Fintech and FincrimeIn Europe

Presented by The Dutch Chapter

Session 6

Introducing the Dutch ChapterMission:

• “To create a holistic and innovative network of professionals for practical knowledge sharing, aiming to prevent Financial Economic Crime.”

Vision:

• “To create a safe environment based on transparency and trust to inspire each other on how to build a data driven and ethical society and prevent Financial Economic Crime.”

Contents

• Tech and fraud (20min)Owen Strijland (Co-Chair of the board)

• Working together in transaction monitoring (20min)Tames Rietdijk (Chapter Membership Director)

• EU regulations; expanding rules, fiscal integrity and the UBO registers (20min)

Lotte van Meerten (Chapter Co-Secretary)

• Q&A

Tech and FraudEase of use, faster transfers and a lot of new technology to… take advantage from

Owen Strijland, Co-Chair CFCS Dutch Chapter, Director Fintech Protiviti

“facilitating” money laundering?

Tech facilitating fraud?

6

We are confronted with fraud

6th most sought after item; iPhone

Newest Open Bank (API); Bunq

Most commonly used chat app; WhatsApp

Biggest “peer to peer” moneytransfer; Tikkie

Largest marketplace in TheNetherlands

How are these new brands used

8

> Hi is your iPhone for sale on Marktplaats?

Yes it is, I ask € 400,- <> Perfect I want to buy it from you

Cool, please use ABNA01NL0358729400 to transfer the money to. Ill send you the iPhone<

> Ok, but I don’t want to transfer to just any account, I send you a request for 1 cent through Tikkie to verify it is your account I transfer my money to. I have been scammed before, sorry it’s not that I don’t trust you.

Ok I understand where should I send the 1 cent to <

> Bunq transfer request for €0,01; http://tikkieb6z_4dTk.online.tvOk I tried but the link did not work <

> Ill send it again, sorry> Bunq transfer request for €0,01; http://tikkiek71w_1T1c6.online.tv

Again something went wrong, I did everything like normal <Hello? … <

There is money taken from my account!!! < Did you do that?!! <

What did just happen

1. The largest “trusted” Dutch platform is used to find a common product

2. Uses an end to end encrypted “trusted” chat service

3. Agrees with the asking price to speed up the process

4. Offers a “trusted” bank app to check for account details of the seller

• Plays the “vulnerable” buyer role

5. Uses an new but “trusted” bank name (when the seller googles the name)

6. Offers a “Tikkie” link with a known (but mimicked) payment process

9

Not long and we will lose oversight

10

this might get us away from

11

And will take us to

12

And we are crossing “borders”

13

2019 implementation of Dutch instant payments

2019 the year we opened up

14

Banks, Techs and Consumers prepare for a new area of financial services… I guess criminals are doing the exact same…

Consumer

Consumerbank

Payment scheme

Onl ine retailerbank

Onl ine retailerPISP Consumer

ConsumerBank 1

ConsumerBank 2

ConsumerBank 3

AISP

15What is so special about UBER?

What do these logos have in common?

Preparations

PSPs must provide ‘statistical data on fraud relating to different means of payment to their competent authorities’ and that the competent authorities (CAs) must, in turn, ‘provide EBA and the ECB with such data in an aggregated form’. (EBA, 2nd half 2019)

Lucky enough we got help!

18

19

The two things we need to fight financial economic crime

Employees doing and sharing what's right

Fast, holistic and reliable data providing us with insight

Breaking down silos in Financial Crime Tames Rietdijk, Chapter Membership Director CFCS Dutch Chapter, CEO BusinessForensics

Silos in Financial Crime investigations

Integrating data sources

Covering all the FinCrime risks

Covering all the steps in the process

Live Q&A

Agenda

Silos in FinCrime investigations

Collecting data about the (new) client

Running checks to verify data and validate risks

Potentially extended when findings appear

Fairly straight through process, endigg with (human) judgement call

Review required periodically or event drivent

Know your Customer / Customer due diligence

Clear distinction between objective & subjective signals & alerts

Less clear distinctions between: true & false positives true & false negatives

Process design and data requirements clear from the start

Segregation of duties: 1st line & 2nd line, ‘four–eyes principle’

Clear reporting requirements to finalize the process

AML/CFT/Sanctions Surveillance

Unpredictable from the start of the investigation

Unclear what to expect and what (re-)sources are needed

Flexibility required due to discoveries throughout the process

Every step in the process requires a (human) judgement call

Staying the course requires neutral & rational ‘critical thinking’

Fraud & forensic investigations

Not looking at multiple data sources simultaneously

Different monitoring tools for different risks

No or little alignment and handover between various lines of defense

Different systems for different steps in the process

No integral, aggregated risk view as a result

Challenges

Integrating data sources

Entities

External: sanction lists, trade registers

Internet sessions, cyber security events

Authorizations, transactions

Internal: customers, accounts

Combining data: a model for all possible sources and structures

Links

Attributes

Facts

Events

Data Information InsightsKnowledge

Who who did it 5Focus on real peopleDesigned for Privacy

What clear description of the event 1Worth impact, cost, damage, value, score 2When date or timeline 3

