Virtual Financial Crime Conference - Thursday 30th September 2021 Challenges and best practices 17 SEPTEMBER 2020 | 13:30 - 16:30 BST - UK.COM

Page created by June Murphy
 
CONTINUE READING
Virtual Financial Crime Conference - Thursday 30th September 2021 Challenges and best practices 17 SEPTEMBER 2020 | 13:30 - 16:30 BST - UK.COM
Virtual Financial Crime Conference
Thursday 30th September 2021
SM&CRand
Challenges post-implementation
             best practices             forum
17 SEPTEMBER 2020 | 13:30 - 16:30 BST
Virtual Financial Crime Conference - Thursday 30th September 2021 Challenges and best practices 17 SEPTEMBER 2020 | 13:30 - 16:30 BST - UK.COM
Financial crime – the
evolving landscape and
practical lessons learned
Katie Stephen, Partner
Andrew Reeves, Partner

Thursday 30 September 2021

Norton Rose Fulbright LLP
Virtual Financial Crime Conference - Thursday 30th September 2021 Challenges and best practices 17 SEPTEMBER 2020 | 13:30 - 16:30 BST - UK.COM
Agenda
The evolving landscape and emerging trends:
• AML
• Market abuse
• Fraud
• Vulnerable customers

3
Virtual Financial Crime Conference - Thursday 30th September 2021 Challenges and best practices 17 SEPTEMBER 2020 | 13:30 - 16:30 BST - UK.COM
AML – recent developments

                                    Home Office
      Dear CEO                      guidance on                    CPS guidance
    letter re AML                    SARs and                      on failure to
     systems and                   disclosure in                      report
       controls                    civil litigation

                                                      First criminal
                    Consultation
                                                       proceedings
                      on AML                           under MLRs
                      regime                               2007

4
Virtual Financial Crime Conference - Thursday 30th September 2021 Challenges and best practices 17 SEPTEMBER 2020 | 13:30 - 16:30 BST - UK.COM
AML – practical takeaways

               Be aware of evolving risks

                Document arrangements and rationale

                            Systems and controls reviews

                                       Role of senior managers

5
Virtual Financial Crime Conference - Thursday 30th September 2021 Challenges and best practices 17 SEPTEMBER 2020 | 13:30 - 16:30 BST - UK.COM
Market abuse – recent developments

       Communication        Inside information   Market volatility
         channels

        Recording,            Controls and        Calibration of
    monitoring, retaining     surveillance        surveillance

6
Virtual Financial Crime Conference - Thursday 30th September 2021 Challenges and best practices 17 SEPTEMBER 2020 | 13:30 - 16:30 BST - UK.COM
Market abuse – practical takeaways

                 What should firms be thinking about?

                         Adequacy of market
     Messaging systems     abuse controls         Support for senior
      and social media                               managers

7
Virtual Financial Crime Conference - Thursday 30th September 2021 Challenges and best practices 17 SEPTEMBER 2020 | 13:30 - 16:30 BST - UK.COM
Fraud
                                 £754m stolen from
                                 bank customers in
                                      H1 2021

                                                      Fraud level “a
            Law Commission                           national security
              consultation                             threat” (UK
                                                         Finance)

                                    Recent
                                 developments

            Practical steps by                       Misuse of Covid-
                  firms                              related schemes

                                    Increasing
                                  expectations on
                                       firms

8
Virtual Financial Crime Conference - Thursday 30th September 2021 Challenges and best practices 17 SEPTEMBER 2020 | 13:30 - 16:30 BST - UK.COM
Vulnerable customers and financial crime –
recent developments

    FCA guidance                  FCA
     on the fair              warnings and                    Recent
    treatment of               campaigns                     decisions
     vulnerable
     customers

                    The new                    Financial
                   Consumer                  abuse code of
                     Duty                      practice

9
Virtual Financial Crime Conference - Thursday 30th September 2021 Challenges and best practices 17 SEPTEMBER 2020 | 13:30 - 16:30 BST - UK.COM
Vulnerable customers & fraud – key takeaways

