This article focuses on the CSSF, outlining its role, the entities it regulates, and guidance on how to best meet regulatory obligations and avoid noncompliance penalties.

What is the CSSF?

Luxembourg’s CSSF is the financial regulatory body responsible for supervising the financial sector, which includes banks, investment firms, insurance companies, and other financial service providers. Established in 1998, the CSSF aims to maintain the safety, soundness, and stability of the financial system in Luxembourg. Its duties encompass licensing financial institutions (FIs), ensuring regulatory compliance, protecting investors, and enforcing market integrity.

The role and obligations of the CSSF

Before the CSSF was established, financial oversight in Luxembourg was fragmented among various authorities: the Institut Monétaire Luxembourgeois (IML), which handled monetary policy and banking regulation, and the Commissariat aux Bourses, which oversaw securities markets. 

The growing complexity of financial markets and the need for a unified regulatory framework led to the CSSF’s formation under the law of December 23, 1998, which aimed to centralize supervision and adapt to European Union directives. This restructuring ensured more effective oversight and compliance with international standards. 

Today, the CSSF performs several duties, including: 

• Supervisory functions: The CSSF conducts regular and ad hoc inspections, both on-site and off-site, to assess FIs’ financial health, risk management practices, and regulatory compliance. It also monitors financial markets and participants to detect irregularities or fraudulent activities. To this end, the authority introduced new ICT incident reporting requirements in April 2024. This new framework requires firms to report major ICT-related incidents within specified timeframes, reinforcing the CSSF’s role in ensuring proactive measures are taken to safeguard against ICT and cyber threats.
• Consumer protection: To ensure financial products and services are transparent and consumers are treated fairly, the CSSF handles consumer complaints and mediates disputes between FIs and clients. Additionally, it promotes financial education and awareness among the public.
• Anti-money laundering and counter-terrorist financing (AML/CTF): In addition to implementing and enforcing AML/CTF regulations, the CSSF ensures firms have robust AML systems to detect and report suspicious activities and collaborates with national and international authorities to enhance the effectiveness of anti-financial crime measures.
• Market stability and integrity: The CSSF oversees the proper functioning of financial markets and the conduct of market participants. It monitors trading activities to prevent market abuse, such as insider trading and market manipulation and ensures accurate and timely market information disclosure. 
• International cooperation: By actively engaging with international regulatory organizations and committees, such as the European Securities and Markets Authority (ESMA), the European Banking Authority (EBA), and the International Organization of Securities Commissions (IOSCO), the CSSF helps shape global regulatory standards and ensures Luxembourg’s financial sector adheres to international best practices.
• Innovation and technology: To support innovation, the CSSF provides guidance and frameworks to help firms navigate the evolving technological landscape while maintaining regulatory standards. The authority takes a “proactive, flexible” regulatory approach to financial innovation, assessing each project “on the basis of the services effectively provided regardless of the technology used.” 

Institutions regulated by the CSSF

The CSSF regulates a wide range of FIs and entities operating in Luxembourg. These institutions include:

Regulatory framework of the CSSF

The CSSF enforces a robust regulatory framework composed of several key laws and regulations:

• Financial sector laws: Establishing the legal foundation for the operation and supervision of FIs, defining the standards and requirements they must meet. Key legislation includes the Law of 5 April 1993 on the financial sector (LFS) and the Law of 23 December 1998 related to the supervision of securities markets and regulates market participants.
• AML regulations: Requiring FIs to implement robust measures to prevent money laundering and terrorist financing, including customer due diligence (CDD), transaction monitoring, and reporting of suspicious activities. These requirements are outlined in the Law of 12 November 2004 on the fight against money laundering and terrorist financing and CSSF Regulation No. 12-02.
• Market abuse regulations: Designed to prevent insider trading, market manipulation, and other forms of market abuse, ensuring financial markets are fair and transparent. This includes Regulation (EU) No 596/2014 on market abuse (MAR), which is directly applicable in Luxembourg, and the Law of 23 December 2016 on market abuse, which implements and complements the MAR within the Luxembourg legal framework.
• Consumer protection laws: Ensuring the fair treatment and protection of consumers in financial transactions, promoting transparency and fairness in financial services. Relevant legislation includes the Law of 22 March 2004 on consumer credit agreements.
• Corporate governance standards: Mandate proper governance practices within financial institutions, including board composition, risk management, and internal controls. The Law of 10 August 1915 on commercial companies provides the general framework for corporate governance in Luxembourg, while the CSSF Circular 12/552 on central administration, internal governance, and risk management sets out specific governance requirements for FIs.

