Blockchain and NFTs – Setting New Standards for Cybersecurity and Identity Management

Non-fungible tokens (NFTs) are an evolution over the emerging concept of cryptocurrencies. As finance systems are getting modernized, consisting of innovative trading and loan systems for different types of assets, ranging from lending contracts to real estate and artwork. However, by making digital representations of physical assets like painting, NFTs are the most advanced form right now to re-invention the finance infrastructure. Thus, the idea of representing physical assets in digitized form is not new, however, these concepts are combined with the significance of tamper-resistant blockchain of smart contracts. 

Contrarily, blockchain and NFTs are also playing a crucial role in making the digital ecosystem secure, as fraudsters are becoming more sophisticated and are capable of exploiting cybersecurity systems. Thus, by utilizing the potential of blockchain technology and NFTs, an entirely new level of security can be attained.

Blockchain Technology – Revolutionizing Cybersecurity and Identity Management In Digital Ecosystem

Primarily, blockchain technology is the key driving force behind the success and emergence of cryptocurrencies. This technology is completely transforming the concept of payment gateways along with enhancing cybersecurity concerns.  Blockchain technology utilizes cryptography to make transactional records that are unchangeable and can’t be tampered with. NFTs are also backed by this technology and are uniquely categorized through a cryptographic token that provides an extra layer of security by ensuring that each digital asset and transaction records are well- managed, easily being tracked and verified. In addition to this, NFTs are also designed to digitally represent physical assets, which has brought significant opportunities for businesses as well as individuals.

NFTs are now also being used to virtual depict something scarce, for example, in-game add-on features and other collectibles. Due to the unique identity of NFTs, they are providing more improving identification measures while enhancing cybersecurity. In addition to this, NFTs and blockchain technology are also empowering digital businesses to develop virtual ledgers to store cryptocurrencies and digital assets while maximizing security levels. However, the combination of blockchain and NFTs is considered the most advanced way of securing sensitive information and holds the necessary power to completely transform the use of the internet and cybersecurity.

Despite the fact, blockchain is the backbone of the digitization of payment gateways, it is setting new standards in the cybersecurity domain as well. By providing financial institutions and other businesses a decentralized platform to secure data, they tend to protect the companies through various cyber-attacks and financial losses. It also allows businesses to gather and maintain track of customers’ identities. Blockchain technology is signifying security innovations through the following aspects;

Security through Blocks: Blockchain basically works as a distributed ledger that stores and maintains a continuously growing list of client data records called blocks. Each respective block placed in the database is accompanied by a cryptographic hash of the previous block, a timestamp, and transaction data. The immutability feature of blockchain technology allows it to provide businesses and individuals with a sound sense of security and data protection. Other than this, it also backs businesses to determine and authenticate their identities before getting them on board and ensures data is not compromised.

Private and Public Blockchains: The concept of private and public blockchain is growing concerned nowadays. A private blockchain allows companies to communicate information without a designated central authority. On the other hand, the public blockchain databases are easily accessible to any individual in the digital ecosystem. However, both types of blockchain databases are highly secure and can not be exploited, as they deliver the maximum level of transparency. As a result, blockchain ledgers are becoming an ideal place to store digital data or assets.

Decentralized Technology: Blockchain technology allows both businesses as well as individuals to store cryptocurrency and private information in decentralized databases with a high level of encryption. With the decentralization feature, blockchain assures that hackers can get access to one’s identity. However, hacking attempts are impossible, as cybercriminals need to penetrate 51% of the blockchain system at once.

Smart Contracts: The emerging concept of the smart contract is getting global attention, as they are powered with blockchain technology that automatically handles the customer’s transactions and other dealings. They have attained customer trust by enforcing high-end security standards by being transparent and tamper-proof. Other than this, the financial firms are also using smart contracts to manage customer identities and PII. This also enables businesses to curb identity fraud. 


Influence of NFTs on Cybersecurity and Identity Management

As businesses are going digital, keeping sensitive information secure and tamper-proof is becoming more difficult than ever. However, Non-Fungible Tokens (NFTs) are one of the crucial ways to make cybersecurity and identity management systems secure and unhackable. Many global firms are adopting NFTs to secure their client data. 

The following are a few examples of how NFTs can be used to promote cybersecurity:

Integrated Security Features 

NFTs aren’t directly used but are combined with other security measures to increase the productivity of cyber security systems. This includes, encrypting the messaging services, and generating digital ownership signatures on transactions. Other than this, NFTs also interact with identity verification services through authentication, to assure the customers are onboarding with legit identities. Despite all benefits,  NFTs are also being used to uplift security measures as they are hard to replicate and link to other virtual assets. The cryptographs also improve data protection. Furthermore, NFTs can also provide an extra level of security for businesses and individuals, aiming to secure their transactions or operations.

