As with all areas of technology, the regulatory space continues to evolve and look at ways to use tech to make things more efficient.

RegTech is a general term for the use of technological applications and systems to help manage, whilst ensuring compliance with, regulatory demands and responsibility. Historically, such systems have been used to help simplify large manual tasks, particularly in relation to anti-money laundering and the detection of suspicious transactions. However, with the recent developments in AI, RegTech has started to realise and discover the enhancements it can bring to their products.

So will it be that RegTech continues to utilise the advances in AI or will AI eventually take over RegTech? Similarly firms need to consider their workforce and how AI will enhance it.

What are businesses doing about it?

The vast majority of businesses are thinking about AI, talking about AI, and researching AI to understand how it can work for them, across many areas of their business. Compliance and AML is undoubtedly a big focus within this.

For instance, BCB Group, a leader in payment services for crypto exchanges, is actively exploring ways to embed AI into its compliance framework, demonstrating a commitment to innovation while prioritising customer experience and safety.

Businesses such as BCB want AI tools to:

● Automate manual processes
● Drive efficiencies
● Improve processing times
● Unlock new potential

As an example, many processes in Anti Money Laundering (AML) & Terrorist Financing (TF) require analysing large volumes of data, identifying anomalies, and making decisions as to what should happen next. AI tools, such as those considered by forward-thinking companies, can significantly improve time and efficiency in these areas, as they can sift through larger volumes of data more quickly.

If AI tools were used for this type of work, they could allow businesses to be more agile, lean, and efficient, with less use of AML professionals' time on manual and process-oriented work. This is something BCB is keen to progress on, as it allows its AML professionals more time to concentrate on in-depth investigations, latest learning, framework development and enhancement as well as personal career focus and development.

And this isn't the only way that AI can impact compliance and AML teams; it can also help dismantle barriers by providing cost-efficient ways to help the firm's growth. For example, AI translation tools can be very powerful in assisting with communications between teams around the world, whether they are in-house or outsourced. This could mean that businesses can be more cost-effective and able to grow their global reach, without compromising on the safety or quality that can be impacted by breakdowns in communication due to language and time zone barriers.

But there is a health warning!

Whilst there are many ways in which AI can impact businesses in a positive way, as highlighted above – this should also be viewed alongside a number of concerns and warnings about AI, some of which are detailed below.

1. One of the most important factors to remember is that AI tools learn from the data which is inputted into them. If that data is inaccurate, then the tool will also be inaccurate.
2. Businesses implementing such tools would need to 'train' these systems to ensure that they are producing the correct results – and this training can take many months.
3. Regulators recognise this fact, so they want businesses to make sure AI tools are consistently quality assured and that professionals still have oversight on decisions made using information from AI tools.
4. Privacy concerns! Anyone inputting KYC/KYB information into AI that you don't host or have full control over must ensure they have strong safeguards in place to make certain they are protected against potential data breaches and so forth.
5. There are/could be AI impact on careers and jobs

Before making any decisions on whether AI is something your firm is ready to embrace alongside a skilled workforce who are able to utilise the opportunities to grow your firm, and your own career do consider the below points when wondering if and how AI might impact your firm or role:

● AI isn't going anywhere so embrace it, if you don't someone else will! Think of AI as a tool that you can use to help you work smarter.
● AI isn't always accurate, so professionals will always be required to ensure the best outcomes. This means it's important to continually develop your own skills and keep them agile and up to date.
● Keep reviewing your own skill set, your value-add, and your impact on the business, and whether this is sustainable as AI evolves. Learn about AI's value-add as well, and instead of trying to replicate it, think about how you can use it to elevate your own position.
● The importance of soft skills cannot be under-estimated so keep focusing on this. They will become even more important in the future. Keep having conversations, network, and learn from peers. In an era where home and remote working has become prevalent, it's important to retain your communication skills by ensuring you're interacting with others often.

Conclusion

 Conversations about AI and RegTech will continue, and AI will keep evolving and even enhancing RegTech. Businesses should leverage the opportunities that AI can bring whilst exercising caution and continuing to hire and retain professionals with agile skill sets, who can ensure AI is used successfully and safely.

Whilst BCB and Twenty84 agree that advancements in AI will aid in AML investigations, we believe it cannot replace the human expertise and knowledge of high quality AML and Compliance professionals; they remain as important as ever. AML and Compliance professionals can and will only benefit from learning about AI, keeping up to date with its development, and embracing its use. By doing this, they can assure their own position as well as helping their firm to thrive.

***************************************************************************

This blog has been written in collaboration with Kym Routledge, Head of Financial Crime at BCB Group.

 Kym joined BCB in August 2022 as Head of Financial Crime, after holding the same position at an authorised UK lending platform which she left to expand her experience into DeFi. Having over 20 years experience in financial services in TradFi, including 13 years spent at HSBC group and time at BOS, as well as working for a UK FinTech, Kym is a forward thinker, who has a proven track record of assembling and managing Financial Crime teams of multiple sizes across different jurisdictions, whilst driving efficiencies and safeguarding firms against money laundering (ML) and terrorist financing (TF) threats. Kym is responsible for leading a team of Financial Crime SME's and Analysts to develop and operate the firm's ML and TF control framework.

Fraud isn't a new phenomenon, but in recent years it's gained momentum, causing anti-fraud professionals and experts to look for ways to strengthen the fight against fraud and economic crime.

In particular, the rise in APP Fraud has been alarming, now representing 75% of all digital banking fraud. Fraudsters are continually re-inventing themselves, using new tactics and technology to target victims. Counter-fraud leaders must do the same.

But in order to win this war, it's important for everyone to do their part - and this includes those who become victims, too.

Gross Negligence

It's important to be delicate with the phrase 'gross negligence', when applying it to victims of fraud.
Many victims of fraud feel the stigma that is attached to being scammed, left feeling ashamed and somehow at fault. In some tragic examples, victims have fallen into depression and suicidal thoughts as a result.

It is completely clear that fraud is not the fault of the victim. Fraud is perpetrated by criminals who are entirely responsible for the fall-out. But nevertheless, consumers must become aware of the signs of fraud in order to stop it from happening to them.

Gross negligence is not simply an action taken thoughtlessly; it's applied to a situation where a customer has knowingly authorised a payment, for example, to leave their account. Even then, if the extent of a scam is sophisticated and the customer was led to believe that they were authorising a legitimate payment, it cannot be called gross negligence.

However, if there are clear signs that a payment request might not be legitimate, and the customer has not taken due care to check out significant red flags before going ahead, then this could be called gross negligence. What providers need to be aware of is that the bar for this is quite high when being investigated by regulators. Banks, payment providers and other financial institutions must all have rigorous processes in place to ensure they are checking these payment authorisations, too.

If you're not sure – talk to somebody about it

With the world of payments having developed rapidly over the last few years, making it easier and quicker than ever to make payments using phones and 'one-click', it can be easy to disengage with what we are actually doing when we authorise a payment. A lot of the time, consumers are making payments whilst also doing other things, or on the go.

We now have the ability not to think too much about it when making payments, and while this can work well for businesses, it also plays in to the hands of fraudsters, too.

So in order to stop themselves becoming victims, consumers need to pay attention to anything that doesn't feel right.

Double-checking things and speaking to their payment provider or bank if there are even the slightest red flags, should become part of a consumer's thought process.

