The post Infographic: The state of tech and talent in compliance appeared first on ComplyAdvantage.

To safeguard against this escalating threat, a robust fraud risk management strategy is paramount. By adopting tailored measures, businesses can fortify their defenses and contribute to the global fight against financial crime, offering a safer digital environment for all stakeholders.

What is Fraud Risk Management?

Fraud risk management is a holistic and proactive fraud mitigation approach that is embedded within an organization. A successful strategy requires robust internal controls plus investment in anti-fraud technology. It also needs to consider the current and future fraud landscape.

Organizations lose an estimated 5 percent of their revenues to fraud, according to the Association of Certified Fraud Examiners, with the median cost of each case being $117,000. KPMG found that, although fraud cases against financial institutions halved in 2022, the value of fraud committed against financial institutions increased by 2204 percent to £609 million.

Why is Fraud Risk Management Important?

Industry professionals know that fraud cannot be ignored and will not disappear on its own. To combat the rising risks, organizations should address fraud strategically and benefit from taking a proactive approach rather than a reactive one. This is where an effective fraud risk management strategy plays a crucial role.

By conducting thorough risk assessments, businesses can pinpoint potential weak points where fraudulent activities may occur. Understanding these vulnerabilities empowers companies to develop tailored control measures and implement internal checks and balances to mitigate the risk effectively.

Additionally, effective fraud risk management enhances regulatory compliance during a time when regulations are continually evolving and requirements for reporting entities are becoming increasingly rigorous. Implementing comprehensive fraud risk management strategies ensures adherence to these regulations, reducing the chances of legal violations and associated penalties.

Steps to Implement an Effective Fraud Risk Management Program

Senior fraud and compliance professionals can refer to the following steps as a list of best practices to enhance their firm’s fraud risk management programs.

1. Assess Risk and Vulnerabilities 

Start by conducting a comprehensive risk assessment to identify potential areas of vulnerability to fraud. Collaborate with key stakeholders across departments to gain a holistic understanding of the organization’s operations, processes, and systems. Analyze historical fraud incidents and review industry best practices to inform your risk assessment. Questions to ask when assessing potential fraud risks include:

• What does the firm’s past fraud detection performance look like?
• What is the culture of the organization? Does it already demonstrate a risk-based approach to fraud, anti-money laundering and counter-terrorist financing (AML/CTF)? Are anti-fraud policies and attitudes embedded?
• What technology is being used, and does it need to be upgraded?
• Are recommendations from audits and assessments promptly actioned?

2. Establish Clear Policies and Procedures 

Develop clear and concise fraud prevention policies and procedures tailored to your organization’s unique risks and requirements. These policies should outline acceptable conduct, reporting mechanisms, and consequences for fraudulent behavior. Ensure that all employees are aware of and understand these policies through regular training and communication.

3. Implement internal controls

Internal controls play a crucial role in minimizing fraud risks. Segregation of duties, access controls, and authorization mechanisms are essential components of a robust control framework. Regularly review and update these controls to adapt to changing business needs and emerging fraud threats.

4. Conduct Regular Fraud Awareness Training

Education is paramount to prevent fraud. Provide regular fraud awareness training for all employees to recognize potential red flags, fraud indicators, and the importance of reporting suspicions promptly. Tailor the training to different departments, job roles, and levels of responsibility within the organization.

5. Establish Monitoring and Detection Mechanisms 

Deploy advanced fraud detection tools and analytics to monitor transactions, behavior patterns, and anomalies that could indicate potential fraudulent activity. Implementing AI-driven solutions can enhance the accuracy and efficiency of fraud detection, aiding in timely intervention.

6. Respond and Investigate Fraud Incidents 

Prepare a well-defined response plan for handling suspected fraud incidents. This plan should include protocols for investigation, involving relevant internal and external parties, and complying with legal and regulatory requirements. Swift action is crucial to mitigate potential damages and prevent recurrence.

7. Continuously Evaluate and Enhance the Program

Fraud risk management is an ongoing process. Regularly assess the effectiveness of your program, seeking feedback from stakeholders, and making improvements accordingly. Stay up-to-date with the latest fraud trends and technologies to ensure your organization is prepared to face evolving threats.

Fraud Risk Management Solutions

In the fight against fraud, the right tools can help equip firms to better detect and prevent fraudulent activity. Artificial intelligence (AI) and machine learning (ML) has been highlighted by the Financial Action Task Force (FATF) as able to help firms detect abnormalities, provide alert prioritization to make remediation more efficient, and intuitively set fraud transaction monitoring thresholds. Forensic and behavioral analytics can connect seemingly unrelated data in a customer’s profile – even among multiple accounts (known as identity clustering). 

The key is to create a holistic, fraud-aware culture, reduce silos, and encourage transparency. Businesses have the best chance of preventing fraud if they are proactive, take fraud seriously and invest in a market-leading fraud detection solution.

The post Fraud Risk Management Guide: Identify, Assess & Mitigate Risks appeared first on ComplyAdvantage.

Due to the complexity of fraud, companies need to have an up-to-date of the most prevalent indicators and ensure their fraud detection solution is accurately calibrated to avoid missing any suspicious activity. This article explores twelve common fraud indicators and detection best practices – and why firms should move beyond loss prevention to integrated fraud risk management.

Signs of Fraud: 12 Red Flags

As with any financial crime, different fraud typologies exhibit different behavioral profiles. Because fraudsters constantly adapt their methods, there is no exhaustive list of red flags for fraud. However, some indicators are common enough that they should be on any firm’s radar. They include:

Discrepancies in Customer Information 

This type of warning sign can suggest identity fraud and includes:

1. Multiple accounts with methodical spelling variations on the same name (ex., William Smith, Will Ian Smith, Bob Smith, Bobby N. Smmith, etc.).

2. Multiple customers with different names using the same contact information.

3. Accounts with inconsistent personal details, such as a social security number that comes back invalid or returns a different name than is on the account.

