According to the alert, the Government of Canada states that religiously motivated violent extremism (RMVE), politically motivated violent extremism (PMVE), and ideologically motivated violent extremism (IMVE) all represent a threat to the security of Canada. IMVE is identified in the report as a type of terrorist threat that has “killed and wounded more people on Canadian soil than RMVE or PMVE.” 

Indicators of Terrorist Financing Activity 

To identify the terrorist financing activity, FINTRAC analyzed a sample of suspicious transaction reports (STRs) it received between January 2019 and October 2022. Based on FINTRAC’s analysis, the reported transactions fell into three main categories, including domestic terrorism, financing international terrorist groups, and Canadian extremist travelers (CETs).

In light of its analysis, FINTRAC compiled a comprehensive list of terrorist activity financing indicators that occur across each category, including:

• Adverse media or law enforcement information that link individuals to violent extremist group(s), sentiments, or violent extremist activity
• Subjects involved in transactions with individuals, groups, clubs, businesses and/or charities who have been associated with violent extremist groups by the media or law enforcement
• Transactions that involve certain high-risk jurisdictions
• Transaction details (contact name, email address, funds totals, remittance info, etc.) that make references to words, phrases and/or numbers linked to violent extremist actors, groups, activity, or iconography
• Excessive email money transfers followed by the depletion of funds through third parties or cash withdrawals
• Transactions that involve persons or entities identified by media and/or sanctions lists as being linked to a terrorist group or terrorist activities
• The use of crowdfunding, FinTech platforms, and/or cryptocurrencies to finance individuals or groups associated with violent extremism

For additional indicators of terrorist activity financing about CETs, compliance teams should review FINTRAC’s 2018 Terrorist Financing Assessment, as the report notes these indicators continue to be commonly observed.

Draft Guidance: Reporting STRs to FINTRAC

On December 16, 2022, FINTRAC also issued draft guidance for entities obligated to submit suspicious transaction reports (STRs) under the PCMLTFA. While the guidance may still undergo minor changes before coming into effect in September 2023, it highlights the changes due to be made to the STR form – a mock-up of which can be found here. 

FINTRAC reminds reporting entities that they must submit an STR to FINTRAC as soon as possible after measures have been taken to establish “reasonable grounds to suspect” the transaction is related to money laundering or terrorist financing. According to the guidance, the following measures should be taken to establish reasonable grounds for suspicion: 

• Screening for and identifying suspicious transactions
• Assessing the facts and context surrounding the suspicious transaction
• Linking risk indicators to your assessment of the facts and context
• Explaining your grounds for suspicion in an STR, where you articulate how the facts, context, and risk indicators allowed you to reach your grounds for suspicion

When completing an STR, FINTRAC states that a “fact” is an event, action, occurrence, or element that exists or is known to have happened or existed. Facts known to a reporting entity could include account details, a client’s financial history, particular business lines, or information about a person or entity. 

For more risk management best practices for Canadian FinTechs, download our infographic.

The post FINTRAC Publishes New Operational Alert to Help Businesses Identify Terrorist Activity Financing Indicators appeared first on ComplyAdvantage.

Because of this, money laundering is a high priority for the legislators and officials who oversee the world of finance. New anti-money laundering strategies are constantly being created to track down and stop money launderers, and the technology used to do so is evolving at a rapid pace.

What is money laundering?

The Financial Action Task Force (FATF) defines what is money laundering as “the processing of criminal proceeds to disguise their illegal origin”. Some of the major contributors to money laundering are organized crime, drug trafficking, and smuggling, all of which can generate a substantial amount of money that requires “cleaning” before the criminal can use it in a legitimate financial system without being detected.

Across the globe, financial institutions such as banks, capital market firms, and insurers are some of the most favored channels used to launder illicit funds. One reason that money laundering can be so difficult to track down is that it is necessarily related to other crimes. Criminals will often attempt to transfer money through several countries to obscure its illegal origin, involving multiple people and multiple bank accounts. 

Of course, this means that criminals typically committed another crime through which they obtained the illicit funds they then sought to launder. When multiple counts of money laundering and interrelated criminal activity become interwoven like this, a complex network of illicit activity is created that is problematic to fully track and break down.

How Does Money Laundering Work?

While the ways criminals can launder money are diverse, the methodology remains generally consistent. The three stages of money laundering are:

Placement

The initial placement stage refers to the introduction of illegal cash or money obtained through illegal activity into a legitimate financial transaction system. Cash deposits, wire transfers, and other financial instruments are used at this stage to move the funds away from being directly associated with the crime.

Layering

The next stage is where legally sourced money is “layered” or entwined with the illegal funds that have been placed in the financial system. The intent at this stage is to obscure the audit trail of the financial sum involved, which can look like the criminal buying and selling stocks, commodities, and real estate, often across multiple borders. 

Integration

The final money laundering stage is reached when the “dirty” money and the “clean” money have been combined to the point that all of the funds appear legitimate. When the criminals have a seemingly legal explanation for the placed and layered financial assets, the funds can be received from their original illicit source through means that do not draw attention, allowing them to use the funds freely in the regular monetary system.