Penalties for non-compliance with CSSF regulations can be severe. They include fines, administrative sanctions, license revocations, and other corrective measures. For example, in May 2024, the CSSF imposed an administrative fine of €3 million on a credit institution for various AML violations relating to managing high-risk clients, including failing to adequately verify the source of funds, insufficiently monitoring transactions, and closing certain accounts without informing the Cellule de Renseignement Financier (Luxembourg’s financial intelligence unit).

Penalties like these are intended to maintain market integrity, protect investors, and deter unlawful activities within the financial sector.

Compliance challenges

Frequent updates and amendments to regulations, driven by the evolving nature of financial markets and EU directives, have required firms to continually adapt their compliance strategies. For example, the Fourth AML Directive (4AMLD) expanded the scope of enhanced due diligence (EDD) to include domestic politically exposed persons (PEPs) and mandated central registries for beneficial ownership, increasing transparency and scrutiny. The Fifth AML Directive (5AMLD) further strengthened these measures by making beneficial ownership information more accessible to the public, extending EDD requirements to cryptocurrency exchanges and prepaid cards, and imposing stricter rules on trusts. These updates required many firms to increase their investment in staff training, technology upgrades, and the development of new compliance frameworks. 

Moreover, the CSSF’s rigorous enforcement and the risk of substantial fines or reputational damage for non-compliance have led to heightened scrutiny within organizations. Balancing compliance with business agility remains a constant challenge as companies strive to meet regulatory demands without stifling innovation or operational efficiency.

Best practices for firms to comply with CSSF

• Implement sophisticated transaction monitoring solutions
  In accordance with CSSF Regulation No. 20-05, obligated entities are required to “implement adequate procedures to detect, monitor, and report suspicious transactions.” Utilizing sophisticated transaction monitoring systems equipped with machine learning algorithms can help firms better identify unusual patterns in real time, ensuring compliance with CSSF’s proactive monitoring requirements.
• Strengthen CDD practices
  To ensure robust compliance with the CSSF, firms should establish a thorough CDD framework, including verifying customer identities, assessing associated risks, and maintaining ongoing monitoring for suspicious activities. Best practices within CDD involve having access to quality, up-to-date PEP data and applying EDD measures to manage associated risks. Firms should also implement real-time sanctions screening against updated global lists and efficiently handle false positives to address genuine compliance risks.
• Invest in comprehensive staff training
  According to CSSF Circular 19/732, FIs must provide “regular training for all employees on AML/CFT issues.” Tailored training programs for different roles ensure that each staff member understands their specific compliance responsibilities and contributes effectively to the firm’s AML strategy. Additionally, simulation exercises and scenario-based training are recommended by the CSSF, as they help staff practice real-world responses to potential compliance issues, reinforcing their theoretical knowledge and enhancing practical skills.
• Conduct thorough risk assessments and audits
  Regulated firms are required to take a risk-based approach to AML/CFT efforts. Employing dynamic risk assessment models that adapt to new threats and changes in the business environment provides a comprehensive overview of potential risks, aligning with CSSF’s expectations.

The post What is the Commission de Surveillance du Secteur Financier (CSSF)? appeared first on ComplyAdvantage.

We’ve summarized the key developments:

• Changes to the grey list.
• Increasing beneficial ownership transparency globally.
• Leveraging digital transformation: Virtual assets.
• Payment transparency.
• Protecting non-profit organizations from abuse for terrorist financing.
• New FATF presidency.
• Expanded statement on the Russian Federation.

#1: Kenya and Namibia added to the grey list

Kenya

Despite making progress on some recommended actions since September 2022, the FATF has added Kenya to the grey list in light of the country’s need to improve supervision, enhance preventive measures, designate an authority for regulation, and improve the use of financial intelligence.

Since being subject to increased monitoring, Kenya’s national treasury has stated it is fully committed to implementing the action plan of the FATF, stating the move will have only minimal effects on its financial stability. According to a FATF report published in 2022, Kenya is primarily at risk of terrorism financing through money flows from both within and outside its borders. Additionally, the report highlights that cryptocurrencies introduce further risks to the country.

Namibia

Namibia also committed to strengthening its AML/CFT regime with the help of the FATF and Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG). Since September 2022, the FATF noted Namibia’s progress in ensuring a common understanding of money laundering, terrorist financing, and proliferation financing risks among key stakeholders. However, the watchdog noted several key areas that required improvement, including: 

• Risk-based supervision.
• Preventive measures.
• Beneficial ownership information filing.
• Financial intelligence unit (FIU) resources.
• Operational capabilities of authorities involved in money laundering and terrorist financing investigations and prosecutions.