4. Multiple accounts manifesting unusual activity using minors’ personally identifiable information (PII).

Transactions Inconsistent with the Customer’s Profile

Transactions that don’t match a customer’s typical or likely activity can indicate many fraud typologies. Examples include account takeover, stolen payment information, check kiting, scams, and public benefits fraud. Signs to watch out for include:

5. Point-of-sale (POS) transactions inconsistent with the customer’s address or typical habits, especially if they occur at wildly varying locations or without time for travel (e.g., a customer spends at a supermarket in their hometown at noon, then at a boutique shop in Paris an hour later).

6. Payments or received funds that don’t match a customer’s lifestyle, income, or expected behavior. This can include unusually high deposits quickly withdrawn or immediately paid back to the originating account. It can also include excessive payments exceeding a balance or credit limit – especially when combined with repetitive, unusual timestamp or amount patterns.

7. Public benefit payments (such as Social Security retirement) to an individual that does not qualify and whose spending is not on behalf of a legitimate recipient.

8. Repetitive purchase returns, disputes, and/or chargebacks that exceed reasonable activity for the customer.

A Practical Guide to AI for Financial Crime Risk Detection

Explore real-world use cases showing how artificial intelligence can enhance transaction monitoring systems.

Download the Guide

Signs the Customer is Being Pressured or Manipulated

Firms should be vigilant for signs of coercion or abuse when interacting with customers, particularly those with vulnerabilities such as cognitive disabilities, isolation, age-related health issues, or economic difficulties. This may happen in person or when the bank contacts the customer to verify an unusual transaction. Signs to be aware of include:

9. The customer says they have to send large or repetitive sums of money to a loved one, particularly if it involves an urgent or secretive situation.

10. The customer believes they are in personal danger if they do not perform a transaction or make a withdrawal.

11. A customer appears to be unduly influenced to make transactions by a third party, such as a new friend, a family member, or a caretaker. This third party may be in-person, on the phone with them, or repeatedly mentioned while not present.

12. The customer makes repetitive transactions they cannot explain or seem agitated about.

It’s important to note that fraud indicators are not conclusive on their own and always require further investigation before firms can establish the nature of the activity in question. Firms ultimately need to perform a comprehensive enterprise-wide risk assessment (EWRA) and refresh it regularly. This will ensure they focus on the fraud typologies and red flags affecting their operations.

Firms should also note that although fraud and money laundering are separate offenses, they are connected. For example, many fraud victims become money mules unwittingly or through manipulation. Both fraudsters and money launderers may rely on similar deceptions to conceal their funds. Money laundering is often integral to fraud scheme logistics performed by the same entity or group. This is why fraud and money laundering can sometimes share red flags.

Detecting Fraud Effectively: Best Practices

Firms should integrate their fraud detection processes into a broader, risk-based framework. Here are several best practices that can lay the groundwork for effective fraud detection:

• Start with a thorough risk assessment – Although certain red flags are shared across various scenarios, each firm’s risk is unique to its business model and practices. Firms should not rely on a one-size-fits-all approach to fraud typologies, red flags, or risk management, as this can lead to inefficient and ineffective fraud detection. Instead, firms should include fraud risk in a regular, thorough EWRA to establish their unique risk profile. This assessment should consider financial crime risk across the board, from fraud to money laundering and terrorist financing.
• Take a holistic view of financial crime – When applying the results of a firm’s individualized risk assessment, a truly risk-based approach will consider the whole ecosystem of financial crime. Traditionally, firms have viewed fraud detection as part of a process primarily aimed at reducing loss to the company and maintaining positive customer service. While these are important aspects of fraud detection and prevention, they are not the whole picture. As a predicate offense to money laundering, fraud is often tied to broader criminal activity, from other predicate crimes such as wildlife and drug trafficking to money laundering and terrorist financing. To effectively combat fraud, firms must understand it in its entire context rather than viewing fraud events as isolated incidents.
• Collaborate with compliance teams – All too often, fraud and AML teams operate in siloes. Yet, the crimes they seek to mitigate are part of the same system. If combined, both departments have access to information that could significantly improve the firm’s overall understanding and mitigation of its risks. 
• Ensure teams are well-equipped – Even the best fraud prevention policy relies on teams with the knowledge and tools to carry it out. Firms should provide ongoing, risk-based training to their analysts. But even the best-trained analyst needs effective tools to do their job well. Conduct a thorough audit of existing fraud detection tools, including a gap analysis highlighting deficiencies or siloes, and plan to implement technological updates as needed.
• Prioritize alerts to reduce false positives – One cost-effective way to give a legacy system new life is to use an artificial intelligence (AI) overlay that prioritizes existing alerts. Such a solution doesn’t require a total overhaul but can assess risk in alerts generated by a firm’s native rules-based engine. Based on this risk analysis, the overlay prioritizes the riskiest alerts so analysts can quickly recognize and investigate true positives.
• Create custom rules – By creating custom rules that trigger based on a variety of scenarios, firms can tailor their fraud detection to specific risks and evolving fraud tactics. Out-of-the-box rule libraries can also be utilized to ensure common fraud patterns are identified and prevented. 

By following these best practices for effective fraud detection and prevention, firms can ensure their risk management framework is well-prepared to meet the rising challenges of global financial crime.

The post Fraud Detection: 12 Common Red Flags appeared first on ComplyAdvantage.

According to Juniper Research’s 2022 study Combatting Online Payment Fraud, global payment fraud losses are expected to exceed $343 billion between 2023 and 2027. As a result, financial institutions (FIs) are taking steps to enhance their fraud detection measures to protect themselves and their customers from financial damage.

What is Fraud Detection?

Fraud detection refers to the process of monitoring transactions and customer behavior to pinpoint and fight fraudulent activity. It is usually a central part of a firm’s loss prevention strategy and sometimes forms a part of its wider anti-money laundering (AML) compliance processes. When fraud detection and its related functions are integrated into a wider AML framework, the combination is sometimes referred to as fraud and anti-money laundering (FRAML). Regardless of the structure it belongs to, fraud detection relies on technological tools, subject-matter experts (especially analysts), policies, and procedures to function well.

