On March 16th, the Financial Conduct Authority (FCA) issued a “Dear CEO” letter to payments firms authorized or registered under the Payment Services Regulations 2017, and Electronic Money Regulations 2011. 

In it, Matthew Long, the FCA’s Director of Payments and Digital Assets said the regulator remains “concerned that many payments firms do not have sufficiently robust controls and that as a result, some firms present an unacceptable risk of harm to their customers and to financial system integrity. We consider that the risk of customer harm is heightened by the tightening economic conditions and the cost-of-living crisis.”

The letter is framed around three core outcomes payment firms must achieve: 

1. Ensure your customers’ money is safe.
2. Ensure your firm does not compromise financial system integrity.
3. Meet your customers’ needs, including through high-quality products and services, competition and innovation, and robust implementation of the FCA Consumer Duty.

Implications for Fraud and AML Professionals 

Many of the FCA’s points – especially related to objectives two and three – center on issues related to fraud, money laundering, and sanctions. Here, we explore those in more detail and highlight actionable steps firms can take to help ensure they are compliant. 

Priority 1: Money Laundering & Sanctions

The FCA states that “All firms that are subject to the UK’s Money Laundering Regulations must have in place systems and controls to identify, assess, monitor and manage money laundering risk. These must be comprehensive and proportionate to the nature, scale, and complexity of a firm’s activities. With regard to economic and financial sanctions, firms must ensure that they operate effective systems and controls, in order to identify and manage any sanctions exposure and risk, associated with their customers and business activities.”

Common issues identified in the regulator’s work with firms over the last two years focused heavily on issues related to control, governance, record keeping, and the risk-based approach. Specifically, these included:

• Failure to carry out and/or to evidence adequate know your customer (KYC)/due diligence.
• Business-wide risk assessments that are not supported by a robust and effective methodology.
• Failure to regularly review and refresh risk assessments and control frameworks in an evolving threat landscape.
• Policies and procedures that are insufficiently detailed and tailored to firms’ business models.
• Failure to maintain and evolve the control framework, in line with or ahead of business growth.
• Failure to ensure name screening solutions from third-party providers are appropriately and adequately calibrated to meet their business requirements.
• An inability to reasonably justify and/or verify why a sanction screening solution does not generate alerts against certain names on the UK’s Office of Financial Sanctions Implementation list.

The FCA states that it expects firms to: 

• Ensure that anti-money laundering systems and controls are effective and commensurate with the risks in the business, including as it grows over time. 
• Conduct regular reviews to assess compliance with anti-money laundering obligations and sanctions requirements, and to work swiftly to remediate weaknesses identified. 
• Comply with responsibilities under the Proceeds of Crime Act 2002 and Terrorism Act 2000 through accurate and timely submissions of Suspicious Activity Reports (SARs) and regularly review themes from your SARs reporting.

What does this mean for your firm?

During the initial implementation process, we recommend that our clients make a detailed determination, based on their business model and related requirements, of the way they wish to configure their screening solution. Factors to consider include:

• The nature of their customers — For example, are their products offered to businesses or individuals? What geographies are covered for residence or trading activity? Is a customer risk-rating mechanism in place, allowing the firm to direct some, but not all, of their customers through an Enhanced Due Diligence process?
• Consistency and completeness of the data being sent for screening —  Is there consistency and predictability in the formatting of country names, dates of birth, prefixes, etc? Where there is more than one named individual associated with an account, how are several names being bifurcated before submission for screening? How are special characters being processed, etc?

Firms should ensure that the customer names submitted to any screening solution are derived using automated checks against official/state-issued identity documentation, as opposed to user-inputted. Implemented correctly, this can have a significant positive impact on the number of false positives emitted from name screening tools. ComplyAdvantage offers a high degree of configurability via various algorithmic levers which can help support false positive reduction in a structured onboarding process.

Once these steps have been taken, firms should devise tests for their screening solution by running name sets through the solution in a test environment, as part of their wider risk and control assessments. 

Test sets should be formatted to reflect live customer environments as closely as possible, including the variants firms would expect to see as a result of the processes they have put in place in that environment.

Firms should also ask vendors about the speed at which they can update their sanctions lists. In a tense, fragile geopolitical environment, new sanctions are likely to continue to be issued at pace and unpredictably, meaning that receiving updates as close to real-time as possible will be critical to ensure continued compliance with regulatory requirements.

Priority 2: Fraud 

The FCA notes it has seen “elevated fraud rates” in some payment and electronic money institutions. It notes the cost-of-living crisis as a potential driver of additional fraud. As a result, firms must “take action now to address weaknesses in their systems and controls to prevent fraud.” Common issues identified include:

• Insufficient emphasis on mitigating the risk of fraud against customers and insufficient customer education relating to fraud prevention.
• A lack of engagement with industry information-sharing bodies.
• Weaknesses in firms’ anti-fraud systems and controls.
• Backlogs that have led to fraud reports from consumers not being actioned within a reasonable timeframe by relevant staff.
• A high proportion of customer accounts being used to receive the proceeds of fraud.