Smart Encryption and Validation

NFTs come up with a “smart encryption and validation” method that enhances the effectiveness of security systems, making them secure. This system is particularly designed for the businesses that are providing trading services. NFTs smart encryption and validation uplift the identification and security of public as well as private blockchain databases.

Thus, the encryption and validation technology of NFTs is inevitable. It imprints digital signatures to each asset or transaction making it impossible for criminals to replicate it. This is how NFTs are preventing stealing of assets in the digital ecosystem.

How Shufti Pro Can Help

NFTs and blockchain technology are considered as the optimum ways to overcome identity fraud and financial crimes. Proof of ownership and digital signatures ensure that the data remains unbreachable. This concept will allow SaaS providers to enhance online identity verification solutions and cyber security protocols.

Shufti Pro’s state-of-the-art online identity verification services are an ideal solution for every type of business providing digital services. AI-backed ID verification services enable companies to determine the identities of customers before getting them onboard with 98.67% accuracy in less than a second.

Want to know more about the identity verification solution?


IMF Urges El Salvador to Restrict Cryptocurrencies as Legal Tender Amid Money Laundering Risks

The International Monetary Fund (IMF) is persuading El Salvador to revoke the initiative of making bitcoin as a legal tender, citing money laundering risk linked with digital currencies.

The IML published a report on Tuesday, in which details regarding its stances why the Central American Nations should restrict the cryptocurrency usage and narrow down the Bitcoin law, which was passed in June 2021, after being approved by senate members.

Bitcoin’s use as legal tender “entails large risks for financial and market integrity, financial stability, and consumer protection,” they said in the report. “It also can create contingent liabilities.”

The IMF directors are calling for stricter cryptocurrency regulation for Chino, El Salvador’s official e-wallet, and highlighted their concerns over the risk linked with the issuing of bitcoin-powered bonds. While these bonds complimented the nation for “rebounding quickly” amid the coronavirus pandemic, which has helped reduce the economic crisis in-country. The IMF directors also pointed out the El Salvador fiscal vulnerabilities, arising from the public debt-to-GDP ratio, which authorities said, have increased.

In addition to this, IMF has also advised El Salvador to enhance and streamline its anti-corruption, Anti-Money Laundering (AML), and Counter-Terrorism Financing (CTF) framework with global standards.

However, this was not the first time the IMF has raised concerns over El Salvador’s move of making bitcoin a legal tender. Other than this, the financial institution said that adopting bitcoin as an official tender “raises a number of macroeconomic, financial, and legal issues that require very careful analysis.”

El Salvador became the first country in September 2021 when it officially made cryptocurrencies legal to elevate the virtual assets as equal to the US dollar, its other local currency. Since then, the country has brought more than 1,000 coins. 

Suggested Read: El Salvador’s Adoption of Bitcoin as Legal Tender Raises ML/TF Risks


Jamaican Senate Approves Order to Combat Money Laundering

The Jamaican Senate recently approved the Proceeds of Crime (DNFBPs)(TCSPs) Order, 2022, which is said to improve Jamaica’s stance in the fight against money laundering.

The Order provides for the designation of Trust and Corporate Services Providers as Designated Non-Financial Institutions. Matthew Samuda, who originally brought the order before the Senate, stated that the designation significantly changes Jamaica’s stance to tackle money laundering.

The Order is also set to improve Jamaica’s compliance regime with international obligations of financial regulators. Samuda stated that in February 2020, the Financial Action Task Force (FATF) placed Jamaica on a ‘grey list’ for failures in Anti-Money Laundering/Combatting the Financing of Terrorism (AML/CFT) systems.

The Minister further stated that once a country is ‘grey listed’ by the FATF, the European Union (EU) parliamentary law requires that the European Commission puts that country on a ‘blacklist’, which means it will be considered a high-risk third country.

“In light of our inclusion on the Grey List and its implications, crucial steps are being taken to strengthen the effectiveness of Jamaica’s AML/CFT framework and address identified technical compliance deficiencies with the Financial Action Task Force (FATF) recommendations,” he said.

Senator Samuda also highlighted that the Proceeds of Crime Act of 2007 is a crucial legislative tool in Jamaica’s fight against Money Laundering and the Financing of Terrorism (AML/CFT).

He added that the Act lays obligations for businesses in regulated sectors to incorporate sufficient measures to prevent and detect money laundering.

“It should be noted that the designation of the Trust and Corporate Services Providers as Designated Non-Financial Institutions under the Act will allow any person or entity providing (a) a trusted service, or (b) a corporate service to fall within the regulated sector. This will also support the International Corporate and Trust Services Providers Act recently passed in December 2021 that came into effect on December 24, 2021,” he said.

Lastly, the Senator said that Trust and Corporate Services Providers are categorized under Recommendation 24 of the FATF as Designated Non-Financial Businesses and Professions (DNFBPs).

