Let’s take a look at how the past year is reflective of what AML trends to look out for in 2023.

• Policy push for tighter regulation of Companies House could be delayed.

There are massive overhauls across the globe in the public registers for companies. The UK and several other nations are campaigning to make identifying ultimate beneficial owners (UBOs) clearer and more transparent.

While this is happening in some countries, in others there is an increasing appetite for more privacy, such as with the European Union Court of Justice's recent ruling in Luxembourg with regards to beneficial ownership of companies. The recession and this time of low economic growth may distract the policy push for tighter regulation of Companies House as the government wants to incentivise inward investment.

• The Real Estate sector will remain a hub for money laundering.

Real estate remains one of the faster-growing sectors for money laundering across the board, and the trend is expected to continue into 2023. Real estate is an attractive method of money laundering in many ways. It’s a great way to clean significant sums of money, it can be leveraged at a later date, and plenty of firms that operate in the sector have notoriously poor structures which prioritise faster transactions over compliance. We see significant amounts of cash in the form of ‘donations’ from other parties being used as home deposits across the UK that are difficult to verify and trace, and that trend is only increasing.

• Technology will continue to make AML processes quicker and more efficient.

Technology has the ability to speed up the time it takes to verify entities and individuals and will exponentially increase productivity across the AML sector over the next few years.

The best thing about regulation is that it affects not only your business, but all of your competitors in the same way. This means that if you can streamline your businesses by processing tasks quicker, cheaper, and more effectively, it will lead to more satisfied customers and happier staff (who hate doing manual AML). Businesses have the opportunity to use compliance as a competitive advantage.

•  The recession could increase money laundering, with companies less likely to scrutinise transactions and more likely to deprioritise compliance staff.

The biggest problem with money laundering is that it is inadvertently highly profitable for reporting entities. Because of this, firms may be more willing to deal with higher-risk transactions and scrutinise these transactions less. This is especially true if they are high-value, which money laundering transactions usually are. Recessions could also lead to firms de-prioritising compliance staff, who are already overworked at the best of times, exposing them to worse compliance processes.

• Money laundering will be easy in the Metaverse.

Money laundering in the Metaverse could become a real issue if it actually takes off. Although its user base is currently small, digital assets are a fantastic tool for laundering money. Since the Metaverse is essentially a space populated by virtual businesses selling virtual goods, money launderers can use the same real-world tactics of placement, layering and extraction to clean their money. They will be able to repeat this step over and over again using different amounts each time, making transactions extremely difficult to trace.

• Money launderers will exploit web3 as it develops.

As web3 starts to develop and mature, we’ll see more creative ways for money launderers to exploit this space. And, as new regulations come in about government UBO databases, we’d expect to see a rise in even more opaque structures to try and hide beneficial ownership.

• Specialist AML partners will increasingly be relied upon.

Companies will continue to grapple with balancing cost, speed and transparency of business transactions in a competitive and volatile economy. As such, they will have no choice but to rely on specialist partners to keep them up to date with relevant AML legislation and ecosystem changes.

• Regulatory authorities’ thirst for intelligence will continue to increase.

We expect to see an increase in the use of the data collected when companies file Suspicious Activity Reports (SARs). Data collected from SARs can be used by up to 80 law enforcement agencies who conduct their own checks as a means for investigating and preventing criminal activity. This information is currently interrogated as a dataset thousands of times a year for keywords and names to help identify and direct an investigation.

Particularly with the improvements being made to the SARs portal, we expect agencies will better utilise structured data and will allow better quality data into the system to be triaged, analysed and used more effectively across different departments.

The bottom line

The year ahead is full of new opportunities, especially with the further development of the Metaverse and web3. This, along with the economic downturn, could lead to a rise in fraudulent activity.

Businesses must stay alert and ensure that they are taking all the measures possible to avoid falling victim to money launderers. Thanks to new developments in AML technology, 2023 looks bright for compliance. Now’s the time to take advantage of new tech, so businesses - from real estate, and accounting to law - can stay on the right side of history, avoid hefty fines and come out of the recession shining.

So, you were involved in a car accident, and one of the vehicles was a rental. Unfortunately, the conditions when a car rental agency is a liable party are few and far between. Many steps throughout the rental process and paperwork are set up expressly for the purpose of shielding the agency from liability.

Protections for the Rental Agency

There are a lot of built-in protections for car rental agencies. Understanding these protections is crucial if you want to know what your options are.

The Rental Agreement

Most rental agreements between a car rental agency and renter are set up to limit the liability for the company. Whenever the driver of the vehicle is responsible for an accident, this holds the blame on them, protecting the company.

It is vital to read rental agreements before signing because some will even make the renter solely responsible for any type of damage to the vehicle. This is meant to protect the agency from the cost of a hit-and-run or damage while the driver is not in the car.

If your rental car has been damaged, check your rental agreement to make sure you do not have to pay for rental days while it is being repaired. This is included in some agreements.

Primary and Secondary Liability Insurance

In many states, drivers must have liability insurance to operate any motor vehicle. Likewise, many car rental agencies must have liability insurance. In an accident involving a rental car, the driver’s insurance is triggered first and becomes the primary liability insurance. If the driver’s coverage can not cover all of the damages, only then will the agency’s insurance help.