The FCA has a clear sense of urgency around fraud, stating firms must “take immediate action” to protect customers against fraud, and ensure their firm is “not being used to receive the proceeds of fraud.” Firms are instructed to:

• Review internal risk appetite statements, policies, and procedures to ensure that these adequately address the risk of fraud to customers.
• Regularly review fraud prevention systems and controls to ensure that these are effective.
• Maintain appropriate customer due diligence controls at the onboarding stage and on an ongoing basis to identify and prevent accounts from being used to receive proceeds of fraud or financial crime.

What does this mean for your firm?

The combination of the economic downturn and the relentless adoption of new technologies provides fertile ground for new fraud typologies. That makes access to intelligent, real-time fraud detection information critical. It also means anti-fraud technologies that were effective even 12 months ago may now need to be renewed, to ensure they’re sufficiently capable of keeping up with the fast-paced world of fraud. The reality is, fraudsters will be the first adopters of any new technology, and firms need to work with partners who are capable of keeping pace.

At ComplyAdvantage, we approach fraud and AML holistically with our clients. Across both categories, a common challenge we see is a reliance on static rules to detect fraud. A better approach is to deploy a model that dynamically adapts to criminal behavior while, crucially, providing analysts with clear reasons when alerts are created. 

It’s notable that the FCA explicitly called out alert backlogs in its letter. We work with clients to deploy machine learning algorithms that can help them to prioritize alerts based on the risk they present. This enables them to be filtered, sorted and allocated more efficiently. This enhances our clients’ risk-based approach while making sure their analysts’ time is being used effectively. 

Another best practice is to be network-driven. Complex fraud cases are rarely the result of a lone actor, but legacy systems will focus on screening and monitoring individuals. A more effective strategy leverages AI to identify links between accounts – whether related to an individual(s) or an organization(s) – to help clients identify the true scale of the problem. 

We also work with our clients to support emerging payment types and to take advantage of the richer, structured data that ISO 20022 brings with it. It’s set to be introduced into the Clearing House Automated Payments System (CHAPS) on June 19th, 2023. The Bank of England states explicitly that it expects improved fraud and financial crime detection to be a key benefit of this transition. To learn more about how the migration to ISO 2022 can enhance your financial crime risk management, book a meeting with our team here.

But even with the best regtech and compliance team, fighting fraud takes a village. That’s why it is critical firms find ways to share information and knowledge. This could be through participation in data-sharing initiatives like CIFAS, working with technology and data vendors who monitor and respond to emerging criminal typologies, or participating in regulator consultations. 

Finally, we know that it’s next to impossible for compliance officers to keep on top of new developments alongside competing work demands and day-to-day responsibilities. That’s why we regularly publish our analysis and research on key trends and new regulations. We’re also regularly hosting and attending industry events to facilitate discussions between practitioners. You can find all our latest thought leadership content on our website. 

Next Steps

The FCA states that firms should ensure their board or executive committee review and consider which risks apply to them, and take appropriate action. It warns firms it will expect them to “explain the actions it has taken in response to this letter on request.”

Finally, the FCA notes that its wider strategy for 2022-25 has a strong focus on reducing and preventing financial crime, with a key plank of this being a commitment to act “earlier and more assertively in dealing with problem firms.” It notes it will “remove or sanction” organizations that “cannot or will not meet our standards.”

The post FCA Priorities for Payment Firms March 2023: Implications for Fraud and AML Professionals appeared first on ComplyAdvantage.

Pursuant to President Biden’s Executive Order (EO) 14067 on Digital Assets, the Treasury’s report took the form of a roadmap detailing how the government will bring greater transparency to the digital asset sector. Along with eight other reports from federal agencies, the Treasury’s action plan informed a new framework, published by the White House in September 2022, for the responsible development of digital assets.  

The comment period for the Treasury’s Action Plan ended on November 3. 

Regulatory Clarity and Public-Private Engagement

Speaking at the Crypto Council for Innovation, Rosenberg highlighted two specific issues repeatedly appearing in the report’s comment letters. Regarding the desire for further regulatory clarity, industry commenters asked questions about decentralized finance (DeFi) and being subject to sanctions obligations and regulatory anti-money laundering and combatting the financing of terrorism (AML/CFT) frameworks.

To ensure the DeFi industry has a clear understanding of its AML/CFT and sanctions obligations, the Treasury will review the specific issues the sector identified in the comments and explore how current questions and uncertainty should be addressed. Rosenberg noted that thought would be given to whether additional regulatory guidance will take the form of advice, outreach, or regulation. 

Second, Rosenberg commented on the industry commenters’ requests for more public-private engagement between the government and the virtual assets industry. Recognizing the industry has unique insight into illicit finance threats, Rosenberg said, “Stronger two-way dialogue can […] strengthen the US government’s understanding of technological innovations and changes, as well as create greater opportunities for industry to identify areas where these innovations may result in regulatory uncertainty.” 

Questions Around Privacy for Virtual Asset Transfers

Rosenberg also commented on some policy questions from industry commenters surrounding the Treasury’s approach to mixers following the designations of Blender.io and Tornado Cash. 

