Ray Blake has been working in the area of anti-financial crime for over 20 years. Together with his business partner Graham Barrow, they gradually realised that many of the things they dealt with on a day-to-day basis remained largely unknown to the general public. There was little awareness and discussion of any kind, so in early 2019, the time was ripe to make some of their investigations public.
Just a year before, the Danske Bank money laundering scandal, one of the biggest financial scandals in Europe, shook the continent to its core, yet few people seemed to know about it. Graham and Ray covered the story in a podcast, “The Launching of a Laundromat”, filling a void they didn’t know existed. Since then, they have been focusing on financial crime at large, raising important questions – and answering them.
Despite his busy schedule, Ray always finds time to help his brothers and sisters in arms to gain new insights into the exciting and perilous realm of financial crime. I took the opportunity to discuss the things that inhabit the minds of many compliance and financial industry professionals: financial crime landscape in the UK, emerging legislation, cost of compliance, and the future ahead.
Great to see you, Ray. Let’s start by talking about the evils that plagued the UK in the past year: growing incidents of fraud, new forms of scams…
In the past year, we have seen a considerable expansion in fraud and scam activity. Lots of it is quite complicated, but an awful lot of it is actually very simple and is of a type that we have been seeing for years and years.
Nowadays, most of the banks and payment companies in the UK are trying to get their arms around authorised push payment (APP) scams. APP fraud is a scam where the victim is tricked into transferring funds to an account controlled by the fraudsters, thinking they are looking after their own interests. That includes romance scams, to some extent, investment scams, and cryptocurrency scams, but they are only part of the picture.
So often in the past we have looked at money laundering as something that is about getting dirty cash into the system, but none of these scams start with a bag of cash. At least these days, we see that it’s not necessarily the case.
The COVID-19 pandemic and the war in Ukraine made people more vulnerable to fraud and deceit, which played right into the hands of criminals. What else aggravates the situation?
There are a couple of things. Firstly, fraud thrives in chaotic situations. It takes advantage of chaos, which describes the UK and probably the world in 2022. Secondly, people are more motivated to engage in criminality during the recession, because in the recession, legitimate opportunities to earn income are limited. Altogether, these conditions fuel criminality, as well as an increasing supply of likely victims of frauds and scams.
In your opinion, what can be done to better address these risks?
APP fraud, in particular, is hard to detect and to deal with, because it involves the customer giving legitimate, authenticated instructions. If you do the right thing as a payment firm or as a bank, and call the customer to confirm, they may still insist that this is a legitimate transfer. Ultimately, you risk annoying the customer making a genuine transaction when you introduce friction into the whole affair.
In response, the industry focused on educating the customers about the risks of APP fraud. However, it tends to be counterproductive because many of those warnings end up in spam and customers just stop reading them at some point.
You made it clear that companies and banks need to put more emphasis on raising awareness and educating their customers against frauds and scams. What else drives up compliance costs?
One of the biggest contributors is doing business of any kind. The type of business you undertake is going to dictate the resources that you’ve got to put in place to support the compliance response. If you choose to engage in business that carries an elevated risk of money laundering, terrorism financing, and fraud, then you’ve also chosen to carry a greater compliance burden.
There’s also a perceived need that banks and financial institutions need to present to regulators a fairly standard set of tried and tested conventional tools and to have those in place conspicuously to keep the regulator happy.
What most people think about as an unnecessary cost is wading through the vast heaps of false positive alerts to identify the 1-5% of them that you might actually need to look at. To reverse this trend, you need to know your customers and their financial lives better and in more detail than many firms currently do. And that is a constraining factor for me.
Understanding your customers is a good place to start. This reminded me of one of your episodes where you covered the NatWest money laundering scandal.
Made me wonder, why do so many banks and firms remain in the dark when it comes to understanding the nature of their customers and their business activities?
Lots of firms see due diligence as just a hurdle that has to be done as quickly and painlessly as possible. This approach can be dangerous and short-sighted, because if you don’t do proper due diligence early in the customer relationship, if you don’t continue to develop your knowledge of the customer and their financial world, then you will keep getting surprised by things that you should have been able to anticipate.
Earlier in the conversation you mentioned that firms have to present regulators with conventional tools. Regulators set the “rules of the game” that have to be complied with. Let’s talk about what comes with it.
In the second half of 2022, the Economic Crime Transparency and Enforcement Act was passed into law. The second upcoming piece of legislation, the Economic Crime and Corporate Transparency Bill, is next in line. What are your thoughts about that?
Anti-money laundering regulation has been a work in progress for a long time, since the formation of the Financial Action Task Force (FATF) in 1989. The countries and supranational organisations have never stopped tinkering with the rules. But if changing the rules was the solution, we would have solved this a long time ago.
It’s been approaching 35 years that we’ve been working on this, and actually, the amount of financial crime we are preventing hasn’t changed an awful lot. The UK has long been recognised as one of the world’s chief exporters of the tools for criminality. And the legislation this year has started to close some of those open doors, to an extent.
