New White House Executive Order requiring regulators to waive, adjust regulations hampering recovery could come with AML, fincrime tethers

The Skinny:

  • New White House executive order requiring regulators to trim or adjust regulations that can hamper an economic recovery could clash with financial crime compliance duties. 
  • The order could pressure federal regulators to publicly, or behind the scenes, nudge banks to pull back on AML requirements now – only to have examiners chastise financial institutions later if broad or “egregious” failures come to light. 
  • What’s worse, is if federal regulators choose to ease up on AML oversight or enforcement, and banks similarly focus more on supporting COVID-19 stimulus goals to support an economic rebound, that lack of compliance focus could give criminal groups easy entre into the international financial system. 

By Brian Monroe
May 19, 2020

A new White House executive order requiring regulators to temporarily or permanently adjust or waive regulations viewed as a stumbling block to economic growth in the face of the COVID-19 pandemic could complicate financial crime compliance initiatives and open the door for criminals to legitimize illicit finance.

President Donald Trump Tuesday called on the “heads of all agencies to “identify regulatory standards that may inhibit economic recovery and shall consider taking appropriate action, consistent with applicable law, including by issuing proposed rules as necessary, to temporarily or permanently rescind, modify, waive, or exempt persons or entities from those requirements.”

The “Executive Order on Regulatory Relief to Support Economic Recovery” also pushes regulators to “consider exercising appropriate temporary enforcement discretion or appropriate temporary extensions of time as provided for in enforceable agreements” with respect to those requirements – which could include anti-money laundering (AML) rules. To read the full order, click here.

At issue is that if regulators get soft on AML oversight, or enforcement, and banks themselves allow gaps in fincrime compliance programs to fester, its gives easier entre for criminals looking to cleanse ill-gotten gains generated from frauds, corruption, cyber hacks and other crimes, said Jim Richards, the former head of AML for Wells Fargo.

The executive order tacitly ordering regulators to ease up on enforcement is “where an agency can effectively dismantle those pesky [customer identification program, customer due diligence and enhanced due diligence (CIP, CDD, EDD)] regulations.”

How? “To consider exercising appropriate temporary enforcement discretion or appropriate temporary extensions of time as provided for in enforceable agreements with respect to those requirements…,’” Richards said, quoting a line directly taken from the order.

In short, a regulator doesn’t even have to formally or publicly adjust or update a regulation to blunt its power, Richards said.

“So why rescind or waive a regulatory requirement when you can simply stop enforcing it?” he said, noting that such a mindset will only embolden criminal groups already made more creative and aggressive due to the pandemic.  

“I thought I was woken by an earthquake last night: but it was the hand-clapping and foot-stomping of every fraudster and money launderer on the planet, celebrating this Executive Order.”

In AML vs. economy, compliance taking back seat

The executive order is the latest move by Congress, the President and policymakers to restart the economy, which has constricted in the face of COVID-19-related lockdowns, shutdowns and record unemployment.

This is also not the first time economic stimulus packages have clashed with AML program goals.

In recent months, banks bemoaned Bank Secrecy Act (BSA) beneficial ownership requirements frustrating the doling out of Small Business Administration (SBA) emergency loans under the multi-trillion dollar CARES Act.

The result: the U.S. Treasury and Financial Crimes Enforcement Network (FinCEN), the country’s administrator of AML rules, was forced to publicly provide guidance stating already-captured BSA beneficial ownership details could count for similar, but not exact, SBA requirements.

The verdict: In BSA vs. SBA, economic aims won out.

Regulators: Listen to me now and I will get mad at you for doing it later

This latest order also highlights the duality of federal regulators.

These agencies may be forced to pull back on exam scrutiny and enforcement now, to appease the administration or Congress, but this is a group that can just as easily ramp up enforcement later in the face of fraud, corruption or money laundering concerns – leaving banks to pay the piper for actual or perceived AML failings.

In short: if regulators nudge AML teams to pull back on compliance now, these same examiners can come back months, or even years, later, and get mad at institutions for doing what they said – particularly if the institution is mired in allegations and investigations of stimulus-fund frauds.   

What’s more, any lapse in regulatory enforcement, and related gap in filings to law enforcement, could also result in more criminals engaging in larger scams and frauds for longer – opening the door for more AML program examiner criticism when the economy rebounds and even lawsuits by individuals and investors.

Banks must balance propping up economy, not breaching national security

Financial institutions also must realize that any failure in their AML programs – even if seen as acquiescing to the executive order – could also be viewed as a breach of national security, as money launderers, rogue regimes and terror groups are constantly probing the globe for banks with weak countercrime compliance defenses.

That is also one of the few bright line boundaries the executive order states regulators and institutions should keep sacrosanct: national security.

Government agencies should trim regulations “for the purpose of promoting job creation and economic growth, insofar as doing so is consistent with the law and with the policy considerations,” according to the order.

The potential easing of these rules does, however, come with the balancing factor that these changes must also be “consistent with applicable law and with protection of the public health and safety, with national and homeland security, and with budgetary priorities and operational feasibility.”

While not specifically mentioning AML, or other financial crime compliance programs in particular, the executive order does have a section related to “Compliance assistance for regulated entities,” which touches on government and regulatory agencies, by requesting them to “consider” updating the parameters around enforcement discretion and making such analyses and decisions public.

“The heads of all agencies shall consider whether to formulate, and make public, policies of enforcement discretion that…decline enforcement against persons and entities that have attempted in reasonable good faith to comply with applicable statutory and regulatory standards, including those persons and entities acting in conformity with a pre-enforcement ruling.”

Enforcement burden shifts more heavily to agencies

The executive order also appears to shift the enforcement pendulum more in the favor of institutions – particularly if they lapsed on AML in an attempt to better support the business interests of COVID-19-affected and afflicted customers.

The order, under its “Fairness in Administrative Enforcement and Adjudication,” section states: “The heads of all agencies shall consider the principles of fairness in administrative enforcement and adjudication listed below, and revise their procedures and practices in light of them, consistent with applicable law and as they deem appropriate in the context of particular statutory and regulatory programs,” including:

  • (a)  The Government should bear the burden of proving an alleged violation of law; the subject of enforcement should not bear the burden of proving compliance.
  • (b)  Administrative enforcement should be prompt and fair.
  • (c)  Administrative adjudicators should be independent of enforcement staff.
  • (d)  Consistent with any executive branch confidentiality interests, the Government should provide favorable relevant evidence in possession of the agency to the subject of an administrative enforcement action.
  • (e)  All rules of evidence and procedure should be public, clear, and effective.
  • (f)  Penalties should be proportionate, transparent, and imposed in adherence to consistent standards and only as authorized by law.
  • (g)  Administrative enforcement should be free of improper Government coercion.
  • (h)  Liability should be imposed only for violations of statutes or duly issued regulations, after notice and an opportunity to respond.
  • (i)  Administrative enforcement should be free of unfair surprise.
  • (j)  Agencies must be accountable for their administrative enforcement decisions.

AML duties and economic stimulus goals: a delicate balance

AML compliance accountability must also be paired with economic flexibility in the face of the order.

But when it comes to AML compliance, a financial institution can only yield so far to support the economy and seemingly comply with the executive order, said Eric Young, the former Chief Compliance Officer for BNP Paribas Americas.

As well, if a bank is looking to uphold the status quo of fincrime compliance programs, sections 1, 5(a) and 9 of the executive order “should preserve a level of KYC, AML, and Sanctions controls needed” to satisfy current regulatory expectations and create rich, relevant and timely intelligence to law enforcement.  

Sections 1, 5(a) and 9 invoke language that the [executive order (EO)] remain “consistent with the law” including “health and safety,” “national security,” and “homeland security,” Young said.

The USA PATRIOT Act, and other [Office of Foreign Assets Control (OFAC)]-driven applicable laws are “meant to protect our national security and homeland security,” and not interfere with Section 9’s reference to our “military affairs,” he said.

“Having said this, those sections and the EO still enable a level of streamlining of processes and leaves the burden of enforcement on the Government,” Young said. “It’s a balance to speed the recovery while not compromising national and homeland security nor interfere with military affairs.”

In pandemic fraud, cyber fusillades, more criminals choosing crypto to buy virtual weapons, get paid after successful attacks: FinCEN

The Skinny:

  • FinCEN is putting the virtual value sector on notice that criminals are increasingly using crypto coins and related exchanges to purchase malware packages and reap the profits of COVID-19 pandemic-related phishing, ransomware and other cyberattacks.
  • These illicit actors are also attempting to hide connections to scams and schemes by engaging “anonymity-enhanced cryptocurrencies,” also called privacy coins, and going through crypto exchanges with weak or non-existent AML programs.
  • The country’s financial intelligence unit and administer of counter-crime compliance defenses also stated it is “concerned” about foreign MSBs that are unregistered and don’t have stout AML programs doing business in the U.S. or with U.S. persons – evading regulatory and investigative scrutiny.  

By Brian Monroe
May 15, 2020

The U.S. Treasury is putting the virtual value sector on notice that as the COVID-19 pandemic fuels new waves of fraud and hacks, criminals are increasingly using crypto coins and related exchanges to purchase malware packages and reap the profits of phishing, ransomware and other cyberattacks.

These illicit actors are also attempting to make it harder for investigators to uncover and cripple their coronavirus-themed scams and schemes by engaging “anonymity-enhanced cryptocurrencies,” also called privacy coins, and going through “tumblers,” tactics that take advantage of crypto exchanges with weak anti-money laundering (AML) programs.

Those are just some of the criminal trends, compliance vulnerabilities and regulatory focal points highlighted by Ken Blanco, director of the Financial Crimes Enforcement Network (FinCEN), in a virtual Consensus Blockchain Conference this week.

“FinCEN has observed that cybercriminals predominantly launder their proceeds and purchase the tools to conduct their malicious activities via virtual currency,” Blanco said 

“Your institutions have the opportunity, and obligation, to help identify these illicit criminal networks in your suspicious activity reporting to FinCEN, so that FinCEN can aggregate and analyze this information to identify red flags, permitting industry to spot risks.”

To read Blanco’s full statement, click here.

The missive puts more pressure on crypto exchanges – and other operations that create, sell or move virtual funds – to ensure they are not inadvertently acting as a gateway for organized criminals and hacking collectives to monetize their more aggressive digital fusillades during the pandemic.

The crypto exchange sector is still wrestling with more formalized compliance duties coming domestically and internationally, most recently in June when the Paris-based Financial Action Task Force (FATF) updated a key recommendation to include the “Travel Rule,” a requirement that critical customer details “travel” with the transaction through the various interlinked parties, with a deadline date of June 2020.

But while the rule has been a longtime staple for bank transactions, it has become a crypto industry flashpoint, with a bevy of crypto companies, associations and thought leaders offering potential solutions in dense and didactic essays, whitepapers and analyses.  

Financial crime in a time of coronavirus

Beyond just crypto exchanges and their compliance challenges, Blanco’s comments also tacitly increase the scrutiny that brick-and-mortar banks – the nexus between the realm of crypto coin and fiat value – must engage in related to their crypto exchange customers.

In essence, similar to other historical relationships with operations like money services businesses (MSBs), banks must act as a de facto regulator to their crypto clients, lest their own federal regulators uncover these relationships first and judge that institutions didn’t have enough compliance oversight.

