Your weekly news and commentary round-up about financial crime
• The robots are coming, the robots are coming! Everywhere you look you see whitepapers and discussion bout robotics and its use in AML and compliance generally. And rightfully so, this is definitely going to be a boon to the industry in allowing for more efficiency, consistency, and effectiveness. The problem with all the content and hype is that Robotics has been blown out of proportion. Compliance requirements are only increasing, creating more work for AML compliance departments. At the same time, banks are becoming leaner and less likely to throw more headcount to solve issues. Instead, AML Compliance Departments need to start finding ways to make their employees more efficient and effective, essentially taking on more work with the same amount of people. This is where robotics can help. Robotics is a general term that can refer to a few different uses of digital robots to automate work. Most people refer to Robotic Process Automation (RPA). This is using robotics to automate an entire process, from start to finish. The other type of Robotics, which is discussed less often, is Robotic Desktop Automation (RDA). This involves automating parts of an overall process, to allow for the human to focus on the more complex and value add tasks. RPA sounds like the way to go – it’s like adding more headcount but in robot form. In truth, this is extremely hard to do. There are few processes, especially in the AML world that will not require some level of human review and decisioning – think transaction monitoring and sanctions screening investigations or even due diligence reviews. RDA helps make this work faster. The robots can take on the manual and repetitive tasks like logging into multiple mainframe systems, collect information from the same internal systems repeatedly, running the same searches on external websites or data providers over and over again. While you aren’t adding “headcount,” you are enhancing your analysts and allowing them to focus on synthesizing information and making decisions – making them more efficient.
(Source: Finextra, May 16, 2017)
• Two top security firms have found evidence linking the WannaCry ransomware to the prolific North Korean cyber gang known as Lazarus Group. Both security firms said that technical details witan early version of the WannaCry code are similar to code used in a 2015 backdoor created by the government-linked North Korean hackers, who were implicated in the 2014 attack on Sony Pictures and an $81 million heist on a Bangladeshi bank in 2016. Lazarus Group has also been known to use and target Bitcoin in its hacking operations. Shared code doesn’t always mean the same hacking group is responsible – an entirely different group may May 19, 2017 Protiviti.com/AML have simply re-used Lazarus group’s backdoor code from 2015 as a “false flag” to confuse anyone trying to identify the perpetrator. However the re-used code appears to have been removed from later versions of WannaCry, which gives less weight to the false flag theory. Kaspersky is among the research teams to have been studying the Lazarus Group for years, and in April it published a detailed “under the hood” report exposing the group’s modus operandi. “This level of sophistication is something that is not generally found in the cybercriminal world. It’s something that requires strict organization and control at all stages of operation. That’s why we think that Lazarus is not just another advanced persistent threat actor,” said Kaspersky, which also found attacks originating from IP addresses in North Korea.
(Source: The Guardian, May 15, 2017)
• Financial leaders of seven leading world economies pledged stronger cooperation against cybercrime over the weekend and not to use foreign exchange to gain competitive advantage, but stuck to their caution wording on trade, their final communique showed. Finance ministers and central bank governors from the United States, Canada, Japan, France, Germany, Italy, and Britain met in the Italian city of Bari to discuss the world economy, combatting terrorist funding, cyber security and taxes. The final communique of the meeting said the seven countries would use all policy tools – fiscal, structural and monetary – to boost economic growth. It also said the G7 financial leaders would strengthen cooperation to counter cyber threats such as a global online attack which infected tens of thousands of computers in nearly 100 countries last week. The G7 financial leaders said: “we recognize that cyber incidents represent a growing threat for our economies and that appropriate economy-wide policy responses are needed.” They called for common shared practices to spot quickly any vulnerabilities in the world’s financial system and stressed the importance of effective measures to assess cyber security among individual financial firms and at sector level.
