Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Outlook Anti money Laundering and Cybercrime Steve Wilmott and George Hawkins.

Published byPiers Burns Modified over 8 years ago

Similar presentations

Presentation on theme: "Risk Outlook Anti money Laundering and Cybercrime Steve Wilmott and George Hawkins."— Presentation transcript:

1 Risk Outlook Anti money Laundering and Cybercrime Steve Wilmott and George Hawkins

2 Introductions Steve Wilmott, Director of Intelligence and Investigations George Hawkins, Senior Technical Advisor, Risk Analysis and Research

3 Today’s agenda Introduction to the Risk Outlook 2015 Anti Money Laundering landscape – Thematic review and findings Cybercrime and Information Security update

4 Risk Outlook 2015 Launched in July, report and bespoke online tool Provides an overview of our priority risks Information about trends, how to control risks and includes case studies Our priorities risks are…

5

6 Today’s focus Anti Money Laundering Cybercrime For information about the other priority risks – Read the Risk Outlook 2015 report – Go online and use our “priority risks” tool – Come and chat with the team in the Palace Suite

7 Anti Money Laundering landscape We are seeing an increase in reports concerning AML compliance (ML Regulations and/or Proceeds of Crime Act) We are investigating a very small number of substantial cases We have seen increased interest in this area from law enforcement The legal services market, solicitors and the ‘client account’ are attractive to organised crime

8 External drivers (1) Financial action task force (FATF) inspection of the UK Spring 2017 (Legal profession will be a priority? – see FATF report June 2013) 4th Money Laundering Directive SAR numbers and quality – Total 354,000 last year 3600 reduction in SAR from the profession 8% 2014 (1 % of all SAR)

9 External drivers (2) Quality of consent SARs – NCA report February 2014 Refusing SAR on quality from 1st October 2014 Home office campaign New criminal legislation

10 Our thematic work Between October 2014 and May 2015, we undertook work on AML compliance with solicitors and firms Visiting firms that are within Regulatory Management and those subject of a forensic investigation We visited over 250 firms Report October

11 Thematic work - objectives Evaluate the effectiveness of policies, systems and controls Identify good/poor behaviours in a firm’s AML compliance Understand the role of the MLRO Understand the level of AML knowledge and training Better understand why SARs have decreased Provide recommendations where appropriate

12 Findings Substantial but very positive interaction Largely positive – some weaknesses Good and poor examples in the report MLRO – position and level of experience within organisation varies MLRO – accessibility issues, level of training

13 Findings (continued) Culture within organisation is key Policy and Procedures – accessibility, not up to date, varies in detail, some rarely challenged or tested Recording and reporting – registers, yearly report Training – varied, who its delivered to, records not up to date Many delivering training – but of varying quality

14 Recommendations Return visits to around 10 percent of firms No direct regulatory action as a result of findings Advice to firms – Review the role of the MLRO and ensure they are properly trained and fit in with your organisation at the right level – Review your staff training and refresh at regular intervals

15 Recommendations (continued) Review your policies and procedures (including reporting) and update Make sure you have good and easily identifiable reporting and reporting procedures Update your senior management regularly Get to know the NCA UK Financial Intelligence Unit if you report regularly – they are extremely helpful

16 Cybercrime and information security Cybercrime is an increasing trend UK wide Law firms hold personal data and significant sums of money Information Commissioners Office report that solicitors and barristers are fourth most frequent subjects of investigations into data breaches No question that law firms are targeted

17 Cybercrime and information security We do not want to deter firms from using technology to better serve clients, making legal services more accessible Risks can be managed – sometimes using simple steps But we have seen an increase in the sophistication of cybercrime and other scams

18 What we’ve seen We have seen numerous attempts – some succeed Funds lost £50k to £2m Huge impact on victim – reputation, disruption, precipitating financial instability Who pays? You, insurer, bank, client?

19 Five key areas Malware Downloaded onto your computer through websites or emails Instructs your computer to access information, give away data or encrypt files “cryptolocker” example – requests firms pays a sum before being able to access files (ransomware)

20 Five key areas Phishing Email sent to you asking you to do something Can purport to be from your bank, police, regulator other solicitor or client Can be extremely convincing Replicates genuine individual or organisation Designed to make you part with money or data

21 Five key areas Email redirection Email sent from third party saying funds should be sent to a new account Hackers can intercept emails between parties often advising of change of bank details Solicitors receive email saying send funds to client or firms new account Client’s receive instruction by email to send funds to same firm/organisation but different account number and or bank Usually property transactions Who pays – insurer, you, client?

