Fraud Threats during the Pandemic situation

I wrote last week about fraud, and the Dark Money Files, in particular. This week, I caught up with the final presentation on Fraud.

Business has adapted to Covid-19. Logically, fraudsters have too. Compliance teams have been completing risk assessments, and criminal teams are conducting opportunity assessments.

There’s a lot of stress out there – and it’s down to compliance teams to dig their heels in and ensure that caution is not thrown to the wind.

An extreme example of pressurised decision-making was highlighted. A French Pharmaceutical was in the race to source masks, sanitiser sprays and the like. A supplier was found, an order made, and 6.5 million Euros sent to a fraudster.

Whoops.

In the rush to get the stock, the company was dealing with a website impersonating a genuine manufacturer. The investigation is ongoing, but it’s a fair assumption that some corners were cut in due diligence. The silver lining is that a Suspicious Activity Report submitted by the bank handling the receipt of funds, triggered the investigation, and has already resulted in the arrest of the money launderer.

Another example was consumer-focused. Early in lockdown, the UK government sent out SMS messages, urging people to stay at home. Almost immediately, fraudsters began spoofing the origin telephone number, and sending follow-up messages. Each contained a link purporting to go to a government site, but which actually downloaded malware to the device.

Scary stuff.

The presenter, Andrew Clarke, who is a Course Director at the International Compliance Association (ICA), went on to talk about resources for criminals.

Perhaps the headliner here is “Replace Your Doc”. Go have a look.

Need a fake HSBC bank statement? No problem. Utility bill? Step this way…

This website is legal and easy to access.

Any of these type of documents sitting in your Customer Due Diligence files?

Contact Lime for a free, confidential discussion around fraud prevention.

The Dark Money Files

Day three of the Big Compliance Festival was all about fraud.

Compliance is seldom considered thrilling or exciting, but fraud is the only element about which movies are made.

All three presentations were excellent. Actually, that’s a guess. I have, as yet, only watched two. The third is on my to-do list.

One presentation in particular left me open-mouthed. The title alone is enough to catch the eye.

The Dark Money Files – Are UK legal entities the oil that keeps laundromats running?”

The talk focused on the “Russian Laundromat” and the role of UK Limited Liability Partnerships (LLP). Graham Borrow shone a light on some specific examples.

A LLP was formed in the UK. A couple of months later, it opened a bank account at Danske Bank in Estonia. (As you do, obviously.) In thirteen months, the brand new LLP moved 1.2 billion dollars through the account.

That’s not a typo.

$1,196,669,700 (at the exchange rates of the time.)

A name that nobody had heard of, 3 months old, was moving millions every day through its accounts.

Must be a service company for a huge name, surely? Amazon or Apple or someone.

Actually, it was a UK LLP, run from a Moscow address. There was no web presence. No e-mail address, no website, nothing. Throughout the lifetime of the account, there were no expenses, salaries, drawings of any kind. Money (in multiple currencies) came in from places like Kazakhstan and then went out, in smaller tranches to other accounts held at the same bank. Whose accounts? Well, other LLPs with accounts at the same branch.

LLPs are not taxable entities, so they do not submit accounts to HMRC, but they do have an obligation to submit accounts to Companies House.

Who would have thought it? All of the accounts of all of the LLPs receiving the transfers were signed by the same people controlling the LLP sending the transfers.

Astonishing.

Coincidentally, around the same time, I was involved in a money transfer company that needed bank accounts in Denmark. I sat in a meeting with a regional manager at Danske Bank.

“Money Transfer? No, I’m afraid we don’t service risky businesses like that.”

Ironic, no?

Fraud is lucrative. Bad actors will incentivise staff to “look the other way” or to conspire to launder money. It may not be at the scale of the international laundromats in your firm, but the risk is there.

Would your counter staff help a friend split transactions to stay beneath a threshold? No? Good. Have you tested that?

Having the best policies and procedures in the world will do you no good at all, if staff are circumventing them.

Drop Lime a line to schedule a free, confidential discussion about stress testing your systems and training your staff.

Big Compliance Festival 1. Change and Culture

I survived. Part one of The Big Compliance Festival, that is. All six speakers, including David Blunt from the FCA talked about the importance of culture in compliance.

Let me oversimplify this.

Regulators and supervisors don’t want to see firms being compliant because they have to be; they want to see firms being compliant, because they have understood that good compliance makes for good business.

All members of staff should understand why the firm has policies and procedures, why “Know Your Customer” measures are important.

Covid 19 and the ensuing lockdown have accelerated massive shifts in the way that firms do business, and this in turn will lead to adaptation and evolution of policies and procedures. Everybody will find themselves in uncharted waters – and understanding the “why” will guide the informed creation of the new “what”.

I admit to being surprised to hear FCA talking about the why rather than the what. It felt modern, in touch with current management thinking. (Don’t tell them I said that.)