Why Is Fraud Detection Important?

Traditionally, firms have used fraud detection and prevention to curb company financial losses and maintain positive customer relationships. However, in some jurisdictions, legislation requires fraud programs for firms providing certain services, such as insurance providers in multiple US states. In the UK, a “Failure to Prevent Fraud” offense was introduced in April 2023 that holds firms liable if they benefit from employee fraud and don’t have an adequate fraud prevention program in place. Additionally, on June 7, 2023, the UK’s Payment Systems Regulator (PSR) announced a new reimbursement requirement for firms whose customers become victims of authorized push payment (APP) fraud. 

Fraud detection is essential for companies to safeguard their customers’ transactions and accounts by detecting fraud before or as it happens. The FBI reports that in 2022, elder fraud victims in the US lost an average of $35,101 each, resulting in a total loss of over $3 billion. In 2021, global fraud losses exceeded $55 billion, aided by technology that allows illegal funds to cross international borders.

As global awareness of fraud’s growing varieties and complexity of typologies, firms should expect the introduction of more regulation and enforcement that will impact their compliance requirements. Even if a firm is not subject to direct requirements now, fraud is a predicate offense for money laundering and may be connected to a larger pattern of criminal activity. Firms that include fraud in their overall risk management framework can better protect consumers, ensure compliance, manage loss, and fight financial crime.

Fraud Typologies and Classification

Due to the large number and range of fraudulent activities, identifying the type of scam being attempted can be challenging. When businesses can accurately identify fraudulent activity and stay up-to-date on the latest fraud trends, they are more prepared to protect themselves against them.

To help firms accurately identify fraud typologies, the US Federal Reserve has developed an interactive tool called the FraudClassifier Model. This model offers a user-friendly diagnostic process that categorizes fraud based on the perpetrator of the payment, the methods used to carry out the fraud, and the tactics employed. FraudClassifier’s consistent terminology and classification system acts as a lingua franca for different institutions, businesses, and fraud detection providers, enabling them to communicate current threats clearly and develop effective fraud prevention strategies.

Common Types of Fraud

Fraud comes in many different forms, with new types constantly emerging. Some fraud typologies persist because they exploit weaknesses in a company’s processes and systems. Some common tactics include:

Payment Fraud

Payment fraud occurs when a criminal acquires another individual’s payment information and makes unauthorized transactions. This type of fraud not only causes harm on its own, but can also lead to other fraudulent activities as payment information can be used for money laundering or cybercrime by those who obtain it.

Return Fraud

Return fraud takes advantage of a retailer’s return policy to receive refunds that aren’t legitimate. It’s often carried out by individuals but can also be adopted in organized crime. Fraudulent returns may consist of stolen goods, counterfeit products, old and worn-out goods, or items bought from a different retailer. 

ACH Fraud

Automated Clearing House (ACH) is a means of transferring money between bank accounts, usually those of businesses and institutions. The payment goes through the Clearing House for authorization before being sent to its intended recipient. ACH fraud is carried out using a bank account number and bank routing number. It takes advantage of weaknesses in the ACH process to intercept legitimate payments, for example by impersonating an employee and then changing beneficiary account details.  

Chargeback Fraud

Chargeback fraud involves an individual requesting chargebacks for transactions that were fulfilled by the company they purchased from. Although the company does have the right to contest fraudulent chargebacks, they represent a drain on its resources – whether or not the requests are upheld.

Account Takeover Fraud

Account takeover fraud (ATO) occurs when a criminal acquires the login details of an online account, such as a bank account, online payment service, mobile account, or e-commerce site. The login details may be stolen or bought via the dark web. The account is then used to make false transactions without the knowledge of the customer or the account issuer. 

What are the Best Tactics to Enhance Fraud Detection?

To safeguard businesses and consumers from evolving fraud risks, employing the most effective fraud detection techniques is essential. When auditing an exisiting fraud detection solution or evaluating the market for a new one, compliance professionals should consider whether the software offers most, if not all, of the following functionalities:

• Machine learning and AI: Leveraging machine learning algorithms and artificial intelligence will significantly enhance fraud detection capabilities. These technologies can analyze vast amounts of data in real-time, identifying patterns and anomalies that might indicate fraudulent activities.
• Behavioral analytics: By monitoring and understanding users’ behaviors, businesses can detect deviations from normal patterns. Behavioral analytics can flag suspicious activities, such as unusual login locations, sudden changes in spending patterns, or atypical transaction amounts.
• Anomaly detection: This technique involves creating a baseline of normal behavior and flagging any data points that deviate significantly from it. Anomaly detection can uncover fraudulent transactions, unusual login attempts, or other malicious activities that do not fit typical patterns.
• Identity clustering: Grouping user identities based on common attributes and behaviors can help identify patterns of fraudulent behavior. Identity clustering can be particularly useful in detecting organized crime groups and cybercrime activities. 
• Data analytics: Advanced data analytics tools can sift through large datasets and identify potential fraud indicators. By correlating information from various sources, businesses can gain valuable insights and stay one step ahead of fraudsters.
• Real-time monitoring: Detecting fraud as it happens is crucial for minimizing damages. Real-time monitoring tools can promptly identify suspicious activities, trigger alerts, and enable quick responses to mitigate the impact of fraud.
• Collaborative fraud intelligence: Sharing fraud intelligence and insights with other organizations and industry partners can lead to a more comprehensive understanding of evolving fraud tactics. Collaborative efforts enable proactive prevention and collective defense against fraudsters.
• Ongoing monitoring and updates: Fraud detection techniques should be regularly reviewed, updated, and improved to keep pace with emerging threats and vulnerabilities.