Examples of money laundering

When it comes to money laundering, criminals can utilize a variety of methods, schemes, and techniques to move or conceal their illicit funds. Compliance teams must be able to effectively recognize money laundering typologies to mitigate against the risk of financial crime and ensure regulatory compliance as a regulated entity. Common money laundering typologies include:

Money mules

A “money mule” is an individual who has been recruited by criminals — whether wittingly or unwittingly — to act as a proxy in the placement of criminal funds into the system. Things to look for include small transaction amounts and young people who may be less aware of the legal implications of their actions.

As money muling networks are often made up of large numbers of individuals across jurisdictions, when suspicions arise, firms should try to build a picture of any relevant associates. 

Smurfing

The typology of  “smurfing” involves moving large amounts of illicit money through the financial system by making smaller transactions. “Smurfs” will often spread these smaller transactions across multiple bank accounts to avoid detection and remain under regulatory reporting limits. 

As networks are extensive enough to move large sums of money quickly, smurfing is likely to be used in conjunction with money muling. To mitigate against this risk, transaction monitoring thresholds must be appropriately calibrated to the bank’s risk-based approach.  

Virtual assets

Although the vast majority of placement and money laundering layering is still undertaken in fiat currencies (i.e., the Euro, the US dollar, etc.), virtual assets (especially cryptocurrencies) are emerging as a growing component in the complex process of layering funds. 

Over the last few years, money laundering involving cryptocurrencies has become increasingly common. For example, the proceeds of cyber fraud or blackmail could be initially collected on Bitcoin, but then traded through several cryptocurrency exchanges for a variety of other cryptocurrencies, including privacy coins, before being cashed out.

Is money laundering illegal?

Whilst the illicit origins of the funds being laundered are what make money laundering schemes illegal, the act of money laundering is an offense in its own right. In addition to receiving a sentence for the predicate crime (a component of a larger crime that generates monetary proceeds), criminals can receive up to 14 years in custody for money laundering offenses, in addition to mandated fees and restrictions.  

However, some countries, including Germany, have made a legislative shift to separate money laundering from predicate offenses, thus expanding criminal liability beyond what was previously outlined in the country’s catalog of suitable predicate offenses.

Comply with AML regulations

Our next-generation AML solutions help you to search, screen, and monitor clients for PEP status, sanctions/watchlist status, and suspicious activity.

Get started now

How is money laundering prevented?

Anti-Money Laundering (AML) refers to the procedures, policies, programs, and technologies that financial institutions must put in place to monitor fraudulent activity. Some AML controls include Know Your Customer (KYC) policies, record management and software filtering, holding periods, and sophisticated new technologies such as AI to monitor financial risk in real-time. 

Technological innovations have made it substantially easier to discover when the financial system is being abused, as well as to gather information about the individuals who are abusing it. Manually searching for data and monitoring accounts is tedious, inefficient, and often ineffective. Fortunately, screening systems have replaced this old-fashioned process, and have made it easier than ever before to monitor clients and determine if someone is laundering money.

To aid the fight against money laundering, many governments now legally require all financial institutions and many companies to report any suspicious activity that they notice among their customers. These institutions include banks, payment and insurance companies, casinos, money exchange companies, and numerous others. It would be impossible for governments to catch all the criminals involved in money laundering independently, and the same can be said for business and financial institutions. But when both the private and public sectors work together in order to combat this ubiquitous crime, their success rate dramatically increases. 

If a company or financial institution inadvertently completes a transaction that pertains to money laundering, it can face extensive legal and financial repercussions. Even if the mistake is entirely accidental, it may still be prosecuted. If corrupt employees actively aid money launderers, the employees are dealt with very harshly on an individual level and the institution may still incur liability. Because of these risks, most institutions go to great lengths to make sure that they properly monitor clients and their accounts. For businesses and banks, it is simply not worth the risk to be negligent and accidentally wind up involved in money laundering.

In order to further mitigate the risk of money laundering, updated and enhanced AML regulations are due to continue throughout 2022.

The post What is Money Laundering? appeared first on ComplyAdvantage.

Supply chain integration and the third-party relationships that entails bring a degree of elevated risk: in relying on a supply chain for essential commercial goods or services, firms must be confident that third parties are not involved in criminal activities such as fraud, money laundering, or the financing of terrorism, and are operating in compliance with relevant AML/CFT regulations. While a firm may be able to deploy robust compliance measures internally, third-party firms may not implement the same level of AML scrutiny, or may even seek to exploit vulnerabilities in partners’ infrastructure to engage in illegal activities such as third party money laundering.  With potentially significant financial and reputational penalties at stake, firms must work to minimize their exposure to criminal risks by understanding their third-party compliance responsibilities and by performing appropriate supply chain due diligence.

Understanding Supply Chain Due Diligence

To fulfill their compliance obligations and avoid facilitating criminal activity, firms must be able to accurately assess the third party money laundering risks that they face on an individual basis. In practice this means investigating the conduct of partner firms up and down the supply chain and performing an appropriate level of due diligence prior to initiating a business relationship.

As a first step, firms should map their supply chain from end to end, listing persons involved in the chain individually. Since a third-party supply chain may comprise manufacturers, transporters, suppliers, distributors, consultants and more, firms must implement a due diligence process that reflects the diversity and unique challenges of their environment.