Stop! Think Fraud

Consumers aren't being left to deal with this problem alone. Earlier this month, a national campaign against fraud entitled Stop! Think Fraud, was launched. The public awareness campaign is backed by leading counter fraud experts, government agencies, law enforcement and businesses in the technology, financial and retail space, who will unite to give one clear and concise message of advice to the public.

Instead of mixed messages and various different campaigns in different sectors, Stop! Think Fraud will be the one clear set of advice which will limit confusion.

The campaign will include an online fraud hub and adverts using various mediums in public settings. Most importantly, the campaign will empower people to protect themselves.

Home Secretary James Cleverley said:

"I encourage everyone to stop, take a moment to think about fraud, and share this messaging far and wide."

This blog was written in collaboration with Claire Maillet: Counter-Fraud Expert and PhD Researcher, University of Portsmouth

Claire is a multi-award-winning counter-fraud expert and has worked in financial crime prevention for 10 years. She has held previous positions at Amazon, Cifas, World First, Jaja Finance and most recently Ziglu as Director of Financial Crime Operations.

Last year, Claire was shortlisted for several accolades, including "Woman of the Year" and "Head of Financial Crime of the Year". Notably, she was honoured to be a four-time TECA finalist in 2023; the greatest number of shortlistings for an individual in the history of the Awards.

In her spare time, Claire undertakes a PhD in Criminal Justice Studies at the University of Portsmouth, looking at insider fraud within FinTechs, which she is due to complete in 2026. She is a seasoned national and international public speaker, speaking about internal and external fraud, disability and inclusion.
In January 2024, Claire launched 'fraudible' - a video podcast combining fraud practitioner experience and academic fraud theory.

In November 2023, a Freedom of information request revealed that the FCA had written to no less than 643 firms earlier in the year, expressing concern about their high turnover of MLROs.

These firms had had three or more MLROs registered with the FCA, across a period of three years.

So, what prompted this sort of turnover, and what can businesses do to keep their MLROs in post – and avoid scrutiny from the FCA?

It's important firstly to note exactly what the role of an MLRO is, and what legal function it holds.

The role of the MLRO

An MLRO – Money Laundering Reporting Officer – is responsible for ensuring that the business is not facilitating any form of money laundering by carrying out its activities. In very small or start-up firms, the MLRO might be the only person carrying out this type of work, whereas in larger organisations, they may have a team reporting to them.

For businesses carrying out regulated activities, there are designated senior manager functions that must be fulfilled. The MLRO usually takes the SMF17 function. In this capacity, they must be approved by the FCA before starting the role, and their name will be added to the FCA register.

"Every SMF holder will have a Duty of Responsibility under the Financial Services and Markets Act 2000 (FSMA). This means that if a firm breaches one of our requirements, the SMF responsible for that area could be held accountable if they did not take reasonable steps to prevent or stop the breach." [FCA – Senior Manager's Regime]

Why the high turnover?

Of course, a high turnover of MLROs does not apply to all or even the majority of financial services businesses. However, there are clear themes coming out of conversations with MLROs that have left or are looking to leave a role after a short period of time.

Culture

If the culture of the business does not facilitate the MLRO to carry out their role within the boundaries outlined by the FCA, as well as to their own standards – then they may feel they have no option but to leave. This could include risk appetites being stretched to accommodate commercial goals, despite the MLRO's recommendations or warnings. It can also be frustrating for an MLRO not to be included in conversations or decisions at leadership and board level, especially considering their personal liability. I've found a key metric for measuring culture is the relationship between sales and compliance, and how the board favours decision making for edge cases that stand to make a lot of money, but are on the very edge of the firms' risk appetite.

Value

MLROs know their own value and worth, but sometimes businesses do not align their remuneration packages with the market value of the MLRO – or the responsibilities and duties they are expected to take on. Some MLROs have reported burn-out and overwork due to non-investment in compliance and financial crime resources by the business.

Risk

As an SMF17, an MLRO could be held accountable for any breaches of FCA requirements. Some MLROs have reported feeling anxious or fearful that the decision-makers in the organisation they are working for, may be authorising activities which leave the firm – and the MLRO – at risk of investigation, fines and reputational damage. At the most serious level, should an MLRO be found to have allowed these activities, this could result in them being removed from the register and their career tarnished.

These three areas can all converge to result in an MLRO feeling unable to stay in their position. At best they may feel undervalued, and at worst that their personal integrity and hard-won career is being compromised.

What can businesses do?

When someone takes a permanent role as an MLRO, in the vast majority of cases they will be expecting to stay in the position for at least a year. To retain them for this amount of time, and longer, businesses can consider the following:

Value the advice

MLROs in most cases are experienced professionals with strong knowledge and experience in their field; use them to accelerate your business. The MLRO can help you stay within the boundaries of regulation while helping you achieve your commercial goals, and should be involved in decision-making throughout.

Value the function

Regulated businesses need to assign an appropriate amount of budget/time/attention to the Compliance and AML function in their business. It's not just a tick box; if funded appropriately, this function can enable your business to excel, grow and succeed, while helping you avoid the huge costs of fines or reputational damage.

Value the person

It's not just about money; in a small or start-up business, MLROs understand that salary may be lower. But look at the whole remuneration package you're offering, and try to make it competitive or you will risk losing your MLRO. It's also important to offer other benefits such as flexible working and pension. You can also make up for what you can't offer in monetary terms, by offering opportunity instead. An MLRO will be likely to stay with a business who gets them involved in all the elements of the journey, and makes it an exciting and inclusive place to be.

Conclusion

As SMF17, the MLRO in a regulated business is of great value. It's important that businesses recruit the right person for their business – but ensure that the environment works both ways in order to retain them. A great working partnership between the MLRO and the business leaders can result in a thriving organisation, which can satisfy regulators and customers alike, while enjoying all the benefits of commercial success.

The best places I've ever worked in are those that realise that compliance is an enabler to do 'good' business, and empowered me to make informed decisions. The worst places I've worked in want the MLRO to be seen and not heard; needless to say, it didn't last long.

*************************************************

 This blog was written in collaboration with Tony Brown, Chief Compliance Officer at Finteva (ProfPGDip(FCC); Dip(FinCrime); Cert(AML); FICA; CAMS).

Passionate about risk management and driving compliance initiatives, Tony leads with a dynamic, forward-thinking approach. As Chief Compliance Officer at Finteva, he shapes a collective vision, which is centred around making profits with purpose and providing first class service to clients. Tony believes in simple solutions to complex problems and has spent over 20 years in industry helping businesses to understand the difference between 'doing things right and doing the right thing'.

Organisations are currently facing increased scrutiny over their conduct risk culture.

In this blog we explore the nature of conduct risk, how businesses can achieve good outcomes, and the relationship between incentive structures, performance metrics, and their impact on shaping the conduct culture in financial institutions.

What is conduct risk?

Conduct risk refers to the potential harm that can arise from the behaviour of individuals within an organisation. It is crucial for companies, especially financial institutions, to measure and assess their conduct risk culture to ensure alignment with their values.

There are many methodologies and frameworks used to measure and evaluate conduct risk culture. The best culture change initiatives will not be one-off exercises, but long term programmes, because it takes time to change embedded assumption, norms and beliefs.

