A pandemic of efficiency?

These are very odd times: on the one hand, my daily life has slowed considerably, with elements of “Groundhog Day” about it, while on the other it is all but impossible to keep up with the fast-changing advice and requirements about the pandemic.  I have resisted blogging about recommendations from regulators and the like about keeping up with CDD efforts, as it seems to alter by the day.  But I have been wondering whether there are actually benefits of doing our AML work remotely.

For instance, we humans are herd-like in more than our immunity.  We also tend to mimic the work patterns and methods of those around us: if your desk-neighbour always uses a particular website to check PEP background information, you might just copy him.  But if you’re left to your own devices, sitting alone at your dining table at home with only the cat to suggest how to do the best Google searches, might you come up with an alternative that is better, or more illuminating, or simply useful to have as corroboration?  If you’re not fitting in with the working patterns of those around you, perhaps you’ll come at something from a new angle.  And without the distraction of phone calls by desk-neighbours and invitations to the tea-room to celebrate someone’s birthday or the lure of the lunch-time wander through town, do we have more focused time to spend on AML enquiries and research?

One definite benefit I have found is that it is much easier to pin people down for phone calls or training.  An enormous challenge for MLROs trying to organise training is getting all the relevant people in one place at the same time – a challenge that is magnified if the organisation is international, or if the people are very senior.  But nowadays, it’s a doddle: everyone’s at home.  No-one’s on holiday, or attending a conference, or even stuck at the airport waiting for a delayed flight.  And as an added bonus, you get to see everyone’s taste in interior design: that scary CEO might seem less frightening once you’ve seen her treasured collection of knitted bunnies in the background.

(If you’re struggling with working alone at home for the first time, you can get regular tips on surviving – and perhaps even enjoying – the experience from the Facebook page that accompanies my book “The Solo Squid: How to Run a Happy One-Person Business”.)

Posted in AML, Money laundering | Tagged , , , , , , , | 1 Comment

No, no, no to UWO, UWO, UWO

Most of us in the world of AML have welcomed the advent of the Unexplained Wealth Order – the court order introduced by the Criminal Finances Act 2017, which can be served to compel either a PEP or someone involved in serious criminality (or both…) to reveal the sources of their unexplained wealth.  We have tracked breathlessly the serving and processing of the first two UWOs, involving Zamira Hajiyeva (London-based wife of the former chairman of the International Bank of Azerbaijan, and known to the general public as “the £16 million Harrods woman”).  But on 8 April 2020 we were brought up short in our frenzy of prurient schadenfreude: the National Crime Agency confirmed that “the High Court ruled in favour of the respondents to three UWOs secured by the NCA in May 2019, and discharged the orders”.

The UWOs in question related to three properties in London (mansions in Hampstead and Highgate and an apartment in Chelsea, worth a total of £80 million and lived in by relatives of former Kazakh president Nursultan Nazarbayev but owned by offshore companies).  The NCA applied for – and were granted – the UWOs on the basis of their belief that the properties were linked to a PEP involved in serious crime.  But Dr Dariga Nazarbayeva and Nurali Aliyev (daughter and grandson of the former president, and beneficial owners of the properties) appealed to the High Court to have the orders overturned.  And Mrs Justice Lang agreed to discharge the UWOs, holding that the pair had filed sufficient “cogent evidence” of the legitimate source of the funds and that the NCA’s assumptions regarding the source of the money used to purchase the properties were “unreliable”.  (The NCA thinks that the properties were bought with money embezzled by the late Rakhat Aliyev – husband of Dr Nazarbayeva and father of Nurali – who styled himself “Godfather-in-law” and died in prison in Austria in 2015 while awaiting trial for kidnapping and murder.)  And they’re not going to give up, according to Graeme Biggar, Director General of the National Economic Crime Centre: “We disagree with this decision to discharge the UWOs and will be filing an appeal.  These hearings will establish the case law on which future judgments will be based, so it is vital that we get this right.  The NCA is tenacious.  We have been very clear that we will use all the legislation at our disposal to pursue suspected illicit finance and we will continue to do so.”

