Connect with us
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Banking

US LAW ENFORCEMENT AND MIDDLE-EASTERN BANKS: WHAT LIES AHEAD IN THE POST-TRUMP ELECTION WORLD

Published

on

US LAW ENFORCEMENT AND MIDDLE-EASTERN BANKS: WHAT LIES AHEAD IN THE POST-TRUMP ELECTION WORLD

A new US President has been elected whose platform on international issues is somewhat unconventional. In this new era, will Middle-Eastern banks face increased risks of US legal and regulatory enforcement, particularly in the areas of tax fraud and money laundering 

In the following article, Stephen Huttler, the Senior Partner at PillsburyWinthrop Shaw Pittman, a leading international law firm headquartered in Washington, DC, describes US plans to pursue financial institutions they suspect of facilitating tax evasion or money laundering overseas.

Stephen Huttler

Stephen Huttler

US citizens, in a tax system that is almost unique among developed nations, are taxed by the US on their world-wide income regardless of where they live.Similarly, US residents are taxed on their world-wide income even if they are not US citizens.  Unsurprisingly, some US citizens and residents have sought to evade their tax obligations by concealing their assets in non-US banks, especially those based in jurisdictions with a reputation for banking secrecy and client confidentiality.   In 2010, as a response to these activities, the United States Congress enacted the Foreign Account Tax Compliance Act (FATCA).

One of the primary jurisdictions that used to be favoured by those seeking to avoid tax was Switzerland.  However, as a result of concerted enforcement actions by the US Department of Justice (DOJ) over the past several years, much of the Swiss banking industry has resolved their issues with the US authorities,provided information to the DOJ about their US customers, and changed their business model going forward to avoid onboarding of customers who are not tax compliant in their home jurisdictions.

Following on from their success in Switzerland, we expect the DOJ to now turn its sights to other locations, many of them in the Middle East. As a result, it is important for Middle-Eastern banks to understand what the DOJ did in Switzerland.

On August 29, 2013, the DOJ and the Swiss Federal Department of Finance announced the ‘Program for Non-Prosecution Agreements or Non-Target Letters for Swiss Banks’ (the ‘Program’). Under the Program, the DOJ held out an offer of anon-prosecution agreement (NPA) concerning potential tax-related offenses under US law to Swiss banks who made broad disclosures about their US banking practices and their related account holders.

Among the disclosures the DOJ required under the Program was information concerning

  1. accounts in which US taxpayers held an interest, that were open as early as August 2008,
  2. potential misconduct by bank employees and executives, including cross-border activities,
  3. names of banks to which money was transferred when US related accounts were closed.

The DOJ required each bank participating in the Program to pay a penalty based upon a percentage of the amount of assets under management for ”US-related accounts,”though such penalties could be reduced if the bank provided mitigating evidence. ‘Mitigating evidence’ could include, for example, evidence that an account had been declared to US authorities via timely reporting by the taxpayer or through the taxpayer’s participation in a voluntary disclosure program encouraged by the bank.

On January 27, 2016, the DOJ announced that it had signed a NPA with the final participating Swiss bank.  In total, almost 80 Swiss banks participated in the Program, paying an aggregate penalty of $1.37 billion (with individual penalties as high as $211 million and $188 million).Through the Program, the DOJ acquired a wealth of information about offshore accounts and their use by US taxpayers as vehicles for tax evasion.This information­– particularly when aggregated with information from approximately 60,000 US taxpayers who participated in a voluntary disclosure program – gives the DOJ clear indications about which banks to pursue for potential tax-related offenses outside Switzerland.

Although the DOJ has remained silent about the next jurisdiction it plans to pursue, or whether it will offer a Program similar to the Swiss bank Program, Acting Assistant Attorney General Caroline Ciraolo indicated on several occasions in 2016 that the DOJ will continue pursuing investigations beyond Switzerland and warned institutions that have facilitated account concealment and tax evasion to anticipate DOJ investigations. She encouraged such institutions to voluntarily disclose criminal activity before the DOJ begins its investigations.

