June 29, 2021

For this Trend Letter I’ve found 2 articles with a link to Australia. The first is about the never-ending ingenuity of money launderers and the phenomenon of cuckoo smurfing https://www.riskscreen.com/kyc360/news/australian-watchdog-warns-against-sly-laundering-scheme-known-as-cuckoo-smurfing/. The second about awareness, policy and internal procedures following an AUSTRAC report on NAB https://www.riskscreen.com/kyc360/news/australias-nab-reveals-anti-money-laundering-probe/. I’ll briefly make some observations about both articles but the focus is – as usual – on how FIs can deal with this sort of news and achieve an operationally compliant organization.

I trust that I don’t have to explain the concept of ‘smurfing’ but cuckoo smurfing is likely not so well known… This goes above and beyond smurfing by making a legitimate payment to a middleman who uses the payment to launder smaller payments. The example used is a middleman posing as an oversees student intermediary who can help parents get monthly allowances to their studying kids. The middleman receives the legitimate payment, parks it in an offshore account and uses dirty money to pay the student via several smurfs to avoid transaction monitoring limits and limiting the traceability of the source of the payments. Hard to detect and not easy to tackle because ‘nobody’ loses – or so it seems of course.

The second article talks about the responsiveness of FIs towards compliance breaches or shortcomings. Most FIs will understand the importance of quality assurance and regular audits combined with ‘self-reporting’ of issues, findings and problems. But AUSTRAC reported on NAB the following: “In particular, the seriousness of self-disclosed matters presented to AUSTRAC over a prolonged period combined with the accompanying closure rates is concerning.”

So it’s good and proper practice to self-disclose issues found and an organization should have the controls and assurances in place to detect issues in any part of the AML/CFT environment and not hold back – or delay – reporting any findings. However, the FI needs to realize that reporting issues is a good thing but having issues and not solving them timely is of course not.

So what can we learn from these two stories? Many things of course and I invite you to draw your own conclusions but I’d like to highlight a few aspects that deserve attention and give 4 recommendations for improvement.

  1. It’s important for organizations to look at and listen to what is happening in the outside world. To detect trends, to pre-empt situations that others have already encountered, to learn from what other organizations went through. It’s easy to stick to policy and follow procedure but the world outside is changing, money launderers come up with new tricks and FIs better be prepared.
  2. FIs need to have teams that focus on fast, efficient and good execution of processes with help of well implemented, AI supported systems. But that’s not where it stops. FIs also need a few people or a small team looking at individual cases, patterns, cross referencing clients and transactions, looking at high volume and high value ATMs, similar transactions in the same postal code area etc. FIs need not only have systems and teams in place to execute procedures but also people who think, observe, have oversight and can connect incidents from across the organization or even link transactions with external information.
  3. FIs need a regular review of the overall FEC internal environment: the firm’s risk profile, number and severity of audit findings, issue resolution time and other parameters need to be part of a periodic health check.
  4. A good FEC change team is a must for any FI since the abovementioned recommendations will lead to triggers for change in the organization. Once changes have been agreed and defined – changes in policies, system settings, procedures and QA guidelines – will need to be implemented fast and well.

Rolf van der Pol