The European Union’s Fifth Anti Money Laundering Directive (5 AMLD) must be implemented in national law by 10 January 2020. The Anti Money Laundering Directive has been continually updated and tightened ever since its introduction in 1990 with a view to making it harder for money launderers and terrorists to move their cash in and out of, and around, the EU. We highlight five things to watch out for in this latest iteration.
- New sectors affected
Until now AML rules have affected banks,
accountants, building societies and gambling operators, plus accountants and
lawyers. In addition to requiring these to comply with new rules and to review
their existing procedures, 5 AMLD will affect new sectors. Most directly
affected will be estate agents and intermediaries for properties with monthly
rents in excess of € 10,000. They now fall under AMLD jurisdiction, as do the
beneficial owners of such properties. Information on real estate ownership must
be made available to the relevant public authorities. Clearly in view here are
investments in valuable properties, for example in central London, which have served
as a useful medium for drug traffickers and illegal arms dealers etc. to
launder the proceeds of their activities. Anyone involved in high-end real
estate will be under pressure to review when and how often they verify the
identity of their customers to establish beneficial ownership.
The art world was not explicitly within the
scope of 4 AMLD or previous iterations of the directive. Now, despite fierce
resistance from the art world, 5 AMLD will require auction houses and art
dealers also to undertake anti money laundering checks on customers.
Establishing systems to carry out such checks will carry significant
resourcing implications, and any failure to undertake checks with
sufficient rigor can attract criminal penalty, for both institutions and
5 AMLD updates the current directive to
include the following within the definition of “obliged entities”: persons
trading or acting as intermediaries in the trade of works of art, including
when this is carried out by art galleries and auction houses, where the value
of the transaction or a series of linked transactions amounts to EUR 10,000 or
more. This applies whatever the method of payment: cash, cheque, bank transfer,
All of this means that the estate agents,
rental intermediaries, art galleries and auction houses affected must act now
to put AML processes and procedures in place, and invest in the necessary
technologies to meet their new obligations. These include registering with the
relevant authority, conducting a money laundering risk assessment and carrying
out customer due diligence especially in relation to transactions or business
relationships that involve persons established in a high risk third country
(see below), politically exposed persons etc.
In other words, quite a few companies will face a new resource burden. This will also affect their financial services providers, lawyers and accountants, so they should seek advice on how to ensure that compliance is cost-effective within their financial means.
2. Catching up with new technologies
The speed with which 5 AMLD has followed hot on the heels of 4 AMLD reflects the speed of technological change and the new ways in which business is conducted. Under 5 AMLD custodian wallet providers and virtual currency exchange platforms will fall within the scope of AML laws, as they too have been added as new “obliged entities”.
5 AMLD also allows and indeed promotes the use of electronic identification for customer due diligence. This directive stipulates a need, whenever possible, to use electronic client verification solutions when undertaking due diligence obligations and KYC procedures. Institutions that have not already done so should invest in the technology for quicker onboarding of new clients through instant results. Not only does it help ensure compliance, it also improves the customer experience.
Also, financial institutions across the globe are transitioning to artificial intelligence and machine learning technologies to help improve pattern detection, increase automation and alert accuracy.
3. Tougher enforcement
There will be new national bank account registers in each EU Member State to enable easy access by law enforcement authorities to bank account information for all bank accounts held in that Member State. The registries will all be interconnected between Member States. In addition, enforcement authorities will be able to request information from an obliged entity even where no Suspicious Activity Report has been filed.
4. Tighter controls on high risk third countries
Credit institutions dealing with business relationships and transactions involving high risk third countries or having establishments in these countries may be particularly affected. The current list includes Afghanistan, Ethiopia, Iran, Iraq, North Korea, Pakistan, Sri Lanka, Syria, Trinidad and Tobago, Tunisia, and Yemen. It has been proposed to add American Samoa, Bahamas, Botswana, Ghana, Guam, Libya, Nigeria, Panama, Puerto Rico, Samoa, Saudi Arabia, and the US Virgin Islands. 5 AMLD prescribes enhanced due diligence measures for business relationships or transactions involving high risk third countries, and also allows Member States to restrict obliged entities from opening branches/subsidiaries in high-risk third countries, and to restrict the opening of branches in a Member State of an obliged entity based in a high-risk third country.
