Campion Willcocks Financial Crime Review
Volume 6: October 2023

Campion Willcocks Financial Crime Review

What's In This Edition

  • Industry Press and News
  • Regulatory Update: FCA: Proceeds of Fraud - Detecting and Preventing Money Mules; SRA AML Report 2022-23
  • Think Piece: Encrochat - A Great Criminal Hack by Genevieve Edusei


Industry Press and News

⚖️The Economic Crime and Corporate Transparency Act (ECCTA)⚖️

The ECCTA received Royal Assent on 26 October, following over a year of debate and amendments as it progressed through Parliament. The Act introduces a failure to prevent fraud offence, whereby a relevant body will be criminally liable should an individual associated to the body commit fraud to benefit the body and the reasonable procedures not be in place.

Source: GOV.UK

🔎Monetary Authority of Singapore (MAS) to conduct on-site inspection of Credit Suisse🔍

The ongoing money laundering scandal in Singapore has led the MAS to conduct an on-site inspection of Credit Suisse after one of the suspects within the scandal is alleged to have held c. £55m with the bank. The scandal broke with Singapore police arresting 10 foreigners in August as part of a suspected money laundering case.

Source: Business Times

👮Australian Money Laundering arrests👮

Australian Federal Police arrested seven suspected members of a nationwide crime syndicate, accusing them of laundering c. £118m through Changjiang currency exchange, which was being promoted by former Federal immigration minister, Gary Hardgrave.

Source: Sydney Morning Herald

💵ADM fined £6.47m for financial crime failings💵

Investment brokerage firm, ADM Investor Services International Ltd, was fined £6.47m by the FCA following prolonged financial crime related failures. The failures stem from concerns raised by the FCA in 2014 with ongoing issues persisting since this time.

Source: FCA


Regulatory Updates

FCA: Proceeds of Fraud - Detecting and Preventing Money Mules

The FCA published the key findings from their review of payment account providers’ systems and controls against money mule activity. The findings of the report are applicable to those working in financial crime and fraud roles within banks, building societies, PSPs and electronic money institutions, specifically MLROs.

 The highlights of the review are:

  • 40% of all crimes in the UK are incidents of fraud. This is a total of c. 3.7 million incidents in the year ending December 2022.
  • Fraudsters heavily rely on interconnected mule accounts to transfer and conceal the proceeds of fraud. These transactions can pass through various financial institutions or be converted into cash or cryptocurrencies, effectively masking the money trail, and funnelling the profits back to the criminal groups. In 2022, firms reported more than 39,000 accounts linked to mule activity to the National Fraud Database.
  • Good practices the FCA observed included: Innovative technological solutions such facial recognition systems, device profiling and geolocation to produce data which helps identify potential money mule networks. Use of machine learning systems in addition to static rules-based monitoring systems. Utilising the National Fraud Database as part of onboarding checks. Collaboration, use of reporting systems and lawful data sharing to analyse fund flows and identify and disrupt mule activity. Engaging with various external bodies to share findings and preventative measures to mitigate specific fraud typologies. Dedicated training for financial crime and fraud staff.
  • Areas for improvements: Outlier firms tended to have a lack of senior management oversight and lack of MI reporting to address risks and assess the impact of preventative actions taken. Insufficient data captured as part of onboarding, leaving the institution without sufficient information to assess the risks posed or understand the customer. Transaction monitoring systems not being sufficient to identify incoming, as well as outgoing, transactions. TM systems were also not identifying high value payments into new or previously dormant accounts. There is an over-reliance and insufficient understanding of machine learning monitoring tools and how they impact the business. Firms receiving fraudulent funds do not always respond quickly to the firm raising the alert, thus missing a potential opportunity to disrupt the fraud network.

Source: FCA

SRA AML Report 2022-23

The Solicitors Regulation Authority has issued its 2022-23 Anti-Money Laundering annual report. The key findings of which are:

  • 6,007 firms supervised by the SRA for AML requirements.
  • 177 on-site and thematic inspections undertaken.
  • 73 desk-based reviews completed.
  • 70% of firms either partially or non-compliant with their obligations.
  • 47 firms and individuals sanctioned with fines totalling £137k.
  • 51% of AML risk assessments either partially or non-compliant.
  • 26% of AML policies failed to appropriately mention Sanctions compliance.
  • 22% of Policies, controls and procedures are non-compliant.
  • 51% of Client/matter risk assessments are ineffective.

Common themes:

  • Inadequate risk assessments, policies, controls and procedures.
  • Inadequate supervision or training.

Source: SRA


Think Piece: Encrochat - A Great Criminal Hack

By: Genevieve Edusei

Let's take ourselves back to the Spring of 2020. We were in a global pandemic; restricted to our homes, fostering a newfound affinity for Zoom/Microsoft Teams, banana bread, and Netflix binges.

But whilst the world was debating whether Carol Baskin really had a hand in her husband's disappearance, European law enforcement agencies were in the midst of arguably one of the biggest breakthroughs in the war against #organisedcrime in modern years: the infiltration of #Encrochat.

The Background

Encrochat, in its "purest" form, was a Dutch communications network and service provider that offered modified smartphones with military-grade #encryption. Created in 2016, it was purported to provide high-profile individuals, such as celebrities, politicians, and members of the Royal Family, with a secure medium of communication. With recent high-profile and widely reported instances of coordinated hacking of such figures, this wouldn't seem to be an unreasonable objective. However, whilst reports confirm that such individuals did use Encrochat for legitimate purposes, in the eyes of UK and European Law Enforcement, it was believed, and now confirmed, to be overwhelmingly used for nefarious reasons by organised crime groups (OCGs).