All culture 'journeys' require a consistent and focussed effort from the top of the organisation down - and should look at how to move beyond simply meeting regulations. It is essential that firms do not become complacent; they must regularly re-assess their culture, understand progress to date, take action on gaps and instil an effective and resilient culture.

Culture is lived by the people in the organisation, and things are always fluid; new employees come in bringing new ideas, or the business may have to make changes due to external factors. The most effective firms constantly keep in mind that the culture is evolving all the time – and they shift their strategy to cope with this.

What do the regulators say?

Recently there has been increased regulatory focus on the topic of culture. In 2022, the FCA's Emily Shepperd gave a speech entitled "From Zeroes to Heroes: How culture in financial services can change for everyone's benefit." The FCA has also boosted a cultural shift in financial services with the 2023 Consumer Duty regulations, and their recent consultation paper about Diversity and Inclusion.

The Australian Prudential Regulation Authority (APRA) published their 'Risk culture 10 Dimensions' framework, outlining these 10 key aspects which contribute to risk culture:

APRA's Risk Culture 10 Dimensions:

Risk Behaviours
1. Leadership
2. Decision-making and challenge
3. Communication and escalation
4. Risk capabilities
5. Alignment with purpose and values

Risk Architecture
6. Risk governance and controls
7. Risk appetite and strategy
8. Risk culture assessment and board oversight
9. Responsibility and accountability
10. Performance management and incentives

Measuring and assessing conduct risk culture

To effectively measure and assess conduct risk culture, organisations employ various methodologies and frameworks. The most commonly used framework is the "Three Lines of Defence" model. This model delineates the roles and responsibilities of different stakeholders within an organisation to ensure effective risk management.

The first line consists of the employees who directly interact with customers and clients.
The second line involves risk management and compliance functions.
The third line includes internal audit and independent review functions.

This model facilitates a comprehensive assessment of conduct risk culture by incorporating multiple perspectives.

Another methodology used to measure conduct risk culture is conducting cultural surveys and assessments. These surveys aim to gauge employees' perceptions and behaviours regarding conduct risk. By gathering data through anonymous surveys, businesses can identify potential gaps and areas for improvement. Assessments can also include interviews with key personnel to gain a deeper understanding of the organisation's culture and its impact on conduct risk.

Using appropriate conduct and culture management information will embed and strengthen the methodology used.

Incentives and culture: aligning behaviour with values

The relationship between incentive structures, performance metrics, and conduct culture is important in shaping the behaviour of employees within financial institutions. Incentives play a significant role in motivating individuals to achieve desired outcomes - but they can also inadvertently encourage risky behaviour if not aligned with an organisation's values.

To align behaviour with values, leadership teams should design their incentive structures carefully. This involves setting performance metrics that promote conduct risk awareness and adherence to ethical standards. Examples of these metrics could be:

• Customer satisfaction ratings
• Compliance with regulatory requirements
• Internal reviews from fellow employees
• Adherence to ethical codes of conduct

Linking incentives to these metrics should encourage employees to prioritise responsible behaviour and align their actions with the values of the business.

It's also important to communicate effectively with employees and implement training programmes to help create a strong conduct risk culture. Employees need to understand the importance of conduct risk and how it aligns with the organisation's overall mission and values. Regular training sessions using real life examples or external cases studies can help reinforce the desired behaviour and promote a culture of accountability.

What's the outcome of a strong conduct risk culture?

Measuring and assessing conduct risk culture is a priority for organisations, particularly financial institutions, if they want to mitigate potential harm and align employee's behaviour with their values. The gold standard is for employees to understand the expected behaviours, and to live the values through their work at all times, thereby safeguarding the business and its customers – as well as fostering trust and confidence among stakeholders.

Firms should use methodologies such as the "Three Lines of Defence" model and conducting cultural surveys to gain insights in to their conduct risk culture, as well as make changes in order to strengthen it. And it's also important to align incentives and performance evaluations with values so that the right behaviour is encouraged and rewarded in ways that promote responsible conduct.

Ultimately, a robust conduct risk culture contributes to the long-term success and sustainability of an organisation, the experience of its employees - and more importantly, the safety and satisfaction of its customers.

************************************************

This blog was written in collaboration with Martyn Carvey, Head of Ops Risk and Compliance SMF16 at National Australia Bank. 

Martyn has 20+ years of experience in risk management, regulation, policy-making and leading complex projects across sectors including Corporate Institutional Banking, Asset Financing, Private Banking and Asset Management. Key specialisms include embedding risk management, risk culture, risk reporting, regulatory strategy, ICAAP, stress testing, recovery planning, wind-down analysis and Brexit planning and has a strong background in delivering effective Governance, Risk, Compliance and AML/Financial Crime programmes within the Financial Services industry. Martyn currently is the Head of Operational risk and Compliance holding the SM16 function, as well as Head of Financial crime at National Australia Bank. He is a pragmatic and practical problem solver and leader who enjoys a complex challenge. Martyn has previously Chaired the Risk Network , which consists of 100+ CRO's across all finance sectors and has presented on risk assessment methodology and embedding risk frameworks into organisations. Martyn is a member of various trade associations and industry bodies.

It's Autumn 2023, and Artificial Intelligence is a high-priority topic on many business agendas across the world.

Regardless of industry or function, business leaders are trying to understand how to harness the power of AI – to use it to help improve their performance, and reduce inefficiencies.

But it's very difficult to embed AI into business process when it is still evolving so quickly; and it is crucial for leaders to ensure that there are controls in place, clarity around its use, and that it is not relied upon too heavily in functions where human interventions are still critical.

One of the most important functions, especially in Financial Services, is Compliance and Anti-Financial Crime. These teams are pivotal in ensuring that customers are kept safe, and that criminals are kept at bay. So, can AI help them do this – and is it failsafe?

AI and AML activities

We know that fraud is a billion-dollar problem across the world, and that anti-financial crime professionals often have huge amounts of data, transactions and trends to analyse, in order to detect threats and risks. This is probably one of the key areas in which AI can really impact efficiency. For example, AI systems can:

• Perform advanced transaction monitoring: AI-powered systems can analyse vast amounts of financial transaction data in real-time, identifying suspicious patterns and anomalies
• Carry out accurate customer risk assessments: AI-driven tools can assess customer risk profiles more accurately by analysing a broader range of data sources, including social media activity and online behaviour.
• Forecast: AI can forecast potential money laundering or fraud activities by analysing historical data and identifying trends

By using AI in this way, anti-financial crime professionals can reduce the amount of time spent on going through the data and finding trends; instead, they can spend more of their time on analysis, producing reports and making informed decisions about risks to the business.

AI and Compliance

Regulations are changing all the time, and one of the key responsibilities of a compliance officer is to make themselves aware of changes, adapt their firm's procedures accordingly, and provide evidence to regulators that they are complying with the rules. AI can assist them in doing this by:

• Sifting through vast amounts of 'unstructured' data such as news articles and regulatory documents to draw out key areas of change or update to laws
• Composing summaries and simplified reports which Compliance officers can use to inform their recommendations to the rest of the business

Using AI in this way will reduce a Compliance officer's time spent on reading vast documents and draw out key points quickly, enabling them to use this information to analyse the changes they need to make internally and spend more time on putting new and effective controls or policies in place.

But does AI ever get it wrong?