5. Public scrutiny of beneficial ownership
There will be wider access to each Member
State’s central register of beneficial ownership of corporates. Any member of
the general public can access basic information without the need to demonstrate
a “legitimate interest” (this is already the case in the UK). There is also a
new “discrepancy reporting requirement” that will require obliged entities to
report any discrepancies they find between the information that they hold, and
the information on the register.
5 AMLD also extends beneficial ownership reporting requirements to any legal arrangement that is similar to a trust, as well as tax-neutral trusts. It also widens access to the central register of beneficial ownership to any person who can show a “legitimate interest”. It is left to the discretion of individual Member State to define legitimate interest, although 5 AMLD states that the definition should not restrict the concept to cases of pending administrative or legal proceedings, and should take into account the preventive work undertaken by non-governmental organizations and investigative journalists in the field of anti-money laundering, counter-terrorist financing and associated predicate offences.
6. Brexit has no impact
The United Kingdom has committed to adopting 5 AMLD along with the rest of Europe, either as part of the proposed transitional arrangement or some other deal which requires regulatory convergence in return for preferential access to the Single Market. Even in the event of a “no deal” Brexit after the transitional period, the UK – as a leading member of the Financial Action Task Force on Money Laundering (which sets the standards which underpin EU anti-money laundering law) – is unlikely to let UK AML standards fall behind those applicable elsewhere in Europe.
Other new regulations include the ban on anonymous safe-deposit boxes and the subjecting of more prepaid instruments to due diligence (e.g. gift cards and travel cards). The threshold requirement on these has been reduced from €250 to €150. Finally, if that is not enough to take in, Member States will be required to transpose the next iteration – 6 AMLD – into national law by 3 December 2020. After which, relevant regulations must be implemented by firms within Member States by 3 June 2021.
One of the positives about 6 AMLD is that it is more specific on the offences that all EU Member States must criminalize – 22 so-called predicate offences for money laundering in total. In addition to the obvious ones these include environmental offences, cybercrime, and direct and indirect tax offences.
Wishing everyone a Happy and Healthy Holiday Season!
Please join the conversation at AML Knowledge Centre https://www.linkedin.com/groups/8196279/
written by Paul Allen Hamilton https://www.linkedin.com/in/paulhamilton2/
and Volha Miniuk https://www.linkedin.com/in/volhaolgaminiuk/
The new Black
With the rapid advancement of mobile technologies, the internet is now accessible from any- and everywhere. Open banking (PSD2) in the European Union, together with mobile wallets, instance payment initiatives and cryptocurrencies offer consumers a lot of ways to engage with financial institutions 24/7. Therefore, in today’s environment, customer expectations are constantly changing and it’s imperative that financial crime and Anti-Money Laundering units keeps pace.
No doubt that the widespread use of mobile devices is accelerating the rate and impact of financial crime. Today, mobile subscriptions outnumbered the world’s population as illustrated by Statista:
Which in turn, has spurred the use of mobile banking apps and the way consumers pay for generic services, in general altering us into a cashless society.
With new regulations such as the Payment Services Directive (PSD2), the European Union has set the rules for open banking, allowing FinTechs access to traditional financial institutions’ systems and customer data. Everyone is a winner, the benefits of open banking are enhanced customer service for under-served markets, new revenue streams, and improved margins.
While this presents major opportunities for everyone it places a lot of responsibility on those tasked with keeping a financial institution from being compromised by cyberattacks or used as a vehicle to launder money.
How will current financial crime & anti-money laundering systems work in a digital world?
It’s difficult enough for financial institutions to monitor and detect violations of transactions taking at best 24 hours to clear. With digital payments clearing in real time the impossible becomes totally impossible using conventional methods as transactions clear in a matter of milliseconds. By conventional, we mean systems focused on a rule-based approaches, where suspicious transactions are put in a queue and investigated in an overnight batch mode.
Even in a world operating in batch, AML systems generate too many false positives (typically between two and 15% of all transactions) and therefore imposes a huge workload on banks and financial investigation units (FIU).
