While traditional casinos can provide criminals with an avenue to convert physical “dirty” cash into casino chips, online gambling presents different types of money laundering risks due to increased levels of anonymity. This article details the financial red flags compliance staff should be aware of, alongside best practices for mitigating these risks.

Money laundering risks in online gambling

Recognizing red flag behaviors and activities in online gambling transactions is essential for firms to mitigate financial crime risks effectively. By understanding these indicators, firms can fine-tune their systems to align with their risk appetite and address the challenges online gambling poses within their industry and jurisdiction. Some key money laundering risks in online gambling include:

• Anonymity: One of the primary risks associated with online gambling is the anonymity it affords users. Unlike traditional casinos that require face-to-face interactions, online platforms allow users to gamble with minimal personal information. Criminals exploit this by using stolen credit cards, fake identities, or cryptocurrencies to place bets and withdraw their “winnings,” effectively laundering their illegally obtained money.
• Multiple accounts and cross-border transactions: Online gambling sites often permit the creation of multiple accounts, which criminals can use to transfer money between accounts to obfuscate the origin of the funds. Additionally, the global nature of online gambling allows for cross-border transactions, further complicating efforts to trace illicit funds. These features make it difficult for regulators and financial institutions (FIs) to effectively track and prevent money laundering activities.
• The free flow of funds: Much like traditional casinos, where money flows freely and transactions are numerous, online gambling platforms facilitate the movement of large sums of money. This environment makes it easier for criminals to integrate their dirty money into the legitimate financial system. By placing bets and withdrawing winnings, they can make it appear as though their funds come from legitimate gambling activities.
• Regulatory challenges: The regulation of online gambling varies widely across different jurisdictions, creating challenges for authorities attempting to combat money laundering. Some countries have stringent regulations and robust monitoring systems (e.g., China), while others have more relaxed approaches (e.g., Malta). This inconsistency can create loopholes that criminals exploit to launder money through online gambling platforms.

Money laundering schemes in online gambling 

Bad actors can exploit online gambling platforms at each of the three stages of money laundering:

1. Placement: Illicit funds are introduced into the financial system by depositing money into gambling accounts using methods such as credit/debit cards, cryptocurrencies, prepaid cards, and checks.
2. Layering: The source of the funds (SoF) is disguised through complex transactions involving multiple bets, transfers, and withdrawals within the gambling platform, making it difficult to trace the money’s origin.
3. Integration: The laundered funds are withdrawn or used for legitimate transactions, which can include purchasing assets or transferring money to other accounts, effectively merging illicit funds with legitimate ones.
   

Understanding these stages can help identify some of the common schemes fraudsters use to launder money through online gambling platforms. Key methods to be aware of include:

• Smurfing: Breaking down large sums into smaller, less noticeable transactions to evade detection.
• Coordinated betting: Placing bets with deposited funds, colluding with other players, and making coordinated bets to obscure the money’s origin.
• Chip dumping: Intentionally losing chips to another player at an online poker table to transfer funds covertly.
• Player-to-player transfers: Using gambling accounts to facilitate illegal transactions between parties through direct transfers.
• Gnoming: Utilizing multiple accounts to help one player win and another lose in head-to-head games.
• Concealment: Hiding illicit funds in gambling accounts without immediate withdrawal, using the same anonymous banking method for future retrieval.

AML regulations for online gambling

In the US, online gambling falls under federal and state jurisdiction, with laws like the Wire Act governing interstate betting and payment processing. However, the Financial Crimes Enforcement Network (FinCEN) does expect online casinos to have the same robust Bank Secrecy Act (BSA) and AML programs as traditional brick-and-mortar casinos. In fact, in June 2021, FinCEN issued its first government-wide priorities for AML and countering the financing of terrorism (CFT) policy pursuant to Section 5318(h)(4)(A) of the BSA. The regulator’s new policy identified eight national priorities for all bank and non-bank FIs covered by the BSA, including online gambling establishments, that must be incorporated into existing BSA/AML programs. The eight priorities include:

1. Corruption
2. Cybercrime
3. Foreign and domestic terrorist financing
4. Fraud
5. Transnational criminal organization activity
6. Drug trafficking organization activity
7. Human trafficking and human smuggling
8. Proliferation financing

Meanwhile, the EU lacks unified gambling legislation, with member states like France, Italy, and Spain each governing their regulations at the national level. These entities enforce licensing, consumer protection, and anti-fraud measures.

