Special ACFCS Contributor Report: AFC 2021 Lookback – Banks managed rising criminal, reputational risks in historic leaks, social media scams, cyber-enabled fraud soared, fueled by crypto paydays
Ahsan has expressed his personal thoughts in this piece, which do not represent his bank’s policy or standing.
The skinny:
- In this special contributor report, Scotiabank fincrime compliance professional Ahsan Habib looks back at a tumultuous and pandemic-pocked 2021, reviewing the perennial battle of criminals who want to generate illicit income and fincrime compliance teams working to stop them.
- Last year – and for decades prior to that, going all the way back to miscreant mobsters of the prohibition era and will no doubt be the case in 2022 – criminals chose to move funds through multiple regions and institutions, swimming together cash, money remitters, prepaid cards and virtual value, like Bitcoin.
- So what is the way forward? How can we can expect to make a difference and improve as a community against a creative, relentless and determined enemy? By learning more individually, caring and sharing more through public-private partnerships and international capacity building – to dispel the dark clouds of global illicit finance and, finally, see clear skies ahead.
By Ahsan Habib
Senior Analyst, AML Operations Governance, Scotiabank
December 15, 2021
With editing and content editions by ACFCS VP of Content, Brian Monroe
When looking back at a tumultuous and pandemic-pocked 2021 and reviewing the perennial battle of criminals who want to generate illicit income and fincrime compliance teams working to stop them, it’s critical that we understand, nearly all major crimes are more or less triggered by money laundering.
But without the precursor crimes, there is no money to launder. What crimes are we talking about?
Here are some examples: Human trafficking, tax evasion, Ponzi schemes, kleptocracy/political corruption, drug/weapon/organ smuggling, green crimes, terrorist resourcing and whatnot.
These offences have a well recognized name in common: i.e. predicate offenses, which can be considered the initial stage of money laundering.
With so many predicate crimes to generate illicit revenue – in the real and virtual worlds – the industry platinum standard of taking the risk-based approach, at least in 2021, was not always a perfect fit.
For instance, yes, adding laundering through crypto coins as a predicate offense could potentially help out with record ransomware attacks.
But these and other risk-based moves can still miss outspoken outliers – like a laundering lecturer who consulted on anti-money laundering (AML) around the world and then betrayed everything he stood for to use that knowledge to facilitate cleansing ill-gotten funds for narco syndicates.
Even so, bank fincrime fighters must remain focused on the classic generators of tainted funds – but also be cognizant that regardless of the region, criminals will not stick to one laundering method.
Last year – and for decades prior to that, going all the way back to miscreant mobsters of the prohibition era, a trend no doubt snaking into 2022 – criminals chose to move funds through multiple regions and institutions, swimming together cash, money remitters, prepaid cards and virtual value, like Bitcoin.
In some regions, like the European Union and its recently updated Sixth Anti-Money Laundering Directive, they have a roughly defined list, as the bloc details nearly two dozen predicate offenses.
But other countries define these predicate offenses, or specified unlawful activities, more broadly, noting that any crime that generates illicit revenue, if used to purchase an item or move through a financial system to obfuscate its origin, would be money laundering.
Even so, the laws around the world are being forced to play catchup with the historic disruptions to traditional value and money movements, shifting from banks and money remitters using fiat currencies, to virtual value, like Bitcoin, moving into and out of cryptocurrency exchanges – and then back into bank accounts and cash.
Predicate offences- A flashback to the 1930s
But to understand how the predicate offenses for money laundering evolved to where they are today, we need to go back to the beginning – to some of the most high-profile organized criminals and their strategies to cleanse ill-gotten gains.
Ninety years have already passed since American gangster Al Capone was found guilty of tax evasion, with prosecutors arguing that he owed more than $200,000 in back taxes and a high-profile prison term of 11 years[1].
Needless to say, money laundering is as old as any other illicit business.
His income was mainly derived from his gambling establishments, houses of prostitution and bootlegging.
The practice of hiding source and commingled funds (licit and illicit) predates the Al Capone era and the ‘Money Laundering’ itself post dates Capone.
Unfortunately, while it seems that money laundering and Capone are inextricably intertwined even after 74 years of death, giving his already infamous name in history even more staying power, he can’t take all the blame for giving birth to the term ‘Money Laundering’.
Sorry about that Capone, hope you are keeping well.
Evolution in typologies: From drug trafficking to green crime
Combating financially motivated crimes is not all about money.
