Connect with us


Unexplained Wealth Orders: What do they mean for the banking sector?



Neil Swift

By Neil Swift, Partner, Peters & Peters

 Unexplained Wealth Orders

Since 31st January this year, UK law enforcement agencies have been granted a new power to require individuals to provide information on the sources of their wealth. Agencies including the National Crime Agency (NCA), Her Majesty’s Revenue and Customs (HMRC) and the Serious Fraud Office (SFO) can now apply to the High Court for an Unexplained Wealth Order (UWO). A UWO can be made in relation to property located anywhere in the world, irrespective of where the person who is suspected to be the owner of the property habitually resides.

Neil Swift, Partner, Peters & Peters

Neil Swift, Partner, Peters & Peters

UWOs are designed to assist law enforcement agencies to recover property when they suspect that it has been obtained using the proceeds of crime or is owned by holders of an overseas public office who appear to have property substantially beyond their means.

To grant a UWO, the High Court will need to be satisfied that:

  1. the property in question (which could be real estate, a balance in an account or some other investment) is worth at least £50,000;
  2. the individual in question holds the property or has effective control over the property solely, jointly, or through a trust;
  3. there are reasonable grounds for suspecting that the individual could not have obtained the property using their known lawful sources of income.

The High Court also needs to be satisfied that the person against whom the order is sought falls into one of two categories:

  1. Politically exposed persons (PEPs), meaning people who hold (or have held) important public positions in countries outside the UK or European Economic Area, and their family members and close associates.
  2. Persons suspected of involvement in serious crime and those connected to them. The suspected criminal activity can be in the UK or abroad, and includes money laundering, corruption and tax evasion. It is not necessary that a civil or criminal investigation has been opened. All that is required is that the High Court is satisfied, on the balance of probabilities, that the person has conducted themselves in a way which is likely to have constituted a criminal offence.

Once a UWO has been obtained, the recipient will be given a limited time to comply with its requirements, which are likely to include the provision of an explanation as to the source of wealth used to acquire the property and documents in support of that explanation. The law enforcement agency may also apply for an interim freezing order preventing the person from dealing with the property.

If a person purports to comply with aUWO, then the law enforcement authority is not under any obligation to do anything: it can simply use the information received for intelligence purposes, particularly if it reveals hitherto unknown associations or connections.

However, in the event of a nil response, or a failure without reasonable excuse to comply with any of the requirements of the UWO, then the law enforcement authority can, if it chooses so to do, apply for a Civil Recovery Order (under the Proceeds of Crime Act 2002) to forfeit the property. The effect of non-compliance is that the burden of proof shifts and the property assumed to be recoverable property, unless the person against whom the UWO was obtained can prove otherwise.

UWOs and the banking sector

Financial institutions are most likely to encounter UWOs when one of their clients is subject to a UWO in respect of a business (and its accounts), a personal account or other investment, accompanied by an interim freezing order. To be effective, the interim freezing order will be served on the institution. At that point, no doubt the institution’s systems will prevent the account or investment being accessed or depleted, as well as flagging up the heightened money laundering risk associated with that particular customer.

For UWOs obtained in respect of PEPs, who will already have been subjected to enhanced due diligence and ongoing monitoring, the institution should have sufficient information about the individual’s source of wealth. Whilst the institution will no doubt wish to revisit its due diligence, it is perfectly possible that the enquiries undertaken by law enforcement to ascertain the person’s lawfully obtained income from known sources did not uncover information that the institution has obtained from its client. There is no absolute obligation on the law enforcement agency to find out what the person’s income actually is, and on the face of it, there is no obligation to make enquiries about their previously accumulated or inherited wealth.

UWOs obtained on the basis of suspected involvement in serious crime, or association with such a person or a PEP, are likely to give rise to more immediate concern. The customer may not have appeared to be higher risk when taken on or as the relationship developed. The institution will no doubt wish to immediately revise that particular customer’s risk profile, evaluate whether it has sufficient information about its customer and, if not, undertake additional enquiries to assess whether the risk is acceptable.