Accuracy in AML and compliance tasks is absolutely paramount, so it's very important for Compliance and Anti-Financial Crime leaders to understand that AI is not perfect – and does get things wrong sometimes.

AI systems rely on accuracy of data - they use this data to learn and train themselves. If the input data is incomplete, outdated, or inaccurate, it can lead to erroneous results. Coupled with this is the fact that AI systems can very quickly become out of date, especially when it comes to regulatory information where, as Compliance Professionals know, changes in regulation can happen on a regular basis.

AI systems, although they will surely improve quickly, can be inaccurate in their findings; and when it comes to AML, this can result in false positives or negatives, which could potentially add to the workload of an Anti-Financial Crime professional rather than take it away. AI systems can also 'inherit' bias, depending on the type of information they are learning from – so human oversight is crucial to ensure customers are treated fairly.

And what can't AI do?

AI is what it says on the tin – Artificial Intelligence. The speed and breadth of intelligence within AI systems will likely far outweigh that of a human; but humans possess some critical skills that AI systems don't have, at least not yet. When it comes to Compliance and Anti-Financial Crime, human professionals use the following vital skills to ensure success:

• Critical thinking and judgement; the ability to analyse information in the context of lots of other considerations, and form judgements without any bias
• Decision making; the ability to make well-informed decisions within the context of their own role and business
• Relationships; the ability to network, speak with peers, attend events and learn from these interactions
• Ethicality and Trust; humans are able to build trusting rapport with customers, which machines are much less able to do, as well as ensuring ethicality and fairness are always kept in mind

So, as a Compliance and Anti-Financial Crime professional, you may well find that you are starting to use AI systems more and more in your work – but do so with assurance that you are using it in the right way and for the right things. Compliance and Anti-Financial Crime professionals should embrace AI as it continues to develop, and acknowledge that it will become ingrained in your professional lives in a positive way; leaving you to spend more time doing what you do best.

*********************************

This blog was written in collaboration with Kash Baig, a senior compliance professional whom Twenty84 has had the pleasure of working with for many years. Kash describes himself as a sci-fi nerd who loves Star Wars/Trek and all things superheros; an avid reader who dreams of peace and harmony in a dark world – who with the time left does some compliance work! Kash began his career working in criminal law, before moving into compliance around 2010. He has since evolved in to a self-confessed compliance nerd who loves...life!

Fraud has emerged as a grave threat to the well-being, prosperity, and security of the UK. It currently accounts for over 40% of all offences in England and Wales, making it the most prevalent form of criminal activity.

The government's new fraud strategy aims to combat this head-on, with a primary focus on reducing fraud by 10% and protecting hard-earned money from the clutches of criminals. In this blog, we will explore how this strategy will impact the role of anti-financial crime officers in their ongoing battle against financial fraud.

Understanding the Severity of the Issue

Fraudsters have become increasingly cunning, relentlessly targeting vulnerable individuals, businesses, and organisations, both online and in their own homes. Their activities not only pose a significant risk to our national and economic security but also provide a breeding ground for organised crime. Recognising the urgency to address this issue, the government's 2021 Integrated Review of Security, Defence, Development, and Foreign Policy emphasised the importance of the Fraud Strategy in safeguarding the integrity of the UK's financial systems.

Jessica's commentary:

"Fraud is a large criminal industry – it's an easy way to make money. We often think of fraudsters as the bad guys, and this is certainly the case most of the time. Many fraudsters conjure up and commit their own fraudulent activity. But the profile of a fraudster is also becoming more complex, with investigations identifying instances of vulnerability and human trafficking within organised criminal gangs. In some cases they are using trafficked individuals to commit fraud (such as romance scams) from places as far away as South East Asia."

Urgent Action Required

The financial consequences of fraud are devastating, with reported losses totalling a staggering £2.35 billion in 2021 alone. However, it's important to acknowledge that the impact extends far beyond financial loss. Fraud also inflicts immeasurable emotional harm, with some victims tragically resorting to taking their own lives. Consequently, the government is committed to taking swift and decisive action to tackle this ruthless crime.

Collaborative Approach

The success of the fraud strategy hinges on effective collaboration between various stakeholders, including government bodies, law enforcement agencies, regulators, industry players, and charitable organisations. By working together, the key stakeholders can enhance the protection of consumers and individuals and ensure a collective response to combat fraud. Anti-financial crime officers across all these stakeholders will be key players, and there will be an emphasis on working collaboratively as part of your role. The government's strategy says that 'when communication flows both ways, important breakthroughs are possible.' It's likely, therefore, that Anti-Financial Crime officers will start to see improved data-sharing methods and the removal of barriers, so that they are empowered to share information with other businesses and public sectors.

Jessica's commentary:

"Improved data sharing has been the biggest discussion point in anti-financial crime for years. Existing barriers remain in terms of privacy concerns, but the new Economic Crime Bill starts to peel away some of these barriers. We are also seeing several data sharing initiatives, including one with more than half a dozen UK banks in advanced talks with the UK government and law enforcement on how to systematically share data. They are expected to launch pilots shortly."

Additional resources and funding

Recognising the need for increased resources, the government has pledged £100 million in additional funding to strengthen law enforcement's efforts against fraud. This should translate in to enhanced support for anti-financial crime officers, with additional resources made available to bolster your effectiveness in identifying, investigating, and prosecuting fraudsters.

The fraud strategy places a strong emphasis on proactive measures to impede fraudsters' activities, and to ensuring that victims are properly reimbursed and looked after. The government feels that efficient and streamlined reporting systems are vital in the fight against fraud. There are plans to launch a state-of-the-art reporting system, empowering victims to directly report fraud and cyber-crimes to the police. Across industries, anti-financial crime officers will play a part in ensuring customers can report fraud on the company's platforms, as well as following up those reports and sharing intelligence quickly and efficiently with other stakeholders.

Jessica's commentary:

"Mandatory reimbursement for Authorised Push Payment (APP) fraud victims is a key focus for the payments industry. Once launched, payments firms will be required to reimburse fraud victims. Whilst this is positive for victims, it will be a logistical challenge for many smaller payments institutions. The Payments Systems Regulator will be issuing more guidance shortly and is proposing a tight implementation date of 2nd April 2024."

Incentivising All Stakeholders

The government is committed to incentivising all parties involved in the fight against fraud. The tech sector will be required to implement additional protections for customers, backed by stringent penalties for non-compliance under the Online Safety Bill. Transparency in highlighting the safest platforms will incentivise companies to prioritise fraud prevention; so this in turn may lead to businesses upskilling their teams as well as hiring strong financial crime, fraud and compliance professionals to ensure that they are meeting the requirements. Businesses with a proven track record of identifying fraud, building in strong anti-fraud measures to their platforms and assisting customers, will ultimately attract trust from their target market. Anti-financial crime professionals will play a large part in this.

The government's comprehensive fraud strategy provides a clear roadmap for combating the growing threat of fraud. As an anti-financial crime officer, your role in implementing these measures is pivotal in protecting individuals and the nation's financial well-being. With increased resources, support, and a collaborative approach, you will be better equipped to pursue fraudsters, block their attempts, empower victims, and strengthen the overall law enforcement response to fraud.

Jessica Cath

Jessica Cath is the Head of Financial Crime at Thistle Initiatives, a regulatory compliance and financial crime consultancy. Jess works with a range of firm types within the regulatory sphere (from payments to crypto, high value dealers to insurance and investments) to meet financial crime requirements and mitigate the risk faced by their business.

