Money laundering newsletter issue 3 by Jürgen

MONEY LAUNDERING ISSUE 03

NEWSLETTER DECEMBER ‘13

FORE WORD

Money launderers are always looking for ways of disguising the true source of their wealth. Some developed countries, such as Malta, have characteristics that money launderers may find attractive. Understanding the social, political and economic environment of these developing countries is therefore a vital ingredient in the war against money laundering. The aim of this newsletter is to raise awareness on the importance in the fight against money laundering and the increasing recognition of the negative impact which enormous flows of illicit money can have on the financial sector.

AML MONITORING OFFICER

In line with technological improvements, a number of new alternative forms of payment have been introduced throughout the world in past decade in order to keep up the growing volume of electronic commerce. Acquiring institutions and service providers made it easier for payments to be made through the internet and serve as an electronic alternative to traditional paper money. Of course, alternative payment systems also open up the doors to alternative forms of money laundering.

JURGEN PAVANELLO

Globally, public awareness of the detrimental impact and severity of the problem has increased markedly, as the media, policy institutes, and non-governmental organisations worldwide have raised concerns to unprecedented levels of new money laundering trends. Despite mounting evidence and increased awareness, governments and the development community more broadly are still struggling to find ways to more effectively translate this understanding into concrete actions and improved outcomes.

How can practitioners better comprehend the many forms that money laundering takes? From the ‘traditional’ delivery of drugs, extortion, prostitution and insider dealing to international trade in wine, the construction of ‘silky’ roads by the use of virtual currencies and spreading its way up to bribery and corruption by politically exposed persons within their management of public revenues - money laundering shows its many faces. In this issue we shall look into the often murky manifestations of this virulent and debilitating social menace.

IN THIS ISSUE

CURRENT MONEY LAUNDERING NEWS

INSIGHT: PONZI SCHEMES

THE FLIP SIDE OF DIGITAL CURRENCY

CYBER CRIME

OPINION: CYBER THREATS & RISK MANAGEMENT

FUNDING OF TERRORISM

WARNING FROM THE REGULATOR

FATF HIGH RISK & NON-REPUTABLE JURISDICTICTIONS

Advice to readers

There is no doubt that money launderers will continue to develop new skills and techniques, improving their schemes and finding new ways to make money appear to be “clean”. However, we cannot give up on our own development and must remain dedicated in order to stay up-to-date and combat money laundering so as to retain public confidence in banks and stability which can be undermined by adverse publicity as a result of inadvertent association by banks with money launderers.

Governance and anticorruption are now high priorities in the development agenda. Empirical research over the past decade has shown convincingly that poor governance, typically manifested by different forms of corruption, is a major deterrent to investment and economic growth and has had a disproportionate impact on the poor.

The selected articles are being reproduced in this newsletter in good faith and for information purposes only. Furthermore, it should be noted that Credorax (Malta) Ltd and its affiliates shall not be responsible for any omission or inaccuracy expressed therein.

IS MIAMI’S LATEST REAL ESTATE BOOM FUELED BY CRIMINALS AND MONEY LAUNDERING?

AN ALLEGED MONEY LAUNDERING SCHEME, FRONTED BY 10 MILLION BARS OF SOAP

Miami is less than four years removed from an epic real estate crash that wrecked the local economy, but it seems lately that new luxury condos are breaking ground every week. Most of the local economy is still in shambles. Unemployment remains high. The vast majority of local residents are still struggling. Shady foreigners looking to drop ill-gotten cash on real estate, according to a report in the Nation.

The moment money launderers get lazy is the moment they get caught. Such is the case with two men who allegedly decided that transferring a lump sum of $9.7 million to buy 10 million bars of soap wouldn’t turn any heads.

The U.S. Government returning $2.7 million to Nicaragua after it was stolen by the country’s president, Arnoldo Alemán, and partially invested in Miami real estate. However, who exactly owns many high-end condos in Miami is difficult to track. Many are registered to business entities incorporated in Delaware or other offshore tax havens. Local politicians and business leaders in Florida are apparently fighting hard against laws that would require more sunlight in the shady area of foreign property ownership in America.

“South Florida has always been a favorite destination for international visitors and political figures, whether it is for vacation or to purchase property along its sandy and sunny beaches,” reads a May 2011 Treasury Department report cited by the Nation. “As such, Miami finds itself in the distinct position of being a reoccurring hot spot for funds pilfered by politically exposed persons (PEPs) and other criminal proceeds.”

“There is a huge amount of dirty money flowing into Miami that’s disguised as investment,” Jack Blum, a Washington attorney specializing in money-laundering cases, tells the Nation. “The local business community sees any threat to that as a threat to the city’s lifeblood.”

Among the cases mentioned by the Nation: A member of the Russian legislature who was forced to resign after it was found he owned $2 million worth of property he didn’t disclose.

Sadly, this is nothing new. Miami’s booms have always been built on criminal activity and money laundering. What the piece doesn’t get into is the effect on Miami’s lower and middle classes. Gentrification remains rampant. As developers carve out new areas to erect skyscrapers (Edgewater is only the latest hot spot), it causes rents to rise in the surrounding areas, spurring waves of gentrification and rent escalation elsewhere in a county that already has areas where income inequality is as bad as it is some parts of the Third World.

Alvaro Lopez Tardon, an alleged Spanish drug lord, is facing trial for buying 14 condos in Miami in cash to launder more than $24 million in cocaine money. A score of Venezuelans who illegally funneled their cash into Miami real estate after the election of Hugo Chávez.

Late Thursday, Costa Rican investigators raided the office (Spanish link) of Alvaro Moya, a Costa Rican lawyer, and the hotel room of Agustín Lyon, a Venezuelan national, to gather more evidence about the extent of their suspected money laundering scheme. Authorities were tipped off when a bank in Costa Rica flagged a bank account tied to Lyon’s name for suspicious activity. Shortly after $9.7 million was deposited into Lyon’s account by government-owned Venezuelan companies for the purchase of 10 million bars of soap, nearly $6 million more flooded in. Because the extra cash came in without an explanatory receipt, and Lyon promptly withdrew $1.2 million of it, the bank froze the accounts.

AXA FINED €50K UNDER MONEY LAUNDERING AND TERRORIST FINANCING ACT INSURANCE company AXA MPS Financial has been reprimanded and fined €50,000 by the Central Bank for breaches of the Money Laundering and Terrorist Financing Act. The fine is for breaches that occurred between 2010 and 2012 that the insurance company itself reported to the Central Bank, which regulates the sector. The fine was levied after it was found that between 15 July 2010 and January last year AXA breached so called “know your customer” rules designed to prevent suspicious money finding its way into the financial system. It happened as a result of the insurance company’s reliance on a third party to carry out its customer due diligence. In a statement the Central Bank said it has entered into a Settlement Agreement with effect from 3 October 2013 with AXA MPS Financial. The firm involved cooperated with the Central Bank probe on the issue and has rectified the problems identified, the statement said. The sanctions “reflect the seriousness” with which the breaches are viewed, the Central Bank said.

JAILED FORMER GREEK MINISTER SENTENCED TO ANOTHER 20 YEARS FOR MONEY LAUNDERING In a case that has come to symbolise the corruption that has plagued crisis hit Greece, a former minister has been sentenced to a further 20 years for money laundering. Akis Tsohatzopoulos, 74, is already serving eight years for tax fraud. The sentencing of the one-time prime ministerial candidate is the highest profile conviction in a country where public anger is seething against the generation of politicians seen as having led Greece into its debt crisis. But Greek efforts to clear up graft have a long way to go. In the most recent list of nations seen as being the least corrupt, Denmark came top followed by Finland and New Zealand with Greece coming a lowly 94th. In countries where bribery and corruption is a daily problem analysts say economic development is stunted and graft can be entrenched by a rich and corrupt elite. Many of Greece’s unemployed are said to support the government’s crackdown on high level tax evasion and fraud.

SOURCE

SOURCES

WWW. MIAMINEWTIMES.COM

WWW.QZ.COM

WWW.INDEPENDENT.IE

WWW.NEWS.XINHUANET.COM

MONEY LAUNDERING TAINTS WINE TRADE

mispricing, which represents approximately 4.4 per cent of the developing world’s total government revenue. Typically, trade-based money laundering schemes involve invoice fraud and trade manipulation, principally via misrepresentation of price, quantity or quality of imports or exports. Specific tactics include overinvoicing, under-invoicing, double invoicing, and false invoicing. With these methods, large amounts of money can be moved while avoiding taxes, tariffs and customs duties, greatly complicating law enforcement efforts to follow the financial trail.