Particularly where the recipient of a UWO is a customer of an international institution, holding assets or investments in overseas branches, consideration will also need to be given to the extent to which the UWO raises red flags in other branches as well.

That is not to say that the making of a UWO and interim freezing order should automatically result in an institution ceasing to do business with its customer. They may be satisfied that they have sufficient due diligence and have satisfied themselves that the customer has a legitimate source of wealth.  The institution can also take some (but not complete) comfort from discharge of the freezing order – although no doubt the red flags will change the way the relationship is managed in the future.


It remains to be seen how useful law enforcement agencies will find UWOs and how frequently they will be used.So far they have been used to obtain information about the ownership of expensive real estate.However  banks and other financial institutions should consider the steps they should take in the event that they are put on notice of a UWO.


Two weak links cyber attackers are exploring to breach banks



Why the financial sector must use security orchestration & automation to keep up with cyber threats        

By Rui Ribeiro, CEO at Jscrambler

The coronavirus pandemic has brought on a lot of changes into modern society, specifically when it comes to digital transformation. If we were already headed into the digital direction pre-pandemic, these unprecedented circumstances have only further accelerated the process. From education to banking, all sectors are going through this digital transformation, providing much-needed safer alternatives to in-person interactions. But how does this new paradigm impact the cybersecurity posture of organisations? How are financial institutions adapting and what do they need to improve?

When it comes to the banking sector, the digital component has become instrumental in the economy. On this note, it was found in a recent survey that 84% of consumers expect banks to actively transform their processes and offer digital services to keep them safe. We have seen large-scale closure of physical banks, and the use of electronic payments is increasing as people make the shift from cash to digital. Due to the circumstances, there has also been a general increase in e-commerce transactions, for example, there was an 81% increase in Italy according to Mckinsey & Co. All these factors are making traditional banks shift to digital banking faster than ever.

Incumbents are embracing the democratization of financial services and launching customer-centric platforms, for example, Santander launching openBank or RBS launching Bó. Not only are we seeing traditional banks shift their processes, but we are also seeing an increase in neobanks. These banks operate exclusively online without traditional physical branch networks as is the case with Revolut, N26, Nubank, and many more. But what does all this rapid growth mean for banks in terms of security?

With all the upsides digital banking brings, also come new challenges, specifically in terms of keeping user’s data safe. The core logic of modern web banking apps and hybrid mobile banking apps is written in JavaScript, a programming language that allows development teams to shorten product release cycles. However, JavaScript requires special attention in terms of security, as it can be easily retrieved or tampered with by attackers, who can target the JavaScript source code to plan or automate data exfiltration attacks.

The majority of digital banking providers also rely on an agile product development process to be able to keep up with market demand and they often sacrifice security because of it. This race also increases the possibility of web supply chain attacks since development teams are relying extensively on third-party code. For example, we saw this issue in November of 2018 when an attacker was able to gain control of the event-stream JavaScript library, which was a third-party code dependency of Copay, a cryptocurrency wallet. This allowed the attacker to inject malicious code which harvested the credentials and private keys of Copay users. The company’s development team did not detect the malicious code immediately and released several builds of the infected application.

The Copay example is only one in many incidents that have happened over the years. These cybersecurity incidents are sadly not uncommon, especially when technology advances as fast as it has in the past few years. With this rapid mutation of digital banking solutions, we see malicious strategies also improving fast to try and keep up with the market. Companies need to be aware of this double-edged sword so that they can also focus on improving their security. Having visibility and control over their products is crucial when it comes to ensuring that their web and mobile applications are not being leveraged by attackers to siphon user data.

In conclusion, although the shift to digital transformation is bringing a lot of needed safety for users when it comes to avoiding in-person interactions, users also need protection in the digital space. Because of this, banks are required to consider the possibility of the various online threats and find solutions to keep their users’ data safe. Developing an application fast enough to keep up with other digital banking applications is not enough to provide a good user experience. The key takeaway here is that banks need to take action now and mature their client-side security to prevent breaches and be compliant with regulations. If they are able to successfully manage their client-side security, they can outpace attackers and keep their users safe.