Most rental agreements between a car rental agency and renter are set up to limit the liability for the company.

Entrustment

A precedent has been set that car rental agencies are not liable for negligent entrustment. This means if they rent a car to someone with a bad driving record, they are not liable. Rental agencies do not need to perform any sort of criminal or driving-specific background check before renting someone a car. To make them do so would place a large burden on the company.

Car Rental Agency Liability

There are a few conditions where a car rental agency is exposed to liability for injuries to the renter. These conditions look at negligence or shady business practices. Learn more about what a lawyer must prove in order to establish liability before deciding if you should take your situation to court.

Preexisting Conditions

If a rental vehicle has a dangerous flaw or necessary repair and the rental agency knows about it, they must fix it before renting out the vehicle again. If an agency employee rents out a dangerous or risky vehicle, they could be liable for the resulting injuries.

This can be hard to prove since you need to show there was a warning from a mechanic or a recall issued by the car’s manufacturer.

Lack of Maintenance

Car rental agencies must maintain their vehicles. If you can prove the agency or branch you used does not have or follow guidelines for routine inspections and maintenance, they may have missed a dangerous condition with the vehicle. This can help you prove the agency is liable for damages due to their negligence.

[ymal]

State and Federal Laws

If the state or federal laws were broken in the rental agreement or during the rental process, this could show that the agency is liable. For example, if a car rental agency allows a driver without a current driver’s license to rent and operate their vehicle, they have engaged in illegal business practice. If the agency has put a potentially untrained or dangerous driver on the road like this, they could share liability for the actions of that driver.

Other unethical and illegal business practices can open the rental agency to liability, too. Using defective auto parts or unlicensed employees to service their vehicles is another way some rental companies break the rules.

Should You Sue?

Everyone’s situation is unique somehow, so to plan your next steps, speak to a professional with legal experience about injury damages or liability.

Author’s Bio - Michelle Eddy

Michelle Eddy is a staunch consumer advocate, fresh libertarian convert, a mother of three, and a part-time blogger. She covers topics from parenthood and child development to education and law. With a strong emphasis on consumer rights and helping the little guy stand up for their rights. Her favorite quote is “Sir, we are outnumbered 10 to 1." "Then, it is a fair fight!"

Philippe Alcoy, Security Technologies for NETSCOUT, describes the cybersecurity threat facing the financial services sector, the damage it has done and how it can best be safeguarded against.

In 2020, for the first time in history, the annual number of Distributed Denial-of-Service (DDoS) attacks exceeded 10 million. These attacks took place at greater frequency, speed, and strength, enabling attackers to knock out their targets faster than ever before. Now, NETSCOUT is seeing threat actors re-targeting companies who were previously able to prevent being attacked, focusing particularly on the finance industry.

Before looking at DDoS attacks in relation to the financial sector, it is important to understand what a DDoS attack is. DDoS attacks can be described as malicious attempts to make online services unavailable, which is achieved by overwhelming the service with traffic from multiple systems. The industries targeted by these attacks are wide-ranging, from telecommunications and eCommerce to finance and healthcare.

In 2020, the financial sector emerged as a prime target for cybercriminals. NETSCOUT observed that there were more DDoS attacks against the finance industry in the month of June than there were from January to May 2020. In fact, from June to August 2020, there were more attacks against the industry in this period than were seen in total between April 2016 and May 2020. There was also an increase in the speed of attacks that were taking place against the financial sector, with the total throughput of attacks increasing by roughly 4.5 times worldwide.

DDoS extortion campaign

This campaign of DDoS attacks targeting the finance industry was taking place worldwide, with banks, exchanges and other financial services organisations all being hit. But there was something unusual about these DDoS attacks: they were part of an extortion campaign. This involves extortionists demanding a payment via Bitcoin within a specified amount of time prior to or following a demonstration DDoS attack. In most scenarios, when the demands of the attackers aren’t met, the ensuing attack that was threatened does not end up taking place.

In 2020, for the first time in history, the annual number of Distributed Denial-of-Service (DDoS) attacks exceeded 10 million.

More recently however, NETSCOUT has discovered that the same attackers are returning to previous targets. The organisations that were successfully able to mitigate the first DDoS extortion attack are now being retargeted in follow-on attacks, months after the original attacks took place.

The impact of the campaign

The financial sector is a prime focus for this DDoS extortion series and the more recent retargeting campaign because they are perceived to have access to large amounts of money, as well as vast swathes of private data, making them an obvious target for those behind the campaign.

It should be noted that the attackers claim to be part of well-known attack groups, such as ‘Lazarus Group’, ‘Fancy Bear’, and ‘Armada Collective’ to try and boost their credibility and scare their targets into paying up. As such, NETSCOUT has given the attackers the nickname ‘Lazarus Bear Armada’ (LBA).