In May 2022, cryptocurrency mixer service Blender.io was sanctioned by the US after it was used in a heist backed by the Democratic People’s Republic of Korea (DPRK) to fund the country’s nuclear weapons and missile programs. Following this designation, in August 2022, another mixing service, Tornado Cash, was sanctioned for enabling cybercriminals to launder USD 7 billion in crypto since 2019. 

Rosenberg noted that while virtual assets can provide helpful insight into financial activities through public blockchains, which can be used to support AML/CFT compliance, some virtual asset users may desire privacy when conducting transactions. 

“Our goal and intention is not to deter the development of technologies that provide privacy for virtual asset transfers,” said Rosenberg. “We welcome opportunities to further engage with [the] industry on how these technologies can both promote privacy while also mitigating illicit finance risks and complying with regulatory and sanctions obligations.”

Further information on illicit financing risks associated with anonymity-enhancing technologies in the virtual asset ecosystem can be found in the 2022 National Money Laundering Risk Assessment. 

Key Takeaways

While the Treasury’s report is likely to play a significant role in shaping the future development of digital assets in the US, regulations will continue to be an ongoing and iterative process. Firms should stay up-to-date with the additional regulatory guidance and expanded engagement efforts the Treasury has committed to providing. 

For further reading, compliance staff should also familiarize themselves with the additional reports from federal agencies that highlight “a clear framework for responsible digital asset development and pave the way for further action at home and abroad.” The two other reports published by the Treasury in September 2022, include:

• The Future of Money and Payments
• Crypto-Assets: Implications for Consumers, Investors, and Businesses

The post US Treasury Follows Up On Action Plan to Mitigate the Illicit Finance Risks of Digital Assets appeared first on ComplyAdvantage.

The report responds to the USCC’s mandate “to monitor, investigate, and report to Congress on the national security implications of the bilateral trade and economic relationship between the United States and the People’s Republic of China.” It follows seven public hearings and testimonies from 74 expert witnesses from the government, private sector, think tanks, and other backgrounds. 

In addition to its recommendations, the USCC also analyzed developments in Taiwan and Hong Kong over the last year. 

A Red Line Over Taiwan

On November 14, President Xi Jinping and President Biden met for a three-hour meeting ahead of the G20 summit in Bali, Indonesia. According to a readout from the White House, Biden told Xi the US objects to China’s “coercive and increasingly aggressive actions” toward Taiwan.

According to China’s official Xinhua News Agency, President Xi Jinping responded by saying, “the Taiwan question is at the very core of China’s core interests, the bedrock of the political foundation of China-US relations, and the first red line that must not be crossed in China-US relations.” 

Chinese Defence Minister Wei Fenghe reiterated Xi’s remarks during a meeting with US Defense Secretary Lloyd Austin on November 22. “The resolution of Taiwan is a matter for Chinese people, no external force has the right to interfere,” said Wei. 

Following President Xi’s meeting with President Biden, the USCC recommended that Congress create a permanent interagency committee to develop options and create plans for the imposition of sanctions in the event of a conflict in the Taiwan Strait.

The Commission also noted the following recommendations to be of particular significance to Congress:

• Assess China’s compliance with the terms and conditions of the 1999 Agreement on Market Access
• Create an Economic and Security Preparedness and Resilience Office to oversee and set priorities to ensure resilient US supply chains and robust domestic capabilities
• Identify pharmaceutical products that use active pharmaceutical ingredients sourced from the People’s Republic of China and develop alternative sourcing arrangements
• Negotiate a prohibition on using China’s National Transportation and Logistics Public Information Platform (LOGINK) or similar systems provided by Chinese state-affiliated entities

China’s Anti-Foreign Sanctions Law

In June 2021, China introduced the Anti-Foreign Sanctions Law designed to block international sanctions imposed by the US and the EU. Under the legislation, those deemed directly or indirectly responsible for devising, implementing, or assisting in implementing sanctions imposed by foreign countries, or otherwise interfering in China’s affairs, could face sanctions.

Consisting of possible asset freezes and bans from conducting business with Chinese companies, China views the Anti-Foreign Sanctions Law as a necessary measure against the perceived threat of future sanctions against Chinese companies.

In July 2018, the US imposed tariffs on $34 billion of Chinese products, beginning an escalating trade dispute. During this time, foreign governments also heavily scrutinized two of China’s leading telecom companies. The US banned ZTE, Huawei’s Chief Financial Officer was arrested in Canada, and numerous countries began restricting Huawei products.

China’s sanctions activity reflects Beijing’s desire to respond to Western sanctions. 

Key Takeaways

Given the escalated global compliance risk, international firms must consider China sanctions as part of their AML solution. Firms should seek to integrate sanctions software updated with the latest China data and configurable to their risk tolerance. 

Similarly, a sanctions screening solution should consider non-Western characters and naming conventions to maximize accuracy and reduce false positives.

The post US Congressional Committee Recommends China Sanctions Planning Group appeared first on ComplyAdvantage.

