iNFRont Magazine - Financial Crime Edition

CeFPro® magazine for non-financial risk professionals

FINANCIAL CRIME SPOTLIGHT

Navigating the shadows of financial crime and sanctions

Managing risk in an adverse economic environment

Insight from HMRC, Nomura, and China Construction Bank

INSIDE THIS ISSUE

Risk alert: detecting fraud risk

Leveraging operational risk for fraud defenses

Modeling financial crime

Developing approaches for more advanced capabilities

Research roundup

Financial crime spotlight from the CeFPro research team

Navigating global sanctions risks

Interview with Head of US BSA/AML & Sanctions Compliance, BBVA

Happy Holidays from

Managing increased financial crime risk and opportunity in an adverse economic environment

Kevin Newe, HMRC, Hee Jung, Nomura, Igor Sumkovski, China Construction Bank, London Branch

Using operational risk frameworks for managing fraud risk

Chris Hubbard, Danske Bank

Financial Crime USA research roundup

LAW ENFORCEMENT FEATURE

When personal and professional worlds collide: how a financial crimes investigator became a victim of identity theft

LAW ENFORCEMENT FEATURE

Key financial crime stats and losses

Jeremy Ross, U.S. Department of Homeland Security 17

18

Investment fraud: crypto, social media and communication

Gareth Dothie, City of London Police

RISK FOCUS

Navigating complexities in sanctions enforcement from a global perspective

Kristine Cang Cuesta, BBVA 20

RISK ROUNDUP

Developing financial crime modeling approaches to more advanced capabilities

Behrouz Raftari Tangabi & Suvadeep Adhikari, ING

TALKING HEADS

What do you see as the next trend in financial crime, including fraud, and how can organizations prepare?

Happy Holidays from CeFPro!

Reflecting on 2023 and the road ahead for iNFRont

As we approach the closing of 2023, CeFPro is excited to announce that our 2024 schedule will be jam-packed with a diversified event portfolio and more ways to deliver up-to-date and real-time content to our audience.

2024 will see the launch of a rebranded iNFRont Magazine, after an extensive research period with our readership on what you are looking for. Issues will increase in frequency and feature real-world examples and case studies for you to apply examples, lessons and case studies to your role.

With 2023 marking a clear and definite return to live events, iNFRont has been front and centre at all CeFPro events in London, New York, Nashville, and Charlotte, addressing critical issues including ESG, technology, advanced model risk, and financial crime, amongst many others.

In this issue of iNFRont Magazine, we have focused specifically on financial crime and how it has evolved in relation to increased global volatility and geopolitical risks. This issue also addresses the changing sanctions landscape and how organizations with a global footprint must consider variations and nuances across jurisdictions. CeFPro’s editorial team interviewed experts across the industry from organizations such as HMRC, Nomura, Danske Bank, BBVA, ING, and many more, to collate a global view of the financial crime landscape.

The law enforcement section of this issue features interviews from the City of London Police and the U.S. Department of Homeland Security on their experiences with the rise of cryptocurrency and identity theft.

Looking ahead to 2024, iNFRont Magazine has some exciting issues planned, which will focus on ESG, with a specific focus on the outcomes of COP28, alongside features on third party risk, model risk, resilience, non-financial risk, cyber, and technology.

The team here at CeFPro would like to thank you for your support in 2023 in reading and sharing this magazine, and we look forward to working with you in 2024 to deliver a broader spectrum of content.

Wishing you all very happy holidays, and a healthy and prosperous new year!

Best wishes

CeFPro Editorial Team

We welcome contributions.

If you or your organization are interested in featuring in our next issue, please contact infront@cefpro.com CONTENT AND AUTHOR SUBMISSIONS infront@cefpro.com ADVERTISING & BUSINESS DEVELOPMENT

If you are interested in sponsorship and advertising opportunities, please contact: sales@cefpro.com

www.cefpro.com

Managing increased financial crime risk and opportunity in an adverse economic environment

Financial professionals must assess the increasing financial crime risk and opportunity in the current adverse economic environment.

From legislative and policy developments to geopolitical effects, Kevin Newe, Hee Jung & Igor Sumkovski discuss the current landscape that financial crime silos are operating in.

Hee

Igor

China Construction Bank, London Branch

What financial crimes are increasing, given the economic downturn and the negative economic environment?

Kevin:

In addition to collecting taxes and duties owed, HMRC provides financial support to businesses and individuals. Inevitably, some people take this as an opportunity to manipulate or exploit such support schemes. Recently, people have been sharing advice and expertise on social media about exploiting HMRC, such as by making false repayment or tax credit claims. Therefore, working extensively with social media companies to address these challenges is vital.

Additionally, HMRC must continue to address organized crime risks, as they can differ from lower-level attacks on our systems. By value, in terms of the tax gap, one of the biggest organized crime threats in the UK has been tobacco smuggling. However, the pattern of traditional tobacco product use is changing as society is switching to vaping; as such, HMRC is seeing an increase in criminal gangs exploiting vaping markets and introducing counterfeit vapes into the system.

While technological advances have increased consumer choice, they are not without risk of exploitation, including money laundering. For example, in entering the market so quickly, electronic money institutions might not develop sufficient transaction monitoring processes, or be aware of the types of suspicious activity they might be exposed to.

Igor:

Financial crime exists under both negative and well-performing economic environments. However, we see increased financial crime risks, specifically bribery, corruption, and fraud, during periods of economic downfall. The risk will depend on the jurisdiction and the industry specifics, with some industry sectors being inherently more prone to these risks. For example, even in an economic downturn, firms are still expected to be profitable; the industry sectors with complex supply chains, where more third parties are involved, are likely to face an increased risk of bribery and corruption via the interactions between third-party external consultants and public representatives.

Another example are the bounce-back loans the UK government introduced during COVID-19, which had good intentions, but the reality meant that participating banks were overrun with applications. At the same time, the government and public expectations were to act fast and approve these loans to allow businesses to carry on as usual. As such, there was potential for some details to be overlooked. Subsequently, there were estimated losses of £1.1bn due to fraud from this scheme.

In times of economic downturn, there is also an increased focus from regulators; thus, there is more scrutiny, which sometimes results in fines being imposed on firms. From a financial crime perspective, this reinforces the importance of fighting financial crime.

What are some of the legislative and policy developments to come from the Economic Crime & Corporate Transparency Bill?

