ACFCS Fincrime Virtual Week Takeaways Part One: More convergence, collaboration needed by banks, regulators, investigators to counter pandemic-fueled fraud, cyber-enabled attacks

AML compliance conference ACFCS

The Skinny:

  • More than 5,600 financial crime compliance professionals registered for the Association of Certified Financial Crime Specialists’ (ACFCS) first-ever fully online conference – Fincrime Virtual Week.
  • The five-day event had the overarching themes of “Disruption, Innovation and Resiliency” with 30-plus sessions and dozens of speakers, including top federal regulators, investigative agencies and thought leaders from the banking, consulting, insurance, crypto and other financial services sectors.
  • The event highlighted the vital importance of collaboration, between banks, law enforcement and regulators, including illuminating the opacity of impenetrable beneficial ownership structures.
  • As well, even as counter-fraud teams have noticed a surge in scammers trying to defraud customers during the pandemic and move funds into virtual coins, crypto investigative firms have responded with a more powerful analytical arsenal that in one high-profile case helped track down a foreign hacking group in just weeks.
  • One of the best surprises of the conference was the creativity of professionals in a more amusing form of visual data analytics – drawings, pictures and full-fledged pieces of art to capture not just the key themes of Fincrime Virtual Week, but the engaged and ebullient spirit of speakers and attendees.

By Brian Monroe
bmonroe@acfcs.org
August 12, 2020 

More than 5,600 financial crime compliance professionals registered for the Association of Certified Financial Crime Specialists’ (ACFCS) first-ever fully online conference – Fincrime Virtual Week – addressing the overarching themes of Disruption, Innovation and Resiliency.

The event covered five days of learning between Aug. 3 and Aug. 7 with 30-plus sessions and more than three dozen speakers, including top federal regulators, investigative agencies and thought leaders from the banking, consulting, insurance, crypto currency and other financial services sectors.

Overall, the event highlighted the vital importance of collaboration, between banks, law enforcement and regulators, including illuminating the opacity of impenetrable beneficial ownership structures and finding a way to provide such information to institutions subject to anti-money laundering (AML) rules, transparency watchdogs and journalists.

As well, even as compliance and counter-fraud teams have noticed a surge in scammers, spammers and hackers trying to defraud customers as a result of the coronavirus pandemic and move those funds into seemingly anonymous virtual coins, crypto investigative firms have responded with a more powerful analytical arsenal that in one high-profile case helped track down a foreign hacking group in just weeks.

Panelists also noted that the worlds of brick-and-mortar banking and crypto currency have grown ever so closely together, with recent statements by federal and state regulators giving tacit approval for banks to have custody of virtual value, just as they would funds or securities.

These statements coincide with these agencies being more willing to publicly say which crypto exchanges that they have more business continuity and compliance confidence, potentially resulting in a tectonic shift in the perception of the crypto world as a rollicking roller coaster of imaginary Internet money into simply just another store of value.

One of the most surprising takeaways of the event is that even with the most loudly buzzing buzzwords promising to solve the ever-present enigma of fincrime compliance – artificial intelligence, automation, machine learning, lowering false positives and raising efficiency and effectiveness – these tempting technologies are just tools.

They are nothing without being paired with a savvy, well-trained and experienced human decision-maker.

While ACFCS went into this event with the themes of disruption, innovation and resiliency and wanting to teach and share knowledge, we ended up learning important lessons as well.

The biggest theme we walked away with was the theme of community and looking out for each other.

In ways large and small professionals from across the financial crime and compliance spectrum, whether new to the field or longtime respected experts, connected, collaborated and shared war stories for the best reason of all: to help each other.

The groups, from the U.S., Europe, Canada, India, the Netherlands and other regions, shared practical, elbow grease tactics to help overcome many of the largest hurdles professionals encounter today – including one of the main reasons programs don’t move forward, inured in the inertia of good enough.

One of the best surprises of the conference was the creativity of professionals in a more amusing form of visual data analytics – drawings, pictures and full-fledged pieces of art to capture not just the key themes of Fincrime Virtual Week, but the engaged and ebullient spirit of speakers and attendees.  

