Anti-money laundering in the new world economic order
Season 1 Episode 2
The future of means of payment, its threats and risks>>>>.
Transcript
Juan José Ríos
The Covid 19 pandemic has caused unprecedented global challenges, human suffering and economic disruption. This situation implies major challenges for financial institutions and to be alert to the implications of the economic downturn in some sectors as other activities boom,
The inherent changes in customer behaviour, the increase in virtual channels, the exponential increase in demand for certain goods and the greater use of virtual assets generate new emerging risks for institutions in terms of being used to legitimise capital of illicit origin. Given this scenario, the application of good practices and automated response mechanisms to the threats and vulnerabilities arising from the Covid 19 crisis is of paramount importance.
Bodies such as the FATF Financial Action Task Force and the Basel Committee have issued documents with recommendations for financial institutions to protect themselves adequately. In this podcast, we will analyse the financial environment in the new world economic order and some of the main recommendations to mitigate the risk of money laundering and terrorism financing.
Hello, how are you? Welcome once again to this second podcast of Mundo Financiero Seguro, the Plus TI podcast. I'm Juan José Ríos. Today, as always, we are going to discuss a topic of importance and interest to all of you.
In this case it is how to prevent money laundering in the new world economic order. For that we are joined on this occasion by Raúl Castellanos, Compliance Solutions Manager. How are you? Welcome.
Raúl Castellanos
Nice to meet you Juan José. A pleasure to be here with you.
Juan José Ríos
And from Colombia, Ilian Vasco VP Marketing and Product. Ilian, welcome.
Ilian Vasco
Hello Juan José and Raúl. Good afternoon. A pleasure to greet you and very happy to be at this working table.
Juan José Ríos
Thank you very much. So how to prevent money laundering in the New World Economic Order. I would like to ask you both the following question: How do you see this economic environment at regional level in terms of economic recovery?
Raúl Castellanos
Well, now we are moving on to the next phase of Covid. Let's say that in the first few months of confinement, different customer behaviours started to emerge. The first was, of course, to start using more digital channels and also that the economy was split between core and non-core activities. That led to an overflow of demand for medical food products and dietary supplements, let's say. And on the other hand, the downturn in the economy. So that continued for the first few months, which led to major behavioural changes.
And now we are in the next phase, which is economic reactivation. These months have been important because there have been very abrupt changes in the behaviour of different economic activities and now we are heading towards reorganisation, towards incentives for economic reactivation. And all of this means that there are dissimilar economic factors, in which it is more difficult to detect which activities are genuinely recovering their rhythm and which are being influenced by illicit activities. So it becomes a very important and very analytical task for financial institutions to determine the genuine pace of some activities and how illicit money can infiltrate this new order.
Juan José Ríos
Ilian, Raúl talks about incentives. What would those incentives be in this reactivation? If we put it from this new point of view in the world economic order, how do we detect which ones are illicit?
Ilian Vasco
Hi Juan José, what a good question. First of all, regarding incentives, I would say that there are different and very interesting reflections and discussions on how we are going to live from now on and how the whole financial and business world is going to adapt to this reality.
Many say that this is definitely going to change and that it's going to be a different world. I am very much of the opinion that we are going to continue in the same way, but that there are obviously certain changes that must be taken into account and that within a short period of time will affect us. So, within this framework, in Colombia and in several countries there have been different projects to support different affected industries. Within this there are incentives, for example, on issues of foreign investment, issues of companies that may be buying because they went bankrupt, where there are even some non-profit organisations that can accompany international companies where they can connect and support the development of businesses.
These are going to have, through government decrees, greater facilities and all that at the level of incentives. Now, how do we detect which ones are illicit? That is where the interesting part of the issue lies. I think the first thing we can do is to identify the risks to which we are exposed. We have to know the businesses, we always have to do due diligence on the businesses that may or may be generating; we have to know that today the market is changing and it seems that the traditional financial model is going to change.
I don't dare to say that it will change now, but little by little there are different growth opportunities, such as fintech, where there is a very fast and expeditious economic model. In addition, there is the issue of crypto-assets, with the whole issue of digital transformation, which will also help to make it easier to move resources and large resources. And this definitely means a risk and could be the first framework to start detecting illicit activities.