When conducting supply chain due diligence, firms should focus on acquiring third party information that can be used to inform third party money laundering risk assessments, including:

• Company names, addresses, taxpayer references, and incorporation documents
• Names of company owners and beneficial ownership
• Company Cash flow and asset expenditure data
• Debts, liabilities, and other contingencies  
• Employment status of company employees
• Historical financial data
• Internal business risk assessments and growth projections
• Historical AML compliance performance

Third Party Money Laundering Risks

A lack of familiarity with third-party partner firms may expose firms to specific risks. These include:

• Industry: While a firm may operate in a relatively low-risk industry, partner firms up and down its supply chain may not. Relationships with firms in the shipping, art, or payment services industries, for example, may expose partner firms to higher degrees of AML risk than their native industries.
• Location: Firms may have business relationships with partners in countries that have lower AML/CFT controls than their operational jurisdiction and that exploit disparities in international legislation. 
• Sanctions: Partner firms may have business relationships with persons that are subject to international sanctions or similar restrictions, especially when those persons are located in foreign jurisdictions. 

Political risk: It may be difficult to track partners firms’ relationships with politically exposed persons (PEP). Elections in foreign countries may change a third-party’s PEP status and with that the level of money laundering risk that they present.

Supply Chain Compliance

Managing supply chain risk can be complicated and challenging especially since third-party AML/CFT threats are less visible than those captured by internal compliance controls. However, the principles of managing third party money laundering risk are broadly similar to the process of managing known risks, and require the implementation of monitoring and reporting controls. 

Under Financial Action Task Force (FATF) recommendations, firms must implement risk-based compliance solutions in order to manage the AML threats they face. In a supply chain context, this means conducting an effective risk assessment of supply chain relationships and then deploying enhanced due diligence measures for higher risk third-parties and simplified measures for lower risk third-parties. Risk-based AML allows firms to approach supply chain due diligence pragmatically, balancing their significant compliance responsibilities with their administrative and financial resources.

In addition to performing suitable supply chain due diligence (and acquiring the important information listed above), firms should perform a range of ongoing checks to ensure third-party risk profiles have not changed over the course of their business relationships. Ongoing supply chain checks should include:

• PEP screening: Firms should screen for elections and other governmental processes that may change the PEP status of third-party partners, and of their relatives and close associates. 
• Sanctions screening: Firms need to know if the third-parties they do business with have links to individuals and countries that are subject to economic sanctions. Accordingly, firms should screen third-parties against relevant sanctions lists, such as the OFAC list, the UK list, the EU list, and the UNSC Consolidated List. 
• Adverse media: Negative news reports often indicate that a person is involved in criminal activity and poses a greater risk of third party money laundering. Firms should screen for adverse media stories that involve third-parties in their supply chain, incorporating traditional screen and print sources and online sources. 

Audits: Effective supply chain due diligence may require firms to conduct an audit of third-party businesses to verify the information they provide and ensure that they have implemented appropriate internal AML/CFT controls. Audits may involve site-visits, investigations of clients, customers, and business relationships, and, in some cases, correspondence with authorities.

Penalties: Failure to implement suitable supply chain due diligence measures may result in significant AML compliance penalties for both firms and individuals – depending on the jurisdiction in which a violation takes place. In the United States for example, AML compliance failures under the Bank Secrecy Act (BSA) may result in fines of up to $1 million and prison sentences of up to 10 years.

Smart Technology Compliance Solutions for Third Party Money Laundering

Given the vast amounts of data required for supply chain due diligence, firms should seek to integrate smart technology tools as part of their AML solution. Smart technology brings automated benefits to the compliance process, helping firms process third-party risk data with greater speed and efficiency, while reducing potentially costly human errors. Firms may also seek to integrate artificial intelligence and machine learning systems in order to better capture unexpected changes in third-party behavior, and changes in regulation that might affect their compliance responsibilities.

The post Third Party Money Laundering Risk appeared first on ComplyAdvantage.

We share our financial crime regulatory highlights from the week of 5 April 2021.

The Philippines Expands Scope of AML/CFT Laws

All financing and lending companies operating in the Philippines must register with the Anti-Money Laundering Council (AMLC) and comply with AML/CFT reporting regulations, according to the country’s Securities and Exchange Commission (SEC). The regulatory agency released the updated guidelines on Tuesday, March 30, and followed up with a press release confirming the change on April 4.

Previously, only financing and lending companies “with more than 40% foreign participation in their voting stocks and those with paid-up capital of at least P10 million” were required to comply with the nation’s anti-money laundering laws.

The impacted companies will have two months to register with the AMLC’s online reporting system and submit proof to the Anti-Money Laundering Division of the SEC’s Enforcement and Investor Protection Department (AMLD-EIPD). They must also design and put into practice their own money laundering and terrorist financing prevention program (MTTP) that complies with all existing AML regulations and demonstrates a risk-based approach to AML/CFT threats. The program should be approved by the company’s board of directors or its equivalent and then filed with the AMLD-EIPD.

