We hosted our quarter three seminar at the Chartered Accountants' Hall at One Moorgate Place in London, focusing on the prevention of financial crime.
Our seminar saw over 300 compliance professionals gather in person and virtually to listen to engaging talks by industry leaders. Attendees also had the opportunity to participate in interactive polls, network with their peers and learn from insightful Q&A sessions. CISI endorsed this event for 4 hours' worth of structured CPD points.
We were joined by experts in anti-money laundering, sanctions compliance, cybersecurity and fraud prevention. Our panellists included speakers from CIFAS, UK Finance and HM Revenue and Customs, who shared insights throughout the afternoon on creating a culture of financial crime prevention.
The system of financial crime and fraud involves a wide range of actors, and as risk controls become more stringent, customer engagement becomes increasingly difficult. As financial crime has evolved into an industry of its own, there are many levels of concern.
One key reason 1.1 million people remain unbanked is concerns over financial crime risks. We've outlined some of the discussion points and takeaways from the afternoon.
After a networking lunch, the seminar began by delving into our first session on exploring challenges and developments in one of the biggest financial crime topics: anti-money laundering (AML).
Paul Coady, Founder & MD, ComplianceLnD
Ian Mynot, Director, Advanced Financial Crime
Neil Giles, Co-founder, Traffik Analysis Hub Stop the Traffik
Dr Liliya Gelemerova, Head of UK Financial Security, Credit Agricole CIB
Our AML panel discussion was moderated by ComplianceLnD founder and MD, Paul Coady. This session focused on the key challenges and opportunities in managing AML risk and the role of Suspicious Activity Reports (SARs) in law enforcement.
The discussion outlined the current AML landscape and how technology and collaboration can address emerging risks. It also offered practical guidance strategies for MLROs and practitioners to navigate the challenges, adapt to new technologies, and strengthen collaboration efforts.
Challenges in AML can arise from a number of factors. These challenges vary depending on business size and context, such as Retail versus Corporate & Investment Banking, and often stem from the volume and quality of information. Retail space might see more red flags than corporate and investment banking.
A lack of effective intelligence sharing, both within organisations and across the industry, compounds these issues, especially in cross-border cases.
Additional challenges include ensuring explainability and auditability when deciding whether to file a SAR, building a rationale, and managing governance and decision-making post-filing. The FinCEN leaks highlighted the sensitivity of these processes.
It is essential to ensure you ask the right question when you are gathering facts otherwise the exercise becomes meaningless. Apart from establishing solid GDPR frameworks (incorporating tactical and strategic intelligence, NGO roles, and economic crime legislation)and defining clear roles and responsibilities, it is important to:
Recent developments in the UK, such as the Economic Crime Corporate Transparency Act 2023 and the NCA/bank information sharing pilot, have improved the quality and relevance of SARs submitted by firms, aligning them better with law enforcement priorities.
Compared to the new EU law under section 75 of the AMLR, the UK's position is more favorable. Despite this, firms must still report all suspicious activities, contributing to the high volume of SARs that FIUs struggle to manage. The sheer volume of money laundering cases and SARs is staggering with the latest figures showing 860k SARs recorded in 2022/23.
Establishing effective prioritisation systems is crucial, and AI could play a significant role in identifying emerging risks and improving efficiency. As AI becomes more integrated into firms, it has the potential to enhance risk identification and free up resources for more productive activities, though the broad reporting requirement will persist.
Many professionals in AML and compliance teams across the industry are committed to meaningful work and take pride in their role, especially when closely collaborating with organisations like Stop The Traffik (STT). However, some believe that suggesting collaboration with external organisations could harm their career prospects, as senior leadership often hesitates to engage.
The industry can sometimes resemble a chaotic football game, with everyone focused on regulatory directives while missing broader opportunities. Engaging in meaningful dialogue with organisations could improve staff morale and regulatory outcomes.
Additionally, as crypto introduces both new and old crimes in innovative ways, blockchain's transparency offers advanced tools for mitigating risks, especially when dealing with Virtual Asset Service Providers (VASPs).