Bucolic regions in the south of France represent the newest frontier for law enforcement and intelligence officials searching for dirty funds. Since 2008, thousands of people with alleged criminal connections have reportedly arrived in southwest France from eastern Europe, Hong Kong and mainland China to snap up vineyards to launder their money. European and Asian officials must take steps and curb this trend, including establishing trade transparency units to combat trade fraud.

Purchasing vineyards is an excellent method to launder money. Reports have emerged of prospective vineyard owners in France offering to pay in cash, which should throw up a red flag. Moreover, the price of wine is never fixed; it is easy to over- or under-invoice. Paying in cash is not atypical; and perhaps best of all, it has all the trappings of high society.

In its latest annual report, the French anti-moneylaundering unit, Tracfin, singled out Chinese, Russians and Ukrainians who buy vineyards, voicing concern that they might be using this type of investment to clean their ill-gotten gains. According to wine analysts, Chinese purchasers are one of the largest groups of vineyard owners in France and have been purchasing so many estates in the Bordeaux region that the local Chamber of Commerce reportedly has a help desk specifically for them.

records of a commodity traded between two countries. Allowing for some recognised variables, the data should match, and any wide discrepancies could indicate trade fraud or corruption. Such anomalies could also be the back door to underground remittance systems and informal value transfer systems used by both money launderers and terrorists. A number of countries - including several Latin American countries, the Philippines, and the US - have created trade transparency units and compare data in order to pursue those who abuse trade to launder the proceeds of crime. Ultimately, a global network should be created for data exchange between countries. France, China and the Ukraine should also create trade transparency units and start pursuing money-laundering suspects. In addition, the Financial Action Task Force should issue a report on wineries and the methods employed to abuse the international financial sector. France’s wine country is probably not alone; in all likelihood, well-known wine regions throughout the world, including in the US, Spain, New Zealand and Argentina, are being abused for illicit purposes. Countries would be wise to get serious about sharing financial intelligence, bilaterally and via traditional international channels. Wineries represent the tip of the iceberg when it comes to abuse of the international financial sector. Just as the financial system has become global, so too has the threat posed by tainted money. In confronting this threat, the system is only as strong as its weakest link.

According to Tracfin, foreign investors are buying wineries through multiple holding companies and complex legal structures involving tax havens and jurisdictions known for money-laundering. Often a legal French company is established whose shareholders include foreign shell companies, making it almost impossible to determine who actually owns the company or what the source of their money is.

Chinese nationals own as many as 50 wine estates and vineyards in the region, and there are reports of Chinese purchases in Burgundy. Russian investors are following suit, but according to wine experts, they prefer the Cognac region.

What can be done to stop this trade abuse and money laundering? To their credit, the Chinese and Russian governments have begun to take money laundering more seriously and have increased efforts to curb illicit finance. China has now raised the issue of money laundering to the “national strategic level” in order to stop the massive flow of funds out of the country, according to Li Dongrong, deputy governor of the People’s Bank of China.

Prospective vineyard owners in France ‘are’ offering to pay in cash, which should throw up a red flag

In addition, on July 1 Russia’s Vladimir Nechaev became president of the Financial Action Task Force, the preeminent international organisation combating money laundering and terrorism finance. However, the law enforcement and intelligence community can do much more, including cross-border sharing of intelligence on companies, individuals and financial institutions facilitating these types of investments.

Global Financial Integrity, a respected organisation in Washington that monitors money laundering, reports a significant amount of illicit money leaving China and Russia, which partially explains these types of investments. According to its estimates, between 2000 and 2011 nearly US$4 trillion left China’s economy, principally for tax evasion purposes, and between 1994 and 2011 over US$200 billion flowed out of Russia.

The issue of wineries speaks to a larger problem. Few jurisdictions worldwide have done much to counter this type of laundering, and even the Financial Action Task Force has failed to issue an international standard or guidance on it.

The vast majority of this tainted money was moved using trade-based money laundering schemes. According to Global Financial Integrity, developing countries are losing about US$100 billion every year to trade

The most effective way of combating trade-based money laundering is to actively monitor export and import

SOURCE

WWW.SCMP.COM

SWITZERLAND CRITICISED BY OECD Switzerland has been listed alongside well-known tax havens in a new ranking by the Organisation for Economic Co-operation and Development (OECD), showing the country still has work to do on banking secrecy despite recent steps aimed at tackling the issue. OECD’s Global Forum on Transparency and Exchange of Information for Tax Purposes is due to officially release on Friday ratings for 50 jurisdictions at a meeting in the Indonesian capital. The forum has rated jurisdictions on how well they comply with rules on tax transparency. Switzerland, however, failed even to make it past the first stage of a two-stage assessment, according to documents obtained by AFP on Thursday, meaning it did not receive a rating. Other countries which also did not make it to the second stage included Panama, the Marshall Islands and Trinidad and Tobago, although OECD’s final judgement on them was harsher than on Switzerland. It came after Switzerland took steps last month to tackle its long-criticised banking secrecy, including signing an international tax evasion agreement brokered by the OECD and introducing new legislation to increase cooperation on money-laundering. Swiss authorities have come under pressure from the international community to clamp down on the concealment of illicit funds and on tax evasion, in the wake of the global financial crisis of 2008 and the subsequent euro zone debt crisis. Despite Switzerland’s failure to complete the process, OECD’s head of tax issues, Pascal SaintAmans, struck an upbeat note, telling AFP it was now “moving ahead”. He, however, said the OECD would continue to monitor the country closely to ensure its recent steps “are actually enacted and become law, which is not yet the case”. Of the jurisdictions that completed the two-stage assessment, 18 were deemed to be “compliant” with the tax transparency rules set out by the forum; many others were considered “largely compliant”; while Austria and Turkey were “partially compliant”. Four were deemed to be “non-compliant”: Cyprus, Luxembourg, the Seychelles and the British Virgin Islands.

SOURCE

WWW.OECD.ORG

BRAZILIAN BROTHERS FINED $5M IN HEINZ INSIDER-TRADING CASE The Securities and Exchange Commissionannounced that two Brazilian men will pay nearly $5 million to settle charges that they made nearly $2 million trading in advance of Warren Buffett’s acquisition of H.J. Heinz Company. Rodrigo Terpins and his brother, Michael Terpins, agreed to settle the SEC’s charges by disgorging the entire amount of illegal profits from their timely trades - which amounted to nearly $2 million – as well as $3 million in civil penalties. The two have also agreed to the entry of an injunction enjoining them from future violations of federal securities laws. According to the Commission, Michael Terpins learned that an investment consortium headed by Buffett’s Berkshire Hathaway and 3G Capital had agreed to acquire Heinz in a $28 billion deal. This information was passed along to Rodrigo Terpins while he was vacationing at Walt Disney DIS +0.06%World in Orlando, Florida, who then instructed his broker to purchase over 2,000 out-of-the-money options bets that the price of Heinz common shares would rise dramatically in a short period of time – despite his broker’s recommendation that his investment firm recommended the sale of Heinz shares. These trades were made through a Cayman Islands account in the name of “Alpine Swift,” which holds assets for the Terpins family, and were then executed through an omnibus account at a Goldman Sachs omnibus account in Zurich, Switzerland. Several days after the trades were placed, the announced acquisition caused Heinz shares to skyrocket, and resulted in a nearly-2,000% increase in the value of the options purchased by Rodrigo Terpins. In an unusually swift action, the Commission filed an emergency enforcement action just days after the suspect trades in order to freeze trading profits. As part of the settlement, the Terpins neither admitted nor denied the allegations in the Commission’s complaint.