Here are some of the financial crime trends tied to the pandemic:

  • COVID-19 as Lure: FinCEN and U.S. law enforcement have seen reports of cybercriminals leveraging COVID-19 themes as lures, often targeting vulnerable individuals and companies that seek healthcare information and products or are contributing to relief efforts. 
  • Healthcare vulnerabilities: This type of cybercrime in the COVID-19 environment is especially despicable, because these criminals leverage altered business operations, decreased mobility, and increased anxiety to prey on those seeking critical healthcare information and supplies, including the elderly and infirm.
  • Adapting to Opportunities: Because of increased remote work by many companies and government institutions worldwide, many distinct threat vectors, risk considerations, and mitigation strategies are being used by criminals and bad actors.  
  • Remote exploits: FinCEN is aware that cybercriminals are targeting vulnerabilities in remote applications—including virtual private networks and remote desktop protocol exploits—to steal sensitive information and compromise transactions. 
  • One fish, two fish, three Phish: Whether with COVID-19 lures or not, cybercriminals and malicious state actors are using wide-scale phishing campaigns, malware, extortion, business email compromise, and other exploits against remote platforms to steal credentials, conduct fraud, and spread disinformation.
  • Scams and spam: Many prevalent scams involving virtual currency payments exploit COVID-19, from extortion, ransomware, and the sale of fraudulent medical products, to initial coin offering investment scams, which will likely continue to grow during the pandemic.
  • Undermining Due Diligence: Criminals are also working to undermine “know your customer” processes in the remote environment. Virtual currency businesses should remain vigilant against attacks targeting their onboarding and authentication processes, for example “deepfakes” manipulating digital images and account takeovers facilitated by credential stuffing attacks. 
  • Digital assurance: Financial institutions should consider the risks of the current environment in their business processes, and the appropriate level of assurance needed for digital identity solutions to mitigate criminal exploitation of your products and platforms. 
  • Better virtual vigilance: Even financial institutions that typically manage their lines of business remotely, such as some virtual currency exchangers, may find themselves more exposed given the changing threat environment.

Anonymity-enhanced coins mirror anonymous beneficial ownership structures

Virtual exchanges may also face more risks of being infiltrated by illicit entities if they can’t accurately drill down to see what individuals or companies are tied to which transactions – a key hurdle in some crypto transaction chains.

There remain “significant issues that concern us in the virtual currency space,” Blanco said, including:

  • Privacy vs. anonymity: Risks associated with anonymity-enhanced cryptocurrencies, or AECs, remain unmitigated across many virtual currency financial institutions. 
  • Risks vs. rewards: We expect each financial institution to have appropriate controls in place based on the products or services it offers, consistent with the obligation to maintain a risk-based AML program. 
  • Coin purse: This means we are taking a close look at the AML/CFT controls you put on the types of virtual currency you offer—whether it be Monero, Zcash, Bitcoin, Grin, or something else—and you should too. 
  • Regulators, investigators are coming: To be sure, FinCEN and our delegated examiners at the IRS are focused on this.

There are even parallels between coins that offer privacy shields and one of the country’s – and really the world’s – most persisting financial crime vulnerable. anonymous shell companies with opaque beneficial ownership structures, according to Jim Richards, the former top AML officer for Wells Fargo, in an analysis of the statement.

“I agree with Director Blanco that anonymity-enhanced cryptocurrencies are a key risk,” he wrote. “Just as anonymity-enhanced legal entities are a key risk: lack of a federal standard that legal entities disclose their beneficial ownership, and provide that information to a publicly-available central registry, remains the biggest risk facing the American AML/CFT regime.“

Unregistered foreign MSBs flouting AML a ‘concern’ for FinCEN

FinCEN also touched on another vexing vulnerability for the country’s fincrime defenses: foreign MSBs doing business in the U.S. or with U.S. persons that don’t have stout AML programs.

The bureau is “increasingly concerned that businesses located outside the United States continue to try to do business with U.S. persons without complying with our rules,” including registering, maintaining a risk-based AML program, and reporting suspicious activity, among other requirements. 

“If you want access to the U.S. financial system and the U.S. market, you must abide by the rules,” Blanco said, adding that FinCEN wants banks to include “detailed information” about suspected unregistered foreign MSBs. “We are serious about enforcing our regulations, including against foreign businesses operating in the United States as unregistered MSBs.” 

FinCEN stated it is also trying to put more of the information in crypto-related SARs to good use.

Since 2013, FinCEN has received nearly 70,000 SARs involving virtual currency exploitation. 

Just over half of these reports originated from virtual currency industry filers.

Others came from traditional financial institutions that “also have a unique window into illicit financial flows involving virtual currency, such as banks that may see ransomware payments made by customers or MSBs that see funds transfers derived from account takeovers,” Blanco said, exhorting institutions to not skimp on the details as they can make or break ongoing cases.  

This reporting is “incredibly valuable to FinCEN and law enforcement, especially when you include technical indicators associated with the illicit activity, such as Internet Protocol (IP) addresses, malware hashes, malicious domains, and virtual currency addresses associated with ransomware or other illicit transactions.”

Special ATII Contributor Report: COVID-19 and Human Trafficking – Exacerbating Modern Slavery with a Global Health Pandemic

The Skinny: 

  • The relentless march of the COVID-19 pandemic has affected human trafficking and human smuggling groups in different ways – causing one arena to dry up and another to surge.
  • For some human trafficking operations, they have seen profits fall as communities, states and even full countries lock down and “shelter in place,” so that means fewer customers for sex workers, in seedy motels or massage parlors.
  • Conversely, some human smuggling operations have seen demand for their services skyrocket as foreign nationals in already impoverished regions reach their breaking point and risk everything to illegally enter the U.S. or EU.
  • Overall, however, the severe economic downturn resulting from so many industries grinding to a halt has put millions out of work, making them easy prey for fork-tongued traffickers looking to reap new victims.
  • However, even without the influence of formal trafficking groups, some desperate individuals may themselves decide that with no one hiring and unemployment a paltry substitute or unavailable, they will become sex workers as a last resort.
  • These criminal trafficking trends also can leave a bevy of digital footprints for financial crime compliance professionals to follow, potentially uncovering the fiscal underpinnings of larger organized criminal groups and even saving victims.

By Alexandra Helminski, intelligence expert, ATII, The Data Initiative and Lizz Morse, expert, ATII
May 12, 2020

With editing and minor content additions by ACFCS VP of Content, Brian Monroe

As COVID-19 has evolved into a global health crisis, it has plunged much of the world, and financial sector, into an economic downturn, as well as created new opportunities for criminals to infiltrate institutions and exploit those who have suffered from this pandemic.

As the Office of Trafficking in Persons stated, “As in times of disaster response, we recognize that disruptions to local services, housing and economic stability, and social disconnection can further increase risk for victimization and exploitation.”

The relentless march of the pandemic since its rise in Wuhan, China in December has been the very definition of disruption to society, jumping borders and targeting rich and poor countries alike.

The coronavirus is affecting 212 countries and territories around the world, with some 4.3 million active cases and more than 290,000 deaths, according to Worldometers.

COVID-19 has also affected financial crime fighters at all levels, including compliance officers, regulators, investigators and auditors – the four key pillars of the worldwide counter-crime citadel.

In tandem, with individuals and families losing jobs, losing income and potentially even losing their homes or apartments, you can even argue that COVID-19 has created certain problems specific to human trafficking – opening the door for criminals to create a new class of victims because all some people have left to generate value is their corporeal forms.

These disruptions have affected human trafficking, human slavery and prostitution across the spectrum of such crimes and even potentially put young people at risk of being taken advantage of by online predators because schooling across the country and at nearly all grade levels has gone digital.

That means large, international trafficking groups will have to adapt to keep filing their massive global coffers.

Human trafficking is one of the most profitable crimes in the world, generating an estimated $150 billion annually. There are estimated to be more than 40 million victims of human trafficking globally.

With so much of a population “sheltering in place” due to forced quarantines and state-wide – and even countrywide – lockdowns, that has hampered one area of trafficking but conversely caused a second facet of the crime, human smuggling, to surge.

For human traffickers, they have seen, in some cases, illicit funds from sex work dry up as customers stay home – choosing not to visit seedy motels or go to massage parlors with blacked out windows.

The response: some trafficking groups and individuals have started cam shows – paid for by crypto coins and credit and prepaid cards.

In an inversely proportional dynamic to human traffickers, human smugglers are seeing demand for their services skyrocket.


Because in some parts of the world that are already impoverished, the COVID-19 pandemic has made an already difficult life unbearable due to a lack of capacity, healthcare workers, equipment and support services – pushing fearful and anxious masses to leave places like Africa and the Americas to Europe and the United States.

But these transactional changes could also give clues to anti-money laundering (AML) compliance professionals to better understand when a human trafficking group, victims or others – when out of desperation have turned to prostitution – have started moving illicit funds through their institutions.

Desperation, eviction, evolution, devolution

Here are some tips to help better understand the more nuanced financial trails of human trafficking operations during the COVID-19 pandemic:

Prostitution: Desperate times call for desperate measures  

While likely rare, there could be some individuals unable to work, due to being laid off as entire sectors – including travel, tourism and entertainment – have evaporated who decide that the only option to keep a roof over their head or provide for their family is prostitution.

But how would this look through the lens of a bank transaction monitoring system?

Examine for an evolution to a darker path. For instance, someone who had been getting ACH deposits, or had been depositing roughly similar amounts on a regular basis, all of a sudden has a gap. There is also a corresponding gap in typical payments for rent, mortgage, water and electric bills.

The account might get some deposits from state unemployment or no help from government assistance at all. Then, all of a sudden, the person starts depositing large amounts of cash at irregular intervals – a potential red flag for prostitution.

Some further details to strengthen reasonable grounds for suspicion and to file a suspicious activity report (SAR) is if the account suddenly starts sending credit card or debit payments to known online escort or adult websites – clear evidence a person is advertising their services.

As well, closing the illicit loop, is if the account exhibiting the above signs also, for the first time, starts receiving payments from sketchy virtual currency exchanges, which is how the person is accepting payment from clients, attempting to keep the ties anonymous.

Human trafficking: As full sectors implode, traffickers raise their scythe

Similar to the above scenario, but this time, the person isn’t making the choice to engage in sex work of their own accord: they were recruited by a human trafficker bent on exploiting individuals who are scared, desperate and worried about losing it all.

Traffickers have an array of tactics to recruit people, promising easy or quick money, modeling gigs, or stable hospitality work in a foreign locale.

But the goal is always the same: get these people out of an environment, or region, where they have money, choices and a support system to make them dependent on the trafficker.

But again, that begs the question: How would that look in a transaction monitoring system?

One key that could help fincrime professionals risk assess what accounts could, or are, could be at risk being infiltrated by trafficking groups is to keep abreast of what sectors in what regions have been the most decimated by the coronavirus.

For instance, in South Florida, a typically teeming mecca of sun, sand and sin for tourists, many hotel workers, cruise workers and entertainers have lost their jobs. The tourism industry alone in Florida supports some 1.5 million jobs, according to Visit Florida.

So it might behoove compliance teams to tighten the transactional alert thresholds for customers in these sectors to get a better sense of when, or if, a trafficker has co-opted an out-of-work server, bartender or dancer.

Likely, in a case like that, the transactions would change considerably, again, from a person’s account having regular deposits from known companies, banks and HR companies in the thousands of dollars, to smaller cash transactions in the hundreds of dollars – in particular below thresholds where someone has to produce on ID.

As well, the account could start seeing deposits at different ATMs for the same bank, or many ATMs, from different banks that rotate around a given region within driving distance of a few hours.

The account could also then start seeing deposits out of state, with a corresponding larger transaction later wired to foreign destinations known to be trafficking and smuggling hubs – such as Asia Pacific and Africa – in classic funnel account form.  

The trafficker also might take a person’s credit and debit cards and start using them to pay for items like hotels, takeout food and Netflix or Redbox – to keep trafficking individuals occupied during their downtime.

Another red flag: the trafficked person’s social media accounts disappear or go dormant.

This trafficker, now handler, may essentially take over the person’s bank account – even walking into banks with them while not allowing an obviously nervous individual to speak – or refer to the person as an “employee” who is moving money overseas to help family members, even if the victim is not from that country and the handler is clearly not family.  

Other red flags for human trafficking that could be viewed by AML teams are ATM/credit card transactions in even, hundred dollar amounts, between 11 p.m. and 3 a.m. and using anonymous cashier’s checks and the like to pay for things, even bills, instead of ACH or personal checks.

Human smuggling: As countries lock down, smugglers get creative, expensive

Human smuggling during COVID-19 has gotten more dangerous, more expensive and more difficult.  