While it’s heartening to hear regulators being engaging, and culturally aware, it’s daunting too. In my experience, clients prefer dos and don’ts. Absolutes are easier to measure and manage. Culture is ephemeral, difficult to measure, or objectively manage.

There is no suggestion that supervisors are looking to be light-touch. Over the last several years, both HMRC and FCA have been signalling that the “touch” is moving to a “slap”, so there is no room for complacency.

What’s the culture around compliance like in your firm?

Get in touch for a no-obligation, confidential and free conversation.

The BigCompFest

Short for the Big Compliance Festival. I can hear you licking your lips at the thought of it.

Run by the International Compliance Association, of which I am a Fellow (get me!) This is an annual event.

2020 will be different. The compliance industry, like every other, is adapting to the new normal, and hosting the event online. Attendees will be able to join “live” and participate in Q&A or watch it on demand later. There are three “parts” running over the remainder of the year.

This post publishes the day before Day 1 (June 10, 2020) – so if you are interested, swing by the landing page.

Otherwise, keep coming by here, where I will be regularly updating on the conference. You can also follow me on Twitter.

Tomorrow, I’m looking forward to hearing from David Blunt, Head of Conduct Specialists at the Financial Conduct Authority (FCA). I have heard David speak before, he is knowledgeable and entertaining.

The forced online structure suits me down to the ground. The event usually takes place in London, a five hour flight from me here. It’s hosted at a big swanky hotel in the centre and goes on for a couple of days. Put together travel, accommodation and fees, and I’m easily investing £3,000 to attend.

This way – the cost is less, I can attend only the sessions that are relevant to my sector, and I am still able to complete my normal workload around the conference. I will miss the networking opportunities, but hand on heart, I’ve never gained any business at a compliance conference – the attendees are either consultants like me, or in-house for big firms, taking the expense account for a twirl.

Three Wise Monkeys

“€17.8 billion over 5 years. All from non-resident customers. Who are these customers? The database appears to have a few blanks.”

“…”

“I see. These non-res customers, with complex corporate structures, including Malta, Cyprus, and Luxembourg are shy – and we feel it best to keep their personal data off the system. Of course we do.”

“…”

“A UK company owned by a Cypriot entity, controlled by person or persons unknown, chooses to bank at an Estonian subsidiary of a Swedish Bank. Perfectly natural. Perhaps they come for the weather?”

I’m fond of some creative writing, but alas the above is not my work. I’m merely imagining conversations that must have taken place inside Swedbank in 2015.

Stung into action by an exposé by Swedish TV, Swedbank commissioned international law firm Clifford Chance to investigate compliance failures. They published their report in March. Be warned – there’s a lot of it.

Swedbank was fined $386,000,000 by its domestic regulator. More fines are coming from Estonia and US.

What can we learn from this story?

Swedbank had policies and procedures. It had compliance teams. Internal reports. It had external consultants and reviews. Problems were flagged. Issues raised.

The Bank spent a fortune on creating an infrastructure to prevent money laundering and when the system worked, ignored the alerts.

Why would they do that?

  1. Disinterest. Compliance is seen as boring, drudgery. (Disclaimer, some of it is.) Management of it tends to get sent up a circuitous reporting chain – with frontline concerns often not reaching the top.
  2. Good old commercial interest. Big numbers are sexy.

It’s the role of compliance teams to raise flags and to make sure they’re heard.

But…it’s the boss’ job to listen.

Don’t believe that your company is following its procedures. Know it. Prove it. Document it.

Want a hand? Drop me a line.

Working Safely during COVID-19 in shops and branches

The Department for Business, Energy and Industrial Strategy (BEIS) has issued Guidance for employers, employees and the self-employed.

Purpose

“This document is to help employers, employees and the self-employed in the UK understand how to work safely during the COVID-19 pandemic, keeping as many people as possible 2 metres apart from those they do not live with.”

Scope

The guidance is targeted at “shops and branches”. “Branches include bank branches, post offices and other open money businesses.”

Elements

Firms should work through the guidance note, step by step.

1. Risk
2. Who should go to work
3. Social distancing
4. Customers, visitors and contractors
5. Cleaning
6. PPE
7. Workforce
8. Inbound and Outbound goods

Assuming that firms can do so safely – then they should prepare to open on June 15th – a huge relief. The first task is to download the guidance, read it and start thinking about how best to complete a risk assessment.

Need help?

Keeping Up-to-date

2018 was a busy year for Lime. In addition to looking after clients, Stuart got re-certified in Anti Money Laundering by the International Compliance Association (ICA) and attended the Annual Conference in London. The ICA runs multiple events, seminars and webinars as part of their BIG Compliance Conversation.

Keeping up-to-date is an important part of the compliance world. Regulation and guidance is constantly evolving, and of course, the bad guys don’t stand still either.

As well as being a Fellow of the ICA, Stuart has now joined the Association of Certified Anti Money-laundering Specialists (ACAMS). In February, he will be attending their Anti Financial Crime Symposium in Cyprus. (A hard life, isn’t it?)