Unlike other threat actors, these LBA attackers have carried out extensive research into identifying the appropriate email inboxes that are regularly checked and used, to make sure their threats are read by the right people. The increased accuracy of the extortion emails has the potential to cause serious damage to those in the financial sector. It has the capability to disrupt a large number of services used by finance organisations, from online banking platforms and website access to internal systems that help the organisations to operate and fulfil the needs of customers.

A DDoS extortion campaign can lead to institutions losing a large amount of money, even without a ransom being paid, because the initial demonstration DDoS attack results in downtime for part of the company.

An indirect consequence of a DDoS extortion attack is the reputational damage that it can cause. For example, when financial organisations are hit by a DDoS attack, customers may be unable to access their money and financial information, and may feel put off or let down by the organisation not having the appropriate DDoS countermeasures in place.

[ymal]

In order to mitigate the risk posed by DDoS extortion campaigns, financial services organisations must have a solid plan of action in place. It is vital that when organisations are attacked, they know who to contact and notify. This should include key stakeholders, security providers and local regulators. Financial institutions should also learn from previous DDoS extortion campaigns that targeted the industry. For example, there are clear similarities between the DD4BC series of attacks that took place from 2014-2016, and the current extortion campaign, with both targeting the financial sector.

While a DDoS extortion attack can be devastating for those organisations in the financial services sector, providing they have the right protection and plan of action in place, the damage caused by the attack can be kept to a minimum.

Finance Monthly hears from Lynne Darcey-Quigley, founder and CEO of Know-It, on the problem of fraud plaguing UK firms and how they can protect themselves from it.

Throughout the 1960s, Frank Abagnale famously faked eight different identities, including a pilot, lawyer and a physician, to gain free flights and defraud banks. There was subsequently a film titled ‘Catch me if you can’, starring Leonardo DiCaprio, made about his life and how he conned people. Arguably his most ingenious (or in fact worrying) tactic was his ability to write personal cheques on his own overdrawn account. This, however, would work for only a limited time before the bank demanded payment, so he moved on to opening other accounts at different banks, eventually creating new identities to sustain this charade and continue to defraud financial institutions.

Although time has passed and technologies and systems have been put in place to weed out the Frank Abegnales, the issue of fraud and financial crime continues to linger. This has been made plainly obvious throughout the COVID-19 pandemic, where the Coronavirus Bounce Back Loan (BBLS) scheme has been plagued by fraudulent applications.

As a result, the National Audit Office (NAO) has estimated that taxpayers could lose as much as £26 billion from fraud, organised crime or default, as up to 60% of the loans may never be repaid.

An all too familiar story

For businesses across the UK, this may not be a surprise. Even before the pandemic, a study from PwC found that half of all UK companies had been the victim of fraud or economic crime between 2016 and 2018. The research found that for more than half of the organisations affected, criminal activity resulted in losses of around £72,000.

Fraud and financial crime, therefore, has clearly not been born as a result of the ongoing COVID-19 pandemic, nor will it diminish once the virus has passed. The case of COVID-19 loan fraud should, therefore, provide businesses, government and other stakeholders with a wake-up call and a chance to reflect on how they can reduce the risks of falling victim to financial fraud. But what lessons can these stakeholders learn and what needs to change?

Even before the pandemic, a study from PwC found that half of all UK companies had been the victim of fraud or economic crime between 2016 and 2018.

Always do your homework

We understand that the issuing of COVID-19 loan schemes was a unique situation. Lenders have been under huge amounts of pressure to approve loans quickly and help support struggling businesses. Unfortunately, this simply doesn’t give them the time they need to conduct the checks that are needed to protect themselves from fraud and financial crime. Yet this echoes similar findings from PwC’s research from a few years ago: UK organisations are generally not doing enough to prevent fraud, with only half carrying out a fraud risk assessment in the last two years.

Regardless of whether your organisation is an SME, a large enterprise or a national government, basic and thorough credit checks must be in place as part of the process of protecting your business. Through establishing the validity of a customer your business is looking to establish a working relationship with, you are immediately reducing the risk of exposing yourself to fraud or financial crime. But why stop there? Compiling credit reports and verifying a business’ status on Companies House before committing to a commercial arrangement are also effective measures that can help protect your business.

These checks go a long way for business owners, particularly SMEs, as late payments and of course, fraud, can cause disruptions to business cash flow. Cash flow issues can prove fatal for smaller business owners, which is why credit checking, building credit reports and validating other businesses and its financial status is key to survival.

Ensuring a smooth recovery

When it comes to government support loans, businesses do not have to begin paying back the money from May 2021 onwards. However, this time large time period isn’t a luxury when it comes to collecting payment from customers. Consequently, implementing a responsive and robust debt recovery process is essential to minimising the risk of non and late payment issues, helping business protect their cash flow and minimise risk.

Agreeing and making a record of credit terms in advance ensures that no business transactions can be disputed, which could later lead to businesses losing out on payment from customers Under the BBLS, the government provided lenders with a 100% guarantee for the loan. For SMEs in particular, this approach simply cannot be taken, especially if debt recovery steps, such as ensuring credit terms between businesses, are not agreed and recorded beforehand.

