By Derek Smith Jr
As we plot our way through the mid-point of the first year of a new decade, the risk and compliance space has been inundated with changing landscapes. Interesting enough, here in The Bahamas, many risk and compliance professionals would have thought that 2018-2019 regulatory overhaul may have been a daunting task – then came the European Union (‘EU’) woes and COVID-19, among others. Consequently, at the intersection of these moments, the harsh reality hit – the anti-money laundering (‘AML’) struggle would continue.
I previously warned that COVID-19 will test the country’s risk based approach.
“The COVID-19 pandemic will most definitely, energize criminals to exploit known or inadvertent weaknesses within our (laws, guidance and private practice) anti-money laundering/counter-financing of terrorism (‘AML/CFT’) systems,” read my previous article.
The article furthered: “Compliance and AML/CFT professionals will now transform from being the generally accepted ‘legal necessity’ to an ‘essential and vital’ component to ensuring an institution’s reputational and financial risks are mitigated during these uncharted times within business.”
Locally, let’s fast forward to June 2020 newspaper headlines that read “Registrar General Department’s system hacked’, ‘New backs expose Registrar General’ and ‘Some Commonwealth Bank clients hit by phishing scheme’.
These are all indications that fraud and cyber-crimes are all on the uptick in The Bahamas.
Internationally and most recently, CNN reported: “Ramon Olorunwa Abbas appeared in a federal court in Chicago on Friday. He is accused of conspiring to launder hundreds of millions of dollars through cybercrime schemes.”
If this name does not ring a bell, let us try his acclaimed Instagram name “Ray Hushpuppi”.
“Prosecutors allege Abbas is one of the leaders of a global network that uses computer intrusions, business email compromise (BEC) schemes and money laundering capers to steal hundreds of millions of dollars,” CNN further wrote.
I submit that if both fraud and cybercrimes are on the rise, then money laundering, although not always detected, is also on the rise. Subsequently, I wish to reemphasize the fact that organizations must assess, adapt and act.
- Assess which aspects of their anti-money laundering and cybercrime regimes are working and which need to be tweaked.
- Adapt to models that better service their business while simultaneously education internal and external stakeholders.
- Act decisively while always considering and balancing their employee’s well-being with operational realities.
If your AML and fraud regime are separate, I would suggest a blended approach. If you are reading this and realize that you may not have a fraud regime, the time is now to create and incorporate a robust framework that is not siloed from your AML framework.
Although there is no standard approach to fighting the twin crime towers, here are two areas to consider in your pursuit to reduce the impacts of fraud and money laundering.
Balancing People and Technology
AML professionals must be both subject matter experts (‘SME’) in traditional money laundering typologies and red flags while having practical knowledge and tools to identify and mitigate cybercrime and fraud impacts. They must understand the flow of money laundering and be equally familiar with fraud typologies, ransomware and botnet and others which all have techniques and software to prevent impacts.
Risk Framework Design
Kevin W. Toth, the author of ‘The Convergence of Cyber, Fraud, and AML’ said: “Understanding the convergence of Cyber, Fraud, and AML is of utmost importance in today’s compliance and regulatory landscape.”
I often note that everything in life is a science. Risk Management is a science as it’s a structured approach designed to identify potential threats to an organization, deploy mitigating controls while encompassing monitoring tools to evaluate the strategy. With the growing cost associated with compliance, risk, fraud, business continuity, etc it is vital that risk management framework is structured yet agile.
In conclusion, there are a plethora of crimes known to increase during and after a crisis. The key is for institutions not to consider fraud and money laundering independently. Instead, converge the approach to fighting these twin crime towers.