Continue Reading


What banks need to know about observability



What banks need to know about observability 1

By Abdi Essa, Regional Vice President, UK&I, Dynatrace

More aspects of our everyday lives are taking place online  from how we work, to how we socialise and, crucially, how we bank. To keep pace, financial organisations have stepped up their digital transformation efforts, supported by a shift to dynamic multicloud environments and cloud-native architectures. However, traditional monitoring solutions and manual approaches cannot keep up with these vast, highly complex environments. As a result, many banks are turning to new, observability-based approaches to understand what is happening in their digital ecosystems. These approaches, however, bring new challenges to overcome.

Here are six things banks need to know about observability to ensure they can gain true value, combat the complexities of their modern multicloud environments, and drive digital success in 2021 and beyond.

  1. Most banks have very limited observability

The scale, complexity, and constant change that characterises hybrid, multicloud environments presents a real challenge to banks’ IT teams. Our research found that, on average, banking digital teams have full observability into just 11 percent of their application and infrastructure environments – not nearly enough to understand what is happening, and why, across the digital ecosystem. Additionally, 87 percent said there are barriers preventing them from monitoring a greater proportion of their applications – including limited time and resources. Without improving observability across the entire cloud environment – by drawing in metrics, logs, and traces from every application – banks’ IT teams are limited in the success they can have driving initiatives to deliver the new banking products and quality user experience customers want.

  1. You can’t bank on manual approaches

With many banks beginning to rely on more dynamic, distributed multicloud architectures to deliver new services, IT teams are stretched further than ever. More than a third of financial services organisations say their IT environment changes at least once per second, and 65 percent say it changes every minute or less. This rate of change creates a volume, velocity, and variety of data that has gone beyond banks’ IT teams’ ability to handle with traditional approaches – there’s no time to manually script, configure, and instrument observability and set up monitoring capabilities. The need for automation is therefore critical. By harnessing continuous automation assisted by AI in place of manual processes, teams can drastically improve observability to automatically discover, instrument, and baseline every component in their bank’s cloud ecosystem as it changes, in real-time.

  1. Cloud native adoption is obfuscating observability

To remain agile and keep up with the rapid pace of digital transformation, banks are increasingly turning to cloud-native architectures. Our research found 81 percent of them are using cloud-native technologies and platforms such as Kubernetes, microservices and containers. However, the complexity of managing these ecosystems has made it even harder for banks’ IT teams to maintain observability across their environments. Nearly three-quarters of banking CIOs say the rise of Kubernetes has resulted in too many moving parts for IT to manage, and that a radically different approach to IT and cloud operations management is needed. Such an approach should be based on a solution that is purpose-built to auto-discover and scale with cloud-native architectures.

  1. Data silos result in tunnel vision

To boost observability, many banks have simply thrown more tools at the problem. Our research found that most organisations use an average of 11 monitoring solutions across the technology stack. However, more isn’t always better, and multiple sources of monitoring data can result in fragmented insights. This fragmentation makes it harder to understand the full context of the impact that digital service performance has on user experience and unravel the nearly infinite web of interdependencies between banks’ applications, clouds, and infrastructure. Instead, financial organisations should seek a single platform with a unified data model to unlock a single source of truth. This will be integral to ensuring that all digital teams are on the same page, speaking the same language, and collaborating effectively across silos to achieve business goals.

  1. Observability alone is not enough

Simply having observability doesn’t help banks achieve tangible benefits or reach their business goals. To get true value, the data processed must be actionable in real-time. As such, observability is most effective when paired with AI and automation. This observability enables teams to instantly eliminate false positives, prioritise problems based on the impact it will have on the wider organisation, and understand the root cause of any problems or anomalies so they can resolve them quickly. The alternative is to manually trawl through dashboards and data to find insights, which is incredibly time-consuming and makes it almost impossible to act in real-time. Our research found that 94 percent of CIOs think AI-assistance will be critical to IT’s ability to cope with increasing workloads and deliver maximum value to the organisation. AI is clearly no longer just a ‘nice to have,’ but a business imperative.