Made up of two documents, the report and a detailed Staff Working Document, the SNRA analyzes money laundering and terrorism financing risks and recommends a comprehensive action plan to address them. The report also considers “sectors or products where relevant changes have been detected.” 

This report marks the third of its kind, with the Commission publishing its first SNRA in 2017 and the second in 2019 pursuant to the 4th and 5th Anti-money Laundering Directives, respectively. 

Online Gambling ML/TF Risk

After re-calculating the risk levels of various product and activity groups, the 2022 SNRA regraded the risk of money laundering and terrorist financing for online gambling from level 3 (Significant, High Risk) to level 4 (Very Significant, Very High Risk). According to the Commission, this is mainly due to “the non-face-to-face element, and huge, complex volumes of transactions and financial flows.” The possible use of virtual currencies and e-money, as well as the rise of unlicensed online gambling sites, intensifies this risk.

To mitigate this risk, the Working Document calls for improved cooperation between relevant authorities to better understand the risk factors inherent to online gambling and provide efficient guidance. Member States are also encouraged to strengthen customer due diligence requirements and increase the number and quality of suspicious transaction reports (STRs). 

The Working Document also lists the following “risk scenarios” associated with online gambling:

• A perpetrator uses gambling websites to deposit illegal funds and requests the pay-out of winnings or unplayed balance
• Legitimate online gambling accounts are credited with illicit funds, followed by gambling activity on only a small amount of funds. The remaining funds are then transferred to a different player, who then cashes out as if they were legitimate gambling earnings
• Crime organizations using several “smurfs” to bet against each other using illicit funds. One of the “smurfs” will receive all of the funds as an apparent winner, who will then cash out the funds as if they were credible gambling earnings
• Crime organizations may also invent and bet on fictitious matches or events to ensure winnings

Compliance staff should analyze the risk scenarios highlighted by the Working Group and consider configuring their rule set accordingly to prevent and detect online gambling AML/CFT risk. 

Recommendations to Member States

Following the Commission’s recommendations from the 2019 SNRA, the report also provides an updated list of guiding measures for Member States, such as:

• Keep national risk assessments up to date, ensuring they cover all relevant risks and provide appropriate mitigating measures
• Fully implement the provisions set out in the Anti-Money Laundering Directive related to beneficial ownership registers
• Ensure AML/CFT supervisors and FIUs have appropriate resources to fulfill their tasks
• Conduct on-site inspections that are commensurate, in terms of frequency and intensity, to the identified ML/TF risks – for the non-financial sector, Member States should ensure their competent authorities conduct sufficient unannounced spot-checks, especially on high-value dealers, real estate professionals, and antique traders
• Extend the list of obliged entities to include all crypto-asset service providers, as recommended by the Financial Action Task Force (FATF)
• Ensure customer due diligence rules are not circumvented
• Engage in close and ongoing cooperation among AML/CFT competent authorities, FIUs, law enforcement authorities, and the private sector
• Provide unique and ongoing training for obliged entities
• The Commission will continue to track the implementation of its recommendations and issue an updated report by 2024 in light of any changes that may be introduced into the current EU regulatory framework.

Compliance staff should remain abreast of any updates to the current AML legal framework and AML/CFT Action Plan. Such updates are expected to arise from the Meeting of the Expert Group on Money Laundering and Terrorist Financing, which took place on November 24. In the draft agenda published ahead of the meeting, information points covering the use of public-private partnerships and consolidating a list of politically exposed persons (PEPs) were due to be discussed. 

The post European Commission 2022 Supranational Risk Assessment Report: What You Need To Know appeared first on ComplyAdvantage.

Probe Findings

The settlement concludes two years of negotiations between the Parquet national financier (PNF) and Credit Suisse. The probe began in 2016 when, according to court documents, a whistleblower denounced an organized system that assisted in tax fraud and money laundering, primarily through the canvassing of French clients by Swiss salespeople. The subsequent investigation by the Financial Judicial Investigation Service (SEJF) revealed 4,999 French nationals who had held cross-border Credit Suisse accounts for up to several decades. The accounts contained 2 billion euros’ worth of concealed funds, without counting additional assets held in other Swiss bank accounts. The clientele appeared to be targeted by a sales team specially dedicated to France. 

According to the report, Credit Suisse representatives traveled to France and pursued the clients discreetly – never meeting on official bank premises, following up with those that didn’t declare their Swiss accounts to discuss “old money,” and often inviting clients to sporting events. Meanwhile, the bank retained most customer documentation and account statements within Swiss borders without delivery to customers, who could nonetheless access the documents at will.

The prosecution construed these findings as evidence of aggravated money laundering and illegal solicitation. Specifically, it alleged that the bank habitually assisted in complex laundering schemes involving placement, concealment, and conversion of funds obtained through tax fraud. The profit from managing the French clients’ accounts was estimated at 65.5 million euros. 

According to Prosecutor Francois-Xavier Dulin, the fine was calculated based on “the systematic character, lengthy period and creation of tools to hide” activity Credit Suisse’s clients wished to conceal. However, the court also considered the bank’s cooperation in the case once the activity had been revealed.