Number of Suspicious transactions reported to UIF in the UK: +51% (’12-16), from 67K in 2012 to 101K in 2016
As digital payments continue to increase, this problem is greatly scaled because banks are under pressure from customers and consumers to clear transactions as quickly as possible and still make sure that risk and compliance systems flag all risks and suspicious activities.
The Internet of Things
Once upon a time, cybercriminals focused their efforts on PCs. However, with the average user spending about five hours per day on a mobile device, with roughly 70 percent of those smartphone devices not having an anti-virus program installed on them, sensitive data (e.g. contacts, passwords, emails, documents, photos, etc.) are exposed to cyber threats. Therefore, we have witnessed a sharp increase in new mobile malware, because criminals will always take the path of least resistance.
The Internet of Things (IoT) is driving the interoperability of physical devices, vehicles, home appliances and other electronic equipment through sensors and software enabled apps.
The number of online-capable devices was believed to have increased to 8.4 billion by 2017 and by 2020 experts estimated that 30 billion objects would be online, with a global market value of $7.1 trillion.
The Nokia Threat Intelligence Report 2H 2016 estimated that more than 100 million devices worldwide have been infected by malware, including mobile phones, laptops, notepads and a broad range of IoT devices.
The same report stated that smartphones were more often targeted, accounting for 85 percent of all mobile device infections and smartphone infections increased 83 percent during July through December, compared to the first half of the year.
According to Check Point Mobile Threat Research’s 2017 report (“Mobile Cyberattacks Impact Every Business”) financial institutions, as the custodians of their customer’s money and data are a much sought-after target for cyberattacks. Malware attacks by industry:
With the number of mobile devices already infected and the connectivity of devices rapidly expanding, cybercriminals have more routes to target than ever before.
As crazy as it once seemed, cybercriminals attacking financial institutions via a coffee machine, smartphone or even an employee’s wearable health-check device is no longer science fiction. Also, this malware storm isn’t a regional threat but it’s path of destruction is universal. The most impacted regions according to Check Point mobile threat researchers:
Source: Check Point Mobile Cyberattacks Impact Every Business
The Eye of the Storm
That said, financial institutions appreciate the importance of digital technology and are embracing an ecosystem that includes FinTechs. These ecosystems can help to provide more customer value and open new customer segments. At the same time, they bring new types of operational risks with them, such as:
- Risky user behaviour. For example, 70 % of smartphone users have never installed an anti-virus program on their mobile device.
- 24/7 connectivity of mobile devices to hotspots.
- WI-FI networks and Bluetooth technologies making it easier for attackers to carry out a fraud campaign.
- Rogue mobile applications, repacking of apps and ransomware are on the rise.
- Advance malware & viruses for online as well as mobile devices continue to increase.
Currently, the data on mobile fraud isn’t as robust as with other channels. These operational risks need to be continually assessed to build reliable mobile fraud models without jeopardizing the customer experience. 60 percent of digital banking fraud originates from the mobile channel, according to figures published by RSA in 2018. This mobile banking fraud almost always involves thieves using RDC to deposit fraudulent checks, or cybercriminals using stolen identity credentials to hijack consumer bank accounts. This actually caused a dip in the growth of mobile banking as users sensed insecurity. Security and fear of fraud are the top two concerns about using mobile banking for up to 55 percent of consumers, according to Javelin Research. And with more than 25 million mobile devices infected by a single malware variant alone (Agent Smith) it is hardly surprising. The exact number of malware-infected mobile devices is hard to quantify, but in 2018 Kaspersky Labs and products detected:
- 5,321,142 malicious installation packages
- 151,359 new mobile banking Trojans
- 60,176 new mobile ransomware Trojans
A point often overlooked is that your ecosystem is the weak link when trying to protect against external threats. One lesson learned is the degree of difficulty to detect a compromise until bad things start to happen, examples:
The Carbanak malware set in the banks’ computer systems for months, sending back vital information to hackers, who were then able to impersonate bank officers carrying out internal procedures at more than 100 banks around the world.
With complete control of mission-critical systems, they managed the transfer of millions of dollars from banks in Russia, Japan, Switzerland, the United States and the Netherlands into fake bank accounts set up in other countries.
If not for a video surveillance camera filming an ATM machine in Kiev, the Carbanak malware might never have been detected.