Suggested read: Money Laundering Ring Pushed $4bn through 60 HSBC Accounts within 2 Years


Real Estate Money Laundering Rises, KCB Dragged to Court for AML Breach

Real Estate development and construction company Tirupati Development Limited has dragged KCB Bank to court over money laundering, and statutory duty breach allegations.

The lawsuit which has been filed in Uganda’s High Court originates from a loan scheme worth $7,000,000 extended to Tirupati by KCB Bank in July 2021. However, according to the company’s lawsuit filed by Aegis, Kirunda, and Wasige advocates, the plaintiff provided a set of loan certificates which were provided to KCB Bank.

“By the loan agreement between Plaintiff and Defendant, the parties agreed that an amount of US$ 5,140,000 was to be disbursed to Plaintiff on account of the syndicated loan facility between July 2012 and August 2013. A further disbursement of US$ 1,584,000 between September 2013 and August 2014 was to be made. Final disbursement of US$ 276,000 was to be effected in September 2014,” the suit reads in part.

While the KCB Bank has agreed to pay a total of $7,000,000, Tirupati’s lawyers said that only $6,990,000 was returned.

“KCB agreed to charge Plaintiff’s loan negotiation fees in the sum of 0.5% of the loan amount. This amounted to US $35,000. They [KCB] failed and willfully refused to provide the Plaintiff with a breakdown of how the loan negotiation amount charged was arrived at, they debited the Plaintiff’s accounts to meet costs of a suit after the parties had agreed that each party would bear their own costs in respect of the Consent Judgment in Civil Suit No. 516 of 2017.”

Furthermore, the company’s lawyers allege that in August 2016, the bank opened and operated two US dollar-denominated loan accounts in the name of Tirupati without their consent. The accounts were account number 1059906732 with the KCB Kenya and account number 2150226057 with KCB Uganda.

“In January 2017, the KCB Uganda opened and operated another new US dollar current account No. 2290351628 in the names of the Plaintiff, without the Plaintiff’s authorization, consent nor knowledge,” lawyers added.

In addition to conspiracy to defraud, Tirupati says that the above-alleged actions and transactions also constituted money laundering by KCB Bank.

“The Plaintiff has received conflicting statements of transactions on its accounts covering the period of the entirety of the loan and beyond the consent judgment, which clearly indicate highly suspicious transactions akin to money laundering and theft by the 2nd and 3rd Defendants [KCB Uganda and KCB Kenya] collectively,” lawyers say. “These transactions confirm that the KCB Bank failed to manage the risk of financial crime and IT fraud when they maintained separate ledgers for the Plaintiff’s accounts.”

Tirupati contends that the KCB Bank utilized her United States Dollar and Uganda Shillings accounts in the manner depicted above including pretended extensions of credit purposely to make any audit trail difficult.

“These actions were also calculated to avoid triggering any statutory requirements by Bank of Uganda and the Financial Intelligence Authority, as regulators of financial institutions, to file suspicious activity reports required by law, and avoid scrutiny by regulators and law enforcement in the two jurisdictions of Uganda and Kenya.”

“The Plaintiff [Tirupati] contends that KCB Bank continues to this day to launder money through her named accounts. These actions did and continue to expose the Plaintiff, its shareholders, and directors to the legal and financial consequences and sanctions arising from the suspicion of engaging in illicit money laundering and probable terrorist financing, likely corruption, or payments procured through drug or child and sex trafficking through the illegal use of her accounts threatening her entire business enterprise.”

Thus, for the damages caused by the Bank for the company, Tirupati seeks court assistance to issue an order declaring that the KCB Bank misappropriated the Plaintiff’s funds of $995,466.78 and that it should be returned instantly.

Suggested Read: FSA Imposed £247,324 Fine on Standard Bank for “Serious Regulatory Failings”


FinCEN Wants Banks to Submit SARs to Affiliates Under AML Act 2021

FinCEN proposed a new rule that will allow banks to share suspicious activity reports with foreign affiliates to combat financial crimes. 

The Financial Crimes Enforcement Network (FinCEN) proposed a new law on Monday that will permit banks to share their suspicious activity reports to foreign affiliates more easily as an attempt to effectively combat illicit activities. 

On Monday, a bid to improve financial institutions’ (FIs) ability to counter money laundering was proposed. The new program is mandated under the Anti-Money Laundering Act that came into force last January. Public comments on the proposed guidelines will be taken in the next two months. 

Himamauli Das, FinCEN’s acting director said, “will assist financial institutions in further combating illicit finance risks.” 

Suspicious Activity Reports (SARs) serve as a key tool for government bodies and institutions to counter financial crimes like terror financing and money laundering. Previously, banks were allowed to share SARs with their foreign head offices only (foreign bank branches were not included in this). However, the new guidelines remove the barrier and permit banks to share SARs with affiliates too. 

