Another one for the books! ACAMS Hollywood 2023 was a success for the Vital4 team as we learned a lot about the latest (and ever-changing) regulatory trends and ongoing financial crime risks we are faced with every day. The conference kicked off with Monday’s opening party with beautiful weather and an equally beautiful location overlooking the ocean. There was plenty of good networking, drinks, music and Pallela for all.
Tuesday morning the opening panel discussion was quite insightful and, in our opinion, this truly set the tone for the hot topics that we discussed in detail throughout the conference.
The panel was made up of Howard Fields, Chief Compliance Officer, Mastercard; Jennifer Fowler Director for Public Policy, Meta Financial Technologies; Jean Chung Managing Director of Asia Standard Chartered Bank; Markus Schultz, Deputy Global Head Financial Crimes Compliance, ING. and Scott Liles CEO, ACAMS.
Many panelists were asked for their predictions for 2023 and beyond and they discussed the use of more utilities, sanction screening, transaction monitoring and the sharing of information. Collaboration with public and private partnerships could not have been stressed enough and that privacy advocates and financial crime risk managers must come together to help strike a balance of privacy protections while allowing data to be used to identify and fight financial crime. They also stressed the topic of Artificial Intelligence and how it is still a major concern for the banks and the regulators. But reminded the audience that AI is not replacing people’s jobs in the industry yet enabling them to be more efficient.
An extension of last year’s discussion of beneficial ownership challenges continued to be a pressing issue as the new rule is drawing closer and takes effect in January of 2024. Outstanding questions continue of what percentage defines beneficial ownership, is it 25%? 10%? There are so many complexities around this and unfortunately there is no “one size fits all approach.” Overall, the recommendation is to use a risk-based approach because there is simply too much discrepancy.
Lastly anyone who is interested in a look back at enforcement actions and regulatory changes for 2022 can visit MoneyLaundering.com for a complete list.
The regulatory roundtable: Inside insights from the leaders of oversight
The top regulators and agencies that develop standards that AML professionals must meet came together to discuss initiatives like FinCEN’s National priorities and the ever-changing sanctions against Russia. Moderated by Kieran Beer, Chief Analyst, Director of Editorial Content, ACAMS; speakers included Lisa Arquette, Associate Director, Anti-Money Laundering & Cyber Fraud for the FDIC (Federal Deposit Insurance Corporation); Koko Ives, Manager, BSA/AML Compliance Division of Supervision and Regulation for the Federal Reserve Bank; Donna Murphy Deputy Comptroller for Compliance Risk, Office of the Comptroller of the Currency (OCC); and Jay Song, Director of the Office of Compliance, FinCEN (Financial Crimes Enforcement Network).
The session started out discussing each of the agency’s individual priorities which we will summarize here:
- Inflationary pressure, geopolitical events, risks to the financial system, social media caused rapid deposit runs
- Customer risk profile: beneficial owner frequently changes biggest challenge and getting that information updated
- Cybersecurity – prepared for any event – phishing, natural disaster, bank run (all things they need to be prepared for)
Federal reserve priorities:
- Understanding emerging risks
Office of the comptroller of the currency priorities:
- Guarding against complacency – reminding banks that with the recent market disruption, not to take their eye off ball with CFT
- Adapting modern technology into sanctions programs and CFT
- Fair lending, equality in banking, financial inclusion, consumer protection
- Implementation of AML act
- Implementation of corporate transparency act – beneficial ownership is their #1 focus; the use of anonymous shell companies is the biggest threat
- Broad implementation of the AML act – make sure agencies receive the critical information they need to combat financial crime
- Insuring responsible innovation
- Urge banks to manage risks properly or they will take action
- FinCEN exchange
After priorities were discussed, the moderator asked the regulators about their crypto thoughts and the focus was around the recent volatility. They urged supervised entities who are creating technology and running pilots to only engage in permissible activities and to make sure they consider all risks, based on lessons learned from the collapse.
Ransomware was touched on and they reported that in 2021, out of the 1,400 SARS of ransomware that were filed – half of the incidents were connected to Russia. Ransomware had a 1.2-billion-dollar impact last year. They warned that attacks are getting more frequent, and payments are drastically increasing.
The topic then shifted to customer due diligence – and the discussion around changes coming from FinCEN. The question on everyone’s mind was: where do they stand with third party relationship management guidance? It was expressed that AML obligations apply to third parties and the bank is responsible for the relationship and that they are complying appropriately. It was reiterated that the bank is responsible, and the FDIC is currently working on updating guidance on third party risk management.
Lastly, what are the regulators seeing and/or focusing on in the way of enforcement actions?
- Third party relationship challenges
- Check fraud
- P2P – (Zelle, Venmo)
- AML / sanctions
- Regulators are concerned with complacency around AML policies or a decrease in oversight of AML
Regulators stressed this MAJOR WARNING: During tough times you should never reduce oversight of AML.