Banks in the Middle East are increasingly viewed as potential targets for such DOJ investigations.Similar to Switzerland, many Middle Eastern countries—including UAE, Qatar, Oman, Kuwait, Bahrain and Saudi Arabia – levy income and other taxes at a low to non-existent rate on foreigners. These tax-convenient locations attract US taxpayers seeking to avoid paying US taxes on their worldwide income.  In addition, banks in two Middle Eastern countries – Lebanon and Bahrain – offer services with a high level of secrecy, with the result that foreign governments are thwarted from scrutinising transactions and identifying account holders.

Moreover, a number of Swiss banks that participated in the Program are linked to affiliate banks in the Middle East. The DOJ may have gained access to relevant information about those affiliates.  The recent disclosures of the ‘Panama Papers’ have similarly delivered to the DOJ a treasure trove of information about possible tax evaders and their affiliates. This includes information identifying shell companies or other entities used to obscure the nature, source, and ownership of funds.

The regulatory enforcement of US tax laws is largely pursued and conducted by non-partisan bureaucrats at the DOJ, with political and policy implications addressed at political levels within the DOJ and by the US State Department working with the particular affected jurisdictions, both to facilitate resolutions and to avoid diplomatic conflicts.  With respect to the incoming Trump administration, while it is difficult to anticipate specific policy positions, it seems clear that industries and banks in “disfavoured nations” can expect to be treated less sympathetically and diplomatically than may have been the case in the outgoing or prior administrations. Should the Arab nations of the Middle East become disfavoured by this administration, rigorous enforcement against Arab banks – including indictments and seizures of correspondent bank accounts within the US – can reasonably be expected.

In addition to Arab banks, Israeli banks appear to be directly in the cross-hairs of the DOJ.  Many individuals are dual citizens of both the US and Israel, given Israeli policy of awarding citizenship to Jews seeking to reside in Israel.  The major Israeli banks, including their Swiss affiliates, have been and continue to be pursued by the DOJ, for facilitating the concealment of accounts and income by US citizens.

In sum, Middle-Eastern banks should anticipate increased scrutiny by US authorities, even if they are currently FATCA compliant, with potentially severe consequences if they are found to have facilitated tax fraud by US persons.  These banks would be prudent to conduct internal reviews in the near future to determine whether there is cause for concern.  It is anticipated that a number of banks will voluntarily approach the DOJ to self-disclose any relevant violations. 

Increased Focus on Money Laundering 

Similarly, Middle-Eastern banks should also expect an increase in anti-money laundering (AML) activity by the US authorities, including the exercise of the DOJ’s international capabilities.

In recent years, many foreign banks with branches in the US have come under investigation by the DOJ for allegedly evadingsanctions requirements, or even for facilitating the laundering of illicit proceeds. Some of these investigations have resulted in astronomical fines and serious reputational damage.

Foreign banks thatdo not have a branch in the USmay still be exposed to US jurisdiction through their correspondent banking relationships. As a result, in the present environment, US financial institutions are likely to require assurances from foreign banks that they have sufficient AML controls to detect potential illicit activity. To the extent that foreign banks cannot give such assurances, many US banks will simply choose to ‘de-risk’ and not transact business in certain jurisdictions.

Importantly, money laundering statutes in the United States expressly provide for extraterritorial applicability over conduct covered by the statute if the conduct is by a US citizen, or in the case of a non-U.S. citizen, if the conduct occurs in part in the US and the value of the funds involved exceed $10,000.

In practice, any evidence that the money originated in, ultimately returned to, or passed through the US is sufficient for jurisdiction in the US. Money laundering necessarily involves financial transactions using funds generated by a ‘specified unlawful activity’, to (i) promote additional specified unlawful activity, (ii) conceal the nature, source, or ownership of the funds, (iii) evade State or federal reporting requirements, or (iv) evade taxes on the income produced by the specified unlawful activity. The term “specified unlawful activity’ includes a very long list of state, federal and foreign crimes, including bribery violations of the Foreign Corrupt Practices Act (FCPA).