In the UK, the Gambling Commission oversees online gambling regulation, ensuring compliance with laws like the Gambling Act 2005. Specifically, all operators must comply with the following:

• The Proceeds of Crime Act 2002 (POCA).
• The Terrorism Act 2000. 
• The Gambling Act 2005. 

Penalties for non-compliance

The UK’s Gambling Commission has the authority to issue fines for breaches of the Gambling Act 2005. These fines can range from a percentage of annual revenue to substantial fixed penalties, depending on the severity of the violation – non-compliant operators may face license suspension or cancellation.

Similarly, in the EU, member states enforce penalties for non-compliance with gambling regulations. For example, under France’s Autorité de Régulation des Jeux En Ligne (ARJEL), operators can face fines of up to €30,000 for violating licensing conditions or regulatory requirements. Repeated offenses may lead to higher fines or even license suspension or cancellation.

In the USA, penalties for failing to comply with online gambling regulations vary at both the federal and state levels. Under the Unlawful Internet Gambling Enforcement Act (UIGEA), FIs can face civil penalties for processing illegal gambling transactions, with fines reaching up to $1 million per violation. Operators may also face prosecution under state-specific laws, such as New Jersey’s Casino Control Act, which imposes fines of up to $200,000 for each regulatory violation. Regarding BSA violations, the US government imposes statutory penalties – which can range from $10,000 dollars for record-keeping violations to over $200,000 for more serious infractions. 

Money laundering red flags in online gambling

By recognizing financial red flag indicators about online gambling money laundering, firms can develop and implement specific rule sets and monitoring systems to identify and mitigate risks, ensuring they do not inadvertently facilitate illegal activities. Some of the most common indicators of potential money laundering in online gambling include:

• Unusual betting patterns: Players who consistently place large bets on low-risk games or matches may be attempting to launder funds by minimizing the risk of loss.
• Frequent and large transactions: Individuals making numerous substantial deposits or withdrawals within a short time frame could be moving illicit money through the platform.
• Funds originating from crypto: Gaming deposits originating from cryptocurrency, due to their pseudo-anonymous nature, can raise a red flag for potential money laundering. In February 2024, the UK Gambling Commission reminded operators that crypto-assets are considered high-risk, and licensees must appropriately scrutinize crypto transactions throughout customer and business relationships.
• Quick turnover: Depositing significant amounts and withdrawing them shortly afterward, without much gameplay, indicates an attempt to obscure the money’s origin.
• Multiple accounts and identities: Operating multiple accounts under different names or using various IP addresses can signify efforts to evade detection or circumvent transaction monitoring.
• Inconsistent behavior: Erratic gaming patterns that do not match deposit and withdrawal behaviors suggest the platform is being used as a conduit for illicit activity rather than for entertainment.

How can online gaming platforms mitigate money laundering risks?

While there are many risks associated with online gambling, FIs can bolster their defenses with the right application of diligence, software, and training. Outlined below are some best practices businesses should consider:

• Risk assessments: Ensure risk assessments align with the latest red flag indicators. This should include evaluating the risks associated with specific products and services, taking into account the user and the product’s functionality.
• Blockchain technology: Blockchain technology offers online gambling companies a transparent way to record transactions, providing an immutable ledger that can be audited for suspicious activities. 
• Staff training: Comprehensive staff training on AML procedures and regulations is critical for ensuring compliance and fostering a culture of vigilance within any organization. Regulations in 21 US jurisdictions mandate that online gaming operators must prepare and submit a plan for addressing responsible gaming issues, which must include employee training and public awareness efforts.

Detect money laundering with advanced AML solutions

Advanced AML solutions employ a mix of sophisticated techniques to help compliance teams effectively monitor and prevent illicit financial activities. At the core of these strategies is transaction monitoring, which scrutinizes financial transactions to spot suspicious activities. Utilizing cutting-edge machine learning algorithms, these systems can identify irregular patterns like significant transfers to offshore accounts, recurring high-value transactions, or movements inconsistent with a customer’s usual profile, triggering alerts for further investigation.