Kevin:

The commitment at a senior ministerial level has been powerful, with the March release of the Economic Crime Plan 2. The Home Secretary, Chancellor, and, other senior banking representatives in the UK are backing the plan to develop and finalize proposals beneficial to both the public and private sectors.

Russia’s invasion of Ukraine has forced increasing transparency in the register of overseas beneficial ownership. This aligns strongly with the Economic Crime Plan 2 and its fundamental impact onto the role and remit on Companies House. It should be said that this will not happen overnight, as there is 3 to 4 years’ worth of delivery.

Another thing that has attracted interest is the idea of a “failure to prevent” offense. HMRC has focused on the failure to prevent the facilitation of tax evasion, though a similar provision for bribery already exists, with talk of a further separate offense for money laundering. Yet the argument for not specifying money laundering is that regulations cover the most at-risk firms, and we already have a substantive investigative toolkit and money laundering sanctions in the Proceeds of Crime Act. It is known that people within the private sector want guidance to complement the general principle of what the law requires. Therefore, the next step for the government is clarity as to what is included in that failure to prevent. From an HMRC perspective, the value of the failure to prevent was not so much catching firms out, but rather about the education for firms, particularly those outside of the regulated sector.

are struggling to progress. Settling into the company and progressing their experience and skills is challenging, as financial crime experience does not come through the digital environment. It is essential to have hands-on learning from peers, colleagues or seniors, and leverage their experience. However, personal contact is now limited due to continued work from home. Additionally, AI is coming in and replacing many of the standardized investigation processes, which are often where the experience is produced.

How has the current geopolitical situation affected the prevalence of financial crime?

Kevin:

The current Director General of the National Crime Agency made a compelling link between Russiansanctioned entities and organized crime groups in the UK. While we might think there is a distinction between sanctioned entities and organized crime, there is a direct and overt link in terms of helping facilitate the movement of assets that would otherwise be sanctioned and, therefore, frozen out of the UK. These assets often end up in jurisdictions that perhaps have no sanction regime, or are more tolerant of flows coming in and out.

In broad terms, professional enablers are no different in being willing to support a sanctioned entity or an organized crime group. For example, Russian gold is subject to sanctions, and we have seen a growing trend in organized crime groups using gold rather than cash. So, it makes sense for there to be an overlap between the two, not least given the global prominence of the UK’s bullion market.

Understanding what the postsanctions landscape looks like is a hot topic as the UK seizes assets, but what should be done with them? I do not think anyone has an answer, but it is at the forefront of everyone’s minds.

Igor:

and educate themselves on the new requirements.

Since February 2022, when the conflict in Ukraine started, we have seen several waves of sanctions from the UK. Professionals have had to educate themselves on certain things, such as assessing the price of oil per barrel, as it indirectly links to compliance with sanction regimes. If a UK bank complies with the UK and UN sanctions, it might not be enough, as they may need to comply with US and EU sanctions to avoid hefty fines. The sanction regimes’ divergence means we need to be careful how we approach geopolitical tensions.

Going forward, there is potential to see more complex sanctions, akin to the Russia sanctions, if not more complex, across different geographies. Financial crime professionals must keep educating themselves and keep private and governmental agencies working in collaboration. At times, the guidance for sanctions has been open to interpretation, which can cause financial crime professionals to be conservative and act in a way that prevents businesses from operating effectively.

Hee:

The current environment mainly focuses on Russia, but as the political appetite changes, especially the US appetite, we do not know which country will be the next target. The primary focus should be on the risk appetite of the entire institution and fund. People can focus on and emphasize vigilance throughout day-to-day business activities by carrying out specific training. Not everyone is part of the financial crime investigation unit, so they may be unaware of something suspicious; therefore, detection will not be raised. The critical element is that the entire firm, every single employee, is concerned about fraud; this will give them a new level of vigilance to detect anything unusual through their business activity. This behavior is an important factor in fighting against

Using operational risk frameworks for managing fraud risk

The evolution of fraud risk management

I have been working in fraud for the past 15 years. Some things have hardly changed (for example, we still see BIN attacks in card fraud) but others are now unrecognizable (identification and verification used to be your mother’s maiden name and the details printed on your payment card). However, how fraud is managed within financial institutions (FIs) has evolved significantly. Risk management has changed, technology has changed, FI priorities have changed (it is no longer just about losses), and there

is something called “customer experience” now. Personally, I have found it a fascinating journey. It has become a hugely challenging and rewarding profession, particularly when you overlay the changes in how fraud should be managed as an operational and financial crime risk. Fraud managers are now accountants and data analysts; they need to understand legal terminology for regulations such as PSD2, advocates or customers, they are often asked to understand technology “stacks”, and be operating model experts.

Today, the evolution of fraud management is entering a new phase, with the convergence of financial crime risk types. This development has manifested itself in various ways across the industry; for example, my role as Head of Fraud sits within the financial crime compliance department, which in turn manages all financial crime risks together. This evolution is driving institutions to work on the synergies between these risk areas, and the term “FRAML” (love it or hate it) is now commonplace in

financial crime strategy discussions. If you look at the UK, pending legislation focusing on money-mule accounts by the payment services regulator (and the associated financial liabilities), will further accelerate the need for synergies across financial crime risks.

Operational risk should be a bedrock of fraud management

While the components of managing fraud have expanded throughout the last 15 years, fraud has always been managed as a business risk. In the last 5-10 years, fraud has landed firmly under the more focused umbrella of “operational risk management within FIs.” This is a pragmatic evolution, as operational risk management frameworks work well for understanding fraud risk, assessing it, and mitigating it:

• By working more closely with operational risk functions, fraud teams can now demonstrate how they understand the different types of fraud risk (this is done by building detailed taxonomies)

• Fraud teams can then show their business stakeholders what type of impact these risks might have (through inherent risk assessments)

• Fraud teams can drive activity within the business by illustrating how effective current controls are and where activities are required, to ensure residual risk levels are acceptable.

In addition, the fraud team can set the standards for managing fraud across the FI by issuing policies and instructions, and defining risk tolerance. By using these frameworks, fraud teams can translate the work they do and are passionate about into a language that business owners understand, e.g., a robust risk assessment will give a risk owner all they need to know about their financial loss exposure, how fraud can impact customers, what the reputational impact might be from ineffective fraud management, and also how a regulator could react if key risks did materialize. The other benefit of these frameworks is that they are designed to flex when the world changes, and fraud is one of the fastest-moving risks an FI faces. Now, the fraud manager feels like a part of the business family; they now speak the same language as their peers and can clearly show why fraud is one of the most important risks to be managed, as well as why fraud management can be a differentiator from a product perspective.