Before joining Thistle, Jess was the Head of Financial Crime Project Delivery at FINTRAIL, working predominantly with FinTechs to build, scale and assure all elements of the financial crime framework. Jess has broad experience working with a range of institutions to design and enhance policies and procedures; implement systems; overhaul processes; change embedded cultures; and support s166 reviews and remediation both in the UK and abroad.

Prior to joining FINTRAIL, Jess worked at Capco managing large scale remediation and transformation exercises at more traditional financial institutions (including private banking and Tier 1 banks). Jess also has a background in intelligence and investigations from Kroll and a Masters in Intelligence and International Security.

What it means, why it's necessary, and how regulation is enabling the transformation

When we think of the risks from climate change, we often think of the longer-term consequences on global temperatures, the effects of melting ice and rising sea levels on certain animal habitats or low-lying island nations, or, as we've been forced to confront with increasing frequency, extreme weather events such as heat waves and hurricanes, and their destructive impacts in the form of forest fires and flooding. And, as regulators and central banks are now acutely aware, these "physical risks" represent only one component of the overall risk posed by climate change to the world's economies and on the global financial system.

There is now global consensus on the impact of human activities on the climate and also conversely of the impact of climate change on human activities. Governments and multinational bodies consider the steps needed to introduce targets to limit global warming (such as the Paris Agreement) and to reach net-zero emissions (such as the UK's 2050 Net Zero Target). Financial regulators consider the "greening of the financial system" as a necessary step to developing a more sustainable and resilient financial system, which is robust in the face of climate change and also supports better allocation of capital to sustainable activities.

The global financial crisis of 2007-2008 highlighted the fragility of the financial system in the face of systemic shocks. Climate change is one of these shocks. Climate risk – whether physical (as described above), "transition risk" arising from the impact of policy and regulatory changes on businesses and operations, or "liability risk" arising from individuals or businesses seeking compensation for losses suffered as a result of physical or transition risks – is now recognised as a massive source of systemic risk, and therefore must be understood and managed by financial institutions and their supervisory bodies. Physical risk can impact factories, supply chains and workforces. Transition risk has the potential to disrupt entire business models, as certain high-emissions activities are severely curtailed or banned outright.

Central banks and regulators are increasingly concerned about the potential for this climate risk to crystallise, the impact on firms' business models, share prices and creditworthiness, and the knock-on impact to the asset managers, banks and other financial institutions that are exposed to them. As a result of the financial crisis, they now have an established toolbox at their disposal with which to manage this risk at a systemic level, via the financial institutions under their direct supervision. This includes prudential measures such as requiring financial institutions to incorporate climate risk into their ongoing risk management, liquidity and capital adequacy requirements, and running stress tests at both the individual institution and industry level through initiatives such as the Bank of England's 2021 Biennial Exploratory Scenario on Financial Risks from Climate Change. Following its publication in 2019 of Supervisory Statement 3/19 on "Enhancing banks' and insurers' approaches to managing the financial risks from climate change", there is now a clear expectation from the Bank that firms under its supervision should have "fully embedded their approaches to managing climate-related financial risks by the end of 2021".

There is a clear need to incorporate climate risk into pricing and risk management processes. At present, however, the climate risk posed to most firms remains poorly understood. It is not incorporated into share price valuations or factored into the cost of financing by lenders and other buyers of debt. It does not form a component of counterparty risk, and therefore is not priced into longer term derivative contracts. This lack of understanding at the individual firm level makes it difficult for financial institutions to assess their exposure to climate risk via their investments. It also makes it difficult for them to understand how to better allocate capital in order to meet their own internal, or externally imposed, targets for financing of sustainable activities. For some, such as pension fund and asset managers, understanding their climate risk exposure is seen as a way of enabling them to better start managing climate risk in their portfolio now, and divesting themselves of potentially high-risk investments. For others, such as executing brokers, there is a desire to remain in line with the pack, and to price consistently with the rest of the market.

Data, obtained via mandatory reporting requirements, plays a significant role here. For all firms across the economy, the incorporation of climate risk into their annual disclosures is the starting point for understanding climate risk at a systemic level. To be useable and useful, such disclosures must also be consistent in granularity, format and approach. Initiatives such as the Task Force on Climate-Related Financial Disclosures (TCFD) are working with global standards bodies to develop improved climate disclosure standards. In November 2020, the UK became the first country in the world to announce a roadmap towards mandatory TCFD-aligned disclosures across all sectors of the economy by 2025. Such data, when available, can then be incorporated into pricing and risk management. Elsewhere, the EU's guidance on its Non-Financial Reporting Directive encourages firms to make their climate-related disclosures in line with TCFD recommendations.

Some regulators are also starting to look at proactive measures to improve capital allocation for sustainable activities and businesses. Banks, for example, may have internal targets on how they will transition their client portfolio towards "green" or sustainable companies and projects. In the absence of clear definitions around such activities, there is a risk of "greenwashing", whereby firms divert financing towards projects that have only superficial green credentials. The EU's Taxonomy Regulation aims to provide "a common language and a clear definition of what is "sustainable"". This will enable the development of financial products and services that direct capital towards sustainable investments in a way that is clear and transparent to investors.

It will take a huge amount of work to transform the financial system into one that can better support sustainable objectives and remain resilient in the face of climate change. Fortunately, we have the tools to measure and to understand such systemic risks. The question has long been, instead, whether governments and regulators had the will to deploy these tools. Climate risk is now so high on the regulatory agenda that 95 central banks and supervisory regulators have now come together under the banner of the Network for Greening the Financial System (NGFS), whose purpose is to share best practices and to contribute towards the development of a more sustainable economy and financial system. And this may just be the start of a wider transformation towards more purpose-led finance. Whilst most focus to date has been on the "E" in ESG, due in no small part to its urgency, the same principles of regulation that are being applied now to the problem of climate risk could in the future be transferred to the "S", and the integration of measurable social impact into the financial system.

 This blog was written by Jannah Patchay.

Jannah specialises in financial markets innovation. Across two decades' experience in the Financial Services sector, she has provided advisory, consulting and delivery services to a wide cross-section of market participants including exchanges, tier-1 investment banks, brokers, funds and start-up businesses.

This includes a range of engagements for clients, including assisting in the launch of new trading venues, businesses, products and services, interpreting and implementing new regulations, and advising on regulatory, business and operational strategy. Her regulatory subject matter expertise lies in financial market structures and applicable regulations, such as Dodd-Frank, EMIR and MiFID / MiFIR, with a particular emphasis on cross-border and extraterritorial issues.

She is a Director and Regulatory Advocacy Ambassador of the London Blockchain Foundation, driving the regulatory agenda and leading regulatory consultation responses and advocacy with respect to the emerging digital assets sector. As a member of the Whitechapel Think Tank's Future of Payments WG (with representatives from industry, government and academia, and supported by Innovate Finance and the City of London Corporation) she is also involved developing policy recommendations and advocacy around digital money and its potential for advancing financial inclusion and payments innovation. Jannah covers financial innovation topics as a freelance journalist.

What are they, what are they used for, are they safe, and what are the regulatory considerations around them?