In contrast with Kenya’s addition to the grey list, Namibia’s Financial Intelligence Centre said that putting Namibia on the grey list could negatively impact the country’s foreign direct investment.

#2: Barbados, Gibraltar, Uganda, and the United Arab Emirates removed from the grey list

Barbados

In 2020, Barbados was added to the grey list due to a series of weak AML/CFT measures it had in place, including a lack of risk-based supervision for financial institutions (FIs) and designated non-financial businesses and professions (DNFBPs). After being satisfied with the country’s progress alongside its agreed strategic plan, the FATF removed it from the grey list in February 2024. In particular, the FATF noted Barbados’ improved measures to prevent legal persons and arrangements from being misused for criminal purposes.

Gibraltar

The FATF also welcomed Gibraltar’s significant progress in improving its AML/CFT regime, ultimately removing the country from the grey list. While Gibraltar should continue to work with MONEYVAL to sustain its improvements in its AML/CFT system, the FATF specifically highlighted two improvements:

• The country’s application of effective, proportionate, and dissuasive sanctions for AML/CFT breaches in non-bank FIs and DNFBPs sectors. 
• Pursuing final confiscation judgments commensurate with the risk and context of Gibraltar. 

Uganda

In February 2020, the FATF placed Uganda on its increased monitoring list, which prompted a series of AML reforms, including:

• The adoption of a national AML/CFT and countering the proliferation financing (CPF) strategy.
• Enhancing the use of mutual legal assistance.
• Maintaining robust reporting methods and statistics.
• Implementing risk-based supervision of the financial and DNFBP sectors and establishing procedures to trace and seize proceeds of crime. 

As a result of these reforms, the FATF removed Uganda from the grey list.

The United Arab Emirates (UAE)

Kumar also acknowledged the UAE’s significant progress in enhancing its AML/CFT regime to meet the commitments in its action plan to address the strategic deficiencies identified by the FATF in February 2022. 

The UAE achieved this by:

• Increasing outbound mutual legal assistance (MLA) requests.
• Enhancing its understanding of money laundering and terrorist financing risks.
• Developing a better understanding of the risk of legal persons being abused.
• Providing additional resources to its FIU.
• Increasing investigations and prosecution of money laundering
• Ensuring effective implementation of targeted financial sanctions (TFS).

As a result of these improvements, the UAE is no longer subject to the FATF’s increased monitoring process. However, the FATF noted that the UAE should continue to collaborate with the Middle East and North Africa Financial Action Task Force (MENAFATF) to maintain its progress in its AML/CFT system.

#3: Strategic initiatives

Echoing Kumar’s objectives presented at the first plenary under his presidency in June 2022, the FATF discussed multiple strategic initiatives, including improving beneficial ownership transparency and countering illicit finance related to cyber-enabled crime. 

Increasing beneficial ownership transparency globally

The FATF has updated its guidelines on beneficial ownership and transparency of legal arrangements following revisions to recommendation 25, which were adopted in February 2023. The updated guidance aims to help stakeholders assess and mitigate money laundering and terrorist financing risks and complements existing guidance on legal persons. 

The FATF’s strengthened standards will aid in identifying corrupt individuals, sanctions evaders, money launderers, and tax evaders who conceal their criminal activities. The guidance will be published at the end of February 2024.

Leveraging digital transformation: Virtual assets

Closing the plenary, Kumar highlighted that many countries have not fully implemented the FATF’s revised recommendation 15. As a result, there are significant loopholes that are being exploited by criminals and terrorists due to the borderless nature of virtual asset activity. 

In February 2023, the FATF agreed on a roadmap to strengthen the implementation of the FATF standards on virtual assets and virtual asset service providers. The FATF conducted a stocktake of current implementation levels across the global network and agreed to publish an overview of the steps taken by FATF and FATF-style regional bodies (FSRB) member jurisdictions. 

This overview will include the most significant virtual asset activity regarding trading volume and user base, as well as the regulatory and supervisory measures taken to address AML/CFT concerns for virtual asset service providers (VASPs). Kumar explained that this exercise aims to help the FATF network regulate and supervise VASPs for AML/CFT purposes and encourage jurisdictions to implement recommendation 15 fully.

Payment transparency

The FATF also proposed amendments to recommendation 16 – which aims to improve the transparency and traceability of transactions – to keep up with the fast development of cross-border payment systems and changing industry standards. These revisions aim to make cross-border payments quicker, cheaper, transparent, and inclusive while ensuring AML/CFT compliance. 

Kumar noted that the revisions, which will be released for public consultation, will also ensure that FATF recommendation 16 remains technology-neutral. 