The crime is defined by the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) as involving foreign nationals choosing to immigrate illegally by paying a smuggler to help them cross the border.

So how does this crime look in an AML transaction monitoring system?

One key red flag: “Frequent exchange of small-denomination for larger denomination bills by a customer who is not in a cash intensive industry,” according to FinCEN. “This type of activity may occur as smugglers ready proceeds for bulk cash shipments.”

But to better understand the details of when smuggling could touch your institution, it’s vital to put the transactions into proper context, including what regions already struggling financially, with lack of rule of law or basic services, could have their migrant exodus numbers accelerate.

AML professionals must also be cognizant that human smuggling has three segments: Solicitation, transportation and payment.

Payments from families to smugglers could be in advance, a partial payment or be paid in full on arrival – giving opportunities to be identified by AML teams. But to best understand where the payments could be coming from and going, you need to analyze where migrants are moving.

Historically, the United States is the country that is the largest destination for migrants – legal and illegal, according to an analysis by Pew Research.

The decline in the unauthorized immigrant population is due largely to a fall in the number from Mexico – the single largest group of unauthorized immigrants in the U.S. Between 2007 and 2017, this group decreased by 2 million.

Meanwhile, there was a rise in the number from Central America and Asia.

As more migrants move, depending on their wealth and influence, they could be calling on the services of human smugglers – some that are just trying to provide a service to those seeking a better life, and others part of organized criminal gangs.

These past immigration patterns now must also be overlaid with what is happening globally as a result of the coronavirus.

Even while the United States and Europe have the most COVID-19 cases – the U.S has more than 1.4 million cases while Spain, Italy, France and Germany are in the top 10 – other countries that are already struggling with poverty, corruption or a lack of rule of law could be hit even harder during the pandemic.

Some current global coronavirus hotspots that could spur immigration include: Brazil with nearly 180,000 cases, Peru with some 72,000, Mexico at just more than 38,000 and Philippines and South Africa at 11,350 each, according to Worldometers.

Illegal immigration is also big business – with some reports stating that the human smugglers, or “coyotes” are charging more for their services.

According to experts, coyotes gross more than $5 billion a year. Crossing fees can range from $1,500 to $2,500 in Mexico. Police note that on a “good day” large coyote organizations can transport 500 people into the United States, according to Time.

That means, as an example, an institution might see a customer, or their family, in these regions withdraw thousands of dollars, let’s say $1,000, in Mexico, and then have a similar amount pulled out at or near ATMs in the southwest border to pay the other half of a coyote’s fee.

FATF weighs in on COVID-19 and tendrils to financial crime

The Paris-based Financial Action Task Force (FATF) touched on the human trafficking and smuggling ties to the pandemic in a just-released report, its first major statement on COVID-19. To read the full, 34-page report, click here.

“Criminals may take advantage of the pandemic to exploit vulnerable groups,” according to FATF, the global standard bearer for fincrime compliance best practices. “This may lead to an increase in the exploitation of workers and human trafficking.”

What’s worse, investigators may not uncover the rise of some trafficking groups until things start going back to normal.

“The suspension or reduced activity of government agencies regularly engaged in detecting human trafficking cases and identifying victims of trafficking (including workplace inspectors and social and health care workers) means that cases may go undetected.”

There are also more potential victims for traffickers to target.

“The shutdown of workplaces, slowdown in the economy, rising unemployment, and financial insecurity are factors that could result in an increase in human exploitation,” according to FATF.

Aggressive compliance focus on trafficking can help prevent infections

A critical reason why fincrime compliance professionals must adapt and overcome quickly – many teams are dealing with scattered workers and even layoffs and a significant surge in alert volumes – during the pandemic is helping law enforcement identify and shut down trafficking rings can save lives.

One problem COVID-19 poses to human trafficking victims concerns the health and well-being of such victims and the individuals exploiting these victims, such as clients purchasing their services and the traffickers themselves. 

Because this virus is highly contagious, human trafficking increases the risk of exposure for all parties involved, potentially leading to becoming infected and suffering health-related symptoms.

This not only poses an issue for both the trafficker and client, but also for the trafficking victim.

The trafficker could expose him or herself, as well as business partners and clients, to the virus. If a victim were to contract the virus, seeking medical care for the victim could risk exposure of the business operations.

However, if the trafficker chooses not to seek medical care for the victim, the victim could succumb to the illness, risk exposure to the general public and anyone who comes into contact with him or her, and/or the trafficker could end up releasing the victim leaving the victim to fend for him or herself.

Additionally, border closures and restrictions can pose a risk for exposure and lack of medical care.

Potential risk of financial crime resulting from human trafficking during this pandemic has not only increased, but has resulted in red flags in some banking transactions and activity noticed by AML professionals working behind the scenes.

In a move to adapt to an inability to actually meet individuals for sex, trafficking groups and individuals have started offering online cam shows and moving payments to credit cards, prepaid cards, and virtual currencies for such activities.

Ironically, video voyeurism may even technically be considered legal, said Brian Monroe, Vice President of Content for the Association of Certified Financial Crime Specialists (ACFCS), in the article, “Fincrime Compliance Professionals Highlight Longer Hours, Shifting Illicit Patterns of Finance, Training Challenges in First ACFCS ‘Virtual Happy Half-Hour.”

To read the full story, click here.

However, Monroe further explains that with hotel room or massage parlor access becoming limited, human trafficking patterns have adapted.

As the landscape of the financial industry has since changed course due to COVID-19, it has also impacted the way criminals operate their business.

It is critical for financial industry professionals to remain diligent in their efforts to flag and prevent future financial crimes, specifically those related to human trafficking, as well as continue mitigating and deterring these bad actors.

As children spend more time online, they become more of a target

Another problem COVID-19 poses to human trafficking stems from the amount of time kids are spending at home, specifically time spent online.

Schools have since switched to online learning from home. Predators utilize the internet to exploit vulnerable individuals, including children.

Children’s increased time spent online playing games with friends, social media outlets, and websites may increase their risk and exposure to potential predators that lurk in such online sources.

“There are reports from some members of a rise in the production and distribution of online child exploitation material, often for profit,” FATF stated in its COVID-19 and fincrime report.

“With the closure of schools, children are increasingly using the internet during “lockdown” periods, which could lead to an increase in online child exploitation,” the group said, citing U.S. and Australian authorities. “There are also reports that “lockdowns” and travel bans are increasing demand for this material.”

While the old tactic of “trust, but verify,” was once effective, we live in an age where technology has evolved and is more prominent in everyday life than it was just five to ten years ago.

A few tips for parents looking to monitor their children’s online activities without alienating their children include:

Be present: Find out what tools and apps they are actively using, check in on what content they post and receive, and conduct open, honest dialogues with them about what they see, how they respond, and your concerns over what you prefer they did or did not see or partake in.

Share passwords: Many parents will require their children to share passwords with any apps they use across all their devices. From smartphones to tablets to gaming systems, it is a good idea to have access to your children’s devices.

Install monitoring software: Monitoring apps and software can limit children’s activities and posts. There are plenty of reviews on the pros and cons of different monitoring software programs. Many monitoring software programs are reasonably priced as well.

Before considering sex work, reach out for help

Financial strain has impacted many families during this pandemic.

With unemployment, layoffs, and companies closing their doors completely, many families are facing the economic hardships as a result. This may cause individuals to look for alternative ways to earn money to support their families or simply themselves.

Prostitution is oftentimes the alternative method for “easy” money, especially for individuals in a desperate situation who need to survive or provide for their families.

However, there are other alternatives to maintaining financial stability during this crisis.

The Polaris Project points out that “policies like rent moratoria that stabilize existing housing and vouchers to provide emergency access to short term housing will alleviate tremendous pressure for potential victims and their families.

Job incentives for employers to hire in vulnerable communities at living wages will allow people to safely access the resources they need.”  In addition, the federal government has since instituted an Economic Payment Impact, which is currently issuing stimulus checks to those who qualify.

COVID-19 has impacted our lives at social, economic, financial, and mental levels.

While human trafficking is exacerbated during this time of crisis, there are valuable solutions to combatting it.

“Information sharing, intelligence, and ultimately awareness is at the center of countering issues like human trafficking,” said Vic Maculaitis, Founder and Chief Executive of The Data Initiative. “Sharing our data products and applications with non-profits, such as ATII, is a way of aiding and multiplying the force.”

Human trafficking victims have resources and services available to assist them during this global health crisis.

These resources include the National Human Trafficking Hotline (NHTH), The Domestic Victims of Human Trafficking Program (DVHT), Trafficking Victim Assistance Program (TVAP), as well as other state and local resources.

Other resources to address challenges related to COVID-19 include caregiver and household resources, shelters and transitional living programs, child care alternatives, substance use treatment and support programs, food assistance, economic impact payments, and many more.

Please do not hesitate to reach out to Anti-Human Trafficking Intelligence Initiative (ATII) and our partners at Association for Certified Financial Crime Specialists (ACFCS) to learn more about following the money and joining the fight against modern slavery.


Pandemic has hampered AML supervision, international investigations, cooperation, could help criminals evade CDD: FATF

The Skinny:

  • A global watchdog group is warning that the COVID-19 pandemic is creating hurdles for running financial crime compliance programs, reporting suspicious activities to law enforcement and working together to identify larger, interconnected criminal groups.
  • The Paris-based Financial Action Task Force (FATF), the standard bearer of anti-money laundering (AML) compliance best practices, is also highlighting that the relentless march of the coronavirus is also hampering compliance regulatory oversight and law enforcement investigations – preventing agencies from communicating, cooperating and quickly closing large cases.
  • Part of the issue is that many banks are struggling to balance quickly processing billions of dollars in stimulus payments to small businesses to prevent a foundering economy from falling further with ensuring the funds are not lost and stolen due to graft and fraud – a key concern noted by FATF.
  • One tactic employed by illicit organized groups is creating shell companies to act as a small business and attempting to skimp on AML customer due diligence details, critical information that could have uncovered a risky or criminal entity – or forensically could have tracked down pilfered stimulus funds.

By Dev Odedra
Independent AML expert, director, Minerva Stratagem Consulting
May 6, 2020

With editing and minor content additions by ACFCS VP of Content, Brian Monroe

The COVID-19 pandemic has created compliance stumbling blocks while opening the door to more criminal scams and laundering opportunities – including illicit entities evading customer scrutiny as banks focus more on doling out emergency stimulus loans to keep the world economy afloat, according to a just-released report by a global counter-crime watchdog.

The coronavirus pandemic has “led to a rise in COVID-19-related crimes, including fraud, cybercrime, misdirection or exploitation of government funds or international financial assistance,” the Paris-based Financial Action Task Force (FATF) said Monday.

With criminals trying to take advantage of pandemic fears with a surge in spam phishing fusillades on one end of the tainted spectrum and a charitable desire to help on the other, these coronavirus infection inflection points are “creating new sources of proceeds for illicit actors,” according to FATF, the international standard bearer of fincrime compliance best practices.

To read the full report, click here.  

It is also negatively affecting anti-money laundering (AML) oversight at all levels, along with the ability for financial institutions to broadly analyze for aberrant patterns and large-scale organized criminal patterns and related suspicious activity report/ suspicious transaction report (SAR/STR) reporting and international cooperation for law enforcement agencies.

“As the world is focusing on responding to the COVID-19 pandemic, it is impacting on the ability of government and the private sector to implement anti-money laundering and counter terrorist financing (AML/CFT) obligations in areas including supervision, regulation and policy reform, suspicious transaction reporting and international cooperation,” FATF said.

The missive to the compliance and investigative communities is the first major communique the influential world body has made related to the coronavirus and its tendrils to international crime fighters.

FATF in two more diminutive statements touched on the pandemic in recent weeks to exhort institutions to be a willing, but wary, partner of non-profit groups purporting to support COVID-19 causes and that institutions should consider digital onboarding and verification and employ simplified due diligence in certain cases to balance calibrating AML risk assessment requirements and social distancing protocols.

