sigmaratings - Tumblr blog

sigmaratings · 5 years ago

Text

Kabul via Khartoum

Implications of the Afghan peace deal for global finance

Editors Note: Hamad Alhelal is the Director of Financial Crime Intelligence at Sigma Ratings, Inc. based in New York, New York

This week, as the Afghan peace deal went into effect, which includes the potential removal of economic sanctions, many in the industry are wondering what this could mean for a country that has been largely shut out of the global financial system. With Sudan, there exists a potential case study that might predict what Afghanistan is in for.

Having felt the consequences of decades of economic and trade sanctions, Sudan had a reason to be optimistic when the United States lifted the majority of the sanctions in October 2017. Yet, over 2 years later, the majority of the Sudanese are experiencing a more economically dire situation. With inflation at over 60%, nearly twice as much as early 2017, Sudan’s inflation is among the world’s highest. Compounding the issue is devaluating nature of the Sudanese Pound (SDG), which was previously valued at fewer than 4 SDG to the dollar. This week, the pound hit a new record low at 117 SDG, and the currency is much less valuable on the black market, which has effectively replaced the formal banking system, and operates without oversight. According to the publication Foreign Policy, “one of the triggers of the pound’s devaluation was the rise in demand for foreign currency, as Sudanese companies and individuals began to travel abroad to drum up new business. That demand was not met with a proportional supply in terms of influx of investment”. The issue is, according to many economists, Sudan’s continued presence on the U.S. State Department’s State Sponsors of Terrorism list, which is putting off many global banks and foreign investors, when in fact, there is no legal consequence. The designation is primarily meant to, in addition to arms control, pressure a jurisdiction into compliance by restricting the much-needed debt relief and financing from lenders like the World Bank and the IMF. Meanwhile, Sudanese officials are calling on Washington to do more to spread the word that there is no longer any risk to doing business with Sudan. For their part, prior to the removal of sanctions, U.S. officials organized meetings in London and New York with U.S. and European banks to encourage dealings with Sudan. While they outlined what specifically constituted a violation and that they are not trying to “play gotcha with international financial institutions” (according to the Sudan Tribune), the unique nature of British Arab Commercial Bank’s Sudanese sanctions violations and recent $228 million settlement (later reduced to $4M) has created more uncertainty. While officials could do more in encouraging dealings with Sudan, the same is true for local parties in Sudan and international partners, including Sigma, whose mission is to highlight institutions, with effective compliance, in jurisdictions perceived as high-risk. In July of 2019, Bank of Khartoum (BOK), Sudan’s largest bank, was awarded a ‘BBB+’ rating with a Positive Outlook through Sigma Ratings’ certified review process, which places it in the 'Industry Leader' quartile of the evaluation model. During our work in Sudan, something as simple as withdrawing cash from an ATM machine, which we were unable to do, provided us with our first experience of being excluded from the global financial system. This week, VISA, recognizing the progress made and fostering financial inclusion, granted licenses to BOK, and two other local banks, which will finally connect Sudan with VISA’s global payments system. Overcoming the final hurdle, removal from the State Sponsors of Terrorism list, appears to be close as Sudan’s transitional government recently reached a settlement with families of the victims of the 2000 attack on the USS Cole in Yemen, a key step to rejoining the international community and thereby easing the economic suffering of the Sudanese people. With this week’s Afghan peace deal, the U.S.’s stated goal of “removing these sanctions by August 27, 2020” requires further clarification. While the Taliban may not technically be subject to sanctions, Sirajuddin Haqqani, who in 2016 was appointed as deputy leader of the Taliban, was designated in 2008 as a terrorist by the U.S. for his role as leader of the Haqqani network. The network, which itself was designated a Global Terrorist Organization in 2012, has been known to work closely with transnational criminal organizations like Dawood Ibrahim’s D-Company and the Altaf Khanani Money Laundering Organization. Given that these groups have been known to funnel billions of dollars through the global financial system, and for a diverse range of criminals from international terrorists to drug traffickers, the financial community will likely exercise extreme caution in order to manage exposure to activities with a nexus to illicit finance.

#financialcrime aml sanctions financialinstitutions

0 notes

sigmaratings · 5 years ago

Text

Forecasting 2020

And reviewing prior predictions from years past

As in years past, we are making some predictions for what’s to come in the risk and compliance space. In many ways, the world suddenly seems less predictable than in year’s past when you think about a U.S. election (and impeachment trial), ongoing trade war and recent military action in the Middle East, but here we are seeking to separate the trend lines from the headlines. To focus on what is possible, if not probable, as we begin this new decade.

Unlike last year, we separated the predictions into three categories: i) highly probable; ii) probable; and iii) possible. Of course, this is not exhaustive, but it should inform risk and compliance conversations going forward.

Highly Probable

- Expect a lot of financial crime-related enforcement work and announcements to happen in 2020. A lot. Some of this will be clean up from years past, though, some of it will be in connection to a renewed focus on enforcement by the American government.

- Increasing influence of ESG factors. And within this, further definition around the “G” and what firms are doing - and how they are measuring progress - around financial crime and anti-corruption measures. For example, Fitch estimates that for 1,500 firms in their rated universe, 22% had ESG factors which influenced their ratings. In other words, firms will need to start looking at these factors in a different way to stand out and attract capital.

- Compliance is hot. Regtech investment and compliance in general is something that has begun to now transcend what was previously a professional niche. Why? U.S. politics, a real passion by young investors to ensure their money is not connected to financial crime or those who enable it and the sheer size of the industry contribute to the trend.

- The rapid rise of challenger banks and quasi-pay-day-lending will increasingly be questioned (e.g., are we making people richer or poorer here) and investigated across a range of authorities. Separately, but related, the pressure to onboard customers and the rise of an API-economy will lead to control breakdowns and failure that if detected will result in significant fines in the fintech arena as we have now seen in the general tech arena.

- China will continue to experiment with its own sanction regime (that diverges more significantly from American, UK, European and UN approaches). Preparing for a dual-regulatory world seems increasingly likely, though its not quite here fully.

- Recent military and para-military operations in the Middle East will not result in significant regional war, but will form the basis for actions (e.g., Iran re-starting enrichment, etc.) that will likely lead to an increase in sanctions and limited kinetic spats.

