Sanction Screening the Intensive Care Patient…Innovation the Cure!

Sanction Screening the Intensive Care Patient…Innovation the Cure!

However, minor the task of sanction screening or name filtering sounds it contributes to a significant amount of false positives and is a time consuming task that leaves less time for other AML patients.

And in today’s environment of tighter AML regulations, constantly evolving instant payment initiatives, open banking (i.e. API) and mobile wallets, as the complexity increases so do the false positives.

While this presents major opportunities it puts a lot of pressure on the risk and compliance systems at financial institutions, which need to detect and flag actual threats in real-time. And this new reality has arisen, let us not forget, at a time when regulators are imposing ever-increasing responsibility on those people who are tasked with keeping a financial institution from being compromised for money laundering and terrorist financing.

Therefore, screening individuals and entities is a key task as well as a legal requirement of any compliance program.

“A financial institution discovered, after employees returned from the weekend, hundreds of SWIFT payments had not gone out, because the system had falsely identified the beneficiaries as a sanctioned name or entity”   

The Challenges of Name Screening

Sanctions lists

Sanctions lists can be found in all formats and sizes. Some are country-based, often following United Nations resolutions to promote world peace and human rights; they prohibit certain if not all transactions. Other sanctions are motivated by politics and foreign policy at a national level, as is the case with the United States’ economic embargo against Cuba. A third category imposes targeted sanctions (e.g. the freezing of assets, travel bans and arms embargos) against specific persons, groups, undertakings and entities, as is the case with any terrorist group such as the ISIL (Da’esh) and Al-Qaida sanctions lists.

Many of the national sanctions lists are based on sanctions imposed under UN resolutions, so many of the names appearing on the UN lists also appear on supranational lists such as those issued by the European Union, as well as national sanctions lists such as the USA’s OFAC and the UK’s HMT lists.

Sanctions lists are fairly straightforward. The course of action regarding persons and entities on sanctions lists is clear – they are a no-go for most financial institutions and when confirmed a Suspicious Activity/ Transaction Report (SAR/STR) must be submitted to the local financial investigation unit (FIU) authority. Complication is manifested when a company is not on any official sanctions list, but a shareholder is, therefore you are required to treat it as a sanctioned entity.

Watch lists

Watch lists serve the purpose of assessing a client’s potential risk and includes (among others) PEPs. A politically exposed person (PEP) is someone who has been entrusted with a prominent public function and therefore presents a higher risk for potential involvement in bribery and corruption by virtue of their position and influence. The Financial Action Task Force on Money Laundering (FATF) issued its latest definition of PEPs in 2012:

  • Foreign PEPs: individuals who are or have been entrusted with prominent public functions by a foreign country, for example Heads of state or Heads of government, senior politicians, senior government, judicial or military officials, senior executives of state-owned corporations, important political party officials.
  • Domestic PEPs: individuals who are or have been entrusted domestically with prominent public functions, for example Heads of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state-owned corporations, important political party officials.

This distinction is important for a risk-based approach. Also it’s important to note that there are still countries who do not subscribe to the notion of domestic PEPs being a risk at all.

In addition, persons who are not politically active but who have been entrusted with a prominent function by a state-owned enterprise or an international organization, for example members of senior management, directors, deputy directors and members of the board or equivalent functions may also appear on watch lists.

Being on a PEP or other watch list obviously does not mean that a person is corrupt, but that person presents increased risks owing to the possibility that an individual holding such a position will have far greater opportunity to misuse power and influence for personal gain, or may be open to malign influence by a third party. A point that is often overlooked, but really important as bribery convictions reach all-time highs, is the risk that business partners may pose if they qualify as “public officials” based on their company’s ownership structure if fully or partially state-owned.

Law enforcement agencies, security authorities, national and regional agencies also disseminate various lists. These lists (e.g. Interpol’s Red Notices, the FBI’s Crime Alert List, Europe’s Most Wanted, Singapore Investors Alert and IOSCO consumer protection) can help financial institutions and other organizations avoid doing business with a wrong party and from being drawn into a fraudulent scheme or unwanted scandal.

