ACFCS Back to the Future of Fincrime Snapshot Day Two: The 411 on PPP, human trafficking red flags, AI and AML, Crypto compliance and more

The Skinny:

  • Day Two of ACFCS’ Back to the Future of Fincrime Virtual Summit saw registrations soar past 4,200, with professionals across the spectrum of financial crime attending nearly a dozen general sessions and breakout roundtables on a broad array of current, relevant and vexing topics.
  • Speakers tackled the billions of dollars in fraud tied to the U.S. government’s Paycheck Protection Program, the nuanced transaction trails of human traffickers, the power and promise of AI and the risks, rancor and resources needed to bolster crypto compliance, and more.
  • The second day of the conference built on a powerful Day One offering insight on the nexus between crypto value and terror groups, upcoming changes to the U.S. financial crime compliance and sanctions regimes, keys to breaking down corporate opacity barriers, cyberattack and defense strategies and more.

By Brian Monroe
bmonroe@acfcs.org
January 27, 2021 

Day Two of ACFCS’ Back to the Future of Fincrime Virtual Summit saw registrations soar past 4,200, with professionals across the spectrum of financial crime attending nearly a dozen general sessions and breakout roundtables on a broad array of current, relevant and vexing topics, touching on technology, the need for human expertise and continued calls for convergence.

Top minds from the financial crime and compliance field offered insight, guidance and tips on historical and emerging threat vectors, including the billions of dollars in fraud tied to the U.S. government’s Paycheck Protection Program, the nuanced transaction trails of human traffickers, the power and promise of AI and the risks, rancor and resources needed to bolster crypto compliance.

The second day of the conference built on a powerful Day One where attendees learned to better understand the nexus between crypto value and terror groups, upcoming changes to the U.S. financial crime compliance and sanctions regimes, keys to breaking down corporate opacity barriers, cyberattack and defense strategies and more.

Here are some Day Two snapshots:

Pandemic of Scams – Fighting Unemployment Fraud and Preparing for the Next Wave

During COVID lockdowns, national and state governments pumped money into economic relief programs with remarkable speed, and fraudsters moved nearly as fast to exploit the same programs for breathtaking ill-gotten gains.

In the US, state unemployment programs were hit with fraud on a vast scale, with billions of estimated losses tied to domestic grifters and international organized crime groups.

This epidemic of fraud has major implications for financial institutions, which have been faced with stopping false claims, collaborating with law enforcement, and even returning fraudulent funds.

As part of the CARES Act passed by Congress in March 2020, it created a system where more than half a trillion dollars was earmarked for small businesses under the Paycheck Protection Program (PPP), where banks were charged with doling out loans to businesses that could be morphed into grants if the business kept or rehired employees.

The onus was on speed to prop up a foundering economy, with banks given little incentive to engage in deep AML due diligence or think about countering fraud – until after the fact.

As a result, government watchdogs estimated the billions of dollars went to fraudsters through sham PPP loans and scams tied to unemployment assistance siphoned away by illicit groups diverting funds from individuals already hanging on by a financial thread.

Even with the exotic and creative ways scammers stole billions of dollars from the U.S. government tied to pandemic relief plans, they are typically all examples of the “fraud triangle,” said Jim Richards, the former head of AML at Wells Fargo.

So what are the three pieces of the classic fraud triangle?

“Opportunity, pressure and rationalization,” he said. “When those elements come together, they form the classic fraud triangle.” 

Richards noted that banks, even when dealing with large scale frauds, should try to parse out the investigation into several buckets to help better separate illicit transactions from normal banking activity.

What questions do you ask?

“What is there that should be there?” he said. Next? “What is there that should not be there. Then find out what is not there that should not be there. And lastly, find out what is not there that should be there.”

But what should banks be doing now that another wave of PPP loans are moving through the banking and business worlds?

Here are some tips from the panelists to try and help prepare for or prevent PPP funds from going to fraudsters:

  • Do a negative news sweep on the entities or owners of the business.
  • Review incorporation dates and public records, including the company incorporation date, to see if the operation was just created.
  • Review if the borrowers are related to the business and in what way. Are they owners, executives, or lower ranking worker bees?
  • Scrutinize the balance between the estimated payroll cost with the number of employees. Is it a 50 person business asking for $500,000 or a five person business asking for $10 million?
  • Do some basic OSINT and geo searching. Is the business in a house in a residential neighborhood? That is one red flag. Does this home-based business somehow employ 100 people? Not likely.

If the loan is being requested by an existing customer, what is the new behavior versus prior historical behavior, either frequency and size of transactions, regions and retailers. 

If possible, use OSINT software and platforms to review devices, locations and anomalies.

Look at what bank account is designated to receive the PPP loan funds. If the destination is a personal account, that is a loudly waving red flag.

