Are we winning the fight against financial criminals?
Emma Poposka, CEO and Co-Founder at bronID, discusses why identity verification for organisations is so important, and explains how money launderers are infiltrating financial institutions.
Why is identity becoming such a complex issue, particularly in terms of verifying organisations?
It is a regulatory requirement for all reporting entities – financial institutions, investment platforms, digital currency exchanges and so on – to verify their customers. They need to know who they’re dealing with. In many cases, this will be individuals. Before the software came along, companies would verify individuals by asking for their passport or driver’s licence, or maybe they would meet them in person. Now, everything is online.
There are different ways to verify – by using independent data sources, some kind of biometric, or a combination of both. But in some cases, financial institutions will onboard organisations, and these can come in very different shapes and sizes. It is a regulatory requirement that they be identified and verified, but the issue with organisations is that there are so many types of them, and they can be incorporated in different ways in different jurisdictions. They are also all verified in very different ways.
Financial institutions obviously need to verify that the organisation exists, but they also need to figure out who owns and controls that organisation. That’s a more difficult task than it sounds because, as I said, there are so many different types of organisations, and sometimes these entities are complex. Often when we see big amounts of money being laundered, it’s done through very complex structures and it’s difficult to determine who owns or controls the entity.
How would you define a complex entity?
I can explain what a complex entity is to bronID. If we look at it like a spectrum – on one end we have very simple structures like sole traders or companies with directors; it’s very easy to figure out who owns or controls them. At the other end of the spectrum we have the complex entities. These are companies or trusts that are incorporated in one jurisdiction, but the ownership is in another jurisdiction.
So entities that were discovered with the Panama Papers would fall into this category of complex entities. But sometimes we see complex structures closer to home. In Australia it’s quite popular for businesses to be incorporated as trustees, and they have these very complex structures for tax-planning reasons. It’s not necessarily that a simple coffee shop wants to launder money, but their accountants will create something that’s very difficult to unwrap and it makes everyone’s life more challenging when it comes to compliance.
What are the basic steps to money laundering?
Well, for anti-money-laundering professionals, there are three steps they describe. Those are placement, layering and integration. A lot of people ask, “What is money laundering?” And the funny thing is not a lot of people know what is actually involves. Some would be surprised by how broad the definition is.
For money laundering to happen, there must be a predicate offence – an illegal act that results in some kind of money being acquired. Most of the crime in the world is done for money. We do see some passionate crimes, but most criminal acts are done so people can earn money illegally.
A predicate offence can be anything from kidnapping for ransom to cybercrime to tax evasion, as well as bigger things like corruption and bribery. Once the criminal has the money, they will want to distance themselves from the origin of funds because they are not allowed to use illegally obtained funds. So they will go through these three steps – placement, layering and integration.
In the first step, they want to place the funds into the system in some way. Let’s say they have cash from some kind of drug sale or human trafficking. They want to place it in the system, and this is where they are at their most vulnerable. If the bank or the money remitter asks for the origin of funds, which is a common mitigation control, they will have a very difficult time explaining it. So they will use strategies to structure the funds and place them into the system.
The second stage is about layering. This is where the organisations may come into play. The money launderers want to conduct fake transactions to distance themselves as much as possible from the origin of funds – transferring from one account to another, from one business to the next, and with fake invoices. There are all these different methods they can use.
The final step is integrating the funds. Now that the criminal has the money, they can either buy a very nice house, some art or just keep it in their bank account. That’s the integration phase. Based on that three-step process, financial institutions will be vulnerable at different stages.
Is the cryptocurrency ecosystem making it easier to obfuscate transactions and relationships?
Yes and no. The thing is, when there is a transaction on the blockchain, it stays there – you can audit it. All of our clients would use a blockchain-transaction-monitoring system like Chainalysis or Elliptic.
On the one hand, it gives you really good tools, such as being able to track down transactions, which is just not possible with bank accounts. On the other hand, once someone has the money – let’s say from a crime – it does provide an easy way for them to get cryptocurrency and then place that into the system.
Recently we’ve seen several Eastern European exchanges being sanctioned. They were helping cybercriminals and companies that were getting most of their funds through ransomware by allowing them to transact through their exchanges. We see a lot of that. Once there is some knowledge from a regulator that it’s happening, pretty much everyone who’s on the network knows.
So while the crypto ecosystem can makes it easier, it can also make things much more difficult. If you’re a criminal who is wandering around with big amounts of money, I think it would be very stupid to launder it all through crypto. One day or another you’ll get caught. However, finding the identity of the person and the beneficial ownership are still problems.
Want more insight into the world of cybersecurity, digital identity, biometrics and more? Get your fix with the IDentity Today podcast, hosted by Daltrey CEO Blair Crawford. Listen via Apple Podcasts, Spotify or your favourite podcast app.