While acknowledging the AML obstacles of the financial sector, FATF also noted it is not immune to coronavirus-related compliance difficulties, admitting it is dealing with logistical challenges of its own and would be suspending on-site country evaluations along with extending assessment and follow-up deadlines.

To read the FATF pandemic statement tied to non-profits, click here.

To read the FATF statement tied to updated evaluation timelines, click here.

In frenzy of stimulus loans, criminals will attempt to evade AML scrutiny

It’s not a surprise that even the disciplined and typically well-oiled FATF evaluation train has gone off the rails.

Few individuals, businesses and even countries have remained unscathed by the relentless march of the coronavirus.

Overall, more than 200 countries and territories around the world have reported a total of nearly 3.8 million confirmed cases of COVID-19 that originated from Wuhan, China, and a death toll of more than 260,000, according to Worldometer.

In the face of lockdowns and rising unemployment, many financial institutions have seen profits fall and risks soar, in some cases choosing to trim or reorganize now-scattered fincrime compliance teams.

For some institutions, this has resulted in a “perfect storm” scenario where banks have fewer resources to review an avalanche of alerts – both from normal people drastically shifting money to support themselves and others and from fraudsters, scammers and spammers trying to game the system.

What this means for AML professionals: Even as you adjust to support your bank extending emergency stimulus loans, if you can’t proactively risk assess before the money goes out, forensically analyze after the fact so that when law enforcement eventually follows fraud funds to your door, you are seen as a SAR-armored ally, and not a co-conspirator.

The pandemic, according to FATF, could help criminals to:  

  • Bypass customer due diligence measures;
  • Increase misuse of online financial services and virtual assets to move and conceal illicit funds;
  • Exploit economic stimulus measures and insolvency schemes as a means for natural and legal persons to conceal and launder illicit proceeds;
  • Increase use of the unregulated financial sector, creating additional opportunities for criminals to launder illicit funds;
  • Misuse and misappropriation of domestic and international financial aid and emergency funding;
  • Exploit COVID-19 and the associated economic downturn to move into new cash-intensive and high-liquidity lines of business in developing countries.

To counter these criminal vulnerabilities, AML/CFT policy responses should include:

  • Domestic coordination to assess the impact of COVID-19 on AML/CFT risks and systems;
  • Strengthened communication with the private sector;
  • Encouraging the full use of a risk-based approach to customer due diligence; 
  • Supporting electronic and digital payment options.  

Putting all the pieces together

But this latest FATF report, titled “COVID-19-related Money Laundering and Terrorist Financing.  Risks and Policy Responses,”[1]must also be viewed with the broader context of what other non-government corruption and transparency groups have said and through the lens of the increasing aggressiveness and creativity of criminal groups.  

Although the paper is for information purposes only and does not constitute the official view of the FATF, nor imply or constitute any changes to the FATF Standards, it is of great value to anti-financial crime professionals as a knowledge piece.

Whilst much of the attention related to COVID-19 from a financial crime perspective has focused on fraud, cybercrime and regulatory responses to managing risks, the FATF paper may highlight some of lesser known financial crime related areas to be considered, especially when combined lesser known developments reported in the media.


Criminals finding ways to bypass customer due diligence measures

With many bank branches closed due to ‘lockdown’ measures instituted by countries, a significant shift in focus has turned to online banking for transactions and digital verification for AML know your customer (KYC) duties. 

Whilst some regulators have issued guidance on alternatives to face-to-face KYC[1], such as requesting clients to provide ‘selfies’ or videos, this is not a relaxation of financial crime risk management requirements. 

Institutions looking to incorporate new measures should be mindful that they need to be able to spot, for example; high resolution digital photos, “deepfakes” and 3D silicon/latex masks.

Increased misuse of online financial services and virtual assets to move and conceal illicit funds

Whilst much attention has been turned to fraud during the pandemic, there is likely little slow down of those involved in criminal activity involving virtual assets, regardless of new regulatory measures coming into force covering Virtual Asset Service Providers (VASP’s). 

A case involving Bitcoins that received little attention but has a much larger significance for financial crime and compliance professionals was that of money laundering charges against William Anderson Burgamy IV[2]

Burgamy, arrested and charged in April, was alleged to have operated as a Darknet vendor selling medications, including prescription opioids. 

He allegedly laundered the proceeds of his criminal activity by cashing out his Bitcoin drug payments into United States dollars and moving the funds through a variety of accounts, including his business bank accounts, in an effort to conceal and disguise the nature and source of his illicit proceeds. 

Although the activity precedes the pandemic, it clearly continued and thrived throughout it, as Burgamy is said to have posted on his Darknet market vendor page: Even with Corona Virus [sic] the shop is running at full speed.”



Misuse and misappropriation of domestic and international financial aid and emergency funding

Although there may already be many discussions in anti-financial crime circles on the exploitation of stimulus packages by criminals to falsely claim funds by posing as legitimate companies, much less focus has been on the risks of bribery and corruption involving the pandemic and funding.

The FATF report states that financial institutions claim that there is a risk that emergency financial aid to countries can be misappropriated by corrupt officials, especially in countries where the rule of law is weak combined with poor measures over transparency and accountability. 

Government contracts involving the purchase of significant amounts of COVID-19-related medical supplies can open the door to risks for corruption and the misappropriation of state funds. 

There also is a risk that individuals could use corruption or informal channels to obtain lucrative government contracts outside standard procurement procedures.

The bribery and corruption risks during a time where contracts and funds are quickly (and significantly) being disbursed should not be underestimated. 

The Office of Economic Co-operation and Development (OECD) has said that their Working Group on Bribery will be examining the possible impact and consequences of the pandemic on foreign bribery[1]

In a joint letter[2] to the IMF’s Executive Board, NGOs; Transparency International, Human Rights Watch and Global Witness, urged for transparency and anti-corruption measures in coronavirus-related relief programs.



U.S. Congress must proactively prevent corruption from derailing coronavirus response: NGO coalition

These groups are also working at the country level to garner political support to weave in counter-corruption components tied to pandemic stimulus packages at their legislative foundations.

Transparency International, Global Witness, Global Financial Integrity and others have recommended more than two dozen anti-corruption measures to U.S. congressional leadership, including ensuring that government contracts go toward fighting the virus, and are not stolen or misappropriated by graft-gilt actors.

To read the full story click here

Increased use of the unregulated financial sector, creating additional opportunities for criminals to launder illicit funds

Like past economic downturns, individuals (and even businesses) can find themselves quickly in need of funds either through job losses or loss of access to liquidity from banks. 

With criminals finding regular channels of illicit activity being cut off due to the pandemic, those out of work and in need of funds can find themselves falling prey to loan sharks[3] or even being recruited to work for the criminals[4]

Not only during, but even post-pandemic, criminal groups could invest in efforts to rebuild the economy, again this could be for smaller businesses but also larger projects[5]

It is not only vital to ensure existing client relationships are understood, including how they are weathering economic hardship, but also applying extra scrutiny on new clients during and post pandemic – particularly if they quickly return to pre-coronavirus transaction levels or even exceed them.




Terrorist Financing

Both the US[1] and the United Nations[2] warned that threats connected to terrorism remain high despite the pandemic, with terrorist groups seeing increased opportunities for terrorist activity and terrorist financing whilst the attention of governments is focused on COVID-19. 

Terrorist groups may see a window of opportunity to strike while the attention of most governments is focused on managing the pandemic. 

Humanitarian organizations delivering assistance to conflict areas can face potentially higher risk of aid diversion in support of terrorist financing.

Terrorist financing can be difficult to spot, but anti-financial crime professionals should maintain vigilant. 

If ever an example was required of the reality of the threat, despite the pandemic, this was highlighted in media reports in April[3]

A number of individuals were arrested in Germany plotting to carry out attacks on US bases in Germany and to finance their operations, they had planned to travel to Albania to raise finances by carrying out an assasisnation to raise $40,000[4].

In Closing

Anti-financial crime professionals should maintain a heightened sense of vigilance despite lockdowns in many countries. 

Criminals forced to adapt to the pandemic will continue to look for new avenues to exploit, as the FATF paper and under-reported developments show, illicit activity continues and may take on new forms.  





About the author

Dev Odedra is an independent anti-money laundering and financial crime expert. 

He has more than a decade of experience in managing financial crime risk in the retail, corporate and investment banking

His expertise covers investigations, advisory and controls implementation and improvement. 

Dev is also a prolific author and gathers and analyzes many of the biggest financial crime compliance news stories on social media to help the community keep abreast of key criminal, regulatory and program trends. 

Want to chat with Dev? Feel free to connect with him here

Regional Report – Europe: Fraud, cybercrime, surging now, AML must later look for launderers hiding in economic recovery, volatility

The Skinny:

  • Europe is firmly in the grip of the COVID-19 pandemic, with Spain, Italy, France and Germany among the top 10 in countries with the most total cases at more than 750,000 combined – still less than the United States at some 1.1 million.
  • Not surprisingly, with banks facing a massive surge in fraud and cybercrime attacks, that puts more pressure on anti-money laundering compliance professionals to better protect themselves and customers.
  • Europol, the bloc’s top investigative agency, is responding by more aggressively trying to share information on larger schemes across Europe and with international partners. But they face a daunting hurdle: large, sophisticated organized criminal groups are attempting to launder money and hide among the shifting transaction patterns and economic volatility.
  • What’s more, these criminal groups won’t slink back to the shadows if and when the economy improves, propped up by stimulus checks, but are expected to redouble their efforts to launder ill-gotten gains when overarching financial throughput rises.
  • As for specific criminal trends, while COVID-19-related lockdowns have made it harder for human traffickers to ply their trade, there has been an inversely proportional, sinusoidal rise in human smuggling as desperate individuals attempt to flee from already impoverished regimes, further crushed by the coronavirus, to Europe.  

By Brian Monroe
May 1, 2020

Financial crime compliance professionals in Europe are facing a massive surge in fraud and cybercrime attacks, against themselves and customers, as organized criminal groups attempt to take advantage of the fear, uncertainty and desperation tied to COVID-19 pandemic.

Like hundreds of other regions, Europe is also in the grip of the COVID-19 pandemic, with Spain, Italy, France and Germany among the top 10 in countries with the most total cases at more than 750,000 combined – still less than the United States at some 1.1 million, according to Worldometers.  

But anti-money laundering (AML) teams can’t lose focus as illicit organizations are attempting to exploit the chaos and confusion of the coronavirus – which has locked down whole countries, shuttered businesses and plunged much of the world into a financial recession – to launder money now, and will also later move to cleanse illicit funds as economies recover.

Those are just some of the fincrime trends highlighted by the European Union Agency for Law Enforcement Cooperation, or Europol, the bloc’s top investigative body, related to what compliance professionals, regulators and investigators should be watching out for currently and in an emerging post-pandemic world.

But this is not just crystal ball gazing.

Europol has seen this before, with the counter-crime strategies now based on what has happened in prior regional disasters along with the security threats at play and general tactics employed by “serious and organized” criminal groups in the wake of the 2008 economic crisis. 

In response, the investigative agency is working harder to share information with international allies to put all the pieces of the tainted financial puzzle together to better identify large, interconnected groups working across the bloc.  

In short for AML compliance professionals and fraud teams: get ready to work even harder to separate the criminal wheat from the swirling transactional chaff – because regulators will be judging later how your teams adjusted and reacted now.

“Serious and organized crime is exploiting the changing circumstances during the pandemic,” said Catherine De Bolle, Europol’s Executive Director.

“Now more than ever, international policing needs to work with the increased connectivity both in the physical and virtual worlds. This crisis again proves that exchanging criminal information is essential to fighting crime within the law enforcement community.”

Europol has broken down how COVID-19 is affecting and could affect criminal groups in three phases:

Phase 1 – the current situation: COVID-19-related criminality, especially cybercrime, fraud and counterfeiting have followed the spread of the pandemic throughout Europe, similar to other jurisdictions that have reported a rise in phishing, scam and spam attacks tied to the pandemic, protective equipment or, more recently, stimulus checks. More on the current situation can be read in Europol’s previous reports published in March and April 2020.