It’s also about saving human lives from drugs, from being victims of gun violence/war crimes, from modern day slavery/online child exploitation and green crimes and more.
With the significant expansion of the predicate offences list and innovations in products, financial institutions (FIs) have leaned towards a relatively Risk Based Approach (RBA) so that they may assess their own risks and decide which customers they are going to onboard and serve.
But this strategy, blessed by federal regulators in large financial centers, like the United States, United Kingdom, Canada, Europe, and other regions, is at times more art than science.
This methodology, championed by global watchdog body, the Paris-based Financial Action Task Force (FATF), relies heavily on human decision-making – supported by complex back-end analytics, risk assessments and transaction monitoring systems tuned to pay more attention to the riskiest groups.
With a constantly shifting scale of risks, and a fluctuating universe of aggravating and mitigating factors, balanced against a given institution’s overall risk appetite and resources, there are always questions, gaps and vulnerabilities in the area of financial crime risk institutions must wrestle with – such as the radioactive decay rate of risk.
Will they continue to recognize politically-exposed persons (PEPs) as high risk clients without categorization?
Will the FIs figure out best practices to deal with Reputationally Exposed Persons (REPs)?
Global standard setters or regulators don’t have much to do with setting new standards for examining/periodic review of REPs. PEPs who have been mentioned in the recently exposed Pandora Papers – already in a grey area in terms of risk factors.
REPs are also provoking thoughts or raising eyebrows when we see news on a Miami professor who has been told to stay behind the bars for laundering dirty Venezuelan money[1].
This case was the ultimate test, and an example of how spectacularly, the risk-based approach can fail.
The professor lectured on, and went around the world, teaching and training on anti-money laundering laws and regulations and the trends and tactics of how organized criminal and other groups launder money.
He should have been a cellar dweller in the risk department, a paragon of virtue who surely knows financial crime and compliance rules – and would never use that knowledge to evade these rules and become a laundering facilitator himself.
But we all see how that worked out.
Maybe in the future, a more rigidly defined rules-based approach would seem more feasible to FIs while combining human intelligence with artificial intelligence.
Money laundering through social media: who’s your (sugar) daddy?
Capone was not familiar with that, for sure.
But one thing he had in common with other bad actors is that they have always been creative. If they would have used their talents for the sake of humanity, the planet would have surely benefited.
But they decided to go otherwise.
They are convincing vulnerable and young people often on Instagram and Snapchat to let them use their bank accounts for illicit funds flow.
Sugar daddy scammers, for instance, are a more recent scheme fincrime compliance departments should be aware of as it is increasingly active on this space and Twitter, even garnering a formal mention from the FBI earlier this year.
How do these scams work?
A criminal group targets college girls and other women on social media, saying they will pay them $1,000, or so, to give them attention – in some cases without ever even needing to leave their home or dorm.
But the scammer then moves more money than expected in the account, in some cases more than double, at $2,000, the fruits of other frauds and stolen account schemes, with the criminal then telling the person to wire $1,000 back as they accidentally overpaid.
What the innocent victim doesn’t know is that the money was poisoned from the start.
Maybe these happenings are still underreported but are increasingly demanding our focus as these duped individuals could unknowingly be acting as money mules for fraudsters or launderers for organized criminal groups[1].
Source of funds used for ‘great’ spending at Harrods?
Not quoting from the ‘Arabian Nights.’ It is the true story of the former chair of International Bank of Azerbaijan.
This gentleman’s wife spent over £16 million at Harrods using 54 credit cards. The bill included £30,000 spending on chocolate. I am not too sure if Capone was a chocolate lover like this lady.
Their London properties were £22 million in value, let alone their offshore establishments[1].
So how did this banker get so many bank accounts and credit cards? Did he use shell companies? Law firms? Professional services firms? What army of “gatekeepers” did he have at this disposal to amass such a fortune and real estate empire?
The most recent seminal leak from the International Consortium of Investigative Journalists (ICIJ), the Pandora Papers, once again has indicated the dire need to set regulations and standards around professional enablers like attorneys, accountants[2].
What was the source of funds used for this spending and assets of the Azerbaijani banker or his spouse?
Enforcing ‘Unexplained Wealth Orders (UWO)’ no longer a choice
When the owner of a property needs to prove the provenance of funds used to pay for it and they cannot, they should be going through UWOs and the property may be seized and sold.