It is also worth noting that the FCPA which, among other things, criminalises the bribery of non-US government officials remains a priority of the DOJ. As investigations of potential corruption increase, there will be more focus on ‘following the money’, thus implicating financial institutions with deficient AML controls.

As with tax issues, it is anticipated that the incoming Trump administration will pursue offenders in overseas jurisdictions without the same level of diplomatic sensitivity as may have softened such enforcement activity in prior administrations.  Again, it is possible that Middle-Eastern banks can expect a difficult period ahead.

We therefore counsel banks to ensure that their AML controls meet the highest global standards if they clear dollar transactions, even if they have no presence in the US. We also encourage them to engage with attorneys and policymakers to understand the growing implications of the extra-territorial impact of the DOJ on their business.

Banking

Bank fraud prevention in a post-COVID-19 world

Published

on

Bank fraud prevention in a post-COVID-19 world 1

By Pierre-Antoine Dusoulier, Founder and CEO, iBanFirst

Fraud on the rise

According to recent research from a leading UK retail bank, there was a 66 per cent increase in reported scams in the first six months of 2020 compared with the last six months of 2019 – due to the COVID-19 pandemic.

Across the summer months, Action Fraud UK reported a total financial loss of £11,316,266 by 2,866 victims of coronavirus-related scams.

The rise in fraud rates is a warning that banks, building societies and other financial providers need to be as alert as ever in identifying fraud.

So, what do banks need to do to ensure their customers are protected from fraud in a post-COVID-19 world?

Educate your customers to safeguard against fraud

On the customer level, banks need to be informing their customers on the types of common fraud to ensure that they are protected for all eventualities.

Authorised push payment scams are one of the fastest growing types of fraud. According to the FT, £354 million pounds was stolen this way last year. It is where a company or individual is tricked into paying money into a criminal’s account. Emails come from a genuine email address but are then intercepted by a criminal, so it’s imperative that businesses have end-to-end email encryption, and the customer double-checks the account details with the supplier on the phone prior to making a payment.

At the same time, scammers can also exploit the company’s invoicing process, where criminals create a bogus invoice for a small amount and send it to a company’s accounting department. If the finance team does not identify this as fraudulent, it can result in the business losing a considerable amount of revenue over a long period of time.

Supplier fraud is also a widespread scam. This involves the fraudster taking on the appearance of a supplier that has changed their bank details. The fraudster will have collected information on the suppliers of the targeted company, in order to pose as an official supplier. This can be prevented by ensuring that the supplier is contacted to confirm the legitimacy of the communication. It’s important not to call or email the supplier using the details provided on the suspected fraudulent correspondence. Instead they must check the original details of the supplier and speak to them on their official telephone number or email on file.

Banking malware is the least commonly cited type of fraud but has a greater financial risk attached to it. Malware is sent by email redirecting the recipients of the message to a fake banking interface, as a way of transferring funds to offshore accounts.

Remodel processes post-COVID-19 to keep customer data safe

To fight cyber fraud and scams, banks must also play their part. In a world where entire workforces are working from home banks must remain vigilant with customer data. COVID-19 has created a change in working habits and banks need to carry out the right level of training for its employees to protect customer data. Virtual team meetings and remote data sharing poses a threat to exposing sensitive information to malicious actors, and banks need to put the necessary safeguards in place.

All virtual meetings should use the banks’ private company network, and file sharing should be carried out through secure, encrypted company drives. Meanwhile, banks need to provision for all employees to receive regular software updates that will keep customer data safe, and ensure that they are aligned with new and existing data processing regulations.

Monitoring suspicious payments

A vital element to fraud detection is through monitoring customer transactions in real time, and harnessing emerging technologies such as artificial intelligence and machine learning to spot the signs of a scam or fraud before it is too late.

One way that banks protect businesses from fraud is through keeping a log and examining regular transactional history. Any transactions which appear suspicious based on location, amount, the beneficiary, and the method will be alerted to the business customer, to mitigate the immediate and future financial risk to the business.