History of Litigation

Credit Suisse has made no admission of guilt and, based on court documents, has attested to having followed applicable laws. Instead, it said the fine represents its desire to turn a new page by resolving outstanding issues. Since 2020, the financial institution has faced at least $4 billion in litigation costs, including those from the 2021 Greensill and Archegos scandals. 

Litigation from Singapore could bring that figure still higher. Bidzina Ivanishvili, former Georgian prime minister, is pursuing litigation connected to the $150 million fraud a Credit Suisse banker committed involving the billionaire’s – and multiple others’ – client accounts. In October 2022, the bank reached a settlement with U.S. regulators over its alleged role in the events leading up to the 2008 financial crisis, and in June 2022 was found guilty in a legacy case involving the laundering of cocaine trafficking proceeds.

The bank’s new CEO, Ulrich Koerner, is restructuring the organization in hopes of rehabilitating the bank’s reputation and stability. The bank is expected to cut costs in an attempt to prevent further scandals while improving its profits.

Key Takeaways: Proactive Risk Management

Credit Suisse has cited an organization-wide failure “to anticipate material risks in good time in order to counter them proactively and to prevent them.” 

It is crucial for firms to proactively connect fraud and money laundering prevention processes – moving from a strategy that merely checks compliance boxes to one truly invested in preemptively detecting, preventing, and reporting violations. Alongside a streamlined organizational structure, artificial intelligence overlays can help organizations better use the tools they already have. 

Yet, for any technology or infrastructure to be effective, firms’ risk assessments must be continually kept up-to-date to ensure the most current trends have been taken into account. Paired with this, rigorous audits can ensure accountability within the organization’s fraud and anti-money laundering processes.

The post Credit Suisse settles €238m money laundering and fraud case with French prosecutors appeared first on ComplyAdvantage.

Discussions centered around:

• Additions to the blacklist
• Changes to the grey list
• Further restrictions placed on Russia’s FATF membership
• Improving asset recovery
• Strengthening requirements on beneficial ownership
• Undertaking new projects to enhance global anti-corruption efforts
• Providing guidance on detecting and disrupting illegal fentanyl trafficking

Blacklist Additions: Myanmar 

In February 2020, Myanmar committed to addressing the strategic deficiencies highlighted in the country’s 2018 MER. However, Myanmar’s action plan expired in September 2021, with no substantial progress having been made. In June 2022, the FATF strongly urged Myanmar to complete its action plan by October 2022. Due to a continued lack of progress and the majority of the country’s action items still not addressed a year beyond the action plan deadline, the FATF has added Myanmar to the blacklist.

Myanmar is the third jurisdiction to join North Korea and Iran on the FATF blacklist.

Grey List Additions: Mozambique, Tanzania, DRC

Following the FATF’s most recent update, the grey list currently consists of 23 jurisdictions. At the plenary, Kumar announced that the Democratic Republic of Congo (DRC), Mozambique, and Tanzania would now be subject to increase monitoring due to gaps in their anti-money laundering and combatting the financing of terrorism (AML/CFT) regimes. Pakistan and Nicaragua were removed from the grey list owing to sufficient progress in their proposed action plans. 

Democratic Republic of Congo

The decision to add the DRC to the grey list was made due to insufficient progress by the country on the recommendations laid out in its latest Mutual Evaluation Report (MER). The FATF stated the DRC must fully address the identified gaps by implementing its action plan by 2025. 

Mozambique

Following an MER in 2021, Mozambique made a high-level political commitment to addressing deficiencies in its domestic money laundering and terrorism financing regulations. While the FATF noted that the country had made progress on some of the MER’s recommended actions, sufficient progress had not been made, resulting in Mozambique being added to the grey list. 

Tanzania

Following its MER in 2021, the FATF notes that Tanzania has made progress on some of the MER’s recommended actions to improve its AML/CFT system. However, the FATF has placed Tanzania on the grey list due to several outstanding action points yet to be completed.

Pakistan

Pakistan has appeared on the FATF greylist multiple times since 2008. In June 2022, the FATF said Pakistan would be kept on the list until an on-site visit to the country took place to verify its progress. At the Plenary, the FATF announced Pakistan would no longer be subject to increased monitoring due to the country’s significant progress in improving its AML/CFT regime.

Nicaragua

After returning to the grey list in February 2020, the FATF has announced Nicaragua is no longer subject to increased monitoring. While the FATF congratulated Nicaragua on improving its AML/CFT regime, strong caution was given on the potential misapplication of the FATF Standards resulting in the suppression of Nicaragua’s non-profit sector. The FATF encouraged Nicaragua to ensure its oversight of non-profit organizations is risk-based and in line with the FATF Standards.

Russia Excluded from the FATF

In light of the ongoing Russian invasion of Ukraine, the FATF announced additional restrictions on the country’s remaining role as a member of the inter-governmental body. Russia is now barred from participating in current and future FATF project teams and will be excluded from meetings of the FATF-Style Regional Bodies.