Chair of the banking group at Debevoise & Plimpton LLP, Satish Kini said, “Institutions have been seeking to do this as a means of better managing their anti-money-laundering risks globally. It will facilitate more ready risk management because folks [abroad] will know that a SAR has been filed in the United States.” 

Daniel Stipano, partner at Davis Polk & Wardwell LLP stated, “Being able to effectively prevent and deter money laundering really depends heavily on being able to share information. If information is siloed…nobody has the full picture.”

According to FinCEN’s estimates, 100 banks will participate in the program which is scheduled to be terminated in January 2024. 

Suggested Read: FinCEN Proposes Beneficial Ownership Reporting Requirements 


“Cybercriminals are Tampering with QR Codes to Redirect Victims”, FBI Warns

The Federal Bureau of Investigation (FBI) has issued a warning regarding Malicious QR codes that are being used by criminals to scam Americans.

The FBI issued a warning as a public service announcement (PSA), that was published on the FBI’s Internet Crimes Complaint Center (IC3) earlier this week. The FBI warned citizens of America that cybercriminals are using malicious Quick Response (QR) codes to steal victims’ personal and financial credentials.

The law enforcement authority stated that the penetrators are replacing legit QR codes that are being used by the businesses for payment gateways with malicious ones to redirect the victims to bogus websites designed to steal Personally Identifiable Information (PII) along with the financial credentials. Furthermore, malware virus is then installed on their devices, or payments are diverted to criminals’ accounts.

“Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information,” the federal law enforcement agency said.

After the victims scan the codes that appear legitimate, they are directed towards criminals’ phishing websites, where customers are provoked to provide their financial credentials. Once, the financial information is entered, the cybercriminals get access to PII and use it to steal funds using hijacked bank accounts.

“While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code,” the FBI added. “Law enforcement cannot guarantee the recovery of lost funds after transfer.”

The federal investigation authority advised locals to pay attention to the URL they are sent after scanning QR codes, always verify the sites before providing any kind of information, and make sure that the physical QR codes have not been replaced with malicious ones. Last but not least, always enter the URLs by hand when making payments instead of scanning QR codes that probably could be set up to redirect to the phishing sites. In addition to this, people should also avoid installing applications from QR codes, instead use the apps that come with the smartphone’s operating system.

Like this, the FBI had issued another PSA associated with QR codes risk in November 2021, alerting the people of America of emerging fraud schemes like criminals using malicious QR codes and cryptocurrency ATMs to hinder efforts to recover financial losses. For example, in a recent phishing attack targeting German e-banking customers, criminals use QR codes instead of buttons in spam emails to make their activities impossible to determine by the bank’s cybersecurity systems and seamlessly redirect the victims to phishing websites. Unfortunately, customers were redirected to the malicious landing pages and ended up providing personal and financial information.

Suggested Read: SMS Phishing Scams are Impersonating State Agencies – FTC Warns


UK Government Proposes New Cybersecurity Laws

The UK government proposed new laws for cybersecurity last week to increase security standards in outsourced IT services. 

“New laws are required in order to increase security standards in outsourced IT services,” says the UK government. Moreover, the issued proposals include guidance for organisations on how to report cybersecurity incidents. 

The proposed laws aim to cope with the pace as technology advances and increases flexibility. Furthermore, the UK Cyber Security Council has been advised to create a standard for qualifications and certifications required from people working in cybersecurity. This will help them prove their efficacy to protect businesses in the digital space. 

Following the cyberattacks on SolarWind and Microsoft Exchange Servers, these plans were issued in order to overcome the vulnerabilities in vendor services. Only 12% of the organisations actually review the cybersecurity risks immediate suppliers pose on the company, says the report by the Department for Digital, Culture, Media and Sport. On the contrary, only 5% of companies address the loopholes in the wider supply chain. 

Minister of State for media, data, and digital, Julia Lopez said, “The plans we are announcing today will help protect essential services and our wider economy from cyber threats. Every UK organisation must take their cyber resilience seriously as we strive to grow, innovate and protect people online. It is not an optional extra.”

The proposal rolled out by the UK government states that:

  • Expand the scope of NIS Regulations that are typically provided by organisations that manage IT services. 
  • Large companies must provide better cyber incident reporting to law making bodies along with a requirement to notify regulators about the cyber attacks the organisation suffers. 

NCSC Technical Director Dr Ian Levy, said: “I welcome these proposed updates to the NIS regulations, which will help to enhance the UK’s overall cyber security resilience. These measures will ensure that cyber security risks are properly managed by organisations and those on whom they rely.”

Suggested Read: Global Identity Fraud Report 2020 – Shufti Pro 


FSA Imposed £247,324 Fine on Standard Bank for “Serious Regulatory Failings”

The Isle of Man Financial Services Authority (IOMFSA) has imposed EUR 247,324 fine on Standard Life Bank Isle of Man for “serious regulatory failings”.