The amendment to the Philippines’s existing AML legislation and guidelines is the latest in a series of changes intended to close gaps, better protect the financial system and ultimately avoid being placed on FATF’s grey list once again — an action that would make it more costly for Filipinos to do business and make transactions. In January, for example, the Philippine government expanded the scope of the Anti-Money Laundering Act (AMLA) to include offshore gaming operators as well as real estate developers and brokers. Then, in February, the country’s central bank revised its AML/CFT risk assessment framework and introduced a four-point rating scale to help companies evaluate risks and the quality of its risk management program.

The Philippines had managed to make enough progress on strengthening its AML safeguards to be removed from FATF’s grey list in 2017. But FATF placed the country under a year-long observation period in late-2019, which was extended to February 2021 amid the global COVID-19 pandemic. The intergovernmental organization will make a final decision in June.

FinCEN Issues Call for Feedback on UBO Requirements

The US Financial Crimes Enforcement Network (FinCEN) is asking for feedback from the public on how best to implement the ultimate beneficial owner reporting requirements of the newly passed Corporate Transparency Act (CTA).

The new law, which was passed as part of the National Defense Authorization Act for Fiscal Year 2021 (NDAA) on January 1, 2021, brings about sweeping changes to the Bank Secrecy Act. Notably, it expands the scope of FinCEN’s duties and responsibilities provides additional incentives for whistleblowers to come forward, and establishes federal reporting requirements for the beneficial ownership information of legal entities incorporated in the US. More specifically, concerning the latter, it requires certain businesses to register their beneficial ownership information with FinCEN, which the agency will then use to create a federal database accessible to law enforcement and financial institutions to aid in fulfilling customer due diligence requirements.

It’s this change that is the focus of the current call for feedback. Through the issuance of an Advance Notice of Proposed Rulemaking (ANPRM) on April 5, FinCEN has posed nearly 50 questions to the regulated parties, regulators, and other interested parties on several different aspects of the law. These include whether and how to define certain terms within the law, what specific information should be collected and reported and how best to make that information accessible to the relevant parties. The comment period runs until May 5.

While this ANPRM will be the first of several, it is likely one of the most significant, given its direct and significant impact on AML/CFT compliance programs. There is little time to waste too. The regulations surrounding the beneficial ownership registry must be finalized and published by January 2022. Financial institutions and other regulated entities would do well to submit their recommendations sooner rather than later if they wish to influence how their compliance programs will need to be restructured to accommodate the new law’s requirements next year.

The FCA Confirms Focus on Stablecoins

Amid increased attention on and acceptance of virtual currencies, the UK’s finance minister confirmed on March 30 that the country plans to focus on regulating stablecoins first before turning its attention to other cryptocurrencies and the broader market.

This is due, in part, to the speed of stablecoin adoption. Although they don’t create the same buzz as Bitcoin or Ether, stablecoins — virtual currencies backed by a reserve asset like the British pound or gold — have become the most-used cryptocurrencies by trading volume, with a current collective market capitalization of just over $60 billion. They are primarily used for trading and investment.

Addressing a City & Financial conference, Finance Minister John Glen offered more insight into the reasoning behind the decision, saying that while no coin has yet been able to claim dominance over the market, “we need to manage risks to competition. There is the potential for some firms to swiftly achieve dominance and crowd out other players, due to their ability to scale and plug into existing online services. We believe the case for intervention in the wider cryptocurrency markets is less immediately pressing.”

That isn’t a worry shared by the UK alone: many regulators and governments have expressed similar concerns over the past few years, particularly in response to Facebook’s intention to launch a stablecoin of its own — formerly known as Libra, now called Diem. Diem is awaiting regulatory approval and is expected to launch later this year.

Even so, this doesn’t mean the wider cryptocurrency market has received a green light for light regulation. In July 2019, the Financial Conduct Authority issued guidance on crypto that specified which assets and currencies are regulated and which are not, laying the groundwork for future regulations. Then, last year, the FCA released a consultation paper seeking input on how best to oversee cryptocurrency promotions to protect investors. Another consultation paper followed in January on potential future regulatory actions as crypto assets, stablecoins, and, more generally, blockchain technologies become more widely used. 

These actions suggest that while the UK may be focusing on stablecoins, they are still looking to tighten AML/CFT and consumer protections on crypto across the board — something financial institutions must continue to monitor and prepare for.

The post Changes to AML/CFT Laws Are on the Horizon appeared first on ComplyAdvantage.

Further, the list of industries involved in the fight against financial crime is growing. It’s less and less — as much as it ever was — a problem only banks confront. Securities, real estate, high-value commodities and other sectors are all exposed to money laundering risks. As a result, the regulators of these industries are publishing valuable data that shouldn’t be ignored. 

Using the example of Russia, a country where corruption permeates many levels of society, we explore below how that data can help identify risks to the financial system that might otherwise go undetected.

A Sneaky Securities Scheme in Russia

Securities have long been singled out as vulnerable to manipulation. Buy and sell orders can be executed quickly, in large volumes, and regardless of national borders. FATF, in a 2009 report, acknowledged this and said, “the securities sector is perhaps unique…in that it can be used both to launder illicit funds obtained elsewhere, and to generate illicit funds within the industry itself through fraudulent activities.”