Here are some snapshots and key takeaways from speakers, attendees and panels of the event:

  • Oppose ownership opacity: The U.S., and the rest of the world, must do more to crack open beneficial ownership bastions and cripple illicit networks.
  • Adjustments, enforcement retrenchments: Banks, and regulators, have had to adjust to the pandemic with fewer exams and more focused COVID-based risk assessments. In many cases, examiners can’t visit banks to do onsite exams, so overall enforcement actions, including for AML failures, have fallen precipitously.
  • Mind your Ps, Qs and Fs (for fraud): Banks, corporates and their customers are also dealing with an explosion of fraud tied to COVID-19, including Paycheck Protection Program (PPP) loans, along with tainted email queries tied to personal protective equipment (PPE) and stimulus loans and purported snake oil cures from fraudsters trying to get banks and people to click on diseased links.
  • Sharing is more than caring, it’s necessary: The importance of stronger public and private partnerships between banks and law enforcement. In some cases, banks should literally have the names and cell phone numbers of local and federal investigators in their region.
  • From frontline to phalanx: Speakers also touched on the need to extend expansive, broad spectrum financial crime compliance training, including on the red flags of human trafficking, to front line and business line employees, turning AML from a reactive, forensic exercise to a proactive ally of law enforcement and phalanx against financial crime.
  • Socially distanced digital identities: One compliance professional noted also that the pandemic had one positive: accelerating bank migration and acceptance of digital documentation because customers are locked down and must practice social distancing.
  • All work and no play – oh yes, we played alright: ACFCS staff, attendees, thought leaders and one of the winners of a certification scholarship for professionals in human trafficking held court at a rousing reception that included games, giveaways and art on the fly.

Day one: Facing a changed world together

The day started with some inspiring words from ACFCS President Joseph Yerant, noting that the “most challenging times bring us the most valuable lessons.”

The first session helmed by Jim Richards, the former top AML Officer at Wells Fargo and Scott Rembrandt, Deputy Assistant Secretary for Strategic Policy (TFFC), U.S. Department of the Treasury, tackled the issues of beneficial ownership and analyzed the perceived gulf between the timely, relevant intelligence required by investigators and the way it should be gathered, according to regulators.

The general takeaway: the filings produced by banks are not going into a black hole, but are in fact the foundation of many investigations across law enforcement and further ongoing inquiries by domestic and foreign investigators.

As well, several top government agencies, including the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) are in engaged in a broad initiative to better quantify the contributions and intelligence value of the millions of filings by banks and other financial institutions.

That is welcome news as these efforts to produce millions of suspicious activity report (SAR) and customer transaction report (CTR) filings annually cost the industry billions upon billions of dollars in terms of human capital, investigative technologies and resources to appease examiners.

FinCrime After COVID-19 – Navigating the New Normal

In the second session Monday, the panel included an “All Star” group across the public and private sectors, including:

  • Sonia Desai, Head of International Compliance, Charles Schwab
  • John Tobon, Supervisory Special Agent, Homeland Security Investigations
  • Jim Vivenzio, Senior Counsel, BSA/AML, OCC
  • Patty O’Connor, President, Compliance Strategy Group (CSG)

The group noted a bevy of trends, such as:

The explosion of shell companies by criminal groups and them trying to further muddy the money trail by moving funds from fraud and cyber hacks through virtual currencies.

The challenge of compliance: Everything is taking longer, in some cases double, triple or more to ensure a “culture of compliance” permeates employees at all levels.

To better protect customers, some banks are even creating counter-fraud resources to not just share with compliance, but extend these to customers to prevent them from being taken advantage of by more aggressive scammers and spammers attempting to get access to funds and data.

Day Two: Cryptocurrency, compliance trends and blockchain investigative techniques

Key takeaways:

Panelists from many of the top crypto exchange and investigations firms engaged in a a dissection and anatomy of the recent Twitter hack that saw scammers take control of the accounts of Bill Gates, Barrack Obama and others.

The hack resulted in these individuals falsely saying that if individuals sent them thousands of dollars in Bitcoin, they would send back double.

What was remarkable for many attendees was that the case was solved and hackers involved tracked down in a surprisingly short time: 16 days, due chiefly to the transparency and immutability of the blockchain and gumshoe tactics of crypto sleuthing firms.

When it comes to Bitcoin analysis and divining transaction trends, analysts have been successful at clustering based on co-spending techniques.

They also detailed some of the fundamentals of tracing cryptocurrency, including linking a seemingly random string of numbers and letters, the hash tied to Bitcoin blockchain transactions, to the flesh-and-blood individuals and shell companies behind them – even when obvious names and ties are nebulous at best.

