Real-time transaction monitoring
Our transaction monitoring solution includes an extensive rule library of AML/CFT industry risk typologies
Explore nowThe shifting typologies financial crime compliance professionals seek to identify, monitor, and report on reflect the volatility of the wider economic landscape. But in addition to commonly known and understood risks, such as money mules, a host of typologies are emerging that firms need to understand and assess for 2023. This editorial explores those and identifies key red flag indicators firms can use to ensure their fraud and anti-money laundering programs are operating effectively.
In our 2023 State of Financial Crime report, nearly 1 in 3 firms surveyed reported concerns about environmental crime, making it one of the top-selected typologies. Illicit supply chains are now more efficient and anonymous than ever thanks to the digitalization of finance and communication – from social media and the darknet to crowdfunding and blockchain payments. Globally, two areas stand out:
A 2022 study by Chatham House found that 15 percent of all timber exports from 37 exporting countries were illegal, with the majority coming from China, Brazil, Indonesia, and Russia.
The Financial Action Task Force (FATF) has noted several characteristics of financial flows from illegal logging and mining that firms should consider when establishing red flags. In one use case, a company established in a source country mixes legal and illegal sourcing, often enabled by corrupt politically exposed persons (PEPs), who may serve as beneficial owners or be connected to them. The sourcing company belongs to a parent company in a lower-risk jurisdiction and trafficks through third-party jurisdictions, adding further distance from the parent company. When the parent company receives the profits, they appear to come from elsewhere, creating multiple steps of removal between the illicit proceeds and the true beneficial owners.
Pandemic-related economic downturns have reduced wildlife protection resources in key African regions. Meanwhile, China has eased wildlife trade restrictions introduced in June 2020 to curb COVID. United for Wildlife estimates illegal wildlife traders will “return to full profitability within 2-3 years.”
In a 2020 report, the FATF highlighted numerous red flags indicating the possible laundering of illegal wildlife trade proceeds. Examples include:
Alia Mahmud, Regulatory Affairs Practice Lead at ComplyAdvantage, makes three recommendations for curbing the laundering of environmental crime proceeds:
Our survey also highlighted tax evasion as the predicate offense firms are most focused on screening for, selected by 36 percent of respondents. Globally, there continues to be a push for more transparency in corporate tax arrangements. It is estimated that corporate tax abuse leads to losses of at least $483 billion annually. The G20 agreed to a minimum global tax of 15 percent for multinational corporations in 2021, and countries around the world continue to develop domestic frameworks to implement this.
In 2021, Malta’s Financial Intelligence Analysis Unit (FIAU) released a guide to risk indicators for tax evasion and money laundering. Among other things, it recommended firms monitor for:
However, as no single red flag conclusively identifies tax evasion, firms should ensure they are weighting risks contextually, following an up-to-date and tailored risk assessment.
As international sanctions continue to develop, the risk of violations is high. Unsurprisingly, following the invasion of Ukraine, Russia rose to first place in the 2023 list of geopolitical hotspots firms are most concerned about – cited by 46 percent of respondents.
Responding to comprehensive sanctions, Russian individuals, businesses, and other entities have demonstrated a sophisticated capacity to exploit weaknesses in western sanctions. As firms seek to shore up their risk management, they should bear in mind key emerging sanctions evasion methods. These include:
Mahmud points out that “in our survey, 96 percent of firms told us real-time AML risk data would improve their response to sudden sanctions regime changes, like those seen in the case of Russia.” She urges firms to outsource to vendors when necessary to stay ahead of these changes. “Firms must ensure they do not take a minimalistic approach to detecting potential Russian sanctions exposure, especially since western government agencies will be increasingly focused on improving private sector implementation and reducing evasion.”
2022 saw an acceleration in the convergence of ransomware and cryptocurrencies, most notably through Deadbolt, a group attacking network-attached storage (NAS) devices and vendors. Deadbolt infections soared by 674 percent between June and September 2022 alone, with most infections found in the US, Germany, and Italy.
State-sponsored ransomware actors in Russia, North Korea, and Iran have also become more critical. In April, the US Office of Foreign Asset Control (OFAC) expanded its sanctions regime covering alleged North Korean wallets following the hack of blockchain game Axie Infinity’s Ronin bridge, which saw $600 million in cryptocurrency stolen. In September 2022, three Iranian nationals were charged with scheming to hack the US computer networks of government agencies, nonprofits, and healthcare facilities.
Regulators have taken action to advise firms about how they can best tackle ransomware risks. In March 2022, FinCEN issued an advisory that – among other things – highlighted key risk indicators of a possible ransomware attack involving convertible virtual currency (CVC). In April 2022, the Australian Transaction Reports and Analysis Centre (AUSTRAC) also issued a report highlighting indicators of ransomware. Red flags include:
Iain Armstrong, Regulatory Affairs Practice Lead at ComplyAdvantage, recommends that firms continually review “their cyber defenses, data hygiene, and training programs so they’re able to rapidly adapt to the shifting ransomware landscape. Familiarity with the latest behaviors, and any specific forms of ransomware targeting their sector, will be critical. It’s also important to review the latest guidance from regulators in relevant jurisdictions, as they will continue to issue practical information on the risks firms face and any actions they should take.”
Our survey data showed tax and investment fraud as the joint top concerns for compliance professionals in 2023. While both are likely fuelled by the economic downturn, investment fraud, in particular, often runs countercyclically to the economy.
As easier methods of accessing finance dry up, the temptation increases to resort to bogus schemes offering apparently “market-beating” returns. US Sentencing Commission statistics show that while the number of securities and investment fraud offenders has declined over the last five years, the median loss incurred has soared to more than $2,880,000. In August 2022, the Securities and Exchange Commission (SEC) also issued guidance on the growing use of social media platforms to seek investment guidance.
It states that “fraudsters may set up an account name, profile, or handle designed to mimic a particular individual or firm. …[They] may also direct investors to an imposter website by posting comments in the social media accounts of brokers, investment advisers, or other sources of market information.”
The North American Securities Administrators Association (NASAA) encourages investment advisers and broker-dealers to establish reliable processes to protect clients from investment exploitation. Alongside advice on necessary components of an effective risk program, it lists key risk indicators, including anomalous behavior such as:
Ultimately, the effectiveness of measures designed to screen against each of these five typologies will depend on a sound underlying fraud and AML risk management system. As Armstrong explains: “More than ever, compliance officers will need to keep their businesses focused on good outcomes by emphasizing the human, as opposed to financial, cost of financial crime. Indeed, firms should not be complacent about the longer-term reputational effects of widely-publicized fines and enforcement actions, particularly with the oldest of the millennial generation starting to enter middle age.”
To detect complex, deliberately-obscured activity, firms must establish robust supply chain risk management and know your business (KYB) as part of a comprehensive customer due diligence (CDD) process. Rather than treating various typologies in isolation, firms should ensure their framework effectively traces ultimate beneficial owners (UBOs), screens PEPs, and enables robust enhanced due diligence (EDD) practices. Technologies such as artificial intelligence overlays, which firms can add to existing processes through a third-party vendor, can help ease the transition.
Our transaction monitoring solution includes an extensive rule library of AML/CFT industry risk typologies
Explore nowOriginally published 30 January 2023, updated 30 January 2023
Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.
Copyright © 2024 IVXS UK Limited (trading as ComplyAdvantage).