Webinar woes

Like many of you, I am trying to ensure that I keep my skills and knowledge as current as I can.  I don’t have CPD obligations, but it’s easy to get stale or set in our ways, and there is always something new to learn.  (Are you a Duolingo fan?  I’m now in my fourth month of learning Italian and can confidently tell anyone who asks that the elephant is wearing a pink shirt but does not drink lemonade.)

And stepping into the training breach is the webinar.  I have two main areas of interest these days – AML and writing/publishing – and in the past weeks I have signed up for about a half-dozen webinars on various aspects of these.  And although they are slick enough (most of us have wrestled Zoom/Webex/Teams into submission and worked out that we shouldn’t film ourselves against a bright background), they are really not an efficient way for me to learn.  It may be the ones I choose – i.e. the free ones – but everyone presenting is, to put it bluntly, trying to sell something, which is entirely understandable.  Unfortunately, this means that they spend a good five minutes introducing themselves and then, of course, give you only a bit of information.  And indeed, why should they give you everything for free?  But the upshot is that from an hour’s webinar I will probably get three bits of useful information – and that’s not a good return on my time.  It’s not possible to “skim-watch” a webinar in the way I will routinely skim-read documents to find the relevant bits.

This also partly explains another shortcoming of the webinar: I just can’t concentrate.  Unless the webinar is riveting and jam-packed with information that I want, my mind and my mouse wander, and before you know it, I’m on eBay looking for those handy labels that you stick on boxes in the freezer and a new pair of summer slippers for my husband [true story].  However, the real problem for me with webinars – and again, this is the ones I have seen – is that they seem to be too general, too fluffy.  They are opinion pieces rather than hard information.  So yes, I can guess for myself that the pandemic is going to lead to a rise in pandemic-related frauds: what I want is examples, and how to spot the signs, and what we can do about it.  Perhaps the format – demanding our total attention when there’s no-one to check that you are actually listening (or even in the room) – is better suited to more technical information.  In pre-pandemic times, I once attended a webinar on the significance of the Sixth Money Laundering Directive.  The trainer/presenter went through the directive article by article, explaining what it meant.  No opinions, no calls for greater co-operation, no deferring courteously and flatteringly to other experts – just hard facts that I wanted and needed to understand.  I was riveted.

Posted in AML, Money laundering, Training | Tagged , , , , , , , | 4 Comments

Leak technique

I’ve been doing some remote training recently for a new MLRO, which has been great fun: we’ve covered all the essential and then plenty of those fun, tangential topics that concern MLROs – including beneficial ownership and (our topic for today) the ICIJ’s Offshore Leaks Database.  Many people think that this database contains simply the information from the Panama Papers, but as the database’s own website explains: “The first instalment of the database was released on 14 June 2013 as part of ICIJ’s Offshore Leaks investigation.  More records were added on 23 January 2014 (from ICIJ’s China Leaks investigation), on 9 May 2016 (from ICIJ’s Panama Papers investigation) and on 21 September 2016 (from ICIJ’s Bahamas Leaks investigation).  Between November 2017 and February 2018 ICIJ released data from the Paradise investigation, including records from the offshore law firm Appleby and seven corporate registries: Aruba, Cook Islands, Bahamas, Barbados, Malta, Nevis and Samoa.  The Offshore Leaks database contains information on more than 785,000 offshore entities and covers nearly 80 years up to 2016.”  So the Panama Papers are only a part of the story, although it was a headline-grabbing boost to the database – and certainly the event that caught my eye when it happened.

For the MLRO, there are certain things to know about the database.  First, as the database website itself says, front and centre, “there are legitimate uses for offshore companies and trusts – we do not intend to suggest or imply that any persons, companies or other entities included in the ICIJ Offshore Leaks Database have broken the law or otherwise acted improperly”.   In other words, just because someone features in the database, it does not mean that they are criminal: it means simply that they have used the services of one of the firms whose data forms the database.  They may well have done that in order to arrange their affairs as tax efficiently as possible – but that’s not criminal.  Second, there may well be duplications, contradictions and errors in the data – it is a database assembled from several sources, and not a verified registry.  Third, there are better and worse ways to search the database.  You can just noodle around, scurrying down rabbit-holes and chasing juicy leads – which is fun for a while.  Or you can approach it more efficiently, using the suggestions provided by the ICIJ itself – on searching by location, on exploring networks and entity metadata, and on investigating companies.

