In this week’s Financial Crime Wave, an analysis of why both banks and analysts are rosy on the rise of regtech to bolster the effectiveness and efficiency of financial crime compliance programs, a look at hefty billion-dollar anti-money laundering and sanctions penalties against Dutch and French banks, a new warning on business email compromise attacks, and more.


The rise of regtech: Interest growing in innovative technology companies that can wield AI, new ideas to tackle classic, emerging AML challenges

The technology discourse in financial services has most recently been dominated by fintech. However, interest in regtech is growing. Regtech is generally recognised as technology that addresses a regulatory challenge faced by a financial services provider, including monitoring, reporting and compliance obligations. It often uses automation and machine learning (ML) tools to simplify processes and reduce cost, time and effort. There is a head of steam building around regtech that’s driven by the confluence of interest from regulators, large and small banks and fintech providers. Regulators have long been protagonists of innovation as a means of finding the most practical and efficient solutions to obtain information and protect the interests of consumers. The UK’s Financial Conduct Authority (FCA) launched FCA Innovate in October 2014 and has run several technology-focused initiatives, including a series of problem-focused TechSprints to encourage a collaborative approach to regulatory issues.

More recently, the FCA issued a call for input on using technology to achieve smarter regulatory reporting, which it will report on later this year. These initiatives offer banks and fintech providers the space and support to provide their views and develop viable, compliant regtech solutions. Banks are interested in regtech because of the potential win-win of saving costs and automating complex tasks to achieve more accurate and reliable results. For challenger banks and neobanks, there is also the opportunity to set up scalable regtech solutions at the start of their growth curve. Larger, more established banks generally have more challenges with migration from their legacy platforms and solutions, but the savings and efficiencies from regtech may still be substantial, (via Banking Tech).


India allowing oil refiners to use Iran tankers, in direct defiance of stepped up U.S. sanctions pressure

India is allowing state refiners to import Iranian oil with Tehran arranging tankers and insurance after firms including the country’s top shipper Shipping Corp of India (SCI) halted voyages to Iran due to US sanctions, sources said. New Delhi’s attempt to keep Iranian oil flowing mirrors a step by China, where buyers are shifting nearly all their Iranian oil imports to vessels owned by National Iranian Tanker Co (NITC). The moves by the two top buyers of Iranian crude indicate that the Islamic Republic may not be fully cut off from global oil markets from November, when US sanctions against Tehran’s petroleum sector are due to start. President Donald Trump ordered the reimposition of economic curbs after withdrawing the United States from a 2015 nuclear deal between Iran and six world powers. No one trading with Iran will do business with America, he said.

New Delhi turned to the NITC fleet after most insurers and reinsurers had begun winding down services for Iran, wanting to avoid falling foul of the sanctions given their large exposure to the United States. SCI had a contract until August to import Iranian oil for Mangalore Refinery and Petrochemicals Ltd (MRPL), two sources familiar with the matter said. Eurotankers, which had a deal with MRPL to import two Iranian oil cargoes every month, has also said it cannot undertake Iranian voyages from September, the sources said. India wants to continue buying oil from OPEC member Iran as Tehran is offering almost free shipping and an extended credit period. State refiners, which drove India’s July imports of Iranian oil to a record 768,000 barrels per day, had planned to nearly double oil imports from Iran in 2018/19, (via NDTV).


In surging scourge of business email compromise schemes, most scammers seek wire transfers

Business email compromise attacks appear to be too lucrative for the criminally inclined for them to go away anytime soon, in recent years hitting nearly $3 billion in the United States. Such social engineering scams, also known as CEO fraud, are designed to trick recipients into sending money directly to attackers. Often, they do this by attempting to exploit a company’s accounts payable process, perhaps using a psychological lever or two as they unfurl. In many cases, attackers pretend to be the CEO – or sometimes the CFO or another c-level executive – and send an email saying they need a wire transfer to be made immediately.

Attackers may do everything from sending fraudulent invoices or links to malicious websites, to taking control of executives’ accounts to make their scam emails appear to be legitimate. Such attacks appear to be intensifying. IC3 says that globally, from December 2016 to this past May, reports of BEC attacks have increased by 136 percent. IC3 adds that it’s received fraud reports from all 50 states and that BEC fraud has also been reported in 150 other countries. In the majority of cases, the FBI says stolen funds get routed to bank accounts in China and Hong Kong, (via Data Breach Today).

Terror finance

Terror groups targeting women more aggressively as caliphate crumbles, battleground losses mount

Al-Qa’ida supporters are producing and disseminating propaganda targeting women amid losses to al-Qa’ida in the Arabian Peninsula (AQAP) leadership. Ongoing US- and coalition-directed drone strikes in 2017-2018 have considerably diminished propaganda efforts, leading to an overall decline in distribution by approximately 50 percent. While AQAP continues to sporadically release statements, its main English-language publication, Inspire Magazine, has not been published in over a year. However, there is a push to appeal to Arabic-speaking women in order to stay relevant, (via Homeland Security). 

Individual liability

U.K. authorities arrest executive of foreign bank on graft charges

An executive at the London unit of a foreign bank has reportedly been arrested on suspicion of bribery, following a seven-month investigation which uncovered corruption. The banker’s case has now been referred to the prosecution services, said the National Crime Agency’s (NCA) Nigel Kirby, quoted in Bloomberg. The bank’s customer relationships manager was also arrested. Kirby did not name the officials or the bank, (via KYC 360).