(Source: Reuters, May 13, 2017)
• The U.S. administration has called for tougher sanctions against North Korea after it test-fired a ballistic missile over the weekend. The missile was fired from the region of Kusong, northwest of Pyongyang, where North Korea, in February, successfully test launched an intermediate-range missile. Multiple sets of UN and U.S. sanctions against North Korea have done little to deter it from pursuing its nuclear and missile ambitions. “Let this latest provocation serve as a call for all nations to implement far stronger sanctions against North Korea,” the White House said in a brief statement. France also condemned Pyongyang’s latest missile test in the first statement issued by the Foreign Ministry in Paris since Emmanuel Macron was sworn in as president. “France calls on North Korea to conform immediately with its international obligations and proceed to the dismantlement of its nuclear and ballistic program in a complete, verifiable, and irreversible way,” Foreign Ministry spokesman Romain Nadal said in a statement. China which has been under growing US pressure to help rein in the nuclear-armed North, called for restraint. “All relevant parties
should exercise restraint and refrain from further aggravating tensions in the region,” the foreign ministry said. New
South Korean President Moon Jae-In, who was inaugurated last week, has also been conciliatory. But he slammed the isle test as a “reckless provocation” after holding an emergency meeting with national security advisers.
(Source: Al Jazeera, May 14, 2017)
• The United States this week said it could persuade China to impose new U.N. sanctions on North Korea following its latest ballistic missile test and warned that Washington would also target and “call out” countries supporting Pyongyang. Speaking to reporters ahead of a closed-door U.N. Security Council meeting on the missile launch, U.S. Ambassador to the United Nations Nikki Haley also made clear that Washington would only talk to North Korea once it halted its nuclear program. “We are willing to talk, but not until we see a total stop of the nuclear process and of any tests there,” Haley said. “If you are a country that is supplying or supporting North Korea we will all you out on it, we will make sure that everyone knows who you are and we will target sanctions toward you as well.” The United States has been discussing possible new U.N. sanctions with Pyongyang’s ally and neighbour China since a failed missile test about two weeks ago. Traditionally, the United States and China have negotiated new sanctions before involving remaining members. U.N. diplomats say the current talks are still just between the pair.
(Source: Business Insider, May 16, 2017)
• The State Department confirmed this week that the administration has continued the United States’ nuclear sanctions relief to Iran in compliance with the Joint Comprehensive Plan of Action (the JCPOA). To implement aspects of the sanctions relief provided to Iran under the JCPOA, the Secretary of State must periodically issue waivers of certain statutory sanctions. One such waiver under the 2012 National Defense Authorization Act expires every 120 days and was last issued by the former administration in January. By that timeline, the new administration needed to extend the waiver, which required a determination that it was “in the national security interest of the United States,” this week in order to remain in compliance with the JCPOA. The internal review of the JCPOA is expected to be completed this summer. The State department also announced two other reports this week. First, the State Department released its semi-annual report to Congress detailing sanctions imposed on persons involved in human rights abuses in Iran, and, second, the Treasury Department’s Office of Foreign Assets Control designated three individuals and four entities connected to Iran’s ballistic missile program as targets for sanctions. These actions are consistent with the Trump administration’s approach to the JCPOA thus far, in which continued compliance with U.S. obligations under the agreement has been paired with critical rhetoric towards Iran and sanctions targeting other Iranian activities. This approach is likely to continue at least until the administration competes its review of the JCPOA.
(Source: Financial Regulatory Reform, May 18, 2017)
• Foreign companies have put on hold many mining agreements with Iran because of uncertainty over future sanctions, according to the deputy minister of Iran’s Ministry of Industries, Mines and Trade. Smaller projects of less than $100 million each are going ahead, Mehdi Karbasian said Monday in an interview in Tehran. Iran is seeking $50 billion in foreign investment in the mining industry by 2022, he said. “Fearing they might get placed on a blacklist in the wake of the return of sanctions, the companies with whom we have made these deals have suspended almost all the agreements and maintained a wait-and-see attitude pending the fate of new sanctions,” he said. The new administration has imposed new curbs on Iran’ economy after the country conducted missile tests earlier in the year, and U.S. senators have introduced a bill to further tighten restrictions. Iran has more than 5,000 active mines, mostly privately owned, according to a 2013 report by the U.S. Geological Survey. Mining and manufacturing, led by steel and cement, account for 13 percent of gross domestic product, against 16 percent for crude oil and natural gas, the USGS said in the report.
