Fighting Financial Crime | Standard Chartered

Cybersecurity threats are much closer than you think

Invisible author — Mon, 17 Jun 2019 01:00:58 +0000

As cybersecurity threats continue to evolve, banks and financial institutions are constantly looking at ways to best tackle cybercrime. Every year, companies across all sectors experience cyberattacks. However, according to Dr Mary Aiken, a leading academic focused on the evolving interaction between information technology and human behaviour, the most damaging and continuously evolving security threat comes not from subversive outsiders, but trusted insiders: employees, business partners and contractors.

Insider threat is a notoriously difficult area to predict from a forensic profiling and risk management perspective, largely due to the complexity of motive and criminal intent. Understanding human motives when manifested in technology-mediated environments is of prime importance to tackling insider threat. Given that human behaviour can mutate or change in cyber contexts, it is essential for financial institutions to know their employees in a real-world context and to know who they are online.

Dr Mary Aiken, cyberpsychologist, academic advisor to the European Cyber Crime Centre (EC3) at Europol

Building and maintaining a strong and diverse risk culture

Everyone, from the board to the frontline, has an important role to play in mitigating insider threat. Apart from building and maintaining a strong security culture in which everyone takes security seriously, Cheri stresses that organisations also need to frame security “in the language of the business” so that it does not mistakenly get considered just a “technology issue”. Organisations cannot rely solely on technology or security professionals to keep data, assets and infrastructure safe. Instead, they must adopt a holistic approach that shows employees the benefits of behaving securely and the risks of failing to do so.

"Shared responsibility is a key theme in creating a strong culture in cybersecurity"

Cheri McGuire | Group Chief Information Security Officer

Diverse threats demand diverse solutions

In all organisations, it is important to attract talent from multidisciplinary areas. In cybersecurity specifically, diversity is essential, because of the wide variety of motivations and backgrounds among threat actors. Drawing on a diverse pool can bring a more well-rounded approach to critical thinking and problem solving. Employees with a natural aptitude in skills such as psychology, problem solving and communications can provide insight, perspectives and further advantages within cybersecurity teams.

On top of increasing diversity across cybersecurity teams, there is also room for greater collaboration between banks, financial institutions, agencies, regulatory authorities and academia to factor the human back into the cybersecurity equation. Currently, many institutions and agencies focus almost exclusively on analysing the technical and mechanical aspects of cybercrime and cybersecurity breaches – for example, dissecting malware and exploit tools, or analysing code and techniques – but few focus on social and psychological aspects of cybersecurity attacks, addressing the who and the why.

"More than 90 per cent of breaches can be attributed to successful phishing campaigns, therefore the ‘human endpoint’ arguably provides the highest security risk in any financial institution"

Dr Mary Aiken | Cyberpsychologist

Ultimately, the key is encouraging personal responsibility for cybersecurity, from making it easier to report phishing emails to improving employee awareness in all aspects of their work and home lives. Organisations need to ensure that every employee is aware of the day-to-day risks, is clear on their role in keeping client data secure, and how their actions and choices can mitigate, or increase, those risks.

To read the full interview, please download our Bankable Insights newsletter below.

This file opens in a new windowClick to download

To fight the illegal wildlife trade, we must disrupt its business model

David Fein — Wed, 10 Oct 2018 15:10:28 +0000

When it comes to the fight over illegal wildlife trade, the criminals have been winning. This brutal business has become the world's fourth most profitable criminal trafficking enterprise, generating revenues of between US$7bn and US$23bn a year.

Conservation gains are being reversed and species pushed to the edge of extinction. Tigers have become so rare that there are more of them living in US captivity than in the wild. The killing of rhinos for their horns has exploded. In 2006, 60 of them were killed on the African continent; now four are killed on average every day.

This has been exclusively a conservation issue for too long. Now banks are making it theirs. This week, more than 20 global financial institutions are coming together to form the Royal Foundation's United for Wildlife Financial Task Force, chaired by former UK foreign secretary William Hague. We want to bring to bear what we've learnt in tackling human trafficking and terrorist financing to take the fight to wildlife traders' doors.

Far-reaching effects

This illegal trafficking is not just a threat to biodiversity. It is a transnational organised crime with links to modern slavery, narcotics and the arms trade. It fuels corruption, impoverishes communities and inspires violence. It reaches from the savannahs of east Africa to the megapolises of east Asia.

The attraction for criminal gangs is obvious: the trade has high profit margins and a comparatively low risk of getting caught. We cannot seize and arrest our way out of the problem. If one shipment is stopped, another follows.

"We need to create a coalition of partners that gives law enforcement, regulators and banks the ability to spot patterns that no one can see alone"

We need to rethink our game plan. That means disrupting the business model. The Achilles heel of the illegal wildlife trade is the very thing that motivates it - the money. The need to move, store and realise proceeds gives governments and the financial sector the power to identify networks via their financial footprints and close the net.

Yet such trafficking has received barely any attention as a financial crime. According to the UN Office on Drugs and Crime, only 26 per cent of jurisdictions look at the finances behind the trade and a meagre 11 per cent investigate the wider criminal networks beyond poachers and couriers.