Probable

- 2019 was a harbinger of continued global unrest - that will include nearly every continent. What does it mean? Too early to tell, but it certainly increases the overall risk picture and is possible almost anywhere (e.g., relatively unpredicted unrest in Chile last year for example).

- Corporations to increasingly face sanction and AML-related risk and corresponding enforcement. OFAC noted late last year a clear focus here. This is particularly true for any company with a global supply chain and/or global operations; particularly in high-risk industries and jurisdictions.

- Blockchain to continue to fade as a hot trend. Its use cases are real, but the application of blockchain will probably not reach the scale needed to impact everyday purchasing and global commerce.

- Realization – like with blockchain and other trends – that artificial intelligence is not that intelligent in many facets. It will probably not solve your problem unless it is used in a highly targeted way and by incredibly experienced operators. That said, firms will continue to embrace and benefit from it if leveraged correctly.

- The Europeans will continue to make progress on combatting AML/CFT, but the framework to do so will remain flawed and vulnerabilities will persist.

Possible

- Citing national security, the United States begins to implement stricter controls on foreign firms seeking access to U.S. markets and correspondent banking services.

- Further realization - and legitimate policy action - on the lack of success in fighting financial crime globally. Success will require change around data provided by governments, transparency and a real move from box-checking to one that embraces testing around effectiveness at the country and entity level.

Look back on 2019

- The Europeans will get tougher on risk and compliance in the wake of Danske Bank and ten years of foreign (primarily U.S.) enforcement actions. Since the prediction, we have seen a number of actions across northern Europe. CEOs have lost their jobs and market participants are increasingly asking the question: “If this can happen here, what is happening in the rest of the world?” Real questions around correspondent banking remain and industry has not solved this with the Wolfsberg DDQ which does not provide testing or comparability at scale.

- The U.S. will be less aggressive than in years past but will continue to roll out enforcement actions targeting a number of institutions in Europe, Asia and the Middle East. Regulatory action in the rest of world will be important to watch as geopolitical tensions rise (with positive correlation between geopolitical tension and enforcement). The U.S. has been aggressive against typical targets like Iran, Russia and increasingly others that have little recourse like Venezuela. The announcement by FinCEN of a more global role may broaden this stance and provide a much-needed complimentary enforcement approach to the more predictable OFAC.

- The dollar will remain the primary settlement currency, but there will be increasing exploration into the use of other currencies (including dollar-pegged currencies). This will pose enforcement challenges. There are clear indications that this is happening. In the United States, the introduction of Facebook’s Libra and the continued work by Ripple to become the “world’s Central Bank” are indicators. Russia and others continue to talk about alternative payment channels, as do the Europeans. In our work across markets, we have been told by market participants that many avoid running afoul of sanctions or money laundering concerns by clearing in Euros or some other currency that can easily convert to dollars. This should be worrying for anyone earnestly interested in fighting financial crime.

- Innovative and newly formed emerging market banks will increasingly look for ways to circumvent normal payment channels (e.g., SWIFT), but tradition will take longer than people think to displace. See above.

- Risk and compliance will continue to be one of the many battlefields in international spats. The Huawei situation is only the beginning and one that has already now involved the United States, Canada, Poland, New Zealand and Australia. Moreover, it will become clear that a number of other internationally-minded companies may have circumvented sanctions to increase the bottom-line. The full explosion of a trade war is upon us and shows no signs of abating.

- China will begin to test its own form of sanctions. Various geopolitical or economic flash points could make that a reality sooner rather than later. This was one of the bolder predictions. And it is now coming true and is being used to retaliate and to influence policy.

- International confusion (resistance) around the Trump Administration’s re-imposition of Iran sanctions will lead to a number of violations – likely regarding global corporates versus banks – who operate in the Middle East but have not fully contained their compliance risk exposure. Russia will remain a manageable, yet risky prospect for companies as well. It is almost a certainty that sanctions are being broken; to be determined via sanctions enforcement work in 2020.

- With a civil lawsuit against the former CEO of Danske Bank as precedent, Boards and management will increasingly fear personal liability around risk and compliance and begin to demand further independent (emphasis on external) auditing and testing of processes, procedures, customer risk profiles, etc. We have seen this in our business and interactions with clients globally. This year alone, we have seen an increase in the number of ratings requested. Sigma has also been asked to present to a number of forums, including the NACD, on the importance for boards to hit these issues head on.

- The recent announcement by U.S. federal regulators encouraging regtech experimentation and other innovative solutions to reduce compliance spend and increase efficiency will help potential users get comfortable with adopting new technology, but business-as-usual at global banks and corporates will slow progress (despite a real desire to improve). Innovation remains slow for the world’s largest banks. In northern Europe, a shared KYC resource has been announced, but will take time. Banks and others also ask about the quality of the data that their competitors provide. For example, is the data quality equivalent?

- Nonetheless, investment in regtech will continue to soar. For example, more money was invested in regtech in the second half of 2018 than in all of 2017 combined. In comparison to other related investment opportunities that are heavily saturated (e.g., payment, wealth management, challenger banks and blockchain), there is still significant upside in a space that is underinvested. This has slowed down some, partly on account of the sales cycle into financial institutions. It has also slowed some given the resistance of many banks to actually innovate despite a federal mandate to do so. Nonetheless, the space is still hot on a relative basis.

- Compliance departments and regulators will be presented with new challenges from crypto currency innovations, such as the Lightning Network, that further obfuscate transactions on the blockchain. Emergent monitoring technologies will face challenges in keeping up (as will law enforcement). This is only starting. Power users of crypto currency are looking for ways to get around KYC and remain anonymous. We see this in our monitoring of chat rooms and other forums where it is openly talked about on a near-daily basis.

- Corporations, governments, and banks will spend more money on cyber defense. A lot more. In particular, counterparties will be increasingly scrutinized as they have become a large surface vector for attack. This is now the most significant issue for almost every major bank and corporate. Every month there seems to be a new issue, including successful targeting of governments and municipalities.

- Serious questions will begin to emerge around Environment, Social and Governance “ESG” investing criteria, particularly, around how data is collected and how missing data is proxied via “industry averages”. Some will ask whether or not ESG is actually delivering on its promise given the mismatch between recent scandals and ESG scores in 2018. The cracks are there. How can any serious investor in ESG trust self-reported data alone?