The IOMFSA ordered the bank to pay the discretionary civil penalty, imposed under section 16 of the Act and in accordance with the FSA regulations 2015 of EUR 353,320 discounted by 30% to EUR 247,324. However, the level of regulatory action reflects that the bank cooperated with the regulatory authorities and agreed on their terms at an early stage, through incorporating IOMFSA’s Enforcement Decision-Making Process.

According to the investigations, authorities assured that the regulatory failings were isolated in nature rather than being spread across the business. The bank has effectively brought up significant changes in its operations, in an effort to overcome the shortcomings identified by the FSA. In addition to this, Standard bank found out in April 2021, that they had breached the terms of a Restraint Order issued by the Isle of Man Courts pursuant to the Proceeds of Crime Act 2008. “The Court order restrained, inter alia, the disposal, diminution, removal from the jurisdiction of and dealing with, money associated with suspected bank accounts in the name of a customer of Standard bank.”

The bank instantly notified the financial authority under Anti-Money Laundering and Countering the Financing of Terrorism regulation and the Financial Services Rule Book 2016.

The court order breach involved two stages: allowing the flagged customer accounts to transfer funds within Standard, and processing instruction from the restricted client for further transfer funds out of Isle of Man jurisdiction, albeit to another Standard Bank group entity. However, upon reviewing the Standard notification, determined that it should further investigate Standard’s compliance with AML/CFT regulations. The commencement of inquiries was notified to the bank in May 2021. 

After this, Standard submitted a comprehensive report to FSA, following its in-house investigations. Standard continued to determine the source of the breach and kept on sharing the finding with the financial watchdogs. In its conclusion, the Financial Service Authority said that the bank needs to apply “locks” either against restricted customers or suspected accounts. Such locks will be designed to health the financial services and to prevent unlawful transaction processing.

Other than this, the regulatory failing resulted in various breaches of Financial Services Rule Book 2016 by Standard:; “A breach of Rule 6.1 of the Rule Book in that Standard did not act with due skill, care, and diligence in carrying on a regulated activity; A breach of Rule 6.5 of the Rule Book in that Standard carried on business in a way likely to bring the Island into disrepute or damage its standing as a financial center; and A breach of Rule 8.3(2) of the Rule Book. This Rule requires that “The responsible officers of a license holder must establish and maintain appropriate internal and operational controls, systems, policies and procedures relating to all aspects of its business to ensure appropriate safeguards to prevent and detect any abuse of the license holder’s services for money laundering, financial crime, the financing of terrorism, or the proliferation of weapons of mass destruction”.

However, some failures also resulted in breaking AML and CFT Code 2019. Combining all these breaches, the Standard Bank Isle of Man was sanctioned with a civil penalty. But the bank has ensured to follow the criminal proceedings and to make efforts to overcome shortcomings.

Suggested Read: Swedbank Fined And Remains Under Investigation by US Authorities


FATF to Blacklist Uganda Over Money Laundering

The Executive Director of the Finance Intelligence Authority, Sydney Asubo stated that the FATF has warned to blacklist Uganda unless action is taken against money laundering by May 2022.

Appearing at the Committee on Finance, Asubo said that the Financial Action Task Force classifies countries in watchlists like the grey list and the black list depending on the weaknesses in overcoming money laundering. 

“Uganda was placed on the grey list in 2020. It means the country has been identified but it made commitments with the FATF to address the specific issues within a given time frame,” he said.

Asubo also added that the FATF exchanged statements with the Minister of Finance, who made commitments to address the identified issues by January 2022. The deadline was later extended to May 2022 due to the effects of Covid-19.

“Unfortunately, a number of issues are still outstanding so the FATF is concerned and has written that if these issues are not addressed, then the country will be moved to the blacklist,” he said.

The Executive Director mentioned that the situation is inevitable as the addition to the grey list will mean that the whole world will become aware of Uganda’s challenges in addressing money laundering.

“Some people have already started feeling the impact especially international transactions which would take a day or two, are now taking a week or two. That process of scrutiny is beyond the normal scrutiny,” he said.

Based on the FATF evaluation, Uganda was considered largely compliant for five of the 40 Recommendations. 

Asubo added that although the FIA has significantly contributed to fulfilling the requirements, the other ministries, departments, and agencies have fallen behind, including the ones under the Ministry of Finance, Internal Affairs, and Justice. 

“I am happy to report that all the things that FIA was supposed to do have been done. The obligation to fulfill those requirements lies not only on the FIA,” he said.

Suggested read: FATF and EU Delist Bahamas from AML Blacklist

data breach exposes

Data Breach Exposes 515,000 IDs, More Cases of Synthetic ID Fraud to be Expected?