[ymal]

Chasing owed payments is far easier after the checks to validate a business have been made. Businesses can take measures which include; credit holding, which involves pausing services to a client until they have paid. Issuing final notices is also essential to the debt recovery process, the final correspondence before taking up legal proceedings usually resolves any delayed payment issues. The problem facing the government is that fraudsters applying for support loans will do so illegitimately, therefore remaining anonymous and slipping through the debt recovery net. This reiterates the importance of verifying and checking recipients during the early stages of a business agreement, as this eases the rest of the debt recovery process.

A final word on SMEs

However, it is not just the initial checks before the first commercial transaction that must be invested in. To truly protect themselves, infrastructure must be put in place to continually monitor and chase customers. In larger businesses it is common to have a designated department or employee who will handle this process – usually this person will be known as a ‘credit controller’. Yet, we understand that many – particularly smaller businesses – do not have the resources readily available to continuously check the credit status of their customers and conduct due diligence.

Fortunately, this is where advancement in technology play a critical role. For example, by using technology to automate the credit control process, this can help businesses streamline this process so they can credit check and monitor and conduct due diligence, all from one place. Automating this process, firms can collate the information and identify areas of concern, without expending huge amounts of time and precious resources, ultimately helping them to limit risk and reduce fraud.

Laws governing financial crimes within the market haven’t always been as quick to catch up with the trend of crimes themselves, as has law regulating more traditional crimes such as larceny or robbery. However, when it comes to fraud, the law is fairly clear, and the penalties are steep.

A company director making a false or misleading statement is committing a federal offense that carries the threat of serious prison time .

Fraud can take a number of forms from the top of company leadership

A company director is the figurehead of corporate leadership, and speaks directly for the company. It is against the law to misrepresent information that is relevant to the company’s status in any way that may impact investment decisions, manipulate stock prices, or otherwise influence the course of business and the market.

A common instance of fraud is when a company’s directors mislead investors as to the real state of the company’s financial health. Another form of fraud may be presented internally, such as if a CEO sends a memo to their staff informing them that they are running a quarterly profit, when they are in fact running a deficit.

Whatever the means, the law itself is pretty clear-cut. The sentence for making false statements can increase when additional counts are involved, and corporate fraud also involves other financial crime elements.

Other common forms of fraud that may be included in a bundle of charges against a company director for making false statements include:

• Wire fraud
• Money laundering
• Conspiracy to commit fraud
• Accepting or soliciting bribes
• Market abuse and insider trading
• Falsifying documents

A company director is the figurehead of corporate leadership, and speaks directly for the company.

Regardless of the charges, however, any charge is bound to come on the heels of an extensive criminal investigation. This may start with a complaint or anonymous tip. It could also arise from suspicions on the part of competing firms or directly from regulators or legal investigators.

The criminal investigation

Just as there are a number of ways for company directors to commit fraud through the issuing or simple verbalizing of false or misleading statements, so too are there a number of ways to get caught. Some of the ways a company director may be exposed for illegally making a false statement include:

• Being caught lying directly to a law enforcement or regulatory agency representative (ex: the FBI)
• Being exposed by a whistleblower within the company for circulating false information internally
• Being investigated and exposed by a regulator for false information leaked or spoken to associates for the purposes of manipulating the market
• Being caught inflating numbers in company publications or company disclosures

Of this list, getting caught lying to investigators seems like an unlikely path to downfall for a chief executive, but it happens quite often. For example, former MiMedX CEO Parker Petit was convicted of fraud in November 2020 after the Securities and Exchange Commission (SEC) found that he had falsified the company’s actual financial situation in SEC filings, with the associated securities fraud charge carrying a maximum sentence of twenty years in prison.

While not the same as lying to police in the interrogation room, falsifying an SEC filing, while it seems a brazenly reckless move to make given the consequences, is a common cause for fraud charges.

Running a legal defence to prosecutorial offense

Unlike most criminals, guilty company directors in fraud cases tend to have some of the best legal representation available on the planet. There are a number of mechanisms and legal arguments that a good defense attorney or company’s general counsel can employ when their company director is charged with making false statements.

[ymal]

A primary line of defence is to attempt to argue that the company director did not know that what they were saying was false. This argument could be supported by evidence that another member of the company falsified the information. It could be chalked up to accounting error.

While a tried and not always true method of defense, a common approach is to simply deny that the company director did make a false statement. This is certainly a tougher argument to make if documented evidence suggests otherwise. Ultimately, these cases will come down to a combination of the strength of the respective legal teams involved and the truth itself.

Price comparison website ComparetheMarket has been issued a £17.9 million fine by the Competition and Markets Authority (CMA) for overcharging on home insurance.

An investigation by the competition watchdog found that the site imposed “most favoured nation” clauses in contracts between December 2015 and December 2017 that prohibited home insurance providers selling on its platform from offering lower prices on other comparison websites, protecting ComparetheMarket from being undercut by competitors.

The CMA said that the policy “limited competitive pressures” on insurers selling through ComparetheMarket and made it more difficult for competing price comparison websites to grow and challenge the company’s entrenched market position. The resulting slack in competition between ComparetheMarket and these other sites also resulted in higher insurance premiums, according to the CMA.