- In line with this, there will be a premium for companies (particularly in emerging markets and frontier markets) that are increasingly transparent. In other words, the harder it is to understand entity risk and ownership, the harder it is for investors and counterparties to make decisions. This remains true and is a major thesis around the founding of Sigma.

- Firms will begin to value new, enriched data to make better risk and investment decisions. Nowhere will this be more coveted than across emerging and frontier markets who represent 70% of global GDP growth over the next five years. We see this. The explosion of public data has created an opportunity to turn data into risk insight at scale. Sigma is leading efforts to make this cost effective for the largest corporates on the planet.

- Risk and compliance evolve. The current approach to risk and compliance was envisioned and constructed before the public Internet was fully realized. Understanding and managing internal data will remain a requirement, but how firms handle, and mange public data will separate the followers from the leaders. This is starting to happen, but corporates still have a long way to go in getting good at how they manage internal data.

- Leading institutions will demonstrate to regulators (and shareholders) a more proactive approach to risk management. Proactive approaches, to include ones that allow for more dynamism in understanding and monitoring enterprise risk across hundreds of countries and thousands of clients will prevail. They will also help firms avoid significant regulatory and reputational risk. Firms who are proactive and independently test are far more likely to avoid trouble than those who don’t.

#forecast2020 sigma

0 notes

sigmaratings · 6 years ago

Text

A Practical Intro to using Spark-NLP BERT word embeddings

Leveraging Google’s Bert via Pyspark

The seemingly endless possibilities of Natural Language Processing are limited only by your imagination... and compute power. What good are ground breaking word vectors if it takes days to preprocess your data and train a model? Or maybe you already know PySpark, but don't know Scala. Well let’s explore combining PySpark, Spark ML, and Spark-NLP. The assumption throughout the rest of this post is that you have some familiarity with Spark and SparkML.

What are Word vectors and why is BERT a big deal?

Word vectors (or embeddings) are words that are mapped to a vector of numbers. There are several approaches to representing words as vectors. Good vectorization approaches create vectors where similar words have similar vectors. This allows for nearest neighbor searches as well as something known as word vector algebra. The classic word vector algebra example is that in many embeddings vector(“King”) - vector(“man”) + vector(“woman") = vector(“queen”). Pre-trained vectors can also be used as features in machine learning models, transferring the learning to another domain.

Bidirectional Encoder Representations from Transformer (BERT) are state of the art word vectors developed and researched by Google in 2019.

Bidirectional → left to right and right to left contexts of words

Encoder → encodes data to a vector

Representations → a vector of real numbers from

Transformer → novel model architecture

One of the main advantages of techniques such as BERT, or an earlier similar technique ELMo, is that the vector of a word changes depending on how it is used in a sentence. This allows for much richer meanings of embedded words.

Using Spark-NLP With Pyspark

Check you dependencies and make sure distributions match. For this tutorial, we're using spark-nlp:2.2.1. The PyPi distribution should be 2.2.1 and the maven distribution should be 2.2.1. If they don't match, you'll get unexpected behavior.

Pretrained pipelines offer general nlp functionality out of box.

https://gist.github.com/cd48ff2b261c8889f88f2467569debbb

You can also create your own pipelines using both SparkML and Spark-NLP transformers.

https://gist.github.com/476242b479eb3bd70f6f3d44b2349322

DocumentAssembler → A transformer to get raw data, text, to an annotator for processing

Tokenizer → An Annotator that identifies tokens

BertEmbeddings → An annotator that outputs BERT word embeddings

Spark nlp supports a lot of annotators. Check them out here. There's also a number of different models you can use if you want to use GloVe vectors, models trained in other languages or even a multi-language BERT model.

Combining Spark-NLP with SparkML

Let’s demonstrate a simple example of using document vectors from a piece of text to write a classifier. Our process will be to:

Average all the vectors in a text into one document vector

Convert that vector to a DenseVector that SparkML can train against

Train a Logistic regression model

https://gist.github.com/12b457f3d941a8f5e9923d0ac5917366

So in just a few steps we’ve managed to write a classifier using state of the art word embeddings. We’ve also managed to do it in a way that can scale to billions of data points, because we’ve used Spark. At Sigma, we’re using the power of word embeddings and spark to build advance topic models used to extract incredible insights from news and social media.

#spark #natural language processing #nlp #bert #machine learning #sigma ratings

0 notes

sigmaratings · 6 years ago

Text

Death by Whistleblowing

Former Danske Bank Executive Found Dead

This week, we learned of the disappearance and subsequent death of Aivar Rehe, once one of Estonia’s most prominent bankers, and the chief executive of the Estonian subsidiary of Danske Bank. It was under his watch that the billions of dollars were laundered through the bank, which became known as the biggest money laundering scandal of our time. Unfortunately, Mr. Rehe was not the only causality of the scandal. According to leaked U.S. diplomatic cables, Andrei Kozlov, the former Deputy Governor of Russia’s central bank, was allegedly murdered in 2006 after blowing the whistle on Russian money laundering at Sampo Bank, which was acquired by Danske the following year. Perhaps the most notable victim of the scandal is Sergei Magnitsky, a lawyer to financier turned activist Bill Browder. Before his murder, Magnitsky had blown the whistle on the alleged theft of $230 million by tax officials, which was subsequently laundered through Danske and Swedbank, among others. Browder’s advocacy for Magnitsky ensured the passage of 2012 Magnitsky Act, which authorizes the U.S. to sanction those involved in the corruption and subsequently expanded to human rights violations anywhere through the 2016 Global Magnitsky Act.

Notably, Browder was successful in his advocacy as the foundation was built by the 2004 Presidential Proclamation 7750, which allows the State Department to covertly declare suspected kleptocrats and their family members ineligible for entry to the US. However, the proclamation was not widely known and rarely used as Browder had discovered. The Magnitsky acts became the greatest thorn in kleptocrats everywhere, as versions of the legislation were enacted in Estonia, Lithuania, Latvia, the United Kingdom and Canada. The acts proved to be a stronger deterrent than the fines imposed by the Foreign Corrupt Practices Act and the recently introduced Foreign Extortion Prevention Act. The increasing complexity of legislation, and the powers they confer, complicate efforts for financial institutions to comply. Would a bank in Germany necessarily know that an individual transacting through its institution is sanctioned by national legislation for crimes in Estonia? Probably not, which is why increased transparency by on the part of governments coupled with the innovation through Regtechs has never been more vital in the fight against financial crime.