It is now time to use risk frameworks as a springboard I believe using operational risk frameworks for fraud is a foundational step towards the future of fraud risk management. The next stage in enhancing the science of fraud management is to forge the operational risk structure together with a total cost of ownership model, to allow a truly risk-based approach to managing fraud. With this approach, a fraud manager can move from a semi-proactive method towards driving a truly comprehensive risk strategy.

So, what does a “truly comprehensive risk strategy” look like? For a fraud manager, the “truly comprehensive” comes from having a single view of how fraud risks affect your institution, or if you can compare performance within an FI or against peer institutions. By using total cost of ownership models (which are fed by operational risk management activities) to build a total cost of fraud structure, a fraud

manager can assess their performance, and can see details of all the elements that contribute to managing fraud.

An FI’s fraud-related costs are incredibly broad. They will include your fraud strategy people, regulatory compliance resources, fraud operations, risk-management governance overheads, technology landscape, customer experience impacts and benefits, and of course, fraud losses. Building a capability to understand the interconnectedness of these elements gives you a new level of transparency. Building this transparency lets you understand the performance of these elements and allows for effective, as well as and changes of pace. Just imagine being able to understand every element of the fraud value chain, providing insight on the performance of each element as part of a single view, but then also being able to show how those different elements are interlinked, e.g., how a poor performing fraud detection system directly impacts your fraud losses, increases customer interruption (and associated complaints and attrition), and exposes you to regulatory scrutiny. Or, it could show that an FI is being too aggressive with its fraud strategy, and while keeping losses low, is driving an unacceptable number of complaints. This model would allow these scenarios to be played out and the impact assessed holistically; business cases for changes would be significantly stronger and more accurate with this level of insight sitting behind them.

Can we think even bigger?

For an FI, having this “total cost” view of fraud risk would be a significant milestone. But we do not need to limit the ambition. If we look further into the future, the total cost of the fraud approach can be expanded at an industry level. Nirvana for a fraud manager would be to proactively manage the total cost of the fraud model (and, by default, their risk), but also to know how their model performance could improve.

If you look at the U.S. consumer market, everyone has a FICO score. It basically says how good you are at managing your money, and it is made up of multiple factors, all of which are assessed, and contribute to the overall score.

I believe that taking that logic and creating a performance and capability score for fraud management is perfectly achievable. I would see it looking like a FICO score, but for FIs; the score would be made up of sub-scores from all the contributing factors. What capability does your technology give you? Best in class? Well, that is a 9 out of 10 for that segment. Are you still building out your capabilities? That is a 6. Then you keep repeating this activity looking at your regulatory compliance, fraud operations model, risk management structure, strategy approach, customer experience, losses, and even cultural maturity within the organization. Having a clear set of criteria and scoring could lead to a much smarter self-assessment and real insight into performance.

Building a capability to understand the interconnectedness of these elements through the total cost of fraud gives you an industry-leading fraud risk management capability; really understanding the relative performance of these elements and prioritizing your efforts puts you in the world-class category. This way of managing fraud risk is getting closer all the time, and it shows how far the discipline has come since the largely one-dimensional view of fraud management I had when I first entered the field.

Financial Crime USA research roundup

In this feature the results from CeFPro Events’ Financial Crime USA Congress’ extensive research project are reviewed. CeFPro’s dedicated research team conducts extensive research with industry leaders across a range of organizations, ranging in scale to ensure diversity in challenges, and consensus on key developing trends on the horizon for 2024. As global geopolitical tensions continue, the focus on financial crime continues to rise, as a host of regulations look to both strengthen the increased risk of internal fraud from in an economic downturn, through to the everevolving sanctions regime. As tensions continue and develop further in the Middle East, the future of sanctions remains unclear, though what is clear, is that there remains much work on the horizon for financial crime teams.

REGULATION

The first area to highlight was regulatory change and the diversity of expectations within financial crime, AML, and fraud. Anti-money laundering regulation continues to advance, with the AML Act, Bank Secrecy Act, and among others remaining top of mind for risk teams. As organizations grapple with developing a roadmap and understanding best practices to implement the AML Act into programs, they also have an eye on the future and what could be on the horizon to ensure program flexibility.

With the AML Act spanning a broad range of areas for focus, organizations are grappling with prioritizing the extensive list set out by FinCEN, which includes1:

• Corruption

• Cybercrime, including relevant cybersecurity and virtual currency considerations

• Foreign and domestic terrorist financing

• Fraud

• Transnational criminal organization activity

• Drug trafficking organization activity

• Human trafficking and human smuggling

• Proliferation financing

Part of the AML Act includes the Corporate Transparency Act and beneficial ownership, as outlined by FinCEN. Launched in September 2022, the beneficial ownership information reporting requirement looks to crack down on illicit finance and enhance transparency. Coming into effect January 1, 2024 with initial reports filed for January 1, 2025, research outlined the key challenges in moving towards implementation, alongside considerations for long-term use of the registry. Alongside the AML Act and its associated expectations, comes evolving expectations and requirements for sanctions. As geopolitical risks continue to escalate, organizations are reviewing what changes may be on the horizon and what tools can ensure compliance.

Aligned with some of the tracking aspects of beneficial ownership, sanctions changes require a clear view of who organizations are working with to ensure sanctioned individuals and entities are captured in reviews. Alongside the initial implementation when changes arise, comes ongoing monitoring and full reviews of new business to detect circumvention attempts.