Protecting non-profit organizations from abuse for terrorist financing

In October 2023, the FATF changed recommendation eight to safeguard non-profit organizations (NPOs) from potential terrorist financing abuse. The revisions clarified that the recommendation only applies to NPOs that fall within the FATF definition. At the same time, the FATF updated its best practices to help countries, FIs, and the non-profit sector understand how to protect vulnerable NPOs from abuse for terrorist financing while still allowing legitimate NPO activities to continue.

Following this plenary session, the FATF has agreed to update its assessment methodology for the upcoming round of mutual evaluations. This update will further clarify the obligations to apply risk-based measures to protect NPOs most vulnerable to potential terrorist financing abuse. 

#4: New FATF presidency

Ms. Elisa de Anda Madrazo of Mexico was also appointed as the next President of the FATF for a two-year term. Ms de Anda Madrazo, who served as FATF Vice President from July 2020 to June 2023, will assume her duties on July 1, 2024, a day after the two-year Presidency of Mr. T. Raja Kumar ends.

#5: Expanded statement on the Russian Federation 

Following Russia’s invasion of Ukraine in 2022, the FATF issued a statement expanding their previous statement from February 2023. The watchdog noted continued concern over the risks posed by the Russian Federation, including growing economic connectivity with countries subject to FATF countermeasures, proliferation financing, and malicious cyber activities. Due to the severity of these risks, the FATF urged members to continue taking proactive measures to safeguard themselves and the global financial system. 

Next Steps

Compliance staff should ensure they are familiar with the outcomes of the February plenary – particularly relating to any upcoming MERs in countries they operate in. Regarding the changes to the grey list, firms must update the risk scores of relevant countries, with appropriate levels of due diligence being administered as required going forward. 

Dates related to forthcoming guidance issued by the FATF should also be noted. Such guidance will help shape and inform the future regulatory approach national bodies take.

The next FATF plenary is due to take place in June 2024.

Previous plenary coverage from ComplyAdvantage can be found here:

• FATF plenary October 2023
• FATF plenary June 2023
• FATF plenary February 2023
• FATF plenary October 2022
• FATF plenary June 2022
• FATF plenary March 2022

The post FATF plenary February 2024: Key takeaways and initiatives appeared first on ComplyAdvantage.

“[I]llicit actors within the construction industry are using shell companies and other tactics to commit workers’ compensation fraud and avoid payroll taxes,” explained FinCEN Acting Director Himamauli Das. “Today’s Notice provides information that financial institutions can use to remain vigilant in monitoring, detecting, and reporting suspicious activity.”

The Fight Against Shell Companies and Organized Fraud

According to FinCEN, the notice aligns with its ongoing efforts to curb the use of shell companies to conceal illicit activity, as well as with the Anti-Money Laundering/Countering the Financing of Terrorism National Priorities.

In line with the Corporate Transparency Act, in 2022 FinCEN issued a final rule requiring most corporations, limited liability companies, and entities created or registered for business in the US to report their beneficial owners to the regulator. FinCEN expects this rule – effective January 2024 – to support the current notice’s objectives by discouraging the use of shell companies to conceal illegal activity by actors including:

• Oligarchs
• Kleptocrats
• Drug traffickers
• Human traffickers
• Illicit individuals in the construction sector

Notice Details: Typologies, Red Flags, and Reporting

Although the notice addresses all financial institutions, FinCEN notes that the type of fraud and tax evasion it deals with primarily affects banks and check cashers. The scheme is typically a two-part process involving workers’ compensation fraud followed by tax evasion. 

A criminal entity typically creates a shell company posing as a legitimate subcontracting business with just a few employees. It takes out a workers’ compensation policy for those employees. Meanwhile, the shell company contacts real subcontractors with a much larger number of employees. The subcontractors can give their employees discounted (and fraudulent) access to the shell company’s policy for a fee. 

It also helps the subcontractors avoid paying payroll tax. The subcontractors write checks to the shell company instead of their employees, thus concealing that they’re for payroll. The shell company then either obtains cash at a check casher or deposits the money into its company account before withdrawing it in bulk. It returns this money to the subcontractors, minus a small fee, so they can pay their employees under the table and avoid taxes.

The notice outlines several red flags for this typology, including:

• Construction company customers that are younger than a year, have little to no online presence, and specialize in one type of construction trade.
• A non-US citizen without prior construction history who opens an account in the name of a construction company.
• Despite receiving large volumes of client payments, the customer account shows no evidence of paying payroll taxes.
• The customer receives deposits outside the expected amount for their account type, all from other construction companies and in multiple states.