#bill browder #danske bank #swedbank

0 notes

sigmaratings · 6 years ago

Text

Is your client secretly a crypto exchange?

Social media is the key to keeping up with the latest crypto developments

2.5 quintillion bytes of data created each day, according to Forbes. Much of this is online conversation. While these conversations frequently occur between anonymous individuals, and the information may be unverifiable, at Sigma we believe these conversations can provide incredible insight into the behavior of individuals attempting to circumvent the controls of the financial system. Our work has led us to discover content such as the following:

source

The use of online forums and online currencies such as Bitcoin to circumvent controls is only going to increase. We recommend leaders within financial institutions to pay attention to not only online content but also technology innovations such as Bisq, a decentralized and anonymous Bitcoin exchange that matches individuals who want to exchange Bitcoin for fiat currencies such as US dollars or Euros.

source

Bisq enables anyone to skip using centralized exchanges, and therefore KYC, to buy cryptocurrency directly from other individuals, using their Bank, a Money Services Business (MSB), or payment app. Any financial institution doing payments is exposed to this technology and millions of dollars a day are already being moved via Bisq. How many financial institutions have transaction monitoring scenarios to detect Peer to Peer (P2P) exchange? Even if those scenarios existed, how many institutions have capacity for the potential massive influx of alerts that will occur as this technology proliferates?

Even further, are institutions prepared to comply with regulatory demands? In the United States, FinCEN has already set the precedent, that selling cryptocurrency P2P requires registration as an MSB. How many financial institutions have done the KYC to even know if their customers are engaged in this activity? How many know if their small businesses clients are offering Bitcoin ATMs, another business that would require MSB registration in the US? As the industry matures, there will be invariably be more questions than answers. That said, asking the right questions is critical to safeguarding the financial system. While not a panacea, those questions, we believe, can be better informed via the wealth of public data being generated every day.

#cryptocurrency #aml #kyc #sigma ratings

0 notes

sigmaratings · 6 years ago

Text

Nordic Entente Cordiale

A New Nordic Alliance To Combat Illicit Finance

Months after a massive money-laundering scandal, Nordic banks, including the region’s three biggest lenders Danske Bank, Swedbank and Nordea, are now experiencing the costs of settling advanced AML/KYC controls. Last July, the three banks have reported a setback in quarterly profits due to investments in new compliance systems and staff members, as well as lower dividends. Estonia, where more than $230 billion have flowed through a small Danske Bank branch, along with its two Baltic neighbors, have been Swedbank and Danske Bank operations center for most of their recorded suspicious transactions.

For years, major Nordic banks, in their low risk jurisdictions, underestimated the controls necessary to operate in the Baltics, which many consider to be a financial bridge between Russia and the EU and therefore at risk when it comes to financial crime. According to Sigma’s Dynamic Country Risk Model, Latvia is considered high-risk, both overall, and specifically for financial crime, while Estonia and Lithuania are considered medium-risk. Therefore, one can say that Danske Bank, Swedbank, along with their Nordic counterparts have underestimated or maybe simply did not consider the financial risks inherent to the region.

In what could be interpreted as a move to regain investors’ trust, Nordea Bank, SEB, Danske Bank, DNB, Swedbank and Svenska Handelsbanken announced earlier this month the creation of a KYC-focused joint venture. The Nordic KYC Utility, which is officially planned for 2020, is primarily designed to to crack down on money launderers. After months of negative rates, scandals and poor dividend policies, major Nordic banks are finally joining forces to limit the damages and to show investors they can still rely on them. Worth noting that Swedbank and Danske Bank still face potential lawsuits, fines and sanctions from US, European, Baltic and national regulators, meaning the coming months could be crucial for Nordic banks’ future.

#nordics #danske bank #kyc #money laundering #swedbank

0 notes

sigmaratings · 6 years ago

Text

Where Was the Board Before the Scandal?

Swedbank Board Fires CEO

On Thursday, Swedbank’s Board of Directors fired CEO, Birgitte Bonnesen, in the wake of yet another top financial crime investigation. This firing comes behind other recent news of banks – including Danske Bank, Commonwealth Bank and ANZ – losing top executives and CEOs as a result of money laundering scandals.

While the firing of a top executive sends a strong message, this response from Swedbank’s Board was clearly a reactive measure to complaints from Swedbank’s largest shareholders, the Swedish pension funds, and the raid of Swedbank by Swedish law enforcement. Where was the Board before this became top news? Where was the Board before the share price fell over 30% since the end of 2018?

The primary responsibility of a Board of Directors is to oversee the management and governance of the company and the Board has fiduciary obligations to the corporation and its shareholders. Good corporate governance includes overseeing how the company is managing enterprise risk – leaving open the obvious question of why there weren’t more proactive risk management measures being taken by Swedbank’s Board.

In late 2017, AlixPartners conducted a survey of 361 financial institutions which gives some insight into the adequacy – or, frankly, the inadequacy – of Board oversight. The survey found that 20% of the financial institutions surveyed do not provide regular briefings or training on money laundering and sanctions to their Boards. This is alongside 32% of those institutions saying that their compliance budgets were inadequate to address their compliance responsibilities.

It is important to remember that while money laundering is often the top financial crime headline, it is not the only financial crime and the associated risks extend beyond financial institutions. Every cross-border investment firm, multinational corporation and early stage fintech company needs to pay attention to risks of sanctions violations, corruption, money laundering and fraud. Even companies like Uber and AirBnB have found themselves in the news recently about money laundering concerns.

Compliance scandals have long term reputational consequences to which Boards must be acutely attuned. The banking sector also saw Thursday the departure of Wells Fargo’s CEO, Tim Sloan, as the bank struggled to regain trust resulting from its customer abuse scandals dating back to 2016.

A culture of compliance starts at the top. What should Boards of Directors be doing to more proactively manage compliance risks? Stay tuned over the coming weeks as we dive deeper into this topic on this blog.

#financialcrime #money laundering #governance #fintech #boardofdirectors

0 notes

sigmaratings · 6 years ago

Text

Compliance & Fintech

Last week, the Financial Times reported that Revolut, a leading European fintech firm, may have “turned off” its transaction monitoring solution. According to the unnamed whistleblower, the system may have been erroneously disabled during a system upgrade. The news about Revolut (who also has a banking license in Lithuania), while surprising, is likely a harbinger for things to come for a fintech sector that is finally growing up. In the end, fintech firms have the same obligations as the banks they seek to disrupt in protecting the international financial system from exploitation by rogue regimes and corrupt individuals and businesses.