To crack down on the trafficking, we need to do three things

First, enable conservation activists to deliver intelligence right to the heart of the financial sector. Too little has been done to map the monetary flows, so the banking industry is not well enough attuned to the activity that courses through the system. A key first assignment for the task force will be to work with government and non-governmental organisations to develop a set of ‘red flags’ for the crime.

Second, banks must apply the armoury of tools that they use to fight other financial crimes. At Standard Chartered, we will be training bank branch tellers in source countries to spot the signs, making illegal wildlife trade a focus for our financial crime investigators, and enabling those efforts through new artificial intelligence and machine-learning tools. We are also sharing what we have learnt with our correspondent banking clients around the world.

Third, given the global nature of the trafficking, we need to create a broad, transnational coalition of partners that gives law enforcement, regulators and banks, working with not-for-profits, the ability to spot patterns that no one can see alone.

"We call on all financial institutions to join the UK Foreign Office's effort to end wildlife crime"

We also need to expand initiatives, like the one spearheaded by the UK's Royal United Services Institute, that strengthen the ability of law enforcement in key hotspots to use financial intelligence. That will help deliver the arrests, seizures and prosecutions needed to disrupt this activity.

We call on all financial institutions to join the UK Foreign Office's effort to end wildlife crime. Financial intelligence can have a transformative effect, not just for tracing and seizing assets but also for mapping criminal networks, tracking associations between people and ultimately proving cases in court.

This article was originally published by the Financial Times.

Illegal wildlife trafficking: it will take a network to defeat the networks

David Fein — Mon, 06 Aug 2018 11:24:59 +0000

If asked to name the most profitable organised crime predicates, most people would list drugs, human trafficking or the arms trade. Few would identify illegal wildlife trafficking, but recent estimates have put the global proceeds of this pernicious trade at around US$10-23 billion per annum, with wider links to other forms of organised crime, money laundering and corruption.

While the nature of this hidden crime makes it hard to be more precise, its impact is more quantifiable. International networks traffic illegally in wildlife to fill demand for so-called medicine, pets, ornaments and souvenirs, with a devastating impact on many endangered wildlife species, such as elephants, rhinos, tigers and the pangolin.

According to the WWF, it is estimated that between 35,000 and 50,000 African Elephants are poached each year, and there are more tigers in American backyards (estimated 5,000) than there are in the wild (estimated 3,200). Three rhinos are poached every day, and more than one million pangolins have been traded in the past 10 years.

"Illegal wildlife trades are tragedies in their own right, but they also have a wider impact on national and economic security"

According to the WWF, three rhinos are poached every day. We can play our part to stop illegal wildlife trafficking

These are tragedies in their own right, but this illegal trade also has a wider impact on the national and economic security of both the source and destination countries of the trade. According to a report by Chatham House, the trade “threatens the stability and security of societies involved at every point along the chain”. Evidence suggests that the trade erodes state authority and undermines the rule of law, through the corruption and violence associated with it; tragically, over 1,000 rangers have been killed in the past 10 years.

The economic impact is also disturbing. The trade deprives nations of development opportunities through the associated instability it causes and through the loss of lawful tourist income. All of this undermines the efforts of countries to safeguard their natural resources for future generations.

The combination of these environmental, social, human and economic costs demonstrates the need for urgent action. For too long this trade has been seen by the criminal perpetrators as low risk and high profit, in part because the trade was viewed as primarily an environmental issue rather than one requiring the type of response public, private and third sectors have offered to better known types of organised crime.

Different commodities, same system

While the commodities in illegal wildlife trade are unique (and often endangered), the methods used by the traffickers are not. The further we explore this issue, the more we see commonalities with the other organised crimes we are working in partnership across the globe to tackle.

The trade in illicit wildlife is facilitated by global networks of criminals who see it as just another means of creating profit alongside other illicit commodities. The trade overlaps with crimes such as weapons and drugs smuggling, through its transportation networks and use of corruption as tools of the trade. And like all proceeds-generating crimes, greed is its primary driver and finance its lifeblood. As with other proceeds-generating crime, finance is also its Achilles heel. The need to move, store and realise the proceeds of the trade provides a critical vulnerability.

Illegal wildlife trafficking is having a devastating impact on many endangered wildlife species

Due to the advocacy work of key sovereigns and NGOs, and the political impetus provided by the forthcoming UK Government Conference on Illegal Wildlife Trade, the need for robust action at a global level is being not only recognised but prioritised. And there is a growing recognition of the need to involve the private sector in the response, in particular the financial sector which, through existing anti-money laundering systems and processes, has a unique ability to root out suspicious activity in this trade.

As a global bank with a strong footprint in Eastern and Southern Africa and China and Southeast Asia (the leading source and demand countries), we recognise the role we have to play as part of a coalition of government, law enforcement, private sector and NGO stakeholders. We are actively working with a range of partners to increase our own and the industry’s understanding of the financial flows associated with the illegal wildlife trade and thereby grow the role that financial institutions play in tackling it.

