In this week’s Financial Crime Wave, some $13 billion in illicit Russian funds flows through Estonian banks, cyber fraudsters targeting Mexican FIs, Latvian watchdog penalizes bank for AML failures, and more.
More than $13 billion laundered in Estonia, mostly through non-resident accounts, many with ties to Russia
Lax anti-money laundering standards, corruption and institutions focused on profits have further tarnished Estonia’s reputation and raised the regions risk of financial crime, according to news reports and government statements. After reports of money laundering caused lenders in Estonia and Latvia to close, police said on Friday that more than $13 billion was laundered through banks in Estonia between 2012 and 2016. Much of the money was reportedly laundered through bank accounts belonging to non-residents, Reuters reported. “In 2012, more than €7.3 billion in securities from Russia were processed through the Estonian financial system. The proceeds were transferred to dozens of jurisdictions and thousands of companies for various goods and services,” Estonia’s Financial Intelligence Unit (FIU) wrote in its annual report.
Police in Estonia said more money laundering could take place this year with the closure of Russian banks. The news comes a few months after reports indicated that a whistleblower inside Denmark’s biggest bank warned the institution that its Estonian branch was being used by members of the Putin family as a front for money laundering. That warning came in 2013. A leaked report allegedly indicated that the leadership at Danske Bank knew “of far more serious conditions than previously stated.” It is also alleged that Danske Bank shut down 20 Russian customer accounts following that whistleblower report. The clients’ identities were kept secret at the time, (via Pymnts).
Cyber, fraud and AML failures at play as Mexico foils $110 Million bank heist, then keeps it a secret
A rash of cyberattacks against banks, with criminals, fraudsters and rogue regimes capturing billions of dollars through the financial system’s global messaging platform has key besieged jurisdictions, like Mexico, becoming an even greater target – and in at one least recent case hurting itself by cutting off communications after a high-profile breach. On a Tuesday morning in early January, the computer system at Mexico’s state-owned trade bank went haywire. Some of Bancomext’s workers couldn’t get their PCs to turn on. The internet was slow. Routine operations were taking longer than normal.
Inside the lender’s concrete-and-glass building on the southern outskirts of Mexico City, a mid-level technician was monitoring messages coming in on the Swift network, the air-traffic control system for sending money around the world. His job was to check fund transfers to make sure they matched the payment orders dispatched by Swift. That day, transaction volume was several times higher than normal. The worker scanned the messages from Swift until he discovered something: unusual activity at the Standard Chartered Plc account Bancomext used for international wires. Bancomext would later learn that hackers suspected to be from North Korea had tried to siphon off more than $110 million, forcing the lender to temporarily suspend operations in its international payment platform, (via Bloomberg).
Regulating digital currencies to fight crime: even with new laws in Australia, keeping criminals out of crypto will be a challenge
As Australia looks to strengthen rules to ensnare virtual currencies in AML duties, the country must do more to prevent criminals from using nigh anonymous digital value stores to move illicit funds internationally, destroying paper trails and hiding ties to the flesh-and-blood criminals and regimes at the heart of geopolitical instability. The country took an important step in countering the criminal use of digital and cryptocurrencies with new AML legislation that came into effect in April. But digital currencies will continue to facilitate crime and will remain a challenge to law enforcement. Regulating the industry is necessary because it removes an intelligence black spot that’s exploited by criminals.
Digital currencies—including cryptocurrencies such as Bitcoin, Ethereum, and Ripple—pose numerous security challenges for governments. They’re known to be used in a range of crimes, including ransomware, terrorism, and the purchase of drugs, weapons and child exploitation material, often through the dark net. They’re attractive to criminals due to the pseudo-anonymity created by cryptography and a peer-to-peer architecture provided by blockchain technology that negates the need for a central authority such as regulated bank settlement or government control. While all transactions and past ownership details are recorded in a publicly accessible ledger on the internet, computer code rather than individual names and addresses act as the owner’s digital signature in the blockchain, putting more pressure on investigators to get creative – and trained, (via ASPI).
In Australia, OECD CRS compliance deadlines coming quickly, with examiners expecting readiness this month
The OECD’s Common Reporting Standard (CRS) became effective in Australia on 1 July 2017. The first report for the six-month period ending on 31 December 2017 is due on 31 July 2018. Reporting entities should be gearing up to make sure their due diligence procedures are done, and their reportable accounts are identified to ensure they meet this deadline, (via Greenwoods).
Spies are us
Reporters find potential spy devices which track cellphones, intercept calls found all Over Washington, D.C., Md., Va., (via NBC Washington).
AML compliance, cyber risk elevated as banks adjust to new beneficial ownership obligations, hack attacks: OCC report
The risk of a bank failing afoul of anti-money laundering rules, or getting punctured by digital brigands, is “elevated” as banks must adapt to new requirements to capture and to a limited degree vet, the beneficial owners of certain corporate customers, as well as strengthen cyber resilience and recovery objectives in the face of more, and more creative, hack attacks.