Personally (and indeed professionally), I think this latest knock-back is a good thing.  I know little about the specific case except what I read in the public domain, but I do know that there has been some unease about UWOs.  I have heard rumblings about them being used inappropriately to settle political scores, or being granted without sufficient scrutiny.  So to have three examined closely, overturned, adjusted and (I have no doubt about this) granted again at a later date shows that the system is both robust and fair.  And this setback has not dented enthusiasm for the UWO in theory, with plans afoot to make them available in Northern Ireland later this year.

Posted in AML, Bribery and corruption, Money laundering | Tagged , , , , , , , , , , , , , , , , , | 2 Comments

Keep washing that money

This blog – much like its author – veers wildly between buoyancy and doom, and this week it’s the latter.  Sorry about that.  And it’s about the pestilence.  Sorry about that too.  But there’s no lock-down for criminality and I assume that the MLROs among you are still keeping your staff posted with information about developing risks.  With that in mind, here are four warnings you can pass on (from a safe distance, of course).

Much as I try my hardest to ignore any news coming across the pond from the US, I think this source is reliable.  At the beginning of April, the FBI issued an official warning about criminals using the pandemic uncertainty and fear to recruit money mules.  They are promoting work-from-home schemes, and asking for donations in order to get access to US bank accounts.  Neither of these approaches is new, but people’s minds are so full of panic that they are not spotting the usual signs.

Police in Scotland have noticed that local organised crime groups have had to reduce their usual drug activities as travel restrictions have damaged their supply chains.  Instead they are stockpiling personal protective equipment and coronavirus testing kits, sometimes by posing as buyers for NHS trusts and care homes.  It might not be (quite) so bad if the stuff they were selling (at vast profit) was genuine, but much of it is counterfeit, out of date, mis-labelled or otherwise non-compliant.

Roberto Saviano – author of “Gomorrah” – knows a thing or three about the mafia, and he is warning that organised crime groups are planning ahead, waiting in the wings to take over businesses that are driven to the wall by the economic collapse.  His contacts tell him that mafia groups are also stocking up – on favours: moneylenders are cancelling interest on debts, while mafiosi organise food deliveries to poor Italians, and you can be sure that those favours will be called in one day.  And as rotten luck would have it, for decades the mafia has been investing in particular sectors, whose day seems to have come: cleaning, waste recycling, transportation, food distribution and funeral homes.

And in a final piece of dark humour, word reaches me that fraudsters are trying their latest spin on the advance fee fraud: people are receiving emails purportedly from MONEYVAL, saying that they have won a lottery, or received an inheritance, or are eligible for a cut of some money confiscated from criminals.  Unsurprisingly, all they have to do to receive their bounty is supply their full bank account details and pay a small administrative fee.  I guess to the non-AML-ish, MONEYVAL does sound like the sort of place that would dish out the dough.

Posted in AML, Due diligence, Fraud, Money laundering, Organised crime | Tagged , , , , , , , , , , | 3 Comments

The topic will be sin and that’s what I’m ag’in

At the beginning of April 2020 the UK’s National Crime Agency published its “National Strategic Assessment of Serious and Organised Crime 2020”.  Of course, much of this report looks at the damage being done by criminals but – as instructed by Johnny Mercer – I am determined to accentuate the positive, and the assessment reminds us of some excellent money laundering convictions during 2019, so let’s smack our lips over a couple of those once again.