Know your transaction

To understand financial flows better, every bank has a Know Your Customer (KYC) engine. This is a payment infrastructure that supports onboarding processes and risk-based transaction monitoring. This system is already well known and we don’t need to elaborate on this further, as it is the fundamental building block to ensure the highest level of traceability across all transactions – including remittances and receipts of funds and foreign exchange transactions internationally.

However, KYC is limited and doesn’t include real-time analysis. What can be overlooked is a KYT engine – Know your Transaction. The aim of KYT (Know Your Transactions) is to identify potentially risky transactions and their underlying unusual behaviour for detecting money laundering, fraud or corruption. An automated concentration of transactions with accurate and relevant information directly from the original data sources is essential.

Finally, banks and payment companies need to implement anti-fraud modules to defend against cyberattacks, based on the latest algorithms capable of analysing transactions issued in real time and detecting anomalies or suspicious behaviour upstream, strengthening the security and transparency of payments and building a network of trust between issuers and recipients of payments.

In a post-COVID-19 world it’s clear that scams will become more common place. Within this environment there is a shared responsibility when mitigating the risk of financial fraud. The bank must educate and inform customers to enable them to protect themselves, while ensuring a robust technological infrastructure and ways of working are in place that protects customer data; their finances, and fundamentally their business and livelihood.

Continue Reading

Banking

How One Bank Successfully Responds to Sophisticated Threat Actors

Published

on

How One Bank Successfully Responds to Sophisticated Threat Actors 2

By Robert Golladay, Strategic Accounts Director, Illusive Networks

Cybercriminals and hacktivists have a special fondness for financial institutions. Continuous business innovation, complex ecosystems, merger and acquisition activity, fintech, cloud adoption and a growing consumer-driven attack surface multiply the problem for financial organizations. Despite the vast resources financial institutions devote to cybersecurity, one challenge has been especially difficult to solve – that of detecting and stopping APTs before real damage is done.

Securing cloud-based banking

An active lender in the UK sought a new way to protect its customers and the valuable assets it holds. The bank needed to:

  • Defend customer and employee information from compromise
  • Detect and thwart sophisticated attacks
  • Effectively defend cloud-based operations across accounts and instances

As a cloud-first company, the bank’s preference is to always invest in next-generation technology for operations and security infrastructure. In May 2016, with the help of Amazon Web Services (AWS), it became the first bank in the UK to be fully cloud hosted. The bank also uses AWS to deliver a financial technology service that helps lenders make informed decisions through data and automation.

Security is always a priority, which is one of the reasons the company chose AWS, conducts regular penetration testing, and performs advanced attack simulations. To maximize effectiveness of its layered security infrastructure, the company continually trains its employees and reinforces data security best practices.

In particular, the bank sought additional safeguards from sophisticated threats that evade other security measures, such as advanced persistent threats, as well as gain insight into attacker tactics and techniques. The new layer needed to be cloud-based for high scalability and flexibility, and it had to defend the company without time-wasting false positive alerts. The security team looked at deception technology and chose a solution that allowed them to gain real-time verification of anomalies and lateral movement in the network.

Choosing deception

The deception solution enabled the bank to focus on attackers’ behaviour and perspective. The solution’s expertise in attacker methodology augmented the bank’s internal capability to detect novel attacks, while enabling rapid and adaptable coverage in its cloud-based environment.

The bank’s deception solution uses agentless, intelligence-driven technology that creates a dense web of deceptions and effortlessly scales across the infrastructure. Featherweight deceptions on every endpoint look exactly like the bank’s real data, access credentials and connections. When an attacker is confronted with deceptions, this deceptive view of reality makes it impossible to choose a real path forward. One wrong step triggers an alert to the bank’s security team.

The bank’s CISO found it invaluable to be able to deploy a solution that creates doubt and confusion in an intruder’s mind. When attackers can’t distinguish between real and deceptive assets, the security team can collect information and apply intelligence to patterns that it has observed during that time period of activity. The solution simultaneously sharpens the bank’s investigative process and constrain the attacker.