22 Five Key areas Vishing Telephone scam - claiming to be from bank, police, regulator, other firm Try to obtain your password details or even get you to transfer money to an account whilst on the telephone

23 Five Key areas Vishing Stories include bank fraud department or police – saying your account is under attack. May know about you and your partners, staff (they research) Can use numerous stooges (other people join call) Can suggest you call back (they stay on the line waiting) Can even replicate genuine caller numbers on caller display

24 Five key areas Standing Order / Mandate Fraud Setting up new or changing existing standing orders so funds sent elsewhere Can purport to be a current supplier or a new one Often undetected for sometime Can be used for one-off invoicing

25 Cybercrime and Bogus Firms Two risks that are linked We send out bogus firm alerts (183 in 2014) Can purport to be a new firm but often seeks to steal the identity of a genuine firm or a variation of the two Used to add credibility to a transaction Examples, cold contacting regarding estate administration to ‘high yield’ or property escrow accounts and major frauds

26 Controls and Protection Can be simple and not costly Keep passwords secure and not easily guessable Keep software security updated Train staff including non-fee earners such as finance dept NO bank, police service or regulator would EVER ask you for passwords, the transfer of money or screenshots Don’t doubt how clever and sophisticated they are

27 Controls and Protection If in doubt terminate the call Do not use number provided by the caller to call back Use a separate telephone line and an independently verified number to contact your bank/police/regulator If a victim report immediately to bank, police, insurer and regulator Set up a crisis management process within your firm – who does what

28 Controls and Protection (1) If client or firm want to change bank details follow all usual steps: – including ID verification – take no shortcuts – do not rely on an email or phone call Advise your clients Check mandates and standing orders regularly

29 Controls and Protection (2) Do a web search to ensure your firm is not being copied If you suspect you are being cloned report to Action Fraud and regulator They make thousands of calls and send thousands of e mails – they only have to get lucky once If in doubt – STOP and CHECK

30 Questions?

Download ppt "Risk Outlook Anti money Laundering and Cybercrime Steve Wilmott and George Hawkins."

Similar presentations

How Compliance Fits Sandra Dolson Wholesale Compliance Manager SLF Canada.

How Compliance Fits Sandra Dolson Wholesale Compliance Manager SLF Canada.
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
The New Anti-Money Laundering Regulations

The New Anti-Money Laundering Regulations
1 And Tips to Avoid Becoming a Victim Recent Cyber Crime Cases.

1 And Tips to Avoid Becoming a Victim Recent Cyber Crime Cases.
Anti Money Laundering (AML) An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Anti Money Laundering (AML) An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Deter, Detect, Defend: The FTC’s Program on Identity Theft.

Deter, Detect, Defend: The FTC’s Program on Identity Theft.
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.

1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
1 Financial Crimes Enforcement Network “FinCEN” Anna Fotias Senior Regulatory Compliance Specialist Office of Regulatory Policy 202-354-6400

1 Financial Crimes Enforcement Network “FinCEN” Anna Fotias Senior Regulatory Compliance Specialist Office of Regulatory Policy
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
Trends © Copyright NCA At least 1 in 4 organised crime groups retain a corrupt individual in the legitimate financial sector Illicit profits are often.

Trends © Copyright NCA At least 1 in 4 organised crime groups retain a corrupt individual in the legitimate financial sector Illicit profits are often.
ONLINE SAFETY Online safety Money Works: Level 1 Topic 3.

ONLINE SAFETY Online safety Money Works: Level 1 Topic 3.
FICA Financial Intelligence Centre Act. Agenda Functions of FICA Objectives of FICA What is a suspicious transaction ? How to report a suspicious transaction?

FICA Financial Intelligence Centre Act. Agenda Functions of FICA Objectives of FICA What is a suspicious transaction ? How to report a suspicious transaction?
Money Laundering 23 September 2014. Contents 1 What is money laundering? 2. The ‘primary’ money laundering offences 3. Failure to report and tipping off.

Money Laundering 23 September Contents 1 What is money laundering? 2. The ‘primary’ money laundering offences 3. Failure to report and tipping off.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Anti-Money Laundering Training Bill Jones T: 0161 828 1937 E:

Anti-Money Laundering Training Bill Jones T: E:
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Washington State Department of Financial Institutions “Regulating financial services to protect and educate the public and promote economic vitality.”

Washington State Department of Financial Institutions “Regulating financial services to protect and educate the public and promote economic vitality.”

Similar presentations

Ads by Google