In this week’s Financial Crime Wave, one bank touts a shift in financial crime philosophy and focus, from compliance effort to effectiveness, authorities arrest Malaysia’s former prime minister related to multi-billion dollar 1MDB fraud, Google uses plug-in USBs to strengthen cyber defenses, and more.


A look at how one British bank is working to modernize fight against financial crime by focusing on effectiveness

United Kingdom-based Standard Chartered is strengthening its financial crime compliance function by focusing on the effectiveness of the program, rather than just following box-ticking set out by regulators, according to a new report, the third in a series by the bank. The missive states that while compliance with regulatory rulebooks is important, it can’t “be equated with fighting financial crime. Regulations are imposed largely as a reaction to past events, whereas fighting financial crime needs to learn from the past but look to the present and to the future in order to be effective.” The move follows groups like the Paris-based Financial Action Task Force (FATF), which several years started focusing on effectiveness, rather than technical compliance. In the United States, Congress, law enforcement and large banking groups have also started to tackle how to better support bank innovation to truly stop financial crime.

The bank is moving to modernize AML practices by putting “effectiveness” at the heart of what’s important and moving beyond pure “regulatory compliance,” according to the institution, which has also been the subject of hefty federal and state penalties due to AML and sanctions violations in recent years. But the bank is trying to bolster compliance operations by “moving beyond the current examination approach dictated by policy makers and carried out by regulators, to a more comprehensive assessment of ‘effectiveness’ based on ‘objective criteria’ that is focused on desired outcomes, set by a combination of policy makers, regulators and law enforcement,” (via SC).

With more banks growing, compliance controls must move in step with them

As banks grow, and more hit the hefty $10 billion assets threshold, they must also spend more to craft stronger financial crime compliance controls and cyber defenses, as they must mitigate new risks taken on and be cognizant they will be more tempting targets for hackers hoping to exploit any lapses in training, implementation or counter-crime program execution, (via the Independent Banker).


Authorities charge former Malaysian leader with money laundering tied to massive 1MDB fraud

Authorities charged Malaysia’s former prime minister Najib Razak Wednesday with three counts of money laundering tied to the looting of billions of dollars from a government sovereign wealth fund, a fraud many have called the world’s largest. Police in Malaysia said Najib stole about $10 million from a unit of 1MDB called SRC International. He allegedly made three electronic transfers into his own bank accounts. He set up 1MDB, short for 1Malaysia Development Berhad, in 2009. He headed the fund while he served as prime minister from 2009 until his ruling coalition lost power in elections in May.

The coalition had ruled Malaysia for six decades, largely controlled by Najib’s family. His father and uncle previously served as prime ministers. In 2015, the Wall Street Journal reported that Najib deposited about $700 million from 1MDB into his personal accounts. Najib has said allegations about 1MDB are part of a political vendetta against him. A government panel he appointed cleared him of wrongdoing. The new prime minister, Mahathir Mohamad, 92, led Malaysia from 1981 to 2003. After he switched to the opposition, he promised to investigate the looting of 1MDB and Najib’s alleged role, (via the FCPA Blog).

In wake of massive fraud, former PM will make prosecutors work

The former Malaysian Prime Minister has pleaded not guilty to new money laundering charges related to the alleged multibillion-dollar looting of the 1MDB state investment fund, (via AP).


In bid to ward off phishing, other email attacks, Google launches USB-based security keys

At Google Cloud Next ’18 convention in San Francisco, the company has introduced Titan Security Keys—a tiny USB device, similar to Yubico’s YubiKey, that offers hardware-based two-factor authentication for your online accounts with the highest level of protection against phishing attacks. These hardware-based security keys are thought to be more efficient at preventing phishing, man-in-the-middle (MITM) and other types of account-takeover attacks than 2FA via SMS, as even if your credentials are compromised, account login is impossible without that physical key. Recently, Google revealed that its 85,000 employees have been using physical security keys internally for months and since then none of them have fallen victim to phishing attacks.

Compared with the traditional authentication protocols (SMS messages), Universal 2nd Factor Authentication (U2F) is extremely difficult to compromise that aims to simplify, fasten and secure two-factor authentication process. A physical security key adds an extra layer of authentication to an account on top of your password, and users can quickly log into their accounts securely just by inserting the USB security key and pressing a button. Titan Security Keys is based on the FIDO (Fast IDentity Online) Alliance, U2F (universal 2nd factor) protocol and includes a secure element and a firmware developed by Google that verifies the integrity of security keys at the hardware level, (via the Hacker News).

New cyber taskforce surveys threat landscape

Attorney General Jeff Sessions has released a new report crafted by the office’s Cyber-Digital Task Force, providing a comprehensive assessment of the cyber-enabled threats confronting the Nation, and catalogs the ways in which the Department of Justice combats those threats, (via DOJ).