Add corruption and lax adherence to AML/CFT controls, and securities become an extremely effective vehicle for the illicit movement of money.

The Russian “mirror trading” scheme, through which $10 billion was moved out of Russia between 2011 and 2015, provides an eloquent example. A company in Moscow would buy Russian blue-chip stocks using the local currency only to have a related company elsewhere sell the same stock at the same value for dollars. The trades were made possible by Deutsche Bank — specifically the broker-dealers and employees of the bank’s Moscow branch — and provided a way for Russian nationals to evade currency controls, taxes and possibly launder money made from illicit activities.

The beleaguered Deutsche Bank, which had already come under fire for its involvement in scandals such as the Russian Laundromat, was slapped with a $425 million fine and has suffered extreme reputational damage as a result of the scandal coming to light.

Casting a Wider Securities Net

While by some standards, Russian regulators gave merely symbolic punishments to those found to be involved with the mirror trades scandal, there’s a curious pattern concerning the number of licensed securities market participants after the scandal broke: in 2017, 614 license-holding participants in the securities market were to be found, almost 50% less than the 1149 license-holders in 2013. So, the corruption within this sector isn’t going unnoticed.

As the Russian Federation Central Bank is the main actor tackling issues related to the securities sector, lists such as the two below would serve to flag individuals operating with canceled or suspended licenses:

• Russian Federation Central Bank Stocks and Bonds Market Cancelled Licenses of Professional Securities Market Participants
• Russian Federation Central Bank Stocks and Bonds Market Suspended Licenses of Professional Securities Market Participants

Moreover, the below lists from the same entity serve to provide even more context and identify additional high-risk individuals that operate within the securities sector:

• Russian Federation Central Bank Stocks and Bonds Market Cancelled Certificates of financial market specialists
• Russian Federation Central Bank Administrative Proceedings
• Russian Federation Central Bank Revoked Insider Certificates

Designated Non-Financial Business and Professions (DNFBPs)

The securities sector may be unique in its ability to facilitate the generation of ill-gotten wealth. But the tendency for criminals to recruit industry professionals as conspirators is not. Nor is it confined to those professionals within the financial sector. Continuing with the example of Russia, it’s worth evaluating certain designated non-financial businesses and professions with an eye toward their susceptibility to money laundering. They include:

Tax evasion:

In Russia’s National Money Laundering Risk Assessment (NRA ML) for 2017–2018, tax crimes ranked high on the list of key areas of concern — specifically, VAT fraud and tax evasion. It’s worth noting that the country has taken significant steps to curb both in recent years. Yet when tax officials are complicit, bypassing those steps is still possible.

Lists such as the “Russian Federation Federal Tax Service Legal entities whose executive bodies include disqualified persons” can help to flag tax entities that may pose a higher than normal risk.

Precious stones and metals:

Russia’s export economy relies heavily on its mining industry, which includes oil and gas but also precious stones and metals. Unsurprisingly, high foreign demand makes smuggling and illegal extraction of these resources attractive to bad actors and is a major predicate offense for money laundering.

Further, as Russia’s NRA ML indicates, AML legislation has not been sufficiently implemented, and diligence in reporting suspicious transactions has been lacking: curiously, for instance, the number of STRs filed for precious stones and metals from 2014–2018 remained somehow constant, ranging between 3,500 and 4,700.

The Assay Chamber is responsible for overseeing this sector’s compliance with trade regulations. Therefore, lists such as the “Russian Federation State Assay Office Results of AML Supervision,” which covers entities found to be in breach of AML requirements, can help to flag high-risk entities.

Gambling

While gambling is mentioned in the NRA ML as low risk in comparison to other industries, this sector is still worth keeping an eye on. With casinos only officially permitted in four special zones and online gambling prohibited, illegal gambling and lotteries have sprung up to meet demand.

Indeed, one estimate calculates that Russians spent around $11.8 billion on sports betting in 2017 and that 65% of that went to unregulated providers. Further, the Federal Tax Service (FTS), which supervises this industry, discovered approximately 95,000 illegal online gambling providers in the space of two years (2016–2018).

Given its prevalence, monitoring those identified as offering illegal gambling or illegal lotteries would be beneficial for financial institutions when determining their risk exposure. Therefore, lists such as the Russian Federation Federal Tax Service’s “Entities Offering Illegal Gambling” and “Entities Offering Illegal Lotteries” can help to flag high-risk entities.

Flexibility and Variety Is Key

The global AML landscape remains complex and poses multiple challenges, which require a flexible approach in collecting and categorizing relevant lists to screen against. Russia is simply one example of how this flexible approach can be applied to provide further context. To ensure financial institutions benefit from the most up-to-date information for risk mitigation, they must look for providers that not only screen against the usual sanctions and watchlists but also against other relevant data from a variety of high-risk sectors.

This is something we at ComplyAdvantage strive to do. We continually monitor regulatory developments and expand our database offerings to provide information that tackles AML/CFT risks from a great variety of sectors, from the financial sector to DNFBPs and non-governmental organizations and charities.

The post Russian Risks: Valuable Watchlists to Monitor appeared first on ComplyAdvantage.

