Risk Outlook Anti money Laundering and Cybercrime Steve Wilmott and George Hawkins

Introductions Steve Wilmott, Director of Intelligence and Investigations George Hawkins, Senior Technical Advisor, Risk Analysis and Research

Today’s agenda Introduction to the Risk Outlook 2015 Anti Money Laundering landscape – Thematic review and findings Cybercrime and Information Security update

Risk Outlook 2015 Launched in July, report and bespoke online tool Provides an overview of our priority risks Information about trends, how to control risks and includes case studies Our priorities risks are…

Today’s focus Anti Money Laundering Cybercrime For information about the other priority risks – Read the Risk Outlook 2015 report – Go online and use our “priority risks” tool – Come and chat with the team in the Palace Suite

Anti Money Laundering landscape We are seeing an increase in reports concerning AML compliance (ML Regulations and/or Proceeds of Crime Act) We are investigating a very small number of substantial cases We have seen increased interest in this area from law enforcement The legal services market, solicitors and the ‘client account’ are attractive to organised crime

External drivers (1) Financial action task force (FATF) inspection of the UK Spring 2017 (Legal profession will be a priority? – see FATF report June 2013) 4th Money Laundering Directive SAR numbers and quality – Total 354,000 last year 3600 reduction in SAR from the profession 8% 2014 (1 % of all SAR)

External drivers (2) Quality of consent SARs – NCA report February 2014 Refusing SAR on quality from 1st October 2014 Home office campaign New criminal legislation

Our thematic work Between October 2014 and May 2015, we undertook work on AML compliance with solicitors and firms Visiting firms that are within Regulatory Management and those subject of a forensic investigation We visited over 250 firms Report October

Thematic work - objectives Evaluate the effectiveness of policies, systems and controls Identify good/poor behaviours in a firm’s AML compliance Understand the role of the MLRO Understand the level of AML knowledge and training Better understand why SARs have decreased Provide recommendations where appropriate

Findings Substantial but very positive interaction Largely positive – some weaknesses Good and poor examples in the report MLRO – position and level of experience within organisation varies MLRO – accessibility issues, level of training

Findings (continued) Culture within organisation is key Policy and Procedures – accessibility, not up to date, varies in detail, some rarely challenged or tested Recording and reporting – registers, yearly report Training – varied, who its delivered to, records not up to date Many delivering training – but of varying quality

Recommendations Return visits to around 10 percent of firms No direct regulatory action as a result of findings Advice to firms – Review the role of the MLRO and ensure they are properly trained and fit in with your organisation at the right level – Review your staff training and refresh at regular intervals

Recommendations (continued) Review your policies and procedures (including reporting) and update Make sure you have good and easily identifiable reporting and reporting procedures Update your senior management regularly Get to know the NCA UK Financial Intelligence Unit if you report regularly – they are extremely helpful

Cybercrime and information security Cybercrime is an increasing trend UK wide Law firms hold personal data and significant sums of money Information Commissioners Office report that solicitors and barristers are fourth most frequent subjects of investigations into data breaches No question that law firms are targeted

Cybercrime and information security We do not want to deter firms from using technology to better serve clients, making legal services more accessible Risks can be managed – sometimes using simple steps But we have seen an increase in the sophistication of cybercrime and other scams

What we’ve seen We have seen numerous attempts – some succeed Funds lost £50k to £2m Huge impact on victim – reputation, disruption, precipitating financial instability Who pays? You, insurer, bank, client?

Five key areas Malware Downloaded onto your computer through websites or s Instructs your computer to access information, give away data or encrypt files “cryptolocker” example – requests firms pays a sum before being able to access files (ransomware)

Five key areas Phishing sent to you asking you to do something Can purport to be from your bank, police, regulator other solicitor or client Can be extremely convincing Replicates genuine individual or organisation Designed to make you part with money or data

Five key areas redirection sent from third party saying funds should be sent to a new account Hackers can intercept s between parties often advising of change of bank details Solicitors receive saying send funds to client or firms new account Client’s receive instruction by to send funds to same firm/organisation but different account number and or bank Usually property transactions Who pays – insurer, you, client?

Five Key areas Vishing Telephone scam - claiming to be from bank, police, regulator, other firm Try to obtain your password details or even get you to transfer money to an account whilst on the telephone

Five Key areas Vishing Stories include bank fraud department or police – saying your account is under attack. May know about you and your partners, staff (they research) Can use numerous stooges (other people join call) Can suggest you call back (they stay on the line waiting) Can even replicate genuine caller numbers on caller display

Five key areas Standing Order / Mandate Fraud Setting up new or changing existing standing orders so funds sent elsewhere Can purport to be a current supplier or a new one Often undetected for sometime Can be used for one-off invoicing

Cybercrime and Bogus Firms Two risks that are linked We send out bogus firm alerts (183 in 2014) Can purport to be a new firm but often seeks to steal the identity of a genuine firm or a variation of the two Used to add credibility to a transaction Examples, cold contacting regarding estate administration to ‘high yield’ or property escrow accounts and major frauds

Controls and Protection Can be simple and not costly Keep passwords secure and not easily guessable Keep software security updated Train staff including non-fee earners such as finance dept NO bank, police service or regulator would EVER ask you for passwords, the transfer of money or screenshots Don’t doubt how clever and sophisticated they are

Controls and Protection If in doubt terminate the call Do not use number provided by the caller to call back Use a separate telephone line and an independently verified number to contact your bank/police/regulator If a victim report immediately to bank, police, insurer and regulator Set up a crisis management process within your firm – who does what

Controls and Protection (1) If client or firm want to change bank details follow all usual steps: – including ID verification – take no shortcuts – do not rely on an or phone call Advise your clients Check mandates and standing orders regularly

Controls and Protection (2) Do a web search to ensure your firm is not being copied If you suspect you are being cloned report to Action Fraud and regulator They make thousands of calls and send thousands of e mails – they only have to get lucky once If in doubt – STOP and CHECK

Questions?