Customer screening is also vital as it aims to verify the identities of both new and existing customers against databases of known criminals, politically exposed persons (PEPs), and sanctioned individuals. This step is crucial for preventing high-risk individuals from using online gaming platforms for money laundering, helping firms mitigate the risk of non-compliance and protect their reputations in the market. 

The post Money laundering through online gambling appeared first on ComplyAdvantage.

This blog highlights the top fraud trends of 2024, and provides practical strategies firms can employ to efficiently mitigate risk.  

5 fraud trends in 2024

1. Synthetic identity fraud remains the most common form of identity theft.
2. The use of AI by fraudsters.
3. The rise in fraud-as-a-service.
4. Contactless fraud rises following innovations in the payments landscape.
5. Pig butchering emerges as a top payment threat.

1. Synthetic identity fraud remains the most common form of identity theft

In 2024, criminals are expected to continue exploiting weak IT protocols, setting up fake investment websites, targeting e-commerce businesses, and carrying out social engineering scams like phishing, smishing, and vishing. Synthetic identity fraud, which includes the use of stolen data, is predicted to remain the most common form of identity theft. 

According to analyst house The Aite Group (now Datos Insights), synthetic identity fraud represents 10-15 percent of charge-offs in an unsecured lending portfolio. With US consumers reportedly losing nearly $8.8 billion to identity theft and fraud scams in 2022, this number is estimated to reach $23 billion by 2030.  

2. The use of AI-based attack vectors

Artificial intelligence (AI) is increasingly being used by criminals to commit fraud, launch attacks against individuals and businesses, and illegally access the global financial system. In recent years, AI has been associated with inciting terror attacks, creating deepfakes for extortion, carrying out corporate espionage, and disseminating child sexual abuse material (CSAM). 

As AI technologies develop, experts predict criminals will increasingly utilize AI-enabled techniques like data poisoning, snake oil, burglar bots, online eviction, market bombing, fake recognition trickery, and forgery.

3. The rise in fraud-as-a-service

Once a criminal has found a use for AI, it can be easily shared, replicated, and sold, creating “crime-as-a-service” models. Fraud-as-a-service (FaaS) is one such model, where cybercriminals offer fraud-related tools and operations to individuals who do not have the technical expertise to commit fraud themselves. Instead of utilizing dark web marketplaces, scammers are increasingly relying on deep web messaging apps, like Telegram to maintain anonymity. In one scheme Telegram uncovered in 2021, cybercriminals received crypto payments in exchange for using stolen credit card details to purchase meals from various restaurants and have them delivered to the buyer’s location.

The alarming rise of FaaS has largely been attributed to criminal entities’ incorporation of generative AI (GenAI). GenAI’s ability to swiftly process vast amounts of data helps criminal groups gather information on potential targets with unprecedented speed. This accelerated reconnaissance enables cybercriminals to tailor their attacks more effectively, posing a heightened threat to individuals and financial institutions (FIs).

The State of Financial Crime 2024

Explore the trends shaping today's financial landscape and their implications for the year ahead.

Download your copy

4. Contactless fraud rises

According to Juniper Research, the number of people using contactless mobile payments will reach 1 billion by 2024, rising from 782 million in 2022. This includes tapping cards, smartphones, and digital wallets offered by providers such as GooglePay, ApplePay, and wearable devices. With the proliferation of devices with near-field communications (NFC) technology, the use of mobile phones for accepting payments is expected to keep growing. In fact, it is anticipated that by 2027, transactions associated with contactless payments will amount to $10 trillion.

However, with these innovations come more opportunities for criminals to exploit them for their financial gain. For example, in the UK, contactless fraud rose by 82 percent in 2023, card ID theft increased by 97 percent, and lost and stolen cards generated £100.2 million in losses.

5. Pig butchering emerges as a top payment threat

According to Visa’s Spring 2024 edition of its Biannual Threats Report, pig butchering scams have emerged as one of the top four payment threats against consumers. In these schemes, fraudsters search dating and social media sites for victims and create fake accounts to interact with them. The objective is to gain the victim’s trust and become their “lover” or “friend”. The scammer may even pretend to be a long-lost contact of the victim.

In 2023, the Federal Bureau of Investigation (FBI) saw over $3.5 billion of reported losses in relation to pig butchering, equating to around 40,000 victims. As GenAI and other emerging technologies develop, scams like pig butchering will become increasingly convincing, “leading to unprecedented losses for consumers,” according to Visa’s chief risk and client services officer. 