These measures expand on the actions the FATF took back in June, when it stripped Russia of its leadership positions, among other restrictions. Kumar noted that the FATF would continue to monitor the situation and consider at its plenary meetings whether grounds exist for lifting or modifying these restrictions.

Following statements issued in March, April, and June this year, the FATF reiterated that all jurisdictions must be vigilant to emerging risks from the circumvention of measures taken against Russia to protect the international financial system.

Strategic Initiatives 

Echoing Kumar’s objectives presented at the June 2022 plenary, the FATF discussed multiple strategic initiatives ranging from improving asset recovery and beneficial ownership transparency to providing guidance on detecting illegal fentanyl trafficking. 

Improving Asset Recovery

The FATF reiterated its focus on accelerating the successful recovery of funds that fall victim to illicit financial flows. Delegates at the plenary agreed that expediting existing schemes and proposing new operational strategies will help countries develop more robust operational systems, which will help drive greater asset recovery. 

Global Anti-corruption Efforts

The FATF also formally agreed to undertake three projects to enhance global anti-corruption efforts. First, the FATF will assess the illicit finance risks posed by the misuse of “citizenship by investment” and “residency by investment” schemes, commonly known as “golden passports.”

Second, through mutual evaluations, the FATF will enhance assessments of countries’ efforts to implement the United Nations Convention Against Corruption, the international legal convention for national anti-corruption legal frameworks. 

Third, the FATF will evaluate members’ compliance with the FATF Recommendations related to non-financial professionals and gatekeepers whose professional expertise and access can enable corruption. 

Improving Beneficial Ownership Transparency

FATF members agreed to release draft guidance for public consultation related to Recommendation 24 concerning beneficial ownership transparency for legal persons and proposed amendments to Recommendation 25, which aims to improve beneficial ownership transparency for trusts and similar legal arrangements. 

The FATF notes that it welcomes a range of views from companies and other legal persons, financial and non-financial sector businesses, and non-profit organizations. Public consultation on these recommendations is open until December 6, 2022, with the finalized guidance and changes expected to be implemented by February 2023.

Illegal Fentanyl Trafficking

Finally, the FATF announced it would publish a report in mid-November that will include risk indicators to help detect and disrupt financial flows linked to the growing illicit trade in fentanyl and other synthetic opioids. 

Despite most jurisdictions recognizing drug trafficking as a major predicate offense for money laundering, the FATF noted that investigations and prosecutions related to fentanyl trafficking remain low. Therefore, the report will include training for prosecutors and law enforcement to help them better understand the supply chain and the need for public-private partnerships to share information and help the private sector improve its suspicious activity reporting.  

Next Steps

Compliance staff should ensure they are familiar with the outcomes of the October plenary – particularly relating to any upcoming MERs in countries they operate in. Dates related to forthcoming guidance issued by the FATF should also be noted. Such guidance will help shape and inform the future regulatory approach national bodies take. 

The next FATF plenary is due to take place in February 2023.  

Previous plenary coverage from ComplyAdvantage can be found here:

• FATF Plenary June 2021
• FATF Plenary October 2021
• FATF Plenary March 2022
• FATF Plenary June 2022

The post FATF Plenary October 2022: Key Takeaways and Initiatives appeared first on ComplyAdvantage.

The new guidance builds on an earlier draft, with the addition of questions to consider when developing source of funds (SoF) and source of wealth (SoW) processes and a reminder of reporting entities’ obligations under the Privacy Act.

Developing SoF and SoW Processes

When developing SoF and SoW processes, AUSTRAC recommends firms ask the following questions to ensure all procedures align with their risk appetite: 

• Can the customer’s (or beneficial owner’s) SoF or SoF be easily explained, such as through their occupation, investments, or inheritance?
• Is the customer’s background consistent with their former, current, or planned business activity and turnover?
• Do the SoF and SoW explanations corroborate the information obtained through enhanced due diligence, including open-source checks?
• Do high-risk customers require the same verification level to establish the SoF and SoW?
• Should higher thresholds for “reasonable measures” be determined when a foreign PEP is the customer or the customer’s beneficial owner?

According to AUSTRAC, “reasonable measures” means what is practical and necessary in line with the firm’s identified money laundering and terrorist financing risks.

The Privacy Act

In the guidance, AUSTRAC reminds reporting entities that the Privacy Act covers all personal information collected and verified about a person’s identity. Since this type of information can be considered “sensitive,” firms should consider storing the data with a higher level of privacy protection per the Australian Privacy Principles.  

Chapter 11 of the Australian Privacy Principles details the reasonable steps reporting entities should take to ensure the security of personal information obtained throughout the KYC process, including SoF and SoW checks. These include:

• Implementing a culture of data governance and maintaining it through regular training
• Employing data handling practices, procedures, and systems across business models
• Ensuring robust IT and access security
• Developing internal strategies in case of data breaches
• Identifying a process for the destruction and de-identification in certain circumstances

AUSTRAC Enforcement Investigation

The new guidance follows AUSTRAC’s ongoing investigation of Star Entertainment Group, where concerns had been raised regarding the casino’s customer due diligence and compliance with anti-money laundering and counter-terrorism laws.