Phase 2 – mid-term outlook: An easing of lockdown measures will see criminal activity return to previous levels featuring the same type of activities as before the pandemic.

However, the pandemic is likely to have created new opportunities for criminal activities that will be exploited beyond the end of the current crisis.

It is expected that the economic impact of the pandemic and the activities of those seeking to exploit it will only start to become apparent in the mid-term phase and will likely not fully manifest until the longer term.

Some of the relevant crime areas are:

  • Anti-money laundering: the pandemic and its economic fallout will exert significant pressure on the financial system and the banking sector. AML regulators must be vigilant and should expect attempts by organized crime groups to exploit a volatile economic situation to launder money using the on-shore financial system. 
  •  Shell companies: criminals will likely intensify their use of shell companies and companies based in off-shore jurisdictions with weak AML policies at the placement stage to receive cash deposits that are later transferred to other jurisdictions. 
  • The real estate and construction sectors: These will become even more attractive for money laundering both in terms of investment and as a justification for the movement of funds. 
  • Migrant smuggling: While the economic impact of the COVID-19 crisis in Europe is not yet clear, it is expected that the impact on economies in the developing world is likely to be even more profound. Prolonged economic instability and the sustained lack of opportunities in some African economies may trigger another wave of irregular migration towards the EU in the mid-term.

Phase 3 – the long-term impact: 

  • Organized crime is highly adaptable and has demonstrated the ability to extract long-term gains from crises, such as the end of the cold war or the global economic collapse of 2007 and 2008. 
  • Communities, especially vulnerable groups, tend to become more accessible to organized crime during times of crisis. Economic hardship makes communities more receptive to certain offers, such as cheaper counterfeit goods or recruitment to engage in criminal activity.
  • Mafia-type organized crime groups are likely to take advantage of a crisis and persistent economic hardship by recruiting vulnerable young people, engaging in loan-sharking, extortion and racketeering. 
  • Organized crime does not occur in isolation and the state of the wider economy plays a key role. A crisis often results in changes in consumer demand for types of goods and services. This will lead to shifts in criminal markets. 

In new normal of pandemic, working from home, job insecurity, opens door to criminal infiltration

Several factors have a significant impact on serious and organized crime during the COVID-19 pandemic, according to Europol, including that more people are online and answering strange emails that may, or may not, be from work and others may be desperate for funds due to losing a job – and not concerned about where the money originated.  

These include:

  • Online activities: more people are spending more time online throughout the day for work and leisure during the pandemic, which has increased the attack vectors and surface to launch various types of cyber-attacks, fraud schemes and other activities targeting regular users. 
  • Demand for and scarcity of certain goods, especially of healthcare products and equipment, is driving a significant portion of criminals’ activities in counterfeit and substandard goods and fraud. 
  • Payment methods: the pandemic is likely to have an impact on payment preferences beyond the duration of the pandemic. With a shift of economic activity to online platforms, cashless transactions are increasing in number, volume and frequency. 
  • Economic downturn: A potential economic downturn will fundamentally shape the serious and organized crime landscape. Economic disparity across Europe is making organized crime more socially acceptable as these groups will increasingly infiltrate economically weakened communities to portray themselves as providers of work and services.
  • Rising unemployment and reductions in legitimate investment may present greater opportunities for criminal groups, as individuals and organisations in the private and public sectors are rendered more vulnerable to compromise. Increased social tolerance for counterfeit goods and labor exploitation has the potential to result in unfair competition, higher levels of organized crime infiltration and, ultimately, illicit activity accounting for a larger share of GDP. 

“These factors shape criminal behavior and create vulnerabilities,” the group said. “Based on experience gained during prior crises, it is essential to monitor these factors to anticipate developments and pick up on warning signals.”

Regional Report – Asia: India struggles on outsourced AML, Hong Kong fraudsters impersonate banks, Japan regulator reduces onsite exams

The Skinny:

  • In this regional snapshot, Asia is in the spotlight, reviewing how several key powers have worked to counter a global pandemic while not losing ground to criminals, fraudsters and cyber hackers.
  • India, one of the world’s compliance outsourcing capitals, has seen its AML community rush to adapt to working from home – potentially losing the trust of large international banks – and straight into the jaws of rising cyber risks.
  • In Hong Kong, fraudsters and phishermen attempt to impersonate banks in scam, spam blasts.
  • The Land of the Rising Sun, Japan, has stated banking regulators will perform fewer onsite AML exams to protect banks and themselves in a nod to social distancing protocols, choosing instead to focus on banks with checkered pasts.

By Brian Monroe
April 30, 2020

With much of Asia being in propinquity to the epicenter of the coronavirus pandemic, regional powers are under even more pressure and scrutiny to counter the spread of COVID-19 while not losing ground to rising fraud, money laundering and cyber threats.

Overall, more than 200 countries and territories around the world have reported a total of nearly 3.4 million confirmed cases of the coronavirus COVID-19 that originated from Wuhan, China, and a death toll of 239,443 deaths, according to Worldometer.

Countries, including India, Hong Kong and Japan, have different histories, ideologies, capacity and resources, but are united in a fight against a common relentless enemy. Here are some snapshots about how they are responding related to financial crime and compliance:

India: One of the world’s compliance outsourcing capitals must adapt to working from home, rising cyber risks

India and its financial crime fighting teams have faced a bevy of challenges when attempting to balance compliance in a time of coronavirus – issues that have touched many large global banks due to outsourced anti-money laundering (AML) duties.

The country, with a population of more than 1.3 billion, currently has the largest national COVID-19 lockdown in the world, and it faces some daunting hurdles when it comes to AML compliance, countering a rise in fraud and phishing fusillades and girding cyber defense gaps.

Overall, India coronavirus cases have reached nearly 35,000, with a death toll at more than 1,100, according to Worldometer.

But India uniting against the pandemic, and bolstering fincrime compliance, must do so against a panorama of “diverse states, health inequalities, widening economic and social disparities, and distinct cultural values,” according to media reports.

With so many people working from home, large and small business alike, banks requesting digital details for identifications and transactions and even food and essentials ordered online, that opens the door to criminals breaching systems and stealing data along with individuals accidentally clicking on a diseased link.

“There’s going to be some compromise in security because of digitalization. The numbers of phishing cases have increased immensely in India, with lots of frauds happening around this time masked as Covid19 threats,” said the Global Cyber Security practice, Co-Leader & Partner, KPMG India, Akhilesh Tuteja, as part of a conference on these issues.

The COVID-19 crisis has also “exposed a lot of unfamiliar reliance on globalization and outsourcing – including regulatory compliance,” according to Forbes.

This has directly impacted the ability for some Indian firms to continue taking on out-sourced duties tied to AML and other regulatory requirements, with some financial institutions turning to technology and artificial intelligence firms to bridge the gap in human capital.

With India on a severe lockdown, banks that had outsourced a lot of their compliance work to India “find it can’t be done — the staff can’t go into the office and often the internet is too weak to support work from home.”

The move by Prime Minister Narendra Modi to impose a lockdown March 22 across most of India poses a significant challenge for banks such as JPMorgan Chase & Co., UBS Group, Deutsche Bank and others as well as India’s US$181 billion (S$263 billion) outsourcing industry that “handles everything from trade settlements to airline reservations for British Airways and insurance claims,” according to Bloomberg.

In response to the pandemic, the Reserve Bank of India (RBI), the country’s top financial regulator, took a “number of steps” starting in March, requiring institutions to bolster operational resilience, according to the agency.

“Banks have been required to put in place business continuity plans to operate from their disaster recovery (DR) sites and/or to identify alternate locations for critical operations so that there is no disruption in customer services. Our data show that there was no downtime of internet or mobile banking,” RBI stated April 17th in a governor’s statement.

“As a result, the payment infrastructure is running seamlessly,” RBI said.

Hong Kong: In grip of pandemic, fraudsters, phishermen attempt to impersonate banks in scam, spam blasts

Cognizant of the rise in fraud and cyberattacks, and the general challenges for AML compliance professionals, the Hong Kong Monetary Authority (HKMA) has offered guidance in a bevy of areas, including customer identification and risk ranking at a distance, streamlining due diligence efforts, and more, according to legal analysts.

But that is just the tip of the iceberg for pandemic-related issues for Japan’s financial sector, where criminals are aggressively trying to dupe scared and anxious individuals and corporates.

In recent weeks, Hong Kong has been dealing with an explosion of fraudulent banking websites, in some cases tied to a dedicated phishing attack, attempting to take advantage of consumers desperate to withdraw and move money – for themselves or others, according to the HKMA.

Some of the banks being impersonated by fraudsters include many of the largest in Asia:

  • Bank of China (Hong Kong)
  • Phishing email, CTBC BANK
  • Fraud site, phishing texts, emails related to The Hongkong and Shanghai Banking Corporation Limited
  • Fraud site, Bank of Singapore
  • Phishing email, Bank of Taiwan
  • Fraudulent website related to Hang Seng Bank, Limited
  • Fraud site, China CITIC Bank

As for how banks should respond to these and other COVID-19 related challenges, the regulator in this round focused on laying out guidelines for authorized institutions, such as banks, and prepaid card and related operations, referred to as stored value facility (SVF) licensees.

The HKMA has stated in two circulars it does not expect a “zero failure” outcome from AIs and SVF licensees in AML programs and finding and reporting on every instance of money laundering (ML) or terrorist financing (TF).

The circulars can be accessed here and here

Some key points include:

Remote on-boarding, simplified due diligence

Authorized Institutions:

  • AIs are encouraged to work closely with the HKMA during this period to provide greater convenience (e.g. through use of financial technology) for account opening (e.g. remote account opening) and continued access to essential banking services to the public.
  • To help AIs adapt to COVID-19 containment measures, e.g. social distancing, simplified due diligence measures can be applied to customer on-boarding and account opening for customers that pose lower ML and TF risks. 
  • For customers opening accounts solely for the purpose of the Government’s (recently announced) cash payout scheme, AIs should apply the minimum level of customer due diligence appropriate in the circumstances.

SVF licensees:

  • SVF licensees may conduct customer due diligence measures which are commensurate with the lower risks posed by SVF products based on their stored values, transaction limits and functions.
  • SVF licensees are, similarly, encouraged to work closely with the HKMA to provide greater convenience for account opening and continued payment services to the public.

COVID-19 financial crime risks

  • AIs and SVF licensees should remain vigilant to emerging ML and TF risks (e.g. face mask scams). Such risks should be mitigated through information sharing and by reporting suspicious transactions to the Joint Financial Intelligence Unit (JFIU).  If an AI or SVF licensee encounters issues in reporting to the JFIU, the matter should be discussed with the HKMA (and the JFIU) without delay.

Ongoing support from the HKMA

  • Given the current challenges AIs and SVF licensees are facing, maintaining normal operations of AML/CFT systems may not be achievable in all cases. Where the AI or SVF licensee is unable to meet a particular obligation in the short-term, it should maintain a record of the circumstances, the risk assessment performed as well as any mitigation measures being taken.

Japan: Regulators to perform fewer onsite exams, with focus on banks with checkered pasts

Japan’s top banking regulator has taken a unique tack, and rather than just laying out what financial institutions should do to better manage rising AML, operational and cyber risks during the pandemic, it also helped take the pressure off in a very profound and direct way: fewer on-site exams.

The Bank of Japan, the country’s central bank, stated in a message to the financial sector it is prioritizing AML and cyber risks, and is exhorting institutions to be wary of a rising tide of fraud and ill-gotten gains, but will ensure compliance without as many rigorous onsite visits.

“With regard to operational risk, the Bank will examine, for example, the status of frameworks for cybersecurity management and anti-money laundering controls, both of which have gained importance,” according to the regulator.  

As for onsite exams, they will take place in 2020, but with a much narrower scope.

“Taking into account the recent situation regarding the novel coronavirus and with a view to preventing the spread of the infection, [the Bank] will take necessary measures in conducting on-site examinations while giving the utmost consideration to the situation faced by examinee institutions.”