In fact, a financial institution’s approach to monitoring, an obligation under the Bank Secrecy Act for example, is often the first place (or one of the very first) that a regulator inspects during a review. Failure to maintain an effective monitoring solution can be extremely costly. For example, just this year, U.S. Bank agreed to a $600+ million settlement with federal regulators for manipulating their transaction monitoring solution by placing a cap on the number of alerts generated.

It can be argued that fintech firms – particularly challenger banks, payment companies, wealth management funds and real estate investment platforms – are the very ones most susceptible to targeting by threats ranging from petty criminals to large, transcontinental criminal organizations which may include terrorist organizations. Severe enforcement action against one of the pre-runners to the fintech boom, Liberty Reserve, demonstrates all too clearly the cost of growth at the expense of good controls. After all, it is no secret that criminals seek out firms who are experiencing rapid client growth, nascent systems and a desire to meet investor expectations, all factors requiring continuous and proactive management. Our recent blog post, for example, highlights a common theme surrounding “deep fakes” that comes directly from a challenger bank we are familiar with.

So, what does this all mean?

It means that fintech firms, the banks who “loan their licenses” to them, the lawyers who advise on compliance and their investors should frankly be asking more questions. And soon. Below we outline some areas to focus on to ensure that your firm (or your investment) remain ahead of the pack in what is certainly the beginning of a robust round of regulatory inquiry.

Some Essential Steps for Safeguarding Your Organization (or Investment)

1) It all starts with “tone from the top”. The best run financial institutions we evaluate have active CEOs, boards and heads of compliance that “walk the business” and are constantly evaluating things with proper skepticism. For larger fintechs (e.g., large payment companies, challenger banks, etc.), adding a hands-on independent director with deep regulatory and compliance experience is a wise move as your inherent risk increases via new product lines and expanding customer volume.

2) A number of regulatory fines have stemmed from a legacy of “poor culture” within in an organization. The largest sanction and fraud-related fines have almost invariably described a culture of greed, corner-cutting and flouting of the rules. Reporting to the board on compliance culture is critical and can be demonstrated by things like staff churn, whistleblowing reports, alert volume, transaction exceptions and surveys.

3) Test your compliance program regularly. There is a role for internal audit and there is also an important role for independent testing. Going beyond “tick box” reviews is imperative to find and stay ahead of risk.

4) Tune your system and work to improve client data. A system – no matter how good and how much AI you have (or think you have) behind it – is only as good as the data you maintain on your customers and the lists you use for screening.

5) Be proactive on financial crime compliance and document it. How often does the compliance committee meet (assuming there is one)? What do they discuss? Do they consider new products and emerging geopolitical trends that may impact the business (e.g., Venezuela)? They should. And it should be documented.

6) Perform financial crime risk assessments. Where are vulnerabilities? Are you over exposed to a particular client type, jurisdiction or product? How does the company ensure that those risks are well managed and properly resourced to offset the identified inherent risk?

7) Get rated. A rating is an efficient, powerful and independent way to demonstrate to the board, investors and regulators that you take financial crime compliance seriously. Financial institutions, NBFIs and private equity firms across more than ten markets can’t be wrong in getting Sigma Ratings themselves.

Traditional financial institutions, banks and fintech disruptors – all of whom we support and encourage – can benefit from a more active approach. Of course, there are limitations, but done well, compliance should be seen as an investment versus a cost. An investment in ensuring regulatory compliance, as well as protecting shareholder value and ultimately, the international financial system.

Stuart Jones, Jr. is the Chief Executive Officer and Founder of Sigma Ratings, the world’s first AI-driven rating agency for financial crime compliance. Prior to Sigma Ratings, Stuart served as a senior U.S. Treasury official and as a principal at EY. Sigma Ratings is based in New York and operates in the Americas, Europe, Africa, Southeast Asia and the Middle East.

1 note · View note

sigmaratings · 6 years ago

Text

Error: This Person Does Not Exist

First Fake News, Now Fake People

Alexa Altos operates a web design firm in California, has a number of employees, a growing client roster, thousands of Facebook and Instagram followers and incredible testimonials. One of the testimonials, from Alejandro Martinez, notes that Altos’ web design services “were on time and under budget.” Jennifer Reilly wrote, “Alexa is a pro. She and her team are thoughtful and delivered an incredible site for us.” Each of Alexa’s team members have Facebook and LinkedIn profiles that detail their connections and professional accomplishments. They too have multiple friends, reviews and examples of their design work.

Incredible social proof. Yes. So, what’s the problem? The web design firm doesn’t exist. Alexa doesn’t exist. Neither do Alejandro or Jennifer. The company, which advertises modern offices online, is in reality registered to the address of a storage unit on the outskirts of nowhere. The problem is that companies like this are on the rise and are often a part of a wider criminal network targeting access to the international financial system for a range of illicit pursuits. What’s more, the image above of “Alexa”, is AI-generated. This person is literally from nowhere. For more examples click here and peel back just how bizarre things are about to become. And how complicated the operations and compliance jobs are becoming both at global banks and fast-growing tech startups. Are you confident this person is not your Facebook or LinkedIn connection? Or even worse, potentially your client.

#deepfakes #machine learning #kyc #deep learning

0 notes

sigmaratings · 6 years ago

Text

Predicting ‘19...

Greater Consequences with Greater Technology

In a few weeks, it will be the year of the pig, but I’m not so sure that its going to be that generous. Much of what kept us awake in 2018 will continue to do so in 2019 with potentially greater consequence. Some thoughts below.

After a turbulent 2018, here’s what is top of mind over the next twelve or so months in the risk and compliance space.

- The Europeans will get tougher on risk and compliance in the wake of Danske Bank and ten years of foreign (primarily U.S.) enforcement actions.

- Innovative and newly formed emerging market banks will increasingly look for ways to circumvent normal payment channels (e.g., SWIFT), but tradition will take longer than people think to displace.

- China will begin to test its own form of sanctions. Various geopolitical or economic flash points could make that a reality sooner rather than later.

