The new Black
With the rapid advancement of mobile technologies, the internet is now accessible from any- and everywhere. Open banking (PSD2) in the European Union, together with mobile wallets, instance payment initiatives and cryptocurrencies offer consumers a lot of ways to engage with financial institutions 24/7. Therefore, in today’s environment, customer expectations are constantly changing and it’s imperative that financial crime and Anti-Money Laundering units keeps pace.
No doubt that the widespread use of mobile devices is accelerating the rate and impact of financial crime. Today, mobile subscriptions outnumbered the world’s population as illustrated by Statista:
Which in turn, has spurred the use of mobile banking apps and the way consumers pay for generic services, in general altering us into a cashless society.
With new regulations such as the Payment Services Directive (PSD2), the European Union has set the rules for open banking, allowing FinTechs access to traditional financial institutions’ systems and customer data. Everyone is a winner, the benefits of open banking are enhanced customer service for under-served markets, new revenue streams, and improved margins.
While this presents major opportunities for everyone it places a lot of responsibility on those tasked with keeping a financial institution from being compromised by cyberattacks or used as a vehicle to launder money.
How will current financial crime & anti-money laundering systems work in a digital world?
It’s difficult enough for financial institutions to monitor and detect violations of transactions taking at best 24 hours to clear. With digital payments clearing in real time the impossible becomes totally impossible using conventional methods as transactions clear in a matter of milliseconds. By conventional, we mean systems focused on a rule-based approaches, where suspicious transactions are put in a queue and investigated in an overnight batch mode.
Even in a world operating in batch, AML systems generate too many false positives (typically between two and 15% of all transactions) and therefore imposes a huge workload on banks and financial investigation units (FIU).
Number of Suspicious transactions reported to UIF in the UK: +51% (’12-16), from 67K in 2012 to 101K in 2016
As digital payments continue to increase, this problem is greatly scaled because banks are under pressure from customers and consumers to clear transactions as quickly as possible and still make sure that risk and compliance systems flag all risks and suspicious activities.
The Internet of Things
Once upon a time, cybercriminals focused their efforts on PCs. However, with the average user spending about five hours per day on a mobile device, with roughly 70 percent of those smartphone devices not having an anti-virus program installed on them, sensitive data (e.g. contacts, passwords, emails, documents, photos, etc.) are exposed to cyber threats. Therefore, we have witnessed a sharp increase in new mobile malware, because criminals will always take the path of least resistance.
The Internet of Things (IoT) is driving the interoperability of physical devices, vehicles, home appliances and other electronic equipment through sensors and software enabled apps.
The number of online-capable devices was believed to have increased to 8.4 billion by 2017 and by 2020 experts estimated that 30 billion objects would be online, with a global market value of $7.1 trillion.
The Nokia Threat Intelligence Report 2H 2016 estimated that more than 100 million devices worldwide have been infected by malware, including mobile phones, laptops, notepads and a broad range of IoT devices.
The same report stated that smartphones were more often targeted, accounting for 85 percent of all mobile device infections and smartphone infections increased 83 percent during July through December, compared to the first half of the year.
According to Check Point Mobile Threat Research’s 2017 report (“Mobile Cyberattacks Impact Every Business”) financial institutions, as the custodians of their customer’s money and data are a much sought-after target for cyberattacks. Malware attacks by industry:
With the number of mobile devices already infected and the connectivity of devices rapidly expanding, cybercriminals have more routes to target than ever before.
As crazy as it once seemed, cybercriminals attacking financial institutions via a coffee machine, smartphone or even an employee’s wearable health-check device is no longer science fiction. Also, this malware storm isn’t a regional threat but it’s path of destruction is universal. The most impacted regions according to Check Point mobile threat researchers:
Source: Check Point Mobile Cyberattacks Impact Every Business
The Eye of the Storm
That said, financial institutions appreciate the importance of digital technology and are embracing an ecosystem that includes FinTechs. These ecosystems can help to provide more customer value and open new customer segments. At the same time, they bring new types of operational risks with them, such as:
- Risky user behaviour. For example, 70 % of smartphone users have never installed an anti-virus program on their mobile device.
- 24/7 connectivity of mobile devices to hotspots.
- WI-FI networks and Bluetooth technologies making it easier for attackers to carry out a fraud campaign.