“Price comparison websites are excellent for consumers,” said Michael Grenfell, executive director for enforcement at the CMA. “They promote competition between providers, offer choice for customers, and make it easier for consumers to find the best bargains.”

“It is therefore unacceptable that ComparetheMarket, which has been the largest price comparison site for home insurance for several years, used clauses in its contracts that restricted home insurers from offering bigger discounts on competing websites — so limiting the bargains potentially available to consumers.”

ComparetheMarket hit out at the ruling. “CompareTheMarket.com is disappointed with the CMA’s decision and does not recognise its analysis of the home insurance market,” the company said in a statement.

[ymal]

“We fundamentally disagree with the conclusions the CMA has drawn and will be carefully examining the detailed rationale behind the decision and considering all of our options.”

ComparetheMarket is one of the UK’s largest price comparison websites and well-known for its television adverts featuring meerkat puppets.

German payments fintech Wirecard, which collapsed following a fraud scandal earlier this year, will see a significant portion of its remaining assets purchased by Madrid-based Banco Santander.

Wirecard’s insolvency administrator Michael Jaffe said on Monday that Santander “will acquire the technology platform of the payment service provider in Europe as well as all highly specialised technological assets”. The deal marks the conclusion for the dissolution of Wirecard “despite unfavourable conditions”, Jaffe added.

In a separate statement, Santander said that it would acquire technological assets from Wirecard’s merchant payments business as part of plans to accelerate the bank’s growth in Europe. A source familiar with the deal told Germany’s Süddeutsche Zeitung that Santander had agreed to pay around €100 million for these assets.

Around 500 Wirecard employees who manage the technology acquired by Santander will join the bank’s global merchant services team, but remain in their current locations, according to the Santander statement. No Wirecard companies were involved in the acquisition and Santander will not assume any legal liability relating to the company or its past actions.

Wirecard was a rising star in Europe’s fintech scene until June this year, when it emerged that €1.9 billion of customer deposits could not be found in the company’s accounts. The resulting fraud scandal led to the arrest of former Wirecard CEO Markus Braun and a warrant being issued for the arrest of COO Jan Marsalek. The company filed for insolvency in August.

[ymal]

The scandal was an embarrassment for German financial regulator BaFn, and Jan Marsalek remains at large despite an ongoing Interpol search.

Investor processes are still underway for the sale of Wirecard’s other subsidiaries in Asia, Turkey and South Africa, Jaffe said. The sale of assets from subsidiaries in North America, Brazil and Romania has already been included, with results expected in the coming weeks.

Insurance companies want to make as much profit as possible, so they may not always obey all the rules. What you may not know is that insurance companies are required to do certain things when you file a claim. When they do not, they may be in violation of the law.

Unreasonable Delays

Insurance companies sometimes delay the start of an investigation into a claim with the hope that you will simply give up on it. Most state laws have deadlines for when an insurance company must accept or deny a claim. These deadlines may range from 15 to 60 days. If your insurance company delays investigation beyond those dates, they may have violated the law.

Failure to Conduct Investigation

Your insurance company is required to act in good faith and provide you with a fair deal. They must investigate any claim you file, even if it is simply sending an adjustor to review your damage. If you submit a claim after your car is damaged while parked on a street and your insurance company denies the claim without sending out an adjustor or refuses to look at estimates you have collected, they are not acting in good faith.

Deceptive Practices

If your insurance company fails to provide you with important information, they may be in violation of the law. This could include:

• Failing to disclose existence of coverage
• Failing to notify you of a claim deadline
• Failure to provide necessary paperwork to complete your claim

Your insurance company is required to act in good faith and provide you with a fair deal.

Offering Low Settlement Amounts

Although insurance companies try to offer low settlements in order to increase their own profits, they are not allowed, under the law, to purposely offer far less than they know your claim is worth. If you have provided estimates for damage repairs and your policy has adequate coverage to pay those claims, the insurance company may not offer you less than the lowest estimate you received.

The insurance company can also not refuse to pay a valid claim that is a covered event on your policy. For example, if you have no-fault insurance coverage and are struck by an uninsured driver, your insurance company must cover the damages and any injuries.

Misrepresentation of the Law

There have been instances when insurance companies purposely misrepresent the law or the language of a policy in order to avoid paying a claim. Insurance agents have a duty to be truthful in their statements, and making false statements may be a violation of the law. In court, you must prove that the statements made were intentionally false in order to mislead you.

Threatening Statements

Any insurance company that makes threatening statements to a policy holder may be prosecuted under the law. If an insurance agent tells you that if you file a claim, they will file legal action against you, it is important that you contact your state insurance board as well as an attorney right away.

[ymal]

What to Do When Your Insurance Company Breaks the Law

Did your insurance company break the law when they processed—or failed to process—your claim? If you believe your insurance company has violated the law, it is important that you reach out to an insurance attorney to learn what rights you may have. The only way to keep these companies operating the way they should is to hold them accountable when they are on the wrong side of the law.

Wayne Johnson, CEO of Encompass Corporation, offers Finance Monthly his thoughts on where responsibility lies in the case of the FinCEN Files and how better tech can prevent money laundering from going unnoticed.