SOURCE

WWW.USA.COM

HOW PUTIN USES MONEY LAUNDERING CHARGES TO CONTROL HIS OPPONENTS On July, Sergei Magnitsky was convicted of tax evasion. The only problem was he was not there to hear the verdict read. Magnitsky was killed in Moscow’s Butyrka prison in 2009, likely as a result of beatings and a lack of medical treatment. His crime was uncovering a $230 million tax fraud involving members of the government while working as a lawyer for William Browder (an American investor who was also convicted in absentia). But Magnitsky’s conviction is not simply an example of the capricious nature of the legal system in Russia; it is a view into how the use of money laundering, financial laws, and Russia’s financial intelligence unit are used to control political dissent. Recently, Putin launched a much publicized “de-offshorisation” campaign aimed at fighting corruption and countering the flight of money from the country, much of it acquired illicitly. This initiative was launched in response to revelations that Russia was losing vast sums of money every year (estimated at $56.8 Billion in 2012), and that many state officials--from the heads of security agencies to the chair of the Russian Duma’s ethics committee--had significant overseas assets (including condos in Miami, worth an estimated $2 million). Much of this wealth was being sent to offshore tax havens in Europe and beyond. Russian holdings in Cyprus amounting to over $30 billion (largely the proceeds of corruption or deposited as a form of tax avoidance) also inspired this campaign. (This scheme of tax avoidance is called “round tripping,” whereby the proceeds made in Russia are registered with a shell company based in Cyprus, then repatriated to Russia avoiding taxes due to a taxation agreement between the two countries). These revelations gave Putin the expedient cover with which to launch “de-offshorization,” which included banning state officials from having overseas assets. The idea is that, by forcing Russian elites to hold their money inside the country, Putin can cement their loyalty by threatening their bank accounts.

SINGAPORE REGULATOR FINES 22 FIRMS OVER MONEY-LAUNDERING Singapore’s central bank fined 22 financial institutions and restricted operations at seven for failing to comply with rules to prevent money laundering and terrorism financing in the past three years. The Monetary Authority of Singapore also issued 47 warnings and reprimands and ordered “a few” financial firms to review their anti-money laundering framework. “Like any international financial center, we recognize that Singapore is vulnerable to being used as a conduit for illicit funds,” Lee Boon Ngiap, an assistant managing director at the regulator, said. “This is a clear message that Singapore neither wants nor will tolerate such illicit flows.” Singapore tightened money laundering laws in an effort to guard its reputation as the hub of Asia’s private banking and offshore industry. The city made tax evasion a money laundering offense on July 1 and boosted the number of jurisdictions with which it trades information on tax issues.

SOURCE

WWW.THEATLANTIC.COM

SOURCE

WWW.BLOOMBERG.COM

WWW.THEATLANTIC.COM SOURCE

The schemes are named after Charles Ponzi, who duped thousands of New England residents into investing in a postage stamp speculation scheme back in the 1920s. At a time when the annual interest rate for bank accounts was five percent, Ponzi promised investors that he could provide a 50% return in just 90 days. Ponzi initially bought a small number of international mail coupons in support of his scheme, but quickly switched to using incoming funds from new investors to pay purported returns to earlier investors. A Ponzi scheme is an investment fraud that involves the payment of purported returns to existing investors from funds contributed by new investors. Ponzi scheme organizers often solicit new investors by promising to invest funds in opportunities claimed to generate high returns with little or no risk. In many Ponzi schemes, the fraudsters focus on attracting new money to make promised payments to earlier-stage investors to create the false appearance that investors are profiting from a legitimate business.

PONZI SCHEMES

IF IT’S TOO GOOD TO BE TRUE - IT USUALLY IS!

However, with little or no legitimate earnings, Ponzi schemes require a consistent flow of money from new investors to continue. Ponzi schemes tend to collapse when it becomes difficult to recruit new investors or when a large number of investors ask to cash out.

+ Do they require me to introduce other investors? + Do I understand the investment? + Where can I turn for help? Courts across the globe are dealing with the peculiar issues arising in the administration of Ponzi scheme cases, struggling to do equity and to get the defrauded victims at least some of their money back. The purported business operations of these Ponzi schemes are as varied and diverse as the countries in which they proliferate. The schemes range from securities trading to goat rearing scams and tend to take on the character and customs of the local culture. What remains a constant in all varieties of Ponzi schemes, however, is that the investors lose money. Defrauded victims then seek compensation from the resulting insolvency proceedings of the perpetrator.

Many Ponzi schemes share common characteristics... What are some Ponzi scheme “red flags”?

+ High investment returns with little or no risk. Every investment carries some degree

of risk, and investments yielding higher returns typically involve more risk. Be highly suspicious of any “guaranteed” investment opportunity.

+ Overly consistent returns. Investment values tend to go up and down over time,

especially those offering potentially high returns. Be suspect of an investment that continues to generate regular, positive returns regardless of overall market conditions.

+ Unregistered investments. Ponzi schemes typically involve investments that have

not been registered with the SEC or with state regulators. Registration is important because it provides investors with access to key information about the company’s management, products, services, and finances.

Unlicensed sellers. Federal and state securities laws require investment professionals and their firms to be licensed or registered. Most Ponzi schemes involve unlicensed individuals or unregistered firms.

+ Secretive and/or complex strategies. Avoiding investments you do not understand, or for which you cannot get complete information, is a good rule of thumb.

Issues with paperwork. Do not accept excuses regarding why you cannot review information about an investment in writing. Also, account statement errors and inconsistencies may be signs that funds are not being invested as promised. Difficulty receiving payments. Be suspicious if you do not receive a payment or have difficulty cashing out your investment. Keep in mind that Ponzi scheme promoters routinely encourage participants to “roll over” investments and sometimes promise returns offering even higher returns on the amount rolled over.

Carlo Pietro Giovanni Guglielmo Tebaldo Ponzi, (March 3, 1882 – January 18, 1949), commonly known as Charles Ponzi, was an Italian businessman and con artist in the U.S. and Canada

Whether you are a first-time investor or have been investing for many years, there are some basic questions you should always ask before you commit your hard-earned money to an investment;

+ Is the seller licensed? + Is the investment registered? + How do the risks compare with the potential rewards?

PROMINENT FLORIDA ATTORNEY SCOTT ROTHSTEIN IS ACCUSED OF RUNNING A PONZI SCHEME WITH INVESTMENTS THAT COULD TOP $1 BILLION

SOURCE

WWW.COMPLIANCEX.COM

CHINESE WOMAN SENTENCED TO DEATH IN $200M FRAUD

A Florida lawyer will spend the next three years in federal prison for assisting the wife of convicted Ponzi schemer Scott Rothstein hide more than $1 million in jewelry including a 12.08 carat yellow diamond ring valued at nearly $500,000. Scott Saidel, 46, received the sentence from U.S. District Judge RobinRosenbaum after previously pleading guilty to a single count of conspiracy to commit money laundering back in January. JudgeRosenbaum noted Saidel’s role as an attorney in fashioning the sentence, observing thatSaidel’s efforts were designed to prevent the approximately $1 million in assets from being used to compensate Rothstein’s victims. Saidel was previously disbarred from the practice of law.

prevent their disclosure to investigators. Even Scott Rothstein was pressured to lie to investigators about the whereabouts of the missing jewelry (and was rumored to have refused to do so). However, court-appointed bankruptcy trustee Herbert Stettin and his team soon began to discover several missing pieces of jewelry during their investigation, and authorities later charged Kim Rothstein, Saidel, and several others, including two local jewelers they alleged were complicit in the scheme. Both Rothstein and Saidel enteredinto plea agreements with prosecutors - with Saidel agreeing to forfeit over $500,000 to authorities that included;

Days after authorities learned that Scott Rothstein had been operating a massive Ponzischeme, federal agents went to Rothstein’s house to collect all cash and assets that were believed to have been purchased with scheme proceeds. Kim Rothstein assisted agents in retrieving the assets, which included jewelry and numerous luxury watches - nearly all of which were later auctioned off by the U.S. Treasury. However, Kim Rothstein and several others, including Saidel, concealed the existence of numerous pieces of jewelry from federal authorities, including a 12.08 carat yellow diamond that Rothstein had recently purchased for approximately $400,000. Additionally, Kim Rothstein also failed to turn over:

$65,000 in legal fees paid by Kim Rothstein; four expensive pens; and a pair of mother of pearl, diamond, and sapphire cuff links. 1. 2. 3.

+ An engagement ring and wedding band with 18 emerald cut diamonds; + 10 watches, including a Rolex with leopard design, a woman’s Piaget and a platinum/diamond Pierre Kunz; + 5 sets of earrings, several necklaces, and a variety of gold coins; and + Pearl, diamond, and sapphire cufflinks, and 50 1-ounce gold bars

A court upheld the death sentence of a Chinese businesswoman convicted of cheating investors of $200 million in the second case of its kind this year.