On 26 February 2019, Nigerian national Kazeem Akinwale was jailed for nine years at the Old Bailey.  The NCA calls him “a prolific fraudster and go-to money launderer for criminals based around the world”, for whom he laundered more than £6 million stolen from more than a hundred businesses worldwide.  Akinwale orchestrated the transfer of stolen funds into accounts opened by money mules, ordering them to withdraw cash.  The NCA is modest about their involvement, but my online sleuthing has uncovered more details.   In March 2016 London auction house Christie’s reported that hackers had spoofed an employee’s email address in order to divert a payment for a customer invoice into another bank account.  The NCA linked an IP address used to access the intended beneficiary’s account to Akinwale’s home in London, and from there investigators recovered a laptop and two smartphones containing login credentials for more than two hundred accounts at banks in the UK, Poland, Hong Kong and elsewhere.  The trial gave us a new term: “mule herders” are individuals who control money mules.  The mule herders and the mules each took a cut of the proceeds while Akinwale deposited more than £73,000 in “direct commission” into his personal bank accounts.

And in April 2019, student Zain Qaiser was jailed at Kingston Crown Court for six years and five months for blackmail, fraud, money laundering and computer misuse offences.  When still a teenager, and working from his bedroom at his parents’ home in Barking, Qaiser started launching ransomware attacks, in which a computer is hijacked and frozen by a small piece of software until the user pays a fee for its release.  He contacted the Russian controller of one of the most potent attack tools and agreed a split of his profits if his planned blackmail operation was a success, while also setting up relationships with online criminals from China and the US to do the laundering.  Investigators estimate that he may have extorted more than £4 million from victims, few of whom reported their losses because the attacks happened after they had clicked on ads on porn websites: one screen grab from Qaiser’s computer showed that he made £11,000 in July 2014 alone.  He moved more than £4 million through various cryptocurrencies – investing much of it in buying more ads on porn sites to snare more victims – and had personally received almost £550,000 by the time of his arrest in 2014.  He received a further £100,000 as his associates moved funds through Gibraltar and Belize to a UK-accessible online account.  The NCA is still investigating Qaiser’s laundering routes, as he revealed in online chats that he has further “offshore savings”.  As always, of course, he also enjoyed what he considered the finer things in life, spending £5,000 on a Rolex watch and £2,000 on a stay in a Chelsea hotel, as well as gambling £70,000 in a casino.

But now Mr Akinwale and Mr Qaiser are both behind bars, their laundering techniques have been unravelled for us to learn from them, and their criminal proceeds are being traced and seized.  Not only are we accentuating the positive – we’re eliminating the negative.

Posted in Fraud, Money laundering | Tagged , , , , , , , , | 2 Comments

The launderer always blinks twice

My money laundering news alerts have been very, very quiet in the past fortnight – not for one moment do I think this means that money laundering has stopped, or even decreased markedly, but understandably businesses and law enforcement agencies need time to adjust to new ways of working, and AML is just not top of the agenda at the moment.  (Not that it often is, except during rare spikes of interest when we’ve had a ginormous laundering case in the news.)  But one AML-ish topic that is generating a fair amount of discussion is the acceptability or otherwise of verification of client identity at a remove.

Of course, there have always been clients who are identified remotely – online casinos never meet their players, and even more traditional businesses like banks now offer online services to clients who never set foot in a branch.  But it has been generally accepted, using the risk-based approach to AML, that “non-face-to-face client” will be a trigger for a higher risk rating and suitably enhanced due diligence.  Businesses are now having to recalibrate to a situation where – ironically – meeting a client face-to-face is far too risky, and therefore the remote client is the new standard risk proposal.  As I posited in my previous post (don’t say that too quickly), how will we undo staff and client expectations when life goes back to normal – will clients who have become used to remote verification be even more ticked off than usual when we ask them to call in with their passports?  “You believed me when I was sitting at home in my pyjamas and Zooming you – why won’t you believe me now?”

Talking of Zoom, yesterday the Guernsey Financial Services Commission addressed this very issue, issuing detailed guidance on when video calling can be used to verify the identity of individuals.  Crucially, the point is made at the end that “a firm is required to periodically review the identification data it holds on a business relationship to ensure that it is accurate and remains relevant [and] the Commission would expect these reviews to include a determination that verification of an individual via video remains appropriate and relevant in light of the activity over the business relationship and the risks associated with that relationship”.  In other words, when it’s back to business as normal, a video chat with someone may well no longer cut the AML mustard.

