Virtual Financial Crime Conference - Thursday 30th September 2021 Challenges and best practices 17 SEPTEMBER 2020 | 13:30 - 16:30 BST - UK.COM
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Virtual Financial Crime Conference
Thursday 30th September 2021
SM&CRand
Challenges post-implementation
best practices forum
17 SEPTEMBER 2020 | 13:30 - 16:30 BST
Financial crime – the evolving landscape and practical lessons learned Katie Stephen, Partner Andrew Reeves, Partner Thursday 30 September 2021 Norton Rose Fulbright LLP
Agenda The evolving landscape and emerging trends: • AML • Market abuse • Fraud • Vulnerable customers 3
AML – recent developments
Home Office
Dear CEO guidance on CPS guidance
letter re AML SARs and on failure to
systems and disclosure in report
controls civil litigation
First criminal
Consultation
proceedings
on AML under MLRs
regime 2007
4
AML – practical takeaways
Be aware of evolving risks
Document arrangements and rationale
Systems and controls reviews
Role of senior managers
5
Market abuse – recent developments
Communication Inside information Market volatility
channels
Recording, Controls and Calibration of
monitoring, retaining surveillance surveillance
6
Market abuse – practical takeaways
What should firms be thinking about?
Adequacy of market
Messaging systems abuse controls Support for senior
and social media managers
7
Fraud
£754m stolen from
bank customers in
H1 2021
Fraud level “a
Law Commission national security
consultation threat” (UK
Finance)
Recent
developments
Practical steps by Misuse of Covid-
firms related schemes
Increasing
expectations on
firms
8
Vulnerable customers and financial crime –
recent developments
FCA guidance FCA
on the fair warnings and Recent
treatment of campaigns decisions
vulnerable
customers
The new Financial
Consumer abuse code of
Duty practice
9
Vulnerable customers & fraud – key takeaways
Training
Record keeping
Governance, oversight and reporting
Emerging tools
Customer communications, feedback and
complaints
1011
Contacts
Katie Stephen Andrew Reeves
Partner Partner
Katie.stephen@nortonrosefulbright.com andrew.reeves@nortonrosefulbright.com
020 7444 2431 020 7444 3138
12Law around the world
nortonrosefulbright.com
Norton Rose Fulbright US LLP, Norton Rose Fulbright LLP, Norton Rose Fulbright Australia, Norton Rose Fulbright Canada LLP and Norton Rose Fulbright South Africa Inc are separate legal entities
and all of them are members of Norton Rose Fulbright Verein, a Swiss verein. Norton Rose Fulbright Verein helps coordinate the activities of the members but does not itself provide legal services
to clients.
References to ‘Norton Rose Fulbright’, ‘the law firm’ and ‘legal practice’ are to one or more of the Norton Rose Fulbright members or to one of their respective affiliates (together ‘Norton Rose
Fulbright entity/entities’). No individual who is a member, partner, shareholder, director, employee or consultant of, in or to any Norton Rose Fulbright entity (whether or not such individual is
described as a ‘partner’) accepts or assumes responsibility, or has any liability, to any person in respect of this communication. Any reference to a partner or director is to a member, employee or
consultant with equivalent standing and qualifications of the relevant Norton Rose Fulbright entity.
The purpose of this communication is to provide general information of a legal nature. It does not contain a full analysis of the law nor does it constitute an opinion of any Norton Rose Fulbright
entity on the points of law discussed. You must take specific legal advice on any particular matter which concerns you. If you require any advice or further information, please speak to your usual
contact at Norton Rose Fulbright.THE CHALLENGES OF FRAUD PREVENTION IN THE AFTERMATH OF A PANDEMIC Amber Burridge, Head of Fraud Intelligence, Cifas
A challenging 18 months – a changing landscape
15
• According to action fraud, £34.5 million lost to COVID
scams – from PPE scams, to return to work, to the
vaccine roll out
• Bank transfer fraud losses surge to £479m in 2020
thanks to the pandemic
• In the FY2020/21, £2.2 million was lost to holiday scams
– that’s £1,242
• Up to June 2021, 1,085 reports of ticket fraud had been
made so far this year, equating to an average loss of
£850 per victim.
• Victims have lost over £15 million this year alone to
bogus investment scams on dating platforms.
• Every day, there are 65,000 attempts to hack SMEs,
around 4,500 of which are successful.
• Vulnerabilities with remote working as reports suggests
85% of employees are more likely to leak sensitive files
now than before the COVID-19 pandemicA challenging time – 2020
16
Cifas members recorded one case to the national fraud database
every two minutes.
60% of cases were identity fraud – 26% increase in companies being
impersonated in 2020.
78% of misuse cases on bank accounts in 2020 had intelligence that
indicates money mule activity.
21% increase in facility takeover – predominately online retail and
telecom products targeted.