Day two included a standout panel taking a voyage into virtual worlds: “Digital Assets, Cryptocrime and Compliance – Trends and Case Studies.”

The world of digital assets has shifted dramatically in recent years, with growing crypto business models, institutional adoption and interest from financial institutions.

Even so, criminal risks in crypto still persist and can’t be ignored, from darknet market transactions to sanctions evasion.

The session explored the current state of crypto risk and offered practical advice to financial institutions in the real and digital worlds wondering what comes next.

  • Jeff Horowitz, Chief Compliance Officer, Coinbase
  • Jonathan Levin, Co-Founder, Chainalysis
  • Lana Schwartzmann, Chief Compliance Officer, Paxful
  • The panel’s insight also captured the attention of journalists at Cointelegraph in a story you can read here.

With crypto exchanges, investigators and crypto analytics firms coming together to uncover the culprits of the Twitter hack in just 16 days, Lana Schwartzmann, chief compliance officer for Paxful, said it was “quite amazing how different this is from what we’d see in the traditional fiat world. You’d never have this resolved so quickly.”

Coinbase’s chief compliance officer Jeff Horowitz, agreed and noted that when it came to the Twitter hack, the conversation quickly changed from crypto being a lawless virtual borderlands to industry and investigator ally.

“The story quickly changed to ‘how is crypto partnering with law enforcement to track this issue?’”

The panel also highlighted that with a change in the conversation around crypto, it also leads to a shift in the perception of risk and an overall rise in institutional comfort and interest, according to Cointelegraph.

Horowitz continued to describe major improvements to conversations about regulation and crypto over the course of “maybe the past one to two years,” according to the report.

Jonathan Levin, a co-founder of Chainalysis, a firm that helped track the Bitcoin in the Twitter hack to 17-year-old Graham Clark, compared the estimate of $10 million laundered in Bitcoin each day to the total amount moving on the blockchain, which is miniscule. 

“There’s more than a billion dollars moved on the bitcoin blockchain per week, so this is still a very small amount of value compared to what is being moved on the blockchain.”

Institutions, said Levin, are very engaged in weighing how to onboard crypto, but noted that “This is not a when or an if, this is a how.”

An audience poll during the panel found lack of regulatory guidance to be the primary barrier to financial institutions working with crypto.

When an entire sector is risky, how do you know when to re-risk, de-risk or simply deploy more monitoring resources?

The question of fincrime compliance risk ranking – a core component of any AML program and typically data-driven and resource-intensive exercise that sensitizes the transaction monitoring system – in what many already consider a high-risk sector, crypto, can be a challenge.

So how does a crypto analytics firm broadly gauge virtual asset entity and transaction risks?

Here is a snapshot from Peter James, Training Specialist, Chainalysis, during the “Cryptocurrency Fundamentals and Investigative Techniques Workshop.”

Low risk:

  • Exchanges
  • Hosted Wallets
  • Merchant services
  • Mining Pools

Medium:

  • Crypto ATMs
  • Gambling
  • Mixers

High:

  • Darknet Markets
  • Scams
  • Hacks
  • Stolen funds
  • Ransomware

Severe:

  • Terrorist financing
  • Sanctions
  • Child exploitation

ACFCS Fincrime Virtual Week Conference Day Two Finial: A snapshot from our Crypto and Coffee chat

On July 23, 2020, the Office of the Comptroller of the Currency (OCC) released an Interpretive Letter #1170 confirming that custody of cryptocurrency and crypto-assets are really an extension of traditional banking services, similar to how banks hold fiat currency, securities and even physical items in safe deposit boxes.

Therefore, a bank holding the keys on behalf of customers that correspond to their crypto funds would be considered permissible activities for national banks and federal savings associations from the perspective of regulators.

Banks could even help offer stronger cyber defenses against recent exchange hacks.

That letter is a “big deal and could be a turning point for a lot more banks to get into the space,” said Joe Ciccolo, head of crypto compliance consulting firm BitAML, and a speaker during the mid-day “Crypto and Coffee” session on Day Two of ACFCS Fincrime Virtual Week.

The OCC letter “could be a wakeup call for banks that shunned Bitcoin or haven’t had that serious conversation with their compliance department and board.”

ACFCS Financial Crime Virtual offerings
The OCC letter “could be a wakeup call for banks that shunned Bitcoin or haven’t had that serious conversation with their compliance department and board.”
Joe Ciccolo
- Joe Ciccolo, head of crypto compliance consulting firm BitAML 
Designer