Partnerships for protection

We are honoured to be working with The Royal Foundation through their conservation programme, United for Wildlife, and a number of other partners in forming the IWT-Financial Taskforce, which aims, among other things, to deliver conservation intelligence to the financial sector. As Vice-Chair of the taskforce I will be working with partners across the financial sector to lead the sector’s contribution to solving this problem.

"Optimising partnerships within banking and between the public and private sectors is essential to helping reverse the human-led decline of protected species"

We also support the Royal United Services Institute (RUSI) in delivering a programme of awareness raising to financial institutions, financial intelligence units and law enforcement in Africa, and we are building and delivering content for our Correspondent Banking Academy initiative in relevant markets.

By raising awareness and providing information, we increase vigilance. By increasing vigilance, we increase the leads available to law enforcement and others to disrupt and prevent the trade.

All of this is a starting point in the battle to reverse the human-led decline of many protected species. But more is needed if we are to turn words into action. Increasing, expanding and optimising partnerships within the industry and between the public and private sectors is essential. As is supporting under-resourced law enforcement agencies in source countries and destination markets with time-critical intelligence. To paraphrase a famous military quote, it takes a network to defeat a network, and we are excited to be part of the building of this network.

Fighting financial crime: why 2018 must be a breakthrough year

Bill Winters — Mon, 14 May 2018 08:56:42 +0000

The criminals are no longer simply winning when it comes to money laundering; they’re harnessing a growing arsenal of digital capabilities to completely change the game.

Despite important steps forward, less than 1 per cent of the estimated more than USD1 trillion of illicit funds that flow through the financial system each year is frozen or confiscated. The rapid diffusion of cyber capabilities in the criminal underworld will make the fight even more challenging.

Criminal use of cyber tools and channels is on the increase. Moreover, it is becoming even easier for conventional gangs to access specialist expertise, with cyber-crime increasingly being offered as a service.

This means you don’t have to be a hacker, you can hire one; you don’t have to own a network of mule accounts to covertly move money around the system, you can just ‘pay-as-you-flow’. This trend is escalating and gives organised criminal groups access to a vast and growing treasure trove of ways to exploit the system and reduce their own risk, with the weakest brick in the wall being the target entry point for access.

Why it takes more than money

Banks have been redoubling efforts to meet these challenges, spending billions of dollars annually on anti-money laundering and counter-terrorist finance. Since 2012, our bank has seen a nearly ten-fold increase in annual financial crime compliance (FCC) spending, and over seven-fold increase in FCC headcount. While these investments have vastly improved our defences, it’s becoming clear that throwing money at the problem alone isn’t enough to solve it; we need better ideas.

" Of the thousands of Suspicious Activity Reports generated, Europol estimates that no more than 10 per cent are likely considered useful to law enforcement"

Bill Winters Group Chief Executive

I see three big areas of focus for us this year that could offer a breakthrough in how we fight financial crime.

Raising technology game

First, our industry needs to raise its technology game. When it comes to financial crime, our industry’s alert systems deliver 99 per cent false positives. Of the thousands of Suspicious Activity Reports generated from that 1 per cent, Europol estimates that no more than 10 per cent are likely considered useful to law enforcement.

Counterintuitively, getting this right could mean gathering more data, not less. New machine-learning technologies can enable banks to evaluate vast quantities of data quickly and to fine tune our financial crime surveillance tools, freeing up more bandwidth for experts to investigate truly suspicious behavioural and transactional patterns. Regulatory support will be crucial for taking these innovations to the scale and at the pace required to drive real change. As these new tools are developed, it’s essential that banks and regulators work closely to build the trust necessary to break new ground.

Breaking down silos

Second, the intersection of cyber-crime and financial crime requires special focus. Conventionally siloed specialist disciplines across cyber and financial crime must be joined. At Standard Chartered, this is being spearheaded in the US by an integrated ‘CyFi’ Intelligence unit. We are forging public partnerships with US and UK law enforcement and developing powerful new cyber weapons of our own: from virtual currency mapping, uncovering bad actors attempting to breach the financial system’s conventional defences, to new abilities in profiling, based on the digital fingerprints and footprints criminals leave behind.

More partnerships are crucial

Third, we need to scale and connect the partnerships being developed between governments and the financial system. For criminals, this is international business – arguably the most profitable in the world – and any single bank or government agency only sees a fragment of the picture. That’s why the new information-sharing partnerships on financial crime being seeded around the world are vital. They are producing breakthroughs that would have been impossible only a few years ago. Yet we’ll only reach a tipping point when all major financial centres adopt legislation which allows financial information sharing to happen at scale and speed with appropriate safeguards. For there to be success, we need governments to prioritise these types of meaningful, outcome-oriented partnerships.

"Ultimately, trust will create the enabling conditions to break new ground"

Bill Winters Group Chief Executive

The people, technology, frameworks and shared ambition are in place in banks and across the system to make 2018 a pivotal year in transforming the fight against financial crime. But ultimately it is trust that will create the enabling conditions to break new ground and achieve results that haven’t been realised before.