Hackers broke into the servers at the International Committee of the Red Cross and accessed personal and confidential information of over half a million vulnerable individuals. 

The International Committee of the Red Cross, known globally for assisting war victims, says that hackers breaches the servers hosting its data and gained access to the data of 515,000 individuals.

The Geneva-based company stated on Wednesday that the breach by unknown intruders affected the personal information of 5,15,000 people “including those separated from their families due to conflict, migration, and disaster, missing persons and their families, and people in detention.”

The personal information that was accessed by hackers is said to originate in at least 60 Red Cross and Red Crescent chapters throughout the world.

“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure,” Robert Mardini, the ICRC’s director-general, said in a statement.

“We are all appalled and perplexed that this humanitarian information would be targeted and compromised.” The ICRC stated that the breach was targeted at an external contractor in Switzerland that keeps data for the humanitarian organization. There was no prior indication of the information being publicly shared or leaked. 

Crystal Wells, a spokeswoman of the Agency, said that while the ICRC cannot say for certain that the records were stolen “we feel it is likely. We know that they have been inside our system and have had access to our data.”

She also added that the ICRC had no intention to speculate about the ones behind the intrusion. 

Addressing the person or people behind the intrusion, Mardini issued an appeal: “The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak, or otherwise use this data.”

This indicates that the ICRC suspects the hackers to be criminals looking to profit off the data for the purpose of ID theft. The Agency also stated that the breach forced them to shut down its “Restoring Family Links” program, which was aimed at reuniting family members separated by conflict, disaster, or migration.

After such a large-scale data breach, chances are that identity fraud cases will further increase in the future. 

Suggested read: – Surge in Identity Theft Frauds During Covid-19

bpi crack dwon

BPI Crackdowns on Money Mules to Secure Financial Institutions

The Bank of Philippine Islands (BPI) was flagged on Wednesday as it was suspected to be involved in an industry-wide proliferation of money mules.

BPI as a precaution advised its customers and the public to be careful regarding the tricks used by money launderers and never share personal or financial details with anyone. This initiative is aimed to decrease the number of money muling activities, which is considered to be a serious offense by law. Money mules operate similar to drug mules, as these entities provide cash washing pipelines instead of drugs. Money mules transfer illegally obtained capital on behalf of third-party entities, allowing money launderers to route money in the national legal financial systems without revealing their identities.

Since the last two years, the number of mule accounts has been significantly increasing, and it is found that the rapid shift towards digital services in the country has driven these activities, said Noel Santiago, BPI’s chief digital officer.

“They are usually used as conduits by criminals so that they can launder big sum[s] of money acquired from crimes like online scams, human trafficking, drug trafficking, among others,” Santiago said.

However, money muling is labeled illegal under the Anti-Money Laundering Act, 2001. The individuals found guilty may face imprisonment, sanctions, and account closure. 

“As in any transition, the criminal minds find ways and means to see where the opportunities are. In the past, to open an account, clients were required to go to the branch and present themselves and their IDs — so there’s a natural deterrent for anybody who has an intent to commit a crime or intent for fraud,” Santiago said.

“In the last couple of years, as we shifted to a more digital lifestyle, we made it more convenient for legitimate clients to be onboarded, to be accepted in the financial industry. Now, this is where those criminal minds saw an opportunity and said, ‘Maybe I can create digital accounts that can be used as a mule account,’” he added.

Money launderers also hire individuals with existing bank accounts in exchange for cash or commissions. However, such schemes were advertised on social media platforms to scam people.

“As an example of how these fraudsters do it, they approach unsuspecting victims and borrow their account for the purpose of receiving a remittance from someone. They make the story and the delivery so compelling and attractive. Some accounts are being sold for thousands of pesos for usage. They use social media to advertise and sad to say, some people fall victim to this,” he said.

The Bank of Philippine Island ensured that it had been working with the Bankers Associations of the Philippines to improve the national cybercrime law. According to Santiago, making mobile number registration would be a great initiative to detect and eliminate money mules.

“We have capabilities to keep track of [a] significant amount, frequency, velocity, and even being able to ascertain through artificial intelligence the possible destination before it gets out of the bank. This is among the many tools and efforts that we have. But we also trust that the legislative branch will expedite the amendment and enactment of policies to protect more Filipinos not only from falling prey to the money mule scam but also from cybercriminals in general,” he said.

Suggested Read: “Money Mule Crimes Double in Cork, Students are an Easy Target”, Says the Police

2022-01-19 news 2

FCA Dismisses Temporary Permissions of 4 EU Firms Operating in the UK

UK’s Financial Conduct Authority (FCA) has called out EU firms operating in the UK to meet their standards to remain in the temporary permissions regime (TPR).

On Tuesday, 18 January 2021, the UK Financial Conduct Authority made an announcement to inform European firms operating their businesses in the UK that they must meet the FCA’s standards to remain in the temporary permissions regime (TPR).