The Main Challenges of Fraud Detection

1. Cost Management
   To keep up with the ever-expanding litany of fraud techniques and typologies, businesses may feel the need to invest in more fraud-detection tools and operations. Relying soley on rule-based transaction monitoring and fraud detection can be a challenge as scam techniques change.
2. Remote Transactions
   Business is increasingly carried out without physical interaction taking place. While this is convenient and cost-effective, it also opens the door for fraudsters to impersonate genuine customers or intercept their details.
3. Speed of Transactions
   Today’s transaction ecosystem is built for speed and convenience. Even a relatively complex process like a loan application can be carried out via smartphone, while more routine purchases are completed in a few keystrokes. This high-speed, low-friction environment can make it easy for fraudsters to complete their crimes and disappear before they can be detected.
4. False Positives
   A fraud detection system that is over-zealous can lead to higher false positives. This is inconvenient for customers, who may become less loyal as a result, and expensive for businesses, who must expend time and resources following up the alert.
   
5. Range of Transaction Types
   A huge number of tools and services are now used to move money around, from payment apps and cryptocurrency trading platforms to traditional loans, credit cards, and savings accounts. The proliferation of digital financial services in particular creates multiple potential access points for fraudulent actors.

Implement Fraud Detection with ComplyAdvantage

Because fraud detection is an ongoing battle, companies need to be able to partner with expert providers who can support their needs as they scale. . Not all companies have the necessary expertise, or the human resource bandwidth, to maintain transaction monitoring in-house or to commit to the continuous learning required to track fraud trends and typologies. 

By implementing fraud prevention services, businesses can access the expertise of specialists in fraud detection in a customized and adaptable manner that can be sustained over time. This ensures that their fraud detection methods remain innovative and their business is safeguarded against evolving threats as it expands.

The post What Is Fraud Detection and Why Is It Important? appeared first on ComplyAdvantage.

The Law on Transparency

The legislation regarding anti-money laundering (AML) in France, as in much of Europe, is meticulously structured to encompass various forms of illicit activities. This includes the law no. 2013-907 of October 11, 2013, commonly known as the “Law on Transparency,” which aims to promote transparency and combat corruption in public life in France. 

The law covers a wide range of elements from asset and interest declarations to whistleblower protection and transparency in the lobbying industry. By upholding ethical standards and ensuring the integrity of public officials, the Law on Transparency reflects France’s commitment to fostering an open and accountable public administration.

The Impact on PEP Definitions

In March 2023, the law was updated through the Order of March 17, 2023, which established the list of national functions. While the changes were minor, they directly impacted the definition of PEPs. To fully comprehend these alterations and their importance for financial institutions (FIs) complying with AML regulations, it is essential to examine the previous legislation and its functioning. 

The previous version of the Law of Transparency provided a limited list of public functions subject to its regulation. This list included:

• High-level state executives.
• Political party leaders.
• Members of parliament.

The law’s scope was extended in its third section to include individuals responsible for State-Owned Enterprises (SOEs). 

Nonetheless, acknowledging the varying AML risks associated with different institutions, the French lawmakers imposed certain limitations. For example, only local SOEs directly or indirectly owned by the French government with annual revenue of at least €10 million fell under the purview of the Law of Transparency. This recognition illustrated that not all SOEs posed a risk to the state and, thus, required less stringent controls and regulations. This remained the case until March 2023.

The changes introduced by the Order of March 17, 2023, further relaxed these regulations by increasing the annual revenue cap to €50 million. This demonstrates a lower risk appetite of French regulators and a greater willingness to extend trust to local businesses with state involvement. 

Additionally, the decree expanded the Law on Transparency to include other political parties operating in France but without a strong presence in the French parliament. This move was aimed at preventing illicit funding for political parties with representative bodies in regions like French Guiana or Martinque, where transparency and oversight may be lacking. 

Next Steps

While the decree primarily affects the definition of PEPs in relation to local SOEs and foreign political parties, other aspects of the legislation remain unchanged. To allow companies sufficient time to adapt to the new regulations concerning local SOEs, the French government will enact these amendments starting November 1, 2023. 

Businesses that engage in screening processes need not worry if they have a reliable partner that can thoroughly examine the fine print and ensure compliance with the updated AML regulations. To learn more about ComplyAdvantage’s PEP data collection process and how quality data is secured, read some of the related content below:

• The Lifecycle of a PEP: From Identification to Removal
• How ComplyAdvantage Defines and Classifies a PEP
• PEP Data Quality: The 12-Eye Review Process

The post French AML Legislative Changes: Updates to the Law on Transparency and its Impact on PEP Definitions appeared first on ComplyAdvantage.

In this article, Madalina Morar, International Affairs Research Analyst at ComplyAdvantage, explains the company’s internal review process regarding its PEP data, highlighting the work that goes on behind the scenes before a PEP profile appears on the user’s platform. 

Data Quality Checks

From identifying a PEP to the point where the entity is searchable on the ComplyAdvantage platform, two main processes occur:

1. The international affairs research analysts (also known as the IARA team) research and select institutions and PEP-relevant positions.
2. The data strategists team collect the data and ensure it is regularly updated. 

Within these two processes, a series of inbuilt quality checks are implemented to ensure that the data is comprehensive, robust, and provides the best risk insights.

Each review starts with an audit of existing data for the researched jurisdiction. This includes the evaluation of existing data and setting the parameters of the research based on the company’s internal taxonomy. 

PEP Categorization

Following this, the researcher completes a background search on the governmental structure of the jurisdiction and maps it according to the ComplyAdvantage taxonomy. The taxonomy is structured in four main pep-classes based on the FATF definition: 

Once the researcher has validated the relevance of the institution, where it belongs in the ComplyAdvantage taxonomy, and which public positions within that institution are PEP-relevant, a different researcher reviews the findings. 

At the end of the review process, one of the team members reviews the research for the jurisdiction in its entirety to make sure the coverage is comprehensive.

Data Collection

During the data collection stage, the data strategy team utilizes page scraping tools to create individual scrapers that gather data from webpages identified by the research team. While one data strategist prepares the scraping agent, two other analysts review the data quality to ensure the accuracy of extracted positions and the comprehensive collection of all relevant data points, such as a photo, date of birth, and start date (if available). 