If used properly, UWOs may work better than a Beneficial Ownership Registry when it comes to combating money laundering through real estate, art and antiquities and other such properties.
Why?
The entire process of a country even crafting a national system to capture, validate and investigate BO details and have this data available for investigators or other interested parties, like bank compliance teams, is a herculean feat – that no region has successfully implemented.
As well, even if a country forces certain companies to detail the human controllers allegedly pulling the strings, the company can always quickly change them – leaving a region with a tattered, inaccurate and inadequate BO database.
The UK has already started seeing some of the benefits of UWOs in making the actual recovery of the alleged proceeds of crime[1].
Crypto and Blockchain are not fads: Links to cyber-enabled fraud will continue
Needless to say, countries may risk losing out on economic opportunities if regulators and governments are too hesitant about embracing this new technology.
But careful and strict regulations need to be set up around Blockchain, crypto assets, Non Fungible Tokens (NFTs) Fan Tokens and related variations of virtual value.
Organized crime groups are converting illicit proceeds into and out of virtual currencies, particularly related to fusillades of cyber-enabled fraud, like ransomware attacks.
To be sure, If 2020 was the year of the coronavirus pandemic, 2021 has been infected by a different viral scourge: ransomware – with a bevy of high-profile attacks on an energy pipeline, meat processor and even piggybacking off of an IT infrastructure software firm to infiltrate thousands of organizations.
While only one attack vector in an increasingly devious and devastating arsenal of cyberattack weaponry, ransomware, previously a relatively minor threat in the cybercrime landscape, has become a high-profile problem in recent years.
Opportunistic organized crime groups, and even lower level foreign players, have been able to lock up larger companies, healthcare firms, hospitals, law firms and even the very law enforcement officials charged with investigating these types of crimes.
At its heart, ransomware is a type of malicious software that encrypts users’ files or blocks access to their computer systems until the user ponies up funds to pay the criminal a fee to finally release them – typically paid in difficult-to-trace virtual currency, such as Bitcoin.
This type of exploitation scheme targets and takes advantage of both inherent human weaknesses – human error is the culprit in more than 90 percent of successful cyber incidents – and more arcane technical vulnerabilities, such as an unpatched computer system, antivirus program or leaky firewall.
The issue has risen to the highest levels of many governments around the globe, becoming a national security issue, as some attacks have targeted government intelligence and infrastructure, not just private sector corporations looking for a quick crypto buck.
At the same time, federal investigative agencies and the private sector have responded.
This year also saw some of the most high-profile, multi-jurisdictional investigations and prosecutions of foreign ransomware gangs.
Part and parcel of those successes are due to the blossoming cottage industry of blockchain analytics firms, like Chainalysis, CipherTrace, Elliptic and others.
These operations have combined the immutable transparency of Bitcoin’s underlying blockchain with bespoke technology engines to peel back murky digital layers of incomprehensible alphanumeric strings to make connections back to the flesh-and-blood individuals involved.
But in the eternal chess match of criminals against investigators, they continue to respond and evolve with new money laundering techniques relying on cryptocurrencies swimming through mixing services and coin swappers[1].
Compliance kettles are at risk of boiling over
Taken together, the underlying theme for 2021, and a trend that will continue in the New Year, is that the Anti Financial Crime (AFC) mission is never ending.
To be more specific it has actually never been accomplished.
As a sobering point of context, even with the billions of dollars spent by compliance teams at banks, investigators, regulators and auditors, to identify, report on and counter the trillions of dollars in illicit finance flowing around the globe annually, we only seize and freeze less than one percent.
It’s not a mission of British novelist Ian Fleming’s intemporel character James Bond.
When it comes to the AFC space, we may win many battles, but it appears, we can never win the war. This mission is never accomplished, contrary to the James Bond movies.
However, we the AFC professionals are fighting tooth and nail to give bad actors a hard time.
That is the only way we can expect to make a difference and improve as a community against a creative, relentless and determined enemy.
This is the way: by learning more individually, caring and sharing more through public-private partnerships and international capacity building – to dispel the dark clouds of global illicit finance and, finally, see clear skies ahead.
About the author
Ahsan Habib is currently working for Scotiabank, Canada in the bank’s AML Department.
He is a seasoned banker from Bangladesh where he worked in correspondent banking and the foreign remittance department.
He is also vocal advocate against Human Trafficking on various platforms.
Want to connect with Ahsan to share thought leadership on this and other fincrime compliance areas?
Feel free to check him out on LinkedIn here.