On 20 September, it was globally publicised that the FinCEN Files had been leaked to BuzzFeed News. Said files exposed some of the world’s largest banks, suggesting that they had been aware of cases of money laundering, corruption and fraudulent activity, contained in up to $2 trillion worth of transactions over an 18 year period between 1999 and 2017.

As a result, global banking shares plummeted by up to 8% on 21 September, and public outrage was aimed at those caught up in the scandal. News editors and agenda setters were quick to pin the blame on the banks, but is it that clear-cut?

The leaked FinCEN Files refer to approximately 2,100 Suspicious Activity Reports (SARs) filed by banks with the US Department of Treasury’s Financial Crime Enforcement Network (FinCEN). These files refer to suspicious and potentially illicit activity reported by financial institutions in the private sector, to financial intelligence units.

Reporting these findings is required by law and, as soon as a SAR is filed, it becomes the responsibility of regulators to investigate these leads, in order to stop any money laundering in its tracks. Reporting to a customer that a SAR has been filed is illegal and can compromise substantial investigations or impact national security.

Of course, suggesting that the banks are entirely blameless in the context of the money laundering exposed by the FinCEN Files leak would be false. The fact that criminals have even signed up to a bank successfully is an indictment on a bank’s initial customer due diligence and onboarding processes.

It is therefore clear that improved money laundering prevention methods are required by the banks themselves to stop instances like this from ever occurring again. However, the extensive and comprehensive Know Your Customer (KYC) processes that are required to identify risk at the point of onboarding a new customer have placed such a burden on resources that banks are struggling to maintain the quality of KYC. ICIJ’s analysis of the FinCEN Files leak found that in 160 SARs banks actively sought more information about the corporate vehicles behind the transaction without response. These gaps in initial KYC expose banks to significant risks down the line, as the FinCEN leaks have made clear.

The fact that criminals have even signed up to a bank successfully is an indictment on a bank’s initial customer due diligence and onboarding processes.

Acknowledging that existing processes are unsustainable, and that RegTech offers the only way forward, these once novel solutions are now seen as critical tools to be incorporated in a bank’s initial due diligence policy when onboarding and evaluating all customers. These solutions can collect, analyse and integrate critical KYC information far more quickly and accurately than humans, making it far easier for banks to determine beneficial ownership and other information needed for sound onboarding decisions.

The use of RegTech allows banks to truly unlock the potential of their data for KYC purposes. This improves a bank’s ability to detect and fend off risk at the earliest possible opportunity and throughout the entire customer lifecycle. And in the event of risks emerging further down the line, a complete customer profile allows a bank to craft SARs that provide meaningful information that help regulators prioritise and maximise the success of investigations.

The financial sector has made strides in implementing technology to address their regulatory challenges - there is more to be done for sure, but we are seeing banks globally incorporating RegTech and the pace of digital transformation accelerating.

In the case of the FinCEN Files, the issue resides across the entire ecosystem of the regulatory process. It is understood that a severe backlog of SARs, and a lack of adequate funding, has meant that regulators have not had the means to address or thoroughly investigate each and every case. Emboldened criminals are taking full advantage to launder money and expand their empires, and regulators now have no choice but to look at their own processes and make the improvements needed to get through the backlog of SARs and improve responsiveness to new ones.

Fortunately, solutions are available and able to support the SARs programme by helping to improve the reporting policy, both in terms of allowing banks to measure anomalies and ‘suspicious’ activity more accurately, and allowing regulators to prioritise certain cases and conduct efficient investigations.

[ymal]

SupTech (supervisory technology) is a category adjacent to fintech and RegTech and refers to technology used by regulators to improve their ability to supervise the implementation of and adherence to Anti-Money Laundering (AML) and other regulation. This approach could help further sift out irrelevant information, so that regulators and law enforcement agencies aren’t overloaded when investigating leads, and are able to focus on what they really need to.

Furthermore, RegTech, especially in the case of automation, is an increasingly important part of a bank’s technology stack. As previously mentioned, a robust KYC process that generates and maintains accurate and complete digital KYC files will ensure that subsequent activities, such as transaction screening and monitoring, are as precise and effective as possible.

Regardless of who, or what, is to blame for the gross abundance of money laundered through some of the world’s leading banks since 1999 (which, incidentally, is only a tiny fraction of the total amount of money laundered in this period), the fact remains that processes across the landscape are outdated, and the SARs reporting and investigation system must be changed if it is to effectively diagnose and eradicate the more sophisticated methods of criminal activity that have emerged. Solving this issue with RegTech and SupTech is key to improving the effectiveness of compliance at all points, and is essential to stamping out the financial crime that will continue to affect the world’s leading financial institutions.

Goldman Sachs has been ordered to pay $2.9 billion in fees and penalties to settle charges over its involvement in the 1MDB scandal.

The Financial Conduct Authority (FCA) and the Bank of England’s Prudential Regulation Authority (PRA) announced late on Thursday that they would fine Goldman Sachs £97 million for its risk management failures connected to the scheme, forming part of a global settlement with regulators across the US, the UK, Hong Kong and Singapore.