The lender easily deployed deception technology across its complex environment, scaling it across AWS instances and accounts. The IT security team now has continuous visibility and confidence that these defences enable them to thwart sophisticated threat actors.

Deceptively secure

The bank gained proactive threat response and the assurance that an alert represents a real issue. These alerts are only triggered when an attacker engages with a deceptive asset. At that point, the deception technology immediately begins capturing forensic data from the system where the attacker is operating, presenting real-time forensics and a quantifiable measure of potential business risk. It uncovered, for example, malicious processes trying to operate on an endpoint.

The deception solution enables the lender to be much more proactive. It detects and analyses attacks in real time to produce actionable alerts, directing the security team to relevant and valuable conclusions. The technology provides exceptional, innovative coverage for malicious pivoting and lateral movement. It uncovers the in-depth, sophisticated actors who evade other countermeasures and gives security analysts direct visibility into targeted attacks, which they find invaluable.

A laser-focused approach

The financial sector remains a perennial favourite of the cybercriminal crowd. As networks become more complex, their perimeters all but disappear, creating the need for stronger and more comprehensive security than ever previously imagined. Advanced persistent threats are a particular concern, as they are notoriously difficult to detect before significant damage is done. For financial institutions, the reputation damage alone may be insurmountable.

Banks and other financial services organizations pour resources into cybersecurity, but one option that needs further exploration is deception technology. This method of security monitors for lateral movements toward critical assets and thus provides a powerful alternative or enhancement to traditional monitoring approaches. Security teams can see attackers’ proximity to those crown jewels early in the attack cycle, buying time for careful response. As the lender above learned, deception technology cuts through the noise of alerts to deliver the intel financial institutions need to act quickly and safeguard their high-value data.

Continue Reading

Banking

Why banking and finance need to move qualifications online

Published

on

Why banking and finance need to move qualifications online 3

By Rory McCorkle, Senior Vice President, PSI Certification and Education Services

The global banking and finance sector often presents a strange contradiction when it comes to technology. On one hand, the sector is leading the way in blockchain technology, big data and Artificial Intelligence. On the other hand, many large financial institutions are falling behind in their digital transformation efforts, with internal processes as well as the moving the customer experience online. Particularly when compared to fintech and new challenger banks.

A report last year by Accenture found that just 12% of large traditional banks surveyed have fully committed to digital transformation and 50% of banks made little progress. The remaining 38% are in the midst of their transformations, but their digital strategies lack coherence.[i]

One area of digital transformation that has been particularly slow is access to qualifications and certifications. Many exams in the banking and finance sector continue to use Paper Based Testing (PBT). However, COVID-19 has accelerated the transition from PBT to Computer Based Testing (CBT), proving irrevocably that change is possible – regardless of the size of your organisation, number of candidates or security requirements.

Stay current

In a heavily regulated environment that is undergoing increased scrutiny, a high level of certification and compliance is a necessity for many working in the industry. And credentials that hold such significance need to be securely and fairly assessed. This is where CBT offers numerous benefits. For organisations there is security, integrity, flexible capacity, increased reach and a streamlined exam administration process. And for candidates, CBT provides flexibility, convenience, accessibility and increased choice.

Despite these benefits, some organisations still have reservations and have been slower to make the move to CBT. In more traditional professions, such as finance, there can be a greater reticence. This is likely to be based on the historic prestige of PBT, as well as a desire to stick to more traditional methods. However, with more learning completed online, and educational resources shifting to digital from primary education to CPD, expectations around assessments are changing.

Up-and-coming candidates in all professions, particularly those who are digital natives, are starting to question outdated methods. Organizations will need to adapt to stay current and relevant with their market. What’s more, technological advances have now combined with the coronavirus pandemic to increase the demand for remote business services. Meaning that a growing number of organisations in the banking and finance sector are moving to CBT.