A version of this article first appeared in the Financial Times on 13 May 2018.

Fighting financial crime

Learn how we’re making the financial system a hostile environment for criminals and terrorists

Find out more

Tackling human trafficking in the supply chain

Invisible author — Sun, 01 Apr 2018 14:02:52 +0000

Two of our teams in charge of helping tackle human trafficking spoke with RESPECT – the Responsible and Ethical Private Sector Coalition against Trafficking – about how we're tacking the insidious crime. Below is their interview in full.

What do our Environmental and Social Risk Management and Financial Crime teams do to help tackle human trafficking?

The biggest impact we have is through the business we finance’, recognises Standard Chartered’s position statements, which set out the environmental and social expectations the bank has for its clients. The Environmental and Social Risk Management (ESRM) and Financial Crime Compliance (FCC) teams play a pivotal role in ensuring that Standard Chartered manages this impact in order to fulfil its brand promise – ‘Here for good’.

The Environmental and Social Risk Management Team ensures the bank’s financing decisions are in accordance with its position statements which set out the environmental and social standards it adheres to. These apply globally and across industries, although the team apply a scaled approach dependent on the client, and focus predominantly on Corporate & Institutional Banking (CIB).

In the context of human trafficking, the Financial Crime Compliance team seeks to understand how the illicit proceeds of human trafficking present a threat to the bank, and how this threat manifests as risk in different types of clients. The team then proactively investigates this risk.

We work with Governments, NGOs and other policy makers to deepen the understanding of how human rights violations can pose a risk to business, and to build partnerships which improve the quality of life for victims of crime, particularly where those victims might be linked to its customers or live in communities where it has a significant presence.

How do you conduct human trafficking due diligence?

We are bound by the UK Modern Slavery Act, and publishes an annual Modern Slavery Statement on its website. A key initiative the bank points to in this statement is revising contract templates for all new suppliers to include express obligations to address modern slavery in their supply chains, including revising contracts with high value suppliers to include specific obligations to address modern slavery in their supply chains.

Our newly revised Supplier Charter sets out the principles and behavioural standards which it requires suppliers and their approved subcontractors to adhere to, and guides the questions posed to suppliers at on-boarding. This charter includes questions derived from International Labour Organization conventions and seeks to identify what safeguards clients have in place to mitigate the risk of human rights violations in their supply chains. This set of questions is asked on-boarding of new suppliers which have gone through a tender process. Standard Chartered also conducts periodic screening of all its suppliers to check for adverse media related to Modern Slavery.

2018 sees the start of a wider Supply Chain Management programme to embed Third Party Risk into its supplier processes. The bank will be using automation to help define which suppliers are considered high risk based on geography and category, and will have procedures in place on how high risk suppliers should be managed.

We're also subject to statutory ongoing obligations to monitor transactions to identify whether there is any indication that the client is involved in criminal activity, and report any suspicions to the authorities. As the bank is legally required to monitor the handling of illegal proceeds, and human trafficking is a predicate offence which generates illegal proceeds, it has a legal obligation to look for proceeds of human trafficking.

We use a number of international standards to shape its policy in relation to its own, and its clients’, respect for human rights (set out in full in its Human Rights Position Statement) These include the following sector specific standards: (i) Thun Group of Banks – The Guiding Principles: an interpretation for banks; and (ii) International Finance Corporation (IFC) Performance Standards.

In addition, the bank has signed up to the UK Living Wage charter, to help promote fair pay across its workforce and its suppliers and is taking steps to ensure all staff across its 63 markets are paid a living wage.

What are the key challenges in mitigating the risk of human trafficking?

The privacy obligations under which banks operate can make investigations difficult. Privacy concerns in some countries can prevent us from sharing information regarding suspicious behaviour with other financial institutions. Where transactions to a Standard Chartered account are part of a chain of transactions, some with other financial institutions, it can be difficult to piece together a complete picture as the bank cannot speak with the other banks in the chain.

A further complication is posed by the fact that it can only share information about suspicious activities with the authorities of the jurisdiction in which the relevant activity has taken place. Where the suspicious activity takes place in more than one jurisdiction, as in the case of cross-border rings, we are required to break the story down into chapters, deliver each to the authorities of the relevant country and hope that they can spot the need to liaise with the authorities of other countries. In some situations, there may be insufficient evidence to prosecute in one jurisdiction alone, meaning that if the authorities do not identify the cross-border links the investigation may fail. This need to deconstruct investigations by jurisdiction in order to report suspicions to national authorities, and the need to rely on authorities to reconstruct the full picture, is a significant inhibitor in concluding transnational investigations.

Further, it can be difficult for the bank to determine the predicate crime triggering the suspicious transactions it has identified. As Standard Chartered analyses the proceeds of crime, it can be hard to distinguish the predicate crime. It is thus key for the bank to develop an in-depth understanding of the different ways in which proceeds of crime behave dependent on the base crime, and how these proceeds move in different jurisdictions. Even where the predicate crime is the same, it is important to grasp the varying forms such crimes can take. In the case of human trafficking, the indicators of labour exploitation in an agricultural context differ significantly from those suggesting sexual exploitation – seeking to find the same indicators in each context is unlikely to be successful. We must appreciate the different ways in which these crimes manifest themselves, and translate this understanding into an ability to track such indicators through movements and flows in account behaviour.