Of course, video ID – as it is sometimes called – was around pre-pandemic.  I have found a terrific article on it by two German lawyers, who make the frightening point that you might not be talking to the client in real-time but have been duped into conversing with a clever recording.  In order to check the client’s “liveness”, you should “request  specific actions of the person to be identified (e.g. blink the left eye twice)”.  I reckon we could have some fun with this, perhaps drawing on “Candid Camera” for inspiration.

Posted in AML, Due diligence, Money laundering | Tagged , , , , , , , , , | 7 Comments

Looking to the post-pandemic future

I’m not going to attempt to foretell the impact that the current pandemic will have on our financial systems or on financial crime – there are many people much better qualified than I to do that.  For instance, the tip-top think-tank RUSI has published a commentary on how organised crime – and the forces ranged against them – might react to the new environment.  Anita Clifford of Bright Line Law has written a helpful piece on the implications of AML and CDD for a financial sector in home-working lock-down.  And we already know that even FIUs are having to adjust to working in new ways.

Rather, what I want to consider today is the long-term impact that this unforeseen (for most of us) and devastating (for some of us) disruption will have on how we frame our future due diligence endeavours.  First, in most jurisdictions the AML requirements are predicated on a risk-based approach: you adjust the level of due diligence, monitoring, training, etc. depending on the level of (money laundering and terrorist financing) risk presented by a situation – the type of client, or the size/origin of transaction, or the duties of the member of staff.  Business continuity plans are coming into their own, but I am fairly sure that the majority of them were designed for a fire at the office, or the crashing of a key server, or the kidnap of the Board of directors (now, now, no wishful thinking) – I doubt many were designed with a global shutdown in mind.  In other words, our concept of risk has taken a battering, and I can imagine that once we’re allowed back to work as normal, business risk assessments will be pulled out of storage for a careful examination in the light of the “new normal”.

And second, every person who goes on their first, baby AML course is told that they are obliged by law to report any suspicion of money laundering, and that this cannot be done for them by a computer (such as a transaction monitoring system) because computers have no hearts or souls and therefore can spot only the unusual, not the suspicious.  So what now is “usual”?  In the past, a reliable client who suddenly took out large sums of cash, or refused to come into the office in person, or changed his mind about investments or contracts on a daily basis would appear unusual – now, he’s merely being prudent.  When the dust settles, how will we tell the difference between those whose finances and decisions went haywire because of the pandemic, and those who are simply using that as a cover story for illicit money movements?

Posted in AML, Money laundering, Organised crime | Tagged , , , , , , , , , , , , , | 11 Comments

Free download of financial crime novel

Some of you may know that my obsession with financial crime spreads into my personal life, and that my hobby is writing historical financial crime novels.  My first series is narrated by a magistrates’ constable in London in the 1820s, and the first in this series is called “Fatal Forgery” – and it’s all about bank fraud.

As my little contribution to battling the corona boredom blues, from now until Thursday I am offering the e-book of “Fatal Forgery” as a free download on Amazon.  (That’s an international link, so it should take you to your relevant Amazon site, wherever you are.)  The plot is guaranteed free of plague, contagion, lurgy, virus or pox, so it’s perfect escapist reading – and with the financial element, it might even count as CPD!

And please: tell all your friends and family – the more the merrier.  It could be the ideal book for a virtual book-club, and everyone can get it for free!

Happy reading, everyone, and keep safe and well.