Earlier this year, the group’s Chief Financial Crime Officer, Skye Arnott, revealed that the company provided fake SoF letters to the Bank of China to make deposits by high-net-worth individuals appear to have been earned by gambling. During the inquiry, Arnott acknowledged that providing fake SoF letters raised “very significant concerns” regarding anti-money laundering compliance.

While AUSTRAC’s enforcement investigations into the Star Group are ongoing, the recent revelations are a strong reminder of reporting entities’ obligation to maintain accurate SoF and SoW documentation. More information from AUSTRAC on record-keeping best practices can be found here.

Key Takeaways

Identifying the SoF and SoW are key elements of an effective risk management framework. Compliance staff should ensure these procedures and processes are accurately documented and applied consistently and in accordance with the firm’s risk appetite. The systems and controls that identify the SoF and SoW must also be subject to regular independent review. 

When conducting the checks, reporting entities must also avoid the common misconception that funds from a bank can be presumed clean. Further action may still be required to prove the funds are not derived from criminal proceeds. 

For more information, the compliance team should consult the frequently asked questions on SoF and SoW issued by The Wolfsberg Group. 

The post AUSTRAC Issues Updated Guidance on Source of Funds and Source of Wealth Checks appeared first on ComplyAdvantage.

Ensure your company is able to meet its regulatory obligations and can address criminal threats, with our guide to AML in Australia. 

Who is Australia’s AML/CFT regulator?

The Australian Transaction Reports and Analysis Centre (AUSTRAC) is Australia’s primary financial regulator. Established in 1989, AUSTRAC’s stated purpose is to protect Australia’s financial system from abuse by using ‘financial intelligence and regulation to disrupt money laundering, terrorism financing and other serious crime’. 

In practice, AUSTRAC provides oversight for Australia’s banks and financial institutions, ensuring that they comply with the country’s financial regulations and report suspicious transactions when they detect them. When AUSTRAC receives suspicious activity reports (SAR) from financial service providers, it will determine whether a criminal investigation is necessary. Where regulatory violations are found, AUSTRAC has the authority to enforce criminal and financial penalties. 

AUSTRAC supervises over 15,000 businesses in Australia and also works closely with international counterparts to contribute to the global fight against money laundering and the financing of terrorism. 

Australia’s Anti-Money Laundering Acts

Australia has passed several key AML/CFT laws:

• The Anti-Money Laundering/Counter-Terrorism Financing Act (AML/CTF) Act 2006: The AML/CTF Act sets out key compliance obligations for the private sector, and the requirement to report suspicious activity to AUSTRAC.
• The AML/CTF Rules Instrument 2007: The Rules Instrument sets out instructions for how the AML/CTF Act should be implemented.
• The AML/CTF (Prescribed Foreign Countries) Regulations 2018: The Prescribed Foreign Countries rules concern AML/CFT measures specific to trading with Iran and North Korea. 

Anti-Money Laundering Obligations in Australia 

Australia implements AML legislation in order to meet its obligations to the Financial Action Task Force (FATF). Accordingly, under the AML/CTF Act (and associated legislation), firms must meet the following key compliance steps: 

1)  Register with AUSTRAC: All private sector firms that provide designated financial services must register with AUSTRAC in order to obtain an operating license. AUSTRAC lists the types of firms that must register in the AML/CTF Act. 

2) Develop an AML program: Following FATF guidance, firms in Australia must put a risk-based AML program in place. The program must include a range of AML/CFT policies and procedures, including customer due diligence (CDD), enhanced due diligence (EDD), sanctions screening, and politically exposed person (PEP) screening. Firms must also appoint an AML Compliance Officer to oversee their AML program. 

3) Report to AUSTRAC: When a firm in Australia detects suspicious activity, it must have a process in place to report that activity to AUSTRAC via a suspicious matter report (SMR). Transactions of $10,000 or more must be reported automatically. 

4) Keep AML records: Firms must implement a system to keep customer AML records for a period of at least seven years. Those records must be produced for law enforcement agencies upon request for use in AML/CFT investigations. 

How Is AML Compliance Changing?

In 2015, a FATF Mutual Evaluation Report (MER) of Australia revealed a range of AML/CFT deficiencies. Those deficiencies had left the country vulnerable to financial criminals, and led to a number of high-profile regulatory compliance violations. Significant issues raised in Australia’s MER included inadequate CDD requirements and inadequate AML/CFT controls for correspondent banks. The FATF also emphasized Australia’s failure to extend AML/CFT regulations to designated non-financial businesses and professions (DNFBP) such as casinos, law firms, and real estate agencies.

In response to the FATF’s evaluation, the Australian government passed a range of new AML/CFT legislation between 2021 and 2022, introducing the following regulatory measures and controls: 

• Financial services firms in Australia must conduct risk-based CDD for all clients. Firms may also engage third-party service providers to conduct CDD on their behalf.
• CDD requirements have been extended to correspondent banking relationships. Cross-border money transfers of $10,000 or more must be reported to AUSTRAC. 
• Expanded information sharing rules between the public and private sectors. 