In order to reduce the impact of Brexit on businesses, the UK government created the temporary permissions regime for firms based in the European Economic Area (EEA), which comprises all European Union (EU) countries, including Iceland, Liechtenstein, and Norway.

With the temporary permissions regime, the firms based in these countries that were previously not able to operate in the UK before the end of the Brexit transition period (31 December 2021) were enabled to operate temporarily.

However, in the statement on Tuesday, the FCA confirmed the approach it will take for European firms temporarily operating in the UK. The FCA said that the TPR is only applicable to firms that are willing to continue operating in the UK in the long term and are able to meet the FCA’s standards in doing so.

On the other hand, companies that fail to comply with these rules, including failure to fulfill mandatory information requests or lack of intentional application for full authorization, will be stopped from continuing business and could be dismissed from the TPR entirely.

The FCA also shared that it has already canceled the permissions of 4 firms for not responding to the mandatory information requests, despite the authority asking them multiple times. As a consequence, these 4 firms are no longer allowed to do conduct business operations in the UK and will face criminal proceedings if they attempt to do so.

Emily Shepperd, executive director of authorizations at the FCA, said: “The U.K. is open for business, but not to firms who do not meet our regulatory expectations. We expect firms operating under the regime to be responsive to our requests for information, and that are coherent in their business planning. We will continue to act against firms that fail to meet our standards.”

Suggested read: FCA Spends $650K to Beef up its AML Control for the Crypto Industry

2022-01-19 news 1

FCIU Uncovers Money Laundering Patterns Through Social Media Scams

South Yorkshire law enforcement authority has seized EUR 70,000 placed in the illicit gambling account belonging to a victim manipulated by money launderers.

South Yorkshire Police received information in October 2021 from the National Crime Agency (NCA), after suspicious patterns were determined in an online gambling account. According to the investigation conducted by Financial Crime Investigation Unit (FCIU), revealed that the locals had been manipulated by money launderers and ended up providing their personal information through social media scams.

However, without victims’ consent, their personally identifiable information was then used to open digital gambling and banking accounts, having the objective to launder black money. FCIU conducted several inquires with the bank, but the person who set up the account could not be identified. Following further inquiries by police and FCIU, an Account Forfeiture Order was issued for the suspected gambling account which had a balance of more than EUR 70,000. The cash was instantly seized and will be handed over to the Home Office, which will return haft of the funds to the Police and Crime Commissioner (PCC) to use in various local community projects.

Temporary Detective Sergeant Paul Douglas, from the FCIU, said: “Over the last six months, our FCIU officers have deprived criminal money laundering gangs of over half a million pounds held in fraudulent accounts. Half of this money will now be used by the PCC to support a range of good causes in our communities across South Yorkshire.”

He added,“While incidents like this are very shocking and traumatic for those that sadly get wrapped up in fraudulent activity, we are pleased that in this case, we have been able to intervene and put a stop to this particular activity at an early stage before it escalated further and caused additional stress for the victim. I would like to remind the public that they should never provide anyone they do not know personally with copies of their personal documentation such as passports or driving licenses – under any circumstances. Unfortunately, there are people out there living within our communities who are not genuine, and therefore we ask people to be extra vigilant and cautious when asked for their personal details, especially via social media.” 

South Yorkshire Police and Crime Commissioner, Dr. Alan Billings, added: “The stress caused by such deception can be overwhelming for individuals who fall victim to these scams and I thank the police’s Financial Crime Investigation Unit for their hard work in achieving this result. I am pleased that many local community projects across South Yorkshire will benefit from the conclusion of this incident.”

Suggested Read: Money Laundering Becomes Another Cause of Poverty, Says UN


Online Gaming Company Fined €386,000 for AML Failings

Online Amusement Solution Limited, a gaming company, was fined more than €386,000 by the FIAU for failing to adhere to anti-money laundering rules.

According to the Financial Intelligence Analysis Unit, Online Amusement Solution Limited was fined as the company failed to report suspicious activities and did not implement measures to monitor politically exposed players on its gambling sites.

An administrative penalty of €386,567 was imposed on the gaming company for violations of anti-money laundering rules after an on-site inspection was carried out in 2019.

The Birkirkara-based gaming company owns several betting sites including Champions Bet, Tip Bet, and Bet 14. FIAU officials found 16 player profiles operating on the company’s gambling platforms that had transactions with suspicious patterns and required monitoring. 

The FIAU stated that it was evident that Online Amusement Solution Limited was not monitoring or investigating players’ transactions efficiently. The absence of automated triggers meant that the company was unable to identify any instances where an industry-wide threshold of €2,000 was reached. 