How do you work with NGOs to tackle the problem?

We're currently working with an NGO to develop a debriefing model, including a series of questions related to financial activity, for the NGO to pose to human trafficking or modern slavery victims it comes into contact with. This will help it understand at what point and through which processes money has changed hands between victim and criminal group, and explore how such transfers can be spotted in a bank account. Understanding how money behaves in these crimes is beneficial to both banks and law enforcement.

A pilot modern slavery risk assessment with key suppliers seeks to understand the risk landscape from both a UK and global perspective. Given that certain jurisdictions and sectors present higher risk, we're segmenting our supplier base in order to conduct this analysis. This seeks to enhance its ability to identify risks, and mitigate them by adopting controls in it supply chain.

We're designing a training package for frontline staff in jurisdictions which pose a high risk of human trafficking. In many of these jurisdictions, the bank/client relationship continues to be intensely personal – most transactions take place face to face and deposits and withdrawals are primarily undertaken over the counter. The training focusses on identifying behavioural indicators which suggest a client may be a victim of human trafficking, and ensuring all staff are empowered to escalate concerns. This training will target staff working in branches, relationship managers and other personnel who may visit the relevant client’s business at some stage in the relationship. It seeks to complement the red flag training already embedded within the financial crime teams, and ensure staff at all contact points between client and bank are sufficiently informed to identify irregularities.

Standard Chartered is part of the European Bankers Alliance Against Trafficking, launched in 2015 by a number of leading financial institutions in Europe. These institutions are pooling resources to refine their expertise in using financial data to identify irregular banking transactions that could identify criminal activity.

This article first appeared on the RESPECT’s website. RESPECT is an initiative founded by theGlobal Initiative, Babson College’s Initiative on Human Trafficking and Modern Slavery and IOM

Standing on the frontline of the fight against financial crime

Gay Huey Evans — Sun, 01 Apr 2018 01:00:58 +0000

The words ‘financial crime’ do not do justice to the real-world, human impacts of this issue. What they mean is how, through money laundering and terrorist finance, the financial system can act as the lifeblood of some of today’s most damaging crimes; from human trafficking to terrorism, the drug trade to corruption.

As a global trade bank, Standard Chartered stands on the frontline of the fight against financial crime. It is our ambition to make the financial system a more hostile and unforgiving environment for criminals and terrorists by working in common cause with others who have a stake in the solution. That is imperative to protect our clients, the communities in which we operate and ultimately the integrity of the financial system.

No longer falling short

We recognise that, at times, our past efforts to prevent financial crime fell short. We are working hard right across the Bank to transform our approach to tackling financial crime, and a key part of the Bank’s response is the Board Financial Crime Risk Committee, which plays three important roles:

Firstly, to oversee the progress being made by the Bank in meeting the objectives of its strategic, multi-year remediation programmes. This is a continual journey, and in April 2017, the New York State Department of Financial Services noted that the Group has made “substantial progress” towards remediating past issues, and that the Group remains “fully committed” to finishing the job.

Secondly, as the financial crime landscape continues to rapidly evolve, the Committee’s role has shifted over the last year from one focused primarily on oversight of remediation activities to one involving a bigger role in threat assessment and preparedness. It is in that context that we have discussed the Group’s leading efforts to fight cyber-financial crime, as well as wider threats that the financial system faces.

I am pleased to say that the Group’s work is making an impact. In 2017, the Group identified and prevented criminal activity in a number of threat areas: intercepting monies derived from cyber-attacks, identifying networks of accounts suspected of human trafficking for the sex industry, likely terror funding posing as charitable efforts, and thwarting attempts to breach sanctions’ requirements.

Empowering employees

Thirdly, the Committee also supports the work of the Bank to continue to enhance its systems, processes and technology, and how the Bank works in partnership with clients, law enforcers and regulators. Central to this effort is the continuing importance of employee engagement with regard to the seriousness of financial crime risk and ensuring that they are empowered to make the right decisions, appropriately supported by training and specialist expertise.

When I travelled to Hong Kong, the US and Pakistan this year, I saw up close the awareness of the issues and how we are seeking to embed a meaningful response into the operations and mindset of the Group. It is clear to me that everyone in the Group has an important contribution to make – in 2018 and beyond.

Cracking the remittance challenge

David Howes — Mon, 05 Mar 2018 09:57:35 +0000

In many emerging economies, remittance payments are not simply a financial service; they are a financial lifeline. For millions of families who rely on remittances for large portions of their day-to-day costs, they are a critical source of income. For local businesses, flows from 150 million migrant workers underpin domestic consumption. And for the broader economy, they have come to represent a vital engine for growth and development. To put this into context, according to a report published by the IFC last year, remittances to developing countries account for more than three times foreign aid (US$432 billion in 2015) and close to 10 percent of GDP in one in five countries.