But perhaps the most important thing an MLRO needs to do is to be prepared.  If you search the database for a client, there are several possible outcomes:

  • They aren’t there – phew!
  • They are there, but what is revealed about them is what you knew anyway – phew!
  • They are there, and what is revealed about them is news to you but immaterial to your relationship with them – half-phew, as perhaps your CDD is lacking or the client was not completely open with you
  • They are there, what is revealed about them is news to you, and it does affect your relationship with them (it increases their risk rating, or gives away that they lied to you) – uh-oh!

So you need to be prepared for any of these outcomes and to know what you are going to do as a result – and, to demonstrate your top-notch CDD, you need to keep careful records of your reasons for searching (or not searching), the results of any searches, and your reaction to those results.  That’ll teach you to want more information.

Posted in AML, Due diligence, Money laundering | Tagged , , , , , , , , , , , , , , , , | Leave a comment

The new crimino-normal

Much as I try to ignore it – otherwise it absorbs our every waking moment, and some of our nightmares – I do occasionally find that there is an interesting nexus between the coronavirus and money laundering.  And this week there seems to be a money laundering pushmi-pullyu in action.  (For those of you unfamiliar with Hugh Lofting’s books about Doctor Doolittle, who could talk to the animals, the pushmi-pullyu is a gazelle/unicorn cross with two heads – one of each – at opposite ends of its body.)

On one hand – or perhaps, at one head – we read that criminals in London are taking advantage of the MSB sector (money transfer businesses and bureaux de change) to place their criminal earnings and thereby continue their criminal business.  According to a report on Politico, there are more than nine thousand MSBs registered in London and therefore covered by AML obligations, but the fear is that many of them are not doing the required checks (and that many more operate without a licence).  In February 2020 the NCA (the UK’s FIU) issued an “Amber Alert” to MSBs, reminding them of their AML obligations and alerting them to the dangers they face from “serious organised criminals who may try and access [MSB] services”.  Understandably perhaps, MSBs were declared essential businesses by the government and have been allowed to continue trading during the lock-down – but those who supervise and check them are not permitted to conduct onsite visits.

And at the other head, the American authorities are seizing more cash than ever from criminal gangs who are finding their usual laundering routes – including cash-intensive businesses on the high street (Main Street, I suppose) – closed thanks to the pandemic.  According to Bill Bodner of the DEA, the shuttering of non-essential businesses has had a “tremendous impact” on, for instance, the black market peso exchange.  Moreover (and this I am taking on face value – I’ve not done any research behind it) he points out that the actual flow of drugs has slowed because “most narcotics precursors from China are made in Wuhan [where factories are currently] operating at a reduced capacity”.  And if the pushmi-pullyu had a third head, it would tell us that the impact of this reduced supply is a rise in the price of drugs: “with supply chains in disarray, the wholesale price of methamphetamine has soared to about US$1,800 a pound, compared with about $900 a pound five months ago”.

In short, criminals are taking advantage of hobbled supervisors (and I assume – albeit to a lesser extent – investigators) and of rising prices for their products, but are foxed by the obstacles to their usual laundering routes.  Like all of us, they are having to find a new normal – and we must be ready to tackle it when they do.

Posted in AML, Money laundering | Tagged , , , , , , , , , | 2 Comments

Calculators at the ready

Sometimes words enter your vocabulary and you can’t remember where or when you first heard them but suddenly they’re there and you’re hearing and using them all the time.  I’m not talking about “lock-down” or “social distancing” or “flattening the curve” – I’m talking about “cumulative risk”.  A great deal of work in the sphere of AML requires risk assessment.  At the start of a relationship with a client, you have to decide whether they fit your firm’s risk appetite, and if they do, you do an initial risk assessment to determine the level of take-on CDD that you will do.  And then you review their risk rating periodically – and the level of risk of everything they do during your relationship with them – to decide whether you need to alter the level and frequency of monitoring that you apply to them.  It’s very reiterative and very important.  And in the last year or so, regulators have been pointing out that cumulative risk must be taken into account at all stages.