Juan José Ríos
Thank you, Ilian. Now with you, Raul, let's talk about the risks, the emerging risks that arise from money laundering, especially within a Covid 19 scenario.
Raúl Castellanos
Of course, as Ilian mentioned, this new economic order has mainly developed digital channels and the use of cryptocurrencies or virtual assets. So the emerging risks come from two big areas. The first one, the whole digital economy: how we identify the customer remotely today. The regulations that we have maintained until before Covid assumed that a person could go in person to a bank branch and initiate relations with the institution, whether it was a bank, a cooperative or any other institution; there would always be a face-to-face relationship.
Today, this relationship is primarily digital. The pandemic greatly accelerated the incorporation of technology into human relationships. So even if there were already some banks that had started their operations fully digitally, now they were all forced to go to these channels. So the emerging risks involve not having a full face-to-face, but having to deal with digital channels that depend on the customer being validated with authentication, such as biometrics, including documents, taking advantage of information from social networks to start a relationship. This is on the one hand. On the other hand, our economies in Latin America are purely informal and that also encourages the greater use of cash. And of course, I was talking about the issue of economic incentives from the point of view of governments, what they are doing, and part of it was published by INGUAT these days, saying that they want to reactivate the tourism sector, for example.
What governments are looking for is to pick up the pace again with tourism, construction and a series of activities that were in depression in order to reactivate the economy. Under that umbrella, what many criminal organisations are doing is taking advantage of buying up some of the establishments in these depressed economies in order to have an ideal façade of how to legitimise capital. So, the emerging risks are from the digital point of view. How do I take advantage of this to be able to authenticate my client, to be able to initiate a business relationship and to keep within the parameters of their economic activity, which is going to continue to change.
For example, if it is a client that is incorporated and that is in a depressed activity, that is going to have incentives such as tourism, there are going to be important changes in that sector. So the risks are related to the person, how I deal with them (now they are remote), it is related to how I deal with those risks within the institution, because now we also have remote workers, so you don't necessarily have access to physical files, analysis of information, being able to validate some documentation and all of that opens up possibilities.
The important part is that technology, just as it has allowed the acceleration of the Industrial Revolution 4.0, also provides us with techniques of how to authenticate the customer with biometrics, georeferencing, and cross-referencing with social networks. So this is the new coexistence that institutions have to assume.
Juan José Ríos
Thank you, Raul. Now, Ilian, what kind of tools does Plus TI have at its disposal through monitors to be able to determine and somehow certify that users are who they say they are? Can you talk a little bit more about this?
Ilian Vasco
Thank you, Juan José.
Before answering the question in detail, I would like to comment that in my opinion, the virus or pandemic, however we want to call it, has not created something new as such, but has actually strengthened some issues that were already bad or in decline and that have been affecting society. So, as some examples, this has generated an explosion in the issue of drug trafficking, the whole issue of phantom charities where certain economic activities must be supported, the relaxation of the requirements of certain economic activities that at the time, when we were in the most complex moments of the pandemic, had these flexibilities.
We are talking about everything to do with production and everything to do with food, biosecurity issues. Talking about the financial sector, an explosion from one moment to the next, financial operations in remote mode or what is known as non-face-to-face and definitely, as if to close with a flourish, everything that has to do with the Christmas of corruption, because they really had their Christmas and New Year. So, within this framework, in order to respond in a timely manner about the tools that we have in the company to support all the institutions and to know that a client may or may not be that person, we have been working for several years on different issues, e. compliance with different regulations, which are in line with what we are talking about. And as Raúl mentioned, for example, it is this whole digital identification model. Today we have Monitor Plus ACRM+™ which helps all the institutions to generate these customer profiles, to know how these customers transact, what operations they do, in what jurisdictions, what products, what type of operations they have, and even when they have had some differentiation, obviously because the traditional modus operandi changed and it does help at least on the knowledge we already had of the customer, we can have a line of analysis.
Additionally, we have our risk-based approach module Monitor Plus CRM™, where we can do a comprehensive analysis and within that comprehensive analysis we can base ourselves on the FATF digital identification guide, which helps us to have greater clarity, because now all financial institutions will work. For example, we have everything that has to do with the analysis of all the collection and resolution, obviously that digital information, all the validations, the verification processes, the linkage enrolment that is mentioned in the same guide and digital identification.