The settlement includes the largest fine ever issued under corporate criminal bribery law.

The Department of Justice claimed that the bank ignored signs of fraud from some of its senior bankers in a scheme that saw the Malaysian economic development fund being defrauded out of around $2.7 billion.

Goldman Sachs had earned $600 million in fees for helping 1Malaysia Development Berhad raise over $6.5 billion to be invested in Malaysian energy development. Much of this money was looted, with over $2.7 billion diverted towards private purchases of luxury real estate, art, yachts, and in one instance to help finance the 2013 film “The Wolf of Wall Street”.

Authorities alleged that senior staff at Goldman Sachs were involved in the embezzlement, with at least one former banker involved in the case having pleaded guilty to charges. Goldman Sachs’ Malaysian branch agreed to a $3.9 billion settlement with Malaysian prosecutors in July, and on Thursday pleaded guilty to conspiring to violate US anti-bribery laws.

UK regulators focused on the bank’s alleged failure to adequately investigate signs of misconduct among its staff when they came to light. “When confronted with allegations of bribery and staff misconduct, the firm’s mishandling allowed severe misconduct to go unaddressed,” said Mark Steward, the FCA’s executive director of enforcement and market oversight, in a statement.

[ymal]

“There is no amnesty for firms that tackle financial crime poorly, and the size of GSI’s fine reflects that.”

Goldman Sachs CEO David Solomon addressed mismanagement at the bank in a statement on Thursday. “We recognise that we did not adequately address red flags and scrutinize the representations of certain members of the deal team, most notably Tim Leissner, and the outside parties as effectively as we should have,” he said.

To pay the fines levelled against it, the bank is seeking to clawback $76 million in compensation paid to former staff connected with the 1MDB case. In addition, its board is cutting long-term share deals for former executives and cutting current executives’ pay by $31 million.

Syed Rahman, Legal Director at Rahman Ravelli, offers Finance Monthly an analysis of the implications that the FinCEN Files hold for financial services and regulators.  

To use an old phrase, you shouldn’t wash your dirty laundry in public. But with the FinCEN Files it seems as if the banks have had many of their dirtiest secrets made very public. And, appropriately enough, they relate to their failure to tackle money laundering.

The FinCEN Files are 2,657 leaked documents; 2,121 of which are Suspicious Activity Reports (SARs) from some of the world’s largest banks and financial institutions. They identify more than $2 trillion in transactions between 1999 and 2017 that were flagged by financial institutions’ internal compliance officers - via SARs - as relating to possible money laundering or other crime.

Significantly, the documents beg the question why the banks did little or nothing to follow up their concerns. They are a blow to the credibility of both financial institutions and those that regulate them. The quality of SARs as well as the timing of them shows a meeting of the minimum requirements rather than any real intent when it comes to tackling money laundering. Quite how far any retrospective analysis of this conduct goes remains to be seen. But any identifiable failings could prompt civil or criminal proceedings.

Estimates put the leaked SARs as being a mere 0.02% of the total filed to FinCEN (the US Financial Crimes Enforcement Network). Yet while they may be a small percentage of the full picture, they raise big concerns about the lack of thorough checks being made by banks and the implications of this.

These concerns have made the news for a variety of reasons and in a wide range of reports. But while the headlines about facts, figures and prominent personalities are all worth absorbing, our main focus in all of this needs to be on the inadequacy of the system – or the operation of the system - that has allowed money laundering on such a huge scale. The FinCEN files would seem to indicate that we are at a tipping point when it comes to the banks and money laundering: either governments put more resources into the agencies who are supposed to investigate SARs or they work with the financial institutions, regulatory agencies and law enforcement bodies to repair or even replace what appears to be a system with serious fault lines running through it.

Estimates put the leaked SARs as being a mere 0.02% of the total filed to FinCEN.

There has been recent tightening in the UK and US of legislation in relation to laundering. In the UK alone, we have seen implementation of money laundering directives, creation of the National Economic Crime Centre, the arrival of unexplained wealth orders and account freezing orders and government commitments in its Economic Crime Plan. Yet it appears that more needs to be done. The fact that more than 3,000 UK companies appear in the FinCEN files cannot be ignored. This is more than any other state, and confirms the UK’s unwanted title of most favoured location for money launderers.

At this stage, it is perhaps too early to say with certainty precisely how the blame should be shared out. The fallibility of the system, the shortcomings of the banks and law enforcement’s lack of action or resources appear to be the prime suspects. Closer scrutiny of the individual SARs in question – if and when they become available – may help identify exactly where responsibility for this lies.

Yet wherever the finger is pointed, those who face criticism may well be able to point to mitigating circumstances. In terms of resources, there is no doubt that the SARs regime is placing huge strain on the National Crime Agency’s UK Financial Intelligence Unit (UKFIU), whose job it is to process them. April 2017 to March 2018 saw UKFIU receive more than 450,000 SARs. And while banks and other financial institutions may be criticised, they can point to the fact that by filing the SARs they have complied with their statutory requirements. If, in the wake of these leaks, these requirements are not deemed adequate or effective then another approach – even a whole new way of tackling the problem – may need to be devised. But at the very least a lot of thought needs to be given to the allocating of more resources to the existing approach.