How Terrorists Use Social Media

A report published in 2014 found that 90% of internet-based terror activities are conducted using social media. That percentage has likely increased over the last six years, given the overall global growth in social media use.

As of late 2019, nearly half of the world’s population — 3.725 billion out of 7.734 billion — is active on social media. That amounts to over 83% of current internet users and an increase of nearly 10% from October of the previous year. What’s more, there are no signs that global social media usage is slowing as we move into 2020 and beyond.

Social media’s explosive growth has sparked serious concerns over its possible exploitation by terrorists, terrorist organizations and radicalized sympathizers looking to promote their ideas and fund attacks worldwide. Given the open nature of these platforms, their reach and the anonymity they provide, terrorist financing is often hidden in plain sight, with small-currency transactions the norm.

Recent terror attacks have also highlighted the role social media plays in radicalizing and recruiting individuals as well as showing the devastating results of their attacks. The Christchurch mosque attacks in March 2019 that killed 51 people were announced on 8chan, live-streamed on Facebook and then reposted repeatedly on various social media channels.

These attacks were “designed to go viral,” according to New Zealand’s prime minister, Jacinda Ardern. The attacks serve as propaganda material to garner support for additional attacks and create a campaign for the financing of terrorism.

Going viral requires a reach that’s instant and wide, something made possible by social media. This kind of reach also opens the door for sympathizers to donate to the cause little and often without disrupting their day-to-day finances. Further, terror financing methods vary widely. So while donations can be purposeful, they can also be made by unwitting pawns using videos and images that aren’t immediately linked to terrorism since calls for donations are often disguised as being for charitable causes.

Financiers then follow up those calls with instructions, communicated via encrypted platforms, on making payments. These often arrive in the terrorists’ hands by wire or, increasingly, social media platforms. Prepaid cards, virtual currencies and e-wallets are also encouraged as they fly under the radar of traditional AML/CFT controls — a shortcoming new legislation, such as the EU’s 5AMLD, is trying to address.

One Service Among Many

Government attempts to regulate speech on these platforms have been met with resistance and controversy, especially in the US, where free speech is a cherished, constitutionally protected right. Nor have they proven to be an effective deterrent. In addition, social media companies have been reluctant to toe that line themselves, with lackluster attempts to identify and regulate activity that could be seen as impinging on freedom of speech. But centering the debate around regulating the expression of ideas obscures other, possibly more effective ways to fight terrorism.

In many ways, social media companies have outgrown their original purpose. Sharing content is simply one service provided among many, with additional services aimed at facilitating money flow: Facebook introduced its own digital currency, Libra, for example, and Instagram launched an in-app checkout feature last year.

Yet creating an account on a social media platform is still relatively easy and requires little to no personal information. Moreover, when one account is shuttered, there’s nothing to prevent another from popping up, either on the same platform or on a different one.

In 2017, terror financier Hajjaj Fahd al-Ajmi called on his 1.7 million Instagram followers to donate funds to support terror activities. While Instagram shut down his account after being made aware of the plea, a slew of donations had likely already been made. What’s more, this occurred after al-Ajmi had been identified by the US and the UN as a terror financier, had conducted similar campaigns on Twitter and had populated his Instagram page with advertisements to support local businesses.

An Evolving Debate

So as social media companies evolve into online marketplaces and as in-app virtual currency use grows, it’s worth re-examining their role vis-à-vis the financial system. What responsibility do these companies have to screen their users or monitor transactions, when should those screening processes be performed, and to what extent should financial regulations apply to them?

These questions of liability may seem rather abstract, especially given the current regulatory landscape. But it’s undeniable that detecting terrorist financing requires a multi-pronged approach, and the complex relationship between social media companies, payment processors and other financial services companies will continue to evolve.

How regulators and global advisory bodies will decide to move forward in the future is something every social media platform and third-party payment processor should be aware of, especially as they continue to blur the lines between finance and social media.

Look out for our next blog on social media and terrorism financing where we’ll discuss the role that third-party payment processors have to play by signing up for our newsletter.

The post Social Media Platforms and Their Influence on Terrorist Financing appeared first on ComplyAdvantage.

The California Consumer Privacy Act (CCPA) was signed into law on June 28, 2018, by the California State Legislature and introduces sweeping new privacy laws to protect the personal data of California’s residents. Also known as the California Privacy Act, the new legislation modernizes California’s data privacy regime in an era of increasing digital threats. Much like the EU’s General Data Protection Regulation, it also gives residents greater control over what businesses do with their personal information.

The California Privacy Act will come into legal effect on January 1, 2020. Since it involves the regulation of personal data, the act has significant implications for the way banks, fintechs and financial services businesses manage their AML/CFT responsibilities. In order to continue to deliver AML compliance, those firms must understand what the California Consumer Privacy Act is, and how it applies to them.

What Rights Does The California Consumer Privacy Act Provide?

The CCPA is designed to provide California residents with the right to:

• Know what personal data is being collected about them.
• Know if their personal data is sold or disclosed to other businesses.
• Deny businesses the right to sell personal data to third parties.
• Access their personal data upon request.
• Request that businesses delete their personal data.
• Be treated without prejudice for exercising their right to data privacy.