And on this, we have many other components that will help us to have an integrated model leveraged on ISO 31000, where we can make a comprehensive risk analysis and those risks as such, to be able to identify or section them for all this issue of digital linking or all the issues of digital identification systems. So we are talking about risks from identity verification and enrolment, where we can have falsification of identities, synthetic identities to be able to generate any type of information.
And all of this, closing with other anti-corruption modules (Monitor Plus ABC™), where we have a comprehensive model with some typologies of transnational corruption, everything that has to do with public corruption, private corruption, the FCPA, the UK Bribery Act of the United Kingdom, which will help us to have a synergy and an integrated model so that clients do not feel that they have islands, but that they have a whole integrated model in a system, which converges in different modules to achieve the objective of each of the compliance units.
Juan José Ríos
We hear from Ilian Vasco, VP marketing and product. Today we are talking about how to prevent money laundering in the new global economic order. We are also joined by Raúl Castellanos, who is manager of Compliance Solutions. And well, Raúl, the next question for you: How has the impact of digital changed the habits of customers?
Raúl Castellanos
Of course. Mastercard just did a global study where they evaluated the change in behaviour, particularly with contactless payment methods: cards, mobile phones, Apple Watch, etcetera. Any device that has close communication, in such a way that it avoids contact. In that survey, they established that globally there is an 82% adoption of these types of payment methods and a 74% permanence in general terms. Interestingly, in Latin America the numbers are closer.
There we have 78% adoption but 76% retention. So the habit has moved to the digital channel. I also think it is very important to note that the Latin population is made up of a high percentage of young people, millennials and people who are adopting new technologies. That is very supportive of them adopting these types of technology. So, what is expected for Latin America is that the change in the banked economies will move in a very significant way towards these means, contactless and digital transactions.
There are also World Bank and International Monetary Fund projects that are supporting banking penetration in Latin America. Nowadays, there are also telephone companies that are promoting electronic wallets, where you can load a balance on your mobile phone and monetise it through the different ATM networks in Guatemala to make a withdrawal without a card. So, on both sides, both those of us who are banked and those who are adopting new means of payment, are moving to these types of channels. AsI said, the pandemic has accelerated these processes. Also, as Ilian mentioned, the issues of cybersecurity and device analysis are now being added. The issue of convergence of fraud prevention and money laundering prevention had already been on the agenda for a number of years. Today, a third factor has been added, which is cybersecurity, because moving to digital channels also brings in the whole issue of risks.
So there can be hacks. Now almost every week we have had news of banks that have been hacked, that have had their information stolen. In South America there have been notorious cases of banks that have even had to close their branches. There have been companies that offer GPS services, fitness, etc., hotel chains. So, in general, I would say: have we changed habits? Yes, the banked moved to digital channels, the unbanked are moving to electronic wallets.
Cybersecurity is added as a third actor in the middle, but it also contributes, as Ilian mentioned, Monitor Plus® solutions were already working with device recognition correlating it with the customer's activity. This strengthens those links between the customer and their device, with the way they act in channels, and that makes the holistic vision presented by Monitor Plus® more robust.
Juan José Ríos
Thank you Raul. Now, Ilian, what do you recommend to entities to mitigate these emerging money laundering risks that are being potentiated in the face of this Covid 19 pandemic and that forced us to transform digitally?
Ilian Vasco
Well, Juan, regarding your question, the first thing to recommend is to know that several sectors or companies are definitely in a financial crisis and that is well known to everyone. The point is that in a crisis there are always good and bad opportunities.
First, knowing this and knowing that there are falling share prices, falling debt securities, commodities, multiple financial assets that have been affected, many of them because in the end they also had their problems in the past, right? But they could be in a capital bubble due to financing, among others, which we are not going to go into here because they are now controversial issues. The first thing is to know where we stand.
Second, we have to analyse in detail the changes in the economic activities, how all the situation we have today is landing and how we land it to what we can do within a compliance management to mitigate those emerging risks. So, knowing the market, how those changes can appear in my economic activities, for example, restaurants, travel agencies, discotheques and everything related to events, are industries in depression.