In short, cumulative risk is the risk that results as a result of the presence of a combination of risks.  For instance, being a heavy drinker might increase your chance of death each year by 0.1%.  And being a reckless driver might also increase your chance of death each year by 0.1%.  If you’re both a heavy drinker and a reckless driver, your increased risk of death might be not 0.2% (the simple sum) but perhaps 0.5%, because your heavy drinking makes your driving even more reckless (and because you’re so relieved to survive your crazy drive to the pub that you down even more than usual).

In AML terms, we have this week seen the perfect example of cumulative risk at work.  On 8 May 2020, the former CEO of Garuda Indonesia, a gentleman called Emirsyah Satar, was jailed for eight years for bribery and money laundering.  In short, he accepted bribes over a decade for placing orders for Airbus planes and Rolls Royce engines.  Anyone doing CDD on Mr Satar might have spotted an accumulation of risks.  He was CEO of a company that is 60% owned by a government – making him a PEP.  That company is an airline, and the aviation industry has often been ranked high risk for corruption.  And the company and the PEP are in Indonesia – a jurisdiction considered high risk in many of the indices beloved of MLROs.  Like my daily intake of chocolate biscuits, it all adds up to something quite alarming.

Posted in AML, Bribery and corruption, Money laundering | Tagged , , , , , , , , , , | Leave a comment

A pandemic of efficiency?

These are very odd times: on the one hand, my daily life has slowed considerably, with elements of “Groundhog Day” about it, while on the other it is all but impossible to keep up with the fast-changing advice and requirements about the pandemic.  I have resisted blogging about recommendations from regulators and the like about keeping up with CDD efforts, as it seems to alter by the day.  But I have been wondering whether there are actually benefits of doing our AML work remotely.

For instance, we humans are herd-like in more than our immunity.  We also tend to mimic the work patterns and methods of those around us: if your desk-neighbour always uses a particular website to check PEP background information, you might just copy him.  But if you’re left to your own devices, sitting alone at your dining table at home with only the cat to suggest how to do the best Google searches, might you come up with an alternative that is better, or more illuminating, or simply useful to have as corroboration?  If you’re not fitting in with the working patterns of those around you, perhaps you’ll come at something from a new angle.  And without the distraction of phone calls by desk-neighbours and invitations to the tea-room to celebrate someone’s birthday or the lure of the lunch-time wander through town, do we have more focused time to spend on AML enquiries and research?

One definite benefit I have found is that it is much easier to pin people down for phone calls or training.  An enormous challenge for MLROs trying to organise training is getting all the relevant people in one place at the same time – a challenge that is magnified if the organisation is international, or if the people are very senior.  But nowadays, it’s a doddle: everyone’s at home.  No-one’s on holiday, or attending a conference, or even stuck at the airport waiting for a delayed flight.  And as an added bonus, you get to see everyone’s taste in interior design: that scary CEO might seem less frightening once you’ve seen her treasured collection of knitted bunnies in the background.

(If you’re struggling with working alone at home for the first time, you can get regular tips on surviving – and perhaps even enjoying – the experience from the Facebook page that accompanies my book “The Solo Squid: How to Run a Happy One-Person Business”.)

Posted in AML, Money laundering | Tagged , , , , , , , | 1 Comment

No, no, no to UWO, UWO, UWO

Most of us in the world of AML have welcomed the advent of the Unexplained Wealth Order – the court order introduced by the Criminal Finances Act 2017, which can be served to compel either a PEP or someone involved in serious criminality (or both…) to reveal the sources of their unexplained wealth.  We have tracked breathlessly the serving and processing of the first two UWOs, involving Zamira Hajiyeva (London-based wife of the former chairman of the International Bank of Azerbaijan, and known to the general public as “the £16 million Harrods woman”).  But on 8 April 2020 we were brought up short in our frenzy of prurient schadenfreude: the National Crime Agency confirmed that “the High Court ruled in favour of the respondents to three UWOs secured by the NCA in May 2019, and discharged the orders”.