Access to remittance payments and Remittance Service Providers (RSPs) matters. But they also represent an elevated risk for financial crime. RSPs have been exploited by organised crime and terrorist organisations as conduits to move and launder money, and finance some of today’s most damaging crimes. The top three areas for fines are breaches of Sanctions requirements, Correspondent Banking, and RSP activity. Many global banks have responded by exiting – also known as ‘de-risking’ – customers in this space, and this has led to reduced access to banking for RSPs as well as correspondent banking remittances.

As a result, we have seen the cost of remittance flows rise, which in turn can push financial flows underground with potential adverse impacts on trade and economic stability. In one extreme case in a region where RSPs have been significantly de-risked, physical movement of cash (via ships) has become cheaper and easier than trying to access the international financial system. The number of ships used for this cash-in-transit, in some areas of the Pacific, outnumbers the local navy and so far, exceeds their ability to supervise it. And this physical movement of cash (and so transfer of value) reduces transparency and thus increases exposure to financial crime risk and exacerbates the challenge for developing economies.

This goes to a central tension between safeguarding financial inclusion and protecting the integrity of the financial system. Increasingly, larger RSPs are aware of the expectations of the banks and those leaders among them are defining compliance programmes consistent with standards in place among international banks. These include identification and verification of its clients, payments transparency, responsiveness to information requests, and the ability to restrict future transactions when put on notice

Driving a wedge

The challenge comes when smaller institutions don’t have the knowledge, capabilities or financial resources to meet essential regulatory standards designed to safeguard the system from abuse by criminals.

This is driving a wedge between those who have the capabilities, knowledge and skills to comply with standards and those who can’t, because they don’t. That’s why a fresh look at the problem is needed.

Recently I was invited to take part on behalf of the Wolfsberg Group in the Financial Stability Board’s Roundtable on Remittance Service Providers. There, I shared an example from a parallel de-risking challenge that has resulted in a decline in correspondent banking. As the leading bank in many of the emerging markets we serve, correspondent banking is in our DNA.

And so, over the past two years we have been pioneering a new approach to helping Respondent Banks who have the right intentions but not yet the right tools, knowledge or experience to build robust controls for financial crime risks. This has crystallised in a unique strategy called ‘De-Risking Through Education’. It comprises three elements: correspondent banking academies, regional workshops, and e-learning portals.

"Our approach offers a good blueprint for partnering with institutions in other sectors to drive commerce and prosperity within the regulatory frameworks designed to keep society safe"

So far over 3,600 participants from over 1,100 correspondent banks, across 71 countries, have taken part. We have experienced huge pull from national banks determined to strengthen their controls and keep pace with evolving threats. By involving our client relationship managers, the programme is transformed from being just another training session into an important part of our customer relationships.

Our approach offers a good blueprint for partnering with institutions in other sectors to drive commerce and prosperity within the regulatory frameworks designed to keep society safe.

Supporting NGOs and charities

We have already adapted the Correspondent Banking Academy model to the NGO and charity sector, and the learnings from these two programmes could provide the foundations for improving the financial crime compliance capabilities of RSPs.

I believe three additional things need to happen alongside strengthening RSPs’ capabilities to manage financial crime risk:

1. Payment transparency is necessary but not sufficient in and of itself. RSPs should be drawing on the standards set out in the opens in a new windowWolfsberg Payment Transparency Principles. Where on investigation, banks need a richer understanding of the profile, purpose, provenance, and destination of the transaction, RSPs should be responsive to information requests.

2. There needs to be agreement on what good standards look like – including creating greater alignment between national regulations and global standards. An analogue is the work of the Wolfsberg Group to create a unified Client Due Diligence questionnaire for respondent banks. In doing so, we need to ensure that the expectations of RSPs are reasonably attainable, that RSPs are given time to enhance their financial crime control frameworks, and help in understanding and in reaching these standards in a cost-effective manner. And countries with large concentrations of RSPs should ensure that their local regulations outline clearly expectations, which in turn should be aligned to global standards. It’s encouraging that the larger RSPs are working to develop an industry view on appropriate standards and the banking sector should engage with the RSPs on expectations.

3. Further work is required to achieve more effective supervision. Many regulators have increased focus on RSPs in order to drive control improvements over the past five years, but the perception and I think the reality remains that the due diligence banks undertake will be called into question when there are failures of an RSP irrespective of the fact that the RSP is subject to regulation in the same country as the bank. This remains a sector widely described by regulators as high-risk and that places on banks a set of expectations in relation to their controls.

In summary, to arrest the decline in access to banking for RSPs and the associated costs for remittances, there must be clear risk-based standards that are reasonably attainable, commitment by the RSPs themselves to meet these standards, improved supervision, capability building to attain those standards, and international regulatory support.

We can’t let the threat of terrorism halt the flow of aid money

Daniel Hanna — Tue, 14 Nov 2017 15:28:57 +0000

In a crisis, money matters: for water, food and shelter, for people fleeing war or famine, or for medical supplies in dealing with an epidemic. Yet getting money to the frontline when people are suffering is becoming harder.