Beleaguered French banking giant SocGen expects to pay nearly $1.3 billion to settle U.S. sanctions penalties

French banking behemoth Société Générale stated Tuesday is expecting to pay a 1.1-billion-euro penalty, or $1.27 billion, to a host of federal and state investigative and regulatory authorities for breaching U.S. sanctions, with a finalized negotiated settlement “within the coming weeks,” according to a company announcement, adding that the mammoth penalty would be mostly covered by previously set-aside provisions for legal expenses. The bank’s overall set asides for legal expenses are currently pegged at 1.43 billion euros, according to the update. The figure is the first time the banks has put a number on the looming U.S. sanctions fines, though it has been in recent years raising its full set aside figures for penalties and settlements.

The incoming penalty is yet another black mark on the bank’s financial crime compliance programs after earlier this year being part of a historic global graft and rate-rigging settlement. In June, SocGen stated it would pay $1.3 billion in a global settlement related to corruption and currency manipulation charges in the United States and France, according to authorities. The allegations related to bribing Gaddafi-era Libyan officials and illicitly influencing the Libor interest rate benchmark, a further showing at the time that global regulators are more aggressively teaming up to tackle major corruption investigations to better see all the pieces of the puzzle. Both countries are called the settlement the first ever such resolution coordinated and negotiated by both countries simultaneously. To read ACFCS coverage of the penalty, click here.  To read the prior SocGen action, click here, (via SocGen).

ING, Netherland’s largest bank, to pay nearly $1 billion to Dutch authorities in historic AML settlement

The Netherland’s largest financial institution will pay Dutch authorities 775 million euros, or $900 million, in a historic settlement for broad failures in its financial crime compliance controls that allowed illicit groups to launder an estimated hundreds of millions of dollars for years, according to bank statements and government documents. ING Groep admitted to “shortcomings” in its anti-money laundering (AML) programs that allowed criminals to launder money “for years,” with prosecutors saying the bank had violated laws created to stop terror groups and illicit financiers “structurally” be failing to adequately investigate aberrant transactions highlighted by transaction monitoring systems and by giving short-shrift to source of funds and beneficial ownership obligations. The penalty is not the bank’s first rodeo with authorities for AML and sanctions foibles.

In 2012, ING paid $619 million to U.S. authorities for moving billions of dollars through the American financial system for blacklisted Iranian and Cuban clients. Dutch authorities have been intensively investigating the bank the last two years, noting the bank has been formally warned more than a decade ago, but has not yet improved compliance functions to their expectations. Dutch prosecutors cited a bevy of specific failures, including moving corruption-tinged assets for a telecommunications firm in a high-risk region. The bank countered that it has taken steps to bolster compliance domestically and internationally and had taken formal actions against nearly a dozen employees. To read the official release and related documents from the Public Prosecutions office, click here. To read the official release from ING, click here.

Virtual currencies

EU crypto regulations to focus on lack of transparency risks within Bitcoin markets

Economic and financial affairs ministers from the 28 member nations of the European Union will soon convene to analyze the perceived lack of transparency in crypto transactions and the potential use of virtual currencies to conduct illicit activities such as tax evasion, money laundering, and terrorism, human and drug trafficking. The meeting will be held this week, September 7th in Vienna, Austria. The EU has previously warned crypto investors of the potential risks of trading in such a volatile industry. Through the European Securities and Markets Authority (ESMA), the international body cautioned traders on ICOs, citing the insufficient understanding amongst investors and the challenges of unregulated financial institutions.

The ESMA also added that digital exchanges that are unregulated are not protected by the law since they are not recognized by the relevant authorizes. Therefore, if a client of such platforms loses their investment during attacks, they are not liable for a compensation by the EU. Although the EU has been vociferously campaigning against ICOs, the Bloomberg report, apparently drafted by the EU, claims that ICOs are an effective means of raising capital for startups. It further adds that ICOs could play a key role in the integration of capital markets into the EU. Earlier in July, the EU Fifth Anti-money Laundering law became effective, enabling financial oversight authorities to impose strict regulations on digital currencies. Precisely, the new law prohibits the use of cryptocurrencies anonymously, as this fosters illegal activities such as terrorism financing and money laundering, (via Bitcoin Exchange Guide).

Terror lawsuits

U.S. firms continue to face liability for terrorist attacks under the Antiterrorism Act

Last year, a group of U.S. military veterans and the relatives of troops killed in Iraq filed a lawsuit against several large international pharmaceuticals, accusing them of aiding and abetting terrorism by selling products to Iraq’s Ministry of Health which were used to finance operations by the notorious Mahdi Army Group.

In early 2018, a woman injured in the 2015 Paris attacks by the Islamic State of Iraq and the Levant sued Facebook, Twitter, and Google, alleging that the social media platforms assisted terrorists by allowing them to recruit members, distribute propaganda, and coordinate activities.  These are just two recent examples of U.S. companies facing potential exposure under the Antiterrorism Act (“ATA”), a decades-old statute designed to permit terrorist victims to seek compensation from their attackers, (via Cadwalader).

Card-Skimming malware campaign hits dozens of sites Daily

“Lock Down Magento” E-Commerce Software or “See Card Details” get routed to Moscow in expansive scheme. More than 7,000 e-commerce sites in the past six months have been infected with harmful JavaScript designed to harvest customers’ payment card details as they finalize their orders, (via Data Breach Today).