(Source: Bloomberg, May 15, 2017)
• In a press release touting recent law enforcement success stories based upon Bank Secrecy Act reporting by financial institutions, the Treasury Department’s Financial Crimes Enforcement network revealed publicly for the first time that its recent Geographic Targeting Orders (GTOs) are generating meaningful leads that are leading to the investigation and prosecution of individuals for money laundering violations. GTOs are a little-known but powerful, anti-money laundering tool authorized by federal law which impose enhanced anti-money laundering reporting obligations on financial institutions that are short-term and limited to geographic regions of the United States that are perceived to be particularly vulnerable to money laundering. One such geographic area of concern is the U.S. Mexico border at two California ports of entry, which was the subject of a GTO intended to improve transparency of cross-border movements of cash. FinCEN’s announcement revealed that information generated by that GTO led Homeland Security Investigations agents to uncover a money laundering scheme that moved $45 million from the U.S. to Mexico during a 15-month period. The $45 million scheme appears in United States v. Angelica Padilla and Valente Marquez, No. 16-1075 (Southern District of California). In that case, the defendants, who are husband and wife, were charged with failing to maintain an effective money laundering program in connection with a series of money transmitting businesses that they owned and operated.
(Source: JD Supra, May 11, 2017)
• Canada’s money-laundering watchdog is studying the use of crowdfunding platforms by suspected terrorists and says in an internal study that the reporting protocol poses a “significant challenge” in trying to identify such transactions. The Fintrac report say there is a lack of information available in electronic fund transfer
reports on contributors to crowdfunding campaigns. Financial companies, money services businesses and casinos are legally required to submit the reports to Fintrac for cross-border, electronic transactions above $10,000. That lack of information poses a problem for financial intelligence, “especially when trying to flag individuals supporting a crowdfunding campaign that may be suspected of being (terrorist financing) related by an investigation authority,” Fintrac says in the November 2015 report. The federal agency said the reports typically don’t include information on contributors to crowdfunding campaigns because the amounts transferred tend to fall below the reporting threshold of $10,000. “Terrorism financing and high-risk traveller cases, in particular, most often entail relatively small amounts of money, spokeswoman Renee Bercler said in an email. Daryl Hatton, founder of ConnectionPoint, a company that runs three crowdfunding websites, said they don’t have to submit funds transfer reports because that is the duty of the payment processors. Hatton said he has removed a “very small number” of campaigns over terrorism financing concerns. The decision to remove the campaigns was made in collaboration with payment processors and was done more as a precaution, he said. The Financial Action Task Force (FATF), an international organization that aims to combat money laundering and terrorist financing, flagged crowdfunding as an emerging terrorism-finance risk in a
2015 report. Banks are only facilitators of the transactions and typically don’t have all the information about the fundraising effort. The actual information on who the investors are, the identities of the companies and the individuals – all that information is maintained by the crowd fundraising platform,” according to a financial crime expert.
(Source: Brandon Sun, May 18, 2017)
• FINRA chairman John J. Brennan said this week that even if the Labor Department’s fiduciary rule is repealed, it has elevated and put into plain language the idea of providing investment advice that’s better for clients’ return than for financial advisers’ revenue. “Whatever happens to DOL, it served its purpose by getting best-interest terminology into the industry,” Brennan said. “Firms should keep on that track it’s going to be the way business is done. The question is whether it is on June 10 or on June 10, 2022.” The DOL regulation, which would require financial advisers to act in the best interests of their clients in retirement accounts, was supposed to be implemented on April 10. That date was pushed back to June 9 so that the agency can reassess the measure under a directive from the new administration that could lead to its modification or repeal. If the DOL rule meets its demise the concept will live on at the Securities and Exchange Commission and at FINRA, the broker-dealer self-regulator, Mr. Brennan said. “My guess is that the SEC and FINRA are going to go down that path because it’s the right place to be,” Mr. Brennan said.