Monitoring Information Sources

Regarding source websites, the vast majority are primary sources, i.e., the information is taken from the website of the researched institution. If not available, other official sources such as governmental websites or aggregate governmental transparency platforms are also reliable sources. An important consideration in choosing a website for scraping is the possibility of scraping it again in the future in a consistent manner so the latest data is always utilized. In a limited number of cases, especially for countries with lower levels of transparency, the IARA team also retrieves PEP information from press releases and appointment decrees.

The 12-Eye Review Process

Once the collection process has been completed, scrapers are scheduled to run automatically at preset frequencies. Data strategists and researchers will only intervene when:

• The structure of the website changes.
• PEPs can no longer be found on the page
• Human input is otherwise required. 

In each case, every new ingested source is reviewed by no less than six people from the research and data strategy team, reducing the risk of human error. If the automated scraping tool is reviewed due to changes on the website, it will be handled by an additional one or two people resulting in further quality checks.

On top of regular automated updates on sources, the researchers team monitors the national level parliamentary and presidential elections, appointments of cabinets, cabinet reshuffles, coup d’etats, and other changes in the composition of national level top legislative and executive bodies. Once the new PEPs are published, the IARA team updates ComplyAdvantage’s database within the following 24 hours.

The post PEP Data Quality: ComplyAdvantage’s 12-Eye Review Process Explained appeared first on ComplyAdvantage.

In this article, Madalina Morar, International Affairs Research Analyst, explains how PEP data is collected by ComplyAdvantage, highlighting the seven steps that are involved from initial PEP identification right through to removal. 

The ComplyAdvantage PEP Data Collection Process Explained

1. Research Local Legislation

Since there is no universal definition of a PEP, data ingestion starts with research into local legislation. At ComplyAdvantage, a dedicated research team, called the International Affairs Research Analysts (or IARA), is utilized to perform an in-depth analysis of the legislation in each country.

2. Match Requirements to Our Internal Taxonomy

Local requirements are then compared against our internal inclusion criteria. This step is important because each country has its own peculiarities, and getting acquainted with local legislation helps our team to standardize the company’s coverage by matching it to our internal taxonomy. It also provides us with the ability to ensure consistency and predictability across all of our data.

Our team developed an internal classification system to help our customers better understand the risk level of each PEP position that we collect. This is something that sets ComplyAdavantage apart from other data providers as it allows for a quicker analysis on the part of the customer while onboarding new users.

3. Check Existing Data

Next, we consider the existing data we have for that jurisdiction. Since we don’t want to duplicate data, it is important to check what coverage we already have. This also provides us with the ad-hoc opportunity to double-check the most relevant data sections for each jurisdiction (we have steps and processes in place to periodically check them as well).

Depending on the type of improvement project we are undertaking, we then search for and identify each institution or company relevant to the jurisdiction. A member of the IARA team evaluates each institution to conclude which leadership positions are considered PEPs, in line with the jurisdiction’s legislation and our internal classification.

Most of the time, each jurisdiction comes with additional challenges, most often varying languages and scripts. We have found that the best approach is to tackle each country using its official language and script to provide the highest chance for a correct match, avoiding any translation errors.

4. Conduct a Four-Eyes Check

After a research project is finished, another member of the IARA team reviews the resulting documentation for possible errors or missing information. This part of the process ensures that human error is corrected and provides an extra layer of quality assurance.

5. Ingest Data from the Source Website

For each identified institution, we scrape and store the data available on the source website (the website displaying the best version of the data we are looking for, coming from official sources, covering as many entities as possible with the most data points). 

This process includes several checks along the way to ensure the highest data quality possible. At this point, if any of our customers are monitoring a name we are introducing as PEP, they will be notified of this additional information.

6. Enrich PEP Profiles

Thanks to our engineering team, after initial data ingestion, we are able to enrich each new PEP profile with further information available through various search engines. These data points help to make our PEP profiles easier to differentiate, bringing further value to our customers.

The unique structure of our data gives us the ability to update it on a regular basis, as well as intervene with corrections when necessary. Updates are generated through regular automated checks of the source website and specialized teams correct any errors. We have over 40,000 sources checked this way. This is a process that allows us to send notifications to our customers whenever a monitored PEP has a change on their profile, (be it a resignation or an additional PEP position) that could mean the modification of their PEP score.

7. Update Profiles to Reflect Status Changes

As soon as the websites we collect data from are updated with new information, we can reflect the changes quickly (prioritizing the most high-risk sources) with minimal human intervention as we implement high quality checks and balances during data ingestion. The teams we have invested in to make our data structures possible work tirelessly to deliver to the highest standards our customers have become accustomed to.

PEP removal can occur when the entity’s mandate expires, or they resign and the entity is removed from the source website. When this happens, we reflect it in our database by adding a ‘removal date’ tag to the PEP position on our platform.

Enhance the PEP Screening Process 

For compliance teams looking to enhance their PEP screening process, the following principles should be considered: 

• Data quality: The utmost importance lies in the quality of data that firms collect about their customers. This data quality directly translates into the ability to swiftly and accurately determine PEP status.
• Global reach: A truly comprehensive PEP screening process encompasses screening customers against a vast array of live data sources, spanning international, regional, local, and proprietary channels.
• Risk-based approach: Customizable search profiles should be used to apply different search settings to groups of customers based on a firm’s business model and risk appetite.
• Supplementary screening: Augmenting the PEP screening process with additional checks, such as adverse media screening, provides an extra layer of scrutiny, enhancing the overall risk assessment.
• Continuous monitoring: As PEP legislation evolves over time, businesses must proactively monitor regulatory trends to understand their implications and adapt their processes accordingly, ensuring ongoing adaptability and compliance.

By embracing these guiding principles and key considerations, FIs can establish a robust and efficient PEP screening process, bolstering their ability to combat financial risks and safeguard their operations with confidence.

The post The Lifecycle of a PEP: From Identification to Removal appeared first on ComplyAdvantage.