A series of similar cases have highlighted abuses in largely unregulated informal lending that supports entrepreneurs who generate China’s new jobs and wealth but often cannot get loans from the state-owned banking industry.

Su Yenyu’s appeal of her January conviction was rejected by the High People’s Court of the northern region of Inner Mongolia, the government’s Xinhua News Agency said. Death sentences require review by China’s top court before they can be carried out.

After the items were withheld from authorities, Rothstein and two others attempted to sell several of the pieces to local jewelers. Saidel agreed to hold some of the proceeds from the sale in his attorney trust account to

SOURCE

ONLINE.WSJ.COM

The communist government has been cracking down after a wave of defaults in the wake of the 2008 global crisis prompted protests by investors.

Su, 42, was convicted of cheating investors of 1.2 billion yuan ($200 million) after attracting money by promising high returns, Xinhua said. It said she diverted 552 million yuan ($87.6 million) to her own use.

DIGITAL CURRENCY AND THE “DARK SIDE” OF THE INTERNET The computer security firm McAfee has recently issued a White Paper out on Oct. 24, 2013 outlining the pitfalls of using digital currency such as BitCoin. Raj Samani, McAfee’s Chief Technical Officer for Europe/Middle East/Africa (EMEA) says that we are beginning to see a transition and a larger-scale use of digital currency by criminals and other malcontents that populate the web’s darker side. Robbing a bank is such a hassle in the real world, with all the complicated logistics of weapons, vaults, dye packs, and getaway cars. It’s a lot more straightforward to rob digital currency exchanges and payment processors. To paraphrase bank robber Willie Sutton, that’s where the bitcoins are. The huge interest in bitcoin and the concurrent surge in the value of the currency—bitcoin has risen 6,000% versus the US dollar in the last year and 300% just this month which has also created a growing incentive for larcenous hackers: + European bitcoin payment processor BIPS lost the equivalent of about $1 million last week after a distributed denial of service (DDoS) attackoverwhelmed its servers and enabled attackers to gain access to customers’ online bitcoin “wallets.” + Poland’s Bidextreme.pl was also hacked last week, and its users’ accounts emptied, though it did not disclose the amount taken. + A week earlier, the Czech exchange Bitcash.cz was hit, with 4,000 users losing bitcoins worth about $100,000. + Australia’s TradeFortress said it was hacked in November, leading to the loss of $1 million worth of users’ bitcoins. + China’s GBL exchange abruptly went offline in October, with $4.1 million in users’ bitcoins going missing. The whole emergence of a “dark-side” of the web, and the growth and use of digital currency is likely moving at a pace that is outstripping our ability to comprehend and fully understand all of its benefits as well as the potential for criminals and others to establish their own version of a “Digital Ho Chi Minh Trail” for illicit activity. Computer Security Firm McAfee Says Be Wary Of Digital Currency; or, at least understand that there is a whole other “dark side” to the use of this new monetary “vehicle.”

SOURCES

ONPOINT.WBUR.ORG

FORTUNASCORNER.WORDPRESS.COM

SOURCE

CROWDFUNDING, SOCIAL MEDIA INVESTMENT SCHEMES UNDER SEBI LENS

The issue needs to be discussed among various financial sector regulators and ministries, such as capital markets watchdog Sebi, banking regulator RBI, Finance Ministry and Corporate Affairs Ministry, before taking a call on who can be the nodal agency for such activities, he added.

As social media sites, mobile messaging applications and other web-based platforms emerge as avenues to lure investors, the Securities and Exchange Board of India (SEBI) has enhanced surveillance to check fraudulent investment schemes being run through them.

Among others, social and professional networking websites like Facebook, LinkedIn and Twitter have been used for such fund-raising exercises, while money-pooling also takes place on some dedicated sites for such activities. US markets regulator SEC last night proposed new rules to permit companies to offer and sell securities through crowdfunding, while the UK’s Financial Conduct Authority (FCA) also outlined today how it plans to regulate it.

The capital markets watchdog has come across numerous investment schemes being promoted through Facebook, Twitter, LinkedIn and WhatsApp, as also through dedicated websites and Internet groups.

In India, the few cases of crowdfunding involve raising of funds for films, technology start-ups, e-commerce ventures and some other businesses that are very small in size. However, as the trend catches on, it is expected that large-scale funds can be raised through such platforms and that would further increase the risk of possible fraudulent activities, the official said, while stressing on the need for a clear regulatory framework in this regard.

While genuine investment schemes are also adopting such promotions, there are hundreds of suspected cases of fraudulent schemes that seek to lure investors with promise of huge returns, a senior official said. Those under the scanner include entities offering “double your money” schemes in 2-6 years, sure-shot “inside information” investment tips, astrological stock market predictions, attractive portfolio management services, and “partnerships” in future’s big business ideas.

Crowdfunding has been mostly used so far to generate financial support for artistic ventures like films and music recordings, where typically small individual contributions are pooled in a large number of people. However, it has not been used so far to offer and sell securities, as any offering of share in financial returns or profits from business activities could trigger the application of the prevalent securities laws. It is also suspected that some of the barred entities may have taken to the Internet to promote their fraudulent schemes and could be operating through closed member groups on websites, blogs and social networking media platforms.

These include traditional businesses like retail, real estate and bullion, as also business ideas like movies, music albums, carbon credits and renewable energy, while guaranteed returns are being promised after eventual listing or breakeven point of such ventures. While Sebi is itself probing some of the cases, it has alerted other authorities about those not falling under its jurisdiction, sources said. A need is also being felt to put in place a regulatory framework for ‘crowdfunding’, an emerging way for raising funds by pooling money from people through Internet, they added.

Sebi has received numerous complaints about such schemes and has begun looking into the matter through its own technical systems to track the Internet and social media platforms, as also through use of its newly granted powers. SMSes and emails are also being used in a big way to promote such fraudulent schemes and products, but many of these messages and mails have found their way to the regulatory and enforcement agencies.

Crowdfunding is catching up fast globally among young entrepreneurs and some cases have come to light in India as well wherein individuals or small groups of people have raised funds for their ventures through such platforms. However, there are no clear regulations as yet for such activities and therefore a need has been felt to put in place a regulatory framework if such platforms involve large amounts of money or issuance of securities. This will help check any moneylaundering activity or other fraudulent acts in the name of ‘crowdfunding’, a senior official said.

While the unauthorised investment schemes, having a size of Rs. 100 crore or more, can be probed under Sebi’s Collective Investment Scheme regulations, the entities promising unrealistic returns and offering “sure-shot” investment tips can face action under the Prevention of Fraudulent and Unfair Trade Practices Regulations.

Another official said that any crowdfunding involving sale of securities can be either regulated under Sebi’s existing norms for Collective Investment Schemes or Alternative Investment Funds, or altogether new rules can be prepared depending on discussions among various stakeholders.

WWW.INDIATIMES.COM

After its initial investigations, Sebi may also seek information from the concerned websites, social media platforms and mobile service providers, as it has been now allowed to seek information from any entity in relation to its probes.

CYBER CRIME

ECONOMIC DRAG OF CYBERCRIME DRAWS SCRUTINY Discussions about the scale of the global cybercrime industry invariably use two benchmarks: how much the bad guys steal -- and how much the good guys spend to repel the bad guys. Security vendors and the execs and officials charged with keeping corporate networks secure -- are starting to make references to a fresh marker: economic impact.

At the micro level, the Ponemon Institute says the average annualized cost of cybercrime for 56 organizations it studied in 2012 was $8.9 million per year, with a range of $1.4 million to $46 million. That was up roughly a 6 percent as compared to a similar study from 2011. Political leaders and corporate captains who participate in the annual World Economic Forum, held early each year in in Davos, Switzerland, have formally pronounced cybercrime as a top tier threat. And Symantec has attempted to quantify the economic erosion; the antivirus giant estimates that theft of intellectual property costs U.S. companies $250 billion a year.

John Stewart, chief security officer at Cisco, says cyber scammers, spies and hacktivists collectively are causing a profound “economic drag” on national and global commerce, killing jobs, stifling innovation and generally mucking up consumer, corporate and public sector use of digital services.