- Rogue mobile applications, repacking of apps and ransomware are on the rise.
- Advance malware & viruses for online as well as mobile devices continue to increase.
Currently, the data on mobile fraud isn’t as robust as with other channels. These operational risks need to be continually assessed to build reliable mobile fraud models without jeopardizing the customer experience. 60 percent of digital banking fraud originates from the mobile channel, according to figures published by RSA in 2018. This mobile banking fraud almost always involves thieves using RDC to deposit fraudulent checks, or cybercriminals using stolen identity credentials to hijack consumer bank accounts. This actually caused a dip in the growth of mobile banking as users sensed insecurity. Security and fear of fraud are the top two concerns about using mobile banking for up to 55 percent of consumers, according to Javelin Research. And with more than 25 million mobile devices infected by a single malware variant alone (Agent Smith) it is hardly surprising. The exact number of malware-infected mobile devices is hard to quantify, but in 2018 Kaspersky Labs and products detected:
- 5,321,142 malicious installation packages
- 151,359 new mobile banking Trojans
- 60,176 new mobile ransomware Trojans
A point often overlooked is that your ecosystem is the weak link when trying to protect against external threats. One lesson learned is the degree of difficulty to detect a compromise until bad things start to happen, examples:
The Carbanak malware set in the banks’ computer systems for months, sending back vital information to hackers, who were then able to impersonate bank officers carrying out internal procedures at more than 100 banks around the world.
With complete control of mission-critical systems, they managed the transfer of millions of dollars from banks in Russia, Japan, Switzerland, the United States and the Netherlands into fake bank accounts set up in other countries.
If not for a video surveillance camera filming an ATM machine in Kiev, the Carbanak malware might never have been detected.
From the US$ 81 million stolen from the Bangladesh Bank in February 2016 only US$ 15 million has been recovered and there is still no word on who was responsible. Cyber attackers illegally transferred US$ 81 million from the Central Bank of Bangladesh (CBB), to several fictitious bank accounts around the world, by subverting their SWIFT accounts.
The Bangladesh Bank heist is a perfect illustration of the future complexity involved in monitoring instant payments.
The WannaCry virus, quickly infecting more than 200,000 businesses in 140 countries. locking computers until a ransom was paid.
Fighting Back with Innovation
The only credible answers are detection and transaction monitoring systems built on new technology, with machine learning and artificial intelligence at the core and not relaying only a rule-based approach.
Criminals don’t use rules
Algorithms that continue to improve, with the support from financial crime and AML professionals, these systems learn to identify suspicious activity where there is a higher probability of a financial crime committed and/or money laundering actually occurring. Therefore, bank staff can focus on the real alerts and not get swamped down in false positives.
Another technology-based approach that continues to develop, provides insights by taking large amounts of account data and generating a visual map. Suspicious relationships and payments can be tracked as they move between bank accounts, regardless of whether the payment amount is split between multiple accounts, or those accounts belong to the same or different financial institutions. The software creates a visual map of where and when money has moved, providing new insights and intelligence for fraud and compliance teams to take action.
By bringing together transactional data from multiple financial institutions and running sophisticated algorithms, such solutions can identify the so-called “mule accounts” that are used for money laundering and other illegal activity. Many of these accounts are not set up directly by the criminals themselves but via a number of scams including phishing, spam email, instant messaging etc.
It is worth pointing out that while technology is a necessary condition for successful financial crime and money laundering prevention, however, it is not the only tool. In addition, financial institutions will need to review their compliance procedures, risk assessments, and their service offerings to strike the optimum balance between competitiveness and security.
What should be the upper threshold look like?
Should priority to VIP and profitable customers be given when reviewing suspicious transactions? What about social and political issues? (For example, Muhammad is the world’s most common name, and also appears a lot on sanctions list. But that also means a significantly large number of false positives, which could lead to claims of unfair profiling.)
And finally, even with advanced technology and effective redesign of processes and procedures is meaningless without a sufficiently well-trained staff to detect suspicious customer behaviour and be reliable gatekeepers, especially at on-boarding of new customers.
Author Paul Allen Hamilton
For more articles on financial crime and Anti-Money Laundering join the AML Knowledge Centre at https://www.linkedin.com/groups/8196279/
However, minor the task of sanction screening or name filtering sounds it contributes to a significant amount of false positives and is a time consuming task that leaves less time for other AML patients.