If you or your firm are active in cryptocurrency or digital asset markets, then chances are high that you've used stablecoins, even if you may not be familiar with the term. While stablecoins are integral to the smooth functioning of these markets, their uses and applications extend far beyond them and increasingly into the world of traditional financial markets and payments infrastructure as well. In this primer, we'll take a look at stablecoins, their structures, uses, key considerations and challenges for users, and the way in which they are regulated.

What is a stablecoin?

A stablecoin is a digital token with a value that stays close to specific reference, normally a fiat currency or a basket of fiat currencies. There are several methods to achieve the stability of value of the stablecoins that range from backing the tokens with an equal amount of fiat money or assets, to sophisticated algorithms run by computers and smart contracts. Facebook's original proposal for its Libra stablecoin, for example, envisaged it as being backed by a basket of currencies and short-term assets.

Stablecoins do not necessarily need to be backed by the physical assets whose performance they wish to track. Like exchange-traded funds (ETFs), they can be synthetically backed as well. These are known as algorithmic stablecoins. Some algorithmic stablecoins aim to maintain a value that is pegged to another asset through holding a basket of reserve assets that overall mimic the performance of the pegged asset. However, algorithmic stablecoins do not need to be pegged to any asset; an algorithm (which is a mathematical formula) executed by a computer or a smart contract can be the source of stability behind the stablecoin, operating by adding or subtracting tokens into the market to maintain a stable value.

At this point, you might be wondering what the difference is between a stablecoin and any other digital asset that aims to provide exposure to an underlying asset for investment purposes. The primary use of a stablecoin is as a means of payment or a means of settlement, and it's this behaviour that drives their treatment from a regulatory perspective as well.

What are stablecoins used for?

The first stablecoins were introduced for use in settling cryptocurrency transactions on-chain. For investors and traders who don't want to fully cash out their positions in fiat currency after each crypto transaction, stablecoins such as Tether's USDT offer a convenient mechanism for effecting both on-chain settlement, and holding USD value, ready to trade crypto again, without converting back and forth between fiat USD.

Stablecoins can also be used as a means of developing more efficient payment systems, especially for cross-border payments. By converting fiat to stablecoins, value can be rapidly moved around blockchain-based payments systems, bypassing traditional payments and banking infrastructure and layers of intermediaries, and enabling faster and cheaper domestic and cross-border payments to be made. This is the premise of Facebook's Diem (formerly Libra).

From a more institutional perspective, the benefits of issuing and trading digital-native financial instruments such as stocks and bonds (also known as security tokens), are becoming more apparent. These digital securities can be settled instantaneously on the blockchain, without the layers of inefficiency and time delays that exist for traditional paper-based securities. However, without a means of instantaneously delivering and settling the payments leg of the transaction, these benefits cannot be fully realised. Enter stablecoins: to solve this problem, many digital issuance and trading platforms have had to introduce their own stablecoin to effect instantaneous DvP (delivery vs. payment). Fnality's payments system seeks to address these gaps in the wholesale market, as well as providing a mechanism for more efficient wholesale payments.

Are stablecoins safe?

The answer is, sometimes, but definitely not always... At present, a stablecoin user is largely reliant on the guarantee of the stablecoin issuer that the value of their stablecoin will be maintained. In some cases, such as that of Tether, it may later be discovered that the issuer has not been managing the stablecoin in the way expected by or communicated to its users. There is also the question of what happens when the issuer of a stablecoin defaults. What recourse do holders of the stablecoin have? Are they left holding worthless coins? What happens to in-flight transactions for which the stablecoin is being used as a means of payment or settlement? Unless the issuer has put in place legal and other operational arrangements in anticipation of these scenarios, then the stablecoin user faces a degree of counterparty risk from the issuer.

This is an area of growing regulatory focus, with many regulators now identifying certain classes of "systemically important stablecoins" for which the issuer will be subject to a higher degree of oversight, and requirements to hold segregated asset reserves backing the coin. Central banks are also increasingly looking at introducing central bank digital currencies (CBDCs) – digital-native forms of fiat currency that could be used in many of the scenarios occupied by stablecoins today, without the same risks attached.

How are stablecoins regulated?

The way in which stablecoins are regulated in different jurisdictions varies depending on how they are structured and operated, and / or how they are used in the markets. Regulators and central banks are now starting to take closer notice of the potential for some stablecoins to become widely used, and potentially systemically important, and developing rules to address the potential for systemic risk to arise as a result. This is driven in no small part by the looming spectre of Facebook's Diem and its potential to be used on a truly global scale.

Depending on the jurisdiction in which they are issued and used, and on their structures, some stablecoins may be already covered by existing regulation, or by new DLT and virtual asset regulations. In the UK and EU, some stablecoins are already caught by the rules associated with the E-Money and Payment Services Directives. The EU is introducing new rules specifically aimed at stablecoin issuers (and particularly, those issuers deemed to be of systemic importance) as part of MiCA – the Markets in Cryptoassets Regulation – however this won't enter into force for a couple of years. In the UK, the Treasury has recently consulted on further regulation of stablecoins, and looks set to introduce prudential and conduct requirements for systemically important issuers as well.

What does the future hold for stablecoins?

With CBDCs emerging as a major contender, do stablecoins have a future? The answer is, most likely, yes. It will be years before CBDCs are widely available in all desired currencies, and able to be used at scale and for the use cases currently filled by stablecoins. And by that time, the place of stablecoins may well be entrenched in certain sectors of the market, particularly for users of currencies such as USD which are likely to be reliant on private stablecoin issuers for some time yet.

Our prediction is that stablecoins are here to stay, and will continue to fill as yet new and undiscovered niches in both crypto and traditional financial markets.

This blog was written by Jannah Patchay and published jointly with BCB Group.

Jannah specialises in financial markets innovation. Across two decades' experience in the Financial Services sector, she has provided advisory, consulting and delivery services to a wide cross-section of market participants including exchanges, tier-1 investment banks, brokers, funds and start-up businesses.

This includes a range of engagements for clients, including assisting in the launch of new trading venues, businesses, products and services, interpreting and implementing new regulations, and advising on regulatory, business and operational strategy. Her regulatory subject matter expertise lies in financial market structures and applicable regulations, such as Dodd-Frank, EMIR and MiFID / MiFIR, with a particular emphasis on cross-border and extraterritorial issues.

She is a Director and Regulatory Advocacy Ambassador of the London Blockchain Foundation, driving the regulatory agenda and leading regulatory consultation responses and advocacy with respect to the emerging digital assets sector. As a member of the Whitechapel Think Tank's Future of Payments WG (with representatives from industry, government and academia, and supported by Innovate Finance and the City of London Corporation) she is also involved developing policy recommendations and advocacy around digital money and its potential for advancing financial inclusion and payments innovation. Jannah covers financial innovation topics as a freelance journalist.

BCB Group is Europe's leading provider of business accounts and trading services for the digital asset economy, regulated in the UK and Switzerland.

BCB Group provides accounts and payments processing for the pillars of the industry including Bitstamp, Coinbase, Kraken, Gemini, Galaxy, BitPay, Circle in dozens of fiat and cryptocurrencies.