DOJ gets tough on cybercrime with capture of Fin7 group members

The U.S. Department of Justice has captured three members of the notorious international cybercrime group “Fin7” for their roles in attacking more than 100 U.S. companies in nearly 50 U.S. States – a ploy buoyed by the use of a front company “Combi Security” to recruit hackers to their illicit operations, (via DOJ).


German FIU causing country-wide consternation due to AML failures

Germany’s struggling national AML unit is sending panic through the country as authorities have uncovered the failures may have allowed Qatari and Kuwaiti extremists to funnel money to Syrian terrorists, (via the National).


After 90-day reprieve, FinCEN extends limited relief additional 30 days for renewable, rollover products related to new beneficial ownership rule

The U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) Wednesday extended by 30 days a prior, rare ruling granting exceptive relief for 90 days related to an ambiguous, potentially burdensome piece of new beneficial ownership obligations for legal entity customers that took effect Friday. The original final rule, released in May of 2016, requires financial institutions to capture beneficial ownership details on certain legal entity customers down to the 25 percent level, or more on a “risk-based basis,” and list a top-level person who exercises managerial control. Institutions can chiefly rely on what companies provide about their flesh-and-blood owners on a self-certification form.

The crux of the ruling has to do with bank products that renew annually and, under the new rule, would require a bank to reach out and get verbal, written or email confirmation that beneficial ownership details haven’t changed. The interpretive ruling targets “certain financial products and services that automatically rollover or renew (i.e., certificate of deposit (CD) or loan accounts) and were established before the Beneficial Ownership Rule’s Applicability Date, May 11, 2018.” The exception began retroactively on May 11, 2018 and was set to expire tomorrow, (via FinCEN). To read ACFCS coverage of the original 90-day exception, click here.


FATF details the nuanced, convoluted financial trails tied to human trafficking, giving banks, investigators more chances to intercede

The Paris-based Financial Action Task Force (FATF), which sets global counter-crime standards, recently released a report delving into revelatory detail related to the transactional red flags that appear for various financial institutions that could be indicators of human trafficking. In recent years, the number of victims of human trafficking and migrant smuggling has continued to grow significantly. In addition to the terrible human cost, the estimated proceeds that human trafficking generates have increased from $32 billion to more than $150 billion since a prior FATF report on this subject in 2011.  Innovative initiatives at the national or regional level have demonstrated how anti-money laundering and counter-terrorist financing measures, and those that implement them, can contribute to stopping this crime.

The report includes a bevy of red flag indicators culled from actual case studies to give banks, money remitters and investigators a better sense of the transactional tells of the crime, which are broken into several parts, including human trafficking, sex trafficking, forced labor, and indicators common across the various predicate crimes. Some red flag indicators include:

  • Account appears to function as a funnel account
  • Cash-intensive business with unclear source of cash or capital
  • Cross-border funds transfers to the same individual, FI or overseas location, but inconsistent with customers’ profile, stated business activity, (via FATF).


House resists S.E.C.’s insider trading inquiry as key legislator appears to have leaked early Medicare change that eventually led to insurance company stock jump

For all the talk about making Congress subject to the insider trading laws, the hard question was whether it would cooperate with the Securities and Exchange Commission in an investigation into questionable trading on information emanating from Capitol Hill. The answer appears to be “no.” The S.E.C. has sued a House committee and its staff director in Federal District Court in Manhattan to enforce subpoenas for documents and testimony about possible tipping of confidential government information.

The investigation concerns trading in insurance companies in April 2013 after a change in the Medicare reimbursement rates by the Centers for Medicare and Medicaid Services leaked out before its official announcement. The S.E.C. traced a potential source of the information to Brian Sutter, the staff director of the House Ways and Means Committee. According to the S.E.C.’s filing to enforce its subpoenas, Sutter spoke with a Greenberg Traurig lobbyist just a few minutes before the lobbyist emailed a brokerage firm that “very credible sources” had confirmed the Medicare change. The brokerage firm then issued an alert to clients about the reimbursement policy that resulted in a jump in the share price of insurance companies that would benefit, (via the NY Times).

Virtual currencies

Go west young man (virtually)

Virtual Currencies, the Wild West of Finance? A new whitepaper by Accuity, (via Accuity).

Tax evasion

DOJ keeps Swiss tax fight alive with new penalties

The U.S. Department of Justice stated last month it has reached a settlement with NPB Neue Privat Bank (NPB) for tax offenses, where the institution will pay a penalty of $5 million and enter into a non-prosecution agreement for aggressively scooping up U.S. clients fleeing other Swiss banks under siege by American authorities, (via DOJ).