  1. Observability isn’t just for the back end

Far from just having observability of their multicloud environments, banking IT teams also need to be able to see how the code they push into production impacts the end-user experience, and how that in turn affects outcomes for the business. This is a major goal for many CIOs, with 58 percent citing the ability to be more proactive and continuously optimise user experience as a benefit they hoped to achieve from increased use of automation in cloud and IT operations. By harnessing automatic and intelligent observability, banks’ digital teams can unlock code-level insights and precise answers to their questions about user experience and behaviour, so they can continuously optimise their banking services.

Observability is key for modern financial organisations looking to accelerate their digital transformation. By understanding these six key things about observability, IT teams will be better placed to master dynamic, multicloud ecosystems, and drive better digital banking services for the business and its customers.

Continue Reading


Hackers can now empty out ATMs remotely – what can banks do to stop this?



Hackers can now empty out ATMs remotely – what can banks do to stop this? 2

By Elida Policastro, Regional Vice President for Cybersecurity, Auriga

In 2010, the late Barnaby Jack famously exploited an ATM into dispensing dollar bills, without withdrawing it from a bank account using a debit card. Fast forward to the present day, and this technique that is now known as jackpotting, is emerging as a threat and is growing as an attack on financial services. Recently, a hacking group called BeagleBoyz in North Korea have caught the attention of several U.S. agencies, as they have been allegedly stealing money from international banks by using remote hacking methods such as jackpotting.

The reality behind jackpotting

Jackpotting is when cybercriminals will use malware to trick their targeted ATM machine into distributing cash. As this criminal method is relatively easy to commit, it is becoming a popular tool for cybercriminals, and this trend will sure continue in 2021, unless financial organisations implement policies to prevent this and protect consumers.

During this difficult time, when access to cash has never been more important to banking customers, it is imperative that banks give their customers reliable ATMs that work, 24/7, 365 days a year. However, due to the sensitive data that ATMs possess, such as credit card or PIN numbers, they have now become a profitable object for cybercriminals to manipulate. As cybercriminals have been evolving in their efforts of attacking the IP in ATM machines, we will definitely see more jackpotting stories emerge in the coming months, especially with the large return on investment.

How criminals exploit the vulnerabilities found in ATMs

Since ATMs are both physically accessible and found in remote locations with little to no surveillance, this gives an opportunity for criminals to carry out jackpotting, especially with the software vulnerabilities that may exist in many ATMs.

ATM machines have been easily manipulated due to the outdated and unpatched operating systems that they run on. If banks wanted to resolve this issue and update these systems, it would take large amounts of time and money to do so. However, some banks do not have such resource and because of this, cybercriminals take advantage by penetrating the software layers in ATMs and exploiting the hardware to dispense cash.

How can banks tackle this?

As the sector has a complex technical architecture, banking organisations will have to make sure that they have control over the transactions that take place, and this includes the management of security when it comes to communication between various actors. When financial organisations are reviewing their ATM infrastructure, they will also need to protect their most vulnerable capabilities within their cybersecurity. Banks, for example, can encrypt the channels on the message authentication, in the event bad actors try to tamper with their communications.

Because ATM networks need to be available 24/7, banks not only, need to implement greater protection over their systems, but they need to do so with a holistic approach. One action that banks can take is to implement a centralised security solution that protects, monitors and controls their various ATM networks. This way banks can control their entire infrastructure from one location, stopping fraudulent activities or malware attempts on vulnerable ATMs.

Another way for banks to reduce the risk of jackpotting attacks is to update their ATM hardware and software. To do this, they will need to closely monitor and regularly review their machines in order to spot any emerging risks.

What the future holds for the banking industry

As confirmed by the warnings from the U.S. agencies, jackpotting remains a very serious threat for financial organisations. Evidence has also emerged, which shows hackers are becoming more innovative in their tactics. It was reported last year, for example, that hackers stole details of propriety operating systems for ATMs that can be used to form new jackpotting methods.

