Recent reports inform business wide financial crime risk assessments
In reviewing a number of recent reports we are reminded of the statement from the US Department of Justice:
There is “nothing more important that companies can do” than conduct regular risk assessments – U.S DOJ reiterated the importance of such assessments to “be done regularly” because compliance should constantly be evolving in line with the new risks especially in current volatile times.
Following that advice we have identified the key threats and changes that we feel are important to consider from recent updates provided by the UK National Crime Agency, Europe, UK HM Treasury and the UK Gambling Commission. In those threat assessments we have focused on the areas of Fraud and Money Laundering. Key points to consider:
Cost of Living Pressures
Continued cost of living pressures has led to increases in fraud against businesses by individual customers. This includes first party fraud including return and refund frauds. Criminals now offer ‘refunds as a service’, where consumers hire them to claim fraudulent refunds on their behalf in exchange for a share of the returns.
The cost of living crisis will also have increased potential motivation for disgruntled employees and suppliers to commit fraud or collude in bribery offences. This is particularly relevant when organisations are considering their fraud risk assessments in preparation for the upcoming corporate offence of ‘failure to prevent fraud’ under the Economic Crime and Corporate Transparency Act 2023 (ECCTA).
Generative AI
Criminals continue to adopt generative artificial intelligence to enhance the sophistication of fraud attacks against individuals and businesses. Criminals are currently exploiting the increase in readily available software and apps to enhance existing threats rather than create entirely new ones. For example we now see the use of deepfake videos and voice cloning in what have previously been termed ‘CEO frauds‘ against large businesses. In one example generative artificial intelligence was used to create deepfake recreations of company employees at a virtual meeting to trick a finance worker to transfer £20 million into a criminally-controlled account. It is important to consider these use cases in reconsidering your risk assessment either by including this specific threat if you haven’t already done so or by adjusting likelihood scores based on likely increased prevelence or inadequacy of existing controls.
Use of UK Corporate Structures
UK corporate structures continue to enable money laundering due to vulnerabilities in their creation and oversight. Potential indicators of money laundering via corporate structure misuse include multiple companies being registered at the same residential address and the creation of large numbers of dormant companies. We would suggest that due diligence procedures and risk assessments are updated to reflect these risks.
Trade Based Money Laundering
Research by Europol found that 86% of the European Union’s most threatening criminal networks exploit legal business structures to disguise their activities, facilitate money laundering, and expand their operations while evading law enforcement. Most risk assessments we review consider the risks from cash intensive businesses, such as car washes, nail bars, and barber shops, we find that few consider the risks from businesses that may have had recent capital investment or loans from private investors, and also those that could legitimately trade across multiple jurisdictions. We would suggest that due diligence procedures and risk assessments are updated to reflect these risks.
Cryptocurrencies
There is wide use of cryptocurrencies to launder money. The most commonly seen cryptocurrencies in laundering are Bitcoin and Tether. Privacy coins such as Monero are being used in money laundering, but to a lesser degree.
Bonds and Stocks
Money laundering through the capital markets, such as buying and selling of bonds, currencies, stocks, and other financial assets continues to evolve. The can also be linked to the most serious market abuse harm from insider trading. Organised crime groups are recruiting information sources employed across the financial services sector. This has impacts for your insider trading and internal fraud threats.
Informal Value Transfer Systems
International criminal controller networks work together using informal value transfer systems. This enables the movement of in the value of funds across borders without the movement of money. This could manifest itself in transactions which on the surface appear to make no economic sense. A variation on this is where goods which are hard to value (e.g. arts and antiques) are transferred between groups at over or under value.
Sanctions Evasion
Some individuals designated under UK Russian sanctions have now developed methods to circumvent sanctions. As well as the usual use of family members and close associates to ‘front’ companies, they are also using countries that have not adopted sanctions against Russia (including China, India, Iran, the United Arab Emirates, Israel and Saudi Arabia Turkey and Serbia). Due diligence processes and jurisdictional risk assessments should be updated accordingly.
FCA Supervision
Based on risk assessments of its sectors, the FCA’s view is that, in the reporting year 2023-24, retail banking, e-money, wholesale banking, wealth management and cryptoasset firms remained particularly vulnerable to financial crime and posed the greatest risk of being exploited for money laundering.
Gambling Sector
Stolen or fraudulent identification documents are being exploited for use in online gambling accounts, enabling criminals to spend their proceeds of crime through gambling. Also use of deep fake videos and face swaps to by-pass due diligence checks. Operators must consider all information they hold on a customer and, where documents are received from a customer, must ensure that these documents are appropriately scrutinised. Operators need to ensure their staff are appropriately trained to assess customer documentation, including how to identify false and AI generated documents.
Casinos that offer ‘Money Service Business’ (MSB) facilities must include an assessment of the money laundering and terrorist financing risks associated with the MSB activity offered as part of their business wide risk assessments. Operators offering MSB facilities must also review and consider HMRC’s guidance for MSBs
Where foreign currency exchange services are offered, operators must have appropriate controls to address the risks associated with large denomination notes.
Common Areas of Failing for all Supervised Firms
- Inadequate documented policies, controls and procedures – often linked to lack of knowledge of regulations and/or use of template policies and risk assessments not tailored to the individual firm.
- Inadequate CDD procedures including in cases requiring enhanced customer due diligence and no ongoing CDD monitoring
- Inadequate record-keeping – particularly for electronic checks
- Inadequate client risk assessment
- No or inadequate firm-wide risk assessment
- No periodic review of compliance with MLRs or quality assurance.
- Inadequate training.
To receive articles such as this direct to your inbox you can sign-up for our regular newsletter
Helpful links to the specific reports we have utilised in the above assessment.
NCA- national strategic threat assessment
Europol – serious organised crime threat assessment
HM Treasury supervision report
UK Gambling Commission – Emerging money laundering and terrorist financing risks from April 2025
Leave a Reply
You must be logged in to post a comment.