So, if I can start to see how I compare this information with the same clients that I have. If I see any dissimilar behaviour within this model, I can have a warning signal. An interesting point is to see the transformation that many companies have undergone in certain activities, for example, textile companies that started to produce biosafety items. These include, for example, clothing, masks, among others, obviously. But within this order of ideas, what needs to be analysed is how this behaviour, this typicality, can be found. So on that basis, for example, I can have the transactional habits to compare, for example, a client with the commercial activity or his economic activity. So, if I have a restaurant (all restaurants are bad), but if I have a restaurant that is in vogue, that is growing 300%, that is pandemic, that is rare. Some economic activities will grow, but because they have been transformed and it is logical that they should be transformed. So we must look for where there may be a typicality, because clearly, no one has lived through this and no one can say what these transactional customs would be like. We can build on this with other tools, such as segmentation, which, being an unsupervised artificial intelligence model, can obviously help us to find what humans cannot, and within very interesting mathematical processes that can really help companies to work on this. Also along the same lines, as Raul mentioned in his speech, we can look at other issues that we can bring to our holistic monitoring model. And within that we have the examples of jurisdictions. So we have examples of jurisdiction, of what is commonly monitored today, there is the jurisdiction of birth, the jurisdiction of tax residence, the other nationalities, where my client does business, how can I change that now and start to include other variables. For example, where did he connect from? So the client trades between one city and another, but always connects from Afghanistan or certain high-risk jurisdictions. We can also see other typologies that are lifelong typologies, but that suddenly I was not working from a virtual model, such as knowing that from the same IP or the same device I am controlling one, two, a hundred, a thousand accounts. So all these types of issues are the ones that we have to include in our model to mitigate these emerging risks and really become a differential issue.
There is also the issue, for example, of starting to look at certain types of applications, why a customer who connects to our internet banking or mobile banking has applications such as TOR, why they have certain devices that can generate a significant warning signal, and that this could converge with the cybersecurity areas because compliance is not really going to get involved in creating all the cyber models, but it can use all the information from these cybersecurity models. So that's where they start working on synergies between areas that can help a lot to ensure effective compliance.
Juan José Ríos
Now I want to make a comment in relation to money laundering. According to a publication by Prensa Libre in Guatemala, which reports that the amount of suspicious transactions in 2019 has skyrocketed. In fact, talking about statistics, they talk about a 40% increase and a 4.7% increase in suspicious transaction reporting. Do we have any idea how much it has increased from 2019 to date now that we are in (September) 2020?
Raúl Castellanos
There are no official figures, shall we say, on how this has changed. What has happened is that it has changed so much and
That's something I wanted to comment on, in addition to what Ilian said. Actually the systems this year, so far this year or especially from March onwards, cyber attacks have increased by 700%. There were activities such as medical activity that grew by more than 600%, all parts of fitness by more than 150%. There are other activities that were repressed and are now starting to resurface. So, the systems really had a foaming effect of activities that were very accelerated and others that were in a clear depression. So to understand which movements were legitimate and which were not is complicated. We can't have a definitive figure on how this has changed. What we can say is that the rules of the game have changed. As I was saying, there are many entities, criminal organisations that have bought up depressed establishments in order to inject funds into them.
And so what we are going to need from now on are systems that handle a lot of analytical data, analysis and trends to be able to detect this new normal. In fact, Deloitte has just published a survey in Latin America on how countries are reactivating, what activities according to the influence of the country of production.
So, part of what Ilian also mentioned is the issue of cryptocurrencies. Nowadays, the issue of humanitarian aid has been disguised a lot, as well as that of rescue teams who are told that we are going to give you a certain amount in per diems so that you and your team can visit an area, hand out donations, and then suddenly they say, "You know what? We are going to make some additional transfers because we need certain non-profit organisations to make transfers in cryptocurrencies and there they are, also disguising the laundering. Right now I would say that there is a nebula, a foam effect of everything that we are going through and it will be the task of all of us to analyse the results we have had after the fact.