Who Must Comply With The California Consumer Privacy Act?

The CCPA applies to every entity (domestic or international) that does business in the state of California and that generates over $25 million per year. The CCPA is also applicable to companies that either:  

Buy or sell the personal data of at least 100,000 customers or households 

Or

Earn over 50% of their annual revenue through the sale of personal data.

Firms found to be in violation of the CCPA face fines of up to $7,500 (in the case of intentional violations) per individual breach.

What Are The California Consumer Privacy Act Responsibilities?

Under the California Consumer Privacy Act, firms take on a number of responsibilities to protect the personal data that they collect. In more detail, firms must: 

• Ensure parental consent is obtained when collecting data from minors under 13 years of age and obtain affirmative consent from minors between 13 and 16 years old.
• Implement a “Do Not Sell My Personal Information” link on their website homepage to enable customers to opt out of the sale of their data.
• Avoid requesting opt-in consent for 12 months after a customer has opted out.
• Facilitate customer data requests via a toll-free number (at a minimum).
• Update privacy policies with CCPA information.

Conflicts With AML Compliance

The California Consumer Privacy Act’s focus on protecting personal data conflicts with many of the AML measures that banks and financial services firms use to prevent money laundering and the financing of terrorism. By complying with the CCPA, firms could potentially allow money launderers to avoid submitting the sensitive personal information required by a range of important AML/CFT controls.

Fintechs in particular may have significant new data privacy conflicts under the CCPA because their services often necessitate the acquisition of personal data via IP addresses, browsing and search histories, or geolocations. 

California Privacy Act and AML Exemptions

In order to preserve the regulatory necessity and effectiveness of US AML/CFT laws, the California Consumer Privacy Act includes an exemption for identity verification and fraud-detection purposes. More specifically, if a firm must obtain personal information that is necessary to comply with federal or state legislation, such as AML or KYC laws, the Patriot Act or the Bank Secrecy Act, the data protection regulations mandated by the California Privacy Act do not apply. 

Where possible, financial services firms must comply with CCPA regulations, which means conducting a review of their AML identity verification and KYC processes and the information about their customers that they retain. If third-party verification services are being used, firms must ensure these providers operate in compliance with the CCPA.

The post What is the California Consumer Privacy Act? appeared first on ComplyAdvantage.

When it comes to terrorism, following the money trail is our best chance of preventing terror attacks before they occur. But that’s a challenge when that trail is composed of small-quantity transactions.

Funding streams are often small-scale and easy to overlook. What’s more, many transactions appear legitimate — at least on the surface. After all, rent payments and cost of living expenses are commonplace. However, these seemingly innocuous purchases can be weaponized with ease.

This strategy, called micro-financing, isn’t new, but it has picked up steam. While law enforcement and financial institutions (FIs) have honed their AML/CFT detection methods for larger-scale financing, more work is needed to identify these threats disguised as routine financial behavior. The stakes are high: failure to detect the micro-financing of terrorism has devastating consequences, with FIs potentially left shouldering the blame.

The Dollar Cost of Terrorism

Thoroughly planned and centrally-funded, the September 11 attacks killed nearly 3,000 people and injured over 6,000. One estimate puts the economic cost at $3.3 trillion. In comparison, it cost Al Qaeda about $500,000 to cause such devastation — expensive but just a fraction of Al Qaeda’s $35 million budget at that time.

One impact of the attack was to raise the profile of finance in terrorism. High-level U.S. officials of the day stated that fighting the financing of such terrorist groups was as instrumental as fighting the groups themselves. It’s an ethos that’s still true today.

Recent attacks, which have been less elaborate yet still deadly, have cost much less. Terrorists are estimated to have spent no more than $10,000 on the November 2015 attacks in Paris. Other extremists likely spent just a few hundred to a few thousand dollars each when planning and carrying out the slew of mass shootings or acts of terror involving rented vehicles over the last few years.

It doesn’t take much money to inflict significant damage. Current assessments note that the “most persistent” terror threats come from decentralized, isolated terror cells or homegrown violent extremists, who are often self-funded or funded by close associates and on a budget. This means low-cost terror attacks are set to become more common.

Hidden in Plain Sight

Detecting suspicious small-currency transactions is a challenge for FIs. Current AML/CFT regulations and processes have been generally effective but were designed to frustrate the flow of large funding streams to known terrorist organizations.

One consequence of this is that banks now must identify the illicit transactions that masquerade as legitimate financial activity. Given the volume and velocity of transactions that banks process per day, it’s akin to looking for a needle in a gigantic haystack.

Knowing where to look is the first step. Online marketplaces, payment services and crowdfunding sites are especially vulnerable. In 2017, the US discovered that ISIS had been funding a US-based terrorist through an alleged scam on eBay, which possibly also funded terrorists in Britain and Bangladesh.

Earlier this year, female detainees in a Syrian camp, long suspected of being ISIS sympathizers, received several thousand dollars to facilitate their escape through donations made via a crowdfunding campaign.

The Financial Action Task Force (FATF) has identified several other common examples of how terrorism is micro-financed. These include prepaid cards, student or personal loan withdrawals with no intention to repay and the exploitation of cryptocurrencies.

