The risk and compliance space has been inundated with changing landscapes during the first six months of this new decade. Here in The Bahamas, many risk and compliance professionals will have thought that the 2018-2019 regulatory overhaul was a daunting task, only then to be hit by the European Union's (EU) tax-related initiatives and COVID-19. Amid these events the harsh reality hit - the anti-money laundering (AML) struggle will continue.
I warned on 6 April that: "The COVID-19 pandemic will most definitely energise criminals to exploit known or inadvertent weaknesses within our (laws, guidance and private practice) anti-money laundering/counter-financing of terrorism (AML/CFT) systems.
"Compliance and AML/CFT professionals will now transform from being the generally accepted 'legal necessity' to an 'essential and vital' component to ensuring an institution's reputational and financial risks are mitigated during these uncharted times within business."
Now fast forward to June 2020 newspaper headlines that read Registrar General Department's system hacked, New hacks expose Registrar General and Some Commonwealth Bank clients hit by phishing scheme. These are all indications that fraud and cybercrimes is on the rise in The Bahamas.
Elsewhere, CNN reported recently: "Ramon Olorunwa Abbas appeared in a federal court in Chicago on Friday. He is accused of conspiring to launder hundreds of millions of dollars through cybercrime schemes." If this name does not ring a bell, let us try his acclaimed Instagram alias, "Ray Hushpuppi". "Prosecutors allege Abbas is one of the leaders of a global network who use computer intrusions, business e-mail compromise (BEC) schemes and money laundering capers to steal hundreds of millions of dollars," CNN added.
I submit that if fraud and cyber crime is on the rise, then money laundering - although not always detected - is also increasing. I wish to reemphasise that companies must assess, adapt and act thus:
Assess which aspects of their anti-money laundering and cyber crime regimes are working, and which need to be tweaked.
Adapt to models that better service their business while simultaneously educating internal and external stakeholders.
Act decisively while always considering and balancing their employees' well-being with operational realities.
If your anti-money laundering and counter-fraud regime are separate, I would suggest a blended approach. If you are reading this and realise that you may not have a fraud regime, the time is now to create and incorporate a robust framework that is not in a separate silo from your anti-money laundering framework.
Although there is no standard approach to fighting these twin crimes, here are two areas to consider in your efforts to prevent and reduce their impacts.
Balancing People and Technology
Anti-money laundering professionals must be both subject matter experts in traditional money laundering typologies and red flags, while having practical knowledge and tools to identify and mitigate cyber crime and fraud impacts. They must understand the flow of money laundering and be equally familiar with fraud typologies, ransomware, botnet and other techniques and software to prevent their intrusion.
Risk Framework Design
Kevin W Toth, the author of The Convergence of Cyber, Fraud and AML', said: "Understanding the convergence of cyber, fraud and AML is of utmost importance in today's compliance and regulatory landscape." I often note that everything in life is a science. Risk management is a science as it is a structured approach designed to identify potential threats to a company, deploy mitigating controls and encompass monitoring tools to evaluate the strategy. With the growing cost associated with compliance, risk, fraud and business continuity, it is vital that the risk management framework is structured yet agile.
In conclusion, there are multiple crimes known to increase during and after a crisis. The key is for institutions not to consider fraud and money laundering independently. Instead, converge the approach to fighting these twin crime towers.
NB: Derek Smith Jr is a compliance officer at a leading law firm in The Bahamas, and a former assistant vice-president, compliance and money laundering reporting officer (MLRO), at local private bank. His professional career started at a 'Big Four' accounting firm and has spanned over 15 years, including business risk management, compliance, internal audit, external audit and other accounting services. He is also a CAMS member of the Association of Certified Anti-Money Laundering Specialists (ACAMS).