But the market has changed so much and so fast that I don't think there is a definitive figure right now. The FATF and Basel have placed a lot of emphasis on the analysis of emerging risks, the readjustment of indicators in terms of institutions and the quality of suspicious transaction reports, which in part are limited because the staff is remote and does not necessarily have all the resources. There are many teams that have been reduced, so there is no doubt that money laundering activity has been maintained.
In fact, also, as mentioned above, issues of corruption and illicit enrichment. Both have also been favoured from the point of view that many governments have had to tender directly in order to be able to react to the emergency. In all these, let's say, ranges of opportunity, surely it is leaking out, but grounded figures do not yet exist in a public form.
Juan José Ríos
Very good, Ilian. But if we are clear that this estimated amount of 40% of 2019 so far in 2020, has it already increased?
Ilian Vasco
At this stage, I would not want to risk asserting that there has been an increase. More because we are talking about different countries, cultures and regulators. As Raúl said, I agree that what we have analysed and everything we have seen, well, there are no concrete, official figures. If I remember at some point having read a note, if I am not mistaken, it was from GAFILAT, where they expected a reduction in the number of cases. All of this was linked to the operational change, the lack of focus on the pandemic business, the reorganisation of the changes, as well as everything that was involved in the whole process of collecting information and sending support, which are common to the whole issue.
So, if there have been certain changes in the way people have moved this issue, it could be logical that there would be a reduction before the other way around. However, let's say that when one looks at it logically, I could say that there could possibly be an increase.
That this increase may have remained only in unusual operations. Because clearly all clients have changed and changed the way they operate, so when they have these automated systems they probably had more alerts, they had more issues of behavioural changes. But because of the whole process involved, it could be that in the end the STRs have not ended up with a good number, but it is an issue that I think can be debatable and could generate controversy, because I think we are on both sides.
What I am sure of is that we have many more issues to report and certainly within those alerts, more different types of alerts and many more to calibrate.
This does make one think that the compliance units today have a high workload, that they have analysts working full time, trying to search, trying to establish, trying to see if the operations and unusualities that arise are not only correspondence of something atypical from a model that shows that they are structuring money laundering, but that this change or this typicality is the result of the pandemic.
So, within all that, what one can think of is that the entities and even the governments themselves are focused on combating the pandemic. And let's say that now, in this new awakening, and we are already partly emerging from these other phases of the pandemic, there is an upturn in suspicious operations.
There is a very interesting issue and we have to see that we have two major focuses that we have to look at and that financial institutions should be looking at for sure. The first is crypto-assets, for which the FATF has already established red flags for these activities, for financial institutions to take into account. The red flags have established many important considerations and almost as if they are sending out the signal that "look at financial institutions, this is an issue that is here to stay and now they have to have these controls to prevent them from being used, because surely many clients are now involved in the issue". There are certain facilities: there could be a combination issue, there are mixers that combine crypto-assets to lose that trace. One can buy either a crypto-asset, speaking of bitcoin, I can buy either a whole bitcoin or part of a bitcoin, which makes this management complex and many of these are peer to peer, since within this scheme, it is also much more difficult to know because it is not working directly with a company.
Another very important issue is the issue of corruption, which must surely be generating many cases and surely in some reports, because there have also been movements in the media, where it is clearly overflowing. Surely there are going to be issues of cost overruns in contracts, cost overruns in areas such as fans, which have been in the news, medical supplies, and infrastructure.
So, to sum up, I do think that the issue should be fully covered by the compliance bodies, but I think that in the end, there are not a greater number of suspicious transactions. We will see that later on with the official reports. What I am absolutely sure about is that now the spectrum of what has to be controlled in financial institutions is much larger, it is a more complex model. It is definitely going to require the application of technology and additionally some automated systems that will help to bring this information together in the best possible way so that with all this they can generate valuable reports that can also provide excellent quality to each of their cases.
Juan José Ríos
Thank you, we are about to come to the conclusions of today's topic. I have a question for both Raul and Ilian: Docountries have to maintain a balance in combating illicit financial flows? I mean privacy versus transparency.
Raúl Castellanos
Both are compatible. What happens is that the confidentiality of the information is protected by the institutions. There are sufficient parameters on which one can act, whether by economic activity, by segment analysis, by industry analysis that allow you to establish when a person who is engaged in a certain activity is within an acceptable range of operations of those types of activities. So, in general, the systems are focusing on behaviours, on amounts, on jurisdictions without dedication to a particular person.