The notice also reminds firms of their reporting requirements and information-sharing protections under the Bank Secrecy Act (BSA) and the USA Patriot Act section 314(b). Instructions on pages 7-9 of the notice include:

• An overview of suspicious activity reporting (SAR) requirements.
• Other BSA reporting requirements, such as currency transaction reports (CTR) and Form 8300 filing.
• A reminder of the information-sharing safe harbor under the Patriot Act.

Next Steps for Firms

Firms – especially banks and check-cashing institutions – may want to study the notice in greater detail to familiarize themselves with red flags for construction industry tax evasion and workers’ compensation fraud. 

To ensure they remain abreast of FinCEN’s most current guidance and requirements, firms can sign up for updates from the regulator.

The notice asks firms to report current information on payroll fraud-related activity to their local tax authorities or the closest IRS CI field office. For reports of information related to workers’ compensation fraud, wire fraud, or labor exploitation, contact Homeland Security Investigations at 1-866-347-2423.

The post FinCEN Seeks Data from Financial Institutions to Curb Construction Sector Fraud & Tax Evasion appeared first on ComplyAdvantage.

According to Chris Hemsley, Managing Director at the PSR, “The two aspects we’re consulting on now will help to strike the right balance between encouraging people to be careful when making payments, while ensuring they have confidence in knowing they’ll be better protected if they do fall victim to fraud.” The changes also seek to encourage firms to invest in helping customers.

The PSR invites industry professionals to contribute their views by September 12, 2023 on the rule’s provisions for consumer responsibility, as well as reimbursement maximums and claim excess.

Reimbursement Rule Requirements

The reimbursement rule targets APP fraud, which tricks victims into sending funds to a fraudster posing as a legitimate recipient. This can occur through the impersonation of a legitimate financial institution or fraudulent sellers who never deliver purchased goods.

According to PSR, the rule will:

• Require firms to reimburse most customers victimized by APP fraud.
• Split reimbursement costs equally between sending and receiving payment institutions.
• Add more protections for vulnerable customers.

When the rule comes into force in 2024, it will apply to firms including payment service providers (PSPs) and focus additional consumer protections on faster payments. Among other things, the document detailing the rule explains: 

• Which customers qualify for reimbursement. 
• Exceptions when firms don’t have to issue a reimbursement – generally, when the customer has acted fraudulently or negligently.
• Time limits for the requirement. 

Approval of the Financial Services and Markets Bill, expected this year, will provide the PSR with the authority to require firms to reimburse customers.

Industry Views Sought in Consultations

Through the consultations, the PSR seeks industry feedback on: 

• The regulator’s proposed approach to consumer responsibility (the consumer standard of caution).
• Its reimbursement limit proposal.
• The best way to structure claim excess – the amount a victim would have to cover in case of a reimbursement.

Consumer Standard of Caution Consultation

According to the PSR’s proposed standard, customers must meet three basic responsibilities to be eligible for reimbursement in the case of APP fraud:

• Pay attention to warnings – If the PSP gives the customer a specific warning before a transaction occurs that the recipient is probably a fraudster, the customer must take it into account.
• Report the scam promptly – A customer victimized by APP fraud must notify their PSP promptly, and within13 months.
• Share information – The customer must comply with their PSP’s reasonable request for information to allow them to assess the situation accurately and prevent unnecessary losses.

A customer shown to have failed in this standard of care through gross negligence would forfeit their right to reimbursement. However, the burden of proof would remain with the PSP.

Maximum Reimbursement and Claim Excess Consultation

Excluding vulnerable victims, the regulator has acknowledged firms’ right to levy a claim excess as encouragement for customers to conduct responsible transactions. The consultation invites views on the excess – including deciding factors and the most effective value structure, which could be fixed or a percentage.

The PSR also requests industry feedback on the proposed reimbursement limit of £415,000, which would match the current ombudsman service limit.

How Firms Can Respond

Firms in the payments industry – especially banks and PSPs – are encouraged to study the consultations in-depth and contribute their views on the outlined proposals. This will help the PSR ensure its policy reflects industry realities. It will also help firms become familiar with the details of their upcoming reimbursement obligations to customers.

Firms may also want to review their fraud and loss prevention processes to ensure they are taking vulnerable customer groups into account. This should include robust customer education and timely warnings to customers suspected of vulnerability to a scam.

The post UK PSR Invites Industry Feedback on APP Fraud Reimbursement Rule appeared first on ComplyAdvantage.

MAS Deputy Managing Director (Financial Supervision), Ms Ho Hern Shin, acknowledged financial institutions’ (FIs) indispensable role in reporting the suspicious activity leading to the raids. She continued, “Singapore remains vulnerable to transnational ML/TF risks and …MAS and FIs need to continue to work together to strengthen our defences against these risks.”

