This week the Australian Government’s financial intelligence agency, AUSTRAC, released a new statistical report which could affect the way your practice does business. ‘Securities & derivatives sector: money laundering and terrorism financing risk assessment’ is a comprehensive data summary and analysis spanning the agency’s suspicious matter reports (SMRs) and background information[i]. The outcomes are somewhat scary; the risk of criminal exploitation for this sector is “at the high end of medium”[ii]. And despite the improvements in anti-fraud technology, fraud is the highest reported (51%) threat to the sector.
Upon releasing the report, the Minister for Justice noted that “no individual or company is immune from the threat of serious and organised crime, but they can mitigate it.” Like many aspects of risk mitigation in securities operations, mitigating the risk of financial crime takes strong background knowledge, planning and procedures. But where does a firm begin to map out what’s needed to stay one step ahead of the bad guys? To work this out, we can look at the vulnerabilities outlined in the report.
There are certain individual risk factors that can make a natural person or a corporate entity particularly risky to deal with. For example, most of the SMRs about individuals were for people who were unemployed, worked in the finance industry, or were owners/managers of their own companies. The actions of agents and third parties also raised a few alarms over the reporting period.
Of course, this doesn’t mean that you should avoid working with people who have these characteristics. And it’d probably be considered bad client service at the least to give them the third degree every time they want to make a trade or get some advice! Instead, have a think about what all these groups might have in common:
- Knowledge level: either too low (vulnerable) or too high (think they can beat the system)
- Privacy and secrecy: corporate structures, privacy laws, and professional duties of confidentiality can all be used to hide activity or hide real beneficial owners
- Regulation: when a customer (individual or corporate) is not regulated under Australia’s AML/CTF regime, reporting bodies just aren’t looking for the same red flags
Source of funds and wealth
This risk factor describes when a client transfers an unusually large amount of money in to a trading account. It’s difficult for responsible stakeholders and reporting entities to tell where the money came from, especially if it comes in in dribs and drabs, or if one client has multiple accounts (perhaps under different names).
This is a tricky one, because it would be seriously impractical to get a client to prove (to a legal standard) that their investment money hadn’t come from dodgy sources. The good news is that there are procedures you can put in to place to significantly curb the risk. For example, an organisation can get information about the savings and earnings of a customer when they first sign up to a service, and then update that information every year based on the customer’s pay summaries, tax records and other official documentation. And while it’s a rough guide at best, it’s possible to estimate the amount of funds a customer would legitimately be able to deposit, based on their declared wealth and income from working.
Transaction type: ‘dispose securities’
One of the more interesting points to come out of the report was to do with SMRs regarding disposal of securities. Apparently, fraudsters are hacking clients’ email accounts and requesting positions to be closed out, with proceeds paid to other accounts.
There’s nothing inherently wrong in communicating with a broker by email. But even if there’s an established pattern of communicating via email, brokers and market participants can still put other measures in place to ensure that client instructions are genuine. For example, large amounts or certain types of investments can be flagged so that secondary checks are put in place, without harming the speed and efficacy of genuine transactions to the detriment of the client (which would of course create a conflict). For example, two step authentication or a phone call within a certain time frame could work. These measures might be outlined in your client agreement/guide/disclosure, so they’re clear from the very start.
Of course, it’s a lot easier to synthesise information like the data in this report when you’ve got a solid understanding of the basics. Staff at all levels of your organisation need and deserve to have a working knowledge of Australian and international AML/CTF laws and practices.
FinancialCrimes101 can help with that. We’ve got a suite of practical and effective online education solutions, including units covering AML/CTF, fraud, the FATCA, and information security. It’s a simple and easy-to-implement way to ensure you’re covered when it comes to timely staff training. Check out the units here. And if you’re looking for cost-effective training on your organisation’s unique policies and procedures, get in touch for a conversation about our bespoke options.