Lime keeps on top of developments at a supra-national, national and sector basis. Supporting our clients means keeping them informed of what’s changing that is relevant, and what’s changing that isn’t.

For most people, an entire day talking compliance is a particularly cruel version of hell. That’s why we do it for them. Don’t tell anyone, but Stuart can happily geek out on the minutiae of anti money laundering policies for hours at a time.

Have you tested your policies and procedures? Having nice manuals is one thing, but are they followed? Lime conducts stress tests to establish what is actually happening at the coal face. Regulators and Bank partners alike are big fans of these. They provide comfort that Firms are on top of their game.

If you are concerned that your AML policies and procedures might not be as up-to-date as they should be, get in touch. We’re more than happy to have a confidential and free chat.

Sanctions: In, out, in, out, shake it all about.

In June, I wrote about the conflicting advice on sanctions and specifically on dealing with Iran.

A couple of months later, the international community will surely have sorted that out.

Ah.

Not exactly. Federica Mogherini, the EU’s high representative for foreign affairs, said Brussels would not let the 2015 agreement with Tehran die, and she urged European firms to make their own investment decisions and continue to work with Iran. She said this only hours after President Trump had tweeted;

“The Iran sanctions have officially been cast. These are the most biting sanctions ever imposed, and in November they ratchet up to yet another level. Anyone doing business with Iran will NOT be doing business with the United States. I am asking for WORLD PEACE, nothing less!”

So, how would European firms react to this conflicting advice?

Well, the very same day, Daimler announced that it would be discontinuing its very limited activity in Iran.

Hardly surprising really. Who would risk being excluded from the US?

Sanctions legislation and advice can be complicated. Getting it wrong can be catastrophic. Worried how you stand? Give Lime a call and we can talk it through.

Stop Press. Banks charge fees!

Card Fees. Annually, the BBC recycles a story on foreign ‘plastic’ spending by UK travellers and the fees they pay.

The latest iteration was last week. I caught it on the evening news, and at the time of writing, it remains on the internet.

The article even links back to last year’s version, written by the same journalist. Last year, Amsterdam, this year Malaga. I wonder where he’s off to next year?

The thrust of the piece is that consumers don’t know that they are paying up to 3% fees on card transactions abroad. When the BBC provided them with this information, holidaymakers were outraged. The BBC asked FairFX, foreign exchange specialists to analyse the figures.

FairFX is one of many foreign exchange companies founded specifically to compete with the banks. I’m not sure I would choose a direct competitor for an even-handed analysis. (That said, I have heard only good things about the company.)

Charges

However, the analysis seems focused exclusively on charges, ignoring FX spread, which may be much more substantial that the fee. As I consumer, I’m less interested in how the margin is extracted, through fee or spread, and more in the final result, ie how many ‘dingalings’ I get net, per pound.

The piece felt lazy to me.

Finally, most irritating to me, is the failure to explore what all this means. Are the banks ruthlessly profiteering? Do consumers not accept that banks are businesses, motivated by profit? Are financial companies unfairly singled out on margins?

These are the questions that I believe would benefit from some scrutiny.

Margin

In conclusion, I am most interested in consumer perception of margin. I started in financial services behind the counter of a bureau de change in Paris. I was, and remain, fascinated as to why consumers would be outraged by a 10% commission on a financial transaction, and then happily pay ten times that margin on a coffee next door.

Why is that?

Recertified

Several years ago, I undertook not one, but two diplomas with International Compliance Training (ICT). First in anti money laundering (AML). I have to admit; it was hard work.

Studying

I hadn’t done any studying in a long time. If I wanted to know something that couldn’t be found in a few clicks on Google, then I could delegate the task to my team. They could go and find anything that I needed.

Therefore, going back to school came as a bit of a shock to the system. There were lectures, seminars and books to read. Hell, I even had to write papers and sit an exam.

Gradually, I began to enjoy studying. It was fascinating to hear real life examples and spend time with other people working in the field.

Eventually, I graduated, and was allowed to append ‘Dip. (AML)’ to my name on the business card.

As my company grew, new products were launched and regulation increased. I felt it was time to take on some more study. I registered for the diploma in Financial Crime Prevention (FCP).

Again, I made it through, this time appending ‘Dip. (FCP)’

Consequently, with two diplomas, (shouldn’t that be diplomae?), I was eligible to become a Fellow of the International Compliance Association. Acronym heaven!

Stuart Lennon, FICA, Dip. (AML) (FCP)

Recertified

A characteristic of this field (apart from the constant proliferation of acronyms), is its constant evolution. New products, new regulation and of course, new ways of circumventing that regulation. Therefore, I was delighted when last year, ICT published that it was to begin a recertification programme.

Immediately, I signed up. Then attended a day’s training and wrote a new paper.

Yesterday, a day or two early, ICT sent an email telling me that I had passed.

I’m recertified.

Or maybe just certifiable.

Lime offers no nonsense, straight forward compliance consultancy. Get in touch.