CYBERSECURITY

The second big topic of discussion centered around the continued cybersecurity and ransomware threat. As cyber criminals continue to advance and leverage technology, organizations must enhance cyber defenses to protect against the evolving threat. Infrastructure investments to detect and mitigate vulnerabilities, alongside preventative controls, continue to escalate. As we continue to observe an industry trend toward enhancing resilience, business continuity plans continue to evolve and strengthen. An interesting debate centered around the increased observance of ransomware attacks to organizations. As cyber-attacks are increasingly being weaponized and used in political warfare, sanctions teams must ensure that sanctions are not being breached by paying a ransom to sanctioned individuals. Ransomware remains less common than approaches such as phishing, but remains a threat to both organizations, individuals and consumers. Although ransomware attacks appear to be reducing in frequency and success, an evolution has been observed, from charging victims a decryption code, to threatening to release or sell data. This is a significant threat to organizations that protect sensitive customer data. Some key stats around the evolution of ransomware include2:

Attacks dropped 23% in 2022 compared to 2021

In the first half of 2022, there were an estimated 236.1 million ransomware attacks globally Ransomware accounted for 20% of all cybercrimes in 2022 90% of ransomware attacks fail or result in zero losses for the victim 20% of ransomware costs are attributed to reputation damage

1 https://www.fincen.gov/sites/default/files/shared/AML_CFT%20Priorities%20(June%2030%2C%202021).pdf

2 https://aag-it.com/the-latest-ransomware-statistics/

Financial Crime

USA returns to NYC this March 12-13.

Hear from subject matter experts as they discuss:

• The upcoming AML Act

• The impact of global geopolitical volatility

• Leveraging technology to identify sanctions evasion

• Enhancing cyber defences to protect against evolving threats Visit www.cefpro.com/financial-crime to view the full agenda.

Organizations continuously look towards leveraging the power of technology to aid and streamline risk processes. The role of technology, as both a risk when leveraged by bad actors, and an opportunity to further identify threats, continues to advance as more understanding and investment is conducted. The financial crime landscape remains turbulent, with continued attacks and evolving fraud techniques. Organizations must remain vigilant and stay ahead of trends and advances in order to stay current. Disaster recovery and business continuity plans are more vital than ever to ensure a speedy recovery and minimize the risk to the organization, customers and ultimately business reputation.

2-in-1 conference

Key financial crime stats and losses to FI’s

Key financial crime stats and losses to FI’s

Financial crime is a growing and complex part of the financial industry. With new regulations, sanctions, and risks emerging, it is becoming increasingly difficult for organizations to navigate the fraud and financial crime landscape. It is essential to explore all aspects of the threat in order to mitigate risk and losses. The following statistics provide an understanding of what the industry is currently facing, while also looking forward to preparing for future events.

LOSSES

STATS

Worldwide, criminals launder between $800 million and $2 trillion each year, with 90% of money laundering crimes going undetected

Source: aml rightsource

Investment fraud rated as the highest type of cyber-crime fraud in the US in 2022

Source: Statista

An estimated 1 in 15 adults were victims of fraud in the year ending September 2022 in England & Wales

Source: National Crime Agency

Less than 2% of annual criminal proceeds in the EU are recovered by European authorities

Source: Chartered Banker

£726.9M £350BN $120M £485.2M

Authorized Push Payment (APP) losses

Source: Chartered Banker

Unauthorized fraud losses (losses across payment cards, remote banking, and cheques)

Source: Chartered Banker

UK losses annually to fraud and money laundering

Source: The Times

Average cost of digital payments misuse for FIs 2022

Source: PYMNTS

It is estimated that within the EU, only 2.2% of criminal proceeds are seized, 1.1% are confiscated, and very little is returned to victim populations

Source: Transparency International EU

LOOKING AHEAD

69% of global executives and risk professionals surveyed expect financial crime risks to increase over the next 12 months

Source: Kroll

Digital fraud losses are anticipated to surpass $343 billion globally between 2023 and 2027

Source: NiceActimize

The global cost of cybercrime is expected to top $10.5 trillion by 2025

Source: NiceActimize

The global AI market surrounding cyber security is expected to grow at a compound annual growth rate (CAGR) of 19.43% between 2023 and 2032, and expected to reach $102 billion by 2032. This further emphasizes the importance of AI and ML in the fight against AI financial crime

Source: JCW Resourcing

LOOKING AHEAD TO 2023, WHAT TYPE OF FRAUD IS YOUR ORGANIZATION MOST CONCERNED ABOUT?

Source: ComplyAdvantage, State of Financial Crime 2023

Fraud and Financial Crime Europe 2023 Overview

CeFPro’s Fraud and Financial Crime Europe 2023 Summit provided the perfect balance of learning, networking, and meeting industry-leading vendors from across financial crime. The 2 day event delivered reviews of the current fraud and financial crime landscape, and advised attendees how to leverage technological advances to mitigate risk.

According to the latest data from the Crime Survey of England and Wales, there were 3.7 million cases of fraud reported in 2022. However, it is estimated that 86% of all fraud cases go unreported, making the actual number of fraud incidents much higher; this is just one of the reasons why preventing financial crimes is a top priority for regulators, and why fraud and financial crime events are pivotal. Additional legislative developments, changing regulations, and new sanctions create unknown risks and more significant legal uncertainty across the industry; therefore, understanding and addressing these challenges is essential.

Some key focuses of the event were regulations, sanctions, AI and machine learning, and social factors of financial crime. With over 30 industry professionals from various sectors speaking on numerous topics, delegates had opportunities to speak one-on-one with thought leaders. Knowledge was shared and absorbed throughout, particularly during the networking breaks, the lunchtime vendor-led roundtables, and the interactive sessions which incorporated Q&As.

Day One

“After 2 years of the pandemic, it's really good to meet people and have conversations in person. Just to have talks in the cafeteria is very informal but very, very valuable. Meeting people with similar problems or challenges and being able to discuss how to tackle and learn from them is important, as well as finding out the newest trends in the industry. So, there’s a lot of value in them.”

The event’s first presentation was by Robertson Park, partner at Davis Wright Tremaine LLP, who spoke about the current regulatory landscape and what changes professionals can expect. By addressing the regulatory emphasis in the US, Robertson was able to identify the global and transnational impact of sanctions, anti-money laundering, privacy laws, suspicious activity reports, and whistle-blower rules. When catching up with Robertson after his discussion, he stated the key takeaway from his regulatory session was:

“The arc of global collaboration and enforcement among US and international law authorities continues to trend up. This means you have to be thinking globally as a company about where your risks lie. Whether, for example, you’re a US company with significant Asian operations, or a French company with Asian operations and Indian sourcing, you have to think globally and be conscious of what’s on the horizon.”

In line with changing regulations, sanctions have expanded globally and exponentially in recent years, causing enforcement authorities to significantly increase collaboration. The sanctions imposed on Russia due to the invasion of Ukraine highlight how financial institutions worldwide have the power to impact the war, in addition to stopping criminal activity. In the second panel discussion exploring sanctions, the Head of Global Sanctions Advisory at Deutsche Bank, Director of Wholesale Banking Sanctions at ING Bank, and Head of Sanctions Compliance at Nordea explored how organizations can create monitoring and detection methods for sanctions evasion and breaches. Included in the discussion were topics such as identifying red flags and how to track behavior patterns of sanctioned individuals.