And in today’s environment of tighter AML regulations, constantly evolving instant payment initiatives, open banking (i.e. API) and mobile wallets, as the complexity increases so do the false positives.
While this presents major opportunities it puts a lot of pressure on the risk and compliance systems at financial institutions, which need to detect and flag actual threats in real-time. And this new reality has arisen, let us not forget, at a time when regulators are imposing ever-increasing responsibility on those people who are tasked with keeping a financial institution from being compromised for money laundering and terrorist financing.
Therefore, screening individuals and entities is a key task as well as a legal requirement of any compliance program.
“A financial institution discovered, after employees returned from the weekend, hundreds of SWIFT payments had not gone out, because the system had falsely identified the beneficiaries as a sanctioned name or entity”
The Challenges of Name Screening
Sanctions lists can be found in all formats and sizes. Some are country-based, often following United Nations resolutions to promote world peace and human rights; they prohibit certain if not all transactions. Other sanctions are motivated by politics and foreign policy at a national level, as is the case with the United States’ economic embargo against Cuba. A third category imposes targeted sanctions (e.g. the freezing of assets, travel bans and arms embargos) against specific persons, groups, undertakings and entities, as is the case with any terrorist group such as the ISIL (Da’esh) and Al-Qaida sanctions lists.
Many of the national sanctions lists are based on sanctions imposed under UN resolutions, so many of the names appearing on the UN lists also appear on supranational lists such as those issued by the European Union, as well as national sanctions lists such as the USA’s OFAC and the UK’s HMT lists.
Sanctions lists are fairly straightforward. The course of action regarding persons and entities on sanctions lists is clear – they are a no-go for most financial institutions and when confirmed a Suspicious Activity/ Transaction Report (SAR/STR) must be submitted to the local financial investigation unit (FIU) authority. Complication is manifested when a company is not on any official sanctions list, but a shareholder is, therefore you are required to treat it as a sanctioned entity.
Watch lists serve the purpose of assessing a client’s potential risk and includes (among others) PEPs. A politically exposed person (PEP) is someone who has been entrusted with a prominent public function and therefore presents a higher risk for potential involvement in bribery and corruption by virtue of their position and influence. The Financial Action Task Force on Money Laundering (FATF) issued its latest definition of PEPs in 2012:
- Foreign PEPs: individuals who are or have been entrusted with prominent public functions by a foreign country, for example Heads of state or Heads of government, senior politicians, senior government, judicial or military officials, senior executives of state-owned corporations, important political party officials.
- Domestic PEPs: individuals who are or have been entrusted domestically with prominent public functions, for example Heads of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state-owned corporations, important political party officials.
This distinction is important for a risk-based approach. Also it’s important to note that there are still countries who do not subscribe to the notion of domestic PEPs being a risk at all.
In addition, persons who are not politically active but who have been entrusted with a prominent function by a state-owned enterprise or an international organization, for example members of senior management, directors, deputy directors and members of the board or equivalent functions may also appear on watch lists.
Being on a PEP or other watch list obviously does not mean that a person is corrupt, but that person presents increased risks owing to the possibility that an individual holding such a position will have far greater opportunity to misuse power and influence for personal gain, or may be open to malign influence by a third party. A point that is often overlooked, but really important as bribery convictions reach all-time highs, is the risk that business partners may pose if they qualify as “public officials” based on their company’s ownership structure if fully or partially state-owned.
Law enforcement agencies, security authorities, national and regional agencies also disseminate various lists. These lists (e.g. Interpol’s Red Notices, the FBI’s Crime Alert List, Europe’s Most Wanted, Singapore Investors Alert and IOSCO consumer protection) can help financial institutions and other organizations avoid doing business with a wrong party and from being drawn into a fraudulent scheme or unwanted scandal.
Adverse media lists
Adverse media comes from a range of local, national and even global sources as well as online social platforms. Adverse media can support a financial institution or a corporate company’s decision to engage or not to engage in a business relationship based on the risk associated with the client from negative news. Adverse media can reveal potential involvement in money laundering, terrorism, various criminal activity and other potential crimes that could have a reputational backlash for a firm.