DOJ gets more data, funds from Swiss banks tied to tax evasion probes

The Department of Justice announced recently it has signed an Addendum to a non-prosecution agreement with Bank Lombard Odier & Co., Ltd., of Zurich Switzerland, update with more penalties and additional data to go beyond the original non-prosecution agreement that was signed on December 31, 2015. The Department executed non-prosecution agreements with 80 banks between March 2015 and January 2016.

The Department imposed a total of more than $1.36 billion in Swiss Bank Program penalties, including more than $99 million in penalties from Lombard Odier.  Pursuant to today’s agreement, an addendum to Lombard Odier’s non-prosecution agreement, Lombard Odier will pay to the Department an additional sum of $5,300,000, and will provide to the Department supplemental information regarding its U.S.-related account population, which now includes 88 additional accounts, (via DOJ).


HSBC under scrutiny for AML again

The United Kingdom’s banking regulator has launched a probe into HSBC’s anti-money laundering systems and its compliance with British rules, the bank said in its interim results, (via KYC360).

Deutsche Bank still challenged to improve AML program after hefty penalty

Deutsche Bank has uncovered shortcomings in its ability to fully identify clients and the source of their wealth, key bedrock tenets of federal anti-money laundering requirements, internal documents seen by Reuters show, more than a year after it was fined nearly $700 million for failures in properly identifying and interdicting illicit financial flows through the institution, (via Reuters).

Danske Bank still in hot seat related to AML failures, says will comply with authorities

Denmark’s largest lender Danske Bank on Tuesday said it was complying with Danish prosecutors’ investigation into long-standing allegations that it was involved in laundering $8.3 billion through its Estonian branch, (via AFP).


Strengthening the global fight against financial crime: Reforming the SARs regime to focus on richer data gathering, timelier information sharing, embracing tech, AI

Criminals are using an increasingly complex financial modus operandi to take advantage of today’s mostly fragmented approach to detecting their criminal activity, currently done broadly by anti-money laundering (AML) programs in place at banks and other financial institutions. These illicit entities, among other means, are cycling through financial institutions so that no one bank has the full picture, moving their money and accounts more quickly than bank reporting and law enforcement can keep up with, putting intense pressure on national financial intelligence units to see what individual institutions can’t.

But while other areas of crime fighting have evolved considerably since the Suspicious Activity Reporting (SAR) regime was designed in 1989, the United Kingdom has not materially adapted its approach to leveraging the information held by the financial sector since then. Case in point: At last count, more than 400,000 SARs are filed in the UK annually, and leading voices within law enforcement are increasingly saying that huge swathes of this information is not valuable and their resources are unable to keep pace with these growing numbers. This represents a significant amount of energy and effort that might be better directed towards higher value activity. Some solutions include:

  • Rapid response: First, the default position should be to embrace the goal of rapid, two-way information exchange.
  • Consider convergence: Work to shape a new paradigm, where AML work can be intelligence-led and create a more holistic view of potential criminal activity.
  • Tactical tech: Second, see technology as a central enabler of a reformed system, allowing us to better access, analyze and share anonymously the data we have, and to do so securely and pursuant to existing authorizations.
  • Regulatory retort: Third, realization no meaningful reform is possible without the involvement of the regulator in the discussion, (via RUSI).

Expense fraud

Key tactics on limiting the hazard of travel and expense fraud, a perennial, pervasive and overlooked scheme that can hurt a company’s bottom line

Travel and expense frauds remain one of the oldest, overlooked and most pervasive types of white-collar crime. Unclear guidelines or low awareness of this fraud can impact corporates adversely, and result in billions of dollars of revenue loss each year. Typically, most companies design their travel expense reimbursement policies to meet standard audit and tax law requirements, instead of encouraging expense control or fraud deterrence.

This can lead to either gaps or an extremely weak travel and expense control mechanism. The two most commonly seen expense fraud schemes tend to be either

  1. Employees claiming reimbursement for fictitious expenses or
  2. Inflating actual business expenses

However, companies can implement improved internal control mechanisms and mitigate such frauds. For instance, they can maintain a travel and entertainment expense policy and institute meaningful expense report approvals. Monitoring costs through continuous monitoring tools can help to detect misconduct and policy violations at an early stage, (via EY).


OFAC targets North Korea, Russia in latest round of WMD designations

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) last week announced new sanctions related to North Korea, continuing the enforcement of existing UN and U.S. sanctions, by targeting a Russian bank for knowingly facilitating a significant transaction on behalf of an individual designated for weapons of mass destruction-related activities in connection with North Korea.  OFAC also targeted one individual and two entities for facilitating North Korean illicit financial activity, (via the U.S. Treasury).

