BID® Daily Newsletter
May 19, 2022

BID® Daily Newsletter

May 19, 2022

Reminders to Strengthen AML and OFAC Practices

Summary: Anti-money laundering practices have been under more scrutiny as the pandemic ushered in more digital payments and cryptocurrency activity. Now, with the invasion of Ukraine, anti-money laundering measures and OFAC compliance tops regulators’ lists. Here are important risks to look out for and reminders on how to continue strengthening your practices to mitigate these risks.

If real life were like popular television shows, counterfeiting and money laundering would be simple activities. Take for instance “Good Girls,” where a trio of girlfriends becomes master counterfeiters by convincing an artist to make them a replica of US bills. They print it on special paper, using a combination of chemicals to resemble legitimate currency, before running it through large dryers to achieve a more weathered look. Or “Ozark,” where a family launders massive quantities of drug money, on behalf of a cartel through tactics, such as hiring people to continuously lose money by gambling.
Fortunately, for the banking industry, money laundering isn’t as easy as popular Netflix series make it seem. Still, as cryptocurrencies and electronic transfers of money have become commonplace, financial institutions (FIs) are having to approach anti-money laundering in entirely new ways to adhere to ever-changing rules and regulations. To assist FIs with their efforts on this front, the US Department of the Treasury recently released national risk assessments for money laundering, proliferation financing, and terrorist financing, all of which highlight the biggest risks and threats the US currently faces, regarding criminal financial activities. With this new regulatory assessment, FIs should take a fresh look at their anti-money laundering (AML) practices and procedures.
The pandemic and Ukrainian war have heightened the focus on regulatory AML and OFAC

Money laundering and criminal financial activities are nothing new, but activity has increased dramatically over the past 2Ys since the onset of the pandemic. According to Dynamics Securities Analytics, “’Transactions Below CTR Threshold’ was the leading suspicious activity category,” in 2020 with 318,867 SARs filed. This category showed an increase of 44% from 2019. According to FinCEN, the total number of SARs filed by Depository Institutions hit close to 2.5MM in 2020, vs. 1.66MM in 2014.
Furthermore, with digital payments and online money management becoming more mainstream, cybercriminals were quick to take advantage of the shift by stepping up their activities, particularly ransomware attacks. Since COVID, malevolent emails have risen by 600% and more than 60% of companies experienced a ransomware attack in 2021. A report by Microsoft found that Russian nation-state hackers launched over 237 cyberattacks directed at Ukrainian businesses and government agencies weeks before the invasion and that they continue. While these efforts seem focused on Ukraine, there could very well be spill-over effects for those partnered with Ukrainian entities.
2022 National Risk Assessments

To help FIs, the US Department of Treasury issued its 2022 National Risk Assessments (NRAs) on Money Laundering (NMLRA), Terrorist Financing (NTFRA), and Proliferation Financing (NPFRA) in March. These risk assessments highlight the most significant illicit finance threats, vulnerabilities, and risks facing the US. The US is vulnerable to all three forms of illicit finance because of the size and sophistication of the US financial system, as well as the high US dollar significance in the global trade payment infrastructure. 
These assessments take into account changes to the illicit finance-risk environment resulting from:
  • The COVID pandemic
  • Ransomware
  • Domestic violent extremism
  • Corruption
  • The increased digitization of payments and financial services
  • The enactment of significant new requirements to the US anti-money laundering/countering the financing of terrorism (AML/CFT) framework 
These NRAs are an important resource for the public and private sectors to understand the current illicit finance environment and inform their own risk mitigation strategies.
The National Risk Assessments underscore the U.S. government’s commitment to protecting our economy and financial system from exploitation by a variety of criminal actors and national security threats,” said Brian E. Nelson, Under Secretary for Terrorism and Financial Intelligence.
The biggest risks

Each of the NRAs identified the biggest areas of risk and weaknesses that FIs should be aware of regarding money laundering. Here is a summary of each.
According to the National Money Laundering Risk Assessment, fraud, cybercrime, drug trafficking, smuggling, human trafficking, and corruption are the sources of the greatest amount of money laundering and illicit financial activities. In particular, the biggest money laundering risks within the US relate to:
  • Inappropriate usage of legal entities
  • Business professionals and merchants who are complicit in illegal activities and use their positions and organizations to assist with them
  • Real estate transactions with a lack of transparency
  • Inadequate supervision and compliance within some regulated US financial institutions. 
The National Terrorist Financial Risk Assessment noted that financial support from individuals within the US, through transfers of small amounts of money, to foreign terrorist organizations, such as ISIS remains a major problem. 
According to the National Proliferation Financial Risk Assessment, the Democratic People’s Republic of Korea represents the biggest financial threat, followed by Iran. China and Russia (to a lesser extent) were also noted to have stepped up their efforts to acquire US-origin goods through illegal means. Proliferation finance networks continue to misuse correspondent banking relationships and establish multiple shell companies to obscure financial transactions. These networks are also increasingly abusing the digital economy, including systematic mining and trading of virtual assets, and hacking of virtual asset service providers.
How can community financial institutions continue to strengthen their AML and OFAC programs? 
  • Review and refresh your AML and sanctions risk assessments to ensure you’re assessing your customers, products/services, and geography risks appropriately for current trends.
  • With a greater number of digital transactions, check your thresholds to make sure they are still appropriate. You may need to adjust them, depending on your volume and customer profiles.
  • Continue using know-your-customer (KYC) procedures and follow up promptly on any red flags.  Also, develop a periodic KYC review process to ensure you have current knowledge of your customer, their behavior, and their needs. 
  • Artificial intelligence (AI) systems and transaction monitoring platforms can help identify patterns of unusual activity, by comparing customer behaviors with industry and geographical characteristics. Ensure that you fine-tune your AI monitoring systems for optimal performance. 
  • Provide ongoing training to your employees with specialized training to your operations, front office, and risk/compliance teams. This will enable your key departments to have the best ammunition — knowledge is power!
As a 2001 U.S. senate report noted, “money launderers gamble that the banks will not notice–or perhaps will not scrutinize–the source of funds flowing through their correspondent accounts.” Make sure that you set up AML policies and procedures to ensure the “house” wins over money laundering gamblers.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

Information-Sharing Networks Identify Financial Crimes Faster
As the amount of online fraud continues to rise, there is mounting evidence that information-sharing initiatives around the world could provide a glimpse into the future of how financial institutions can most effectively identify and combat cybersecurity attacks.
Serious Hack-Attack-You Have 36 Hours to Report It
CFIs and other banks now have 36 hours to report serious hacks, including those that may disrupt operations, cause material losses or even threaten the stability of the entire financial system. Is 36 hours enough time for CFIs?