Those are just some of the findings from the U.S. Treasury’s Office of the Comptroller of the Currency’s (OCC) latest Semiannual Risk Perspective, which has sprung covering Spring. The focus on financial crime compliance, including fraud and cyber risks, echo prior risk perspectives, which have continually shown a steady uptick in challenges to detect and prevent financial crime by real-life and virtual criminal groups. Some highlights include:
- Operational risk is elevated as banks adapt business models, transform technology and operating processes, and respond to evolving cyber threats.
- Compliance risk is elevated as banks manage money laundering risks and implement changes to policies and procedures to comply with amended Bank Secrecy Act and consumer protection requirements.
- AML compliance risk management systems often do not keep pace with evolving risks, resource constraints, changes in business models, and regulatory changes. The OCC continues to identify AML program deficiencies and has several outstanding enforcement actions directing banks to improve AML risk management.
The report covers risks facing national banks and federal savings associations based on data as of March 31, 2018. The report presents data in five main areas: the operating environment, bank performance, special topics in emerging risk, trends in key risks, and supervisory actions, (via the OCC).
Internal auditor reports “diluted, suppressed and ignored,” says Australian audit group
Internal auditors are having their reports “diluted or suppressed” or even seeing their careers derailed when they raise red flags within large corporations, a major issue for many large corporates, including financial institutions, in Australia, according to chief lobbying body. The allegations, by the head of the Institute of Internal Auditors, Peter Jones, comes in response to criticism that internal auditors had lost their authority within large corporations, were too timid to “speak truth to power” and too readily intimidated into watering down their own reports.
Jones was unable to provide specific details of his allegations but said the institute was aware of cases where internal auditors being ignored or punished for doing their job, which is to ensure that non-financial systems within a company operate as expected. He said the banking royal commission and the prudential regulator’s report into failings at the Commonwealth Bank of Australia had highlighted that internal auditors were doing their job but the information was not reaching senior management and the board, a dynamic that leads to weak systems allowing criminals free reign into the international financial system, (via the Financial Review).
South Korea crypto exchange banks nearly a dozen countries from trading in bit to curb money laundering
Bithumb, the South Korean cryptocurrency exchange, has announced that they will ban any account from 11 countries that they have determined to be havens for money laundering by a global financial crime compliance watchdog body. Starting last week, on May 28, 2018, citizens of the countries listed by the Paris-based Financial Action Task Force (FATF) in the Non-Cooperative Countries and Territories initiative will be prevented from making accounts and existing accounts will be removed from the exchange by June 21.
FATF published a report called “Guidance For A Risk-Based Approach: Virtual Currencies” in 2015, and in February the task force asserted that they were determined to improve their understanding of all the risks involved with cryptocurrencies. The 11 countries that have been listed in the Financial Action Task Force as Non-Cooperative Countries and Territories are North Korea, Bosnia and Herzegovina, Ethiopia, Syria, Iran, Iraq, Sri Lanka, Trinidad and Tobago, Tunisia, Vanuatu and Yemen, (via ZyCrypto).
Latvian banking watchdog penalizes Meridian Trade Bank for AML deficiencies, institution agrees to independent review, remediation
A Latvian banking watchdog has fined Meridian Trade Bank for a host of AML violations, including lax staffing and transaction monitoring. Latvia’s Financial and Capital Market Commission (FCMC) fined the bank €456,000 and required the bank to improve its internal control system related to financial crime and compliance risk management by next year. Meridian also agreed to conduct an independent assessment to ensure that it complies with all the necessary regulatory requirements.
The bank claimed that it has already invested more than €1.5m to upgrade its AML/CTF internal control system in 2016 and 2017, with plans to make additional €1m this year. In February, US alleged Latvian financial entity ABLV bank of money laundering leading to its closure. Following this incident, Latvia strengthened vigilance efforts over the banks engaged in serving non-residents. To date, around nine Latvian non-resident banks have been fined for breaching money laundering regulations, reported Reuters, (via Retail Banker International).
The United Kingdom is already preparing its AML and sanctions regime to comply with international obligations and partnerships post-Brexit with a new bill receiving royal asset to become an act of Parliament – a legislative update that also has the potential to become more onerous, in particular, for financial institutions with Britain able to update designated lists “as appropriate” to further geopolitical objectives, (via Hogan Lovells).
Israel tackles crypto sector
Israel has taken a step forward in cryptocurrency regulation with the country’s finance ministry publishing draft legislation concerning money laundering via cryptocurrency, choosing to capture the sector with new financial crime compliance obligations and offer protections from banks choosing to shun the sector writ large, (via Finance Magnates).
With Hong Kong growing as a financial center, it becomes a bigger target for criminals, hackers
As Hong Kong grows into an even larger financial hub, the region is becoming an even greater target for cyber hackers, money launderers and terror groups looking to evade compliance controls and virtual defenses, in some cases exploiting the human element via business email compromise attacks, (via Hubbis).