The UWOs in question related to three properties in London (mansions in Hampstead and Highgate and an apartment in Chelsea, worth a total of £80 million and lived in by relatives of former Kazakh president Nursultan Nazarbayev but owned by offshore companies).  The NCA applied for – and were granted – the UWOs on the basis of their belief that the properties were linked to a PEP involved in serious crime.  But Dr Dariga Nazarbayeva and Nurali Aliyev (daughter and grandson of the former president, and beneficial owners of the properties) appealed to the High Court to have the orders overturned.  And Mrs Justice Lang agreed to discharge the UWOs, holding that the pair had filed sufficient “cogent evidence” of the legitimate source of the funds and that the NCA’s assumptions regarding the source of the money used to purchase the properties were “unreliable”.  (The NCA thinks that the properties were bought with money embezzled by the late Rakhat Aliyev – husband of Dr Nazarbayeva and father of Nurali – who styled himself “Godfather-in-law” and died in prison in Austria in 2015 while awaiting trial for kidnapping and murder.)  And they’re not going to give up, according to Graeme Biggar, Director General of the National Economic Crime Centre: “We disagree with this decision to discharge the UWOs and will be filing an appeal.  These hearings will establish the case law on which future judgments will be based, so it is vital that we get this right.  The NCA is tenacious.  We have been very clear that we will use all the legislation at our disposal to pursue suspected illicit finance and we will continue to do so.”

Personally (and indeed professionally), I think this latest knock-back is a good thing.  I know little about the specific case except what I read in the public domain, but I do know that there has been some unease about UWOs.  I have heard rumblings about them being used inappropriately to settle political scores, or being granted without sufficient scrutiny.  So to have three examined closely, overturned, adjusted and (I have no doubt about this) granted again at a later date shows that the system is both robust and fair.  And this setback has not dented enthusiasm for the UWO in theory, with plans afoot to make them available in Northern Ireland later this year.

Posted in AML, Bribery and corruption, Money laundering | Tagged , , , , , , , , , , , , , , , , , | 2 Comments

Keep washing that money

This blog – much like its author – veers wildly between buoyancy and doom, and this week it’s the latter.  Sorry about that.  And it’s about the pestilence.  Sorry about that too.  But there’s no lock-down for criminality and I assume that the MLROs among you are still keeping your staff posted with information about developing risks.  With that in mind, here are four warnings you can pass on (from a safe distance, of course).

Much as I try my hardest to ignore any news coming across the pond from the US, I think this source is reliable.  At the beginning of April, the FBI issued an official warning about criminals using the pandemic uncertainty and fear to recruit money mules.  They are promoting work-from-home schemes, and asking for donations in order to get access to US bank accounts.  Neither of these approaches is new, but people’s minds are so full of panic that they are not spotting the usual signs.

Police in Scotland have noticed that local organised crime groups have had to reduce their usual drug activities as travel restrictions have damaged their supply chains.  Instead they are stockpiling personal protective equipment and coronavirus testing kits, sometimes by posing as buyers for NHS trusts and care homes.  It might not be (quite) so bad if the stuff they were selling (at vast profit) was genuine, but much of it is counterfeit, out of date, mis-labelled or otherwise non-compliant.

Roberto Saviano – author of “Gomorrah” – knows a thing or three about the mafia, and he is warning that organised crime groups are planning ahead, waiting in the wings to take over businesses that are driven to the wall by the economic collapse.  His contacts tell him that mafia groups are also stocking up – on favours: moneylenders are cancelling interest on debts, while mafiosi organise food deliveries to poor Italians, and you can be sure that those favours will be called in one day.  And as rotten luck would have it, for decades the mafia has been investing in particular sectors, whose day seems to have come: cleaning, waste recycling, transportation, food distribution and funeral homes.

