One would likely never imagine compliance as being a sort after role but like everything else, times are changing. However, the culture of compliance isn’t simply changing because it is the latest fad to hit the job market, rather it is due to some extreme situations that continue to take its toll on the world.
While Russia and the Ukraine seem like a world away from the United States, we see the effects that this conflict is having on the everyday lives of those sitting within working in compliance departments. As such, we are seeing a concentrated effort by compliance teams to ensure that any potential touch points within Crimea are vetted and then vetted some more.
In addition to the geopolitical aspects of potential money laundering mentioned above, the type of fraud we are experiencing in the United States, are related to those activities involving investment scams, romance scams, phishing, and identity theft.
Companies need to not only mitigate the risks that they are directly facing but they also need to be aware of those indirect risks that their customers present. Advances in technology have made it easier for bad actors to generate seemingly legitimate documentation and information that compliance functions will need to continually address.
As each company differs so do the types of risks they will face, ultimately opening each to different types of money laundering methods. Therefore, the type of business as well as the customers of the business will influence the risks that are faced by that company.
Many of the traditional forms of money laundering methodologies such as structuring, trade-based, real estate, shell companies, and digital laundering remain at the top, although they evolved ever so slightly in an attempt to stay out of law enforcement crosshairs.
Most money laundering risks that companies face are due to the business as well as the customers. Companies need to be honest and conduct risk assessments and be honest about the type of risk that their company might face. It is important that company management understands what risks are acceptable and more importantly how they can mitigate those risks. In many cases these risks are born outside of the company and presented through customers. Therefore, the importance and reliance is even more heavily weighted during the onboarding of customers and the performance of customer due diligence as aligned with the company risk profile.
2023 was a solid indication of what the Office of Foreign Asset Controls (OFAC) had on its agenda. It recorded a record $1.5 billion in penalties in 2023.
Where OFAC left off in 2022, we saw continued targeting toward Russia, as well as a focus on sanction evasion; with a fine of over $968 million to resolve civil liability stemming from apparent violations of multiple sanctions programs on a cryptocurrency exchange, and implementation of new countermeasures related to Iran circumventing US sanctions and expert controls. While Iran guidance is nothing new, these red flags that OFAC has identified are ones that OFAC expects all companies to recognize and address.
In a year where we have seen a large number of bank failures and consent orders, among other things, regulators are drawing what some would call a line in the sand with much of the guidance that has been released over the past two years. Regulators have stressed the importance of performing due diligence, understanding third-party risk, being accountable for their business, and proactively communicating with regulators.
At a minimum, companies should be proactively reviewing their AML practices on an annual basis. This sort review can coincide with the recommended annual AML review and risk assessments.
Additionally, if there are other events that occur throughout the year that might trigger a review, there would not be a need to wait until the annual review and risk assessment process.
As companies grow and evolve, some simply in size and others who have adopted technology and have become disruptive within their respective industries, the volume of transactions is becoming increasingly difficult for traditional compliance teams to handle effectively. For companies to keep up with customers, as well as the sheer volume of these customer’s transactions, they have to implement technology innovations in two key areas -- onboarding of customers, more commonly known as know your customer (KYC), and transaction monitoring. Traditionally, compliance teams would manually run potential new customers through various databases and sanctions lists, which sometimes will take time where customers will be unable to transact as well as opening up the company to potential human errors.
Today, there are numerous platforms that allow a customer to go through the KYC vetting process within minutes or even seconds. These technological efficiencies not only allow the customers to transact almost immediately, but it also takes out the element of human error in the simplest of cases.
In the transaction monitoring workflows, traditional workflows work typically monitor the transactions and transactions alone. Also, during this time, the number of transactions that we are talking about was exponentially smaller than what they have grown into today. By using technology, transaction monitoring can ingest and interpret information about a customer as well as apply these interpretations to the activity.
If a company suspects or confirms that it became wrapped up in or fallen victim to a money laundering scheme, the initial action the company should take is to investigate the activity as well as ensure that they have accounted for all of the transactions that are involved.
The aim is to be 100% certain that it is in fact money laundering, and to have all of the relevant facts and circumstances for the other steps that are further down the line. Additionally, companies may want to ensure that the fraudulent activity isn’t more widespread that initially thought. That is why a thorough investigation is the first step. This initial step will prevent further financial and reputational harm.
When companies are looking to improve the way they manage financial crime risk, the first step is to ensure that the right ‘tone at the top’ has been established and that it will support the improvement, both from a financial and a culture perspective.
Once management buy-in is secure, the next important step is to have honest conversations about the risks that the company faces and determine what its risk profile should look like. This will allow advisors to tailor the appropriate policies and procedures, as well as implement innovations to help mitigate the accepted risks. However, it is important for an adviser to ensure that innovations are simply implemented for the sake of being the latest technology. Any innovations should be ones that the company will be able to understand and utilize as well as be effective.
JP Brennan is the Global Head of Fintech, Payments, Crypto Compliance and Investigations within the Global Investigations practice at J.S. Held. A certified fraud examiner(CFE) and certified bitcoin professional (CBP), he brings over 20 years of experience in forensic accounting, auditing, litigation consulting, anti-money laundering (AML) compliance, cryptocurrency regulatory compliance, OFAC / sanctions review, and complex enhanced and operational due diligence.
JP has substantial experience in providing complex forensic accounting and financial fraud investigative services, cryptocurrency asset / wallet tracing, development, and implementation of AML programs, outsourced Chief Compliance Officer services, as well as providing managed services for large-scale remediation and compliance projects. His clients include major law firms, cryptocurrency exchanges (centralized / decentralized), digital asset issuers, custodians, multinational banks, funds, payment processors, financial institutions, and investors.
JP can be reached at [email protected] or +1 917 244 8931.
This article examines the risks to Fintechs and how to create an AML and sanctions program that complies with regulatory requirements....
This article focuses on three steps to effective due diligence in AML compliance. The strategy is based on years of experience conducting investigations, building teams, and advising global banks through complex, high-pressure situations with regulators. ...
Morgan Stanley, Goldman Sachs, and Citigroup have invested more than $2 billion in crypto and blockchain companies since August 2021. Fidelity now offers Bitcoin as part of their 401k plans. Blackrock enabled its Aladdin platform...