The economic drag is affecting just about everyone in one way or another. Stewart likes to use the example or his octogenarian father, who luckily has a cybersecurity son he can tap for help, yet still spends more time and money fending off cyberattacks than seems right.

On a global basis McAfee estimates that $1 trillion is spent globally for remediation. And by 2016, Gartner anticipates that global spending on information security systems will soar to $85 billion, up from an estimated $65.7 billion this year.

SOURCE

WN.COM

SANTANDER: A 21ST CENTURY CYBER-HEIST Lawmakers in the European Union said that they will toughen criminal penalties across the region for cyber attacks, especially the ones which involve harming critical national infrastructure and stealing sensitive data. The 28 EU member states currently have a patchwork of varying tariffs for cyber crime. The decision mandates national maximum sentences of at least two years in prison for attempting to illegally access information systems. The maximum penalty for attacks against infrastructure such as power plants, transport, or government networks will be set at five years or more, higher than the current tariff in most member states. The decision also increases the penalties for illegally intercepting communications, or producing and selling tools to do this. Cyber criminals often infect computers to form armies of zombie PCs known as “botnets” by sending spam emails containing malicious links and attachments, and by infecting legitimate websites with computer viruses. Some botnet creators rent or sell infected machines on underground markets to other cyber criminals looking to engage in a wide variety of activities including credit card theft and attacks on government websites. In June, Microsoft helped to break up one of the world’s largest cyber crime botnets, believed to have stolen more than USD 500 million from bank accounts. Under the new EU rules, companies that benefit from botnets or hire hackers to steal secrets will be liable for any offences committed on their behalf.

Once they wore stocking masks and carried sawn-off shotguns. But today’s bank robbers prefer to do business at the click of a button. And in the ever-growing world of cyberspace, hi-tech crooks are relying on brains rather than brawn. People are becoming more creative at getting money. No-one smashes an ATM from a wall with a bulldozer any more. This also means that police and financial institutions have had to become increasingly vigilant as the thieves come up with ever more ingenious ways to fleece the system. The danger was dramatically illustrated after it was revealed an international gang of hackers tried to steal millions of pounds from one high street bank – using a computer gadget. The attempted sting began when a bogus maintenance man walked into a branch of Santander and secretly plugged it into one of the bank’s computers. The keyboard video (KMV) mouse box – gave the cyber crooks control of the computer and remote access to the bank’s vast network of accounts at the UK’s third biggest bank. But the Trojan Horse-style plan was thwarted at the last minute before the gang could start siphoning off any money when the small box – available for as little as £10 online – was spotted and deactivated. The KVM box was plugged in at a Santander branch in the Surrey Quays shopping centre in South East London. Det Insp Mark Raymond, of the Police Central E-crime Unit, said: “This was a sophisticated plot that could have led to the loss of a very large amount of money and is the most significant case of its kind that we have come across.” Of the 12 suspects in custody, seven are British and two Indian. The others are from Portugal, Iraq and Iran

SOURCE

WWW.MIRROR.CO.UK

SOURCE

WWW.FOXNEWS.COM

IRS REFUNDED $4B TO IDENTITY THIEVES Once they wore stocking masks and carried sawn-off shotguns. But today’s bank robbers prefer to do business at the click of a button. And in the ever-growing world of cyberspace, hi-tech crooks are relying on brains rather than brawn. People are becoming more creative at getting money. No-one smashes an ATM from a wall with a bulldozer any more. This also means that police and financial institutions have had to become increasingly vigilant as the thieves come up with ever more ingenious ways to fleece the system. The danger was dramatically illustrated after it was revealed an international gang of hackers tried to steal millions of pounds from one high street bank – using a computer gadget. The attempted sting began when a bogus maintenance man walked into a branch of Santander and secretly plugged it into one of the bank’s computers. The keyboard video (KMV) mouse box – gave the cyber crooks control of the computer and remote access to the bank’s vast network of accounts at the UK’s third biggest bank. But the Trojan Horse-style plan was thwarted at the last minute before the gang could start siphoning off any money when the small box – available for as little as £10 online – was spotted and deactivated. The KVM box was plugged in at a Santander branch in the Surrey Quays shopping centre in South East London. Det Insp Mark Raymond, of the Police Central E-crime Unit, said: “This was a sophisticated plot that could have led to the loss of a very large amount of money and is the most significant case of its kind that we have come across.” Of the 12 suspects in custody, seven are British and two Indian. The others are from Portugal, Iraq and Iran

MALWARE DISGUISED AS FAKE GTA V SERIALS TARGET GAMERS

Bitdefender logo. On the other hand, those who don’t will eventually be redirected to a survey to get “GTA 5 serial.” Stanescu said other “scammy websites” propose downloads for Facebook customization and Starbucks gift cards. “Users are asked to give away their personal information, which may further trigger identity theft. They may also be subscribed to pay for services they didn’t want,” she said.

Gamers waiting to get their hands on Grand Theft Auto 5 the easy way—By getting cracks—are now being targeted by malware writers and fraudsters, a security vendor warned this week.

In other cases, the file downloaded by the victim will be malicious and will grab personal information, including Facebook credentials. It is always recommended that gamers disregard GTA copies “accidentally” leaked on the Internet and to keep their security solution and other software updated to avoid malware infections, phishing and fraud

Bitdefender said cyber-criminals launched their own offers of “bogus serials, kits and beta versions” aimed at GTA 5 fans. “The fake websites are disseminated worldwide, and some are hosted on Russian domains. Considering the global interest for the game, malware writers and fraudsters crafted the baits in English, then redirected gamers to dubious websites that identified their IP and delivered the scam in their native language,” An investigation showed that when gamers clicked the download button, they were redirected to the bogus antivirus scan. However, tech-savvy users may sense something is wrong since the bogus scan uses the old

SOURCE

WWW.GMANETWORK.COM

“GHOST BROKER” JAILED FOR UK’S BIGGEST FAKE CAR INSURANCE SCAM

the new City of London Police unit. IFED detectives swiftly identified links between Aston Midshires Insurance and two other websites – Astuto Insurance and Car Insurance Warehouse. Detectives traced the victims’ money to a series of accounts opened at bank branches in south west London and Lincolnshire. This led to the arrest of a man called Mohamed Saleh. Further enquiries revealed that the victims’ money was withdrawn from those bank accounts in large quantities via cash points in south west London. A myriad of telephone numbers belonging to pay-as-yougo mobile phones were used by Buckharee, one of which led IFED to a riverside penthouse in the Imperial Wharf area of London in April 2012, where detectives arrested his mistress. From there, they tracked Buckharee to a riverside apartment in Wandsworth, London, where he was arrested with Recchia. Detectives found the living room had been turned into an operations centre for another website, First Car Direct Insurance, prompting them to seize laptops, bank cards, mobile phones and insurance documentation including fake insurance certificates.

A ‘ghost broker’ has been jailed for what is believed to be the UK’s biggest fake car insurance scam, following an extensive investigation by the Insurance Fraud Enforcement Department (IFED). Danyal Buckharee created four websites offering ‘cheap’ car insurance – Aston Midshires Insurance, Astuto Insurance, Car Insurance Warehouse and First Car Direct Insurance – and used paid-for advertising to ensure his online enterprises appeared at the top of internet searches. Between May 2011 and April 2012, Buckharee personally pocketed more than £550,000 using a collection of sham websites to hawk his fraudulent policies to drivers across the country, frittering away the cash on gambling and girls. He used the websites to dupe 600 drivers into buying worthless policies over the telephone.

was charged with one count of money laundering, was acquitted at the same court. In October, at the Old Bailey, the following sentences were handed down: + Buckharee, aged 42, of Coalecroft Road, in Putney in London = 3 years in prison to be served consecutively to a four-and-a-half year jail term he is currently serving as a result of being convicted of fraud following a Metropolitan Police Service investigation. + Recchia, aged 46, of Galway Crescent, in Retford in Nottinghamshire = 12 months in prison. DCI Dave Wood, Head of IFED, said: “Unfortunately, this is not an isolated incident. The IFB continues to investigate 15 criminal gangs suspected of masterminding ghost broking scams. Honest policyholders ultimately pick up the bill for all forms of fraud.”