From the US$ 81 million stolen from the Bangladesh Bank in February 2016 only US$ 15 million has been recovered and there is still no word on who was responsible. Cyber attackers illegally transferred US$ 81 million from the Central Bank of Bangladesh (CBB), to several fictitious bank accounts around the world, by subverting their SWIFT accounts.
The Bangladesh Bank heist is a perfect illustration of the future complexity involved in monitoring instant payments.
The WannaCry virus, quickly infecting more than 200,000 businesses in 140 countries. locking computers until a ransom was paid.
Fighting Back with Innovation
The only credible answers are detection and transaction monitoring systems built on new technology, with machine learning and artificial intelligence at the core and not relaying only a rule-based approach.
Criminals don’t use rules
Algorithms that continue to improve, with the support from financial crime and AML professionals, these systems learn to identify suspicious activity where there is a higher probability of a financial crime committed and/or money laundering actually occurring. Therefore, bank staff can focus on the real alerts and not get swamped down in false positives.
Another technology-based approach that continues to develop, provides insights by taking large amounts of account data and generating a visual map. Suspicious relationships and payments can be tracked as they move between bank accounts, regardless of whether the payment amount is split between multiple accounts, or those accounts belong to the same or different financial institutions. The software creates a visual map of where and when money has moved, providing new insights and intelligence for fraud and compliance teams to take action.
By bringing together transactional data from multiple financial institutions and running sophisticated algorithms, such solutions can identify the so-called “mule accounts” that are used for money laundering and other illegal activity. Many of these accounts are not set up directly by the criminals themselves but via a number of scams including phishing, spam email, instant messaging etc.
It is worth pointing out that while technology is a necessary condition for successful financial crime and money laundering prevention, however, it is not the only tool. In addition, financial institutions will need to review their compliance procedures, risk assessments, and their service offerings to strike the optimum balance between competitiveness and security.
What should be the upper threshold look like?
Should priority to VIP and profitable customers be given when reviewing suspicious transactions? What about social and political issues? (For example, Muhammad is the world’s most common name, and also appears a lot on sanctions list. But that also means a significantly large number of false positives, which could lead to claims of unfair profiling.)
And finally, even with advanced technology and effective redesign of processes and procedures is meaningless without a sufficiently well-trained staff to detect suspicious customer behaviour and be reliable gatekeepers, especially at on-boarding of new customers.
Author Paul Allen Hamilton
For more articles on financial crime and Anti-Money Laundering join the AML Knowledge Centre at https://www.linkedin.com/groups/8196279/
Blockchain fraud continues to be a massive problem that has hindered the possibilities of new user adoption. Crypto criminals primarily participate in three types of fraud: tax evasion, money laundering, and terrorist funding schemes. Let’s take a look at each of those categories and how legislation and blockchain technology can reduce, or even eliminate, these and other crimes in the near future.
Tax evasion is one of the most widespread types of blockchain fraud. Prior to 2017, there wasn’t much crypto-related legislation in existence in most countries. Plus there was little enforcement of what regulations did exist. As we have previously reported, this began to change drastically in 2017.
Despite the fact that regulations are tightening, crypto-related tax evasion is still prevalent. In November 2017, LendEDU conducted a survey that included 564 US-based bitcoin investors. According to the results, approximately 36% of participants planned to knowingly avoid paying capital gains taxes in their 2018 tax filings.
There aren’t any stats to determine if this was the actual result. Still, it’s obvious that many people didn’t view crypto tax evasion as a major crime. And it’s possible that those surveyed weren’t exactly sure how to follow the tax regulations. In 2018, however, there are several guides online on how to follow crypto taxation laws in specific countries. Information is even available on specific categories like taxation on cryptocurrency mining.
New Tax Regulations
Investors need to understand and comply with cryptocurrency tax regulations. In some cases, compliance can be beneficial beyond avoiding the obvious consequences of jail time or fines. For example, it’s possible to report capital losses on crypto investments when filing taxes.
Even in the bear market of 2018, regulatory agencies are focusing more on crypto taxation policies. These efforts aren’t just limited to individual, domestic government policies. International collaboration appears to be on the rise as well. For example, a coalition of five governments (Australia, Canada, the Netherlands, the United Kingdom, and the United States) joined together to form the Joint Chiefs of Global Tax Enforcement (J5). According to the IRS, this organization aims to “reduce the growing threat posed to tax administrations by cryptocurrencies and cybercrime.”