Increased security

Technology offers burgeoning options to increase test security with CBT. Linear-on-the-fly testing (LOFT) for example allows you to easily change items for each candidate, while maintaining the fairness of the exam – rather than the fixed forms used in PBT.

With LOFT, every candidate is given a unique set of items, making cheating a lot more difficult. And with no need to ship test papers around the country, there’s significantly less risk of physical security breaches with CBT than with PBT.

With the movement away from paper and pencil testing, advances in online proctoring have also dramatically increased the ability to deliver secure online assessments. Using a webcam and microphone, online proctoring provides test security for exams, while offering candidates additional flexibility and convenient scheduling.

Even before COVID-19, online proctoring was becoming far more commonplace. In 2018, there was a 10% increase in organisations using online proctoring with video/sound recording and identity authentication as part of the exam process compared to 2017.[ii] And COVID-19 has reinforced the fact that it is possible to effectively move to CBT side by side with online proctoring – and move quickly.

Future possibilities

Testing has changed a lot during its history but the reasons for adopting CBT have remained the same for decades – fair and reliable testing delivered at scale. Nearly all tests that are completed with a paper and pencil can be adapted for CBT.

For organisations in the banking and finance sector, recent technological advances have provided many more options to reach candidates. At the same time, technology has significantly increased the security for important online assessments that will not only affect a candidate’s future, but might also impact the future and reputation of their profession.

As with any change, the move from PBT to CBT must be managed carefully and communicated clearly. And with best practice in place, it is possible for any organization, regardless of size and number of candidates, to make the move to CBT.

Continue Reading

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

Return to Work Doesn’t Mean Business as Usual When it Comes to Travel and Expense 4 Return to Work Doesn’t Mean Business as Usual When it Comes to Travel and Expense 5
Top Stories3 days ago

Return to Work Doesn’t Mean Business as Usual When it Comes to Travel and Expense

By Rob Harrison, MD UK & Ireland, SAP Concur The last few months have been an exercise in adaptability for...

Why technology is key to the future of auditing 6 Why technology is key to the future of auditing 7
Technology3 days ago

Why technology is key to the future of auditing

By Piers Wilson, Head of Product Management at Huntsman Security The Financial Reporting Council (FRC), which is responsible for corporate governance,...

Staff training crucial for SME recovery post-COVID 8 Staff training crucial for SME recovery post-COVID 9
Business4 days ago

Staff training crucial for SME recovery post-COVID

47% of UK’s top performing SMEs provide regular, formalised training for all staff Despite this, 15% of small businesses report to...

What Is Globalization 10 What Is Globalization 11
Business5 days ago

What Is Globalization

What is globalization? Globalization, or inter-connectedness, is the ever-growing process of integration and interaction among countries, individuals, businesses, and even...

What Is Microsoft Teams 12 What Is Microsoft Teams 13
Business5 days ago

What Is Microsoft Teams

Microsoft Teams is an application and web-based collaboration tool that combines chat, videos, online collaboration, document storage, and collaboration with...

What Is Capitalism 14 What Is Capitalism 15
Business5 days ago

What Is Capitalism

What is capitalism? Is it a great economic system or just another economic system that is not so great? Well,...

How To Start A Youtube Channel 16 How To Start A Youtube Channel 17
Business5 days ago

How To Start A Youtube Channel

How to Start a YouTube Channel For Your Business: Do you have a blog or website? If you do, it’s...

What is URL 18 What is URL 19
Business5 days ago

What is URL

A Uniform Resource Locater, colloquially known as a URL, is an identification to a certain web resource, a directory or...

What Is Seo 20 What Is Seo 21
Business5 days ago

What Is Seo

Search engine optimization, also known as SEO, is the process of increasing the quantity and quality of site traffic from...

How Much Rent Can I Afford. 22 How Much Rent Can I Afford. 23
Business5 days ago

How Much Rent Can I Afford.

How much rent is too much to pay? Sometimes, apartment complexes look at an annual income that’s over forty times...

Newsletters with Secrets & Analysis. Subscribe Now