#sigma sigmaratings predictions 2019

0 notes

sigmaratings · 7 years ago

Text

What Does Transparency Look Like?

Transparency Does Not Need to Be Hard

“To achieve an equitable, inclusive, and more prosperous future for all, we must foster a culture of integrity, transparency, accountability, and good governance.” - UN General Secretary, Ban Ki Moon

In the wake of huge money laundering scandals across European banks, this future may feel further away than ever. However, at Sigma Ratings, we believe that financial institutions can improve by improving their technology. Even though improvement is necessary across the financial industry, we have noticed great examples of transparency. Many industry leaders are using their corporate websites to provide information critical to understanding compliance, governance, and sustainability risks.

For example, HSH Nordbank's website is representative of a commitment to transparency. Any customer, client, counterparty or regulator can find the information they need to make a decision. The bank provides its credit ratings, tier 1 ratios, beneficial ownership structure and CVs for each of its board members. The work that HSH Nordbank has done needs to become the standard for all financial institutions. Luckily, it is not that hard for others to to adopt transparency.

Easy things banks can do to improve transparency:

Publish annual reports & financials online

Publish external audits such as CEFEX , LEED, or Cyber Security Ratings

Publish relevant filings such as ADVs, Wolfsbergs and Patriot Act Certificates

Provide spreadsheets of ownership and executive management

Publish beneficial ownership, not just direct ownership

Publish a list of board members (including tenure, bios and potential conflicts)

Publish a list of correspondents and counterparties

Advanced things banks can do to improve transparency

Create an RSS feed for Press Releases

Publish aggregated & anonymized data on environmental impact, suspicious customer activity, and social impact

Publish training requirements for compliance staff

Publish minutes from board committees

Publish a timeline of fines and regulatory actions

Opt in to receive external audits such as a Sigma Certified Rating™

Publishing high quality information on a website is the easiest way to show a commitment to transparency. Investors, other financial institutions, and regulators will appreciate the ease of access during due diligence. An organization that does not hesitant to share, is one that signals it has nothing to hide.

#transparency #esg #sigma ratings #compliance

0 notes

sigmaratings · 7 years ago

Text

ESG’s Next Frontier

Compliance is Missing from the Equation

More than $22 trillion assets are now invested according to ESG principles, according to a McKinsey & Co. study found.. Environmental, social and governance principles form the basis of ESG. A survey by BlackRock last year found that 67% of millennials want investments to reflect their social and environmental values. At the same time, the IMF estimates that criminals launder up to $2 Trillion a year. Unfortunately, existing ESG ratings tools are not preventing investors from investing in the companies that facilitate these crimes.

if("undefined"==typeof window.datawrapper)window.datawrapper={};window.datawrapper["KPSde"]={},window.datawrapper["KPSde"].embedDeltas={"100":552,"200":502,"300":477,"400":477,"500":477,"700":477,"800":477,"900":477,"1000":477},window.datawrapper["KPSde"].iframe=document.getElementById("datawrapper-chart-KPSde"),window.datawrapper["KPSde"].iframe.style.height=window.datawrapper["KPSde"].embedDeltas[Math.min(1e3,Math.max(100*Math.floor(window.datawrapper["KPSde"].iframe.offsetWidth/100),100))]+"px",window.addEventListener("message",function(a){if("undefined"!=typeof a.data["datawrapper-height"])for(var b in a.data["datawrapper-height"])if("KPSde"==b)window.datawrapper["KPSde"].iframe.style.height=a.data["datawrapper-height"][b]+"px"});

The above plot demonstrates that existing ESG ratings methodologies are not capable of predicting which financial institutions are committing serious offenses. Sigma Ratings compiled data on the amount of fines paid by a number of banks, as well as the average ESG rating of the banks in the months leading up to the fine.

With a PPMCC of 0.18, it is clear that fines do not correlate with ESG ratings. Many of the worst offenders, such as Danske Bank, have very high ESG ratings. Customers have trusted ESG investors to place their money in responsible institutions. Ensuring .

Beyond just responsible investments, customers also want to see a return. As seen below, there is a correlation between financial institutions that are caught money laundering and decreasing stock prices. Financial crime is not just ethical concern, but a concern to anyone interested in profit.

if("undefined"==typeof window.datawrapper)window.datawrapper={};window.datawrapper["ezUUo"]={},window.datawrapper["ezUUo"].embedDeltas={"100":603,"200":519,"300":502,"400":477,"500":477,"700":477,"800":477,"900":477,"1000":477},window.datawrapper["ezUUo"].iframe=document.getElementById("datawrapper-chart-ezUUo"),window.datawrapper["ezUUo"].iframe.style.height=window.datawrapper["ezUUo"].embedDeltas[Math.min(1e3,Math.max(100*Math.floor(window.datawrapper["ezUUo"].iframe.offsetWidth/100),100))]+"px",window.addEventListener("message",function(a){if("undefined"!=typeof a.data["datawrapper-height"])for(var b in a.data["datawrapper-height"])if("ezUUo"==b)window.datawrapper["ezUUo"].iframe.style.height=a.data["datawrapper-height"][b]+"px"});

If your institution is pursing ESG investing, its time to utilize Sigma Ratings. There are more than 1000 publicly traded banking institutions in the world. Many of these institutions act with the utmost responsibly and integrity. With Sigma Insight, you can act upon that opportunity. We urge you to contact Sigma Ratings and work with us to maximize return and responsibility.

#esg #financial crime #aml #banks

0 notes

sigmaratings · 7 years ago

Text

Norvik Banka Achieves BB+ Business Integrity Rating

NEW YORK, October 11, 2018 – Sigma Ratings Inc. announces its first-ever Sigma Rating for a Latvian banking institution: Norvik Banka achieved a rating outlook of BB+ (Stable), which places it within reach of the “Industry Leader” segment (BBB and above).

By means of this independent rating on financial crime vulnerability and governance, Norvik Banka is demonstrating the differentiated strength of its compliance controls and efforts to uphold global financial transparency standards.

Sigma assessed Norvik’s financial crime risk as “MODERATE” with control effectiveness as “ESTABLISHED.” The rating notes that the bank broadly has strong financial crime controls in place and has made considerable progress in strengthening its risk posture. Norvik is the first Latvian bank to receive a rating of this kind. To obtain more information on Norvik Banka’s Sigma Ratings report, please contact Norvik Banka or Sigma Ratings, Inc. directly.