The problem was highlighted when Ebola broke out in west Africa. At Standard Chartered, we handled cash transfers for many charities working in Sierra Leone as well as multilateral organisations like the UN. At the height of the crisis, Ebola infections were doubling every two weeks. Money needed to be moved quickly from central treasuries to aid workers on the ground.

We worked closely with development partners, regulators and local governments to ensure funding got through. But it wasn’t easy, and we wanted to move faster. Any kind of delay in these situations can be a matter of life and death.

Yet, as the world faces the most widespread humanitarian crisis since the Second World War, two-thirds of charities working internationally are experiencing difficulties sending money to where it is needed. This is not a new phenomenon. A 2015 report by the UK’s opens in a new window Charity Finance Group found that most charitable organisations encountered similar problems.

"A few rogue institutions are creating a perception that the charity sector is vulnerable to financial crime"

At the heart of this challenge are the unintended consequences of regulations designed to prevent terrorists and criminals from accessing the financial system.

Difficult decisions

While the vast majority of charities are well run and do legitimate and often life-saving work, a few rogue institutions are creating a perception that the sector is vulnerable to financial crime. The UK Charity Commission reported this year that the number of “allegations of abuse of charities for terrorist or extremist purposes” has trebled in just three years.

As a global institution that has banked charities and aid agencies for decades, we have faced extremely difficult decisions. In recent months, we have intervened to ensure a British charity could repair water pumping stations for clean water in Syria, and a non-profit could keep its educational operations going in Sudan.

Yet it is not always straightforward. Earlier this year, our compliance teams reviewed a request to transfer millions of dollars to a charity based in Iraq. The charity was not our client, but a customer of one of our correspondent banks making a payment through our network. The purpose was described as children’s clothing and medical supplies. On the face of it, the payments looked legitimate. The charity was not on any sanctions list. Yet further investigation suggested the organisation was probably supporting a terrorist group. We prevented the transfer, and alerted the authorities.

"Financial institutions must support clients who have the right intentions but not yet the right tools, knowledge or experience"

Faced with similar decisions, others in the financial industry have chosen to avoid risk by dropping charities as clients. This strategy, known as ‘de-risking’, may become necessary if clients or partners cannot comply with our standards or – for some institutions – if the hazards involved are deemed too great.

Preventing financial exclusion

After working in emerging markets for more than 150 years, we want to find a different way; we want to ensure the safety of the financial system and prevent financial exclusion.

Banks needs to continue investing and automating financial crime controls and compliance processes to make the financial system a hostile environment for criminals and terrorists. To prevent aid getting blocked, financial institutions also need to help the development community understand what regulators and banks expect when it comes to mitigating financial crime risks.

Education is vital: institutions must support clients who have the right intentions but not yet the right tools, knowledge or experience. Standard Chartered has actively supported this, partnering with the World Bank, InterAction and NGOs such as World Vision to launch the first financial crime risk management academy for charities, and making our internal compliance courses available to clients online for free.

"We are supporting efforts to create a database of compliance information to streamline banking requests"

In terms of practical solutions, the aid community is also doing its bit. World Vision has created an initiative that enables other charities to benefit from its risk management expertise. And we are supporting efforts to create a database of compliance information to streamline banking requests, and talking to regulators about how humanitarian aid can be disbursed to established charities more quickly during crises.

The Bank of England Governor, Mark Carney, recently warned the G20 that the number of banks de-risking was impacting developing economies. Fluctuating aid flows highlight the human cost of this trend, but we believe that when crisis strikes, banks, charities, and regulators are committed to finding new ways to get money where it is most needed.

This article first appeared on Guardian Global Development.

Cyber financial crime: the evolving challenge

Patricia Sullivan — Sat, 05 Aug 2017 08:57:40 +0000

Even in the constantly changing world of financial crime, the emergence of cyber-related financial crime as a major part of that world may seem sudden. One of the primary reasons for the rapid proliferation of cybercrime is the commercialization of cybercrime through the Cybercrime-as-a-Service (CaaS) model.

Just as the ‘as-a-service’ model has reduced costs, broadened access, and stoked innovation in the legitimate business world, CaaS has made the tools and infrastructure for cybercrime accessible to anyone.

"CaaS has made the tools and infrastructure for cybercrime accessible to anyone"

For criminals, CaaS offers access to all manner of digital resources needed to commit cybercrimes, such as malicious software (malware), botnets (networks of computers infected with malware), hacking specialists, databases of stolen personal information, penetration testing of potential targets, open-source research, and much more. (For more details on the CaaS offerings available on the dark web, check out our deep-dive on CaaS )

What level of damage are we talking about? Here is a recent example. In November 2016, the Avalanche network was taken down by a coalition of law enforcement agencies in 30 countries. Five individuals were arrested, two of whom are suspected of being the creators and administrators of the Avalanche CaaS offering. Cybercriminals using the services provided by Avalanche victimized over 500,000 people across 40 countries, and are estimated to have stolen hundreds of millions of dollars. While the takedown of Avalanche is a significant success, law enforcement officials acknowledge Avalanche is only one of an increasing number of groups providing CaaS services, and more must be done to effectively disrupt these types of activities.