Adverse media lists

Adverse media comes from a range of local, national and even global sources as well as online social platforms. Adverse media can support a financial institution or a corporate company’s decision to engage or not to engage in a business relationship based on the risk associated with the client from negative news. Adverse media can reveal potential involvement in money laundering, terrorism, various criminal activity and other potential crimes that could have a reputational backlash for a firm.

Lists in general

Although, many lists are publicly available, there are technical challenges because these sources have different ways of presenting information. Some offer well-structured information in downloadable XML files, others in CSV or delimited text files, while others can be drawn from social feeds, blogs, web posts and many are unstructured, and still other sources have online lists across multiple web pages, and some are even in PDF format only.

Not to mention the URLs are constantly being moved, without notice. Therefore, a firm’s name screening might not be including an important source, because the URL changed without notice.

Despite the apparent simplicity and straightforwardness of list screening, selecting the lists that will benefit all areas of your financial crime prevention program can therefore be a daunting task. Here are a few factors to consider:

  • The geographical jurisdiction(s) in which you operate
  • The requirements of local and foreign regulators in the area you operate
  • Your organization’s risk assessment – this must be consulted as a guideline
  • Is an appropriate data structure provided?
  • Does the list provider deploy technology that enables more cost-effective means of data deployment (e.g. through the cloud or interfacing via API)?
  • What formats are data files available in?
  • How up-to-date and “clean” is the data? The lists can hold millions of entries. How well does it manage duplications, expired records etc.?
  • An appropriate update schedule and updating by delta files are a “must have”
  • If an online search function is provided, what techniques are being used to match names?

Data

  • In many cases and for many reasons an institution’s data will have gaps and inconsistencies following the old data processing axiom of garbage in garbage out (GIGO). On the other hand, we’re trying to match against hundreds of lists that have different ways of presenting the information.
  • Inconsistency in basic things like abbreviations (Sr./Senior, Inc./Incorporated, AG/Aktien Gesellschaft, nicknames, etc.) and translations of words that have the same meaning but are spelled different e.g. Germany (EN), Allemagne (FR), Deutschland (DE) can all impact screening results.

Transliteration

A majority of the relevant lists published are in a Latin character set, while many of the names on them originate from countries that do not use the Latin alphabet. Therefore, names that are Chinese, Greek, Islamic, Russian and Thai, etc. must be transliterated from their home language to a Latin one. However, the complication does not end there. For example, in the Arabian Peninsula, Jamal is pronounced Jamal, in Egypt Gamal, and in Algeria Djamal. These are all the same Arabic word, but one that is spelled (transliterated) in various regional ways when written in English.

A further example of transliteration is the voiceless uvular plosive used in Arabic and other languages. It is pronounced approximately like English [k], it’s pronunciation varies between different languages and different dialects of the same language. The consonant is sometimes transliterated into “g”, sometimes “k”, and sometimes “q” in English.

For example, the former Libyan leader’s name can be spelled in various ways:

  • Gaddafi
  • Qadhafi
  • Kaddafi
  • Gadhafi
  • Ghathafi
  • Qaddafi
  • Ghadafi

Beneficial owners

Opaque ownership structures present a real challenge for KYC as criminals, and politically exposed persons (PEPs), etc. hide behind corporate structures.

A company might not be on an official sanctions list, but according to an Office of Foreign Assets Control (OFAC) rule it can be blocked if stakeholders who are on lists have ownership equal to or above 50 percent (this is known as the 50 Percent Rule); thus there is a good chance that the company in question will itself be treated as a sanctioned entity. To put it simply, if company X is blocked and it owns 50 percent of company Y, company Y is also considered blocked, even if that entity doesn’t appear on the OFAC Specially Designated Nationals (SDN) list.

For this reason, it is imperative that corporate ownerships are verified when dealing with certain countries and corporate structures to ensure that none of the beneficial owners are prohibited persons under OFAC regulations.