In February 2013, Buckharee admitted two counts of fraud relating to the Aston Midshires Insurance and First Car Direct Insurance websites and three counts of money laundering in relation to the four websites during an appearance at the Old Bailey.

Aston Midshires Insurance first came to the attention of the Motor Insurers’ Bureau (MIB) in late 2011 when the bureau began receiving complaints from drivers who had been stopped by police for driving without insurance. The MIB passed the complaints onto the Insurance Fraud Bureau (IFB) for further examination. When IFED launched in January 2012, the complaints were handed to

In September, Giovanni Recchia, who helped Buckharee run the First Car Direct Insurance website, was found guilty by an Old Bailey jury of one count of fraud by false representation. The same month, 26-year-old Mohamed Saleh of Silvertree Lane, in Greenford, in London, who

SOURCE

WWW.BBC.CO.UK

I N S I G H T: C Y B E R T H R E AT S A N D RISK MANAGEMENT

Figure 1: Common methods of committing cybercrime

The digital age has brought great leaps of innovation, functionality and growth of new payment products and services. A number of new alternative forms of payment have been introduced throughout the world in order to keep up the growing volume of electronic commerce. Of course alternative payment systems also open up the doors to alternative forms of money laundering and terrorist financing.

How companies can use threat modelling and other strategies to help thwart increasingly sophisticated cyber attacks. JURGEN PAVA N E L L O

The past year has seen many high-profile cases of cyber crime, of which the financial services sector has been a particular target. With regulators on the offensive, and customers becoming more aware of the issues than ever before, firms must take the time to assess their vulnerability to cyber crime and revisit their incident response plans. Despite regulatory crackdowns and increased international cooperation “it has never been easier to become a cybercriminal” according to William Hague, the UK Foreign Secretary, speaking in October at the International Cyber-Security Summit in Budapest. Given this growth of such alternative methods of payment and the vast sums of money being transferred among parties around the world, it should not be surprising that criminals would want to take advantage of this money flow. With little if any regulation, virtual world economies are ripe for exploitation by organised crime, terrorists and others who wish to launder large sums of money. According to Interpol, cybercrime is one of the fastest growing crimes. Other sources confirm it as one of the top four economic crimes, while Symantec estimates that cybercrime costs $388bn globally. Defining cyber crime typologies Money laundering, terrorist financing, proliferation financing, sanctions breaches, bribery and corruption and fraud are all well recognised and well defined within many jurisdictional legal codes and have been researched, assessed and delineated by various international bodies. However, there is no generally accepted definition of cybercrime, and herein lies perhaps the biggest issue with regards to cybercrime risk mitigation. The UK Cabinet Office refers to cybercrime as “illegal activities undertaken by criminals that exploit vulnerabilities in the use of the internet and other electronic systems to illicitly access or attack information and services”, but given the technological advances that have permeated society, most crimes nowadays are committed through the internet or a computer to some degree, so distinguishing cybercrime from other crimes can be difficult. The multitude of “cybercrime” typologies (see Figure 1), suggests that cybercrime cannot be taken as a risk driver in its own right but must be a driver within all traditional financial crime risk drivers. There are various types of cybercrime techniques that are employed to commit other types of illegal activities. Figure 1 lists some of the most prevalent methods of committing cybercrime.

SPYWARE AND TROJAN malicious programs that users unknowingly install that contain commands that a computer automatically executes without the user’s knowledge. The aim is to access passwords through key-logger programs.

PHISHING emails appearing to be from legitimate websites to trick consumers into divulging personal information.

SPEAR PHISHING emails designed to resemble internal company email seeking confirmation of an individual’s personal detials.

DENIAL OF SERVICE (DOS) / DISTRIBUTED DENIAL OF SERVICE (DDOS) is an attempt to make a network resource unavailable to its intended users by temporarily or indefinitely interrupt services of a host connected to the Internet.

BOTNETS A robot network, or botnet, is a network of infected computers under the remote control of an online cybercriminal. The botnet can be used for a number of services, such as sending spam, launching DoS, and distributing malware.

Financial Institutions are constantly at risk from hackers’ attacks, who themselves evolve new ideas and methods on how to detect a weakness within the company’s infrastructure. The banking sector has been heavily hit by targeted malware (such as High Roller), hacktivists, suspected government operatives, and even by an individual hacker – Reckz0r – who accessed data in over 79 banks around the world. Data aggregation software operated by SSP suffered a breach which led to Google suspending the use of its services. A malicious attack shut down systems at Saudi Aramco. Denial-of-service attacks have been launched against EL AL, Turkish Airlines, the Swedish government, Paypal, and the list goes on.

Cybercriminals are able to target individuals, governments and organisations around the world through fast and flexible technologies under a shield of anonymity. Cybercrime is a global, dynamic and highly diverse threat that many firms have struggled to tackle in isolation using traditional risk management techniques. Cybercrime is at an all time high and regulators are increasing the pressure on financial institutions to take more preventative measures so as to thwart modern day criminals.

senior management to identify, monitor and manage risks; + Improve the decision-making process throughout the company; + Enhance the management of information across legal entities, while facilitating a comprehensive assessment of risk exposures at the global consolidated level; + Reduce the probability and severity of losses resulting from risk management weaknesses;

Challenges and purpose of a risk assessment The gradual process of inadvertent noncompliance, or “AML drift,” may occur when AML risk systems aren’t constantly monitored, updated, maintained, and repaired to account for changes that occur within the company. Money laundering and terrorist funding activities continue to gain strength and prominence and, as a result, financial institutions need to assure the continued integrity of their AML culture so as to prevent drift.

+ Improve the speed at which information is available, and therefore, at which decisions can be made; and + Improve the company’s quality of strategic planning and the ability to manage the risk associated with new products and services. Cybercrime is a natural consideration within all of the risk drivers, yet many financial institutions do not formally measure, assess or manage this specific risk which may subsequently result in an inadequate contingency and recovery plan in case the company’s network systems (which in turn hold sensitive and confidential data) get compromised.

“Many firms implemented AML surveillance technology systems several years ago, and they were set up as a point-in-time solution,” says John Sabatini, a partner in PwC’s Risk Assurance practice and leader of the firm’s Advanced Risk & Compliance Analytics Services. However, changes in data management, merchant behavior, products/ services being offered and the demand for automated transactional systems makes the initial implementation of these systems obsolete, leading firms and regulators to call for their replacement.

Financial institutions, however, still face many challenges as they move to comply with regulations. The more complex a system is, the more opportunities for breakdown—a fact that leaves the financial industry vulnerable to AML compliance risk. Process failure may occur at any point along the AML lifecycle including:

Financial institutions need to implement independent testing and assess the risk of every aspect of their monitoring systems, from the quality and completeness of source data to the productivity of existing and potential scenarios. If companies get this right, they’re protecting themselves not only from regulatory fines and censure, but from the potentially costlier reputational risks that could follow it.

Board Governance and Oversight. Drift often occurs due to a lack of accountability and ownership over AML issues. Enhancing Existing Capabilities. Capabilities such as an “independent validation unit”, automated reconciliation and other business functions which are critical to the production of accurate risk reports – representing aggregate risks across the enterprise – are to be implemented or enhanced. Doing so may impose extra costs and operational complexity upon financial institutions.

Regulation 4(1)(C) of the Maltese Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR) stipulates that subject persons are to have in place procedures on, inter alia, risk assessment and risk management that are adequate and appropriate to prevent the carrying out of operations that may be related to Money Laundering and Funding of Terrorism(ML/FT). This therefore calls for financial institutions to establish dynamic systems and controls which enable it to identify, assess, monitor and manage financial crime risk, being comprehensive and proportionate to the nature, scale and complexity of its activities.

Control Framework. Financial institutions are to improve their ability to manage the data quality of risk reports, so that the data is materially complete, with any exceptions identified and explained. IT/Infrastructure Enhancement. To prevent breakdowns in AML monitoring, a company’s IT change management process must track all systems changes that have the potential to affect AML monitoring. The enhancement of banks’ IT and infrastructure capabilities, including upstream and risk systems, risk data and reporting, will most likely require significant investment and change

The adoption of a risk assessment procedure should support six key objectives + Enhance the infrastructure for reporting key information, particularly that used by the board and

management. This is especially challenging as banks implement other change programs and align these efforts to other regulatory changes.

criminals, it is important that financial institutions consider non-traditional threats as they carry out their threat modeling exercises. For example, consider the kiosks that operate in some department stores. To the retailer, this kiosk and the customer interface it provides may seem low risk. After all, it only provides access to a catalog and job listings. To cyber criminals, however, this kiosk offers a way to get into a corporate network. A threat model that includes assessments of nontraditional assets would anticipate the threat that this kiosk presents a security risk: a network access point that is not adequately secured.