With the passage of the EUs 5th 'MLD' (Money laundering Directive) to include VASPs (Virtual Asset Service Providers) / Crypto firms to ID&V and monitor transactions in line with recording and reporting obligations. There has been a rapid need for fellow Anti Financial Crime practitioners and operating model change agents within 'FS' (Financial Service) to upskill and expand their knowledge. That goes way beyond KYC and alert handling. The evolution of NextGen Tech 'DLT' (Distributed Ledger Technology) has generated a flourish 'DeFi' (Decentralised Finance) ecosystem of Crypto / 'VA's (Virtual Assets) that has paved the way for start-up tech firms to facilitate and offer exchange and safe custody of VA's. These VASPs as a start-up industry, is gaining the traction of transaction trust from a user community, as well as many established FS's (like VISA) and many jurisdictional regulators, that now embeds Crypto within the formal financial system.

A community of knowledge sharers

Considering current and historical wrongdoing. The inherit risks of borderless Blockchain that in many use-cases, abuses pseudonymisation to disguise identity to circumvent AML controls when storing or transferring dirty value, that facilitates illicit harm to people the environment. The good news is 'Anti Crypto Crime' communities, organisations and technologies are now GLOBALLY popping up, responding, and flourishing by offering brilliant FREE webinars, training sessions that in-turn are Masterclasses of refined and continued academic debate. All that have incredibly esteemed panellists and participants, via forum-chat, as a rich knowledge source.

It goes without saying, money laundering does not respect boarders, so I for one am grateful for such a global and borderless response from a group of diverse and talented thought leaders. Highlighting the ongoing challenges of the ramp up and adoption of VAs / NFTs (Non-Fungible Tokens) as a credible asset-class. As well as the technologies AKA Crypto RegTechs, that brings the much-needed confidence and integrity to the DeFi and smart contract marketplace, that again is a borderless ecosystem. That presents a new wave of jurisdictional enforcement problems, as well as operational pain points and accountability tensions that need to be ironed out and ratified , as the ecosystem evolves and compliance frameworks mature to meet sound governance expectation.

Further, these new learnings provide opportunity to be ahead of the curve, with the understanding and application of FATF guidance and the much awaited 'Travel Rule' that is generally cascaded and put into force by sovereign states. As stipulated regulation and legislation, thus deter governmental ignorance, and prevent member states going to grey list during the 'FATF country mutual evaluation' process.

Sanctions and ramifications of non-compliance

As we are all too aware Crypto / VAs can sadly be misused for nefarious activities predominantly with the rise of ransomware. COVID has created a work at home culture, that has expanded the cybercriminals attack surface to exploit certain vulnerabilities. Bad actors who have held many firms siege with ransomware for a ransom. Demands of a ransom always being requested via payment of Crypto. It must be noted that the U.S authorities have taken some lead to tackle this problem. OFAC has designated numerous malicious cyber actors under its cyber-related sanctions program. With over 800 VASPs in 80 countries, it is imperative to screen against OFAC watchlist irrespective of jurisdiction.

If there is any suspicion or evidence that bad 'cyber actors' are extorting ransomware payment may be sanctioned or otherwise have a sanctions nexus. OFAC has designated numerous nefarious cyber actors under its cyber-related sanctions program and other sanctions programs, including cyber criminals and those who facilitate ransomware transactions as a VASP. OFAC has provided clear details for contacting relevant U.S. government agencies -including DEA, FBI, FinCEN and OFAC and has highlighted sanctions risks in on the (US) treasury.gov website. VASP or any entity that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations, therefore putting themselves and the key principles at risk of being placed on the OFAC sanctions list. Which no law-abiding citizen would wish for.

Plausible justification for Crypto

Equally, legitimate rationales such as data privacy and humanitarian, like unbanked refugees who have worked hard and need to store value against oppressive regimes or those who got on the Crypto bandwagon early. As traditional and 'CeFi' (centralised finance) and DeFi converge as a trusted and traceable conduit to transfer value globally. Irrespective, if you are currently working for a FS firm that has an all-out ban on VASPs / Crypto firm onboarding. You simply cannot steer away from the complexities and nuanced affiliation that many AML practitioners will have to consider then opine, when met with a segment of Crypto when investigating both source of funds, wealth, and transaction. I very much doubt any bank will offboard Tesla or Elon Musk's interests, who publicly advocates and invests in virtual assets and coins.

Crypto's SOW

As this emerging breed of Crypto millionaires become HNWI (High Net Worth Individual) type, they will unequivocally have to demonstrate a credible narrative of how they derived their wealth, as they seek to diversify investment and spender (who would not!), that is SO reliant on traditional finance payment networks to procure luxury and high lifestyle living.

As this trend accelerates, there is an imperative discipline for rigorous, verified and validated 'SOW' (source of wealth) memo's that can sufficiently prove Crypto wealth, that is not placed or integrated from cyber-criminality or any other predicated offences, as prescribed within EUs 6th MLD. But, from the good investment of the surge of Crypto value, that will need a forensic and plausible audit trail to appease competent authorities and regulators.

Conclusion

illicit finance, be it proceeds of crime or good value funding wrongdoing like terrorism, unfortunately fuels adverse life changing ramifications, at worst costs lives, as well as conservation and environmental impact. As we all strive to continually improve to be vigilant and be better versions of ourselves. I could not encourage more a wider community of experts or Financial Crime experts to broaden their AML scope within VAs / Crypto. Again, these webinars are FREE and inclusive to all! That affords every AML practitioner, the permission to learn, by getting involved and participating into this evolving, comprehensive and fascinating conversation.

My view is Crypto is not going away, and compliance is a collective zeal, therefore, should be collaborative, never competitive.

This is a guest blog written by James Emin in association with Twenty84 and Raw Compliance.

James Emin is a qualified AML and GDPR compliance Business Analysis and Project Manager. 15 years of experience within Financial Crime, starting as a KYC analyst through to becoming an SME, as a career contractor. Whilst supporting and running change management projects at many leading regulated institutions, was then that he realised technology would be adopting much of the human effort that drove him to be a BA, tech change agent and thought leader. Therefore, he is passionate about nuancing the complexities of illicit value, from storage to borderless transfer and how Fincrime operating models need to be resilient to meet ongoing threats and typologies by using both agile and Value Engineering methodologies to optimise resources. Ranging from Proliferation Finance, FinTech and Regtech which led him to scribe other thesis's.

He holds an International Diploma in Business Analysis (BCS) and is AgilePM, Prince2, GDPR certified at practitioner level.

Raw Compliance provides ​a global platform for compliance professionals, and those interested in compliance, to build a global community to develop new skills, learn from experts, collaborate, network and try new initiatives.

Cryptoassets and cryptocurrencies have been gaining in recognition and awareness in recent times. There are now more than 4,000 cryptocurrencies on the planet, of which Bitcoin is the most well known. Here is a chart of the bitcoin price over the last 12 months (source Coindesk), which shows an increase greater than the factor of six:

Despite this increasing popularity, is there a danger that cryptocurrencies can be used for illegal activities such as fraud, money laundering and terrorist financing?

At one end of the scale is the view that as all transactions occur on a blockchain platform and are visible to all, there is no chance of misuse. At the other end of the scale is the view that just as "where there's muck there's brass", the corollary applies, and someone will always find a way into a system, or to abuse a system. The answer lies somewhere in between.