The lunch break was successful as delegates sat around tables with partners and sponsors. Davis Wright Tremaine, Experian, IMTF, Milbank, and Mishcon de Reya were all deep in conversation with delegates and speakers, exchanging business cards and ideas; the networking breaks were a highlight of the event, providing an opportunity to advance ideas beyond the auditorium.

In an after-lunch panel discussion focusing on the fraud landscape, the panelists spoke about the increasing use of technology by fraudsters and the ongoing battle between defense and attack. The fraud landscape has evolved significantly over the last decade, with increasingly sophisticated approaches being adopted by individual fraudsters and large criminal organizations that wish to defraud large institutions and individuals across the globe. Panel moderator Rob Wynn Jones, Partner, Mischon de Reya, comments on how the industry is coping with this:

“Combating these fraudsters is a massive task, but we’re finding ways to do it. We collaborate with larger investigators that use AI-enabled technology to help us track down fraudsters and their networks, which are often multi-jurisdictional.”

Across the globe, serious criminal activities such as human trafficking, modern-day slavery, and funding terrorism through the arms trade are driven by the desire for profit. As money laundering goes, criminals constantly innovate ways to inject ‘dirty’ money into the global financial system. One way that they have been able to launder money is through cryptocurrency. Since 2019, there has been over a 100% increase in money laundering through crypto; in 2022 alone, illicit addresses sent nearly $23.8 billion worth of cryptocurrency. Sam Bawtree from HMRC, who spoke on the matter at the summit, explains how this was able to develop so rapidly:

“When looking at the development of the crypto asset ecosystem, not only in the UK but across the globe, arguably, COVID pushed it forward. With everybody being at home and forced online more, people are looking for a way of trying to make a bit of money, the quickest way to make a buck if possible. But we’re also seeing a lot more bad actors in the ecosystem, which is worrying for us, so we’re trying to do as much as we can to try and combat that.”

Day Two

Day two of the event provided insight into how cross-sector professionals can work together to tackle fraud and financial crime within financial services. Similar to day one, the networking options were ample, as delegates discussed the previous day’s sessions and those to come throughout day two.

The first two sessions explored managing increased financial crime risk and opportunity in an adverse economic environment, and developing financial crime modeling approaches to more advanced capabilities. The following two sessions were on AI and social media, which are both topics that CeFPro has explored extensively. Go to www.cefpro.com/connect to view articles based on these topics.

The final presentation of the morning sessions explored internal fraud from the compliance perspective of Alicja Hellak, Group Compliance Officer, Compliance Reviews from Commerzbank AG. Basel II defines internal fraud as “losses due to acts of a type intended to defraud, misappropriate property or circumvent regulations, the law or company policy, excluding diversity/ discrimination events, which involves at least one internal party”. But what could motivate someone to “bite the hand that feeds them”? It is no secret that the working population is struggling financially to make ends meet as the cost-of-living crisis continues; therefore, turning to internal fraud could be seen as the only way out. When speaking to Alicja after the presentation, she said:

“The most important thing is for organizations to start thinking about increased risks of internal fraud, identify red flags, and put controls in place to prevent internal fraud from occurring.”

As the presentation continued, the audience became more engaged by sharing ways to manage the risks. The lawyers in the audience expressed different views, which sparked a lively debate on appropriate steps once internal fraud is identified.

Following on from another great set of networking opportunities, Nicholas Clark, a fraud expert at the European Payments Initiative, presented on how technology is changing fraud. An interesting part of the session focused on the importance of data sharing when fighting financial crime. If companies can share data, then fraudsters or bad actors can be caught quickly. An example of this was given: if a person’s account was closed by one bank due to criminal activity, that information can legally be shared with other banks, which would flag that person if they tried to open a new bank account with a new bank. Nicholas goes on to say:

“Everybody is entitled to open a bank account, but it’s good to be able to legally share this information with other banks.”

Overall, the 2 day event allowed industry professionals to learn and network with peers, colleagues, and speakers. Further insights are to come. Make sure you are signed up to CeFPro Connect for updates. Visit www.cefpro.com/connect to set up your free account.

Couldn’t make Fraud & Financial Crime Europe? Join us for the sister event, Financial Crime USA in NYC on March 12-13. For full information, visit www.cefpro.com/financial-crime

When personal and professional worlds collide: how a financial crimes investigator became a victim of identity theft

Homeland Security Investigations Office

U.S. Department of Homeland Security

Jeremy Ross is a Supervisory Special Agent with Homeland Security Investigations (HSI) in New York. Joining the agency in 2014, he now oversees its Major Frauds Group, which falls within HSI’s premier El Dorado Task Force. His group tackles financial frauds ranging from cryptocurrency-related offenses and white-collar crimes to identity theft and scams targeting the elderly. His personal and professional lives collided 2 years ago, when he realized that he – an investigator skilled in tackling financial crimes – had become a victim of identity theft.

For the past 2 years, I have overseen HSI New York’s Major Fraud’s group of agents, analysts, and task force officers, who spend their days, weeks, months, and even years meticulously poring over evidence of financial crimes.

I have been a member of law enforcement for 24 years, but I am not immune to becoming a victim myself. That reminder came about 2 years ago, when I received a letter from a bank I have never used, regarding an account I had not opened.

I came to learn it would be far from the last time this would happen.

Over a 4-month period, six different bank accounts were opened in my

Investigators often use the term “KYCs” to describe ways in which institutions know their customers. Throughout my experience, I felt like none of these typically expected and very necessary steps were being taken to prevent bad actors from opening accounts in my name, despite that such behavior was completely out of the norm for me. Gone were the days of the KYCs.

You think you are the victim of identity theft — what now?

It is imperative that any person who believes they are a victim of identity theft files a police report immediately. Documenting the incident is the best course of action in terms of signaling to banks and other law enforcement investigators that you are the victim, rather than the perpetrator. It serves as a form of explanation, and could be one of your only serious lines of defense.

Once your information is out there, it likely always be. But there are additional tools the public can use to protect themselves or prevent further identity theft from occurring.

The Federal Trade Commission offers a way to report possible instances of identity theft, and further guides them in how to move forward.