Shifting the Risk-Based Approach To counter cyber crime, financial institutions are embracing a risk-based approach to security that involves using threat modeling to identify system vulnerabilities and then applying threat intelligence to address existing and emerging threats. And they are reevaluating the way they apply often limited security resources: Tasks addressing minor threats are automated, thus freeing IT security experts on staff to focus their attention on more important threats.

Benefits of the Risk-Based Approach With the knowledge or “threat intelligence” accrued through the threat modeling process, the company can then design responses based on the value of the data that could be compromised by an unauthorized user. This calls for prioritizing data and information based on their value to the company. The company can then select the data and information on which to focus its resources, and determine how much to spend and which tools to use to protect these assets. The most valuable data, such as product formulations and sensitive financial and legal information, can be tagged and monitored so that the company knows where they are, where they are going, where they have gone - and on whose authority. Resources can then be shifted away from less valuable data, such as website activity.

Three of the most important conditions are that there has to be agreement about what risk criteria is being decided on; there must be explicit, quantifiable models of risk, and those responsible for developing and refining riskbased decision models must have access to knowledge about the outcomes of assessments. Cyber crimes are numerous and varied. They include fraud, misdirection of communication, theft of intellectual property, identity theft, corporate espionage, system sabotage, data theft and destruction, money laundering, and terrorism, among others. As a result, financial institutions tend to employ securitybased, “wall-and-fortress” approaches to address the threat of cyber crime, but in most cases these are insufficient. Yes, blocking what is coming into the environment is useful and necessary. Yet, this can be accomplished by less expensive and potentially more selective means than are often employed. Furthermore, risk-based approaches—coupled with a focus on what is leaving the IT environment as well as on what is entering it—hold potentially greater value than traditional securitybased, “wall-and-fortress” strategies. By shifting the security focus to include monitoring and identifying data that leaves the environment, financial institutions can then detect activities that may alert them to the presence of an intruder in the system.

This approach can help an enterprise shift away from building a “great wall” against threats, and move toward employing greater resources to address the most significant ones. It takes effort, expense, training, and resources to develop a system of categoris¬¬ation by value and to track data after it leaves the organization. But once in place, it pays for itself in many times over in efficiency and effectiveness. In a nutshell, the benefits of a risk-based approach include the ability to: + Develop a more in-depth understanding of an IT environment, and of its strengths and vulnerabilities. + Accrue actionable risk intelligence + Define the value and risk-related significance of categories of data, and prioritize and protect them accordingly + Analyze previous security incidents to identify “lessons learned” + Identify customers, suppliers, service providers, and other parties that have compromised devices inside their networks + Analyze malicious code on compromised machines to develop cyber intelligence. + Track compromised data that has left or is leaving the company + Understand the company’s susceptibility to persistent, sustained access by cyber criminals

Priorities and Values A risk-based approach starts with the assumption that an unauthorized user can gain access to the system. With this in mind, the company undertakes a process of threat modeling in which security experts look at the entire IT environment and document threats—existing or emerging—and their potential impact on the security posture of the company. Through this process, a financial institution can achieve a better understanding of its IT environment, the ways that business processes overlay that environment, and finally, the security controls that are either in place or needed. Given the creativity and resourcefulness of cyber

Conclusion With regulators stepping up their game and the public increasingly tuned in to compliance failures and their repercussions, financial institutions need to pay closer attention to the gaps in their AML systems. Identifying these gaps is a critical function for businesses in the financial services industry, and when fed with the right information and managed with updated controls, AML programs may protect the business from risks across products, geographies, regulatory regimes, and customers.

In an ever more complex and globalized business environment, it is critical that financial institutions use effective data information management practices to assess their specific AML risks. A lack of rigid security policies and processes in place will increase the chances of an attack on the company, whether it is for gathering sensitive information, disrupting the computer systems, financial gain or for the sake of affecting the company’s reputation and stakeholder confidence. Bringing together fraud risk management and anti-money laundering functionality onto a single platform provides a more comprehensive view of a financial institution’s financial crime risk. Apart from being a cost-effective way to leverage costs, a combination of these efforts will also align detection activities with the way the modern-daycriminal perpetrates fraud across multiple channels, products and devices.

Politically motivated attacks seem to be causing a lot of issues, but the proliferation of malware and phishing attacks designed to source profit from individuals mean that any financial institution that collects or stores data is at risk of a breach. The costs of noncompliance can be damaging and long-lasting, including monetary losses (i.e. fines, legal costs, etc.), reputational damage related to loss of customer and investor confidence, and operational risk, with legal actions such as ceaseand-desist orders taking a bite out of the bank’s core businesses.

SOURCES WWW.DELOITTE.WSJ.COM WWW.FRAUDWATCHINTERNATIONAL.COM WWW.PWC.COM WWW.MCAFEE.COM WWW.BIS.ORG WWW.FATF-GAFI.ORG ESSENTIAL STRATEGIES FOR FINANCIAL SERVICES COMPLIANCE – ANNIE MILLS

FUNDING OF TERRORISM

SOURCE

WWW.YNETNEWS.COM

TURKEY TO FREEZE ASSETS WITH AL-QAEDA, TALIBAN The Turkish government has issued a resolution to freeze the assets of individuals and corporations known to have links to the terrorist al-Qaeda and the Taliban in an effort to remove itself from a “gray list” compiled by an international body that combats terrorism financing. The resolution approved by the Cabinet was published in the Oct 10 issue of the Official Gazette and has gone into force. Turkey will freeze the assets of 349 individuals and 67 corporations as per the decision. Turkey has long been under pressure by the international community for its lack of action against the financing of terrorism. Turkey was placed on a “gray list” along with countries such as Syria, Ethiopia, Cuba and Kenya, compiled by the Financial Action Task Force (FATF). “Gray list” countries are thought to have not done enough or not be committed to the FATF’s action plan to address their deficiencies in combating financing terrorism. The reason Turkey was placed on the list is due to its failure to comply with a UN Security Council resolution on freezing assets owned by individuals affiliated with the terrorist organizations al-Qaeda and the Taliban. Turkey had long dragged its feet on supporting the resolution but gave in to international pressure and adopted a law against the financing of terrorism earlier this year. It also adopted a resolution including recommendations of the UN Security Council, which was published in the Official Gazette. The resolution orders that the assets of 130 real and four corporate persons determined to have links to the Taliban and 219 individuals and 63 corporations with links to al-Qaeda be frozen.

Financial sanctions are relevant primarily to the financial services sector. However, they are also binding on any person, company or entity, including practitioners such as lawyers and accountants and individual citizens, who may hold funds, financial assets and economic resources affected by the sanctions.

certain financial transactions or the provision of financial assistance to designated individuals and entities. A useful source in this regard is the ‘Sanctions Implementation’ section on the website of the MFSA which is however neither authoritative nor complete. In fact, the use of such source should not be considered to be a substitute for the Banks’s own independent research for such purposes. Likewise, Court Orders relating to the freezing of funds may be viewed on the website of the FIAU . Such searches can be only effected once the identification information (as better indicated under ECDD procedures) has been obtained due to possible variations in name and date of birth which may result in false positives.

In most cases financial sanctions impose the duty to freeze the funds, financial assets and economic resources belonging to, owned, held or controlled by designated (listed) individuals and entities, or by individuals or entities acting on their behalf or at their direction, or by entities owned or controlled by them; and prohibit the making available of funds, financial assets or economic resources to or for the benefit of designated individuals and entities. Financial sanctions may also prohibit the provision of certain financial services and

SOURCES

WWW.MFSA.COM.MT

WWW.FIUMALTA.ORG

MULTI-MILLION DOLLAR CIGARETTE SMUGGLING RING WITH POSSIBLE LINKS TO TERRORISM Fifteen men of Palestinian origin have been arrested on charges of running a multi-million-dollar cigarette smuggling ring in New York, several of whom have ties to Hamas and other Islamist groups, according to New York authorities who detained the suspects.

to very dangerous people, we know they were arrested with weapons, we know that they made tens of millions of dollars but so far we have found only a fraction of that.” In a 224-count indictment, the men are charged with enterprise corruption, money laundering and other tax crimes, for which each defendant faces up to 25 years in prison if convicted. In addition to costing New York State and New York City an estimated $80 million in lost sales tax revenue, the ring generated at least $10 million in profit, Schneiderman and Kelly said.

