

Misconception 2: We’re looking for donations from ideological sympathisers.

While donations are certainly an important and desirable revenue stream if you are a terrorist group, and recently active networks such as the Liberation Tigers of Tamil Eelam relied on complicated networks of genuine, coerced and unwitting donors to fund nearly their entire operations, these sorts of donations don’t actually represent that much of the entire terrorist financing picture at present. Interpol in 2018 reported that only 3% of all terrorist financing was generated through overseas donations. While the latest TE-SAT still underlines the threats related to international donations, and while groups are constantly evolving in their use of revenue streams, focusing too heavily on international donations could lead us to ignore more prominent revenue streams.

So where should we be looking instead? Sources of terrorist financing are numerous and will vary greatly between groups and actors, and so what your high risk indicators are will depend greatly on your product offering and location. Though entities such as charities are often considered as a part of CTF efforts, limited companies receive less attention, despite their evidence of their usage in terrorist financing schemes. An area that certainly warrants more attention is environmental crime, and Interpol’s data indicates that 38% of all terrorist financing is generated through activities like illegal logging, wildlife trade, mining and fishing. Crafting more tailored monitoring rules for transactions with links to high-risk industries in high-risk jurisdictions for environmental crime and terrorism would help to detect this sort of activity.

Misconception 3: Geography is the most important factor.

During our work as anti-financial crime consultants, we have spoken to several Heads of Financial Crime who express frustration when a suspected terrorist financing case is risen to them primarily because of the customer’s nationality or geographic location, with no other specific evidence indicating that they may be linked to terrorism. Given the misconceptions we’ve already explored, there are serious dangers with jumping to the conclusion of terrorist financing. Terrorist financing is already difficult to spot, especially given that most recent attacks only require less than $10,000 in funds to complete. In fact, the 5 terrorist attacks that took place in the UK in 2017 in total cost just £5,000 to execute. Overly favouring geographic factors risks underestimating the presence of domestic terrorism. The intersections with other crime types and the more complicated channels where terrorist financing can manifest only add to the need to demonstrate a suspicion of terrorist financing more substantively.

What’s the risk though? While it’s important to be safe rather than sorry when it comes to terrorist financing, in reality, a too simplistic approach could lead to vulnerable individuals being de-risked. For example, individuals who do aim to donate to a terrorist cause tend to use the path of least resistance in moving the funds from their country of origin to the conflict zone. Unfortunately, these overlap heavily with channels used by genuine actors seeking to remit funds home or donate to overseas causes. Without additional evidence linking the customer to terrorism, you could end up unwittingly engaging in profiling in a way that is unfair to customers and inefficient in your anti-financial crime efforts. One positive step we’ve seen employed in the FinTech sector is a more holistic approach to customer risk, which takes into account a variety of evolving data points--from IP address to device ID to transaction patterns and speeds--which help paint a more nuanced picture of a customer, that isn’t overly reliant on nationality or country of residence. The best approach to identifying terrorist financing is one driven by a mix of customer data factors, suspicious transactional patterns and references and open source intelligence in order to pin down the nature of your suspicion. Even a quick Google or social media search can go a long way.

Final Takeaways

Ultimately we need to widen our understanding of the nuances and complexities of terrorist financing and challenge the industry to consider cases beyond the more stereotypical patterns. With that said, there are a few key takeaways that we should all consider when framing our approach to terrorist financing:

  1. Dynamic Approach to Terrorist Financing - Broaden your understanding of how terrorist financing may manifest, and see beyond just geographic red flags. We need more than that to form a suspicion of terrorist financing, and this approach doesn’t reflect the reality of the risks we currently face. Taking a dynamic approach to customer risk as it extends to terrorist financing risk is critical, and utilising open source intelligence can contribute to this.

  2. Data and Knowledge Sharing - Having a strong relationship with law enforcement not only will help when it comes to active cases, but can also help you learn about new and emerging typologies and gain actionable information that you can build into your transaction monitoring tools. Improved data and typology sharing not only through public-private partnerships, but also through private-private partnerships can help facilitate greater overall resilience against terrorist financing threats and help everyone stay on top of a landscape that is rapidly changing.