Posted in Fraud, Money laundering, Publications, Uncategorized | Tagged , , , , | 6 Comments

Levy-hearted

I have my fingers in my ears and am chanting “la la la” to myself, as I refuse to listen to any more corona-chatter.  For today’s blog I am going to pretend that nothing untoward is happening and have a think instead about the UK government’s plans for an Economic Crime Levy.  This was announced – after plenty of rumours – in the Budget on 11 March 2020: “The government intends to introduce a levy to be paid by firms subject to the Money Laundering Regulations to help fund new government action to tackle money laundering and ensure delivery of the reforms committed to in the Economic Crime Plan.  These reforms will help safeguard the UK’s global reputation as a safe and transparent place to conduct business.  The levy will be additional to ongoing public sector funding.  The government will publish a consultation on the levy later this spring.”

Interesting word, levy.  It comes to us from levis (Latin for light) via lever (Old French for raise), and by the 13th century was already being used as a verb meaning to raise or collect.  As a noun, its most common usage in the UK today – until this latest development – was in the context of heavy goods vehicles: overseas HGVs wishing to drive into the UK have to pay a levy of £10 a day or £1,000 a year.  It’s certainly not a word we have seen very often in the financial services environment.

The government has issued a short Q&A document setting out its initial thoughts (I can’t find the original link but you can download the PDF via the Law Society website), with promises of a consultation “in the spring”.  Some thoughts to distract you:

  • Have we lost confidence in the truly consultative nature of government consultations? Avid respondent that I am (try and stop me!), I have yet to see the government position change from their initial position as a result of a consultation (in the area of finance and economic crime, anyway).
  • The levy will apply to firms subject to the Money Laundering Regs – i.e. to those businesses already spending time and resources on AML. Would it actually be fairer (and more lucrative) to apply the levy to those businesses not subject to the Money Laundering Regs, so that we’re all playing a part in the fight against economic crime and doing what we can – AML checks if that’s possible given our line of business, and supporting the cause financially if it’s not?
  • If the levy is intended to raise £100 million, and in order to do that we need (to quote from the HMT Q&A) a “collection infrastructure”, the creation of a “levy formula [that is] simple to calculate, predictable, applicable across all the types of businesses in the AML-regulated sector, and designed to avoid unintended consequences [and takes risk into account]” and possibly the setting up of “a single organisation to collect the levy”, will there be any money left over?
Posted in AML, Legislation, Money laundering, Supervision | Tagged , , , , , , , , | 2 Comments

Planes and pandemics

One of the challenges of AML work is keeping up with the endless adaptability and imagination of criminals.  Unshackled by moral considerations, or by the need to report to risk committees or by the requirement to comply with legislation (quite the opposite!) criminals can turn on a sixpence and take immediate advantage of any opportunity that presents itself.

The week before last, the airline Flybe went into administration.  I was in Guernsey at the time – an island previously served by Flybe – and within minutes (literally, minutes) of the collapse being announced, people were receiving texts purportedly from their banks asking them to “Click this link to submit your information so that we can promptly process your Flybe refunds”.  The savvy compliance people with whom I work simply rolled their eyes – who has ever heard of a bank tripping over itself to offer a refund? – but who knows how many ordinary people, panicked by the thought of losing money, followed the link and blithely submitted their bank account details?

And talking of panic, COVID-19 is proving a bonanza for criminals.  The snake-oil salesmen are out in force, offering a menu of products that can protect you from the virus, or treat it if you catch it – from teas to essential oils, and from tinctures to silver.  Such is the concern that social media companies have reacted quickly: if you do a Google search on “treat coronavirus” and click on the Shopping button, there are no results at all, as they have all been blocked.  Other frauds involve sellers of protective face masks or bulk quantities of “special” hand sanitiser that never arrive (and wouldn’t work if they did).  And in a phishing variant, fraudsters (pretending to be from research organisations affiliated with the Center for Disease Control and Prevention or the World Health Organisation) are contacting people and offering a list of the coronavirus-infected people in their neighbourhood.  The victim clicks on the link, and is either taken to a malicious website or asked to make a payment in Bitcoin.