Practical Actions to take Now

Given the various points raised above, here are some practical steps you should take if you wish to make efficient use of lists and increase the effectiveness of sanction and Pep filtering:

  1. Data Integrity. Get your data in order. A database built on the principles of good data, properly spelled names, sound data structure, and format will go a long way to improving the identity matching process.
  2. Automated Data Collection at every point of customer engagement
  3. Do not simply perform risk assessment, “live it”. This is critical in leveraging the understanding of how these risk exposures impact technological decisions and operational areas of the institution.
  4. Test, test, test – perform random checks to ensure that technology and operational processes are working appropriately and are being consistently applied. Review reports to understand when and why changes are necessary.
  5. Check AML data providers for company credibility, data accuracy,
    well-structure data, depth of content, customer service/support, data quality verified by third party, etc

Apply Innovative Technology

Artificial Intelligence 

True, there is a lot of hype about Artificial Intelligence (AI) and most AI examples that you hear about today – from Google Assistant, Alexa, Siri, or Bixby, to self-driving cars – rely heavily on deep learning and natural language processing. Using these technologies, computers can be trained to accomplish specific tasks by processing large amounts of data and recognizing patterns in the data

Therefore, if you are serious about sanction screening and tackling money laundering with an acceptable return on your efforts and investment, you need to acquaint yourself with artificial intelligence (AI) and machine learning (ML).

Artificial Intelligence and Machine learning uses two types of techniques: Supervised, models are trained on data with known inputs and outputs (also known as categorized data) to identify potentially suspicious transactions. while Unsupervised, models are exposed to raw data to find hidden patterns or intrinsic structures that might signal money laundering or other financial crimes.

The importance of this is demonstrated with the use of supervised learning in sanctions screening where every payment transaction must be screened to check if any beneficiaries are on a sanction or watch list.

However, screening systems produce a lot of false positives that must be dispositioned by a human reviewer, before the transaction can leave the gateway or employees which are greeted by thousands of false positives after an overnight batch screening.

Hopefully, AI can be trained, well enough, to eventually takeover much of the task of reviewing these false positives. There can’t be enough said to the urgency of experimenting with artificial intelligence (AI) now as these models and algorithms need to be constructed, systems set up and then trained, tested, trained, tested and trained until these technologies are taught to address the repeatable high-volume of false positives.

That said, AI is not in itself a “silver bullet” and the process of getting these models up and running can be laborious, therefore, banks should consider cloud-based multi-tenant solutions that share out the cost burden and a can improve time to deployment.

Blockchain Technology

Other technological advances, such as distributed ledger (e.g. blockchain) technology, will help to improve banks’ ability to monitor complex, multi-part transactions. These “smart contracts” with advance algorithms, will allow financial institutions to securely parse data through an AML engine on the blockchain,” in this way banks can store and share data, thus eliminating excessive complex bureaucracy involved in information sharing.

Paul Allen Hamilton

I can be contacted on LinkedIn @ https://www.linkedin.com/in/paulhamilton2/

Photon Photo – Shutterstock

Crypto Crimes: ICO Scams, Robbery, and Money Laundering

Crypto Crimes: ICO Scams, Robbery, and Money Laundering

The rising popularity of cryptocurrency and blockchain technology has brought many benefits to the world; however, this hasn’t come without a few downsides. Along the way, we have also seen a rise in the number of cryptocurrency crimes. From kidnappings to money laundering and many more types of crime, police and governments around the globe are looking to coordinate efforts in order to stop crypto criminals. In this article, we’ll take a look at some example cases and how law enforcement is handling them.

ICO Scams

ICO scams are one of the most common types of cryptocurrency crimes. Oftentimes, project teams are completely fictitious. As during any ICO, investors send ETH, BTC, USD, and/or other currencies to the wallets of the project. The only difference is that fake projects keep the funds and give no tokens whatsoever in return. Most often, these scams involve fake project team profiles, which sometimes even include big-name entrepreneurs like Richard Branson.

One ICO for a project called Miroskii used a photo of actor Ryan Gosling for a profile of a fake graphic designer named “Kevin Belanger”. While it might appear evident to some or even most people that this was a fake profile, this fraudulent ICO actually claimed to have raised $830,000. Little is known about the consequences of such a scam since there is currently no info online about any charges against the project. Even the project website is still running; however, you won’t find the profile for “Kevin Belanger” or anyone else on the team any more.

