Recent headlines have been filled with news stories about all types of fraud from Bernie Madoff's infamous multi-billion dollar Ponzi scheme to Internet phishing scams to mortgage fraud. The downturn in the economy has brought many of these cases out into the open, namely mortgage fraud in the United States as a result of the housing crash.
People are also talking about how money laundering and fraud are connected. Before it was only about fraud, but now money laundering and to a limited degree terrorist financing have entered the picture. But why?
Money laundering and terrorist financing receive more attention because ML/TF allows criminals the ability to enjoy the proceeds of their crime. In the case of terrorists, it allows them to enjoy the scenes of destruction that they deliver by using the money derived from crime such as fraud to fund their terrorist activities.
How is fraud connected to money laundering and terrorist financing? Criminal activity related to fraud generates money that needs to be laundered, so where there is fraud there is money laundering. Fraud is a crime and is a predicate offense (these crimes are the underlying source of the money laundering) for money laundering. In many financial institutions, there are separate departments that try to protect the institution from money laundering and fraud. In many cases, the fraud group and the AML group do not communicate or work together on the ML/TF threats that face their respective departments.
AML departments often do work that is similar in nature to that of fraud but the reasons for doing so can be quite different. For example, the AML side works to comply with the AML regulatory requirements, whereas the fraud side tries to protect the organization from financial losses. Fraud has an easier time of demonstrating value for money because it can quantify in dollars the impact of its anti-fraud efforts on the bottom line. AML is often seen as a cost-center that benefits the financial system as a whole and society at large but there is little for the organization to recover to make up for the ever-increasing costs of compliance.
Organizations can benefit by leveraging their fraud resources with their AML efforts and take advantage of the significant efficiencies that can be achieved by greater collaboration between the fraud and AML departments.
Several years ago, I came across a case that shows the difference between fraud risk and money laundering risk. When we think of fraud risk we think of the risk of financial loss or credit loss. The key question: Is the money really there? Whereas for money laundering risk, the key question is, where did the money come from? This case will help us better understand what money laundering risk is by comparing it to fraud risk.
Details of the client file reviewed:
- Customer has a credit card account with a limit of $2,000, and a zero balance.
- Only one person listed on the credit card account.
- The client makes a large check payment of $20,000 via ATM.
- This creates a credit balance of $20,000, which is highly unusual for a credit card account because normally you owe the bank money not the other way around.
- Client is self-employed working as a property developer making $250,000 annually.
Now, this large check payment creates a fraud alert because again, there is doubt that the check is good. For example, is the money really there and the bank wants to protect itself against a fraudulent check. The fraud department calls the customer to find out what is going on. The customer says that he will be travelling overseas and wants to use the credit card to take cash advances because credit cards are not widely accepted there. The fraud department thinks this is reasonable and waits for the check to clear, which it does in five days.
There is no further work done by the fraud department because the money was deposited, so there was no risk of fraud or loss to the bank. The fraud department stopped asking questions and closed the case but no one asked where the money came from or whether the transaction was reasonable for this type of client based on his occupation, age or past transactions.
My colleagues and I thought this was quite unusual so we asked to see the account transactions for the past year and we were shocked by what we found.
- High velocity of transactions on the account. There were more than 75,000 attempted credit card transactions in the year with about a quarter being approved. If you do the math it is not possible for one person to do all of these transactions.
- We saw multiple transactions on the same day using different channels (phone, web, in-person), made from different locations, which again suggests more than one person using the credit card.
- ATM withdrawals attempted from foreign locations (higher risk locations for ML/TF). Withdrawal attempts were even made after the maximum amounts per day were met, but they kept trying!
So the key here is to understand that money laundering risk is about where the money came from, whereas fraud risk or credit risk is about whether the money is really there. Fraud professionals see activity like this all the time and if they were to ask a few more questions, it could help protect the organization from money laundering and terrorist financing. Do not close the case by stopping at no risk of financial loss, but keep going and ask, where did the money come from?
Why is it important for an organization to protect itself from ML/TF?
Reputational and regulatory risks have become more important to manage in today's world especially with the great recession experienced globally. This recent downturn has made it even more critical for organizations to protect the organization's reputation from negative news events. No bank wants to be on the front page of the newspaper with a headline reading—'ABC Bank charged with money laundering' or 'ABC banks terrorists.' This would be a public relations nightmare.
Complying with regulatory requirements related to AML is becoming a challenge as the bar constantly rises. The following are the key regulatory bodies or groups that set AML standards nationally and globally:
- Office of the Superintendent of Financial Institutions (OSFI) — Federal Canadian bank regulator—has issued an AML guideline (B-8).
- Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) — Canada's financial intelligence unit for all reporting entities, i.e., real estate sector, banking, securities dealers, money services businesses, accountants etc. FINTRAC's mandate is to facilitate the detection, prevention and deterrence of money laundering, terrorist activity financing and other threats to the security of Canada.
