Think like a criminal, act like an investigator: Key takeaways on how to fight illicit finance from a chat with ACFCS Dutch chapter members Ruth Post and Owen Strijland

The Skinny:

  • In some cases, to fight crime and create stout compliance defenses, you need to think like a criminal to identify and report on their illicit schemes.
  • But the dedicated financial crime compliance team can’t do it alone. Financial institutions need to turn classic anti-money laundering (AML) foils into allies by extending broad spectrum training to the business line, frontline and even tellers.
  • Even so, no one has solved financial crime. Even the most tech-savvy and experienced AML, counter-fraud and corruption teams can have failings. However, in every stumble and misstep is a chance to learn and grow – if individuals and institutions have the courage to share what has and hasn’t worked, even before regulators come knocking.
  • Those are just some of the key takeaways from a rousing chat between ACFCS Dutch chapter members Ruth Post and Owen Strijland, covering the topics of financial crime and compliance, criminal vulnerabilities, regulatory focal points and program gaps.
  • The ACFCS Dutch Chapter also looked at some of the EU AML scandals and issues in and out of banks that can make compliance difficult on the “Fintech and FinCrime in Europe” session, a panel from ACFCS Fincrime Virtual Week, the association’s first-ever fully online fincrime compliance conference that took place last month.

By Brian Monroe
bmonroe@acfcs.org
September 10, 2020

The debate about how to best counter the burgeoning illicit finances of criminals – organized criminal groups, corrupt oligarchs, human traffickers and their money laundering machines – has only intensified in recent years as more jurisdictions wrestle with the challenges of creating, implementing and enforcing compliance defenses.

One of the biggest hurdles in the anti-money laundering (AML) programs created by financial institutions in actually identifying and reporting on large-scale fraud and financial crime networks is the interlinked irony of having to please regulators.

The tension: not missing anything that examiners could deem “suspicious,” while doing a thorough enough investigation to create rich, relevant and timely intelligence for law enforcement.

So what are some tactics to balance regulatory expectations and law enforcement needs?

Try to better learn how criminals “misuse systems, technology, or people,” and adapt and adjust AML programs to better harness resources toward actual rising illicit risks and trends by threat actors.

At the same time, don’t save all the expansive – and yes, sometimes expensive – compliance training for your AML, fraud and anti-bribery and anti-corruption teams. 

Push the front line of the fight more forcefully to your frontline, empowering business line managers and even tellers with knowledge to think for themselves. 

The goal: turning fincrime foils and historical weak points at the most distant nerve endings of an organization into centers of compliance excellence.  

Those are just some of the takeaways from a chat about fincrime vulnerabilities and regulatory focal points between Ruth Post, Director of Privacy and Compliance at LeasePlan, and Owen Strijland, Fintech Director at Protiviti.

They are also chairs of the Amsterdam Chapter of the Association of Certified Financial Crime Specialists (ACFCS).

Owen and Ruth met for an open interview, where they asked each other about financial economic crime.

Together they explored topics such as intrinsic motivation, the importance of a strong first line at financial institutions and the value of knowledge sharing and transparency.

They also talked about the importance of financial crime compliance professionals learning from their mistakes – even though many individuals and institutions are reticent to admit to internal friction or regulatory stumbles that have not been made public.

But it’s exactly that kind of honesty, openness and, yes, courage, that is needed for the community to learn and bring all institutions up to the same level of expertise, a move that holds the potential to both allay examiner concerns and live up to law enforcement ideals. 

Here is an edited version of that conversation: 

To better fight criminals, learn to think like one

Ruth: Let me kick off with a question about intrinsic motivation. What is your drive to fight financial economic crime?

Owen: What has always fascinated me about financial crime is that in hindsight it always seems like it could have been prevented.

The better we learn how criminals misuse systems, technology, or people, the better we can prevent it. I almost have a childlike curiosity on how financial crimes can take place and on how they can be prevented.

Ruth: And besides your curiosity, do you also do your work out of a sense of justice?

Owen: I do not tolerate injustice. Particularly when it comes to crime involving the abuse of vulnerable people. The impact for the victim can be huge.

Therefore, I find it very interesting to look at the money flows from the criminally obtained funds.

For example, WhatsApp fraud, theft or extortion, the money always flows back into economic system. There are countless parties who unconsciously facilitate this or look the other way.  

As a society, there still is much to gain on this matter. What about your drive?

Ruth: I am convinced that people do good by nature, but from a psychological perspective I am intrigued by the (external) circumstances that cause people to behave dishonestly.

The question [of] why people turn to criminal activities intrigues me. I also have a great sense of justice. As the CCO of LeasePlan, I can do something about financial crime, which motivates me to continue the fight against financial crime.  

Owen: How does the fight against crime manifest itself in your daily work?

Ruth: It is sometimes difficult to make that tangible. I work for a large institution and because of all the imposed laws and regulations of various supervisors and governmental bodies, it feels like you are a bit distant from the actual crime fight.

Across the board, there is too much focus on tick-in-the-box exercises and too little on the actual underlying problem.