Furthermore, I have learned banks typically utilize a program called ChexSystems, which allows a person to register as a victim of identity theft. It goes beyond that which a typical credit check might include, because it also applies to banking and debit accounts. It stops short any person who tries to open a

line of credit or bank account in flagged names.

But most importantly, in order for ChexSystems to work, bank employees must exercise due diligence in using it. Through my time as an investigator, coupled with what I know now as a victim, I have learned that criminals will continue to evolve as a means to meet their illicit goals.

Despite being the victim in my case, it would have been easy to understand how any investigator could have suspected me of being the violator of some serious movement of money. But with the length of time banks spend identifying the true victim and violator in each case, the actual perpetrators have often already begun targeting someone new.

It is up to us – law enforcement agencies and banking institutions – to adapt as quickly as the criminals. In turn, we can not only prevent identity theft from costing the banks exorbitant amounts, but also threatening hardworking individuals’ livelihoods.

About Homeland Security Investigations

HSI is the principal investigative arm of the U.S. Department of Homeland Security, responsible for investigating transnational crime and threats, specifically those criminal organizations that exploit the global infrastructure through which international trade, travel, and finance move. HSI’s workforce of over 10,400 employees consists of more than 6,800 special agents assigned to 225 cities throughout the United States, and 93 overseas locations in 56 countries. HSI’s international presence represents the U.S. Department of Homeland Security’s largest investigative law enforcement presence abroad and is one of the largest international footprints in U.S. law enforcement.

The increased public knowledge and interest in new technologies, particularly cryptocurrencies, has created new fields of investment and research. Genuine pioneers in these emerging fields have reaped the financial rewards. However, wherever there is public interest, fraudsters will see opportunities to boost interest in their false products.

Fraudsters are quick to pick up on investment trends and create new companies to capitalize on them. This has been seen in property development booms and green initiatives, such as carbon credits. From 2021 to 2022, the number of investment frauds reported went up by over 10% and the losses by over 30%. Cryptocurrency investments form a part of this upward trend.

Some of the hype around cryptocurrency investment, particularly away from traditional news media, has been about the getrich-quick success stories, where the value of a cryptocurrency multiplies overnight. This can happen when an investor gets in at, or before, an initial coin offering (ICO). The value of this to a criminal is that the cryptocurrency need not be available on the market, listed on an exchange, or potentially even functional.

On top of this, fraudulent investment companies conduct their own advertising campaigns, create glossy brochures and use all other marketing tools at their disposal, just like any other company. This gives them huge reach and near-borderless access to potential victims. This scale and corporate veneer can make it difficult for customers to spot a criminal company among credible vendors in the marketplace. The influence of social media has risen sharply in

Investment Fraud: crypto, social media and communication

recent years. Several social media outlets are gaining traction as the sole means by which young people access the news and conduct research.

Studies have shown that a large number of 18-23 year olds are actively investing based on advice found on social media, and that half of these investments start with crypto. An online search reveals numerous articles from various sources discussing the proliferation of fraudulent and misleading investment advertisements on social media platforms.

Public interest in an investment type and its regular appearance in the media, whether traditional or otherwise, is likely to impact the types of investment people are interested in. Social media attracts a younger demographic than other media types, and crypto has a counter-culture following, and an audience that is more interested in technology than finance. This combination has created an investor and victim profile different from that seen in the past.

Although these factors may lead someone towards investing in a particular product, it is usually the deliberate actions of criminals that seal the deal. Criminals use what they call “sucker lists.” The consumers on these lists may be more susceptible to fraud. Criminals then use coercion, control, grooming, pressure tactics, and any other techniques they can use to get a victim to commit money.

Investment fraud companies intentionally target consumers that Louise Baxter MBE, Head of the National Trading Standards Scams Team, describes as “situationally vulnerable” and “marketplace vulnerable.” Everybody moves in and out of periods of vulnerability. This can be caused by,

for example, mental health, financial difficulties, bereavement, relationship breakdowns, or a lack of relevant information. These situations can make consumers more susceptible to fraud and scams.

Communication methods and ways of accessing information have never been as diverse across society as they are now. Organizations need to consider who they are talking to and how best to get their messages across to protect customers. A mass email may reach the greatest percentage of customers, but may miss those who prefer postal communication and those who rarely communicate outside social media. Ultimately, content that lacks audience targeting risks being ignored.

If information is power, then withholding information from segments of society due to limited communication methods or convoluted language can render individuals vulnerable to fraud. For example, the government requires that contributors to the GOV.UK website write for a 9-year-old reading age to ensure the best possible understanding across society.

There are also excellent resources available to help companies and customers such as Action Fraud, Take 5 to Stop Fraud, both of which are provided by London Police. These resources empower individuals to make informed decisions and protect their investments in an increasingly complex landscape.

As the national lead force for fraud, the City of London Police runs regular “protect and prevent” campaigns related to economic and cyber-crime. They also provide help and advice to victims of fraud in England and Wales.

Where are you seeing some disparities in approaches across different jurisdictions in sanctions?

As a compliance officer of a US branch of a European financial institution, my focus is on the US and EU. I find it important to stay abreast of significant changes and updates within these regimes and understand their key differences. Oftentimes, I find that while the overarching themes can be similar, the devil can lie in the detail of the respective approaches. It is important to remember that although the US, EU, and other jurisdictions may sometimes have common goals – which in sanctions is to deter, prevent, and/or punish - they can have differing objectives and approaches to achieve those goals. The divergence across regimes can get complicated, especially when trying to understand how the requirements apply to global customers with an international footprint.

To use Russian sanctions as an example, many EU sanctions are identical or similar to the US sanctions because of the common goal, which is to impose consequences on Russia and ultimately thwart the war efforts in Ukraine. There has in fact, been significant coordination between EU and US regimes to maximize the impact of certain measures. There are, however, important differences due to the different exposures to Russia in the EU versus the US. In contrast to the US, countries in the EU have had greater dependencies on Russia for trade, energy supply, and investment. This has translated to differences in the scope of sanctions, such as the EU limiting restrictions on new investments only to certain sectors, such as mining, quarrying, and energy, as opposed to the US sanctions regime, which put a comprehensive ban on all new investments in Russia. Another example is the EU’s continuation to import Russian gas and LNG, while the US has prohibited such imports from Russia.