The men are accused of smuggling more than a million cartons of untaxed cigarettes from Virginia to be sold in grocery stores across New York, with $55 million in sales uncovered so far, Eric Schneiderman, the New York Attorney General, and Ray Kelly, the New York City police commissioner, revealed.

None of the men lived extravagantly, Schneiderman said, adding that this supported the idea the money was being funnelled elsewhere.

“We don’t know where all of that money went, but what we do know is deeply troubling,” Schneiderman said. “We know that some members of this group have ties

TERRORISTS SLAUGHTER AFRICAN ELEPHANTS TO FINANCE OPERATIONS A growing number of terrorist groups in Africa are turning to the illegal trade of elephant tusks to finance their operations, cashing in on a massive demand for ivory spurred by a burgeoning, wealthier middle class in Asia.

Somali armed gangs have been poaching elephants in and around Kenya for many years, but al-Shabab has only recently started to exploit this situation. The investigation by Mr. Crosta and Mr. Kalron estimates al-Shabab’s monthly ivory income to be $200,000 to $600,000

Al Qaeda-affiliated al-Shabab in Somalia, Joseph Kony’s Lord’s Resistance Army in central Africa and Boko Haram in Nigeria are among the militants making money from trafficking ivory tusks from slaughtered elephants to pay their fighters and buy arms and ammunition. “For al-Shabab, ivory, like charcoal, is just a fast and relatively easy way to make some cash, which is needed first of all to pay a salary to its militants, estimated at around 5,000 people,” said Andrea Crosta, executive director of Elephant Action League, who along with Nir Kalron, chief executive officer of the private security firm Maisha Consulting, has recently investigated al-Shabab’s links to ivory trafficking. “The well-organized network that al-Shabab has in Kenya, the weak wildlife law and the scores of Kenyans willing to risk their life to make some money make the traffic in ivory easy, profitable and low-risk,” Mr. Crosta said.

SOURCES

WWW.TELEGRAPH.CO.UK

WWW.WASHINGTONTIMES.COM

MFSA WARNINGS

SCAM EMAILS TARGETING MALTESE CONSUMERS The Malta Financial Services Authority (MFSA) has become aware of recent scam emails targeting persons in Malta offering various financial services including unsecured loans at beneficial rates. The MFSA wishes to caution the public against replying to such emails and to refrain from providing personal details to unknown persons and entities.

The MFSA would like to remind consumers of financial services not to enter into any financial services transaction unless they have ascertained that the entity with whom the transaction is being made holds a licence to provide such services from the MFSA or another reputable financial services regulator.

ST. PUBLIUS CORPORATE SERVICES LIMITED The Malta Financial Services Authority (MFSA) has become aware that the Malta-registered company St. Publius Corporate Services Limited (C 50180) having its registered address at 22/12, Vincenti Buildings, Strait Street, Valletta VLT 1432, Malta, and having an internet presence at http://www.stpublius.com/ is offering a number of services including what appear to be trustee and fiduciary services. An individual of German nationality by the name of Peter Knappertsbusch is known to be the person behind this company. The MFSA wishes to alert the public, in Malta and abroad, that the above-mentioned company and individual are NOT licenced by the MFSA to provide any type of financial service including trustee and fiduciary services. Furthermore the website operated by the company contains incorrect, misleading and unreliable information.

REDEVELOPMENT CORPORATION INTERNATIONAL LTD OPERATING UNDER TRADE NAME “FOREXPERTI” The Malta Financial Services Authority (MFSA) has become aware of an entity - Redevelopment Corporation International Ltd - operating under the trade name of “Forexperti” which is known to have an internet presence at https://www.forexperti.com/. This entity purports to offer a platform for Forex trading with a physical address at Valletta, Malta.

In terms of article 4(1)(c) of the Malta Financial Services Authority Act, one of the MFSA’s functions is to keep the general public informed of important developments in the sector that it regulates, and to provide the public with relevant information and guidance. Article 16(8) of the Malta Financial Services Authority Act also provides that: Any administrative or disciplinary sanction or measure, of whatever type, including reprimands or warnings, imposed or decided by the Authority under any law for whose administration it is responsible, shall be subject to publication in such medium and in such manner and for such duration as may be deemed warranted by the circumstances and the nature and seriousness of the breach or wrongdoing.

The MFSA wishes to alert the public, in Malta and abroad, that the above mentioned is NOT a company registered in Malta NOR is it an entity licenced by the MFSA to provide any type of licensable financial service. Accordingly, the MFSA warns the public against dealing with this entity.

A list of entities licensed by the MFSA is available from the Malta Financial Services Authority, and can be viewed on the MFSA website at www.mfsa.com.mt.

FATF IDENTIFIES JURISDICTIONS WITH STRATEGIC DEFICIENCIES The Financial Action Task Force (FATF) is the global standard setting body for anti-money laundering and combating the financing of terrorism (AML/CFT). In order to protect the international financial system from money laundering and financing of terrorism (ML/FT) risks and to encourage greater compliance with the AML/CFT standards, the FATF identified jurisdictions that have strategic deficiencies and works with them to address those deficiencies that pose a risk to the international financial system. The MFSA would like to draw the attention of licence holders to the recent publication of two public documents by the Financial Action Task Force (FATF) which have identified countries considered to have strategic deficiencies regarding anti-money laundering and combating the financing of terrorism (AML/CFT). 1. a.

High-risk and Non-cooperative Jurisdictions: Jurisdictions that have strategic AML/CFT deficiencies and to which counter-measures apply; and

+ Iran + Democratic Peopleâ&#x20AC;&#x2122;s Republic of Korea (DPRK) Jurisdictions with strategic AML/CFT deficiencies that have not made sufficient progress in addressing the deficiencies or have not committed to an action plan developed with the FATF to address the deficiencies. b.

+ Algeria + Ecuador + Ethiopia

+ Indonesia + Kenya + Myanmar

+ Pakistan + Syria + Tanzania

+ Turkey + Yemen

Additionally, the FATF calls on its members to consider the risks arising from the deficiencies associated with each jurisdiction Jurisdictions which have strategic AML/CFT deficiencies for which they have developed an action plan with the FATF: 2.

As part of its on-going review of compliance with the AML/CFT standards, the FATF has to date identified the following jurisdictions which have strategic AML/CFT deficiencies for which they have developed an action plan with the FATF. + + + + +

Afghanistan Albania Angola Antigua and Barbuda Argentina

+ + + + +

Bangladesh Cambodia Cuba Iraq Kuwait

+ + + + +

Kyrgyzstan Lao PDR Namibia Nepal Nicaragua

+ + + +

Sudan Tajikistan Vietnam Zimbabwe

Jurisdictions not making sufficient progress + Mongolia Jurisdictions no longer subject to the FATFâ&#x20AC;&#x2122;s on-going global AML/CFT compliance process + Morocco + Nigeria The FATF continues to identify additional jurisdictions, on an on-going basis, that pose a risk to the international financial system and calls on these jurisdictions to complete the implementation of action plans expeditiously and within the proposed timeframes. Licence holders should give consideration to the abovementioned documents and are directed to implement the measures set out under the FIAU Implementing Procedures (Part I) - especially Chapter 8, Section 1 - when undertaking any business with any of the jurisdictions listed in the public statements.

SOURCE

WWW.FATF-GAFI.ORG

Corporate Headquarters 106 Southville Road, Southborough, MA, 01772 USA. T. +1.617.778.7807 W. www.credorax.com European Headquarters Palazzo Homedes, 80 Strait Street, Valletta VLT 1436, Malta. T. +356.2778.0948 UK Headquarters 68 Lombard Street, London, EC3V 9LJ, United Kingdom. T. +44.20.358.22443 Israel Headquarters 20 Lincoln Street, Floor 15, Tel Aviv, 67134, Israel. T. +972.3.5652266