How to mitigate fraud risks in 2024

Legacy fraud solutions typically work on a reactive basis, responding after a crime has been committed. However, to effectively mitigate fraud risks in 2024, compliance teams need sophisticated tools that are proactive – while not negatively impacting the customer experience. Some practical risk mitigation strategies include:

1. Deploying a real-time fraud detection solution with prevention capabilities that can go beyond individual rules to comprehensive data analysis and identify suspicious patterns of behavior.
2. Using an AI-powered solution that provides alert prioritization, allowing higher-risk alerts to rise to the top for review and reduce time wasted on false positives.
3. Establishing clear, validated, and consistent fraud definitions, ensuring a solid understanding of common typologies and their red flags.
4. Intuitively setting fraud transaction monitoring thresholds based on an analysis of risk data.
5. Employing a risk-based approach built around payment flows, security, and customer profiles.
6. Conducting annual risk assessments to check all mitigating measures are completely set and in control. 
7. Integrating fraud and AML practices – siloed teams, while common, are more likely to miss potentially connected risk signals. 

Advanced fraud detection solutions for 2024

To address the growing threat of fraudulent activity in 2024 and beyond, firms can ensure their fraud detection solutions are capable of predicting future risks as well as identifying common scenarios. With ComplyAdvantage, companies can utilize dynamic thresholds that calibrate automatically and adapt to criminal behavior to beat fraudsters’ creativity. Moreover, the solution can provide analysts with the reason why each alert was created – not only improving alert rate quality but also contributing to a 40 percent increase in team efficiency and a 70 percent reduction in false positives. 

The post Top 5 fraud trends in 2024 and how to mitigate them appeared first on ComplyAdvantage.

The post Mythbusting AI for AML: Efficiency, explainability, and regulation appeared first on ComplyAdvantage.

In this article, our regulatory affairs experts forecast three top issues that will shape compliance leaders’ in-trays in the year ahead:

1. Rooting out terrorist financing will drive greater scrutiny of transaction flows and alternative payment mechanisms

The war in Gaza, ongoing unrest in Nigeria, coups in West and Central Africa, and the military junta in Myanmar demonstrate that watchlists aren’t enough to cut off funding for terrorists and uprisings. More needs to be done to identify and stop the financing pipelines that are supporting violent and repressive regimes around the globe. The Financial Action Task Force (FATF) and the United Nations have identified cryptocurrencies and crowdfunding platforms as key sectors terrorists use to raise money, increasing the likelihood of regulatory oversight in the new year.

“The crowdfunding sector has created a fast and easy way for members of the public to raise money for everything from worthy causes to medical treatments and dream vacations. Unfortunately, these same platforms are also being used to channel money to some of the biggest terrorist organizations around the globe. Tech and financial services companies need to step up their efforts to accurately identify their customers and confirm where their money is really going,” said Alia Mahmud, Global Regulatory Affairs Practice Lead for ComplyAdvantage.

2. AI will move sanctions enforcement beyond watchlist screening to identify risk signals in the sanctioned individual’s network

Sanctions are one of the best tools governments have to deter financial bad actors, but enforcement needs to move beyond watchlist screening to implement enforcement based on connected risk signals. With ongoing conflicts in the Middle East and Ukraine, policymakers will re-examine the efficacy of their sanctions programs to increase the pressure on persons and entities connected to sanctioned officials who may be enabling them to evade restrictions. By looking at risk data points collectively – identity, business associations, transaction activity – banks and other financial institutions can identify a strong risk signal of suspicious activity. Solving financial crime isn’t just a screening problem; it is a network problem, and regulators will expect companies to leverage new technologies to treat it as such.

“With unlimited time and resources, financial institutions could uncover any and all risky connections a sanctioned person has. But that’s not realistic. Artificial intelligence (AI) combined with rich data, graph analytics, and oversight has the potential to create a defense network that would give sanctions the teeth to cut off the money that funds terrorists, wars, human trafficking, and other crimes,” continued Mahmud.

3. Discussion about AI will shift to managing bias, modeling, and transparency

The benefits AI brings to fraud and AML risk detection were such a focus in 2023 that adoption has grown significantly. As this continues through 2024, the conversation will shift to how and where these models are used, emphasizing training and transparency.   