U.S. preparing to restore sanctions on Iran, deepening European divide, adding fresh complexity to compliance

The United States said Monday it was imposing again economic sanctions against Iran that were lifted under a 2015 nuclear accord, ratcheting up pressure on Tehran but also worsening relations with European allies that decried the move as they stated the recalcitrant Islamic theocracy was complying with the deal. The sanctions are a consequence of President Trump’s decision in May to withdraw from an international deal that sought to limit Iran’s nuclear program in exchange for easing pressure on the country’s shaky economy.

The Trump administration is betting that backing out of it will force Iran to shut down its nuclear enrichment efforts, curb its weapons program and end its support of brutal governments or uprisings in the Middle East. In a statement, Mr. Trump said the Iranian government “faces a choice: Either change its threatening, destabilizing behavior and reintegrate with the global economy, or continue down a path of economic isolation.” The moves have also made it more challenging for bank AML programs that now must ensure they have no ties to sectors in Iran, aviation, automotive, finance and others, that were given the all clear, and are now untouchable again, (via the NY Times).


New crypto hub?

Malta Provides Legal Certainty For Cryptocurrency: Here’s what it means for the rest of the world, (via Joe Ciccolo, of BitAML).


How much does it cost to forget?

A look at what AML investigators need to know about the European Union “Right to be forgotten,” including potentially losing relevant details on the true risk of an individual, company or entity, (via TransparINT).


Native American casinos under compliance, money laundering spotlight

A year-long multi-agency investigation into three North Carolina casinos has led to charges against dozens of members of the Tuscarora Nation, including illegal gambling, manufacturing controlled substances and money laundering, (via WYFF News 4).


Seven Key Guidelines for Effective Risk Documentation: Selecting the proper metrics, emphasizing data integrity and prioritizing training are among the directives financial institutions must follow to be successful, (via GARP).

Social media

Facebook has asked large U.S. banks to share detailed financial information about customers as it seeks to boost user engagement

Facebook Inc. wants your financial data. The social-media giant has asked large U.S. banks to share detailed financial information about their customers, including card transactions and checking-account balances, as part of an effort to offer new services to users. In response, the social media giant will share information that could also yield a much more precise picture on the anti-money laundering (AML) risk of a client. Facebook increasingly wants to be a platform where people buy and sell goods and services, besides connecting with friends. The company over the past year asked JPMorgan Chase & Co., Wells Fargo & Co., Citigroup Inc. and U.S. Bancorp to discuss potential offerings it could host for bank customers on Facebook Messenger, said people familiar with the matter.

Facebook has talked about a feature that would show its users their checking-account balances, the people said. It has also pitched fraud alerts, some of the people said. Data privacy is a sticking point in the banks’ conversations with Facebook, according to people familiar with the matter. The talks are taking place as Facebook faces several investigations over its ties to political analytics firm Cambridge Analytica, which accessed data on as many 87 million Facebook users without their consent, (via the WSJ).


Dubai to Hong Kong, follow the money – laundering that is: a look at how the explosive growth in the financial sector has also attracted illicit earnings

To the believers, the glittering towers and man-made islands that characterize the Dubai real estate market are proof of an economic miracle, while to others they are further proof of the presence of illicit finance.  A reminder of how a small fishing port on the edge of the desert took just decades to transform itself into a global investment hub. Yet for all the admirers, there are many doubters. Those who see its shimmering skyline as a facade, its reputation for secrecy an invitation for money laundering and who question whether an emirate once synonymous with gold smuggling has ever truly shaken its appeal to those with something to hide. Those doubts gained traction with the recent publication of a report by the Washington-based Centre for Advanced Defence Studies, which found that the emirate’s real estate sector had been used by terror financiers, drug lords and war profiteers to launder money.

It said individuals subject to sanctions by the United States and in some cases the European Union owned 44 properties – worth about US$28 million – in the emirate, while their expanded networks held an additional 37 properties, worth almost US$80 million. The report, titled Sandcastles, did not merely confirm the long-held suspicions of many regarding Dubai. It cast its net farther, outlining links between sanctioned individuals and jurisdictions including Hong Kong, Syria, Romania, Mexico and the US. Not only that, but Hong Kong’s real estate sector was identified as being among a group (including Dubai, New York, Los Angeles and London) that saw “large amounts of illicit money flowing through their systems, constituting a global security threat.” Those findings how direct import on how banks mitigate AML risk overall for the country and gauge potential tainted ties through corporates and correspondent portals, (via the SCMP).


DOJ targets Barbados in latest graft sting

DOJ charges former member of Barbados Parliament and Minister of Industry with money laundering related to bribes from a Barbadian insurance firm, in yet another reminder for banks about the increase financial crime risks related to politically-exposed persons, (via DOJ).

State regulators

NY saber ratting with federal government over fintech supremacy

New York’s BitLicense Chief is publicly clashing with U.S. Treasury over its recent formal support of federal fintech banking charters, leaving the nascent sector, and any banks working with them, wondering which master to serve, (via CNN).