“We are committed to ensuring a strong compliance function and have invested in new, world-class compliance tools. Most importantly, we have invested in our people by training and expanding our compliance staff,” said Norvik Banka CEO, Oliver Bramwell. “We are eager to showcase the return on our compliance investment by way of our BB+ rating and remain committed to strengthening next year’s rating further.”

Sigma Ratings reviewed Norvik’s inherent risk environment and control effectiveness around Financial Crime Compliance (FCC). The review included FCC factors specific to anti-money laundering, countering the financing of terrorism, sanctions, and aspects of other non-credit risk issues such as geo-political risk and national-level regulatory proficiency. This process included a desk review of data and meetings with executive management, compliance, internal audit and front-line staff at Norvik Banka in Riga, Latvia.

“Our mission is to support global business and banking growth by enhancing transparency and standardizing metrics for good corporate behavior,” said Sigma Ratings Chief Executive Officer Stuart Jones, Jr. “In an increasingly challenging risk environment, our ratings provide the gold standard that helps streamline the financial crime risk assessment process for financial institutions. If a bank pursues a rating, it’s because it wants to demonstrate commitment to openness and the fight against financial crime.”

About Sigma Ratings:

Sigma Ratings, Inc. (“Sigma”) is the global leader in non-credit company risk ratings. Sigma is the world’s first A.I.-assisted non-credit risk rating agency deploying a proprietary algorithm, deep domain expertise and innovative technology to rate a company’s vulnerability to financial crime risk. Unlike traditional credit rating agencies, Sigma is focused on emerging markets and provides novel, dynamic, entity-level risk analytics that are not available anywhere else. By collecting and quantifying specific operational risk data around compliance, governance and other non-credit risk factors, Sigma empowers emerging market companies to differentiate and enhances global banks and investors’ ability to assess counterparty risk.

For more information about Sigma Ratings, its products or its team, please contact [email protected]

# # #

0 notes

sigmaratings · 7 years ago

Text

What the experts are saying about the value of Sigma Ratings

Q & A with Mark Batts

Former Managing Director, Financial Institutions Group Head of Enhanced Due Diligence (EDD) HSBC, London

1. Please tell us a bit about yourself, your work, and your relationship with Sigma Ratings

I have more than 35 years of experience working in international banking. My experience has encompassed change management, financial crime risk assessment and control framework design. I have restructured, re-positioned and managed a range of business lines. I also have extensive knowledge of banking sectors in many countries, particularly the developing economies, through working with both financial institutions and corporate clients. My current focus is working with bank clients to develop intelligent and proportionate financial crime compliance control frameworks.

In my last “institutional” role as Managing Director, I was invited by HSBC to design and manage their Global EDD team for correspondent banks and HSBC affiliates. This was in order to respond to an immediate demand from the US regulator to have a robust process in place that could perform EDD on those correspondent banks (CB) and affiliates that posed the highest financial crime risk in high risk countries. This also necessitated the design and creation of a CB Risk Appetite Statement and Risk Assessment Methodology. The initial regulatory imperative was to structure a global team to perform site visits on circa 200 banks and affiliates in 35 countries in a 15-month time period. The team had to operate globally and to produce consistent output in terms of reports and recommendations. In addition to an EDD methodology, a process also had to be developed to perform EDD on several hundred legal entity banks that were also categorized as high financial crime risk, although operating in medium and low risk countries.

I formally joined Sigma on February 1, 2018, however I had been talking to Gabrielle and Stuart for quite some time before then. I joined because I am keen to see thoughtful standardization of the Customer Due Diligence (CDD)/EDD process for banks and other financial institutions. Sigma is the first organization that has actually come with a scalable methodology for making this happen.

2. What does Sigma Ratings do that differentiates it from others?

Sigma combines field experience and technology in a way in which other companies cannot compete. For example, Sigma uses proprietary algorithms to scrape the web for all publicly available information on a financial institution and then goes a step further to refresh that information dynamically. No one else comes close to tracking such data with similar frequency. I should add that Sigma is able to do all this without being disruptive to the bank. Essentially, there’s a lot of insight without the hassle. They apply smart technology where appropriate, but still conduct rigorous risk assessments where technology can only go so far, such as with their solicited ratings.

3. How do consultancies and similar service providers differ from Sigma Ratings?

Whereas consultancies and the like might focus on a specific issue for a client and assist them with a particular problem set, Sigma Ratings conducts CDD/EDD and financial crime analysis for all potential entities on a system-wide level. At the entity level, Sigma tackles the components of the CDD/EDD process thoroughly and efficiently by first using technology solutions and then applying a rigorous methodology via private assessments. This means that Sigma’s clients can spend their finite compliance dollars on the problem areas that matter most.

4. You are a veteran in the compliance space, working across markets and on different issues related to correspondent banking and illicit finance—why is financial crime risk assessment and management of equal or greater importance than compliance in today’s day and age?

I’ll take veteran as a compliment! I think that compliance is part of the story, but it is not enough. Compliance denotes simply making sure an institution is complying with regulations. I’d rather talk about financial crime risk assessment and management. That’s what institutions need to live and breathe. After all, “risk,” per se, is not a bad thing; it’s the management of that risk that truly matters. Once you have measured your financial crime risk then you can think about how you are going to manage it. This is a very strong value-add from Sigma.

5. Having worked in all aspects of compliance, what changes or trends stand out in today’s environment?

Technology, technology and technology. It brings down costs, standardizes procedures, reduces the potential for human tampering and should allow for the real exceptions to be thought through properly. Machine learning, for example, can help firms draw connections across terabytes of internal data in ways that would not have been possible even a few years ago. This helps firms spot patterns and move beyond static alert scenarios. Algorithms such as those that Sigma has developed can help firms see across public data and markets at an entity and/or country level cost-effectively and in totally new ways.

6. How have governments, companies, and individual investors’ perception about compliance evolved in the last few decades?

In some cases, they haven’t changed nearly enough. Some people pay lip service only, yet there remains much to do. That being said, there is growing consensus that this is a fight against financial crime, as well as a realization that these are not victimless crimes and that it’s in everyone’s interest to deter, detect and protect against financial crime. I think that people these days increasingly realize the criticality of risk management and of applying thoughtful and commensurate control frameworks.