“As we head into 2024, the question is no longer if companies invest in AI, but what kinds of skills their analysts need to ensure that the models they use are effective and that they can justify decisions that they make to auditors,” said Iain Armstrong, Regulatory Affairs Practice Lead for ComplyAdvantage. “Key skillsets such as data preprocessing, model performance monitoring and optimization, and experience in automated decision-making strategies will be in demand. Staff in existing anti-financial crime roles will benefit massively from gaining a base-level understanding of machine learning and AI. Companies that invest in staff training in this area will reap the dividends.”

The State of Financial Crime 2024

Download our roadmap for the year ahead, built on a survey of 600 financial crime leaders and insights from our regulatory affairs experts.

Download now

The post 2024 financial crime predictions: From international conflict to emerging technologies appeared first on ComplyAdvantage.

What is fraud prevention?

Fraud prevention refers to a firm’s policies, functions, and processes that keep fraud from occurring. No fraud prevention strategy is foolproof, but firms can focus on preventing the types of fraud they’re most at risk for. This will ensure they use their resources most effectively. To do this well, they can implement regular risk assessments to ensure their framework is based on realistic risks.

The difference between fraud prevention and detection

Fraud prevention and detection are complementary strategies to reduce fraudulent activity and losses. Fraud detection identifies fraudulent activity that has occurred or been attempted. It responds to an existing threat. With fraud prevention, firms implement policies and safeguards that make it harder for criminals to commit fraud. Examples include:

• Employee and customer screening.
• Customer education.
• Customers can activate card freezing and similar protections if their account is compromised.
• Transaction screening.

5 tips on how to prevent fraud

Even though a thorough fraud prevention strategy must be tailored to a firm’s unique risks, there are several facets that every firm should consider.

1. Conduct an enterprise-wide risk assessment (EWRA)

Effective fraud prevention programs must be risk-based. This entails performing regularly-updated EWRAs that analyze fraud risks based on a firm’s unique context. An up-to-date EWRA will help a firm focus on the fraud risks relevant to its operations and avoid wasted resources on low-risk typologies for their business and sector. Armed with a comprehensive understanding of its true risk, the firm can consider its risk appetite. Since risk can never be completely eliminated, a risk appetite considers a realistic and effective level of risk control that enables reasonable business to continue. 

To effectively apply its individualized risk assessment, a firm should create controls addressing its residual risk – what lies beyond the firm’s risk appetite. Specifically, fraud risks should be controlled in light of the overall risk profile, including other risky behaviors and typologies. Traditionally, firms have viewed fraud prevention as part of a process primarily aimed at reducing loss to the company and maintaining positive customer service. While these are important fraud detection and prevention aspects, they are not the whole picture. As a predicate offense to money laundering, fraud is often tied to broader criminal activity, from other predicate crimes such as wildlife and drug trafficking to money laundering and terrorist financing. To effectively combat fraud, firms must understand it in its entire context rather than viewing fraud events as isolated incidents.

All too often, fraud and AML teams operate in siloes. Yet both departments have access to information that could significantly improve the firm’s overall understanding and mitigation of its risks. For example, money laundering patterns could lead back to fraud as their source, alerting a firm to risks they may not have adequately prevented. This, in turn, could lead to better fraud prevention – and detection should activity slip through the cracks. 

2. Strengthen internal controls

Firms should take stock of their business operations in light of their updated EWRA and risk appetite. Because the risk a firm faces depends on its unique activities and structure, it is impossible to give a universally exhaustive list of necessary controls and policies. The firm must ultimately determine this as appropriate to its own operations and obligations. That said, risk-based controls and policies will share several features in common.

Internal fraud prevention

Employees can use their access to fraudulently benefit themselves or others. In more serious scenarios, those higher up in a firm can use it as a front to perpetuate their own illegal activity, which could include theft, money laundering, bribery, and terrorist financing. 

In dealing with sensitive financial information, firms should ensure they understand which duties are incompatible, meaning different people should hold them and have strictly controlled access to relevant information. This is a basic necessity for the prevention of internal fraud. According to accountants Alexander Aronson Finning CPAs, four categories should never be held by the same personnel:

• Authorization or approval. 
• Custody of assets. 
• Recording transactions. 
• Reconciliation/control activity.