Therefore, maintaining and improving data quality is essential for robust PEP screening and effective risk management. This article explores how ComplyAdvantage defines and classifies a PEP, helping firms stay compliant when working across multiple jurisdictions with regulations that vary on who is, and who isn’t, considered a PEP. 

FATF PEP Categories

The Financial Action Task Force (FATF) defines a PEP as an individual who is or has been entrusted with a prominent public function. Due to their position and influence, it is recognized that many PEPs are in positions that can be abused for the purpose of committing money laundering (ML)  and related predicate offenses.

The FATF distinguishes between three main categories of PEPs:

1. Foreign PEPs: Individuals who are or have been entrusted with prominent public functions by a foreign country, for example: 
   • Heads of State or of government.
   • Senior politicians.
   • Senior government.
   • Judicial or military officials.
   • Senior executives of state-owned corporations.
   • Important political party officials.
2. Domestic PEPs: Individuals who are or have been entrusted domestically with prominent public functions, such as those listed above.
3. International organization PEPs: Persons who are or have been entrusted with a prominent function by an international organization. This may refer to members of senior management or individuals who have been entrusted with equivalent functions, i.e., directors, deputy directors, and members of the board or equivalent functions.

ComplyAdvantage’s PEP Taxonomy

One of the key challenges PEP data providers face is the lack of a universal definition of a PEP. The ComplyAdvantage taxonomy is the result of the analysis of more than 40 anti-money laundering (AML) regulations worldwide. This includes:

• National regulations
• By-laws
• International guidance from:
  • The FATF
  • Wolfsberg Group
  • The European Union
  • The World Bank

It aligns with the FATF recommendations as it links PEP status and risk to the level of influence that a particular public function holds. 

In contrast with the FATF approach, ComplyAdvantage’s database does not use a domestic versus foreign label. This is due to the fact that a domestic PEP in Russia will be a foreign PEP in India. Instead, ComplyAdvantage’s International Affairs Research Analysts (IARA) team label each entity relative to the jurisdiction where their PEP status derives from. This ensures the data is presented objectively and neutrally.

ComplyAdvantage categorizes PEPs in four classes according to the scope of their influence: 

• National
• International
• Regional
• Local

Each PEP class contains several taxonomies that are purposely granular, enabling analysts to select the relevant PEP categories for countries with varying levels of robust regulations. 

“Our coverage of national requirements for Canada and Germany has been acknowledged in external audits of our PEP data. We have achieved that for over 30 jurisdictions and are currently working to increase that number.”
– Alia Mahmud, Regulatory Affairs Practice Lead at ComplyAdvantage

pep-class-1

The first PEP class contains all taxonomies with national-level PEPs such as:

• National legislatures
• National cabinets
• Central banks
• Armed forces, police, fire service, and intelligence agencies

pep-class-2

The second PEP class includes:

• Members of regional governments, parliaments, and judiciary.
• Senior officials and functionaries of international and supranational organizations and diplomatic missions.

pep-class-3

The third PEP class related to:

• National level state-owned enterprises.
• Public sector institutions under regional level administration (eg regional agency, regional state-owned enterprises).

pep-class-4

And the fourth PEP class contains:

• Mayors and members of local, county, city, and district assemblies.
• Senior executives of local governmental bodies (agencies, state-owned businesses)
• Judges of local courts.

Subdivided Taxonomies

To allow for differences between governance structures, such as federal versus unitary, and for a finer distinction between various institutions, ComplyAdvantage subdivides its taxonomies into institution types, where necessary. 

For example, the taxonomy of ‘national agencies’ distinguishes between an agency under the authority of a ministry, an independent agency, or a specialized agency, such as a public prosecution agency or a court of accounts. 

In ComplyAdvantage’s database, institution types are visible in the search results and serve as an additional data point for the users in their risk-based approach (RBA) assessment.

Advantages of ComplyAdvantage’s PEP Taxonomy

Increase Accuracy and Reduce False Positives

The taxonomy is designed to help users reduce false positives and negatives by narrowing down the screening to a particular category. 

If a user screens against national level PEPs from a certain country, they will get all the political positions from that country that influence events at a national scale. If a user screens against international level PEPs, they will get all the PEPs from that country whose actions and decisions have impact on multiple countries. Each search result will render the institution type and political position of the PEP. 

Consistent and Predictable Coverage

The unique value added consists in attributing a standardized set of definitions to a range of political and governance systems, which help the analyst assess their clients’ risk vis-a-vis the relative level of power they hold. 

For example, the Superior Court of Justice of the State of Mexico differs in terms of PEP risk from Malaysia Superior Courts Judges. The former is a regional-level court in one of the 32 federal entities in Mexico. Hence we attribute it to the institution type Regional Supreme Court and pep-class-2. The latter is a national-level institution, and the judges will have pep-class-1 risk category with institution type National High Court.

This standardized model provides consistent and predictable coverage across jurisdictions. It also ensures sufficient granularity to understand the level of influence a PEP might have depending on the institution type and how it fits into the governance structure of a country. The information on the jurisdiction where the person is a PEP is a starting point for an individual analysis of how that jurisdiction fits into a firm’s risk appetite and cascades down to the risk level of the PEP: e.g., a PEP from a country on the FATF grey list may or may not warrant additional scrutiny.

The post How ComplyAdvantage Defines and Classifies a PEP appeared first on ComplyAdvantage.

In the UK, losses from APP scams reached £811 million in 2022 and, according to data analytics firm GlobalData’s “Trends in Payment Fraud” report, losses are projected to increase at a compound annual growth rate of 20.5 percent from 2021 to 2026.

What is APP fraud?

APP fraud is one of the most common types of fraud, and both companies and individuals can be targeted. Fraudsters use techniques such as impersonation to trick the victim into paying money into their account. Although the account owner may have technically authorized the payment, they were unwittingly manipulated into making it.