Understanding how VASPs are regulated and their risk levels, as well as leveraging blockchain analytics, can help firms manage these risks effectively. For customers interacting with VASPs, cooperative approaches can enhance visibility into their activities, providing further risk mitigation.
A good example of collaboration is the Harcourt Programme in Ireland which involves Non-governmental organisations (NGOs) and various stakeholders. This is aimed at combating human trafficking through financial intelligence. Its journey has involved active engagement from NGOs, adding valuable perspectives to the fight. Ireland are generating law enforcement reporting that is immediate.
The programme plans to launch an intelligence-led communications campaign targeting at-risk communities, raise awareness across Irish financial institutions, and collect survivor narratives to identify unique red flags.
Additionally, it focuses on active operational intelligence sharing with the FIU and law enforcement, reducing traffickers' confidence in exploiting financial systems and measuring the programme’s impact over time.
Ruby Hamid, Co-head, Ashurst Corporate Crime Investigations
Ian Bolton, Founder & CEO, Sanctions SOS
Anna Bradshaw, Partner, Peters & Peters LLP
Kevin Newe, Illicit Finance Threat Lead, HM Revenue & Customs
Our next session unpacked the complexities of sanctions and financial crime. This discussion was moderated by Ruby Hamid, head of Ashurst Law Corporate Crime Investigations, and focused on the challenges of navigating sanctions compliance and financial crime risk.
One of the main challenges with sanctions compliance is the cost. The UK is spending the equivalent of Estonia's GDP on fighting financial crime. We need to be pragmatic in establishing and implementing compliance programmes.
Overcoming the artificial separation of sanctions from AML requires a more holistic approach that integrates both areas within a unified financial crime framework. Sanctions and money laundering are closely interconnected, as sanctions evasion often involves money laundering tactics.
However, the challenge lies in addressing the complexities of this interface, as it can be difficult to separate the two effectively. A comprehensive approach would involve aligning compliance strategies, intelligence sharing, and investigative efforts to tackle both sanctions violations and money laundering in a cohesive manner.
Office of Foreign Assets Control (OFAC) has highlighted the fact that Russia is reallocating its resources to support military activities in Ukraine. There is no clear separation between organised crime groups and the Russian state, which is considered hostile. This presents a complex challenge, particularly in law enforcement, due to its multifaceted nature.
Additionally, there is an element of sanctions fatigue. The UK is leveraging its full intelligence capabilities, but sanctions enforcement remains difficult, especially since certain areas are not fully covered by traditional legal frameworks, leaving gaps that cannot be addressed through conventional legal means.
Sanctions are typically viewed as temporary interventions, often imposed as emergency responses during times of conflict or crisis. Initially designed as short-term measures to exert pressure on targeted entities or governments, they aim to prompt behavioral changes or address urgent threats.
However, the duration of sanctions can vary significantly, sometimes extending well beyond their original intent, raising questions about how long they should remain in place and whether their objectives are still relevant or achievable over time.
Sanctions breaches are often the result of the evolving nature of sanctions, making it challenging to develop tools that match the scale of the problem, especially from a compliance perspective. There are two key difficulties:
These challenges are unique to sanctions enforcement and do not exist in other areas of financial crime. Circumvention hubs are a particular concern, and investigations, whether civil or criminal, tend to be slow and expensive. Secondary sanctions, where individuals or entities are added to a list based on suspicion, add another layer of complexity, especially as the EU’s approach to applying these rules remains unclear.
Sanctions breaches and circumvention tactics are not new phenomena, having existed since the Cold War. While some level of sanctions compliance is already in place through established governance systems, enforcing trade-based sanctions remains difficult, particularly when monitoring the flow of dual-use goods to sensitive regions.
Compliance professionals play a critical role in identifying keywords and jurisdictions to track these transactions. However, as enforcement efforts increase, it is crucial to target the non-regulated sectors as well.
