The speaker for this topic of this was Consulting Director of Friday Concepts Julia Chin, a Senior Compliance and Regulatory Officer with a wealth of knowledge based on her experience working with financial institutions and fintechs. Beginning with some alarming statistics of worldwide scams, she stressed that when it comes to money laundering and financial crime, it has a lot to do with risk management. Whether or not a client is onboarded depends a great deal on the situation and the customer profile. Many factors come together to create the conditions conducive to financial crime.
One of these is scams. Noting the proliferation of scams in recent years, she pointed out that professional scammers now operated globally and were becoming increasingly adept at using social media and AI tools. They were also more entrepreneurial nowadays, to the extent of being able to offer scamming as a service, even marketing it as such, and becoming harder and harder to detect. But scamming is one of many crimes associated with money laundering. Money launderers already have money to be laundered; they have already committed crimes.
The EU Anti-Money Laundering Directive lists 22 predicates – or “crime behind the crime” – which include crimes involving human and drug trafficking, fraud and scams, among others. “Because of the criticality of the situation, we are now looking at the connection between fighting the crime itself and how we can use our knowledge of money laundering and dirty money to stop the crime,” Julia said. “It is not a victimless crime. Many are affected; many situations are traced back to corruption.” Money can also be laundered through investing in goods like wine, luxury goods, and collectors’ items (like luxury watches, jewellery, handbags and other high value goods).
Other common ways to launder money are through cash-rich businesses, charities, art, , purchases of gold and precious metals, insurance policies, casinos and gaming, and new payment methods like cryptocurrency, fintechs and e-wallets. The increase in this type of crime has spurred many to ask how to identify the ‘bad guys’. Many companies have systems that can identify money laundering, but are not foolproof.
Instead, she suggested looking at it from a different perspective, pointing out that what was most difficult was finding ways of placing money or integrating it with the financial system. Companies and individuals who have already been blacklisted may also use legal entities to support their illegal activities, she said, hence the need to identify the ultimate beneficial ownership.”
This was so that we can identify who are behind the organisations or legal entities that had been formed, and screen them to ensure they were ‘clean.’ This was also a global requirement under FATF recommendations, under transparency and beneficial ownership. Companies need to know who their customers are, which makes due diligence and ongoing monitoring an absolute necessity. Additionally, every customer and profile is individual and unique, so identification and verification, although common processes, should not be undertaken lightly.
“Identification is the person saying who they are,” Julia said. “Verification is the part where we use any tool or document to confirm they are who they say they are. The FATF recommends customer due diligence whether it is face to face or non-face to face.” FATF Recommendation 1 states that, “Countries should identify, assess, and understand the money laundering and terrorist financing risks for the country, and should take action, including designating an authority or mechanism to coordinate actions to assess risks, and apply resources, aimed at ensuring the risks are mitigated effectively.”
Designated Non-Bank Business Professionals (DNFBPs) which include lawyers, accountants, real estate agents, company secretaries, casinos, pawn shops, businesses dealing with precious metals, and auction houses selling luxury good such as Christie’s and Sotheby’s, among others, are also expected to have AML/CFT programmes in place.
In a face-to-face system, a person does the checking, ie, matches names to documents etc before sending the application for screening or risk assessment. The customer can then be onboarded. For fintechs, non face to face customer due diligence is more common, where customers submit applications with documentation like passports etc. The system then checks this.
The process is not foolproof. Julia cited the example of a person who was blacklisted in China, and was onboarded with banks using his Cambodian passport.
But this kind of information became evident only after he was charged. The lesson learned here was that when somebody is holding a passport of a country different from the country he was born in, you have to dig a little deeper, and ask more questions, such as whether the documents generated were real or fake. With the wide use of Gen AI, this could be a new problem. “We are not keeping up with modern technology,” she said, adding that deepfakes were compounded by the challenges of old or legacy systems, and outdated customer life cycle management structures.
Julia highlighted the recent changes to FATF Recommendations a risk based approach that took financial inclusion into consideration. FATF Recommendation 1 also explicitly states that where countries identify lower risks, they should allow and encourage simplified measures as appropriate. This is crucial for financial inclusion, as it allows financial institutions to apply less stringent Customer Due Diligence (CDD) measures for low-risk products, services, or customers, which can disproportionately affect the financially excluded.
“In Malaysia and other countries where we have more robust national risk assessment, we are more comfortable conducting due diligence in a simplified manner but all this will have to be based on the risk appetite of an organisation,” she cautioned. “The entire concept of risk management applies within the anti-money laundering space.”
The not-for-profit sector like charitable organisations or foundations are also covered under FATF’s requirements for customer due diligence. Requirements for customer due diligence must take a risk-based approach. She said it was up to the individual entity to decide on their own risk appetite, design their risk assessment methodology, rate their customers, then decide what to do with the high, medium or low risk rating.
On customer risk assessments, we need to first look at the type of clients we have – whether they are corporate, individuals, state or government owned, and where they are listed,” she said.
“If they are publicly listed on the London or Singapore Stock Exchange, where the regulations are more stringent, their risk may be lower subject to other factors being considered.” Explaining that there was a need to establish the source of wealth and funds, she said that when people buy expensive items, there was a need to see where their money was coming from. “Are we able to verify the source of wealth and funds, and whether or not they are regulated? Their regulation status could be their licensing as a fintech or bank, for instance.”
What industry they were in was also relevant; they could be dealing with precious metals or luxury good. Noting that the F&B industry was considered cash-intensive, she said the risks of a cash-intensive industry were generally higher than companies in non-cash intensive industries. “From a credit perspective, the relationship manager may say that the client may not have problems paying back the money or loan because they are cash rich, but from a financial crime perspective, we should be asking where the money is coming from,” she said.
“If they have so much cash, why do they need to borrow from us? These are the questions to ask when you are wearing the financial crime hat.” Whether the company is incorporated in a tax haven for tax planning or evasion must also be taken into consideration. For example, if the company is incorporated in the British Virgin Islands but operating in Cambodia, this could indicate a potentially higher risk. A site visit may be necessary to ascertain exactly what the company’s business is. In Malaysia, companies are screened against the sanction list, UN blacklist and Bank Negara list.
In Singapore, they are screened against the Monetary Authority of Singapore list. Companies dealing with the Euro, Pound Sterling and US Dollar need to comply with the requirements of those issuing countries. Interpol notices should also taken into consideration. She shared that Interpol was now very actively highlighting the work they do with their collaborators globally because authorities worldwide want to dissuade potential perpetrators .
Name screening includes adverse media, which is an interesting topic. She reminded that not all adverse media was considered high risk from a financial crime perspective. They need to be properly assessed.
The news could come from credible sources but it was advisable to find an alternative source of where the information could originate. “If the crime is related to money, then it needs to be assessed from a different perspective,” she said. The source of funds and wealth needs to be assessed because of potential money-laundering; high net-worth individuals could be receiving money from illegal sources even before it enters the system. “ Julia had also particularly called out issues relating to the increase in online sexual exploitation of children and child pornography, which has been linked to money laundering. “As financial institutions, and responsible citizens, we need to be aware of this because when the payments stop, the abuse will stop,” she said. “We need to be able to connect the dots and look at the environment and surrounding situations .”