As of February 2022, Australia had not introduced new DNFBP legislation but had made a commitment to do so in the AML/CTF Increased Transparency Bill. In April 2022, the Australian Senate criticized the ongoing delay in DNFBP legislation and also called for the introduction of a beneficial ownership register. 

Anti-Money Laundering Australia: Compliance Best Practices 

While AML/CFT challenges in Australia vary by the unique needs of each firm, there are best practices that may help enhance compliance. In particular, a range of technological tools and platforms offer significant advantages for AML/CFT teams. These include: 

• Customer relationship management: CRM systems are designed to help firms automate the regulatory aspects of customer relationships, including customer onboarding, client data management, and AML/CFT risk assessments. 
• Identity verification: IDV platforms enhance the CDD process which requires firms to establish and verify their customers’ identities in order to conduct accurate AML risk assessments. Digital identity verification is faster and more accurate than manual compliance, allowing firms to easily capture and store things like birth certificates, addresses, and company information. 
• AML/CFT Screening: Customer screening tools cover a range of important AML/CFT obligations. In particular, firms may integrate: 
  • Sanctions screening tools to establish whether customers are subject to international sanctions measures. 
  • PEP screening to determine whether a customer is a political figure or government official – and therefore a higher AML/CFT compliance risk.
  • Adverse media screening in order to capture customer involvement in news stories relevant to their risk profile. 
• Transaction monitoring: Firms should monitor their customers’ transactions for suspicious activity that might be indicative of money laundering. That activity might include unusually high or low frequencies of transactions or transactions with high-risk countries. 
• Case management: Firms should integrate case management systems (CMS) in order to facilitate the timely remediation of AML alerts and the submission of SARs to AUSTRAC.
• Social network analysis: SNA tools may be particularly useful for internal money laundering investigations, enabling firms to spot connections between accounts or financial trends that would have been missed by manual analysis. 

Australia’s evolving AML/CFT landscape means that firms must stay up to date with their compliance obligations and understand how their risk exposure might change with the introduction of new legislation. Beyond using AUSTRAC’s latest news and updates page, firms should also seek to understand emerging money laundering methodologies, new legislative trends, and the capabilities of the latest AML/CFT technologies. 

ComplyAdvantage can help Australian firms achieve their compliance objectives with a range of automated AML solutions tailored to their unique risk profiles. Complementing the expertise of compliance teams, our solutions integrate cutting-edge smart technology to speed up and streamline your AML program in a challenging regulatory landscape. 

The post AML In Australia: What You Need To Know appeared first on ComplyAdvantage.

According to the 2021 EY Fintech Australian Census, the sector’s speed to commercialization and the number of deals and Initial Public Offerings throughout the COVID-19 pandemic has given investors greater confidence in returns. In light of this, FinTech was hailed “the standout hero” of the Australian economy during the pandemic, as the sector generated the jobs and investment the country needed for a swift economic recovery.

Support from public bodies, including investors and regulators, has been crucial to the sector’s growth trajectory. From the Banking Royal Commission opening the door to innovation in 2019 to regulatory sandboxes allowing license-free testing for up to two years, Australia’s pro-innovation and pro-competition outlook tees up further legislative and regulatory support for the FinTech industry.   

To ensure the integrity of this outlook, Australia’s anti-money laundering and counter-terrorism financing (AML/CTF) rules are currently undergoing reform. The Australian Transactions Report and Analysis Centre (AUSTRAC), Australia’s AML/CTF regulator, supports the overhaul, citing the need to streamline the regime to support FinTech and wider innovation. 

The reforms include ending the unwarranted de-banking of FinTechs by legacy financial services providers on AML/CTF grounds and improving AUSTRAC’s online suspicious activity reporting platform. However, daily challenges for FinTechs remain, particularly regarding the growing threat of financial crime. The CEO of AUSTRAC, Nicole Rose, referenced this in a May 2022 speech warning about the potential for online finance to be abused by criminals, especially digital assets.

The financial crime typologies encountered by FinTechs, such as digital asset money laundering, identity theft, and account takeover, require firms to move away from the post-analysis of data and instead be proactive about AML. Having a compliance mindset from the outset is critical to ensuring the sustainability of new FinTechs in Australia.

While this Guide to AML for Australian FinTechs affirms there is no single “right answer” to building an AML compliance program, FinTechs must adopt a risk-based approach to account for their risk appetite. This includes demonstrating to AUSTRAC their process for recognizing the existence of risk and implementing control strategies for mitigating and monitoring the risks they identify. 

In addition to providing suggestions on how to implement a risk-based approach, this guide will arm FinTechs with:

• An outline of the AML/CTF regime in Australia
• The core compliance responsibilities that arise from it
• A set of principles and actions that can help shape a flexible framework

The post The Impact of Australia’s Regulatory Environment on FinTech Innovation and Growth appeared first on ComplyAdvantage.