Enablers can become involved in various ways, but circumventing sanctions before they are adopted is not possible. Individuals may be added to a sanctions list for a wide range of reasons, including suspicion of circumvention or providing financial services to someone suspected of such activities.
We asked the audience what they could see the biggest sanctions-related risk in the future. The word cloud below reflects some of the strong thoughts around specific sanctions compliance risks and how compliance professionals see risks evolving in the future.
Looking ahead, the focus will shift toward leveraging data and transparency to enhance sanctions enforcement. This will involve more targeted approaches, especially in sectors that have previously been less regulated, relying on improved governance and compliance structures to address the complex and evolving nature of sanctions.
Katharine Leaman, CEO, Leaman Crellin
Mark Courtney, Chief Product Officer, CIFAS
Paul Maskall, Strategic Fraud Prevention & Behavioural Lead, UK Finance
Kevin Fielder, Chief Information Security Officer, Natwst Boxed
Our third session saw Leaman Crellin's CEO, Katharine Leaman, lead the discussion on a few key areas of fraud and cybercrime.
Although fraud accounts for 40% of all crime, it only receives 2% of law enforcement's attention. It is an exceptionally easy crime to commit, and economic pressures are pushing more people toward it. Fraud has evolved into a professionalised industry, with distinct roles and functions, much like any other service sector.
A frequently cited statistic reveals that 40% of all crime in the UK is attributed to fraud. Several key factors contribute to this including fragmented and siloed working practices which often impede effective communication and collaboration. This leads to missed opportunities for detecting and addressing fraud.
Additionally, there is often a lack of comprehensive reporting on fraud cases, which further complicates the understanding of its true extent. Risk perception varies widely, influencing how fraud is reported and managed across different sectors.
Collectively, these issues contribute to the significant prevalence of fraud in crime statistics, highlighting the need for improved coordination, better-reporting mechanisms, and a more unified approach to tackling financial crime.
Online fraud has risen by 15%, with a notable increase in identity fraud and misuse of facilities (using them for unintended purposes). Phishing remains a major threat, now more sophisticated than ever. AI has played a useful role in addressing these challenges. Additionally, the growing use of remote technology, which grants access to bank accounts, has contributed significantly to the problem.
Information security is widespread in part because it is often perceived as victimless. In most cases of fraud, victims can recover their money, which blurs the line between security and financial crime. Social engineering techniques exploit human nature, with scams typically relying on fear, offers that seem too good to be true, or appeals for help.
Authorised Push Payment (APP) fraud is particularly hard to detect, emphasising the need for better public education. The internet’s underlying systems also offer limited protection, highlighting the need for improvements. When assessing risk, people tend to rely on how easily information comes to mind and the emotions associated with it, making risk perception highly subjective.
In banking, deepfake fraud is emerging, though it hasn’t been highly successful yet, as criminals often leave behind metadata. The challenge lies in how we authenticate identities without relying solely on humans, especially since AI can be effective when it plays on emotions.
The difficulty of APP fraud and reimbursement arises from the manipulation involved—victims often don’t realise they’re being deceived. The difference between fraud and marketing largely comes down to intent, as both use tactics like scarcity, emotive language, and urgency. While fraud can be devastating, reimbursement focuses on restoring financial losses, but it doesn’t necessarily address the emotional or psychological impact on victims.
David Kenmir, Advisory Board Chair, Skillcast
Catriona Razic, CRO, Skillcast
Jourdain Tambo, VP, Risk & Compliance, Curve
Jonathan Chibafa, Partner, CCO, Keystone Law & Cavotec
Our final session, moderated by David Kenir, explored the topic of fostering a culture of compliance and ethical conduct in the workplace. Having a culture of compliance and awareness underpins financial crime prevention.
To embed cultural values into the processes we use to achieve desired customer outcomes while managing risks, we must first focus on awareness. Compliance should not be pursued merely for the sake of following regulations, but to protect society, which often suffers as the unseen victim of financial crime.
Our role as compliance professionals is to satisfy regulators and actively combat these crimes. To enhance this, we can offer bite-sized, audience-specific training modules that explain the purpose behind compliance.