APP fraud takes advantage of mobile payment technologies used via smartphones. Peer-to-peer (P2P) app-based money services like Venmo and PayPal use “push” payments, meaning the person paying “pushes” money to the recipient. This contrasts with “pull” payments, where a retailer asks a customer to pay for an item via credit card. P2P app accounts can be set up with just an email address or phone number, and money changes hands almost instantly.

Because of these easy and convenient features, it’s simple for a fraudster to pose as a legitimate payee and disappear with funds that can’t be recalled. This is also known as malicious payee app fraud.

The use of P2P payment apps is climbing, and so are the fraud types associated with them. The Federal Trade Commission (FTC) received 2.4 million consumer fraud reports during 2022, with a total of $8.8 billion reported lost. 

The problem is more pronounced in markets where the banking infrastructure is vulnerable to authorized push payment fraud, such as the UK where transactions can be made in real-time via Faster Payments. 

Methods Used in Authorized Push Payment Scams

Fraudsters use a few different techniques to carry out push payment fraud, including:

• Social engineering: Social engineers use psychological manipulation tactics, such as impersonation, to get account holders to surrender their personal information, authorize payments to scam accounts, or even provide their login details. Impersonation fraud tends to see some of the highest financial losses.  
• Phishing: With phishing, a scammer impersonates a trusted institution via email or text to get the victim to click a link or download harmful software, allowing access to their personal details or accounts.
• Account takeover: Account takeover fraud is when a criminal takes control of an account belonging to an individual or organization to cause harm or steal money. For example, they might use a hijacked social media account to pose as the victim and ask friends to send payments. 
• Confidence scams: This kind of scam works by gaining someone’s trust to access their account or manipulate them into handing over money. It might involve a romantic connection or a business opportunity.
• Property purchase scams: Property scams involve intercepting communications between customers and their conveyancers, realtors, and/or lawyers. Faced with juggling communications with various new and unfamiliar people during the house-buying process, it becomes easier for a fraudster to intercept, claiming to represent a relevant party to the transaction.

Examples of Push Payment Fraud

Some scams are planned in advance on vulnerable victims, whereas others are opportunistic.

Authorized push payment fraud examples include:

• ‘Hi Mom!’ scams: In this scenario, a person may receive a PayPal request, supposedly from a family member, requesting emergency funds. Eager to assist, the individual promptly sends the money without verifying the recipient’s email address. Later, it becomes apparent that the family member knows nothing about this transaction, and the money ends up in the hands of a fraudster.
• Relationship scams: Another common fraud tactic targets individuals who form connections on social media platforms. For instance, an individual may develop a romantic relationship with someone on Instagram. As the bond strengthens, the newfound “partner” convinces the person to send money using payment services like Venmo. However, once the money is transferred, all attempts to contact the “partner” go unanswered and the Instagram account mysteriously disappears, leaving the victim scammed and heartbroken.
• Banking scams, also known as malicious redirection: This type of fraud involves exploiting mobile notifications from banks. In this scenario, a person receives a notification claiming their credit card bill is overdue and is provided with a link to what appears to be their banking app. Trusting the notification, the person clicks the link, only to be redirected to a fake app created by fraudsters. Consequently, the victim unknowingly shares sensitive information with the scammers, leading to financial losses and distress when the bank confirms the occurrence of fraudulent activities.

Businesses are also vulnerable to APP fraud, especially where the fraudster pretends to be a representative of a tax authority, business supplier, courier, or business banking provider. Notifications or messages might claim that the company account is at risk from fraud and that money needs to be moved into a different account. Scammers control the new account and can be emptied immediately. 

With fake invoice scams, a firm may be tricked into paying an invoice that seems to be sent by a supplier via email. It looks like a legitimate invoice, but the payment link has been doctored, or the bank details altered.

How are Companies Impacted by APP Fraud?

Retail Banker International reports that UK banks paid for 43 percent of customer APP fraud losses in 2020, amounting to £207 million. When firms choose not to compensate, this can impact brand reputation and customer loyalty.

The UK Government found that “reimbursement to victims of APP scams remain inconsistent, with many victims continuing to suffer losses without reimbursement (…) there are disparities in how firms interpret their obligations”. The Payment Systems Regulator has recommended that all customers be reimbursed, except in rare cases. If this recommendation is taken forward, it will have big implications for firms.

How to Prevent and Detect Authorized Push Payment Fraud

The finance industry is rapidly developing its defensive capabilities against APP fraud. In 2019, the UK’s Payment Systems Regulator directed the six largest banking groups to implement Confirmation of Payee (CoP), where banks check the name, sort code, and account number of any new payees. 

Firms looking to enhance their APP fraud detection capabilities may consider the following best practices:

• Implementing real-time transaction monitoring: Firms should adopt systems that continuously analyze transactions as they occur, allowing for swift identification of suspicious patterns or anomalous activities.
• Utilizing machine learning (ML) algorithms: Incorporating ML models can help detect complex fraud patterns and adapt to new fraudulent schemes, improving fraud detection accuracy over time.
• Collaborating with industry peers: Sharing information and insights with other firms in the industry can enhance collective efforts in identifying and combating evolving fraud tactics.
• Implementing multi-factor authentication (MFA): By requiring multiple layers of authentication, such as passwords, biometrics, or one-time passwords, firms can add an extra layer of security to verify the legitimacy of users and transactions.
• Educating customers and employees: Regular awareness training to customers and analysts can help them recognize potential fraud attempts and avoid falling victim to scams.

Technology has a valuable role to play in preventing P2P APP fraud. AI-powered fraud detection solutions that focus on transactional fraud using pattern recognition and machine learning to assess thousands of transactions at speed should be considered by firms looking to enhance their fraud detection software. With ComplyAdvantage, firms can identify and prevent over 50 payment fraud scenarios and can go beyond a rule-based analysis to adapt to “unknown unknowns”. 

To learn more, click here to see how Fraud Detection by ComplyAdvantage compares to other solutions in the market. 

The post What is Authorized Push Payment (APP) Fraud? appeared first on ComplyAdvantage.