Where location or trail 4With how did they do it 6

Why specifies the motivation or reason 7

W7 Standard

Monitoring & detection

High volumeHigh performance

Multiple channelsCross channels

Event driven (real-time)Batch analysis

Financial Crime investigationsForensic Case History

Person & Case filesCustomer Due DiligenceData driven analysisWork flow handlingMeasures

W7 Standard

Integrative look at FinCrime risks

BankInsurance

New competition(FinTech, big tech)

New risks, MO’s& scenario’s

Increasing regulatoryscrutiny (ECB, DNB, AP)

New rules & regulations (GDPR, PSD2)

Social & political pressure

New technology (crypto, API’s, apps)

New data & data sources

Current landscape: between a rock and a hard place …

BankInsurance

AML & CFT

Fraud (internal & external)

Cyber security

Adverse media

Sanctions & PEP, Adverse media

Data privacy

Corruption & bribery

Current fincrime risks: banks and insurance firms

ACFCS: provides the breadth that we need

INTEGRATING MULTIPLE FINCRIME INVESTIGATIONS IN A SINGLE ANALYSIS SCREEN

Covering all the steps in the process

Payments, Claims, Log files, Reference data, Context details, etc.

Rules engine, Matching algorithms,

Risk indicatorsChange point detectionAnomaly detection

Alert shaping and scoring

Indicator reportingFingerprintsPeer groups

Forensics and FinancialCrime investigations

Statistics:- Aggregates (RT), - Profiles (N-RT),

W7 Cases

3rd Line of Defense

Reporting on casesMeasures to mitigate risks

2nd Line of Defense

1st Line of Defense

Operations: seamlessly integrating the 3 lines of defense

The Event/Transaction live cycle

Business rules

Entity resolutions

Risk analysis

1To detect existing and known threats & risks

3aTo analyse relations, links, locations, peer groups, correlations 4

Initiate preventive or corrective action to adapt to or mitigate based on risk sorting

Performance standards

3bComparing internal results

with general norms and standards

Behavioural profiling

2aTo detect unknown

threats and risks using available data and logs

Anomaly detection

2bFinding anomalies using big data technology and

ML algorithms

Detection mechanisms: multi-layered, combining result sets

Status

Transitions

Sources

Information

Protocols

Conditions

Dependencie

s

New links

New networks

Combine case

Snapshots

New tasks

New sources

Priorities

Escalations

Interventions

Handing over

Cooperation

2nd Opinions

W7 Standard

Reports & Dashboards

Conclusions

AssessmentsJournals

Team

Owner

CasesInvestigation

EvidenceAttachment

Audit trail

AlertsContext

History

Investigations: combining work-flow with data-driven

Signal Detection Analysis & Investigations

Manual Incidents Forensic History

in signals

Risk Shaper

Consolidating | Enriching | ProfilingLabeling | Distributing

Data Sources Mitigation Measures

Customer Risk

Intelligence

Solution architecture: Holistic integrity risk view combining maturity

Selecting your technology platform

Integration of all Compliance & Integrity Risks

Cove

rin

g co

mpl

ete

Fore

nsic

Pro

cess

100%0%

Sin

gle

p

illa

r

Fu

llp

roc

ess

Competitive landscape

Live Q&A

EU AML regulationsExpanding rules, fiscal integrity and the UBO registers

Lotte van Meerten, Co-Secretary CFCS Dutch Chapter, Compliance Officer Van Lanschot Kempen

EU Anti-Money Laundering Directive

For who?For who does it apply?

Main objectives AMLD

Preventing and combating money laundering and terrorist financing to safeguard the integrity of the financial markets.

AMLD in practice

And what about the UBOs?

• All companies and other legal entities are obliged to report theirUBOs to the UBO register in the EU country where the company or entity is registered.

• The definition of a UBO that needs to be reported is: every natural person who ultimately owns or controls a company or other legal entity.

• The financial institutions are obliged to report discrepancies to the organization responsible for the UBO register in their country.

• Every EU country has own UBO register with its own specifications, ultimately these registers will be linked.

Who is the UBO?And who needs to be registered?

For BV1?

For BV2?

Y indirectly owns 60% andneeds to be registered for BV2

Q is the pseudo-UBO, no needto register.

*No voting rights

*

Source:https://blog.allenovery.com/aoblog/attachment_dw.action?attkey=FRbANEucS95NMLRN47z%2BeeOgEFCt8EGQJsWJiCH2WAUuQVQjpl3o%2BUPiV7f4S9oR&nav=FRbANEucS95NMLRN47z%2BeeOgEFCt8EGQbuwypnpZjc4%3D&attdocparam=pB7HEsg%2FZ312Bk8OIuOIH1c%2BY4beLEAeEwJk5wUc8O4%3D&fromContentView=1

Tax integrity risks?

• ‘Tax crimes’ relating to direct and indirect taxes are included in the broad definition of ‘criminal’ activity in AMLD.

Source:https://www.toezicht.dnb.nl/en/binaries/51-237752.pdf

Tips from the board

Documentary Book Netflix

Questions?

THANK YOU!