Red Flag Indicators of 2023’s Top Financial Crime Typologies

The shifting typologies financial crime compliance professionals seek to identify, monitor, and report on reflect the volatility of the wider economic landscape. But in addition to commonly known and understood risks, such as money mules, a host of typologies are emerging that firms need to understand and assess for 2023. This editorial explores those and identifies key red flag indicators firms can use to ensure their fraud and anti-money laundering programs are operating effectively. 

Environmental Crime

In our 2023 State of Financial Crime report, nearly 1 in 3 firms surveyed reported concerns about environmental crime, making it one of the top-selected typologies. Illicit supply chains are now more efficient and anonymous than ever thanks to the digitalization of finance and communication – from social media and the darknet to crowdfunding and blockchain payments. Globally, two areas stand out:

Illegal Timber Exports

A 2022 study by Chatham House found that 15 percent of all timber exports from 37 exporting countries were illegal, with the majority coming from China, Brazil, Indonesia, and Russia. 

The Financial Action Task Force (FATF) has noted several characteristics of financial flows from illegal logging and mining that firms should consider when establishing red flags. In one use case, a company established in a source country mixes legal and illegal sourcing, often enabled by corrupt politically exposed persons (PEPs), who may serve as beneficial owners or be connected to them. The sourcing company belongs to a parent company in a lower-risk jurisdiction and trafficks through third-party jurisdictions, adding further distance from the parent company. When the parent company receives the profits, they appear to come from elsewhere, creating multiple steps of removal between the illicit proceeds and the true beneficial owners.

Wildlife Trafficking 

Pandemic-related economic downturns have reduced wildlife protection resources in key African regions. Meanwhile, China has eased wildlife trade restrictions introduced in June 2020 to curb COVID. United for Wildlife estimates illegal wildlife traders will “return to full profitability within 2-3 years.” 

In a 2020 report, the FATF highlighted numerous red flags indicating the possible laundering of illegal wildlife trade proceeds. Examples include:

• Legal wildlife shipments whose CITES certificates appear incomplete or suspicious
• Transactions naming medical ingredients that reference CITES-listed species
• Transactions where legal pet merchants interface with overseas suppliers or established wildlife traffickers
• Large transfers from a known trafficker to a relative

Alia Mahmud, Regulatory Affairs Practice Lead at ComplyAdvantage, makes three recommendations for curbing the laundering of environmental crime proceeds:

1. Implement frequent enterprise-wide risk assessments.
2. Provide regularly-updated training in typologies and risk indicators for environmental crimes and related activity. 
3. Ensure existing controls are sophisticated enough to dynamically detect these risks. This includes enhancing transaction monitoring rules and scenarios, which can be done with minimal upheaval through an artificial intelligence overlay that works with existing systems. 

Tax Evasion

Our survey also highlighted tax evasion as the predicate offense firms are most focused on screening for, selected by 36 percent of respondents. Globally, there continues to be a push for more transparency in corporate tax arrangements. It is estimated that corporate tax abuse leads to losses of at least $483 billion annually. The G20 agreed to a minimum global tax of 15 percent for multinational corporations in 2021, and countries around the world continue to develop domestic frameworks to implement this. 

In 2021, Malta’s Financial Intelligence Analysis Unit (FIAU) released a guide to risk indicators for tax evasion and money laundering. Among other things, it recommended firms monitor for:

• Firms declaring zero income revealed as doing business by third-party reports
• Customers that try to discover whether their earnings will be reported to regulators
• Organizations with incomplete documentation that would affect tax evaluations 
• Accounts that appear to mingle business and personal income

However, as no single red flag conclusively identifies tax evasion, firms should ensure they are weighting risks contextually, following an up-to-date and tailored risk assessment.

Sanctions Evasion

As international sanctions continue to develop, the risk of violations is high. Unsurprisingly, following the invasion of Ukraine, Russia rose to first place in the 2023 list of geopolitical hotspots firms are most concerned about – cited by 46 percent of respondents.

Responding to comprehensive sanctions, Russian individuals, businesses, and other entities have demonstrated a sophisticated capacity to exploit weaknesses in western sanctions. As firms seek to shore up their risk management, they should bear in mind key emerging sanctions evasion methods. These include:

• Procuring goods through proxies – The Russian military and intelligence services have continued to procure dual-use technology through fronts and proxies in a number of countries. 
• Obfuscating the origins of banned commodities – Russia is using methods perfected by long-term sanctions targets such as Iran and North Korea. To hide oil sales, Russia has re-registered oil tankers to other jurisdictions, blended its oil with other nations’ supplies, and used ship-to-ship transfers at sea. Russia also appears to be exploiting neutral countries to ‘origin launder’ commodities.
• Changing ownership and corporate structures – The International Consortium of Investigative Journalists (ICIJ) has revealed, for example, that in the wake of the invasion, oligarch Alexei Mordashov, one of Russia’s richest men, quickly transferred his shares in the German travel group TUI to a Caribbean shell company that his personal partner owned.