Additionally, there is a strong link between customer experience and how technology is programmed, making it crucial to design systems that prevent financial crime without causing unfair outcomes for clients. This challenge was highlighted in the FCA's letter to EMIs, where temporary blocks and freezes on accounts often lead to negative consequences for consumers. Striking a balance between crime prevention and fairness requires a holistic view of the customer’s position, with real examples shared to illustrate best practices.
To effectively address financial crime, organisations must go beyond regulatory requirements by adopting a consumer-centric approach. This means genuinely understanding customers to make reasonable judgments on their behalf, as highlighted by the FCA’s investigation into private account access following the Nigel Farage incident.
Both direct and indirect strategies are key: employees should be incentivised to prioritise customer needs, and organisations must project this customer-focused ethos outward. Embracing initiatives, like Arsenal’s use of inclusive team kits, offers an opportunity to make customers feel connected to the brand. However, caution must be taken to avoid superficial "greenwashing" or "social washing" – the efforts must be authentic.
Metrics can be used to assess company culture and risk, such as through a Risk Reporting Committee and Key Risk Indicators (KRIs). We can categorise customers into two busckets - internal customers (staff) and retail. It is important to foster a speak-up culture
Employee satisfaction, which can be tracked through platforms like Glassdoor, is a strong indicator of cultural health, as people shape the culture. Training completion rates and policy attestations also reveal engagement with rules and regulations.
An engagement index, like PwC’s survey, can provide insights into non-financial data, which should be audited for accuracy. Surveys show that managers’ perceptions may differ from frontline staff regarding risks. Departmental stress levels, confidence in leadership, and employees' connection to the company’s purpose are all key indicators of a healthy culture. Focus groups, such as those in a skilled person review, can bring hidden issues to light by providing anonymous feedback without management influence.
To achieve consumer-focused outcomes, departments should integrate compliance with product, brand, and marketing by bringing regulations to life. This involves moving from a rules-based approach to one focused on outcomes, such as those under the Consumer Duty.
Small focus groups with product and marketing teams can help capture the essence of this duty, encouraging them to think of customers as they would their own family, ensuring fairness and transparency. This mindset influences product design, features, and overall customer experience.
Breakout sessions can present Consumer Duty in ways that are relevant to each department, fostering genuine intent to deliver positive outcomes for customers and aligning with the FCA's goals for all businesses.
We asked the audience what they thought the biggest challenge is in embedding cultural values. The result can be found below - the majority find that the lack of engagement from employees is the biggest struggle.
To foster innovation and learning, it's essential to engage people by helping them understand real risks, rather than relying on a "rinse and repeat" approach to training.
In terms of culture, the compliance department has shifted from a rules-based function to acting as a business partner. Training is now tailored by breaking content into smaller, role-specific pieces that reflect both the individual's responsibilities and their associated risk level.
Those in the financial crime industry have innovated, so it is important to have training that is equally innovative. Skillcast has an innovation package that takes staff training to the next level and creates a culture of awareness.
Identifying strengths and weaknesses allows us to automatically assign only the necessary learning throughout the year.
This integrates seamlessly into your digital environment, making educational content accessible within the tools and platforms you already use. All learning activities and progress are tracked and recorded in the Learning Management System (LMS), ensuring that engagement and achievements are monitored effectively.
This involves receiving regular, targeted questions on various topics delivered directly to your inbox. This approach aims to gently prompt and reinforce learning by integrating brief, relevant queries into an individual's routine.
This involves starting any Off-The-Shelf (OTS) course with a pre-course quiz, utilising a ready-to-use question bank. This approach streamlines the learning process by assessing prior knowledge and ensuring participants are prepared for the course content.
SkillcastConnect community brings together compliance professionals for unique group networking free of vendors. Join today for priority access to unique insights from best-selling authors, leading academics, training gurus and industry insiders in a friendly, supportive environment.
If you are interested in joining our community, you can find out more on our dedicated SkillcastConnect page.