Lists in general
Although, many lists are publicly available, there are technical challenges because these sources have different ways of presenting information. Some offer well-structured information in downloadable XML files, others in CSV or delimited text files, while others can be drawn from social feeds, blogs, web posts and many are unstructured, and still other sources have online lists across multiple web pages, and some are even in PDF format only.
Not to mention the URLs are constantly being moved, without notice. Therefore, a firm’s name screening might not be including an important source, because the URL changed without notice.
Despite the apparent simplicity and straightforwardness of list screening, selecting the lists that will benefit all areas of your financial crime prevention program can therefore be a daunting task. Here are a few factors to consider:
- The geographical jurisdiction(s) in which you operate
- The requirements of local and foreign regulators in the area you operate
- Your organization’s risk assessment – this must be consulted as a guideline
- Is an appropriate data structure provided?
- Does the list provider deploy technology that enables more cost-effective means of data deployment (e.g. through the cloud or interfacing via API)?
- What formats are data files available in?
- How up-to-date and “clean” is the data? The lists can hold millions of entries. How well does it manage duplications, expired records etc.?
- An appropriate update schedule and updating by delta files are a “must have”
- If an online search function is provided, what techniques are being used to match names?
- In many cases and for many reasons an institution’s data will have gaps and inconsistencies following the old data processing axiom of garbage in garbage out (GIGO). On the other hand, we’re trying to match against hundreds of lists that have different ways of presenting the information.
- Inconsistency in basic things like abbreviations (Sr./Senior, Inc./Incorporated, AG/Aktien Gesellschaft, nicknames, etc.) and translations of words that have the same meaning but are spelled different e.g. Germany (EN), Allemagne (FR), Deutschland (DE) can all impact screening results.
A majority of the relevant lists published are in a Latin character set, while many of the names on them originate from countries that do not use the Latin alphabet. Therefore, names that are Chinese, Greek, Islamic, Russian and Thai, etc. must be transliterated from their home language to a Latin one. However, the complication does not end there. For example, in the Arabian Peninsula, Jamal is pronounced Jamal, in Egypt Gamal, and in Algeria Djamal. These are all the same Arabic word, but one that is spelled (transliterated) in various regional ways when written in English.
A further example of transliteration is the voiceless uvular plosive used in Arabic and other languages. It is pronounced approximately like English [k], it’s pronunciation varies between different languages and different dialects of the same language. The consonant is sometimes transliterated into “g”, sometimes “k”, and sometimes “q” in English.
For example, the former Libyan leader’s name can be spelled in various ways:
Opaque ownership structures present a real challenge for KYC as criminals, and politically exposed persons (PEPs), etc. hide behind corporate structures.
A company might not be on an official sanctions list, but according to an Office of Foreign Assets Control (OFAC) rule it can be blocked if stakeholders who are on lists have ownership equal to or above 50 percent (this is known as the 50 Percent Rule); thus there is a good chance that the company in question will itself be treated as a sanctioned entity. To put it simply, if company X is blocked and it owns 50 percent of company Y, company Y is also considered blocked, even if that entity doesn’t appear on the OFAC Specially Designated Nationals (SDN) list.
For this reason, it is imperative that corporate ownerships are verified when dealing with certain countries and corporate structures to ensure that none of the beneficial owners are prohibited persons under OFAC regulations.
Practical Actions to take Now
Given the various points raised above, here are some practical steps you should take if you wish to make efficient use of lists and increase the effectiveness of sanction and Pep filtering:
- Data Integrity. Get your data in order. A database built on the principles of good data, properly spelled names, sound data structure, and format will go a long way to improving the identity matching process.
- Automated Data Collection at every point of customer engagement
- Do not simply perform risk assessment, “live it”. This is critical in leveraging the understanding of how these risk exposures impact technological decisions and operational areas of the institution.
- Test, test, test – perform random checks to ensure that technology and operational processes are working appropriately and are being consistently applied. Review reports to understand when and why changes are necessary.
- Check AML data providers for company credibility, data accuracy,
well-structure data, depth of content, customer service/support, data quality verified by third party, etc
Apply Innovative Technology
True, there is a lot of hype about Artificial Intelligence (AI) and most AI examples that you hear about today – from Google Assistant, Alexa, Siri, or Bixby, to self-driving cars – rely heavily on deep learning and natural language processing. Using these technologies, computers can be trained to accomplish specific tasks by processing large amounts of data and recognizing patterns in the data
Therefore, if you are serious about sanction screening and tackling money laundering with an acceptable return on your efforts and investment, you need to acquaint yourself with artificial intelligence (AI) and machine learning (ML).