Taking an integrated approach

The proliferation of cyber financial crime is not lost on regulators seeking to protect the financial systems. In October 2016, FinCEN (The Financial Crimes Enforcement Network) issued new guidance on how Bank Secrecy Act (BSA) regulations apply to cyber events, cyber-enabled crime, and cyber-related information.

Financial institutions are also facing expanded BSA reporting requirements under the recently enacted New York State Department of Financial Services (DFS) cybersecurity regulations, which came into effect March 1, 2017 and included an expanded definition of cyber events triggering BSA reporting.

Financial institutions should consider how the convergence of cyber security and financial crimes compliance impact its target operating models to ensure seamless coverage. At Standard Chartered we are taking an integrated approach.

"We have created a dedicated group to focus on identifying, analysing, mitigating and reporting illicit proceeds from cyber financial crime"

We have created a dedicated Cyber Financial Intelligence Group (CyFI) to focus on identifying, analysing, mitigating and reporting illicit proceeds from cyber financial crime.

CyFI produces intelligence through the fusion of financial data, cyber threat intelligence, web research, mining of restricted access sites, and much more. Working in collaboration with other internal teams, industry partners and law enforcement, CyFI plays a proactive role in identifying, mitigating and disrupting financial crime risks to the Bank from cyber-enabled and cyber-dependent crime.

Partnering with crime agencies

A real challenge to the proliferation of cybercrime can only be mounted by the industry as a whole working in collaboration with law enforcement stakeholders. We at Standard Chartered have therefore partnered with the National Crime Forensic Training Alliance (NCFTA), which is a non-profit organization facilitating close public-private partnership by bringing together industry partners, law enforcement, and academic institutions to combat cybercrime.

With an analyst now embedded in the New York office of the NCFTA, the Bank is collaborating in a joint environment with law enforcement and industry peers to disrupt cybercriminals and develop best practices. The Bank is also a member of the Financial Services – Information Sharing and Analysis Center (FS-ISAC), a cyber threat intelligence clearinghouse providing rapid dissemination of cyber threat intelligence and community analysis of cybercriminals. The Bank’s partnerships with these and other organizations is a critical step towards gaining a tactical and strategic advantage over cybercriminals.

Blockchain: a game-changer in the fight against financial crime?

John Cusack — Tue, 01 Aug 2017 15:47:27 +0000

There’s been a lot of hype about blockchain technology, the most famous example of which is the cryptocurrency, Bitcoin. Media, think tanks and strategy consultancies have suggested that it will transform everything – from banking, to government, even to our identities.

It’s easy to see why people are excited by its potential. Its core premise of a distributed ledger database for recording transactions brings unprecedented traceability at unprecedented speed.

Some in the industry have compared its arrival to the discovery of penicillin; it is hoped blockchain can cure many social ills, in the financial sector and beyond.

In the financial world, the most probable near-term applications of blockchain technology are in the areas of post-trade settlements – especially for loans, Credit Default Swaps (CDS) and securities – trade finance and in-time international payments.

"The idea that new blockchain applications will operate without banks playing a major role is not likely"

Some fear that banks might be under threat of being crowded out of this space by new entrants, but the idea that these new blockchain applications will operate without banks playing a major role is not likely.

In the wake of 9/11, banks have been tasked with stepping up their ability to keep the financial system safe from terrorists, traffickers and other criminal activity. Vast sums are spent to develop and maintain sophisticated anti-money laundering (AML) programmes to meet complex Know Your Customer (KYC) requirements.

The cost of putting these in place means they’re not going to be replicated by start-ups. And the alternative – allowing an ‘unpermissioned’ space to develop, free of these AML/KYC requirements – is unlikely to win support from the public policy makers and standard setters, supervisors and regulators by whom they were introduced and who enforce them vigorously.

Blockchain potential

At Standard Chartered, we see blockchain as a huge opportunity. In 2016 we completed the first real-time cross-border payment for businesses with another major correspondent bank. This involved teaming up with fintech start-up Ripple, which provides a blockchain platform for enterprises. Normally this payment process takes up to two days, but the initiative saw it completed in less than 10 seconds. And that settlement time included the “full transparency of fees and FX (foreign exchange)”.

And earlier this year, Standard Chartered, together with DBS Bank and Infocomm Development Authority of Singapore (IDA) successfully completed a proof of concept delivering the world’s first application of distributed ledger technology to enhance the overall security of trade finance invoicing. Soon we will be inviting clients and other intermediaries to join this pilot. The Bank is also part of the Hong Kong Monetary Authority’s Distributed Ledger Technology Trade Finance Working Group, which also delivered a proof of concept using blockchain in trade finance.

These trade finance pilots are a good example of how blockchain can help us break down silos. And by facilitating secure information sharing in real time, this technology can take our efforts in the fight against financial crime to the next level.