(Source: Investment News, May 16, 2017)
• As part of its initiative to reel in high-risk brokers and hold firms accountable who hire them, the FINRA board of governors approved new proposals this week that will improve protections. The regulator has recently been working to strengthen its controls on brokers who have histories of misconduct and establish
repercussions for the firms who hire them, often well aware of their previous wrongdoing. Although the proposals have been approved by the board, FINRA still needs to issue a regulatory notice detailing them and receive comments. That notice will be filed soon, according to a statement from the regulator. The proposed changes include requiring additional disclosures to FINRA’s BrokerCheck, a database of brokers that details their work histories, licenses and run0ins with the regulators. They would also expand the sanction guidelines and make penalties more severe for brokers with histories of misconduct. Another proposal approved by the board would heighten supervision of brokers appealing any disciplinary matters. Holding advisory firms more accountable for supervising high-risk brokers was also the focus of a proposal. Specifically the proposal suggests firms should increase their oversight of brokers while a statutory disqualification request is under review, or the broker is appealing a hearing panel decision.
(Source: WealthManagement.com, May 11, 2017)
• One bank is trying to turn the expense of thoroughly vetting bank customers into a money-maker with new digital identity products. It is pitching these verification, enrolment and authentication tools to businesses as a way to improve user experience, reduce online abandonment rates and not least of all guard against fraud. In so doing, the bank is one of the first in the U.S. to test if businesses will pay banks to check users’ identities, and if consumers will sign into websites through their banks the way they use social media accounts. Since banks already have to collect and verify sensitive information to comply with Knew-your-customer regulations and to prevent fraud, they theoretically could leverage this work and expertise for other businesses. Consumers in turn, would have fewer passwords and usernames to remember and would not have to give out sensitive information such as Social security numbers quite as often. Banks in Europe and Canada have begun to offer such services. It remains to be seen whether one of the benefits of bank ID for businesses – that is spares them the burden of safeguarding customers’ information – can sway companies that currently view this data as gold, not toxic waste. And banks themselves will have to understand the potential liability if they mistakenly issue incorrect credentials to someone who harms the relying party.
(Source: American Banker, May 15, 2017)
• Lebanon’s Central Bank’s Special Investigation Commission (SIC) said it received 470 cases related to financial crimes last year, up nine percent compared with 2015. The number of crimes reported by local sources totalled 363. The remaining 107 cases were submitted by foreign sources, according to SIC’s 2016 annual report. The number of reported terrorism financing crimes jumped 70 percent to 46 cases. “Money laundering and terrorism financing cases handled during the year led to account freezing decisions and lifting bank secrecy of 42 cases that were forwarded to the General Prosecutor,” said Riad Salameh, Governor of the Central Bank, who is also the Chairman of SIC.
(Source: Business News, May 16, 2017)
• To smart compliance experts, it makes sense that a lack of accountability and organizational justice relates directly to poor compliance efforts. And employees are quick to notice if responsibility for misconduct. Inside Counsel surveyed over 550 ethics, compliance and legal experts around the world, less than half (47%) of low-performing compliance programs analysed the root cause of executive and employee misconduct to determine accountability. Even fewer (45%) said C-suite executives consider ethical behaviour a prerequisite for promotion. However, when corporate leaders take an active role in shaping compliance programs aground shared values and clearly defined behaviours, they can reduce compliance risk considerably. The vast majority (84%) of high-performing corporate compliance programs communicate the organization’s expectations of behaviour in a clear and concise manner, according to the survey. Three steps that General Counsels, Chief Ethics Officers and their teams can follow for more effective ethics & compliance programs based on values and behaviours are: One, articulate a set of shared and sustainable values that truly reflect the best interest of what the company stands and believes in. Two, define a set of behaviours that reflect those values that people at all levels of the organization should espouse. And three, cut unnecessary rules altogether. A strong corporate culture, based in values, can lead to simpler, clearer and more effective compliance program than an arbitrary checklist of rules and multiple layers of policy.
(Source: Inside Counsel, May 15, 2017)