Mahmud points out that “in our survey, 96 percent of firms told us real-time AML risk data would improve their response to sudden sanctions regime changes, like those seen in the case of Russia.” She urges firms to outsource to vendors when necessary to stay ahead of these changes. “Firms must ensure they do not take a minimalistic approach to detecting potential Russian sanctions exposure, especially since western government agencies will be increasingly focused on improving private sector implementation and reducing evasion.”

Crypto and Ransomware

2022 saw an acceleration in the convergence of ransomware and cryptocurrencies, most notably through Deadbolt, a group attacking network-attached storage (NAS) devices and vendors. Deadbolt infections soared by 674 percent between June and September 2022 alone, with most infections found in the US, Germany, and Italy.

State-sponsored ransomware actors in Russia, North Korea, and Iran have also become more critical. In April, the US Office of Foreign Asset Control (OFAC) expanded its sanctions regime covering alleged North Korean wallets following the hack of blockchain game Axie Infinity’s Ronin bridge, which saw $600 million in cryptocurrency stolen. In September 2022, three Iranian nationals were charged with scheming to hack the US computer networks of government agencies, nonprofits, and healthcare facilities.

Regulators have taken action to advise firms about how they can best tackle ransomware risks. In March 2022, FinCEN issued an advisory that – among other things – highlighted key risk indicators of a possible ransomware attack involving convertible virtual currency (CVC). In April 2022, the Australian Transaction Reports and Analysis Centre (AUSTRAC) also issued a report highlighting indicators of ransomware. Red flags include:

• A customer talks about someone assisting them in a cryptocurrency purchase.
• Immediately after a digital wallet receives funds from an external wallet, the owner quickly makes numerous hard-to-explain trades with other wallets and then moves funds outside the platform.
• A prospective customer submits a photograph of data on a computer screen as part of the onboarding customer verification process.

Iain Armstrong, Regulatory Affairs Practice Lead at ComplyAdvantage, recommends that firms continually review “their cyber defenses, data hygiene, and training programs so they’re able to rapidly adapt to the shifting ransomware landscape. Familiarity with the latest behaviors, and any specific forms of ransomware targeting their sector, will be critical. It’s also important to review the latest guidance from regulators in relevant jurisdictions, as they will continue to issue practical information on the risks firms face and any actions they should take.”

Investment Scams

Our survey data showed tax and investment fraud as the joint top concerns for compliance professionals in 2023. While both are likely fuelled by the economic downturn, investment fraud, in particular, often runs countercyclically to the economy. 

As easier methods of accessing finance dry up, the temptation increases to resort to bogus schemes offering apparently “market-beating” returns. US Sentencing Commission statistics show that while the number of securities and investment fraud offenders has declined over the last five years, the median loss incurred has soared to more than $2,880,000. In August 2022, the Securities and Exchange Commission (SEC) also issued guidance on the growing use of social media platforms to seek investment guidance. 

It states that “fraudsters may set up an account name, profile, or handle designed to mimic a particular individual or firm. …[They] may also direct investors to an imposter website by posting comments in the social media accounts of brokers, investment advisers, or other sources of market information.”

The North American Securities Administrators Association (NASAA) encourages investment advisers and broker-dealers to establish reliable processes to protect clients from investment exploitation. Alongside advice on necessary components of an effective risk program, it lists key risk indicators, including anomalous behavior such as:

• Atypical transaction patterns for the client profile (such as unusual transfers or withdrawals)
• A client who appears unaware of their financial situation
• Apparently reckless transactions that ignore penalties
• Agitation, such as nervousness or unusual excitement about new financial opportunities – especially when combined with a reluctance to share details or consistent interference from a third party

Key Takeaways

Ultimately, the effectiveness of measures designed to screen against each of these five typologies will depend on a sound underlying fraud and AML risk management system. As Armstrong explains: “More than ever, compliance officers will need to keep their businesses focused on good outcomes by emphasizing the human, as opposed to financial, cost of financial crime. Indeed, firms should not be complacent about the longer-term reputational effects of widely-publicized fines and enforcement actions, particularly with the oldest of the millennial generation starting to enter middle age.”

To detect complex, deliberately-obscured activity, firms must establish robust supply chain risk management and know your business (KYB) as part of a comprehensive customer due diligence (CDD) process. Rather than treating various typologies in isolation, firms should ensure their framework effectively traces ultimate beneficial owners (UBOs), screens PEPs, and enables robust enhanced due diligence (EDD) practices. Technologies such as artificial intelligence overlays, which firms can add to existing processes through a third-party vendor, can help ease the transition.