News

Austin Reporter’s Notebook

Colby Adams
Managing Editor
Kieran Beer
Editor-in-Chief, Director of Editorial Content

Romance fraud, rapid growth and novel ways of transferring value from point A to B topped the agenda at the latest ACAMS-hosted annual conference in Austin, Texas, which kicked off Monday with a panel of U.S. regulators waxing cautionary on bank-fintech relationships.

“A common pitfall we’re seeing is banks assessing the same risk to all their fintech relationships without looking carefully at the products and services offered,” Koko Ives, manager of Bank Secrecy Act/anti-money laundering policy at the Federal Reserve Board, told attendees of the opening panel of The Assembly Fintech & Crypto.

The threat of illicit finance that fintechs present to banks that partner with them varies from platform to platform, and depends on their unique models of business, the types of clients they serve and their commitment towards BSA and AML compliance, said Ives.

The panel warned financial institutions that banks that outsource their AML-related responsibilities to their direct clients—in this case, fintechs—skate on thin ice.

Banks, for example, must collect full Social Security numbers from their U.S. customers prior to opening accounts for them, but federal regulators have run across numerous instances in which fintechs only collect the last four digits before obtaining the remaining five digits from a third party.

“For banks, they have to think of this relationship as an extension of themselves,” said Michael Benardo, associate director of AML and cyber-fraud at the Federal Deposit Insurance Corp. “One area where we’ve definitely seen some problems is CIP [customer identification program].

Jim Gentile, an investigative specialist at Treasury’s Financial Crimes Enforcement Network, discussed his bureau’s concerns over the security of BSA-related data held on private servers.

“Anywhere in this ecosystem where you have a financial institution going into BaaS [banking as a service], we want to make sure that any information … considered BSA data—namely, suspicious activity reports—are secure,” Gentile told attendees. “We wouldn’t those to be in any sort of system or database that wouldn’t be up to normally accepted standards.”

In Monday’s second panel, Melissa Strait, chief compliance officer at Coinbase joined other senior anti-financial crime personnel to discuss the use of ChatGPT and other artificial intelligence-enabled tools for AML purposes.

“I’m bullish on the power of this technology to identify bad actors,” Strait said, noting that financial institutions currently spend tens of millions of dollars to catch only a fraction of the estimated hundreds of billions of dollars in illicit funds that circulate the globe annually. “I think AI has the potential to be quite revolutionary.”

Banks and other financial services companies have reached a “tipping point” towards broader adoption of AI in the AML context, said Carrie Gilson, director of financial intelligence and analytics at U.S. Bank.

“I think we all need to lean in, I don’t think any of this technology is going away,” said Gilson. “We can’t bring a knife to a gunfight—we can’t maintain the existing practices and monitoring techniques and hope to keep up with this very sophisticated evolution of financial crime.”

The first day of the conference ended with Cesare Fracassi, director of the Blockhain Initiative at the University of Texas, unveiling research showing that consumers in countries deemed compliant with global AML standards for virtual asset service providers tend to download “self-hosted wallet” applications more than cryptocurrency exchange applications.

The converse holds true for cryptocurrency users in countries with subpar AML requirements for VASPs, said Fracassi.

The second day began with Christina Rea, former interim head of compliance at Binance.US, the Delaware-incorporated, Florida-headquartered branch of Binance, describing the challenges she encountered internally in trying to steer the platform towards compliance with U.S. sanctions and rules against illicit finance after she accepted the position in October 2021.

“Transaction monitoring—that team was about to break—there was just not enough resources to monitor all the transactions going through,” said Rea, who resigned from Binance.US in the early months of 2022. “For the CEO, compliance mean[t] onboarding … [and] get[ting] more people through the pipeline, faster.”

Binance Holdings Ltd., the Maltese entity at the top of the global Binance network, drew $4.3 billion in U.S. fines and forfeitures last year for violating the BSA from August 2017 to October 2022 and transmitting funds without a license.

Cross-border “pig-butchering” schemes against U.S. citizens was the topic of discussion for Erin West, a deputy district attorney for Santa Clara County, California, and Joby Carpenter, global subject matter expert for crypto-assets and illicit finance at ACAMS.

Perpetrators of pig-butchering schemes often work under threat of violence at massive fraud factories in Laos, Cambodia and Myanmar, sometimes with the knowledge and complicity of government officials, West said. But global organizations have been slow to respond to what she described as a new twist on the classic romance-fraud scam.

“FATF [the Financial Action Task Force] is a frustrating example, because they just took Cambodia off the gray list [in February 2023], which doesn’t make much sense,” West said.

Dana Lawrence, senior director of fintech compliance at Pacific West Bank, moderated a “lightning round” discussion between Robin Garrison, a senior compliance officer at FirstBank, and Jas Randhawa, chief executive of StrategyBRIX, on BaaS, which involves banks partnering with fintechs to reach new bases of customers and new streams of revenue.

“Banking as a service is not new,” Garrison said. “What’s really changed is the technology—COVID accelerated a lot of technological development with fintechs and access to financial services for the underbanked.”

Recent AML-related enforcement actions against U.S. banks that partnered with fintechs specializing in BaaS covered “very basic” violations and shortcomings, Randhawa said, adding that banks previously exposed themselves to a comparable level of risk from their correspondent and nested relationships.

“It’s not very different,” Randhawa said. “If you’re a sponsoring bank that serves a fintech platform which has customers who then have customers, then sometimes no one really knows who it is at the end [of a transaction], and you need to get better eyes on that.”

Adam Drucker, senior director of global investigations at PayPal, closed the conference by throwing water on claims that terrorist financing has migrated en masse to cryptocurrency.

“Terrorists will use what’s available, what’s familiar, what works,” Drucker said, noting that Al-Qassam Brigades, the military wing of Hamas, reportedly told supporters to stop sending funds in cryptocurrency. “They don’t need to use crypto when their current mechanisms work so well and are so available.”

The traceability of the majority of cryptocurrencies makes them a nonstarter for most terrorist groups, said Edmund Fitton Brown, a senior adviser at the Counter Extremism Project.

“If everything depends on suitcases full of cash in the aid sector then you have a nightmare of compliance and accountability, and that’s why terrorists often do default back to their old-fashioned methods,” said Fitton Brown. “That being said, they will always experiment.”

And that’s a wrap.

Contact Colby Adams cadams@acams.org and Kieran Beer at kbeer@acams.org

Topics : Anti-money laundering , Fintech , Sanctions , Fraud , Counterterrorist Financing
Source: U.S.: FDIC , U.S.: Federal Reserve Board , U.S.: OCC , U.S.: FinCEN
Document Date: June 14, 2024