Cryptocurrencies and Money Laundering

It is possible to obfuscate the ownership of cryptocurrencies, some of which have more privacy features than others. The market has not just seen the rise of cryptocurrency exchanges, but also of mixing and tumbling facilities by which cryptocurrencies are bundled, divided and redistributed amongst different accounts. This makes tracing harder to conduct, but not impossible, as displayed in a Canadian case in 2019 involving seizure of CAD 1.4m of bitcoin, and the seizure by US authorities in 2020 of a USD 1 billion Bitcoin wallet associated with the notorious Silk Road dark web criminal supermarket.

The Financial Action Task Force (FATF) released guidance on VASPs "Virtual Asset Service Providers" (known as Digital Assets in certain countries) in 2019.* Countries are now required to assess and mitigate their risks associated with virtual asset financial activities and providers; license or register providers and subject them to supervision or monitoring by their national authorities. VASPs are subject to the same relevant FATF measures as those that apply to financial institutions. The guidance addresses:

• How do virtual asset activities and VASPs fall within scope?
• How should countries apply the Recommendations in the context of virtual assets or VASPs?
• How do the Recommendations apply to VASPs and financial institutions?

The guidance also includes examples of national approaches to regulating and supervising VA activities and VASPs to prevent their misuse for ML and TF. Cryptoassets are developing rapidly and the FATF guidance was revised a year later.**

The report reviews implementation and sets out:

• how ML and TF risks and the virtual asset market have changed since June 2019;
• progress in implementing the revised Standards;
• the private sector's progress in implementing the revised Standards, including the development of technical solutions for the implementation of the "travel rule";
• issues with the revised Standards and Guidance; and
• next steps regarding virtual assets.

The report finds that both public and private sectors have made progress in implementing the revised Standards. 35 of 54 jurisdictions advised they have now implemented the revised Standards, with 32 of these regulating VASPs and three prohibiting their operation. The other 19 jurisdictions have not yet implemented the revised Standards. While supervision of VASPs and implementation of AML/CFT obligations by VASPs is generally nascent, there is progress. In particular, there has been development of technological solutions to enable the implementation of the "travel rule" for VASPs, even though there remain issues to be addressed by public and private sectors.

The VA sector is fast-moving which means continued engagement between public and private sectors is necessary. FATF has agreed to continue its focus on virtual assets:

• continue enhanced monitoring of VAs and VASPs and undertake a second review of implementation of the revised FATF Standards by June 2021;
• release updated Guidance on VAs and VASPs, addressing stablecoins, anonymous P2P transactions and travel rule implementation;
• promote understanding of ML and TF risks involved in VA transactions and potential misuse of VAs for ML and TF purposes;
• enhance its engagement with the private sector, including VASPs, technology providers, technical experts and academics, through its Virtual Assets Contact Group; and
• continue its program of work to enhance international cooperation.

Cryptocurrencies and Terrorist Financing

Terrorist financing is a different issue to money laundering. It does not cost much to create a significant terrorist incident. The Bali bombing of 2002 killed just over 200 people. The cost for the terrorists to mount the operation was estimated at AUD 25,000 (about GBP 14,000). The attacks in the US in September 2001 killed nearly 3,000 and caused insurance losses of around USD 40 billion. The cost to mount the operation was estimated at USD 400-500,000. The costs of the "War on Terror" since are put at USD 6 trillion. This is just the cost to the US economy.

There is evidence that terrorists are now using cryptocurrencies to finance their operations. Last September French police arrested 29 suspected members of a Syrian related terrorist gang and charged eight of them with terrorist financing. French counter terrorism police alleged widespread anonymous purchase of cryptocurrency coupons from tobacconists across France, which were then credited to accounts opened from abroad by jihadists, who were then responsible for converting them into cryptocurrency on bitcoin purchasing platforms. France as a result has announced compulsory KYC requirements for all crypto companies operating in France, including companies not based in the country. Crypto-to-crypto exchanges will also have to be registered.

Red Flags

So how can you try and spot the misuse of cryptocurrencies? There are a number of red flags to look out for on transactions, which, depending on the circumstances, may lead you to develop a suspicion as to the true provenance of the value involved in a transaction, or the true activities of those involved. Here are the indicators developed by FINTRAC, the Canadian FIU, as an example (taken in isolation, these may be innocent of course, or there may be another legitimate explanation involved):

It is important to note that depending on your business activities, some of these ML/TF indicators may not apply.

• Client portfolio only consists of privacy coins or has a high value in privacy coins (For example, Monero, Dash, Zcash)
• Client transfers Bitcoin in large volumes in exchange for privacy coins (For example Monero, Dash, Zcash, etc)
• Client is unwilling or unable to provide information about the source of privacy coins they once held or currently have
• Virtual currency addresses match addresses on recognized watch lists such as the list of the Office of Foreign Assets Control (OFAC) or law enforcement information
• Many individuals register with the exchange within a short period using a shared address, mobile device, phone number, IP addresses and other common identity indicators
• The client's virtual currency wallet or address is linked to fraudulent activity in media reports and/or cyber security bulletins
• A platform receives unusual or persistent requests from other exchanges/vendors/service providers in respect of a client's deposited funds
• A broker charges abnormally high commission fees compared to the industry standard
• The white paper is of poor quality, incomplete, misleading, and has limited information
• Publicity is created around the initial coin offering (ICO) (advertisements, celebrity endorsements, social media ads), also known as pump and dump ICOs
• The developers are anonymous or information provided about the ICO cannot be verified
• There is no access to the smart contract, to the code or to technical information about the token's creation
• There is no possibility to sell the investment or to exit the project to recover the invested funds
• A series of complicated transfers of funds to multiple addresses or wallets that seems to be an attempt to hide the source and intended use of the funds
• Transactions take place at the same time of day. Transfers from fiat to virtual currency and virtual currency to fiat
• High volume and frequency of transfers between different types of virtual currencies
• Client provides an anonymous email address obtained through an encrypted email service
• Funds are deposited or withdrawn from a virtual currency address or wallet with direct and indirect exposure links to known suspicious sources, including darknet marketplaces, mixing/tumbling services, questionable gambling sites, illegal activities (for example, ransomware) and/or theft reports
• Funds flow through a large number of intermediate addresses in a very short period of time prior to being deposited in a client's wallet, or just after being withdrawn
• Virtual currency passes through mixers/tumblers and is transferred to multiple wallets, where the funds are cashed out
• The virtual currency's funds originated from an over the counter trade broker that advertises its services as privacy-oriented/anonymous
• Virtual currency address has links or hops from a wallet address that has appeared on online platforms indicating support for violent extremism or radicalization (including social media, ads on fundraising sites, sites on TOR or messaging sites)
• The source of funds used for the purchase of large amounts of virtual currencies is unknown
• The email address used in the transaction is linked to advertisements for the sale of virtual currencies on peer to peer exchange platforms. These advertisements may suggest that the client is buying and selling virtual currency on a commercial scale through a business as a non-registered money services business
• The client frequently receives funds from multiple payment processors
• The client makes frequent payments or transfers to companies, post office mailing services or uses money orders from agents of the Crown for the purchase of computer software or hardware

Cryptoassets are here to stay, but just as with non cryptoassets there are good ones and ones which are not so good. Thus you need to assess how to differentiate between them, how each particular cryptoasset ecosystem works, how it can be abused, as well as how to select the ones which work best for you, and avoid getting caught up in cryptocrime.

* FATF Guidance on VASPs
** FATF Guidance on VASPs revised