• A KYB tool that’s efficient, highly configurable, and effective for firms based and operating in the United States.
• A way to quickly tell what differentiates leading corporate screening solutions.
• A straightforward list of features and use cases. 

This article summarizes and compares the key strengths of ComplyAdvantage, Middesk, and Persona, explaining the use cases they respond best to.

KYB Screening Software Companies

ComplyAdvantage

KYB by ComplyAdvantage is an AI-based corporate screening solution that enables firms to establish trusted business relationships without relying on manual research across multiple siloed data sources. With an automated KYB solution from ComplyAdvantage, compliance teams can:

• Process up to 125 percent more cases per month without increasing headcount by using dynamic risk scoring to improve case allocation.
• Onboard a customer in three seconds by automating the KYB workflow without compromising on risk.
• Experience an increase of up to 68 percent in conversion rates by accelerating the speed at which accounts are opened.

Top ComplyAdvantage Features

• Automatic business verification – Customer details are automatically compared to Secretary of State data to reduce analysts’ workloads.
• TIN/EIN screening – TIN checks against IRS register to mitigate the risk of fraudulent businesses.
• Dynamic risk scoring – Highly-configurable dynamic risk scoring greatly increases efficiency while retaining firms’ risk-based approach.
• Adverse media screening – Screen beneficial owners against adverse media data that is specifically related to the wide range of predicate offenses defined by the FATF (and now included in the broadened scope of the new Anti-Money Laundering Act in the US).
• PEP screening – Conduct global checks for PEPs and RCAs via a database that segments customers into prioritized risk-groups, speeding up the collection and analysis process and reducing the potential for human error.
• Sanctions and watchlist screening – Check officers and controlling entities against relevant sanctions lists that are updated every 15 minutes.
• Additional risk checks – Check for additional risks that may be associated with the business, such as recent incorporation, high-risk industries, and high-risk countries.
• Real-time risk database – Screen against the world’s only real-time risk database of people and businesses.
• Model risk policies – Tailor screening criteria to align with specific risk appetite and compliance requirements. Set filters, adjust thresholds, and create risk profiles, ensuring relevant and accurate results are attuned to unique business needs.
• Automated ongoing monitoring – Be alerted to any changes in the screening status of the company, owners, and directors.
• Unified KYB and AML management platform – Complete multiple compliance processes in one internal platform.
• Automated decisions – Save time by configuring KYB to automatically accept or reject businesses based on a configured risk level.
• API integration – Integrate seamlessly with existing systems via ComplyAdvantage’s REST API.
• Case management tools – Smooth, next-generation experience with escalation options, notes, and more.
• Reporting – Maintain high reporting standards with access to rich insights and data from the screening program, customer risk, and team performance. Insights are accessible via in-app dashboards and can be exported.
• Audit tools – Review full details of a case in a comprehensive PDF report.

Middesk

Crunchbase described Middesk as “an identity platform that automates business verification and underwrites decisions.” 

Top Middesk Features (1) (2)

• Automatic business verification – Cut manual review times by automatically verifying business identities in real-time.
• TIN verification – Verify the TIN is valid and matches the business name. 
• Business registration information – Get an up-to-date view of entity names, addresses, the states they’re registered in, and the status of those registrations.
• Watchlist screening – Check business names and associated entities against government sanctions watchlists, including OFAC.
• Ongoing monitoring – Track changes to an organization’s risk profile with monitoring for ongoing compliance.
• Litigation insights – Get insights into entities with judgments and active litigations – including case ID, jurisdiction, and case type.
• Bankruptcy filings – Review bankruptcy filings to understand the case proceedings, including the debtor, trustee, court details, case number, and more.
• API integration – Build using easy-to-integrate APIs.
• Web presence – View the web presence of an entity, including the status of their website, links to social profiles, and the identification of pages like Terms of Service.
• Real-time, predictive analytics identity verification (Socure, partner)
  

According to Middesk, its customers include GreatAmerica, Evolve Bank, and ENGS Commercial Finance Co. (3)

Persona

According to Crunchbase, Persona “is an identity platform that helps businesses verify customer identities that brings trust to online interactions.”

Top Persona Features (4)

• One platform – Collect data and documents, verify businesses and people, review cases, and automate outreach in one platform.
• Verify businesses and UBOS – Use a variety of verification methods and list screenings to verify entities and automate onboarding decision criteria.
• Screen against watchlists and adverse media reports – Automate and customize adverse media checks across 400+ million news articles and automatically screen across global sanctions, warnings, and PEP lists. (5)
• Flexible document collection – Collect and verify documentation of various formats and extract the relevant data.
• Automation engine – Build custom low-code automation and customize the KYB process. 
• Audit logs – Keep a log of all KYB identity checks and decisions in one place and create an internal audit trail.
• API/SDK integration – Use a hosted link or embed the KYB flow via software development kits (SDKs) or API.

According to Persona, Dapper Labs, Branch, and Canopy. (4)

Best KYB Software Companies: Side-by-Side Comparison

All information has been sourced from publicly available websites and is correct as of July 2023. If you’d like to request a correction, please e-mail content@complyadvantage.com, and we’d be happy to review this with you. 

Next Steps: Uncover KYB by ComplyAndvantage

Explore how to implement an effective KYB risk management framework by implementing these five best practices. Want a snapshot of what KYB by ComplyAdvantage looks like from a user perspective? Click here to read about how to perform a KYB verification check using the ComplyAdvantage tool.

For more information or to see the solution in action, request a demo today.

Source material

1. https://www.middesk.com/solutions/verification
2. https://www.middesk.com/socure-integration 
3. https://www.middesk.com/customer-stories 
4. https://withpersona.com/solutions/know-your-business 
5. https://withpersona.com/product/reports 
6. https://complyadvantage.com/aml-api/ 
7. https://docs.middesk.com/reference/introduction
8. https://complyadvantage.com/kyb-solutions/
9. https://www.finextra.com/pressarticle/88187/complyadvantage-adds-know-your-business-data

The post Best KYB Screening Software: Three Companies Compared appeared first on ComplyAdvantage.