The ICO scam issue is so bad that the United States Federal Trade Commission (FTC) will be discussing this as part of its workshop in Chicago on June 25, 2018, at DePaul University. One of the biggest problems with ICO scams is the overall lack of regulatory framework in place for public fundraising at a national level. In the US, for instance, states like Texas have been the most proactive in banning certain cryptocurrency projects and ICOs that are deemed to be fraudulent.

Robbery

It’s bad enough when someone loses money due to a cryptocurrency exchange hack or an ICO scam but there are even worse ways to get funds stolen. There have been quite a few incidents of robbery and kidnappings involving cryptocurrency. During one such incident in Dubai, a gang of ten individuals pretended to be in charge of issuing mandated trade licenses for the cryptocurrency. Two brothers who were looking to purchase trade licenses were carrying around $1.9 million in cash. The gang impersonating the trade license issuers stole the cash from the two brothers and also assaulted them. Since that time, the ten suspects have been apprehended and referred to public prosecutors.

 

In another incident, Louis Meza, a man from New Jersey, even kidnapped his friend and stole $1.8 million in cryptocurrency. Meza lured his friend into a minivan and a gunman pointed a pistol at the friend, demanding his 24-word passphrase to access the victim’s Ledger Nano S wallet. Meza also looted the victim’s apartment, stealing a ledger and other information. While a lot of cryptocurrencies are designed to make the transfer funds untraceable or at least rather difficult to track, Meza made two key mistakes.

First, there was surveillance video showing him enter the victim’s apartment. Second, he used a popular cryptocurrency exchange to transfer stolen funds from ETH to BTC. The account’s public address included his own name, which gave a lot of evidence linking Meza to the crime. Meza pleaded not guilty to grand larceny, kidnapping, robbery and related counts at his arraignment in the Manhattan Supreme Court in December 2017. The judge ordered $1 million bond or $500,000 cash bail.

Money Laundering

There have already been a few large-scale cases for money laundering via cryptocurrency. Thomas Mario Costanzo allegedly used cryptocurrencies to launder proceeds for drug dealers. Costanzo was arrested during a USDHS-coordinated raid in April 2017. Evidence also shows that Costanzo used crypto to buy drugs and offered an online cryptocurrency exchange service for other people to purchase drugs without adding the required KYC authentication process.

The possible sentence for such crimes is rather hefty. The five charges placed on Costanzo can bring a maximum sentence of 20 years in prison, a $250,000 fine, or a combination of the two. In addition, any cryptocurrencies used in these crimes could be taken away by the U.S. Justice Department. The sentencing will take place on June 11, 2018.

There have even been some cases requiring international law enforcement cooperation. One recent example involved authorities from Finland, Spain, the United States, and Europol. In this case, 137 individuals were investigated and 11 were ultimately arrested in April 2018. Originally, criminals laundered drug money from Spain to Colombia using credit cards.

The group realized quickly switched to cryptocurrencies after realizing the easy traceability of traditional bank accounts. Nonetheless, law enforcement officials from Europol were able to track down criminals by monitoring crypto-to-fiat exchange transactions (Colombian pesos). Europol has stated that it is committed to giving additional cryptocurrency crime detection training to its officers. It will also continue to coordinate to stop such crimes both within the EU and beyond.

 

The Future of Crypto Crimes

Undoubtedly, crimes related to cryptocurrency will continue to rise as the popularity of cryptocurrency in general rises. Even though there are many good aspects of a crypto-based economy (i.e. greater transaction privacy, users control over funds, and freedom of capital flow), these same benefits do bring new potential challenges to stopping crimes of the present and future. In some instances, criminals might still leave behind evidence that can be tracked.

However, it is also likely that cryptocurrency crimes will become more intricate and potentially even more difficult to stop than traditional crimes attached to fiat currency. As criminals become smarter, it is clear that law enforcement agencies will have to remain on top of changes in emerging technologies as they relate to criminal activity.

written by Delton Rhodes

This article was originally published on Coincentral: https://coincentral.com/crypto-crimes-ico-scams-robbery-and-money-laundering/

 

“Top Misconceptions of Cryptocurrency as a Payment System”

 

Which can be read on Amazon Kindle Unlimited for Free  You can find more interesting articles by visiting us on one of the following platforms: AML Knowledge Centre (LinkedIn) or Anti-Bribery and Compliance at the Front-Lines (LinkedIn)