Dialogue Session – Building Your Toolkit Against Human Trafficking

While the pandemic scrambled the operations of human traffickers, human trafficking remains an insidious and highly profitable crime.

One of the fastest growing crimes today is Human Trafficking. It is a lucrative business, with an estimated $150 billion dollars in profits generated each year. The financial industry, however, is uniquely positioned to combat this heinous crime.

Fortunately, investigators and fincrime compliance professionals have powerful tools at their disposal to take on traffickers, from online research to transaction monitoring rules.

In a poll during the session, it revealed that for some banks attending the conference, they are still working to understand the red flags of human trafficking groups and get those policies and rules woven into their human and automated transaction systems.

Below are some helpful indicators and resources to assist banks in their efforts to detect behavior that could indicate a human-trafficking situation, including key tactics and insight from panelists. 

To visit the ACFCS resource page, click here.

One key tactic to uncover potential ties to trafficking groups in your institution is looking for accounts and transactions evincing atypical sources of income, according to David Creamer, Director of AML Solutions Delivery at Scotiabank and Rosie McWhorter, an experienced human trafficking investigator.

Some examples include:

Cash Deposits

  • Excessive deposits, particularly in round amounts, like $50, $150 and $200.
  • Abnormally timed deposits, such as between 10 p.m. and 6 a.m.
  • Large denomination deposits.
  • Deposits in multiple cities, particularly if they are close to each other.

Peer to peer payments (EMT, Venmo, etc.)

  • Payments in round consistent amounts.
  • Multiple originators with some repetition.

Payroll

  • Multiple payroll deposits into one account.
  • Multiple deposits from processors for online adult content, such as Fenix, Onlyfans and the like.

One key to uncover traffickers: look for frequent card cancellations

What’s more, now is the ideal time to more aggressively gather and share knowledge on this crime.

January is Human Trafficking Prevention Month with January 11 designated as being National Human Trafficking Awareness Day, an effort to focus more attention on a growing problem with tethers to financial crime compliance teams and law enforcement agencies at every level.

Despite increasing understanding of geographic trafficking routes, resources and sharing on financial red flags from both the public and private sectors, the trafficking of persons – for illicit aims including sex trafficking, forced labor and more – remains a growing criminal enterprise affecting tens of millions of victims and continues to challenge financial institutions in the areas of detection and prevention.

But that is something the teams at Scotia and Capital One are working on to better understand – with some unexpected results.

In one humorous piece of the presentation, Creamer highlighted how a minister or priest can have the same transaction patterns as a human trafficker, a parallel the bank uncovered by accident.

Both groups are “traveling within their own area, staying at hotels, frequently renting cars, collecting a lot of cash and depositing it,” he said, adding that a way to differentiate between the two is that a trafficker would not have “normal payroll or normal personal expenses.”

But AML analytics teams also uncovered what Creamer considers the “Number One indicator” that the bank sees for human trafficking: frequent cancelations.

What is an example of that?

When a trafficker, for instance, makes a reservation for five hotel nights, putting $500 on the credit card. But then shows up at the hotel and asks to cancel the card transaction so the person can pay the $500 in cash.

The traffickers “think they are being clever with the cancellations,” he said. “But that itself leaves a marker. It sticks out like a sore thumb.”

Traffickers using multiple value streams to evade detection

With more organized criminal groups attempting to take advantage of migrant crises in Europe, the Americas and other regions – in some cases exacerbated and inverted due to the COVID-19 pandemic, these trends have only served to heighten the prevalence of human trafficking in many regions.

In tandem, these rising and shifting trends have increased the presence, pressure and scrutiny required of financial institutions to uncover and report on the diffused financials ties to larger trafficking networks.

Over the past decade, even before guidance on human trafficking was released by the Paris-based Financial Action Task Force (FATF) in 2011 and more recently in 2018, and by the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) in 2014, many large domestic and international banks have been proactively creating trafficking typologies and tuning systems to better uncover operations that could be trafficking in persons.

But even with such guidance – which in the case of FinCEN calls for knowledge of these red flags down to the teller level – uncovering the financial and transactional tells of a business that could be tied to a human trafficking operation can be difficult.

These types of investigations must inculcate analyzing classic aberrant activity, such as large transactions that don’t make sense paired with regions of the world associated with trafficking routes, with a more nuanced eye – such as a massage parlor or nail salon that does most of its business in credit cards between midnight and 2 a.m.

In recent years, local and federal law enforcement agencies have notched some big wins against trafficking groups, including stings in recent months capturing hundreds of the trafficking syndicate’s leaders and rescuing dozens of victims – in some cases in just one operation.

But criminals have responded.

They are moving funds into crypto coins and buying them with anonymous prepaid cards, attempting every trick imaginable to prevent banks from putting all the pieces of the illicit network together – including canceling credit cards nearly a dozen times a year.