The session concluded by discussing topics such as the access rule for the FinCEN beneficial owner database and as we all know, we are still awaiting the final rule. We are also awaiting changes and or a re-definition of the CDD rule. However, the obvious problem still exists in the fact that the database can only access one record at a time, and there are limitations to permissible use of the database. The data can only be used for onboarding and cannot be used for transaction monitoring or CDD. So, the question remains: how do you reconcile out-of-date data? Banks really need mass access to the data, but this looks like a challenge that will continue.
Bottom line for banks: it is a huge struggle to verify the beneficial ownership information and data from the registry and they cannot use data for anything outside of CDD compliance.
Global FIU Keynote Panel
This was a discussion to share insights and priorities of Egmont and FIU’s to discuss the importance of information sharing and the challenges associated with the fight against terrorism, money laundering, sanctions evasion, and other financial crimes. Speakers included Himamauli Das, Acting Director, FinCEN; Vince O’Brien, Deputy Director, Head of the UK Financial Intelligence Unit and PoCC National Crime Agency; Sarah Paquet, Director and CEO FINTRAC; Craig Timm, US Head of AML, ACAMS; Hennie Verbeek-Kusters, Head, FIU – Netherlands.
The session kicked off discussing third party shell companies, crypto anonymity and international information sharing challenges with sanctions evasions and FIU’s in different jurisdictions. Throughout the session, Himamauli stressed top priorities like sanctions evasion and export control evasion and stressed the importance of creating feedback loops with banks.
FINTRAC talked about the importance in combating illegal wildlife trade which is happening in over 150 countries. These are crimes committed by national criminals and in many cases are the same networks that are used for human trafficking, arms trafficking, drug trafficking, etc.
Some key highlights about UBO (ultimate beneficial owner) and information sharing:
- The challenge between identifying UBO’s and the data privacy laws clash and make it incredibly challenging
- The UK has the longest standing UBO registry. Challenge: the balance between privacy and being able to protect the public
- Our company’s house is publicly available; however, it has limitations to validate the information which causes additional challenges
- Focus on public/private partnerships (PPP’s) law enforcement, regulators, banks – identify types of typologies, networks, red flags, and how to make cross border relationships for PPP’s
- Incentives for PPP’s – how to incentivize relationships and information sharing
- Challenge: sharing data without sharing PII
Keynote Special Presentation
On Wednesday, the keynote session brought audience members to their feet in a standing ovation for Markiyan Kliuchkovskyi, the Advisor to the office of the President of Ukraine. Kliuchkovskyi gave an update on the status of the Russian war on Ukraine and gave his condolences to all the victims of the war and the families of the deceased for the suffering endured in his country. Dr. Justine Walker, Head of Global Sanctions and Risk, ACAMS, admittedly was brought to tears during the interview.
Weathering Crypto Winter: The Forecast for Digital Assets
One of the HOTTEST topics of the conference was crypto. We attended the Weathering Crypto Winter: The Forecast for Digital Assets session with an open mind. We were particularly interested in what the experts had to say after learning about the collapse of FTX earlier this year. The panel consisted of: Joby Carpenter, Global SME, Crypto Assets and Illicit Finance, ACAMS (moderator); Yaya Fanusie, Director, AML and Cyber Risk, Crypto Council for Innovation; Jennifer Fowler, Director of Public Policy, Meta Financial Technologies; Melissa Strait, Chief Compliance Officer, Coinbase; Mark duBose, Chief Compliance and Risk Officer, Anchorage Digital.
The panel kicked off with their thoughts on the March 2023 economic report from the President. Panelists said the White House report sent mixed messages questioning the underlying value of crypto and advocates for FedNow, which will enable individuals and businesses to send and receive instant payments. The Whitehouse also updated their critical and emerging technologies which included fintech and blockchain.
Some other take aways from the session:
- Increase in enforcement actions
- Not much progress with regulatory framework
- Will Crypto be deemed security or commodity?
- Technology and innovation suffer during a recession
Compare and contrast with crypto vs. broader concerns – key takeaways:
We should all consider the fact that the collapse of FTX was outright fraud and criminal vs. it being about crypto and that bad actors have always and will continue taking advantage of “new” technology.
Crypto is to banking as internet was in the 90’s and we should consider the massive impact it could have on the US for slow adoption in our traditional banking sector.
The crypto council for innovation reminded the audience of finding positive use cases such as financial inclusion, faster payments, etc. One example of a use case was for the use in foreign remittances. The fee for every transaction is 6.5% and takes several days to get the transfer. With crypto, a $99 million transfer took 2.5 minutes, and the transaction fee was .40.
A few additional key comments we would like to highlight from panelists;
- “There is something in crypto that is interesting to everyone. There is an inevitability to this.”