To outwit and outfox a criminal, think outside the (tick) box

Owen: What would have to change to reduce that bureaucratic burden?

Ruth: It is of course important that there are laws and regulations to enforce the financial world in the fight against financial crime. These regulations enforce that companies have robust programs in place to combat financial crime.

However, I think we can overcome a lot of challenges if we adopt a more multidisciplinary approach.

I am not only referring to better cooperation between the financial institutions, the FIU, the police, the Public Prosecution Service and the tax authorities, but also to the cooperation within financial institutions between the first and second line and the interaction with customers and suppliers.

We must work together to ensure that people working in sales, procurement or other people involved in the chain (e.g. car dealers and garages in our case) are aware of potential financial crimes, understand the context and appropriately act upon it.

Creating awareness and training is key.

Moving the front line of the fight to the frontline

Owen: What does it take to get the first line of defence within financial institutions to the desired level?

Ruth: I immediately think of a picture I once saw in college as a law student. The picture was an optical illusion as you could either see a young or an elder woman in the picture, but never both at the same time.  

It is a matter of perspective which image you take in. It is evident that sometimes people need help to see the full picture – to show them that something else can also be seen if you just focus on it.

This also applies to financial crime. If you do not know what you are looking for or if you are not primarily focused on detecting crime, you will not see it quickly.

That is why it is important that we help the first-line of our organizations to recognize crime as well.

Owen: We also should not forget that the role of the first line has been changed over the last couple of decades.

For example, if you wanted to process a payment of 20,000 guilders, you performed that transaction physically at your local bank office. The bank teller would probably know you and your transaction behaviour, which also made unusual behaviour more noticeable.

Today, first-line contact has often been replaced by apps or systems, leading to the loss of social control.

The financial institutions that I visit now have an army of people in the second line who perform retrospective checks on newly acquired customers or payments.

What would happen if you put these people back to the front line for extra customer contact moments? Could humans support the front-line controls by creating a more pro-active approach in recognizing financial crimes?

The power of AI: Reaction, monitoring, prevention

Ruth: Are there any technological developments that can replace the human aspect in the first line of defence control activities?

Owen: There have been many developments in recent years to facilitate fast payments, such as instant payments technology.

However, I still see few algorithms emerging (in the first line of defence) that offer preventive protection. Of course, we will soon be able to do all kinds of things with machine learning and Artificial Intelligence, but that is not the case, or at least not yet.

Of course, there have been many developments in the monitoring models in the second line, but this is on a detective basis. I would like financial institutions to focus more on smart crime prevention, rather than smart monitoring.

Ruth: I also strongly believe in the value of prevention. Whether it concerns vulnerable young people who are recruited as money mules, or elderly people who are victims of WhatsApp fraud, the government and financial service providers have to play a more important role in creating social awareness to prevent crime.

Owen: I also believe that there should be an increased duty of care for financial services to protect vulnerable groups from criminal behaviour.

For example, this duty of care already exists when taking out mortgages. Why not also a mandatory duty of care or communication when taking out a bank account or other financial product?

Is the key to compliance to examine for kindness in a ‘duty of care?’

Ruth: Installing duty of care would imply more strict regulation from the regulator. What are other possible measures the regulator could adopt to facilitate better crime prevention?

Owen: What I often miss is the openness about financial crime. I find that often only the outcomes of the studies are shared, while the underlying root causes underlying remains under-reported.

I believe that the supervisor should be able to demand full disclosure in such cases.

For example, legislation on data breaches is much clearer. In the event of a data breach, you must legally provide full disclosure: what data has been leaked? Who owns this data? What is the cause of the data breach?

I would like to demand the same for financial crime. They should provide information about the parties involved, how the fraud took place and whether the victims have been compensated. Only then can we learn from each other.

Ruth: I also see that there is insufficient attention for the root-cause analysis. The underlying reasons that cause things to go wrong are often not very tangible.  

For example, a lack of trust in an office environment is one of the most recurring root causes. Certain forms of crime can easily be repeated if the internal root cause is not identified and resolved.

Owen: Another example which I have encountered was a financial institution where management facilitated insider trading by temporarily shutting down controls. This headline was in all the papers, of course, but I have not heard from anyone about the underlying cause of this problem. How could this have been prevented?

Ruth: It is not always possible to share everything “out in the open” in due to legal liabilities, but I agree that we should be more open about our failures.

It is therefore one of the important pillars of ACFCS to create an open environment in which we can share best and bad practices.

Is sharing caring when the fincrime tale is a program fail?

How do you think we can motivate the “financial crime community” to share their failures?

Owen: ACFCS is a platform where openness and knowledge sharing are at the top of the agenda.

In addition, we have also said that members can only register with ACFCS if they share something themselves. Although this sounds a bit harsh, it does reflect our vision about transparency and knowledge sharing.

Ruth: Speaking of sharing: I started an internal column within LeasePlan where I share real life crime cases.

For example, the newspaper recently reported that several young criminals had been caught in connection with renting cars to criminals. As a Lease company, I connected this news item to our daily reality.