                 Training

                Record keeping

             Governance, oversight and reporting

                            Emerging tools

                    Customer communications, feedback and
                                complaints

10
11
Contacts

     Katie Stephen                           Andrew Reeves
     Partner                                 Partner
     Katie.stephen@nortonrosefulbright.com   andrew.reeves@nortonrosefulbright.com
     020 7444 2431                           020 7444 3138

12
Law around the world
                                                                                   nortonrosefulbright.com

Norton Rose Fulbright US LLP, Norton Rose Fulbright LLP, Norton Rose Fulbright Australia, Norton Rose Fulbright Canada LLP and Norton Rose Fulbright South Africa Inc are separate legal entities
 and all of them are members of Norton Rose Fulbright Verein, a Swiss verein. Norton Rose Fulbright Verein helps coordinate the activities of the members but does not itself provide legal services
                                                                                           to clients.
   References to ‘Norton Rose Fulbright’, ‘the law firm’ and ‘legal practice’ are to one or more of the Norton Rose Fulbright members or to one of their respective affiliates (together ‘Norton Rose
   Fulbright entity/entities’). No individual who is a member, partner, shareholder, director, employee or consultant of, in or to any Norton Rose Fulbright entity (whether or not such individual is
 described as a ‘partner’) accepts or assumes responsibility, or has any liability, to any person in respect of this communication. Any reference to a partner or director is to a member, employee or
                                                    consultant with equivalent standing and qualifications of the relevant Norton Rose Fulbright entity.
  The purpose of this communication is to provide general information of a legal nature. It does not contain a full analysis of the law nor does it constitute an opinion of any Norton Rose Fulbright
 entity on the points of law discussed. You must take specific legal advice on any particular matter which concerns you. If you require any advice or further information, please speak to your usual
                                                                                  contact at Norton Rose Fulbright.
THE CHALLENGES OF FRAUD PREVENTION IN THE
AFTERMATH OF A PANDEMIC
Amber Burridge, Head of Fraud Intelligence, Cifas
A challenging 18 months – a changing landscape
15

                                •   According to action fraud, £34.5 million lost to COVID
                                    scams – from PPE scams, to return to work, to the
                                    vaccine roll out
                                •   Bank transfer fraud losses surge to £479m in 2020
                                    thanks to the pandemic
                                •   In the FY2020/21, £2.2 million was lost to holiday scams
                                    – that’s £1,242
                                •   Up to June 2021, 1,085 reports of ticket fraud had been
                                    made so far this year, equating to an average loss of
                                    £850 per victim.
                                •   Victims have lost over £15 million this year alone to
                                    bogus investment scams on dating platforms.
                                •   Every day, there are 65,000 attempts to hack SMEs,
                                    around 4,500 of which are successful.
                                •   Vulnerabilities with remote working as reports suggests
                                    85% of employees are more likely to leak sensitive files
                                    now than before the COVID-19 pandemic
A challenging time – 2020
16

                Cifas members recorded one case to the national fraud database
                every two minutes.

                60% of cases were identity fraud – 26% increase in companies being
                impersonated in 2020.

                78% of misuse cases on bank accounts in 2020 had intelligence that
                indicates money mule activity.

                21% increase in facility takeover – predominately online retail and
                telecom products targeted.

                For the Insider threat, Unlawful obtaining or disclosure of personal
                data rose by 43% in 2020.
17
Victims of Impersonation
18
19
2020 vs 2021: Cases where intelligence indicates mule activity
20

                        76%

               78%               32%

                                          24%
                                                   -1%
                                                            36%
21
Victims of Takeover
22
Focus on Investment and savings products
23

                          •       In the first six months of 2021, cases on savings products rose by 41%, predominately in relation
                                  to personal savings accounts.
                          •       Identity Fraud rose by 57%. Most filing reasons are for impersonation, current address fraud
                          •       Misuse of facility rose by 13%. This is mainly for funds received, conduct unexplained

                              •    In the first six months of 2021, identity fraud on personal savings rose by 58%.
                              •    42% of victims of impersonation are aged 61+ and predominately male.
                              •    Law enforcement continue to report on high levels of scam investments particularly in relation
                                   to digital currency. Victim aged 60+ continue to be a key target for this kind of activity.
       Identity Fraud         •    Some victims are exploring these ‘investment opportunities’ to help reduce the financial
                                   impact of inheritance tax.
                              •    Courier fraud where the victim is contacted by the FCA stating their financial advisor is under
                                   investigation and they need further details about them and their accounts.