How STRs Helped Catch a Crime Ring

MAS and CAD facilitated the investigation due to suspicious transaction reports (STRs) filed by firms that had noticed suspicious activity. Thanks to the information, authorities identified a criminal group suspected of laundering the proceeds of foreign illicit activity, including fraud and gambling. 

Multiple red flags led the FIs to report possibly tainted funds, including:

• Suspicious flows of funds.
• Questionable source of wealth documentation.
• Other inconsistent customer information.

The regulator is actively communicating with the reporting FIs regarding the illicit activity. In addition to emphasizing the importance of FI cooperation and reporting of suspicious transactions, MAS has announced that it will crack down on firms discovered to have lax or noncompliant anti-money laundering and counter-terrorist financing (AML/CFT) controls. It reminds firms that it actively works with FIs to curb illicit activity.

Specifically, the authority announced it is conducting AML/CFT inspections of wealth management firms.

Laundering Millions through Luxury Goods

None of the individuals arrested were Singapore nationals or permanent residents. They are suspected of being part of an organized criminal network and came from Cyprus, China, Vanuatu, Turkey, and Cambodia. They face various charges, including:

• Using a forged document under Section 471 of the Penal Code.
• Forgery for the purpose of cheating under Section 468 of the Penal Code.
• Money laundering under Section 54(1)(c) of the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act (CDSA).

The police are still looking for eight additional individuals who have evaded arrest. Four more are assisting police with their investigation.

During the raids, Singapore authorities seized goods and cash worth close to S$1 billion. Items seized included:

• Cash worth over S$23 million, and two gold bars.
• Over 270 pieces of jewelry.
• Fifty luxury vehicles and 94 properties estimated at over S$815 million.
• Collectible toys.
• Over 250 luxury watches and bags.

During this ongoing investigation, more assets may be seized or frozen. 

Key Takeaways

MAS has reemphasized its high expectations for firms’ AML/CFT processes. All firms, especially wealth management firms, should ensure their current frameworks align with regulator requirements and their individual risk profiles.

Singapore authorities provide valuable resources to help FIs comply with these standards. The Singapore Police Force has released an in-depth list of key ML red flags firms can consider in their due diligence processes. 

In addition, firms are encouraged to consult the MAS AML resource page, which includes links to the latest guidance, notices, and guidelines, as well as STR forms, the AML/CFT Industry Partnership best practice papers, and details on Collaborative Sharing of ML/TF Information & Cases (COSMIC). 

Still in development, COSMIC will be an information-sharing digital platform allowing FIs to collaborate in tackling financial crime. 

The post Singapore Police Seize Millions, Arresting 10 for Forgery and Money Laundering appeared first on ComplyAdvantage.

Ebury’s previous TM setup had become outdated, resulting in a large backlog of alerts and operational inefficiencies. As a result, Ebury’s compliance team sought a new long-term partnership for transaction monitoring to enable the company to scale while managing its financial crime risks.

A personalized approach

Ebury’s objectives for the partnership centered around creating a non-generic TM rule library configured to mitigate the specific money laundering and terrorist financing threats the business faces. Ebury’s ambition was to reduce the monthly false positive alerts it received to free up operational resources, delivering a laser focus on genuine threats. 

“We wanted a vendor that would give us the possibility of customizing our rules in line with our segmentation and provide us with the necessary information to understand the effectiveness and the efficiency of the platform. That’s something ComplyAdvantage allows us to do.”

Miriam Crespillo, Global Head of Sanctions and Transaction Monitoring, Ebury

ComplyAdvantage helped Ebury achieve its strategic objectives by implementing a TM rule library aligned with industry risk typologies that reflect Ebury’s different customer base. ComplyAdvantage ensured that each customer type was accounted for in its rule set throughout the scoping and build period. 

To support Ebury in its ambitions, ComplyAdvantage took a deep dive into what rules were currently working well for Ebury and which were no longer fit for purpose based on the company’s growth. 

Proactive collaboration

Particular attention was given to understanding Ebury’s risk-based approach to ensure the new TM rule set satisfied their needs and aligned with its risk appetite. Ebury collaborated with ComplyAdvantage implementation consultants to define their data model and scope out the bespoke rules they wanted to build. ComplyAdvantage’s solution engineers built these rules in a secure QA environment for Ebury to test, change, and refine. 

“The collaboration between ComplyAdvantage and Ebury during the testing and implementation of the new transaction monitoring framework has been key to ensuring its successful release in a timely manner, which has resulted in a clear increase of effectiveness and efficiency.”