I notice that these concrete cases resonate much better in the first line. It is my job to give them examples and tools to recognize and prevent financial crime.

Owen: I am also pleased to see that we have already found people from the industry willing to share their “mess-ups.”

I also think that we can measure the success of ACFCS by the amount of information we can disseminate about events that went wrong in the past and what we can learn from them.

Ruth: I also believe that it is interesting to look at the changing social norms surrounding financial crime from the ACFCS perspective.

For example, not too long-ago, bribes were business as usual in the construction world. The same goes for investments in the tobacco industry, or the changing social perception of cash money.

At some point we decide that we no longer find something acceptable. From the ACFCS community, we can study and discuss these standard changes together.

Owen: This is certainly important as legislation is always a few years behind reality. With certain things that we regard as very normal today, you may be on the front page of the newspaper in 10 years.

Fincrime trends: Payment diversity can equate to compliance complexity

Ruth: Sometimes we are indeed overtaken by reality. On another note, do you see any trends which complicate the fight against financial crime?

Owen: Absolutely, there is increasing diversification in payment methods.

For example, web shops using various payment service providers. The [Payment Services Directive] PSD2 regulations make the playing field even more complex because external parties will soon be allowed to initiate payments based on consent.

A prime example of the risk of diversification in payment methods is the recent hack on SWIFT, where a router could be hacked in an African country because it was poorly secured.

Because SWIFT payments were processed via this router, the hackers could easily obtain and adjust this payment information. Because more links are involved when executing payments, the vulnerability of a weak link is increased.

Ruth: Interesting. From a psychological perspective, the fight against financial crime is also complicated by personal biases. We regularly perform bribery and fraud risk assessments.

What always strikes me is that people tend to systematically estimate the risk of internal bribery and fraud much lower than the chance of external fraud and bribery. People view crime as something that comes in from the outside but are often blind to what is happening around them.

Owen: Nice to see how we approach certain themes in a completely different way.

As far as I am concerned, this is the added value of ACFCS: bringing different organizations and functions together. You will never succeed in completely preventing financial crime, but I do believe that you can achieve a better approach if you bring together as many insights as possible.

Ruth: I am really looking forward to it – the more insights and knowledge sharing, the better!

Ruth and Owen always enjoy talking about financial crime. 

The Dutch chapter also looked at some of the EU AML scandals and issues in and out of banks that can make compliance difficult on the “Fintech and FinCrime in Europe” session, a panel from ACFCS Fincrime Virtual Week, the association’s first-ever fully online fincrime compliance conference that took place last month.   

More than 5,600 attendees, speakers and thought leaders registered for the week-long event, which addressed the overarching themes of Disruption, Innovation and Resiliency.

In the panel focused on compliance and regulatory trends in the EU, speakers highlighted several key trends, including:

  • Regulators and prosecutors in Europe are trying to more aggressively tie egregious fraud and financial crime compliance failures to senior management and directors outside of compliance, including business line revenue agents, just as new financial crime compliance rules take hold.
  • In response, some banking groups have started to collapse silos in and outside the bank.
  • Compliance teams are banding together across institutions to share information on customers – including potentially risky and fraudulent individuals and entities – and interweave AML, fraud and cyber teams to better tackle crimes in a holistic, convergent manner.

To read the full story, click here.

Would you also like to share knowledge and experience and learn from other parties involved in financial crime?

You are welcome to register at www.acfcs.nl

Ruth Post is Director Privacy & Compliance, LeasePlan Corporation. LeasePlan is a leader in two large and growing markets: Car-as-a-Service for new cars, through its LeasePlan business, and the high-quality three-to-four-year-old used car market, through its CarNext.com business.

 LeasePlan has more than 1.9 million vehicles under management in over 30 countries and holds a banking licence. With over 50 years’ experience, LeasePlan’s mission is to provide what is next in sustainable mobility so our customers can focus on what is next for them.

For ten years Ruth worked at the Dutch Central Bank in different roles related to compliance, integrity & supervision, after which she was responsible for Compliance both at ABP and APG.  

Ruth holds a law degree and studied public administration.

Owen Strijland started his career in 1999 as a general ICT consultant in the Healthcare and Finance domain, through his roles as a Change Advisor to the Executive Board for a large insurance/ banking company.

 

In his role as manager Risk Management he came in contact with a variety of Compliance and Risk topics where Information Management, digitization and the Delivery of tangible results were always key.

 

For a global consultancy company, he has built a team of 40 risk professionals.

 

His experience and motivation to analyse opportunities, start up, create, and sell solutions, positively influences the group process to perform and get the best out of people.

 

Today Owen is responsible for the Fintech industry solutions for Protiviti Benelux and is manager of the Digital Delivery Hub.

 

His focus is on Technology, GRC, ERM and Operational Risk with a strong focus on Financial Crime management, his general business development responsibility is to make available all Protiviti services to the Fintech and Financial Services / Digital innovative organizations.  

 

Owen has a seat in the Dutch Management Team of Protiviti, and the Global Digital team.