From its inception in 2016, UK police began to identify an increasing number of investigations involving Encrochat handsets, concerning everything from drug trafficking to gangland murder. From a law enforcement perspective, aside from the encryption (rendering phones almost useless unless they happened to be unlocked when they were seized by the police), another frustrating feature of the phone was the ability for the contents of the phones to be instantly wiped, both in person via a "panic button," or remotely via a "kill pill" that could be sent to the handset should it fall into the "wrong" hands, including the authorities.

With the rising number of OCG-linked investigations involving Encrochat, both in the UK and Europe, it became clear to law enforcement agencies that not only was Encrochat helping to facilitate criminal activity, but it was also hosting a wealth of information on organised crime.

As noted previously, Encrochat's encryption was military-grade, seemingly "impenetrable." Since its inception, enforcement agencies had tried to breach it to no avail. However, in April 2020, there was a breakthrough. The Encrochat server had been uncovered in France.

The Breakthrough

Through a collaborative effort, law enforcement agencies from the UK, France, and the Netherlands successfully infiltrated the EncroChat service. They implanted malware onto the French server, infiltrating the communication network itself. By April 2020, multiple European agencies, including the National Crime Agency (NCA), had acquired access to a vast trove of text messages and hundreds of thousands of images. What followed next caused confusion and panic across the European criminal network, and eventually Encrochat itself.

An onslaught of arrests and drugs, weapons, and cash seizures ensued, which led users to question the security of their communication. In June 2020, EncroChat  finally realised that their security had been breached and sent a message to its user base advising them to dispose of their devices immediately. The network has since disappeared without a trace. It's worth noting that those behind the Encrochat network have never been identified.

With such a wealth of information "direct from the source," it could be assumed that arrests would easily result in convictions with such “damning” evidence to hand. However, that has not been the case. The main obstacle that government agencies have faced when relying on Encrochat-sourced information is the legality of the hacking operation itself. The right to privacy is a basic Human Right  and, regardless of the objective, in hacking Encrochat, law enforcement seemingly violated the rights of its users. It is also worth remembering at this point that not all Encrochat users were using the device illegitimately (approximately 10% of users were not involved in criminal activity, as per figures from French authorities). Did they also deserve to have their private lives impinged upon?

This legal issue has threatened to severely undermine the operation and has subsequently underpinned several Encrochat-related court cases, allowing some defendants to walk free. However, in March 2023, the National Crime Agency (NCA) scored a partial victory, whereby the Investigatory Powers Tribunal ruled that they "did not fail in any material respect in fulfilling the duty of candour." This was in relation to the type of warrant obtained (targeted equipment interference (TEI)), which allowed law enforcement to access private communication from EncroChat devices. Despite this victory, the legal fights go on.

The Fallout

All in all, the breach resulted in the dismantling of several high-profile organised crime networks and the convictions of senior and high-ranking criminal figures who had previously eluded the reach of law enforcement. As of October 2023, the Met Police reported that as a result of “Operation Eternal”, 784 people had been charged with a range of offences – predominantly drug supply-related, but also firearms, money laundering, and violence offences. In terms of convictions, 426 people had been jailed for a total of 3,722 years. The operation also saw more than £19 million in cash, 3 tonnes of Class A and B drugs, 49 guns, and 755 pieces of ammunition seized. However, whilst the positive impacts are clear to see, the investigation has cast a spotlight on how policing can interfere with, and in this case, potentially breach the human rights of individuals. On the other side of the coin, there is the issue whereby upholding the human rights of individuals involved in organised crime can compromise the effectiveness of seemingly legitimate law enforcement for the most serious of crimes.

There are legitimate moral, ethical, and legal arguments to support both sides of this argument, and it's not one that can be concluded easily. However, while these arguments persist, both the advancements of the organised criminal world and the war against them continue. Lynne Owens, the then boss of the NCA in 2016, told The Guardian that OCGs globally made an annual £1.5tn around the world and £37bn, or 1.8% of GDP, in Britain, and we can assume these figures have grown (The Global Organized Crime Index 2023 revealed the continuing rise of organised crime globally, with 83% of the world's population living in conditions of high criminality). The Met Police figures represent a huge step in the fight against organised crime, where law enforcement may have won the battle, but the greater war wages on.


If you need help with any of your #aml , #sanctions , #financialcrime , #compliance or #terroristfinancing requirements, please contact Campion Willcocks directly or our newsletter editor Caleb Hogg and we'll be happy to help.

❗Tuesday at the EU Court❗ Did German law enforcement legally obtain evidence from infiltration of EncroChat with Trojan software? And if not: can it still be used❓ 📢The EU Court's ruling in case C-670/22 is scheduled for tomorrow: - EncroChat offered phones with end-to-end encryption that could not be intercepted by conventional methods - Popular with organized crime, French investigators infiltrated the system with a Trojan - Users in 122 countries were affected – including 380 in France and 4600 in Germany - Details of the Trojan are under French military secrecy - Based on intercepted communication, Berlin Prosecutors charged a suspect with several counts of substantial drug offences - Was this legal under EU law? Or must the accused dealer be acquitted? ❓What will the Court decide? ECJ Today alerts you when the verdict is out. Always with our concise summary of main points. Accurate, easy to understand and in English language. Sign up to ECJ Today, your rapid updates on the EU Court's decisions – always with our concise summary of main points. Accurate, easy to understand and in English language.   https://lyfx.ai/ecj-today/

Like
Reply
Elizabeth Taylor

Recruiting talented Officers for the British Army

1y

Agree the legal moral and ethical arguments certainly can’t be concluded easily but what a fascinating insight into encorchat. Who knew!

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics