UK Fraud Strategy

Or should that be counter fraud strategy …

On 3 May the UK government published its new “Fraud Strategy: stopping scams and protecting the public” and an accompanying “what it means to you” overview.

Not quite the “fundamental shift” in approach that is mentioned in the introduction, but there are some useful steps forward. Most of the press has focussed on the clampdown on cold calling and SMS scams that have led to a rise in authorised push payment (APP) fraud in the UK, Acton Fraud will be replaced and there will be a new 400 person National Fraud Squad (NFS) created.

A couple of items of more interest that have gained less attention.

Firstly, in the age of instant payments the new UK strategy seeks to “help banks slow down suspicious payments”.

And secondly, the Economic Crime and Corporate Transparency (ECCT) Bill will help in providing safe harbour for those that share data to address economic crime:

Expect to see a 10% reduction from 2019 pre-Covid levels by the end of this Parliament!

The Lazurus Hei$t

Excellent and well worth a listen, The Lazurus Hei$t, a new BBC World Service podcast, tells the story of the Bangladesh Bank robbery and the attempted theft of a billion dollars by the North Korean-linked Lazurus Group. The tale has it all, financial and personal impacts of the Sony Pictures cyber-hack, state sponsorship of cyber-crime, the creation of counterfeit currency that’s almost better than the original, hacker hotels, hacking of payment systems at Bangladesh Bank, the movement of 500kg of cash from bank premises with faulty CCTV, laundering of funds through an unregulated Filipino casino system, Japanese links to the North Korean leadership dynasty, abuse of the charity sector, and more casino mayhem in Macau.

A fantastic plot for a fictional movie, if the story wasn’t true.

One somewhat ironic take-away from it all (in a Scooby-Doo style) is that they would’ve got away with it if it hadn’t been for those pesky sanctions filters. A reported $1 billion transfer from the Federal Reserve Bank of New York, on behalf of Bangladesh Bank, to the Philipines based Rizal Commercial Banking Corp (RCBC) was never sent as the transfer to the branch location in Jupiter Street in Manila hit an OFAC SDN sanctions entry for “Jupiter“, an Iranian vessel. Another $20 million was stopped by another sanctions filter hit at Deutsche Bank against a spelling error of “fundation” where the hackers had tried to direct the funds to a, not entirely legitimate, nonprofit foundation in Sri Lanka.

Sanctions filter hit rates can be really bad, and often as poor as 1 in 20, that is one in every twenty transactions stopped for review when the filters are badly built or misconfigured. Of those hits, only a tiny fraction, less than 1%, are ever then reported as illegitimate transactions to regulators, so most of the work done by sanctions teams is wasted effort.

So the unanswered question “inefficient sanctions filters, a blessing or curse”? Well in this instance sanctions filters saved the day but more typically they are just creating cost and inconvenience for legitimate customers. Fixing and streamlining the poor quality of sanctions filtering is long overdue. It would remove cost, improve compliance, improve the speed and certainty of payments, and lead to a better customer experience.

And as to stopping those fraudulent payments, that’s the role of fraud prevention tools – not something detected by accident!

NCA – Annual Threat Assessment

The National Criminal Investigation agency has just published its annual threat assessment.

A very interesting report full of facts and figures and some lovely info-graphics. Strong evidence this year of Covid-19 playing its role in the changing landscape of crime and a clear demonstration of how quickly criminals adapt.

Many insights make depressing reading. Over £12bn of criminal cash generated annually, the scale of money laundering in the hundreds of billions, money mule activity, cyber-crime, ransomware and crypto-asset laundering on the up, child sex abuse increasing due to lockdown and increased online access, fraud at £3bn …

Sometimes though bigger numbers aren’t always bad. Here’s two that I’ll take as positives:

  • £172 million was denied to suspected criminals as a result of defence against money laundering requests (up by 31% – see the SARs Annual Report for detail);  and
  • £982 million of potential financial sanctions breaches were reported in the year ending March 2020. A 3.7 times increase from £262 million in 2018/2019.

Two indicators that firms are doing a better job in relation to financial crime compliance. More reports, more investigations, more disruption of criminal gangs.