7. From both the global and emerging markets (EM) perspective, what could banks do better to increase transparency in EMs and, potentially, alleviate issues related to de-risking and the skyrocketing costs of compliance?

As a matter of course, I would strongly encourage the adoption of Sigma’s proposition. EM banks should certainly do more to showcase the efficacy of their risk mitigation controls. As noted earlier, risk is not a bad thing when managed properly. Sigma can help these institutions to differentiate.

On transparency, there is certainly room for improvement. Many people and regimes still hide behind complex structures designed to protect anonymity. In a world of increasing concern regarding ultimate beneficial ownership, anonymity will suffer from demand for greater visibility. EM banks must be prepared for this eventuality.

Compliance is a (human) resource-intensive endeavor. Technology will be essential to reducing costs.

8. Are we on the cusp of a new era of standardization and bench-marking for non-credit risk?

I hope so. The more that institutions manage financial crime risk in the way that they manage credit risk, the more likely it is that institutions and regulators will realize that a lot of the information-gathering and risk assessment can be offloaded in a cost-effective manner to a third party, like Sigma Ratings. The offloading of the standardized part allows institutions to concentrate their resources on deep dive and thematic financial crime issues. And yes, the bench-marking availability is as important as the utility aspect as it allows for comparison across markets.

9. If Sigma Ratings existed when you were head of Financial Institution EDD, how would you have thought about using it?

I would certainly have recommended using Sigma during my time with HSBC. Although there were many client groups that HSBC banked, there were literally thousands of legal entity banks that had US Dollar and other denomination accounts with HSBC. It would have been much more cost effective for Sigma to have performed the EDD on these banks, excluding the account analysis piece, leaving HSBC to target more of its “compliance dollars” on the most critical issues. In addition to this, by using Sigma’s standardized assessment methodology, the bank would have had the ability to better assess the relative financial crime risk of banks in each country, and possibly even country by country.

#fcc #hsbc #banking

0 notes

sigmaratings · 7 years ago

Text

Inconvenient truths

A New Hub for Money Laundering

Last week the Wall Street Journal highlighted a new, burgeoning money laundering hub. Where is it you ask? Well, one might slip into “group think” and assume the hub is a far-flung emerging market that failed a Financial Action Task Force (FATF) effectiveness exam or recently confiscated the yacht and Rolex collection of a shamed prime minister. That assumption is flat wrong. The hub in question is . . . Canada. Yes, that G20/G7 country in North America.

The Journal article shines a well-researched light on the sheer magnitude of the problem facing global bankers, regulators, and other stakeholders. The problem is this: If Canada is facing complications tackling AML challenges, what are we to deduce about the reality on the ground in countries with less resources?

To illustrate further, the Basel AML Index, run by the International Centre for Asset Recovery, and relied upon by a number of banks for country risk scoring, lists Canada as relatively low risk. The Basel AML Index model also, interestingly, lists Estonia among the safest countries in the world (Note: Estonia is in the eye of an AML superstorm connected to the Danske Bank case).

An informal - and unscientific - review of banking and corporate contacts reveals that less than 5% have both Canada AND Estonia internally as medium risk or above (though this is probably changing).

These revelations highlight two key points that underpin our thesis at Sigma Ratings: i) financial crime risk is dynamic, requiring dynamic models; and

ii) while country risk models are helpful, they must be viewed in concert with deeper level analytics at the company level.

To address these two points, we have built what we believe is an incredibly durable and robust country risk model and used that to underpin a growing database of entity risk scores.

Where can you get it? Well, after testing it with 10 of the world’s largest global banks and a number of regulators, we are adding features, coverage and further dynamism. A new addition will be available to the wider market this fall. If you are interested in getting on the early wait list send us a note at info [at] sigmaratings.com

0 notes

sigmaratings · 7 years ago

Text

Perception & Reality

During recent travel in the Middle East, we met with senior executives at leading banks, exchange houses and regulators across the region. Top of mind, in many of the meetings, were two things:

i) the demise of Abraaj Capital; and

ii) the impact of increasing pressure on Iran in the region.

Both are significant and have longer term consequences for the region.

Let’s take them in turn.

For the uninitiated, Abraaj Capital is a Dubai-based, Gates Foundation-affiliated private equity firm that loomed large for over a decade. At its peak, Abraaj managed some $14 billion, mostly focused on returns in higher risk emerging markets. Hailed as an "indigenous fund" that often punched above its weight alongside industry titans KKR, Carlyle and TPG, the outfit was, for some time, a local source of pride. Abraaj generously sponsored Art Dubai, lavish gatherings in Davos and served as a sort of pit-stop for the who's who stopping through Dubai on way to London, New York or Hong Kong.

It all came to a stop earlier this year.

Governance issues plagued the fund and ultimately, brought down the brand and its founder-leader seemingly overnight. Despite being regulated by the Dubai Financial Services Authority, widely regarded as a top-tier regulator in the region (and globally), Abraaj faltered and with it people's confidence in a region plagued by broader perception issues.

So, how does this connect to Iran?

Directly it doesn't. Indirectly it does. The link, again, is the broader perception of regional risk.

Throughout the year the U.S. Government has stepped up pressure on Iran. In May, for example, Treasury implicated the Central Bank Governor of Iran, citing his role in moving money for the Iranian Revolutionary Guard Corp (IRGC). Moreover, Secretary Mnuchin called the Iran Central Bank Governor's actions, "...appalling, not surprising," hinting at the Administration's unguarded thoughts on the matter.

On June 5, 2018, the Under Secretary of the Treasury for Terrorism and Financial Intelligence urged the private sector to “do more to make sure your compliance programs are airtight” with regard to Iran. And just this week, as part of a high-level delegation to the United Arab Emirates (with side trips to Saudi Arabia and Kuwait), Treasury announced that it broke up a network of currency exchanges funneling millions of dollars for terrorism and the IRGC.

These cases -- Abraaj and Iran -- raise important questions for management boards running regional financial institutions, as well as those on the outside looking to invest and operate in the region.

Questions like:

i) How well do I understand my internal control environment and its effectiveness and how do I ensure that my compliance program in this new environment is "airtight?";

ii) Do I really know and can I dynamically monitor my counter-parties?; and

iii) How does the broader market really see me and what can I do to strengthen my position via third party validation of my controls?

#iransanctions #riskmanagement #sigmaratings #middleeast #perception

0 notes