And in a final piece of dark humour, word reaches me that fraudsters are trying their latest spin on the advance fee fraud: people are receiving emails purportedly from MONEYVAL, saying that they have won a lottery, or received an inheritance, or are eligible for a cut of some money confiscated from criminals.  Unsurprisingly, all they have to do to receive their bounty is supply their full bank account details and pay a small administrative fee.  I guess to the non-AML-ish, MONEYVAL does sound like the sort of place that would dish out the dough.

Posted in AML, Due diligence, Fraud, Money laundering, Organised crime | Tagged , , , , , , , , , , | 3 Comments

The topic will be sin and that’s what I’m ag’in

At the beginning of April 2020 the UK’s National Crime Agency published its “National Strategic Assessment of Serious and Organised Crime 2020”.  Of course, much of this report looks at the damage being done by criminals but – as instructed by Johnny Mercer – I am determined to accentuate the positive, and the assessment reminds us of some excellent money laundering convictions during 2019, so let’s smack our lips over a couple of those once again.

On 26 February 2019, Nigerian national Kazeem Akinwale was jailed for nine years at the Old Bailey.  The NCA calls him “a prolific fraudster and go-to money launderer for criminals based around the world”, for whom he laundered more than £6 million stolen from more than a hundred businesses worldwide.  Akinwale orchestrated the transfer of stolen funds into accounts opened by money mules, ordering them to withdraw cash.  The NCA is modest about their involvement, but my online sleuthing has uncovered more details.   In March 2016 London auction house Christie’s reported that hackers had spoofed an employee’s email address in order to divert a payment for a customer invoice into another bank account.  The NCA linked an IP address used to access the intended beneficiary’s account to Akinwale’s home in London, and from there investigators recovered a laptop and two smartphones containing login credentials for more than two hundred accounts at banks in the UK, Poland, Hong Kong and elsewhere.  The trial gave us a new term: “mule herders” are individuals who control money mules.  The mule herders and the mules each took a cut of the proceeds while Akinwale deposited more than £73,000 in “direct commission” into his personal bank accounts.

And in April 2019, student Zain Qaiser was jailed at Kingston Crown Court for six years and five months for blackmail, fraud, money laundering and computer misuse offences.  When still a teenager, and working from his bedroom at his parents’ home in Barking, Qaiser started launching ransomware attacks, in which a computer is hijacked and frozen by a small piece of software until the user pays a fee for its release.  He contacted the Russian controller of one of the most potent attack tools and agreed a split of his profits if his planned blackmail operation was a success, while also setting up relationships with online criminals from China and the US to do the laundering.  Investigators estimate that he may have extorted more than £4 million from victims, few of whom reported their losses because the attacks happened after they had clicked on ads on porn websites: one screen grab from Qaiser’s computer showed that he made £11,000 in July 2014 alone.  He moved more than £4 million through various cryptocurrencies – investing much of it in buying more ads on porn sites to snare more victims – and had personally received almost £550,000 by the time of his arrest in 2014.  He received a further £100,000 as his associates moved funds through Gibraltar and Belize to a UK-accessible online account.  The NCA is still investigating Qaiser’s laundering routes, as he revealed in online chats that he has further “offshore savings”.  As always, of course, he also enjoyed what he considered the finer things in life, spending £5,000 on a Rolex watch and £2,000 on a stay in a Chelsea hotel, as well as gambling £70,000 in a casino.

But now Mr Akinwale and Mr Qaiser are both behind bars, their laundering techniques have been unravelled for us to learn from them, and their criminal proceeds are being traced and seized.  Not only are we accentuating the positive – we’re eliminating the negative.

Posted in Fraud, Money laundering | Tagged , , , , , , , , | 2 Comments

The launderer always blinks twice

My money laundering news alerts have been very, very quiet in the past fortnight – not for one moment do I think this means that money laundering has stopped, or even decreased markedly, but understandably businesses and law enforcement agencies need time to adjust to new ways of working, and AML is just not top of the agenda at the moment.  (Not that it often is, except during rare spikes of interest when we’ve had a ginormous laundering case in the news.)  But one AML-ish topic that is generating a fair amount of discussion is the acceptability or otherwise of verification of client identity at a remove.