For the Insider threat, Unlawful obtaining or disclosure of personal
data rose by 43% in 2020.17
Victims of Impersonation 18
19
2020 vs 2021: Cases where intelligence indicates mule activity
20
76%
78% 32%
24%
-1%
36%21
Victims of Takeover 22
Focus on Investment and savings products
23
• In the first six months of 2021, cases on savings products rose by 41%, predominately in relation
to personal savings accounts.
• Identity Fraud rose by 57%. Most filing reasons are for impersonation, current address fraud
• Misuse of facility rose by 13%. This is mainly for funds received, conduct unexplained
• In the first six months of 2021, identity fraud on personal savings rose by 58%.
• 42% of victims of impersonation are aged 61+ and predominately male.
• Law enforcement continue to report on high levels of scam investments particularly in relation
to digital currency. Victim aged 60+ continue to be a key target for this kind of activity.
Identity Fraud • Some victims are exploring these ‘investment opportunities’ to help reduce the financial
impact of inheritance tax.
• Courier fraud where the victim is contacted by the FCA stating their financial advisor is under
investigation and they need further details about them and their accounts.
• 47% of misuse of savings accounts have intelligence that indicates mule activity.
• A third are recorded within 3 months of application date.
• 38% tend to be aged between 21 and 30 years old
• Recent intelligence suggests “piggyback fraud” cases involving threat actors opening a new
savings product through a mule account
Misuse of Facility
• Experian also said that fraudulent openings for savings accounts were three times the rate in
Q2 2021 compared to the previous quarterKey intelligence on Investments and Savings
24
• Reports of fake investments being promoted through
dating apps. Once matched, a scammer the threat
actor will gain a level of trust and turn the
conversation to finance and potential investments,
offering ‘tips’ and instructing the recipient to
download a fake trading app. The fraudster will
provide incentives, such as promising their victim can
reach a premium "Gold" or "VIP" status
• Reports of an increase in investment frauds where
customers are duped into signing up to invest in
cryptocurrency. Advertisements for these investments
are seen across social media but specifically
Instagram and Snapchat. In some cases individuals
are instructed to download fake trading apps
• Threat actors posing as a well known investment firm
targeting victims with cloned websites and fake
documents. A closer look at the impersonation shows
that the website provided in the emails sent to
potential victims looked like an exact copy of the
genuine Interactive investor website.25
26
Key insider threat intelligence
27
• Reports of staff members being approached via social media and offered money to
provide customer details on specific accounts. They also noted a number of staff members
changing details on accounts to help facilitate fraud.
• Instances where staff members where claiming they needed to self isolate as a result of
being "pinged" by the app or because they have tested positive. Investigations revealed
they had been out socialising when they said there at home self-isolating and unable to
work.
• Instances where staff have falsely added themselves to the system indicating they
attended a key meeting whereby a product was recently sold to a customer in order to
profit from commission payments.
• Reports of staff redirecting customer investments in to accounts in their control
• Offboarding is also an issue – a member of staff who was working their notice period had
started working for another organisation. The employee had sent across a number of large
customer data sets to their new company email.Key Challenges 2021 - cases up 13% first half of 2021
28
• In the first six months of 2021, identity fraud has risen by 11%.
• Unprecedented volume of phishing, smishing and vishing
• Impersonation scams purporting to be from bank or other authority figure
Identity Fraud • Spoofing of brands and investment scams
• Subscription based criminal services offering sophisticated products
• The number of those involved in this type of activity has risen by 57% in 2021 in the first
six months of 2021.
• Social media channels being used to recruit money mules
• Receipt Generators
Misuse of Facility • Individuals taking out products with no intention to pay and abusing “buy now pay
later” schemes
• This has increased by 14% in 2021, with 44% via telephony channels.
• Spoofed text numbers to obtain personal and financial information
• Paid adverts directing customer queries to malicious (including spoofed) websites
Facility takeover • Social engineering of both customer and contact centre staff
• Attitudes already suggest that as many as 30% of job applicants include fake references
on their resumes
• Organisations adopting more agile working longer term and associated vulnerabilities
• Poor cyber security measures/protection and threats posed by use of personal devices
Insider Threat • Staff approaches in economic uncertaintyDefending yourself and your organisation: Key takeaways
29
✓ Bolster digital and telephony
channels
✓ Consider reviewing verification
checks
✓ Carry out checks to see if your
brand is being abused
✓ If a consumer makes changes to
their account, carry out full checks
✓ Screening staff throughout their
employment journey is essential.
✓ Are your working from home
policies sufficient?
✓ Are you part of a fraud prevention
community?www.tisa.uk.com
Dakota House, 25 Falcon Court, Preston Farm Business Park, STOCKTON-ON-TEES, TS18 3TX
01642 666999 | enquiries@tisa.uk.comYou can also read