External fraud prevention

Firms must ensure customers are protected from exploitation by fraudsters and that fraudsters do not open and use their accounts to perpetrate fraud. This latter scenario can cross into anti-money laundering (AML), as the two can easily overlap when the fraudster is the account owner. Policies should include processes and roles that help to mitigate this risk in line with a firm’s most recent EWRA.

Thorough documentation of processes and roles is essential to ensure the fraud prevention program aligns with risks, strategizes for the right functions and resources, and complies with any applicable laws, such as those regulating the handling of sensitive information. It’s also necessary for proper segregation of duties. Finally, it will provide a clear baseline to measure against when auditing a fraud prevention program for effectiveness.

3. Create a fraud prevention culture

No fraud prevention program will be effective if it does not permeate the firm. This means everyone should be aware of the risks associated with internal fraud and trained in basic security measures to prevent it. 

Training

Knowledgeable, well-trained staff are crucial to a well-designed fraud prevention program. Aside from hiring capable individuals, the individualized nature of each firm’s risk requires regular training. Even veteran fraud professionals will not be familiar with a firm’s unique risk landscape without continual updates. Training should be updated to align with a firm’s most recent EWRA and provide a holistic picture of fraud risks and compliance requirements.

Avoiding generic or rote programs can also help with retention and compliance. Effective training goes beyond imparting static knowledge or testing short-term memory. Instead, it practically orients fraud professionals and gives them a concrete understanding of how policies practically apply daily. Staff will then be better able to carry out more effective fraud prevention.

Anyone dealing with customer information – even if their role is not explicitly related to fraud – should be thoroughly trained to understand when customers may be at risk of exploitation. They should have a reliable chain of command to turn to when they suspect a customer may be especially vulnerable or getting scammed.

Sound governance

General awareness also needs to be supported by sound governance. To ensure fraud prevention policies, procedures, and roles are properly implemented, it’s important to soundly structure roles, from upper leadership to each team and its members. Although each governance model will be tailored to a firm’s unique risks, there are core features most programs should entail.

The three-lines-of-defense model is an industry-validated approach to governance in risk management. It provides a sound framework for firms as they determine the roles needed to respond to the risks uncovered by their tailored EWRA. PwC provides a helpful outline of what each line entails.

1. First line – These are the people in charge of the front-facing fraud prevention strategy and its associated processes. A well-developed first line should include an autonomous senior executive assigned to coordinate the strategy and processes for all first-line risk management, especially:
     •  Fraud strategy development and implementation.  •  Fraud analysis, investigation, recovery, and reporting. 

     •  Coordination between fraud prevention and related functions, especially cyber security, authentication, customer service, and broader financial crime risk management (including AML).

   This executive oversight should keep the fraud prevention and risk management function running smoothly. It should ensure all teams are working at their best with appropriate equipment and that the whole process is risk-based and integrates with wider risk management functions.

2. Second line – Those involved in the second line are responsible for establishing an objective, holistic, and well-structured picture of the company’s fraud risks. This is most reliably established through regularly updated EWRAs, which will look at financial crime risks within the context of the firm’s activities and regulatory requirements. Based on the risk profile established, this line of defense will also ensure adequate policies and procedures are in place.
   The second line of defense for fraud prevention will include the compliance team, overseeing the fraud prevention program’s compliance with company policy and, as applicable, any regulations such as privacy protection laws and any overlapping AML obligations.
3. Third line – Independent assessment and accountability are crucial to any effective risk management program. As such, the third line of defense helps hold both the first and second lines accountable by assessing the adequacy and effectiveness of their policies, procedures, and processes. This is done through internal auditing.

Firms are also well-advised to undertake third-party reviews of their risk management processes to ensure all three lines of defense are held accountable. 

4. Implement strong cybersecurity measures

Cybersecurity is key to ensuring a company’s sensitive data is not compromised, falling into the wrong hands and violating regulatory requirements. Every firm’s tech must have built-in cybersecurity measures. Firms should also train employees in basic cyber hygiene. This can prevent internal attacks such as unauthorized account access or spear phishing, where a fraudster poses as a trusted person to obtain money or sensitive information to be used in a fraudulent scheme.

Digital-native firms not operating bug bounty programs – incentive-based programs designed to stress test platforms for potential flaws – should also consider implementing them alongside frequently-scheduled pen testing exercises.