Of course, there have always been clients who are identified remotely – online casinos never meet their players, and even more traditional businesses like banks now offer online services to clients who never set foot in a branch.  But it has been generally accepted, using the risk-based approach to AML, that “non-face-to-face client” will be a trigger for a higher risk rating and suitably enhanced due diligence.  Businesses are now having to recalibrate to a situation where – ironically – meeting a client face-to-face is far too risky, and therefore the remote client is the new standard risk proposal.  As I posited in my previous post (don’t say that too quickly), how will we undo staff and client expectations when life goes back to normal – will clients who have become used to remote verification be even more ticked off than usual when we ask them to call in with their passports?  “You believed me when I was sitting at home in my pyjamas and Zooming you – why won’t you believe me now?”

Talking of Zoom, yesterday the Guernsey Financial Services Commission addressed this very issue, issuing detailed guidance on when video calling can be used to verify the identity of individuals.  Crucially, the point is made at the end that “a firm is required to periodically review the identification data it holds on a business relationship to ensure that it is accurate and remains relevant [and] the Commission would expect these reviews to include a determination that verification of an individual via video remains appropriate and relevant in light of the activity over the business relationship and the risks associated with that relationship”.  In other words, when it’s back to business as normal, a video chat with someone may well no longer cut the AML mustard.

Of course, video ID – as it is sometimes called – was around pre-pandemic.  I have found a terrific article on it by two German lawyers, who make the frightening point that you might not be talking to the client in real-time but have been duped into conversing with a clever recording.  In order to check the client’s “liveness”, you should “request  specific actions of the person to be identified (e.g. blink the left eye twice)”.  I reckon we could have some fun with this, perhaps drawing on “Candid Camera” for inspiration.

Posted in AML, Due diligence, Money laundering | Tagged , , , , , , , , , | 7 Comments

Looking to the post-pandemic future

I’m not going to attempt to foretell the impact that the current pandemic will have on our financial systems or on financial crime – there are many people much better qualified than I to do that.  For instance, the tip-top think-tank RUSI has published a commentary on how organised crime – and the forces ranged against them – might react to the new environment.  Anita Clifford of Bright Line Law has written a helpful piece on the implications of AML and CDD for a financial sector in home-working lock-down.  And we already know that even FIUs are having to adjust to working in new ways.

Rather, what I want to consider today is the long-term impact that this unforeseen (for most of us) and devastating (for some of us) disruption will have on how we frame our future due diligence endeavours.  First, in most jurisdictions the AML requirements are predicated on a risk-based approach: you adjust the level of due diligence, monitoring, training, etc. depending on the level of (money laundering and terrorist financing) risk presented by a situation – the type of client, or the size/origin of transaction, or the duties of the member of staff.  Business continuity plans are coming into their own, but I am fairly sure that the majority of them were designed for a fire at the office, or the crashing of a key server, or the kidnap of the Board of directors (now, now, no wishful thinking) – I doubt many were designed with a global shutdown in mind.  In other words, our concept of risk has taken a battering, and I can imagine that once we’re allowed back to work as normal, business risk assessments will be pulled out of storage for a careful examination in the light of the “new normal”.

And second, every person who goes on their first, baby AML course is told that they are obliged by law to report any suspicion of money laundering, and that this cannot be done for them by a computer (such as a transaction monitoring system) because computers have no hearts or souls and therefore can spot only the unusual, not the suspicious.  So what now is “usual”?  In the past, a reliable client who suddenly took out large sums of cash, or refused to come into the office in person, or changed his mind about investments or contracts on a daily basis would appear unusual – now, he’s merely being prudent.  When the dust settles, how will we tell the difference between those whose finances and decisions went haywire because of the pandemic, and those who are simply using that as a cover story for illicit money movements?

Posted in AML, Money laundering, Organised crime | Tagged , , , , , , , , , , , , , | 11 Comments