The emergence of jackpotting highlights the need for banks to actively work to protect their customers’ personal information and critical systems now and for the foreseeable future. In order to stay secure and reduce the risk of attacks, they will need to put in place the aforementioned solutions, which include updating their ATM hardware and software as well as closely monitoring and regularly reviewing their ATMs. As cybercriminals continue to become more innovative in their ways of attacking the machines, the issues mentioned will only continue to rise if they are not addressed. Although the method of jackpotting requires little action from cybercriminals, if financial organisations can implement a layered defence to their ATM security, they can stop themselves from becoming another victim to this type of attack in the future.

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Latest Articles

GameStop: How events unfolded and the next chapter 3 GameStop: How events unfolded and the next chapter 4
Investing25 mins ago

GameStop: How events unfolded and the next chapter

By David Morrison, Senior Market Analyst at Trade Nation, GameStop is a bricks and mortar video gaming retailer which launched in...

Technology47 mins ago

Does your institution have operational resilience? Testing cyber resilience may be a good way to find out

By Callum Roxan, Head of Threat Intelligence, F-Secure If ever 2020 had a lesson, it was that no organization can...

How the Brexit Agreement Failed the Financial Services Sector 5 How the Brexit Agreement Failed the Financial Services Sector 6
Finance52 mins ago

How the Brexit Agreement Failed the Financial Services Sector

By Steve Taklalsingh, MD UK Business, Amaiz Over the Valentine’s weekend, it was announced that during January, the first month that...

Why the financial sector must use security orchestration & automation to keep up with cyber threats         Why the financial sector must use security orchestration & automation to keep up with cyber threats        
Banking1 hour ago

Two weak links cyber attackers are exploring to breach banks

By Rui Ribeiro, CEO at Jscrambler The coronavirus pandemic has brought on a lot of changes into modern society, specifically...

Huawei 2020 revenue ticks up despite U.S. sanctions, chairman says 7 Huawei 2020 revenue ticks up despite U.S. sanctions, chairman says 8
Business1 hour ago

Huawei 2020 revenue ticks up despite U.S. sanctions, chairman says

By Josh Horwitz SHANGHAI (Reuters) – Huawei Technologies saw slight revenue and profit growth in 2020, in line with its...

Five things investors and listed companies need to know about the common ownership debate and why it matters Five things investors and listed companies need to know about the common ownership debate and why it matters
Business1 hour ago

Employee ownership – resilience in a time of uncertainty

By Stephen Greenwood, Owner of Valloop White House economist Jared Bernstein is a major advocate for employee ownership, in which...

Hyundai Motor to recall Kona EV and other electric vehicles in South Korea 9 Hyundai Motor to recall Kona EV and other electric vehicles in South Korea 10
Business1 hour ago

Hyundai Motor to recall Kona EV and other electric vehicles in South Korea

SEOUL (Reuters) – Hyundai Motor Co will recall 26,699 electric vehicles including Kona EVs in South Korea due to potential...

FAA orders immediate inspections of some Boeing 777 engines after United failure 11 FAA orders immediate inspections of some Boeing 777 engines after United failure 12
Business1 hour ago

FAA orders immediate inspections of some Boeing 777 engines after United failure

By David Shepardson and Jamie Freed WASHINGTON (Reuters) – The Federal Aviation Administration (FAA) said on Tuesday it was ordering...

Promise of cheap money keeps stocks buoyant 13 Promise of cheap money keeps stocks buoyant 14
Trading1 hour ago

Promise of cheap money keeps stocks buoyant

By Tom Westbrook and Echo Wang SINGAPORE/MIAMI (Reuters) – Bond markets steadied, the U.S. dollar fell and stocks edged ahead...

Bonding with equities 15 Bonding with equities 16
Investing1 hour ago

Bonding with equities

By Rupert Thompson, Chief Investment Officer at Kingswood Global equities slipped back last week, retreating 1.5% in sterling terms, and...

Newsletters with Secrets & Analysis. Subscribe Now