A dedicated information security team is key to effective cybersecurity. This team should be well-trained and knowledgeable in how their function can help prevent internal fraud. A firm’s fraud prevention governance policies should delineate their roles and responsibilities.

5. Establish a process for response in case of an incident

When an internal fraud incident occurs, it may be argued that the time for prevention is past. However, a swift and adequate response can help ensure the incident does not blow out of proportion. In line with their most recent risk assessment, firms should consider fraud scenarios for which they may be especially at risk. A response strategy can be outlined for each scenario and validated against industry practice. Such scenarios might include:

• Strategies for responding to an information security breach or hack.
• A chain of command and process to follow if an employee believes they’ve discovered evidence a colleague is committing fraud.

Using advanced tech: Emerging technologies for fraud prevention

The support of proper technology is increasingly vital to reliable risk management. For example, machine learning and artificial intelligence enable the detection of otherwise hidden risks. Firms can use this for fraud prevention in customer due diligence, deploying tools that implement natural language processing (NLP) for more effective adverse media checks at onboarding. 

ComplyAdvantage’s AI-powered transaction screening and monitoring solution, for example, can adapt to evolving fraud typologies, which can, in turn, help firms update their fraud prevention strategy to reflect the latest risks. Similarly, with Fraud Detection by ComplyAdvantage, firms can enhance their fraud prevention strategies as they leverage one of the most powerful machine learning models that not only detects fraud but also explains the reason why each alert was created.

Firms may consider how technology might empower anti-fraud teams to use their time and analytical capabilities better by reducing false positives and offering better insights. Even firms not yet ready for a technological overhaul can benefit from AI overlays that offer intelligent risk detection and alert prioritization to legacy platforms. Firms can also audit their existing tools to ensure they support a risk-based approach.

The post What is fraud prevention, and why is it important? appeared first on ComplyAdvantage.

“[I]llicit actors within the construction industry are using shell companies and other tactics to commit workers’ compensation fraud and avoid payroll taxes,” explained FinCEN Acting Director Himamauli Das. “Today’s Notice provides information that financial institutions can use to remain vigilant in monitoring, detecting, and reporting suspicious activity.”

The Fight Against Shell Companies and Organized Fraud

According to FinCEN, the notice aligns with its ongoing efforts to curb the use of shell companies to conceal illicit activity, as well as with the Anti-Money Laundering/Countering the Financing of Terrorism National Priorities.

In line with the Corporate Transparency Act, in 2022 FinCEN issued a final rule requiring most corporations, limited liability companies, and entities created or registered for business in the US to report their beneficial owners to the regulator. FinCEN expects this rule – effective January 2024 – to support the current notice’s objectives by discouraging the use of shell companies to conceal illegal activity by actors including:

• Oligarchs
• Kleptocrats
• Drug traffickers
• Human traffickers
• Illicit individuals in the construction sector

Notice Details: Typologies, Red Flags, and Reporting

Although the notice addresses all financial institutions, FinCEN notes that the type of fraud and tax evasion it deals with primarily affects banks and check cashers. The scheme is typically a two-part process involving workers’ compensation fraud followed by tax evasion. 

A criminal entity typically creates a shell company posing as a legitimate subcontracting business with just a few employees. It takes out a workers’ compensation policy for those employees. Meanwhile, the shell company contacts real subcontractors with a much larger number of employees. The subcontractors can give their employees discounted (and fraudulent) access to the shell company’s policy for a fee. 

It also helps the subcontractors avoid paying payroll tax. The subcontractors write checks to the shell company instead of their employees, thus concealing that they’re for payroll. The shell company then either obtains cash at a check casher or deposits the money into its company account before withdrawing it in bulk. It returns this money to the subcontractors, minus a small fee, so they can pay their employees under the table and avoid taxes.

The notice outlines several red flags for this typology, including:

• Construction company customers that are younger than a year, have little to no online presence, and specialize in one type of construction trade.
• A non-US citizen without prior construction history who opens an account in the name of a construction company.
• Despite receiving large volumes of client payments, the customer account shows no evidence of paying payroll taxes.
• The customer receives deposits outside the expected amount for their account type, all from other construction companies and in multiple states.