The new laws in the UK are the first serious attempt to close the number of loopholes that have been around for so long that they became an eyesore. Specifically, I’m talking about the ownership and investment in UK property with relatively lax control and oversight.
Can you give me more examples of the loopholes you were talking about?
The key problem in the UK for a number of years has been its corporate formations, meaning that anyone can set up a fictitious company in the UK at an extremely low cost, and run it from anywhere in the world without a UK footprint. I can understand the reasons behind that, to some extent. We want to attract enterprise and investment money, and show people that the UK is a good place to do business.
But actually, the UK already has investment opportunities, investment markets, and sophisticated investment services. That means towards the end of the money laundering journey, once the formerly dirty money starts to look clean and shiny, it’s a really attractive place to put it where it can hold and potentially increase its value.
Those have been the key loopholes in the past. The passage of the new legislation has certainly made things better. I hope the political will to close them will continue in the direction it looks like it’s going at the moment. But this isn’t over.
What do you see as the weak points in the new legislation?
The previous rounds of legislation, namely, the Criminal Finances Act 2017, tried to lay the groundwork so that people with unexplained wealth would have to stand up and explain themselves effectively. But it hadn’t worked as well as everyone had hoped. Many of the people that receive unexplained wealth orders have pretty much unlimited legal budgets, and the National Crime Agency (NCA) and HM Revenue & Customs (HMRC) are more restricted when it comes to that.
That remains a bit of a sticking point when we think about the Companies House reforms, which are going through the parliament right now (January 2023). There are still 10 million companies on the UK Register that that haven’t been verified by the Companies House, and over half of them remain active. So how are we going to retrospectively apply those controls to them, and over what timescale?
More worrisome is the fact that with the new rules you can subcontract the checking and the verification to corporate service providers. I know a number of corporate service providers who are absolutely above board and can properly represent both Companies House and their clients. But there are a number of organisations with a shady track record, so it’s not entirely clear how it will work out in practice.
Overall, the new legislation represents a huge step forward. We just need to make sure we keep walking.
Let’s talk about the future, then. What other regulatory developments and technological advancements can help firms moving forward?
Increased use of machine learning and artificial intelligence will improve matters to an extent. If all we do is replicate our existing processes, take people out of the equation, and do the wrong things more efficiently, that’s probably not right. Technology might go in unanticipated directions, so gaining regulatory acceptance is a necessary measure.
In the UK, we are blessed with a forward-thinking regulator. They have sponsored things like the regulatory sandbox and hosted and participated in a number of innovative gatherings to both encourage and to oversee these kinds of nascent technological developments.
But there is no point in pouring more and more water into a bucket that only has a limited capacity. Before we can actually move forward, NCA, HMRC and other relevant government agencies need to make sure they are properly resourced.
In the summer, the FATF released the report on Partnering in the Fight Against Financial Crime, which focused on the importance of private information sharing initiatives and collaborative approach to fighting financial crime.
What is your take on it and how do you think this could start to impact transnational criminal organisations?
I think it is incredibly important. But the international aspect, which you highlighted in your question, is going to take a lot longer to crack than the national picture. Criminals don’t stop at the borders, whereas, unfortunately, law enforcement so often does.
Information sharing is going to become increasingly important. To illustrate one aspect of this, think about how a typical person’s own financial services experience has changed in the last decades.
Think back to 1995, for instance. Back then, I had just one bank account. Anything I spent came from that account and everything that I received that wasn’t a small amount of cash went into that same account. Somebody who had access to my bank account statements could draw a very detailed and accurate picture of my financial life.
In 2022, I still have that account, but I’ve got a number of other bank accounts as well, including two or three of them that work on apps from my phone. I use them for different things, but I use them all. Lots of people have crypto wallets that didn’t exist 20 years ago, obviously, and remittance services that didn’t exist previously.
So unlike my bank in 1995, none of my current providers, including my main bank, have a complete view of my financial life. Each of them only sees part of the overall picture.
Information sharing allows banks to pull the data together in a secure way and detect financial crime on a much larger scale.
What can make firms more efficient in fighting financial crime?
If firms want to do this properly, they’ve got to start thinking like criminals, not like regulators. So before 2001, nobody had to take their shoes off at the airport. In 2001, a shoe bomb was used for the first time, and the regulatory response was one that we are all familiar with and continues to this day. We take our shoes off at the airport.
The bad guys aren’t using shoe bombs anymore. They haven’t been for a long, long time. So what will they do next? If we think like a regulator, we’ll wait and see, and then we’ll put in a control to address it. But if we think like a criminal, we’ll anticipate that and we’ll put a control in now and prevent it rather than trying to fix it afterwards.
There are no right or wrong decisions, unless you work in compliance. Keep your eyes and ears open, be proactive in anticipating and preventing new threats rather than addressing the issues that may not present themselves again. Make sure you keep walking and if you need to speed up things a bit, we can help.