Miriam Crespillo, Global Head of Sanctions and Transaction Monitoring, Ebury

Bespoke TM rule sets

Deploying ComplyAdvantage’s TM solution has allowed Ebury to build rules and configure thresholds tuned to its risk assessment. This means its analysts can focus on the alerts that matter and identify real risks. By adopting a risk-based approach and tailoring the rule set to its customers, Ebury worked with the implementation team at ComplyAdvantage to configure appropriate rules, mitigate risk, and reduce false positive rates by 60 percent.  

One such rule was built when new sanctions were being imposed on Russia at an unprecedented rate from February 2022. According to Ebury’s Screening and Transaction Monitoring Manager Ignaat van der Meulen, “Every transaction sent to Russia had to be reviewed in real-time. ComplyAdvantage helped us quickly implement a custom rule that stopped anything going to Russia in real-time.”  

Another bespoke rule set involved splitting the annual estimation rule to allow Ebury to track new, higher-risk customers. In splitting the rule, ComplyAdvantage also implemented different thresholds for new and existing clients in light of Ebury’s risk appetite. This change enhanced Ebury’s risk-based approach by allowing their compliance teams to prioritize and monitor the activity of new customers with the highest risk levels.  

ComplyAdvantage’s TM solution has allowed Ebury to uncover new insights into customer activity, enabling the financial services company to detect new or emerging typologies and build rules to mitigate them.

A longstanding partnership

Going forward, Ebury is working with its dedicated customer success manager who understands the compliance team’s objectives and plans to drive success. 

“Our customer success manager plays a key role. They are very easy to approach and act as a filter between the vendor’s technical teams and us when we want to tweak something from an operational perspective.”

Ignaat van der Meulen, Screening and Transaction Monitoring Manager, Ebury

Through a collaborative success plan, clearly defined goals, quarterly business reviews (QBRs), and continuous dialogue, Ebury and ComplyAdvantage have a partnership to track and measure successful business outcomes.

The post Ebury reduces false positive rates by 60% through bespoke transaction monitoring rule sets appeared first on ComplyAdvantage.

Discussions focused on:

• Measures for anti-money laundering and the countering of terrorist financing (AML/CFT) in Luxembourg
• Grey list additions
• Progress in jurisdictions identified as high-risk to the financial system
• Countries’ progress on the FATF’s virtual asset requirements since June 2022
• Work to prevent nonprofits from being abused for terrorist financing

Mutual evaluation report for Luxembourg

Luxembourg’s Mutual Evaluation Report (MER) concluded that the country’s technical compliance with FATF requirements had reached a high level and that its AML/CFT program was delivering good results. The watchdog said the country shows a good understanding of its money laundering and terrorist financing (ML/TF) risks. Given Luxembourg’s role in the regional and international financial sectors, this was noted as especially important.

Luxembourg was found to excel in coordination at both policy and operational levels – especially in the use of financial intelligence, access to information on beneficial ownership, and constructive international cooperation. The FATF recommended that the country focus its improvement efforts on risk-based supervision of the non-financial sector and strengthening the “detection, investigation, and prosecution of more complex ML/TF cases” in alignment with its prominent financial sector role. 

Luxembourg’s MER will be published by September 2023 after completing the internal quality assurance process.

Grey list additions: Cameroon, Croatia, and Vietnam

After FATF regional partners found strategic deficiencies in the countries’ AML/CFT systems, Cameroon, Croatia, and Vietnam have been added to the FATF grey list. All three countries have agreed to implement action plans to address these weaknesses.

Although no countries have been removed from the grey list, the plenary has approved onsite visits to Albania, the Cayman Islands, Jordan, and Panama, who have concluded their respective action plans. During the visits, Kumar explained, a team of experts will “verify the progress each country has made.” Based on their findings, the FATF will decide at the October 2023 plenary whether the four countries qualify for removal from the greylist. On behalf of the FATF, Kumar especially commended Panama for its “substantial progress since the greylisting…in June of 2019,” notably mentioning that the country has demonstrated “a robust system to maintain accurate, up-to-date beneficial owner information and timely access by competent authorities.”

No changes to the FATF black list were announced. Iran, North Korea, and Myanmar are the remaining three countries on the list.

Strategic initiatives

Improve the implementation of FATF requirements in the virtual asset sector 

Kumar noted that implementation of the FATF’s virtual assets sector requirements has been slow. The watchdog has approved a report examining the sector’s implementation progress to address the significant risks created by a lack of necessary regulation. 

The travel rule, which requires virtual asset service providers (VASPs) to include originator and beneficiary information in virtual asset transactions, has been a particular focus. The rule is intended to prevent the abuse of transactions for money laundering and terrorist financing. Despite its importance in preventing financial crime, Kumar pointed out that more than 50 percent of the countries the FATF surveyed had failed to implement the rule, resulting in loopholes that need to be addressed. 