The key takeaway for compliance officers working for international financial institutions, is to stay aware of the differences in the sanctions regimes impacting the business and customer base, and ensure coordination with international compliance counterparts when navigating the range of requirements.

The last year has seen global turmoil. With the war in Ukraine and additional volatility on the horizon, what have you seen as the global regulatory approaches to sanctions?

There are thematic similarities to the global sanctions regimes regarding Russia, but key differences in the application and approach. In an effort to ensure the maximum impact of sanctions, there has been a high level of global coordination across regimes. One example is the joint action between the EU and the US, who blocked the 10 leading Russian financial institutions from accessing SWIFT. There was also cooperation in reaching an agreement on the G7 price cap for Russian oil exports, and the REPO (Russian elites, proxies, and oligarchs) taskforce was coordinated by the EU, US, G7, and Australia to find, freeze, and confiscate assets of sanctioned individuals.

Navigating complexities in sanctions enforcement from a global perspective

Many synergies have developed globally, specifically across the EU and the US, regarding sanctions against Russia. This has made coordination from the perspective of a global institution to some extent easier. However, it is important to stay aware of the key differences and areas where certain regimes can be more restrictive than others.

Can you outline some of the regulatory focus on sanctions circumvention and the work being undertaken?

With the imposition of major sanctions regimes against Russia over the past couple of years, there have been great efforts to prevent the evasion of sanctions by Russia and its allies. The US government has increased vigilance in its efforts to combat evasion of export controls and sanctions in many ways. One such example are the trade restrictions against Russia and Belarus, which have continuously escalated as the situation evolves. There has been a focus on evasion tactics by non-restricted entities operating as a front for sanctioned parties, with the issuance of measures directed at companies enabling the circumvention of trade

controls. OFAC is also continuing to expand the number of entities subject to US sanctions, focusing on Russian actors and non-Russian entities providing material support to the Russian war effort through the circumvention of trade controls.

In the US banking system, financial institutions have also proven critical in providing information to the government on sanctions and export control evasion through SAR reporting. Banks are actively identifying and reporting on suspected trade control evasion to the US government. In addition, FinCEN has recently provided a specific SAR code to indicate possible Russian trade control circumvention to streamline the identification of export control evasion to enforcement authorities. The SARs filed have provided key information regarding evasion; for example, identifying Russian agents establishing front companies outside of Russia to purchase US-origin goods, for the benefit of Russian or Russian entities. They have also been used to identify trends in shipment points for sanctions evasion and specific industries experiencing the highest volume of suspected evasion.

How do you see sanctions evolving as volatility continues or tensions slow? Unfortunately, from a global perspective, we are going through a period of time where tensions are increasing and geopolitical conflicts are rising. Given the continued war with Russia and Ukraine, the increasing tensions between the US and China, and, more recently, the Israel and Hamas conflict, it is difficult to anticipate any slowdown in the issuance of sanctions. The US objective will continue to be to weaken Russia’s stance as a player in the global economy and ultimately deter them from continuing the war in Ukraine. Until the war ends, the EU and the US will likely continue to cooperate and maintain current sanctions to enforce economic deterrence and punishment on a global scale.

One area that did recently show some easing was the US sanctions against Venezuela. In October, OFAC issued a number of general licenses to authorize limited transactions within the oil & gas sector in Venezuela, alongside limited secondary market trading of Venezuelan government bonds and securities. Despite these changes, it is important that institutions view sanctions holistically and keep in mind that relief could be temporary and conditional, even where relief is offered. In the case of Venezuela, OFAC has conditioned the relief on political reform, adherence to a more democratic electoral roadmap, and the release of wrongfully detained US nationals within a certain timeframe. Whether this easing is permanent or temporary has yet to be seen.

When anticipating any shifts to the sanctions landscape as a compliance officer, staying attuned to global political developments is key, as sanctions remain inherently dynamic and evolve in response to the ever-changing geopolitical landscape.

Developing financial crime modeling approaches to more advanced capabilities

Transaction monitoring is key to tracking and analyzing financial transactions to detect and prevent financial crime. Rule-based models are a common approach, but how can more advanced capabilities be used to better the model process? At CeFPro’s Fraud and Financial Crime Europe 2023 Summit, Senior Model Validators from ING discussed how new technologies can advance modeling approaches.

Transaction monitoring is the process of tracking and analyzing transactions to detect and prevent financial crime. The approach operates under the premise that unusual or suspicious transactions can highlight crimes such as money laundering and terrorist financing. Therefore, financial institutions must accurately scrutinize transactions to identify potential threats and take appropriate action. It is known that operational costs, time-consuming investigations, reduced efficiency, missed true positives, and reputational risk are all factors as to why transaction monitoring is a challenge.

Rule-based models represent a common approach in transaction monitoring, relying on predefined sets of rules, often formulated as “if-then” statements, to make decisions or predictions about the legitimacy of a transaction. While rule-based models have advantages, such as simplicity and explainability, they have several disadvantages. When asking Behrouz Raftari Tangabi prior to the session, “What are the key challenges with regards to rule-based models?” He said:

“Rule-based models are not flexible as they rely on predefined conditions, proving challenges in capturing complex patterns. This can be even more challenging in a dynamic environment where adaptability is needed, for example, in fraud cases. Maintaining the effectiveness of rule-based models can be a heavy and time-consuming exercise, especially when the number of rules grows. The modification of rules or adding new ones can also be challenging when there are dependencies or interactions between rules. As rule-based modeling heavily relies on expert knowledge, it requires continuous involvement from domain experts.”

Setting thresholds for rule-based models can be a complex exercise. Financial institutions must strike a delicate balance between being vigilant and not inundating investigators with excessive alerts. Maintaining rule-based models can be labor-intensive, requiring constant updates and adjustments to keep pace with evolving financial crime tactics. As the attention of investigators is distributed, they may have less time for suspicious cases and reputational risk factors that may be applicable to fraud.

With the limitations being outlined of rule-based modeling, Behrouz explains the advantages of moving to advanced modeling techniques:

“The advantages of advanced modeling techniques, mainly machine-learning modeling, can be summarized, but not limited to overcoming the disadvantages mentioned for rule-based modeling. Machine learning models are flexible and adaptable, allowing them to learn patterns and handle dynamic and complex scenarios. They have the potential to learn and improve over time, and offer exploratory analysis into data. Machine learning also has the potential to uncover hidden patterns and correlations, which may not be as straightforward through analysis done by experts.”