Artificial Intelligence and Machine learning uses two types of techniques: Supervised, models are trained on data with known inputs and outputs (also known as categorized data) to identify potentially suspicious transactions. while Unsupervised, models are exposed to raw data to find hidden patterns or intrinsic structures that might signal money laundering or other financial crimes.
The importance of this is demonstrated with the use of supervised learning in sanctions screening where every payment transaction must be screened to check if any beneficiaries are on a sanction or watch list.
However, screening systems produce a lot of false positives that must be dispositioned by a human reviewer, before the transaction can leave the gateway or employees which are greeted by thousands of false positives after an overnight batch screening.
Hopefully, AI can be trained, well enough, to eventually takeover much of the task of reviewing these false positives. There can’t be enough said to the urgency of experimenting with artificial intelligence (AI) now as these models and algorithms need to be constructed, systems set up and then trained, tested, trained, tested and trained until these technologies are taught to address the repeatable high-volume of false positives.
That said, AI is not in itself a “silver bullet” and the process of getting these models up and running can be laborious, therefore, banks should consider cloud-based multi-tenant solutions that share out the cost burden and a can improve time to deployment.
Other technological advances, such as distributed ledger (e.g. blockchain) technology, will help to improve banks’ ability to monitor complex, multi-part transactions. These “smart contracts” with advance algorithms, will allow financial institutions to securely parse data through an AML engine on the blockchain,” in this way banks can store and share data, thus eliminating excessive complex bureaucracy involved in information sharing.
Paul Allen Hamilton
I can be contacted on LinkedIn @ https://www.linkedin.com/in/paulhamilton2/
Photon Photo – Shutterstock
Money laundering in Russia has its own characteristics. In the normal world money laundering is the transformation of “illicit money” into “clean money”: criminals selling drugs to invest in real estate, in Russia it is different. There money laundering mostly means turning “clean money” into “illicit money”, for example, by evading taxes or using illegal schemes to withdraw money from the country that could be both illicit and clean. Сompanies trying to transfer legal money abroad because investing in Russia is too dangerous: high political risks, weak legal infrastructure, criminalization and corruption of the economy. To withdraw money from the country companies need an approval from the Central Bank and an economic purpose like a financial or commercial transaction. Along with the money earned in Russia by legal means, there are also sources of illegally earned money:
Where the illegal money comes from?
Sources of legal funds in Russia can be divided into 4 major categories:
- Illegal sale of natural resources: oil, natural gas, metals, etc .;
- Smuggling of alcohol, tobacco, weapons, and drugs;
- Income derived from such “classic” types of illegal activities, like extortion (racketeering), prostitution, theft, fraud, theft of cars, etc .;
- Offenses “of white-collar workers”: the plunder of state property and funds, false declarations of income and profits, tax evasion, illegal “flight” of capital.
GAFI experts note that foreign sources of illegal funds entering Russia and the countries of the former USSR for laundering are little known.
How does the money laundering work in Russia?
The most common method of money laundering in Russia is the opening of individual accounts at financial institutions, placing there significant amounts in cash and then transferring them to the accounts of fake companies, which in turn transfer them to another location.
Other methods include the use of counterfeit accounts, double bookkeeping and contract fraud. A typical scenario involves the transfer of funds in foreign currency to the account of a fake company overseas, allegedly for the purpose of financing a commercial transaction. A false contract for the purchase of goods from a shell company is submitted to the bank as evidence of the commercial need for transfer of funds. Once the money is transferred, legalized funds can be freely transferred to another account or converted into cash. This method is also used to steal public funds.
To launder proceeds from illegal activities in the region, banks, exchange offices, non-bank financial institutions, casinos and real estate companies are also used. Most of the laundering operations are carried out using cash or wire transfers, as well as bank and traveler’s checks.
Global Laundry allowed to launder more than $ 80 billion
According to documents received by the international organization of investigative journalists OCCRP, for three years from Russia was withdrawn at least $ 20 billion, but the real amount can be $ 80 billion. Journalists believe that about 500 people were involved in the corruption scheme named Global Laundry, including oligarchs, bankers and individuals.