Blockchain Fraud: An image of a phone showing bitcoin on top of 4 $20 bills, displaying fiat and cryptocurrency
Tax evasion is one of the most common types of blockchain fraud.
There are several major cases involving the use of cryptocurrencies to launder money. Jerome Powell, Chairman of the U.S. Federal Reserve, said in a House Financial Services Committee testimony in July 2018 that “they are very challenging because cryptocurrencies are great if you’re trying to hide or launder money, we have to be very conscious of that.”
Evidence shows that crypto-based money laundering is indeed a major issue. For example, according to a Q2 2018 report released by CipherTrace, crypto criminals laundered $1.2 billion through bitcoin tumblers and privacy coins in a one-year time period during 2017-2018.
Similar to policies dealing with crypto tax evasion, governments are increasing international collaboration to tackle this type of blockchain fraud. G20 member countries are reviewing a possible global anti-money laundering (AML) standard on cryptocurrency before an October 2018 deadline. In addition, member nations have called upon the Financial Action Task Force (FATF) – an intergovernmental organization formed to combat money laundering and terrorist financing – to review how AML standards that are already in place can potentially be applied to regulate cryptocurrencies.
Blockchain fraud: An image showing a dark hallway of jail cells
Governments are collaborating on an international level to stop crypto criminals involved in money laundering.
Some financial institutions (including the Bank of England) and regulatory agencies have warned against the potential use of cryptocurrencies in terrorist funding. For the most part, various studies don’t show any alarming correlation between crypto and terrorist funding. For example, the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs conducted tests on the risks of cryptocurrencies. According to the results, cryptocurrencies don’t pose a greater risk than fiat when it comes to enabling terrorist funding.
Since 2017, there has been a push to enact legislation that would try to prevent this kind of blockchain fraud. For example, U.S. lawmakers introduced the “Homeland Security Assessment of Terrorists Use of Virtual Currencies Act” in May 2017. They also proposed the “Financial Technology Innovation and Defense Act” in January 2018. Additionally, another bill called “The FinCen Improvement Act of 2018″ was introduced in the US House of Representatives in July 2018. This bill mentions, “anti-terrorism and anti-money laundering initiatives, including matters involving emerging technologies or value that substitutes for currency, and similar efforts’’.
As of August 2018, none of these bills have gained much traction. Only the “Homeland Security Assessment of Terrorists Use of Virtual Currencies Act” has been able to pass the U.S. House of Representatives.
Blockchain Fraud: A photo of the United States Capitol.
The US Congress has introduced a few bills to stop terrorist funding through cryptocurrencies.
Using Blockchain to Combat Blockchain Fraud and Other Crimes
Yes, in some instances, blockchain fraud makes certain crimes easier for criminals to commit. However, it’s also crucial to understand that many of the above-mentioned crimes have been going on for many decades in the fiat economy.
Even though blockchain fraud is a major issue, blockchain technology has also made it possible to stop many types of crime. For example, some blockchain technologies like Ricardian smart contracts aim to vastly improve the future enforcement of legal agreements. In addition, KYC and AML-focused projects can make transactions in the crypto-based economy much more transparent than what’s possible in the current fiat-based economy.
Crypto criminals do exist and present a challenge to the mainstream adoption of digital currencies. Nonetheless, technical innovation should not be viewed as the foundations for a future dystopia. Likewise, the legislation doesn’t have to stunt the progress of technology.
When it comes to stopping crime and fostering innovation, there isn’t a simple solution. How the future will play out depends a lot on how technologies and legislation develop in the coming years. The reality is that both regulations and technologies are needed in order to empower a future where blockchain can benefit society and mitigate the possibilities of blockchain fraud.
This article was originally published on Coincentral.
“Top Misconceptions of Cryptocurrency as a Payment System”
Which can be read on Amazon Kindle Unlimited for Free You can find more interesting articles by visiting us on one of the following platforms: AML Knowledge Centre (LinkedIn) or Anti-Bribery and Compliance at the Front-Lines (LinkedIn)