- Financial Action Task Force (FATF) — In response to mounting concern over money laundering, FATF was established by the G-7 Summit in Paris in 1989 to develop a coordinated international response. One of the first tasks of FATF was to develop recommendations, 40 in all, which set out the measures national governments should take to implement effective anti-money laundering programs.
- Financial Crimes Enforcement Network (FINCEN) — is the FIU for the United States and has a similar mandate to that of FINTRAC. It has published a great deal of material on the relationship between fraud and money laundering.
The possible social and political costs of money laundering, if left unchecked or dealt with ineffectively, are serious.
Money laundering is a threat to the good functioning of a financial system.
It is our collective responsibility to make our best effort to deter and detect money laundering and disrupt terrorist financing. Although there may not be direct cost savings to the organization, the benefits provided to society from these efforts create a framework and environment for legitimate organizations to prosper. fraud and AML departments need to work together to minimize these risks.
In the current state, most organizations have their fraud and AML departments separate, but the trend is moving toward greater integration due to limited resources and the weakened economy. Everyone is trying to do more with less.
Option One: Combining the Two Groups into One
How to build it?
- One transaction monitoring system running both fraud and AML rules with generated alerts tagged as AML or fraud hits.
- Customer-centric database that provides a holistic view of the customer's total relationship with the bank i.e., all products they have, accounts in different lines of business, all transactions done by customer are visible, etc.
- One case management system which allows for easier hand-off of files between analysts and investigators.
- Group should not be split by fraud and AML staff but by skill-set. Therefore, instead of having an AML analyst or a fraud analyst that reviews transaction monitoring alerts, you would create a Financial Crime Analyst (or whatever title you want) who would be responsible for reviewing both AML and fraud alerts generated by the transaction monitoring system.
- A team within the group that would need to be tasked with creating policies and procedures, complying with changing regulations, communicating and working with lines of business to implement effective AML programs in the businesses. As well as dealing with regulators and auditors.
- Designate an anti-money laundering officer that is experienced to deal with AML, not only fraud issues. Regulatory expectations of the anti-money laundering officer are quite high and all these would need to be met.
Although the efficiencies and cost savings that would be gained from integration could be great, there are serious challenges involved with integration. For example, in most organizations the fraud side is better established and has greater resources than AML, as well as the ability to justify their worth to the bottom line. Whereas AML groups cannot directly quantify their value to the bottom line and have not been around as long.
If the two groups were just merged as one then there is the risk that AML could be overtaken by the fraud side and limit the resources available to AML. This would be very dangerous to the organization's ability to effectively mitigate the reputational and regulatory risks it faces. Speaking of regulators, they are wary of any reduction in resources or stature for the AML side and would still expect that all the requirements of the AMLO and the AML group be met even if the two departments merged. This option is not as simple as putting the two groups together and thinking that everything will just work out because there are very complex cultural and regulatory issues that need to be looked at before any integration could take place.
Option Two: Increase Collaboration Not Integration
Another option is to keep the groups separate but formalize the relationship so that the two groups work better together with the objective of reducing the reputational and regulatory risk that the organization faces. How can this be achieved?
- Have both groups report to the same senior executive team member.
- Have one common case management system so that files can be easily handed off between the two groups.
- Maintain separate transaction monitoring systems but train both fraud and AML staff to look out for red flags for both departments. If AML is looking at an alert but does not find anything suspicious for AML, there could be fraud. They then should be able to easily communicate this information to the fraud group to let them look at it further. Fraud staff could do the same if they saw activity that looked suspicious for money laundering or terrorist financing then they could pass this onto AML staff.
- Specialized training for each department on the other's various indicators.
- Fraud group could do an annual AML self-assessment for its area and report this to the anti-money laundering officer.
- Fraud could assist the AML group by interviewing customers to investigate unusual or suspicious activity. Currently, AML departments ask the front-line staff to do this but this is not as effective since front-line staff are not trained to do this and there is an element of personal risk to the staff.
- Have regular meetings between the two groups (at least monthly) to discuss strategies, feedback for improvement and share information about cases.
I have come across several organizations in my past jobs where the fraud department would be seeing many cases of unusual activity but if it was not fraud related then they would just close the case. I would always ask the fraud department how many times would they send an unusual case to the AML group out of all those unusual cases or alerts. The answer was always in the single digits! There is a lot of improvement to be made if we are to work together to detect, deter and disrupt money launderers, terrorists and criminals.
Fraud and money laundering are intricately connected both in terms of criminal activity and regulatory requirements. The key question in assessing money laundering and terrorist financing risks is to ask, where did the money come from? Whereas the key question for assessing fraud or credit risk is to ask, is the money really there? Once we realize this important difference, it is then possible for fraud and AML departments to work together more closely to protect the organization from reputational, regulatory and fraud risks. Money laundering, terrorist financing and fraud are all threats to our organizations that each one of us—regardless of whether we are fraud or AML professionals—needs to become more aware of and work more closely together to defeat.