Now, when a pattern of money laundering or an unusual operation is identified, then they enter the internal investigation, the support, the due diligence used, and from there a suspicious operation report is issued by the regulator. In terms of confidentiality, all sensitive customer data is kept confidential unless a court order requires disclosure. But beyond that, banking secrecy is compatible with habeas data or GDPR, or all these regulations that have come out to protect people's data and their privacy. That is compatible with all the analysis of unusual transactions that one can have. At a certain moment, even when a suspicious transaction report is made, there is certain information that is derived, that is kept anonymous until the Public Prosecutor's Office takes action, if it is the case. But there is no doubt that this monitoring, as Ilian mentioned, must be adjusted and adapted to the new risks and the new channels in which we are operating, and we must act on this incentive to be able to provide support.
That is another point: when you are doing money laundering prevention, you can establish which clients, who are usually the majority, have legitimate activities and have trends in line with their industry. To that group of people you have to provide all the financial support and support them with injection of new capital to grow their operations, and to the lesser ones that may have unusual operations, do extended due diligence and apply mitigation measures.
Juan José Ríos
In a continuously evolving market and thus with increasing opportunities for money laundering.
What would your recommendations be?
Ilian Vasco
Some recommendations that come to mind at the moment. For example, I like the phrase "identity in difficult times". Because it really forces me to ask myself the question whether I really have identified my customer and with this question the answer is not just whether I have his identity card, I have his employment information, but: do I really know who my customer is? how does he behave? how does he move in the market? what kind of customers is he? what does he like and what doesn't he like? Get to know him deeply.
It is an extensive topic, but it is important to take it into account in order to have a real knowledge. On the other hand, to ask myself other types of questions not related to the client, but related to the integral process and risks. For example, am I including new channels? Am I including new technologies? Like talking about all the recent ones, so money laundering opportunities. If you have really done an updated risk analysis of what's new coming in the market and how it can apply to me under my conditions, under my operation, in my market niche, if I really have information availability and data governance, then I have my client natural or legal person. If it is a legal entity, do I know all the shareholders up to the natural person? Can I access them immediately or do I have to go and get them a sheet of paper, a piece of paper? Do I have, not only the shareholders, but all the information of the authorised persons, of the final beneficiaries of all this information?
It is critical to know and answer that question. We can assess whether with all these changes our system requires some kind of calibration, whether I am monitoring all the products and services of the institution, whether I have a card problem, whether I have the prepaid credit problem, whether I monitor terrorism financing. All this without even getting into everything that has to do with proliferation of weapons of mass destruction, which is part of the regulations and responsibilities, but we are probably not working on that.
So this means that we have holistic monitoring and that holistic monitoring goes from different fronts, for example, the risk rating of my clients is tied to a comprehensive or normal due diligence process, depending on the level of risk. Whether I have online or near real time transaction monitoring. Where I say "but if you have digital onboarding, how come you don't have or are managing a daily or weekly batch?"
Do we still have some of these models? If I have a multi-profile of the client that evaluates the behaviour or the profile of the client in terms of his financial information, in terms of his transactional habits, or in terms of economic activity. Management lists is also another issue that cannot be neglected, if we remember the latest fines, they all come from lists, specifically in the United States. If I am including in my integral model everything that has to do with employees, third parties, suppliers and finally a segmentation technology issue, rather new technologies where I can have segmentation, for example, a robotisation of processes. Because at the end of the day, analysts also have their checklist or their somewhat procedural validations that could be automated in a certain way. These would be our recommendations to achieve a model that makes sense and that can work within an integral compliance process.
Juan José Ríos
But thank you very much to both Ilian Vasco, VP Marketing and Product, and Raul Castellanos, Compliance Solutions Manager, for giving us these insights and analysis on how to prevent money laundering in this new world economic order. Thanks also to all of you for listening. This was Plus TI's second Secure Financial World podcast. I'm Juan José Ríos. Nice to meet you and see you next time. We look forward to hearing from you as always.
The future of means of payment, its threats and risks>>>>.