Baddies are also taking advantage of the pandemic in other ways.  American journalist Brian Krebs has written an interesting – horrifying but interesting – article about how criminals are using the suddenly increased at-home workforce to recruit more money mules.  As he explains in his article, they are quickly setting up “mule factories” to recruit the unwary (or the financially desperate) – you really need to read his exposé of the Vasty Health Care Foundation.

Criminals prey on our baser nature – our greed, our fear, our selfishness.  AML has always tried to focus outwards, encouraging us to protect ourselves, our clients, our institutions and the global financial system, and these latest crises are no different.  As the government advice has it: be prepared but not scared.

Posted in Fraud, Money laundering, Organised crime | Tagged , , , , , , , , , , , | 4 Comments

This time it’s personal

We’re fairly accustomed now to seeing firms of various stripe fined for AML failings, but for all the talk of personal accountability and statements of responsibility it is still rare for individuals to be held liable for poor AML behaviour. This is why my eye was caught last week by the FinCEN announcement of the US$450,000 “civil money penalty” that it had levied on Michael LaFontaine, former Chief Operational Risk Officer at US Bank National Association.  The fifth largest bank in the US, his employer is perhaps better known by the name of its parent company US Bancorp, which has held a banking licence since 1863 and now has 74,000 employees.  Like many banks, it relies on software to monitor transactions for unusual activity and then spit out alerts for further enquiry.  However, on Mr LaFontaine’s instruction, the bank’s IT elves capped the number of alerts that the system would generate.  A risky decision for a risk officer, you might think, and so did FinCEN: “Mr LaFontaine was warned by his subordinates and by regulators that capping the number of alerts was dangerous and ill-advised.  His actions prevented the proper filing of many, many SARs, which hindered law enforcement’s ability to fully combat crimes and protect people.  FinCEN encourages technological innovations to help fight money laundering, but technology must be used properly.”  As Ella Fitzgerald could have told Mr LaFontaine, t’ain’t what you do, it’s the way that you do it, and that’s what gets results.

Before you start to feel professional sympathy with Mr LaFontaine – there but for the grace of God, we’re doing our best here in the compliance department, etc. – let’s fill in the background.  In February 2018, US Bancorp was fined $185 million for “wilfully [wilfully!] violating the BSA’s requirements to implement and maintain an effective AML program and to file SARs in a timely manner”.  Moreover: “Mr LaFontaine was advised by two subordinates that they believed the existing automated system was inadequate because caps were set to limit the number of alerts.  The Office of the Comptroller of Currency warned the bank on several occasions that using numerical caps to limit the bank’s monitoring programs based on the size of its staff and available resources could result in a potential enforcement action, and FinCEN had taken previous public actions against banks for the same activity.  Mr LaFontaine received internal memos from staff claiming that significant increases in SAR volumes, law enforcement inquiries, and closure recommendations, created a situation where the AML staff ‘is stretched dangerously thin’.  Mr LaFontaine failed to take sufficient action when presented with significant AML program deficiencies in the bank’s SAR-monitoring system and the number of staff to fulfil the AML compliance role.  The Bank had maintained inappropriate alert caps for at least five years.”

Now I’ve done a bit of (very amateur) sleuthing to find out how much that $450,000 penalty might hurt Mr LaFontaine.  Bill Parker was the bank’s chief risk officer until autumn 2018, and his remuneration in 2016 was a salary of $625,000 as part of a total compensation package of $3.9 million – we know that because it was reported here.  Mr Parker was succeeded by Jodi Richard, and she moved into the role – and presumably the remuneration – from her previous job as the bank’s chief operational risk officer (reported here).  My logic is that people generally get a maximum 20% salary increase on promotion, so the CORO is probably on about $500,000 a year.  Which means that the penalty for at least five years’ poor work for Mr LaFontaine was a year’s salary.

Posted in AML, Due diligence, Money laundering | Tagged , , , , , , , , , , | 2 Comments