Since such transactions seem normal on the surface, it forces FIs to dig deeper. Instead of looking at the transaction itself, the question becomes: is this transaction being performed in a context that makes sense?

The Silver Lining

While these transactions are hard to detect, it’s not impossible. Modern transaction monitoring software facilitates rules designed to flag activity based on certain risk factors, such as changes in transaction frequency or volume across your customers, even if the activity itself seems legitimate.

A sudden increase, for example, in small eBay transfers to a bank account may be innocuous, but it could signal something far more sinister and is worth a second look. In cases such as these, identifying these illegitimate transactions involves looking at where the money is going rather than where the money has come from.

It’s also worth seeing who else has paid into that account and who else has been linked to the account in question. Doing that successfully means banks can track money across an entire network.

To do this well, financial institutions must build a comprehensive customer risk profile that contains high-quality data about the individual and their spending habits as well as relatives and close associates. Continuously monitoring for changes in that customer’s risk status over time is key. Fighting terrorism requires a focus on individual accounts, not just the size of the transaction.

But in order to do that banks and FIs need to have access to the right data. So much time is wasted dealing with false positives and playing catchup with an endless stream of alerts.

Sophisticated tools, available today, screen individuals and comb through data collated from both internal and external sources. These tools make connections between financial and non-financial information, identify patterns and detect anomalies.

Adverse information and media software like AIM Insight scan millions of online news sources to unearth information that may impact that customer’s risk profile, including involvement in unethical or illicit activity.

The solution is close at hand. Even as the terrorist profile shifts and terrorists find new ways to exploit the financial system and fund their attacks, the tools to prevent them are available. Banks and financial institutions need to rise to the challenge.

It’s only through combining the right technology with the right information that FIs will be able to disrupt terror financing, however large or small the funding stream.

Read more on how to use data to inform risk-based decisions here.

The post How to Stop the Micro-Financing of Terrorism appeared first on ComplyAdvantage.

For more than a decade, terrorist financing has been a prevalent financial crime on which authorities are desperate to crack down. It became a major political issue after the September 11th terrorist attacks in the United States, and it has weighed heavily on the minds of those involved in the financial sector ever since. A multitude of laws and regulations have been enacted to reign in the financing of terrorist activity, and are collectively known as counter terrorist financing policy (abbreviated as CTF). Under these policies, most financial institutions are required to fulfill many strict requirements regarding monitoring transactions and behavior, conducting proper customer due diligence, and maintaining appropriate records.

What is Terrorist Financing?

The meaning of terrorist financing is the illegal smuggling of cash to terrorist organizations. Terrorist financing is often linked with money laundering, and it is not uncommon for it to be completed across international borders.

Many studies have verified that there is a direct link between organized crime and terrorist financing in the United States, and each issue is generally not analyzed without taking the other into consideration.

The Difficulties of Counter Terrorist Financing

Many transactions that are completed in order to send money to terrorist organizations are small and innocuous. Terrorist financiers purposefully do not send large amounts of money at once, as they wish to avoid the attention of both governments and financial institutions who are bound to counter terrorist financing regulations.

Additionally, individuals who finance terrorism also use trade based money laundering schemes in order to get their money across borders. This is becoming much more common, and it is a difficult problem to track down.

Terrorist financiers have also been known to use cash to fund terrorist activities, especially when the place of terrorist planning and terrorist activities occur in the same country. Naturally this leaves less of a paper trail.

Between these tactics and online money transfer systems, terrorist financiers are able to create vast and complicated networks of which the counter terrorist financing division is only starting to scratch the surface.

How Terrorist Funding Works

Raising funds for finance terrorist organizations occur in various ways:

Illegal Activities: Terrorist organizations mainly use the illicit drug trade to raise funds for their activities. The money gained from the drug trade may then be laundered, making the trace of the funds difficult to track.

The Revolutionary Armed Forces of Colombia (FARC), for example, are known to trade cocaine to raise funds for their operations.

Front Companies: Terrorist organizations may operate legitimate businesses to generate profit for terrorist activities and to launder money.

Osama bin Laden was reported to operate a retail honey business throughout the Middle East, which helped him raise funds and conceal shipments of money and weapons.

Who Is Combatting the Financing of Terrorism?

Many institutions and regulations are dedicated entirely to counter terrorist financing.

For instance, one of the primary reasons that the USA PATRIOT Act was enacted in the United States was to cut off funding to terrorist organizations. Additionally, the Financial Action Task Force, otherwise known as the FATF, was created to help fight financial crimes including terrorist financing.

One of the tactics used by the FATF to encourage other countries to strengthen their anti-money laundering regulations was creating a list of the states that were not properly enforcing their laws against financial crime.

This ‘naming and shaming’ technique motivated many different countries to take a stand against both money laundering and counter terrorist financing, while simultaneously drawing attention to the prevalence of these crimes in the international finance sector.

Now, many banks and institutions are required to thoroughly screen their clients and gather as much information as possible about them and their accounts. This helps to ensure that their customers are not involved with financial crimes such as terrorist financing and that they are not laundering money out of the country.

The post Counter Terrorist Financing (CTF/CFT) appeared first on ComplyAdvantage.