As well, for globally operating major financial institutions, major group companies, including their overseas branches and subsidiaries, they will be subject on-site examinations “as necessary,” the Bank of Japan said.

What’s more, the focus will be on institutions that have had high-profile financial crime compliance failures.

“Taking into account the administrative burden on branches, [the Bank] will not conduct examinations aimed at confirming operational accuracy except in the case of financial institutions that have particular problems, such as incidents of fraud or accidents in business operations.”

Scholarship Spotlight: Countering human trafficking takes combination of learning criminal patterns, sharing knowledge, helping survivors rebuild, says Emily Bejarano

The Skinny:

  • One of the winners of the ACFCS certification scholarship for fincrime professionals fighting human trafficking shares what drives her in this mission to thwart criminal groups through follow-the-money sleuthing and directly helping victims and survivors rebuild one-on-one.
  • For Wells Fargo anti-money laundering consultant Emily Bejarano, the mission to counter trafficking goes beyond the digital battlefields of transaction patterns through correspondent banking portals, with some of the most decisive skirmishes happening in the human heart as victims must pick up the pieces of shattered lives.
  • That’s why she pairs a passion to aggressively gather knowledge on the nuanced financial trails of trafficking – and share that thought leadership with other public and private partners – with compassion by volunteering to sit with survivors and teach them hard and soft skills to help regain their dignity, and humanity.
  • While Bejarano has mentored and counseled countless victims who have endured trials and trauma at the hands of criminal groups, their tenacity has humbled her at the same time. Human trafficking survivors “are the most resilient people I have ever encountered and they never cease to amaze me.”

By Brian Monroe
April 27, 2020

For Emily Bejarano, countering the financial tendrils to potential human trafficking activities is more than analyzing data points, linked accounts and red flags behind a computer screen as a financial crime compliance professional working for one of the country’s largest banks.

Beyond her work as a Financial Crimes Consultant for Wells Fargo focusing on mitigating the risks and addressing any concerns related to anti-money laundering (AML) compliance tied to Asian correspondent banking relationships, the Chicago resident also volunteers to help victims rebuild their lives through an initiative called “Stop-It.”

Bejarano sees firsthand the human aftershocks of trafficking groups, strengthening her resolve to counter the crime and broadly share knowledge on transaction patterns and red flags.

When she volunteers at Stop-It, part of the Salvation Army, her time is spent trying to support victims by “assisting individuals looking for housing, finding jobs, building resumes, teaching life skills (cooking, crafting, money managing), and my personal favorite, styling hair and makeup.” 

The objective of the program is to “provide support services through case management and resources, as well as assisting them with goals to help them in overcoming their trauma and having a safe place for them to come and feel supported.”

Prior to Wells Fargo, Bejarano worked at BMO Harris, where she began her career in financial crime compliance reviewing high-risk clients as an Analyst, Investigator, and then an AML Specialist. 

Investigating financial crime is a longstanding dream and running theme for Bejarano.

She originally planned on becoming a police officer after four years of being a Police Explorer, a program for young adults to learn about law enforcement.

But after entering the banking field in 2006, while going to school for her associates in criminal justice, that changed. Initially, Bejarano worked in the branch directly with customers, handling transactions and performing branch audits.

But eventually, “I became more interested in the operations aspect and discovered AML (group all of 30 people at the time),” she told ACFCS. “Thankfully, I was able to connect with an internal employee who allowed me to shadow them and led to the beginning of my cherished AML career.” 

Overall, Bejarano has been in dedicated AML roles for nearly a decade.

Aside from her work and volunteer efforts with Stop-It, she is also a Corporate Ambassador for Cause Gear, a Chicago company that offers unique design and quality merchandise with the purpose of creating sustainable social reform for people vulnerable to extreme poverty and human trafficking in India.

While talking to victims and hearing their stories of survival can be emotional, Bejarano is also humbled by their strength and ability to rise and overcome adversity.

“The participants (survivors/victims) in the space are the most resilient people I have ever encountered and they never cease to amaze me,” she told ACFCS. “The fact that I was able to enter this space after seeking a way to help within my community and be welcomed with open arms is something I will always be grateful for.” 

It was for those and many other reasons ACFCS chose Bejarano as one of the recipients of the association’s inaugural Human Trafficking Scholarship Program. 

The selection process centered on individuals in roles combating human trafficking, an effort to share broad thought leadership on the issue as part of the association’s “Quarterly Focus” on human trafficking in the second quarter of 2019.

In recent quarters, ACFCS has tackled fincrime focus topics covering human trafficking, cryptocurrency and sanctions. The current Quarterly Focus topic for Q2, informed by the global COVID-19 pandemic, is “Fincrime Resiliency.”

In collaboration with its members, partners and the community as a whole, ACFCS will provide a series of trainings, tools and initiatives to help build resilient programs for compliance, investigations and enforcement.

A few highlights of the Quarterly Focus are:

·       Increased Online Learning with a Focus on COVID-19 – ACFCS will bring you a packed webinar calendar in the coming weeks, with events honing in on the compliance and investigative impacts of the coronavirus. Beyond webinars, we’re expanding our online content to include video chats with experts, virtual networking events, and much more. View the calendar here.

·       Online Exam Access for the CFCS Credential and Changes to Certification Policies – Starting soon, ACFCS will make the CFCS exam available online for candidates. We’re also changing recertification and exam scheduling deadlines to relieve pressure on anyone affected by the coronavirus. Look for more details in the coming days!

·       CFCS Scholarships to Foster Resilient Programs – This quarter, ACFCS is offering 20 CFCS scholarships, its highest number ever, to individuals who are helping their organizations adapt and stay strong in the fight against financial crime. Learn more about the program below and apply today.

·       Community-Curated Tips and Comprehensive News Coverage – We’ve launched a new FinCrime Resiliency Tips series to gather and share guidance with members – learn more and submit your tips today! You’ll also see intensive coverage and guidance on coronavirus-related issues on our news page.  

To read more about the resiliency quarterly focus, click here.

The scholarship offers complimentary registration for the Certified Financial Crime Specialist (CFCS) certification, the full suite of prep materials, and a year of membership in ACFCS.

In the case of the Quarterly Focus on human trafficking, those chosen for the scholarships submitted applications with compelling professional and often personal experience related to human trafficking – from running investigations and creating transaction monitoring rules, to advocating for legislation and working directly with survivors.

After receiving more than 130 applications from professionals across 20 countries, ACFCS selected 15 recipients of its scholarship program. 

To view an ACFCS human trafficking resource page, click here

Bejarano stated that information sharing on investigative resources and analyzing trafficking and other financial crime trends across institutions is one of the favorite things about her job.

 “I love the benefit of speaking directly with other financial institutions and making that connection to better understand the measures they are taking to adhere to regulatory requirements, mitigate risks within emerging industries, and listening to success stories.”

The ACFCS certification can only further those efforts, acting as a bridge to collaboration for banks and other public and private sector entities, many that typically are not subject to formal AML rules and requirements to look for the telltale signs of human trafficking, she said.

Fighting human trafficking and helping victims and survivors is “my passion,” Bejarano said, adding that she is working diligently to raise awareness around the topic and join the fight in putting it to an end. Specifically, I look forward to bridging gaps and assisting with collaboration between various sectors.”

Collectively, there is “so much information that can be utilized to identify HT and staying abreast of emerging trends involves all of us, most importantly, FI’s, LE, Nonprofits, Medical Field, Hospitality, and Transportation sectors.”    

Bejarano was kind enough to share some of her knowledge in our latest ACFCS Scholarship Spotlight:

1. How do you work to detect, prevent and/or raise awareness of human trafficking, in your job role or outside of it?

In my current role, I review correspondent banks and ensure they have strong compliance and AML programs in place so we can allow them to use our products and services while also identifying and mitigating the risks associated through their customer base.

Outside of work, I volunteer with a program here in Chicago, called “Stop-it.” In this space, I am a mentor who attends 1-2 times per month working directly with survivors/victims.

The objective of the program is to provide support services through case management and resources, as well as assisting them with goals to help them in overcoming their trauma and having a safe place for them to come and feel supported.

My time here is spent assisting individuals look for housing, finding jobs, building resumes, teaching life skills (cooking, crafting, money managing), and my personal favorite, styling hair and makeup. 

2. What do you see as key challenges related to human trafficking detection/prevention in your role or in the sector overall?

For FI’s, while it is more likely to detect something unusual, it is difficult to tie [that aberrant activity] back to human trafficking specifically, which makes it very important in all cases to follow the money.

While there are measures in place to assist in collaboration across various sectors like law enforcement (LE), FI’s and nonprofits, there are still gaps when crossing conversations.

This could be due to many reasons, including work language, LE’s limitations on sharing information from their [active, ongoing investigations and cases], as well as confidentiality when discussing with nonprofits. (FI’s having little to no connection to them at all). 

For the nonprofit organization, it’s most difficult to detect because many survivors do not identify as victims. This is based on lack of information, or out of fear instilled from their trafficker, and sometimes immigration status. 

3. What is the most rewarding part of your job?

I love the benefit of speaking directly with other financial institutions and making that connection to better understand the measures they are taking to adhere to regulatory requirements, mitigate risks within emerging industries, and listening to success stories.

There are so many different factors such as, customer base, geography, size of the financial institution (FI), products, etc. So, it makes everyone unique and all around makes my job really interesting and exciting. 

 As part of my involvement with Stop-it over the last four years, I have an immense amount of respect for the people that work within the program, they are extremely passionate about what they do and constantly put their heart into all they do.

The participants (survivors/victims) in the space are the most resilient people I have ever encountered, and they never cease to amaze me. The fact that I was able to enter this space after seeking a way to help within my community and be welcomed with open arms is something that I will always be grateful for. 

4. When it comes to human trafficking detection/prevention, what do you think is going well, and where could we get better?

Artificial Intelligence is an area that Human Trafficking is being detected more efficiently and many industries are considering to help prevent/ detect/report transactions. 

Organizations such as Polaris and initiatives such as STATs, a technology-armed platform (formed through Enigma) are aimed to highlight trends of HT, where information is captured, and shared for the purpose of dismantling systems connected to trafficking. 

It’s important for all financial institutions to stay abreast of new trends, ensure KYC is informative and comprehensive and that conversations among law enforcement is communicative and thorough. 

One area that I strongly believe requires careful consideration and improvement is the language in which we address HT.

Each industry has a different vocabulary, some considered derogatory in nature (e.g., HT should not be referenced as prostitution, being it is against ones will/ by use of force, etc.). 

It’s time for society as a whole (especially those with direct exposure) to take responsibility for updating outdated/biased language, by considering HT from a place of empathy.

There is much to learn from the approach taken by those that are providing resources and dedicated support to the front lines (i.e.,nonprofits). In turn, I believe this perspective will improve our communication and effectiveness.  

5. Why did you apply for the CFCS certification scholarship?

 I applied for this scholarship after discovering it through a colleague. I am committed to doing everything I can to help in this area specifically, because it is my passion to raise awareness around the topic and join the fight in putting it to an end.

I believe my experience with FI’s around AML and at the forefront with individuals who have had to endure this terrible epidemic offers an alternative to putting less victims on the stand and holding perpetrators accountable through financial statements.

Through this, victims will not have to relive their trauma and the statements serve as stronger evidence. 

6. How do you think the CFCS credential will impact your career, especially your work to combat human trafficking?

I am looking forward to this credential because it will provide me with a deeper level of certainty and knowledge to work on this topic in a specialized area within the financial institution.

Specifically, I look forward to bridging gaps and assisting with collaboration between various sectors.

Collectively, there is so much information that can be utilized to identify HT and staying abreast of emerging trends involves all of us, most importantly, FI’s, LE, Nonprofits, Medical Field, Hospitality, and Transportation sectors.    