Money laundering usually took place according to the following scheme: participants registered, for example, in the UK, two fake companies, the real owners of which were hiding behind a chain of off-shores. The authors of the investigation assume that both enterprises actually had the same owners. Then both companies signed a loan agreement, according to which company “A” lends a large sum from company “B”. In reality, the deal was fictitious, and no money was given to company “A”.
The contract stipulated that commercial structures from Russia would act as guarantors of repayment of the loan, which in almost all cases was headed by a Moldovan citizen. The company “A” then declared itself insolvent, and obligations to repay the debt automatically passed to Russian companies.
As the Moldovan citizen was at the head of Russian companies, the lawsuits had to be considered in the Moldovan court. Corrupt judges confirmed the existence of the debt and issued an order to recover from the guarantors the required amount. According to the investigation, more than 20 Moldovan judges were involved in the scheme. Some of them are under investigation now, and the others have resigned.
After the court decision, the bailiffs, who were also involved in the scheme, opened accounts with Moldindconbank in Moldova. To these accounts, Russian companies had to transfer money, thus closing a fictitious debt.
n the end, the money was transferred to the account of the “creditor company”, for the opening of which the Latvian bank Trasta Komercbanka was always selected. Thus, the money legalized by the Moldovan court was on the territory of the EU: swindlers could now dispose of the money at their discretion and transfer them to accounts in other countries.
Mafia capital and money laundering
Criminal groups continue to make significant investments in real estate, hotels, restaurants and other businesses in some countries of Western Europe. Funds for these purposes often come through intermediary offshore companies. The establishment of links between organized Russian and foreign criminal gangs is noted.
In Russia today there are objective economic conditions for the active legalization of criminal capital. Illicit drug trafficking, the trade in arms and radioactive materials, prostitution, underground gambling, organized crime, illegal financial and banking activities, the plundering of public funds and funds, license-free video business, illegal use of copyright and trademark rights, illegal production of alcohol are all more than favorable conditions for the emergence of significant by the standards of even Western states of illegal capital.
The presence of such money in the country is recognized by the international community as a sufficient condition for large-scale criminal financial operations.
The situation is aggravated by the fact that a huge part of the economic turnover in Russia is served by cash. According to some estimates, “cash” provides up to 60 per cent of the economic turnover (compared to 20 – in the US, or 40 – in Germany). Cash turnover significantly reduces the possibility of introducing effective reporting by financial and other institutions (casinos, salons for the sale of expensive cars, etc.) for transactions with a certain “ceiling”.
In addition to objective circumstances (the “shadow” economic foundation) is not enough to carry out large-scale laundering operations. It is necessary to have well-developed connections with the main financial centres of the world: London, New York, Tokyo, Zurich, Frankfurt am Main, etc.
The facts show: such links are established and expanded by Russian criminals. Active counter-movement of money began. Simplified departure from Russia – there was a legal possibility of investing money in the foreign real estate, securities, luxury goods. Such operations are carried out even during tourist trips to foreign financial centres and “tax havens”.
On the other hand, Russia is rapidly becoming the sphere of application of foreign criminal capital. For example, the Association of Russian Banks believes that over the past two years about 16 billion dollars of Mafia capital have migrated to Russia. The “dollarization” of the domestic economy is growing, and according to various estimates, there are 12 billion of US dollars circulating in Russia in 2018. The currency in the country has long been freely convertible in thousands of exchange offices.
More than 3 thousand criminal groups specialize in the legalization of criminal proceeds, almost 1.5 thousand of these groups formed their own legal economic organizations for this purpose. Up to 80% of the economic facilities of the non-state sector of the economy are under the control of criminal communities that charge them, including more than 500 banks, about 50 exchanges, almost the entire wholesale and retail trade network. According to expert estimates, 2/3 of the legalized funds received in this way are invested in the development of criminal entrepreneurship, 1/5 of it is spent on the acquisition of real estate.
A characteristic feature of money laundering technologies in Russia is the illegal cashing out of funds in order to conceal traces of origin and subsequent involvement in illegal or legal economic circulation.
Picture: Lyudmila2509 – Shutterstock