- “There are very few banks in the U.S. that bank crypto companies and we should be concerned because the U.S. is the largest technology innovation region, and there is a threat of China, Europe, and other regions that are quicker to adopt this technology we will be left behind.”
Our take on the panel’s overarching message? The bottom line is that the U.S. is not embracing crypto but other countries are. “This is important from a national security perspective, countries like China will surpass us.” said one of the panelists.
Even for the deep crypto skeptic, the BIG message was this: this technology is here to stay, and we need to be a significant player. China is embracing and will surpass us if we do not embrace it. China is creating smart contracts and regulating considering privacy, etc. The government’s attitude simply is not supportive of crypto.
The panel was asked the question; “What keeps you awake at night?” “What could go wrong?” Here were their responses:
- Regulatory uncertainty
- Companies leaving U.S. and going offshore – right now we are losing the “global race” with this technology
- North Korea is the immediate threat to crypto
- Prospect of the global financial sector no longer needed
- Potential for missed opportunity
- DeFi challenges
- How to mitigate illicit finance
- Globally bullish about crypto but in U.S. neutral about crypto
- Commodity vs. security- needs to be defined
- Legislation in EU supports crypto
- Singapore – legislation supports etc.
Other key topics and takeaways that had the spotlight: Sanctions Evasions (by Russian oligarchs – et al)
This resonated throughout the conference and was highlighted during most sessions. There are increased efforts to avoid sanctions with the usage of “intermediaries” to hide assets such as children, shell companies (becoming more complex), third parties, trusts, law firms, and other legal entities.
Some areas of concentration:
- Export control; cutting off access parts for critical items like military items, planes, control electronics and more effectively manage the supply chain providing goods to sanctioned areas.
- The creation of sanctions is fast paced; a challenge for banks as legal risk increases in attempting to track sanction activity.
- It is important to determine channels that matter to trade compliance export control and related money laundering– items like electronics, materials used in production of items used in the building of military and industrial hardware need to be tracked. It is important to understand how deviation in routing of these items through nearby countries is allowing these items to get into Russia, and how this is contributing to trade sanction evasion.
- There have been some success stories. Him Das, FinCEN’s acting director suggested SARS (from alerts issued by FinCEN) led directly to the designation of 22 individuals and entities suspected in helping Russia and Belarus evade sanctions to procure military and industrial hardware.
- Sanctions are changing in real-time, and they are changing form repeatedly. Here are some things to consider:
- Review the sanctions regime, look for topologies for money laundering, where offenses are occurring and how information can be shared internationally.
- Monitor changes to company structures; evaluate if/how family members are involved, determine “hidden ownership.” Understand the need for a fresh look at ownership and control via shell companies and understand who has documented ownership.
- Increase scrutiny and monitoring of high-risk jurisdictions.
- Determine the source of funds. Tracking is needed to determine where the money is from, determine the source of funds, how the money is linked, and try to identify any hidden sources.
- Determine how money is being funneled via cooperating neighboring countries.
- Determine if crypto is being used. Russian exchange, Bizlato, founder accused of conducting an unlicensed money transmitting business. Now, more than ever, regulators are increasing scrutiny on crypto exchanges.
- There is a growing need and tendency to share more intelligence when fighting sanction evasion and money launderers. There is a growing hope that information will be shared more amongst agencies and the private sector one day. Still, vendors are an excellent source of data commonly used as part of risk assessment and controls.
- There are changing typologies and concentration areas to improve controls, like tracking when funds dissipate from accounts quickly and tracking corporate control and ownership. Ensure there are strong Know Your Customer (KYC) and screening capabilities in place and regularly review internal product and the geographies served.
- It is important to analyze controls prior to deployment, i.e., how do controls increase visibility of changes; how do controls and systems provide insight to assess change to company structure; how are high-risk/value transactions flagged; how are high value items identified and tracked? It is important as the controls are evaluated and deployed that there is enough capacity to handle the volume of notifications. Control typologies need to be assessed in the light of the changing environment.
The reality is that sanctions are changing. There is a wide breadth of types of sanctions such as activity based, economic, financial restrictions, trade, geography, arms, diplomatic, trade sanctions, etc. and they are coming quickly. The burden is on the FI (financial institution) to implement sanctions, and to mitigate and ensure they are honoring them and serving as the investigative front line.
In conclusion, the state of data globalization has increased the risk for money laundering since it is easier to move money globally which leads to increased risk and sanction evasion. There is a push to share more insight across agencies, amongst private firms and over global borders to help fight money laundering. Because of this, it is more important than ever to review systems and contemplate what might be coming. FI’s should assess risk preventively, exit rapidly, and review controls for changes. It is crucial to de-risk quickly and efficiently by taking a proactive view.
We look forward to seeing everyone at ACAMS Las Vegas in October to create further dialogue with all our financial crime fighting friends and continue to make new connections. See you all soon!