Inside the Lazarus Group – North Korea’s Crypto Crime and Risks to the Financial Sector

In conversation with Jonathan Levin, co-founder and Chief Strategy Officer, Chainalysis

by sanctions, the government of North Korea has turned to an unexpected outlet to
generate funds and move money – Cryptocurrency crime. Cyber threat groups tied to
North Korea, have targeted cryptocurrency exchanges in recent years, with considerable
success. Last August, a UN panel estimated the country was responsible for over
$500 million in funds stolen from exchanges.

Those looted funds are typically moved through exchanges and into the traditional financial sector, creating risks for both crypto firms and banks. Earlier this month, the U.S. government took action against two Chinese nationals for their role in helping the North Korea-aligned Lazarus Group launder funds stolen in cryptocurrency exchange hacks. The DOJ listed 145 virtual currency accounts and addresses that were used to launder the funds, 20 of which were included in a sanction designation, and any dealings with them carry civil and criminal penalties.

In this edition of the CrimeCast, we’re joined by Jonathan Levin, the co-founder and Chief Strategy Officer of Chainalysis, a leading blockchain intelligence and investigations firm. We’re taking an in-depth look at how Lazarus launders stolen money, and how investigators, exchanges, and financial institutions can leverage blockchain forensic tools like those provided by Chainalysis to fight back.

Economic Aid, Fincrime Risk? – Exploring the Paycheck Protection Program and Pandemic Relief

The COVID-19 pandemic has governments around the world scrambling for ways to support the private sector, through low or no interest loans, payroll guarantees and more. In the US, initiatives like the Paycheck Protection Program or PPP have seen hundreds of billions of dollars loaned out through banks in a matter of weeks, and more on the way.

That’s been a lifeline for many businesses, but the staggering speed and volume of funds create opportunities for fraud, and headaches for financial institutions – From fincrime risks to concerns around customer experience and reputation.

In this CrimeCast, our guide to the tumultuous world of US pandemic emergency aid programs is Amanda DuPont, Public Records Product Expert with Thomson Reuters. Her role gives her an insider’s view into how financial institutions are managing programs like the PPP, Economic Injury Disaster Loans, Main Street Lending and more.

You’ll hear Amanda’s insights on:

  • How institutions are balancing customer experience with fincrime compliance related to these programs
  • How automation can help with customer due diligence in a pandemic
  • How this crisis may actually present an opportunity for both fintechs and traditional banks
  • And more

In chaos of pandemic, more ransomware attacks targeting hospitals, some dark markets struggle to meet user illicit order demands: special ACFCS webinar report

The Skinny:

  • In chaos of coronavirus pandemic, more ransomware attacks are targeting hospitals, even as some hacking groups debate the ethics of going after vulnerable targets trying to save lives, according to details revealed in a joint ACFCS/Chainalysis webinar Friday.
  • Conversely, even as COVID-19 has opened new avenues for scam, spam and ransomware fusillades, some darknet markets are struggling to meet the illicit order demands of users because getting certain drugs and precursor chemicals are taking much longer, if at all.
  • So how are darknet market denizens responding? By taking a page out of the playback of other online and brick-and-mortar retailers: special COVID-19 discounts and sales and even – and I am not kidding here – free surgical masks with every order.
  • As for ransomware attacks, a more recent wrinkle: Many groups are now pairing that barrage and lockdown with an attempt to steal as much information as possible. They are also attempting to scare a person or top executive with sextortion, telling them they have hacked inappropriate photos from a person’s phone or cloud account.
  • But the addresses these ransomware groups tell others to pay can also be their downfall. That’s because blockchain analytics firms can then review if these addresses are tied to higher risk exchanges with few anti-money laundering know-your-customer (KYC) checks or if they have been tied to other scams and Ponzi schemes – capturing the attention of law enforcement. 

By Brian Monroe
April 24, 2020

In an ignoble irony that would even make some criminals cringe, ransomware attackers have in recent weeks been more aggressively attacking hospitals and other healthcare operations in regions hit hard by the coronavirus pandemic.

Why? Other than having no form of morals, ethics or “honor among thieves,” there are specific reasons ransom ransackers are targeting the healthcare sector: Many hospitals are already at or beyond capacity, so they are more vulnerable to make a mistake and cyber misstep, clicking on a diseased link as the operation is in crisis mode.

The other understood meaning by cyber-enabled spammers: these operations are more likely to pay – and quickly – because lives are at stake.

Even worse: because of the higher stakes involved with hospitals, a ransomware group can ask for a much higher payment than the typical few hundred dollars in nigh untraceable virtual currency, in some cases demanding millions.  

Those are just some of the updated financial crime and compliance trends nearly 1,000 attendees learned about during a Friday webinar, “COVID-19: A Perfect Storm for Crypto Scams?” by ACFCS and Chainalysis, a blockchain countercrime analytics firm.

In any crisis “bad actors will be looking to profit off of it,” said Kim Grauer, head of research, at Chainalysis, where she examines trends in cryptocurrency economics and crime. “We’re already getting reports of cybercriminals using Covid-19 to scam the vulnerable, extort healthcare providers, and spread misinformation.”

The webinar analyzed the role cryptocurrency plays in Covid-19-related crimes, including:

·       Scams taking advantage of the crisis

·       Ransomware attacks against healthcare providers

·       How darknet markets react to a pandemic

In what seems like an endless month, the COVID-19 pandemic has done more than take lives, drain life savings and plunge much of the world into an economic downturn: it has provided new avenues for some criminal groups and cyber hackers.

Attempting to prey on people’s fear on one end of the spectrum and their desire to help on the other, illicit groups have unleashed new phishing and other spam and scam fusillades – this time based on some angle of the coronavirus, cures or equipment, or conversely, the desperately-needed funds from country stimulus packages. 

Customer service complaints…for darknet markets?

While the pandemic has opened the door to some dark net denizens, some darknet markets – an operation only accessible by a special Tor browser – have struggled to keep up with supply and demand of certain illegal items, including drugs and precursor chemicals.

On dark web forums, some customers have complained, “hey, I ordered something three weeks ago, what gives?” Grauer said. “Because of the coronavirus, a lot of the packages are not able to go out as quickly. There are not as many supplies on the darknet marketplaces.”

Overall, even as major virtual currencies saw their value drop in the past month, the revenue for scammers getting paid in Bitcoin, Ethereum and other crypto coins declined even further, more than 30 percent.

One reason profits are falling for certain scammers used to being paid in Bitcoin is that some virtual value “investment” opportunities – in actuality simply Ponzi schemes with a new crypto sheen – are imploding.

One of the biggest scams in 2020 that is flailing due to COVID-19 is the Million.Money scheme.

The operation offers buy-ins as low as .03 Ethereum, or about $5, with 10 levels of buying “tiers,” touting that those involved have the potential to make $300,000 in passive income every three months by hitting the “repeat” button.

But like many classic Ponzi schemes, faux investment scams built on paying out small amounts to investors, they fall apart when the incoming funds don’t match the outgoing payments.

To counter the drop in funding, some darknet markets are taking a page out of the playback of other online and brick-and-mortar retailers by offering sales, giveaways and even COVID-19 related freebies and swag.

Grauer highlighted some dark markets making statements like “Covid sale,” and “Coronavirus special.” Don’t forget about a commitment to customer service. “Free surgical mask with every order!” and “We take care about our customers,” – and, yes, that is the actual wording.

Ransomware groups split on ethics of healthcare attacks

When it comes to ransomware groups, many have no problem selling ransomware attacks as a service – either selling certain virulent strains to the highest bidder or engaging in a full scope attack at the behest of another illicit purchaser.  

But is it right?

That question has caused a schism in the virtual viral attack community.

Some groups behind ransomware attacks have stated they will not target hospitals, while others have brazenly flouted such ideologies.

These operations have engaged in “general” ransomware attacks and “targeted” attacks against the healthcare sector.

In a general ransomware attack, the groups will “grab a list of emails and try to get people to install the malware,” and then ask the individuals for a small amount of Bitcoin – maybe $50.

In a targeted ransomware attack, a group will engage in a “well thought out attack of all the individuals” at a given institution and, if successful in locking down its systems, will then “ask for a really high ransom,” Grauer said.

But in a new twist on the ransomware attack trend, many groups are now pairing that barrage and lockdown with an attempt to steal as much information as possible.

That way, as added leverage, attackers can say that not only have they locked down a company’s databases of customers, but they will publish lists of sensitive personally identifiable information if the company doesn’t pay millions of dollars, Grauer said.

With scammers getting creative with COVID-19 tricks, better think before you link

Ransomware groups are also trying to weave in emails that are relevant to the pandemic, such as those working from home.

Through a mix of phishing and social engineering, these groups are finding out a person’s email and then sending them a message attempting to make it look like it’s from their company, asking them to reset a password.

In another scam, these groups send emails telling someone they “have a UPS delivery, but because of the coronavirus, we can’t bring you the package,” Grauer said, adding that the email will tell the person to give their personal information so they can “tell you where the package is.”

Some ransomware emails are also masquerading as a fake charity and if a company doesn’t feel like being giving, these groups can also turn to fear.

In some cases, these groups will try different versions of extortion, warning a company that if they don’t pay a certain amount, they will infect the company with a virus that will lock its systems.

A more recent wrinkle: these groups will attempt to scare a person or top executive with sextortion, telling the person they have hacked inappropriate photos from a person’s phone or cloud account.

But the addresses these ransomware groups tell others to pay can also be their downfall. 

That’s because blockchain analytics firms can then review if these addresses are tied to higher risk exchanges with few anti-money laundering know-your-customer (KYC) checks or if they have been tied to other scams and Ponzi schemes.

One key red flag: the address routinely accepts round amounts – indicative of a Ponzi scheme or ransomware payment – that are below “KYC thresholds. That is suspicious,” Grauer said. 

ACFCS Announces Quarterly Focus on FinCrime Resiliency – Building Strong Programs During Disruption


The global pandemic caused by
the novel coronavirus has led to historic disruption in business, finance, and
daily life. Yet financial crime has hardly slowed down, and the confusion
engendered by COVID-19 has been ripe breeding ground for fraudsters,
cyberattacks and scammers.

In this tumult, the work of those
in financial crime prevention is more important than ever before, even as
adapting to this new reality poses unforeseen obstacles. From the strain of
entire compliance teams working from home, to the stress of keeping up with new
threats, there’s a tremendous amount of change to take on and take in.

Being adaptable and tough –
Being resilient, in other words – Is not easy, but it is what’s required of
fincrime professionals in the current moment.

why ACFCS has made its Quarterly Focus for Q2 on FinCrime Resiliency. In
collaboration with its members, partners and the community as a whole, ACFCS
will provide a series of trainings, tools and initiatives to help build
resilient programs for compliance, investigations and enforcement.

means helping you adapt to new criminal trends and typologies in a rapidly
changing world, boosting your online training at a time when face-to-face is
impossible, and giving you tips and techniques to soldier on when staff and
resources are constrained.

A few
highlights of the Quarterly Focus are:

  • Increased
    Online Learning with a Focus on COVID-19 –
    ACFCS will bring you a packed webinar calendar in the coming weeks,
    with events honing in on the compliance and investigative impacts of the
    coronavirus. Beyond webinars, we’re expanding our online content to include
    video chats with experts, virtual networking events, and much more. View
    the calendar here
  • Online
    Exam Access for the CFCS Credential and Changes to Certification Policies
    – Starting on or before April 17,
    ACFCS will make the CFCS exam available online for candidates. We’re also
    changing recertification and exam scheduling deadlines to relieve pressure on anyone
    affected by the coronavirus. Learn more about what’s changing here.
  • CFCS Scholarships to Foster
    Resilient Programs –
    This quarter, ACFCS is offering 20 CFCS scholarships,
    its highest number ever, to individuals who are helping their organizations
    adapt and stay strong in the fight against financial crime. Learn more about
    the program below and apply today.
  • Community-Curated Tips and Comprehensive News
    Coverage –
    We’ve launched a new FinCrime Resiliency Tips series to gather and
    share guidance with members – learn more and submit your tips today! You’ll also see intensive
    coverage and guidance on coronavirus-related issues on our news page.  

more about upcoming initiatives and ways that you can get involved below:


  • Submit a tip
    for our
    FinCrime Resiliency Tips series here. This week, we’re asking you to
    submit tips on new red flags in the pandemic era.
  • Host a
    webinar or video chat
    compliance and coronavirus – We’re seeking subject matter advisors to share
    their expertise. Contact Brian Kindle, VP of Program Development, at
  • Suggest
    whitepapers, links, regulatory guidance

    and more to add to the Resource Center
  • Be profiled
    in a member spotlight!