  3. Training and Awareness - CTF training, whether by internal or external parties, needs to be consistently evolving and reflective of the major trends we see in funding patterns and that you see in your day to day operations. Training should be coordinated by terrorist group or actor type, as all groups favour different financing structures, which change depending on their success and failures. CTF training isn’t just about procedure, but about the wider geopolitical context shaping terrorism at home and overseas.

FINTRAIL believes that all companies, should have the opportunity to thrive, free from the threat of financial crime and in doing so reduces the opportunities for exploitation of the most vulnerable.

If you would like to discuss the issues in this post, or wider anti-financial crime topics in an increasingly digital FinTech world, please feel free to get in touch with one of our team or at contact@fintrail.co.uk.


The Vulnerable: Targets and Tools of Financial Crime

What FinTechs can do to fight financial crime & exclusion

Lured by the opportunity for employment, housing and travel, a Latvian Organised Crime Group facilitated the movement of people from Latvia to the UK. For those hoping to create a better life for their families, these were immediately crushed as once they arrived in the UK, they were told they were "in debt" to the gang. The gang forced the victims to open bank accounts in their own names, then hand over their bank accounts and bank cards to the group before being sent to work in various locations across the UK. The gang retained control over their earnings and any refusal to cooperate was met with threats of violence and assault (1). Unfortunately this is not an isolated incident with a global figure of 40.3 million vulnerable individuals estimated to be victims of modern slavery (2).


In the UK, serious and organised crime is the most deadly national security threat (3). It affects more UK citizens, more than any other national security threat and leads to more deaths in the UK each year than all other national security threats combined. Organised crime groups sexually exploit children and ruthlessly target the most vulnerable, ruining lives and blighting communities. The predicate offences that drive financial crime often generate illicit funds off the back of the hopes and fears of desperate individuals. Crimes like the one highlighted cost us in the UK at least £37 billion each year (4). Criminals are able to reap the benefits of their crimes and to fund lavish lifestyles while their victims are left to suffer the consequences.


The rise of new technology and financial innovation, often leads criminals to seek creative ways to exploit evolving financial developments to their advantage. This makes FinTechs and their customers a particular focus for the criminals, a problem which is heightened further when one considers that two of the largest under-banked groups, the young and migrant communities, are at a higher risk of vulnerability.

What can we do?

One of the simplest ways to identify and understand a customers potential vulnerability is through ‘face-to-face’ interaction. This is much harder for FinTechs to do; most interactions involve online onboarding, with little dialogue apart from email and instant messaging between the client and a customer service representative. Indeed, much of this kind of interaction is increasingly automated, which is part of the inherent attraction of the sector.


The best time for FinTechs to identify and protect a vulnerable individual is during the onboarding process, through Identification and Verification (IDV). One of the most concerning situations we have come across through our involvement with the FinTech FinCrime Exchange (FFE) have been reports of FinTech client applicants providing IDV selfies or undergoing an onboarding interview online who appear to be in the presence or possibly even under the control of another individual. Instances such as these need to be taken very seriously, and simply rejecting the new customer is not enough. Where suspicious activity of any kind is in evidence, FinTechs have a clear moral responsibility to report it (5).


FINTRAIL believes that all companies, should have the opportunity to thrive, free from the threat of financial crime and in doing so reduces the opportunities for exploitation of the most vulnerable.


If you would like to discuss the issues in this post, or wider anti-financial crime topics in an increasingly digital FinTech world, please feel free to get in touch with one of our team or at contact@fintrail.co.uk.


References

(1) https://www.bbc.co.uk/news/uk-scotland-edinburgh-east-fife-46441855

(2) International Labour Organization and Walk Free Foundation - Global Estimates of Modern Slavery - 2017

(3) Home Office - Serious and Organised Crime Strategy- November 2018

(4) Home Office - Serious and Organised Crime Strategy- November 2018

(5) NCA - Guidance on reporting routes relating to vulnerable persons - November 2016