One advanced modeling technique is Automated Alert Prioritization, a complex process that involves multiple steps using machine learning and AI. While these types of automation are useful for reducing false positives and prioritizing alerts, it is important to remember that no model is perfect, and errors are bound to occur. It is crucial for financial organizations to understand the cost of false positives and false negatives, as relying only on AI for prioritization may lead to important alerts being missed. To mitigate these challenges, a possible strategy is to randomly select a few alerts that are claimed to be bad and check if AI has classified them correctly.

Another strategy to help mitigate the challenges posed is a logistic regression model. This is a useful tool for modifying rule-based systems, although training and monitoring the model in the same way as automated alert handling is important. Removing rule-based systems entirely and replacing them with a simple model like logistic regression is possible. This model is commonly used in credit risk assessments and is relatively simple to explain

in comparison to other models. One of the challenges with using logistic regression is obtaining labeled data around the decision boundary. This data is necessary for creating an accurate model to prevent incorrect results. Key performance indicators for monitoring the model include precision and recall; precision is especially useful for monitoring the model after handling alerts. However, it is important to be aware of the complexity of the model and what each metric means, as determining what a true positive or negative is can be difficult.

The explainability of models is one of the most important factors in the process. When asked, “How can financial organizations effectively maintain the explainability of models?”, Behrouz explains:

“Using simple and interpretable machine learning models, without sacrificing the model performance, is key. It doesn’t mean that sophisticated machine learning models can’t be used, but attention to explainability is essential. Other effective maintenance practices include only using features with predictive power, making visualizations for various aspects of modeling, and performing sensitivity analysis to see the impact of changes in model inputs on model predictions.”

The explainability of models should be at the forefront of advanced model documentation. It is essential for documentation not to be scattered and/or challenging to read, as often they are incomplete, disorganized, and missing information. This makes it difficult to understand the model, its relationship between input, design, and output, and the challenges within a limited time frame. In order to address this challenge, a single document that serves as a guideline template and overarching document could be helpful. It would provide a clear reference for those outside the modeling project, with all key components in one place.

As well as those mentioned already, Behrouz answers, “How can financial institutions advance

model documentation?”, providing more examples of how this can be achieved:

“Developing templates or guidelines that include an overarching document and highlight the model’s key components, including data sources, methodology, performance metrics, limitations, and weaknesses, is essential. Additionally, using plain language and ensuring the documentation is easily understandable, visualization aids such as flowcharts and graphs show the model design and key relationships, which can improve understandability. It is also important to establish control mechanisms to track changes to the model design, parameters, assumptions, and any other model modifications, including corresponding rationales and substantiations.”

Financial institutions face a delicate balancing act in transaction monitoring, where the stakes are high. Rule-based models and machine learning each bring their strengths and challenges. While it is tempting to envision a fully automated future, human expertise and oversight remain indispensable. The synergy between rule-based models and machine learning provides a robust framework for tackling financial crimes effectively.

As financial institutions continue to adapt and evolve in response to emerging threats, a multidimensional approach that combines the best of both worlds can help navigate the complexities of transaction monitoring. Ultimately, the goal is to protect the integrity of financial systems, while ensuring that legitimate transactions flow smoothly, and society as a whole continues to benefit.

Coming soon in 2024…

Fintech Leaders

A comprehensive business intelligence study investigating the current and future status of the application of technology within financial services. Addressing investment priorities, opportunities, threats, obstacles, and a ranking of the top 30 solution providers leading the fintech industry.

Pre-order your free copy here

TPRM:

Operational resilience readiness

Pre-order your free copy here

As financial services companies plan for and deliver new digital services to customers, there is a need to balance innovation with the right controls and measures to mitigate risk. As informed by TPRM professionals around the world, better understand how international institutions are remaining diligent and compliant through standardized stress exits, scenario testing, and supplier approaches.

What do you see as the next trend in financial crime, including fraud, and how can organizations prepare?

Robertson Park, Partner, Davis Wright Tremaine LLP

“The use of artificial intelligence is one of the next big opportunities and challenges within the financial services community. Unfortunately, fraudsters tend to be more agile in adopting new technology for their criminal activities, often leaving companies behind. This is an increasing risk area in concert with the proliferation of social media use, as companies often can’t fully control employee social media activity. AI can serve as an effective prevention tool, enabling compliance and legal departments to become more efficient and to get ahead of the fraudsters.”

Aisling Twomey, Money Laundering Researcher, IALS

“Not so much a new trend, but I anticipate a renewed focus on APP fraud and mulling following the recently released PSR rankings. These issues aren’t new, but preventing APP is challenging, and spotting mules can be harder still. Organizations need to consider their own customer book to work out how mules might be hiding among genuine customers. Organizations should avoid relying on high-level and vague red flags written in industry reports. Instead, we should think like a criminal - sketch out how they might mule and consult internal data to find and shut them down.”

Deepthi Machavaram, Head of Digital Financial Crimes Compliance Advisory, Morgan Stanley

“I believe automation and AI will be a big trend in fraud and financial crimes, as the outcome will be substantial increases in efficiency, decreases in cycle time, and decreases in return rates. The efficiencies will help reduce the need for human resources. Organizations can prepare for this trend by improving data quality and lineage and identifying use cases to leverage automation and AI.”

“AI is rapidly changing the landscape of fraud and cybercrime attacks. Currently, cyber-attacks like phishing emails rely on volume and are often low quality, with bad spelling or grammar, and are quickly identified as fraud. The introduction of AI poses a significant threat. AI that can write similarly to humans and collect personal data through social media can be weaponized by fraudsters, making the identification process harder with more tailored attacks. Organizations need to be aware and take necessary measures to protect themselves. One element that can help is using AI to catch AI and recognize communication that might be suspicious or the hallmarks of AI. Using AI to spot signs and assist in defenses to protect customers is important, though organizations will still rely on employees’ skills and knowledge.”

Xiaoling (Sean) Yu, Director, Financial Crimes and Liquidity Risk Modeling, Quantitative Modeling & Advanced Analytics, KeyBank

“The next big trend in financial crime modeling is the use of AI and machine learning techniques for advanced anomaly detection, context-based analytics, and network/graphical analysis to unravel complex financial crimes. Organizations should prepare by investing in these technologies, ensuring high-quality data management, training staff on new tools/methodologies, and adhering to evolving regulatory and ethical standards. This approach will enable more effective and adaptable financial crime detection and prevention.”