    Over the next months, ACFCS will be profiling individuals involved in efforts
    to build resilient fincrime programs in its member spotlights. Interested
    in being featured? Contact Brian Monroe at to learn more.
  • Contribute
    an article
    related to coronavirus
    and fincrime to the Financial Crime Journal, an online magazine with
    thousands of readers – Contact Brian Monroe, Director of Content, at for more details.


the face of turmoil, fincrime professionals around the world have stepped
forward to help their programs navigate uncertainty and adapt to a strange new
world. ACFCS wants to recognize and reward the efforts of these individuals
through its “Agents of Resiliency” scholarship program.

is offering twenty (20) complimentary CFCS certification packages to
individuals in financial crime prevention roles who have helped build resilient
programs in compliance, investigations and enforcement. The package includes
registration for the CFCS exam, all prep materials, and one year of ACFCS
membership, all free of charge.

examples of building resiliency could include, but aren’t limited to:

  • Adapting
    your program’s red flags and monitoring rules to capture new behavior and
    criminal trends during the pandemic
  • Investigating
    and detecting fraud tied to COVID-19 scams, either in the private sector or law
  • Building
    out your organization’s cybersecurity capacity to be ready for the shift to
  • Helping
    your staff stay trained and up-to-date on the latest in fincrime compliance even
    when the normal working conditions are upended

is welcome to apply, but please be prepared to submit a short statement explaining
how you have helped your organization adapt and stay strong against financial
crime amid the changes brought by the pandemic. Preference will be given to
those in the public sector (government and law enforcement) and those new to
their career, under three years’ experience.

application period is currently open and will end on Friday, April 24th.
Recipients will be notified on or before Friday, May 1st and
announced publicly the following week. Click here for more details and to apply


new resource center on the impact of COVID-19 on financial crime prevention
will feature everything from regulatory guidance to whitepapers on new criminal
typologies, applicable to those at all knowledge levels. We are
inviting contributions and suggestions from our member community to
build the most comprehensive database possible. The Resource center will launch
later this month.

new Resource Page will serve as a knowledge center specifically focused on
the intersection of financial crime and the global pandemic. With your help, it
will be updated and expanded over time.

comments or suggestions? Please contact Brian Svoboda-Kindle, VP of Program
Development, at or 786-517-2720

In latest update of interagency AML exam manual, is the U.S. shifting from ‘effectiveness’ to ‘adequate’ compliance programs?

The Skinny:

  • In the latest edition of the interagency fincrime compliance exam manual, some AML professionals see a pullback from gathering global momentum to build “effective” programs to simply “adequate” aims.  
  • What the FFIEC AML exam manual says, even down to what words are used, has great import as it is the definitive industry bible for which compliance programs are judged, what formal actions are taken and even the potential for large penalties if failures are found to be “egregious.”
  • The 2020 update does not cover all of the more than 440 pages of the 2014 exam manual, but adds 43 in-depth, nuanced pages covering some of the “core” and “pillar” exam areas, including the risk assessment, overall AML program, forming conclusions and finalizing the exam.
  • The updated manual, while an overall mixed bag, does, however, have one line, a buried Easter egg, that could have teams jumping for joy: “Minor weaknesses, deficiencies, and technical violations alone are not indicative of an inadequate BSA/AML compliance program.” And the people rejoiced.

By Brian Monroe
April 16, 2020

In the latest edition of the interagency fincrime compliance exam manual, what many consider the industry bible for which programs are judged, some see a pullback from gathering global momentum to build “effective” programs to simply “adequate” aims.  

That is just one of the overarching takeaways from the latest update to the Federal Financial Institution Examination Council (FFIEC) Bank Secrecy Act /Anti-Money Laundering (BSA/AML) Examination Manual, a widely scrutinized and relied upon seminal industry tome that dropped Wednesday.  

The changes the examiner manual makes will be key regulatory focal points. To read the 2014 AML exam manual, click here.

Overall, the exam manual is a mixed bag for professionals, as it sharpens and clarifies some expectations related to risk ranking customers, transaction monitoring and testing and gauging overall program effectiveness, but still leaves some foundational AML prongs, including some much-needed metrics around the independent review, also called audit, unnecessarily vague.

The manual also makes much more liberal use of the word “adequate” in terms of exam expectations for the five program prongs, rather than using the term “effective” as in past iterations.

So that begs the question: with the Paris-based Financial Action Task Force (FATF), the Wolfsberg Group and other top watchdog, regulatory and policy-making bodies pushing toward an “effectiveness” standard for AML compliance, is the U.S. sliding back to just “adequate” in its latest, updated exam manual?

Some say the answer is yes.

“I think that they are working their way towards lowering expectations, unfortunately,” said Sarah Beth Felix, founder and president of Palmera Consulting.

“As you can see FinCEN was not involved in the update,” she said. “They are literally going the opposite direction of where the rest of the world is going. Wolfsberg, FATF, etc., all have started focusing on effectiveness and we are now lowering standards for examiners and for the examiners to be okay with lower bank standards.” 

"I think [regulators] are working their way towards lowering expectations, unfortunately," in latest AML exam manual.
- Sarah Beth Felix, founder, Palmera Consulting

With shift in standards, industry is left guessing

The FFIEC didn’t update the full more than 440-page manual of “core” and “expanded” procedures, but instead changed key “pillar” portions over 43 pages, covering “Scoping and Planning”; “BSA/AML Risk Assessment”; “Assessing the BSA/AML Compliance Program”; and “Developing Conclusions and Finalizing the Exam.”

The 2020 AML manual is also informed by the December 2018 interagency “Joint Statement on Innovative Efforts” to fight financial crime, noting that innovative efforts should be given tacit credit, along with updated risk-based approach statements in July 2019, an effort to increase transparency in what has long been very a subjective examination area – how risky is that risk.   

Some of the changes, according to analysis by some of the top minds in the space, including Jim Richards, Sarah Beth Felix, and Dev Odedra, include:

  • Effectiveness vs. adequacy standard: Whereas the 2014 manual calls for AML officers to create an “effective” and “sound” program, in many instances where the word “effective” was used, the 2020 manual has changed the word to “adequate.”
  • Reading between the lines: The 2020 manual switches terminology that some considered confusing, asking AML officers to look for “money laundering and terrorist financing (ML/TF) risks, rather than look for, in the old manual, “BSA/AML risks.”
  • Quality vs. quantify: The 2020 manual, in a clear nod to stakeholder frustration, added the word “quantify” to the risk assessment process, opening the door for finer slices of risk, particularly for areas considered to be at a higher risk for money laundering, such as foreign wires and correspondent accounts.
  • Figurehead appointment: The 2020 FFIEC exam manual gives more ink to the compliance officer prong of the AML program, giving more precise indicators of what an examiner should review when evaluating authority, resources and knowledge – making it clear to the board that simply appointing a compliance officer, and not supporting them, will not stand.
  • Negotiating leverage: The 2020 manual also seems to deal with one of the biggest criticisms of exams in recent decades – death by a thousand cuts. In short, that dynamic is where examiners will rake a bank over the coals for ticky-tack program stumbles, missing the good it actually did to fight crime. An “adequate” standard could also give AML officers more leverage at the negotiating table when examiners find fault.
  • And the people rejoice: The line that will likely cause AML officers to jump for joy, and open the door for fincrime teams to make changes to embrace innovation: “Minor weaknesses, deficiencies, and technical violations alone are not indicative of an inadequate BSA/AML compliance program and should not be communicated as such,” according to the updated manual.

As watchdogs shift to effectiveness standard, will U.S. lag behind?

The exam manual – first published in 2005 and which has been revised and re-published four times since, with the last full edition published in November 2014 – drops at a challenging time for financial crime professionals, juggling compliance duties while fighting a global COVID-19 pandemic.

The update, however, does not offer any new guidance on what examiners will expect, or what banks should do, to better balance compliance teams that have been scattered while working from home or even trimmed as some institutions engage in broad layoffs as a result of a falling economy.

The FFIEC only touches on the pandemic tangentially, with more of the statement attempting to assuage past criticisms that the manual, and really any AML guidance, is simply new laws and requirements dropped on industry without going through Congressional review and rulemaking processes.

“The agencies are aware of the uncertainty faced by financial institutions during this unprecedented time,” the FFIEC wrote in a statement. “The manual update, which supports tailored examination work, has been in process for an extended period and should not be interpreted as new instructions or as a new or increased focus.”

While it will likely be easier for a struggling bank to craft an “adequate” AML program during the coronavirus crisis, that standard stands at odds with global momentum to focus more on “effectiveness” than technical compliance.

What will ‘adequate’ AML exams, programs, look like?

Starting in 2005 with the first FFIEC BSA/AML Examination Manual, and continuing to the last full publication in 2014, the purpose of a BSA/AML regulatory exam was to “determine whether banks had an effective BSA/AML compliance program,” said Richards, the former head of AML at Wells Fargo, in analysis on the changes.

As well, the directors of those banks, who were ultimately responsible for their bank’s BSA/AML compliance, were to ensure the BSA Compliance Officer had “sufficient authority and resources to administer an effective program.”

But that could be changing.

In the four “pillar” sections that were updated in 2020, the words “effective” or “effectiveness” appear four times in forty-three pages, he said. “Those words appeared seventeen times in the old 2014 version.”

The 2020 update “appears to have lowered those bars: going forward, the purpose of a BSA/AML regulatory exam is to determine whether banks have an adequate BSA/AML compliance program,” Richards said.

In tandem, now the directors of those banks, who remain ultimately responsible for their bank’s BSA/AML compliance, are “now to ensure the BSA Compliance Officer has appropriate authority and resources to administer an adequate program.”

Will these changes lead to weaker AML programs, lighter exams and potentially more dirty money getting into the U.S. and international financial system?

Only time will tell.

“It will be interesting to see what, if any, differences this new adequate standard will bring as regulatory examiners across America will be walking into banks and credit unions and announcing, ‘hello, we’re here to determine whether you have an adequate program,’” Richards said.

“That is a very different greeting, and a very different exam, and possibly a very different result, than if that examiner walked in and announced, ‘hello, we’re here to determine whether you have an effective BSA/AML compliance program.’”

Comptroller of the Currency, Joseph Otting, has stated where he falls on the issue – which some could argue diverges from the manual he is talking about.

“The FFIEC agencies published updates to the BSA/AML Examination Manual that represent a significant step forward in our efforts to improve how we ensure banks have effective programs to safeguard the banking system against financial crime, particularly money laundering and terrorist financing,” with the emphasis added being my own. 

"In the four 'pillar' sections updated in 2020, the words 'effective' or 'effectiveness' appear four times in 43 pages. Those words appeared 17 times in the old 2014 version," of the AML exam manual.
Jim Richards, former head of AML, Wells Fargo

Even while experts debate the ramifications of the updated verbiage, fincrime compliance teams can’t lose focus – or they could pay for it. 

“The change in terminology by the FFIEC, from ‘effective’ to ‘adequate’ should not be taken by AML professionals and their financial institutions to mean they can relax their guard,” said Gary Ferrari, a Financial Crime/AML and Compliance Risk Management Leader and Advisor in Banking and Financial Services for more than three decades.

“This change assuredly is an accommodation more to the examiners than to the examined,” he said. “Do not be lulled into the notion that you can relax your guard and meet a standard of ‘adequacy’. Effectiveness in financial crime risk management remains the gold standard for knowledgeable and committed AML professionals.”