In response to a question by an ACAMS representative, Kumar elaborated on the importance of increased regulation in the sector – and what the FATF is doing to encourage it:

We see the risks posed by virtual assets continuing to increase. Four years after the FATF strengthened its standards to address virtual assets and virtual asset service providers, the global implementation remains relatively poor. Based on our FATF Mutual Evaluation and follow-up reports, almost three quarters of jurisdictions are only partially or not compliant with the FATF’s requirements. …This lack of regulation creates significant loopholes for criminals to exploit…Closing the gaps in global regulation of virtual assets is an urgent priority. And so we are calling on countries to apply the AML/CFT rules to virtual assets without further delay. …We are also working with a global network in the private sector on this front to monitor the risk, share approaches, and also identify challenges. 

T. Raja Kumar, FATF President 

Kumar also noted that the plenary had previously agreed on a roadmap for improving virtual asset regulation. In support of this initiative, in early 2024, the FATF plans to publicly identify which jurisdictions have or have not implemented regulations in the sector, including publishing a table detailing steps taken by key member jurisdictions.

Revisions of FATF guidance on managing nonprofit sector TF risks

Kumar highlighted during the plenary press conference that the FATF has been focused on dealing with unintentional consequences of jurisdictions’ implementations of its standards since 2021. In particular, the watchdog is now working to update its guidance on preventing terrorist financing through the nonprofit sector. The FATF is opening a revision of its related best practices paper to public consultation and opening its eighth recommendation to possible revisions. These updates would serve to avoid the disruption of legitimate nonprofit activity while continuing to protect the sector from TF abuse.

When asked to expound on the FATF’s work in this area, Kumar stated, “This regime is in place not to suppress [the nonprofit sector’s] legitimate and much-needed activities. …Revisions are being made to provide greater clarity and…guidance to avoid the incorrect application of the FATF standards.”

Key takeaways

Compliance staff should ensure they are familiar with the outcomes of the June plenary – particularly relating to any upcoming MERs in countries they operate in. Dates related to forthcoming guidance issued by the FATF should also be noted. Such guidance will help shape and inform national bodies’ future regulatory approaches. 

The next FATF plenary is due to take place in October 2023.  

Previous plenary coverage from ComplyAdvantage can be found here:

• FATF Plenary February 2023
• FATF Plenary October 2022
• FATF Plenary June 2022
• FATF Plenary March 2022
• FATF Plenary October 2021
• FATF Plenary June 2021

The post FATF plenary June 2023: Greylist additions and upcoming initiatives appeared first on ComplyAdvantage.

Why is the PSR taking this action? 

APP fraud – where victims are tricked into sending a payment to an account outside of their control – is becoming increasingly common. In the UK, there were 207,372 incidents of APP fraud in 2022, with gross losses of £485.2 million, according to UK Finance. This is, however, a global problem. US APP fraud losses are set to exceed $3 billion by 2026, with 72 percent of victims closing their account at the institution where they were a victim. 

What has the PSR proposed? 

The PSR has announced that it will require all payment service providers (PSPs) to reimburse victims of APP fraud, barring some exceptional circumstances – and this is a significant change. Historically, around 59 percent (by volume) of these scams are reimbursed, and the PSR aims to see that figure go up to 95 percent.

These new rules will lead to more reimbursement for victims and will hopefully make it more difficult for fraudsters to carry out this type of fraud. But they will also significantly change the fraud prevention frameworks payment service providers (PSPs) must have in place.

How can firms prepare for the new regulations?

We work with compliance teams across the UK and worldwide, so I know how hard the industry already works to protect consumers from APP fraud. But in light of this new announcement,  firms should weigh up the potential costs associated with these new reimbursement requirements and evaluate the suitability of their current defences. 

Any shortcomings in APP fraud detection capabilities could soon cost firms a lot of money and impact customer retention rates. So now is a good time to ensure you have the right protections in place for the long-term. 

Three key questions I would start with are: 

1. Can you accurately detect anomalous behaviour indicating a vulnerable person has been taken advantage of by a third party? This is a hallmark sign of APP fraud but requires advanced AI-driven detection capabilities to be done well.
2. Can you detect discrepancies between payment reference texts and payment details?
3. Can you uncover deviations in periodic behaviour that would indicate fraud – for example, a change in a bank account number on a typical payment? 

If you can’t answer one or more of these questions confidently, now is a good time to explore new potential partnerships or – at a minimum – to begin a conversation with your existing vendors. 

The post APP fraud reimbursement: What should your firm do next? appeared first on ComplyAdvantage.