The notice also reminds firms of their reporting requirements and information-sharing protections under the Bank Secrecy Act (BSA) and the USA Patriot Act section 314(b). Instructions on pages 7-9 of the notice include:

• An overview of suspicious activity reporting (SAR) requirements.
• Other BSA reporting requirements, such as currency transaction reports (CTR) and Form 8300 filing.
• A reminder of the information-sharing safe harbor under the Patriot Act.

Next Steps for Firms

Firms – especially banks and check-cashing institutions – may want to study the notice in greater detail to familiarize themselves with red flags for construction industry tax evasion and workers’ compensation fraud. 

To ensure they remain abreast of FinCEN’s most current guidance and requirements, firms can sign up for updates from the regulator.

The notice asks firms to report current information on payroll fraud-related activity to their local tax authorities or the closest IRS CI field office. For reports of information related to workers’ compensation fraud, wire fraud, or labor exploitation, contact Homeland Security Investigations at 1-866-347-2423.

The post FinCEN Seeks Data from Financial Institutions to Curb Construction Sector Fraud & Tax Evasion appeared first on ComplyAdvantage.

According to Chris Hemsley, Managing Director at the PSR, “The two aspects we’re consulting on now will help to strike the right balance between encouraging people to be careful when making payments, while ensuring they have confidence in knowing they’ll be better protected if they do fall victim to fraud.” The changes also seek to encourage firms to invest in helping customers.

The PSR invites industry professionals to contribute their views by September 12, 2023 on the rule’s provisions for consumer responsibility, as well as reimbursement maximums and claim excess.

Reimbursement Rule Requirements

The reimbursement rule targets APP fraud, which tricks victims into sending funds to a fraudster posing as a legitimate recipient. This can occur through the impersonation of a legitimate financial institution or fraudulent sellers who never deliver purchased goods.

According to PSR, the rule will:

• Require firms to reimburse most customers victimized by APP fraud.
• Split reimbursement costs equally between sending and receiving payment institutions.
• Add more protections for vulnerable customers.

When the rule comes into force in 2024, it will apply to firms including payment service providers (PSPs) and focus additional consumer protections on faster payments. Among other things, the document detailing the rule explains: 

• Which customers qualify for reimbursement. 
• Exceptions when firms don’t have to issue a reimbursement – generally, when the customer has acted fraudulently or negligently.
• Time limits for the requirement. 

Approval of the Financial Services and Markets Bill, expected this year, will provide the PSR with the authority to require firms to reimburse customers.

Industry Views Sought in Consultations

Through the consultations, the PSR seeks industry feedback on: 

• The regulator’s proposed approach to consumer responsibility (the consumer standard of caution).
• Its reimbursement limit proposal.
• The best way to structure claim excess – the amount a victim would have to cover in case of a reimbursement.

Consumer Standard of Caution Consultation

According to the PSR’s proposed standard, customers must meet three basic responsibilities to be eligible for reimbursement in the case of APP fraud:

• Pay attention to warnings – If the PSP gives the customer a specific warning before a transaction occurs that the recipient is probably a fraudster, the customer must take it into account.
• Report the scam promptly – A customer victimized by APP fraud must notify their PSP promptly, and within13 months.
• Share information – The customer must comply with their PSP’s reasonable request for information to allow them to assess the situation accurately and prevent unnecessary losses.

A customer shown to have failed in this standard of care through gross negligence would forfeit their right to reimbursement. However, the burden of proof would remain with the PSP.

Maximum Reimbursement and Claim Excess Consultation

Excluding vulnerable victims, the regulator has acknowledged firms’ right to levy a claim excess as encouragement for customers to conduct responsible transactions. The consultation invites views on the excess – including deciding factors and the most effective value structure, which could be fixed or a percentage.

The PSR also requests industry feedback on the proposed reimbursement limit of £415,000, which would match the current ombudsman service limit.

How Firms Can Respond

Firms in the payments industry – especially banks and PSPs – are encouraged to study the consultations in-depth and contribute their views on the outlined proposals. This will help the PSR ensure its policy reflects industry realities. It will also help firms become familiar with the details of their upcoming reimbursement obligations to customers.

Firms may also want to review their fraud and loss prevention processes to ensure they are taking vulnerable customer groups into account. This should include robust customer education and timely warnings to customers suspected of vulnerability to a scam.

The post UK PSR Invites Industry Feedback on APP Fraud Reimbursement Rule appeared first on ComplyAdvantage.