As a result, the company failed to perform effective monitoring and did not report any suspicious activity. The rules for the prevention of money laundering require gaming companies to implement basic due diligence checks when a player deposits an amount between €2,000-€15,000. 

The company official in charge of the anti-money laundering system stated they had asked for the players’ tax return statements, but 80% of them went unanswered.

It was also found that the players’ accounts with the company were not closed in time. Although the company states that they searched the players’ social media profiles, no evidence was found.

Suspicious behavior that the company failed to monitor included a 25-year-old player withdrawing more than €117,000 after he placed bets using prepaid cards.

Later the FIAU found that the player had deposited money 68 times in one month alone using prepaid cards. This suspicious behavior should have prompted the company to perform enhanced ongoing monitoring on the player and identify the sources of the funds.

Suggested read: Gaming & Investment Firms in Malta Penalised with €4.6M for AML Failures


FIU to Audit Crypto Exchanges, Aiming to Reduce Money Laundering

Financial Intelligence Unit under Financial Services Commission to audit Korea’s cryptocurrency exchanges, aiming to prevent money laundering activities. 

Growing concerns regarding cryptocurrency exchanges’ involvement in money laundering have opened the eyes of financial watchdogs. Due to this, the country’s digital currency firms will come under inception by the regulatory body for the first time.

At the start of next month, the Korea Financial Intelligence Unit (FIU) under the Financial Services Commission will be auditing Upbit, Bithumb, Coinone, and Korbit, which are the top four virtual asset service providers in the crypto exchange market, inspecting whether they have anti-money laundering systems and other precautionary measures in place.

While working with Financial Supervisory Services, the FIU will keep an eye on operators whether they have made improvements that they had demanded when they were registering themselves as cryptocurrency companies. The examination will also verify that digital currency exchanges have incorporated Know Your Customer (KYC) systems that can identify and authenticate customers’ identities when opening an account and maintaining their status. The financial watchdog will also investigate whether the operators are precisely reporting suspicious transactions.

However, the operators that fail to comply with regulatory obligations will be subject to strict scrutiny in the second half of the year. FIU will determine whether the exchanges will require currency transaction reports to curb money laundering. In addition to this, staying put with FATF’s travel rule is also necessary, as it mandates virtual assets service providers to gather and share clients’ transaction data. The cryptocurrency businesses may face regulatory penalties and a maximum fine of 100 million ($84,000) per violation. 

Naver Financial, Kakao Pay, and Toss will most likely be examined by FIU this year, as part of the inquiry into 124 cryptocurrency businesses. The financial watchdogs are all set to comprehensively examine business whether they have internal control systems along with robust KYC mechanisms in place. In addition to this, the FIU will also incept 60 private money lenders and nine gambling operators on whether they are complying with regulations

Suggested Read: Estonian Government to Strengthen AML Framework to Lift Crypto Ban

2022-01-17 news 1

UAE to Step Up AML Measures to Avoid FATF’s Grey List

After FATF’s warning to grey list the UAE for AML failures, the region is set to step up compliance efforts to avoid becoming part of global watchlists.

Last week, Bloomberg revealed that discussions are underway to grey list the United Arab Emirates since the country failed to identify and curb money laundering risks. That being said, UAE has dramatically stepped up its efforts to fight financial crimes like terror financing and money laundering. 

UAE was seen as a magnet for financial crimes for a long time and back in April 2020, the global financial watchdog FATF warned the region to work closely on its AML protocols and strengthen compliance in vulnerable sectors. 

“We took the recommendations on board and started to change,” Ahmed Al Sayegh, minister of state at the foreign ministry, said during an interview with the Financial Times. “We believe we have made significant progress – the bar has been set very high.”

According to Western officials, the UAE has made progress but it still cannot avoid being on the grey list. FATF’s grey list currently has 23 countries, including Yemen, Syria, Panama, and Zimbabwe. For the UAE, the decision is yet to be finalised. 

Al Sayegh, who is a part of the AML task force, said, “Regardless of the outcome, we now have an action plan”. The United States describes the rapidly growing economy of UAE as “transshipment point for illegal narcotics and a master key for drug revenue”. Dubai is a tax-free location making it convenient for criminals to hide illicit funds, especially in the state’s flourishing real estate sector and gemstone market. 

Bankers find it unlikely to deter financial institutions that seek to establish in the UAE if it is placed on the grey list. However, reputational damage costs might increase for local banks with a global clientele. “It wouldn’t be a deal breaker, but it’s not something we would like to see,” an official said.

FATF’s executive secretary, David Lewis (who resigned last year) said, “The UAE is a large, complex jurisdiction, it is a connection point for many illicit funds, but they have a high level of political commitment to deal with this and they have shown this to the FATF. He added that even though the UAE avoids the grey list, “they [will still] have challenges and more work to do, I’m sure.

Suggested Read: UAE Government Stepping Up Against Prevalent Crimes

More posts