                              •    47% of misuse of savings accounts have intelligence that indicates mule activity.
                              •    A third are recorded within 3 months of application date.
                              •    38% tend to be aged between 21 and 30 years old
                              •    Recent intelligence suggests “piggyback fraud” cases involving threat actors opening a new
                                   savings product through a mule account
     Misuse of Facility
                              •    Experian also said that fraudulent openings for savings accounts were three times the rate in
                                   Q2 2021 compared to the previous quarter
Key intelligence on Investments and Savings
24

     • Reports of fake investments being promoted through
         dating apps. Once matched, a scammer the threat
         actor will gain a level of trust and turn the
         conversation to finance and potential investments,
         offering ‘tips’ and instructing the recipient to
         download a fake trading app. The fraudster will
         provide incentives, such as promising their victim can
         reach a premium "Gold" or "VIP" status
     •   Reports of an increase in investment frauds where
         customers are duped into signing up to invest in
         cryptocurrency. Advertisements for these investments
         are seen across social media but specifically
         Instagram and Snapchat. In some cases individuals
         are instructed to download fake trading apps
     •   Threat actors posing as a well known investment firm
         targeting victims with cloned websites and fake
         documents. A closer look at the impersonation shows
         that the website provided in the emails sent to
         potential victims looked like an exact copy of the
         genuine Interactive investor website.
25
26
Key insider threat intelligence
27
     •   Reports of staff members being approached via social media and offered money to
         provide customer details on specific accounts. They also noted a number of staff members
         changing details on accounts to help facilitate fraud.
     •   Instances where staff members where claiming they needed to self isolate as a result of
         being "pinged" by the app or because they have tested positive. Investigations revealed
         they had been out socialising when they said there at home self-isolating and unable to
         work.
     •   Instances where staff have falsely added themselves to the system indicating they
         attended a key meeting whereby a product was recently sold to a customer in order to
         profit from commission payments.
     •   Reports of staff redirecting customer investments in to accounts in their control
     •   Offboarding is also an issue – a member of staff who was working their notice period had
         started working for another organisation. The employee had sent across a number of large
         customer data sets to their new company email.
Key Challenges 2021 - cases up 13% first half of 2021
28
                          •       In the first six months of 2021, identity fraud has risen by 11%.
                          •       Unprecedented volume of phishing, smishing and vishing
                          •       Impersonation scams purporting to be from bank or other authority figure
        Identity Fraud    •       Spoofing of brands and investment scams
                          •       Subscription based criminal services offering sophisticated products

                          •       The number of those involved in this type of activity has risen by 57% in 2021 in the first
                                  six months of 2021.
                          •       Social media channels being used to recruit money mules
                          •       Receipt Generators
     Misuse of Facility   •       Individuals taking out products with no intention to pay and abusing “buy now pay
                                  later” schemes

                          •       This has increased by 14% in 2021, with 44% via telephony channels.
                          •       Spoofed text numbers to obtain personal and financial information
                          •       Paid adverts directing customer queries to malicious (including spoofed) websites
      Facility takeover   •       Social engineering of both customer and contact centre staff

                              •    Attitudes already suggest that as many as 30% of job applicants include fake references
                                   on their resumes
                              •    Organisations adopting more agile working longer term and associated vulnerabilities
                              •    Poor cyber security measures/protection and threats posed by use of personal devices
       Insider Threat         •    Staff approaches in economic uncertainty
Defending yourself and your organisation: Key takeaways
29

      ✓ Bolster digital and telephony
        channels
     ✓ Consider reviewing verification
       checks
     ✓ Carry out checks to see if your
       brand is being abused
     ✓ If a consumer makes changes to
       their account, carry out full checks
     ✓ Screening staff throughout their
       employment journey is essential.
     ✓ Are your working from home
       policies sufficient?

     ✓ Are you part of a fraud prevention
       community?
www.tisa.uk.com

Dakota House, 25 Falcon Court, Preston Farm Business Park, STOCKTON-ON-TEES, TS18 3TX
                        01642 666999 | enquiries@tisa.uk.com
You can also read