The Law Commission has recommended certain improvements to the UK SARs regime; most notably including a call for them to be made more useful to law enforcement. The Commission said too many reports are of poor quality, as they are mainly made primarily as a defence to any potential allegation of money laundering against the financial institution. It also said that the current system is complex, resource intensive and lacks any accompanying guidance.

[ymal]

The leaking of thousands of documents has, if anything, validated the Commission’s views. The main issue now is what is done to improve or replace a system that suits nobody other than those it is supposed to be working against.

Having both been incorporated in 2018, Prevail Partners and Intelligent Sanctuary are relative newcomers to the financial services sector – but the teams behind them certainly aren’t. Their new partnership combines military and international crime agency asset tracing, due diligence, fraud and money-laundering capability that could set a new standard in the civilian market.

Rather than limiting investigations to scouring social media or publicly available records, the partners utilise investigative tradecraft and cyber forensics, supplemented with fintech-based data collection tools, to pursue evidential trails across international borders. Intelligent Sanctuary CEO Jonathan Benton and Prevail Partners CEO Damian Huntingford discussed this unconventional approach to due diligence and asset tracing during an interview with Finance Monthly.

Both chief executives came from high-ranking jobs in what they called their ‘previous lives’. Jonathan is a former senior police officer and Head of the UK’s International Corruption Unit, while Damian is a former Special Mission Unit Commanding Officer and OBE recipient. Both are able to draw upon more than 20 years of experience in their fields, and their teams are just as capable; Prevail Partners staff have backgrounds in UK Special Forces, and Intelligent Sanctuary team members have each spent more than a decade in financial investigation or litigation.

It is this unique kind of professionalism that has set the partners apart from the traditional firms and made them less prone to misconduct, according to Jonathan. “There's been parliamentary enquiries into the way investigators conduct themselves in the private sector,” he said. “There's been untold cases overturned because of the way people have conducted themselves. But I was a former senior police officer. Damian's a former senior military officer. And we have genuinely operated at the top of our game and have reputations and understand risk and how reputation can be lost -- not just for us but our client as well. And therefore, there is a very strong core value about what we do and how we do it.”

[ymal]

For the two firms, the partnership was a natural fit. Both company heads knew of each other as highly regarded professionals in their past careers, and the character of both organisations blended effectively. “We both know from our previous careers that there's often a difference between what might be legally permissable and what you're actually comfortable doing,” Damian said. “I think, as leaders, that’s something we’ve wrestled with numerous times at the pointy end.”

Already, their methods have been exceptionally effective. Between them, the two companies have traced, frozen or secured over $8 billion of misappropriated funds from business leaders and heads of state alike.

Damian credited the success of their ventures to their already-existing network of international connections and their ability to ‘command the cyberspace’. “That can involve, for us, other techniques around social media monitoring, and on occasion in the right instance there could be components of human intelligence, and even a physical dimension to that, providing it's appropriate to that particular jurisdiction,” he explained.

This multi-source intelligence has allowed Prevail Partners to pursue the fraudulent activities of a litany of high-profile individuals – among them Jan Marsalek, former COO of now-collapsed fintech firm Wirecard, who came to the company’s attention while conducting an enhanced due diligence investigation into the firm on behalf of a FTSE 250 company. “There were several red flags raised on that individual,” Damian said, “specifically pertaining to financial and reputational risk around him and his association with Wirecard.”

Through their investigations, Prevail Partners uncovered several transactions made by Marsalek using an avatar in the video game Second Life, which has in the past been used as a tool for financial fraud. This prompted a follow-up investigation, which uncovered further transactions between Marsalek and individuals in Russia, China and other nations that raised yet more flags. Though Prevail Partners’ warnings were not ultimately heeded, they were aware of Wirecard’s dubious financial activities long before news of its fraudulent operation emerged and Marsalek went into hiding.

“We both know from our previous careers that there's often a difference between what might be legally permissable and what you're actually comfortable doing.”

Fintech executives are far from the only subjects of Prevail Partners’ and Intelligent Sanctuary’s investigative work. Their teams have also tracked former Libyan Prime Minister Gaddafi’s looting of his state’s wealth, leading to $2 billion worth of funds being frozen through sanctions, and identified a global network of illicit assets in excess of $1 billion used by former Egyptian President Mubarak and his confidants. Dismantling complex financial fraud is a challenging and morally rewarding endeavour, which both CEOs identified as a key motivator in their decision to re-establish themselves in the private sector.

“My old world was about chasing down corruption and trying to uncover the pernicious side of it and recover the money that is laundered through the UK,” Jonathan said. “Well, we can still do the same thing through the private sector. In fact, I'd go as far to say in many ways probably more efficiently, because civil litigation is swifter, it can provide opportunity for early settlement, it's not conviction-based – requiring the conviction first and then recovery. So it's also about the ability to still do good, but in a commercial space.”

With both companies’ capabilities now working in tandem, we can expect to see Prevail Partners and Intelligent Sanctuary continuing to set new standards in asset tracing and due diligence going forward.