Have New Zealand Banks unwittingly become “Enablers” of international money laundering?
Devoid of any form of criminal intent, have
banking service providers become silent participants in fraud scams?
Moving from mere banking repositories to Behemoths facilitating a broad range of banking, financial and insurance services, APP fraud has become symptomatic of the frailties directly attributable to electronic transfers.
With Banks deflecting compensation requests
and continuing to operate with relative impunity, APP frauds demonstrate how
far or out of touch the banking service has become with its base of Loyal Core
Client base, which relies on bank ethics and protection.
Perhaps banks should simply, stick to their knitting.
What is APP Fraud
APP fraud scams are “Authorised Push
Payment” transfers of money. These scams
require three participating elements: (i) a victim; (ii) a criminal enterprise;
and (iii) Banks acting as intermediaries.
In general, scams include but are not
necessarily limited to: (i) impersonation; (ii) invoice fraud; (iii) investment
scams; (iv) romance scams; (v) CEO fraud i.e. is a type of spear phishing
email attack; and (vi) technical support scams.
Often posing as legitimate companies,
genuine persons, or representing “worthy schemes”, pervasive criminal elements regularly
approach vulnerable people using a variety of contrived ruses, or devices to
gain requisite confidence. By this
process they encourage the person (victim) to transfer funds from their bank account
to that of the criminal enterprise.
Peculiar to APP fraud, the victim
voluntarily approves or authorises the transfer of funds, from their bank
account to another bank account, often through online banking, a device or by
telephone.
Recovery of defrauded funds is increasingly
rejected by Banks, placing responsibility and blame with their Loyal Core Client
base. As a defence, Banks contend contributor negligence by the victims whom
they claim by and large, relied on their own judgment and motivated by avarice,
willingly participated. Hence the convenient
fault, lies with victim.
Bank Responsibility
Each New Zealand Bank has a duty and obligation
to operate in absolute adherence with standard operating procedures, business
practices, Codes of Conduct and various Codes of Ethics.
Additionally, the Bank must comply with the
“know your customer” (KYC) and “anti-money laundering” (AML) practices. AML duties include Statutory obligations to
report suspicious or unusual activity to the New Zealand Police Financial
Intelligence Unit.
Scam Process.
APP fraud involves two banks.
1 The “victim’s Bank” lawfully transfers funds upon instruction of its Loyal Core Client, to an “intermediary’s” NZ bank account. A proper and a lawful transaction.
2 The victim’s transferring Bank, has a right to believe on reasonable grounds that the intermediaries Bank account has been KYC checked by that Bank, and that the account is bona fide. No matter, if the beneficial owners are offshore.
3
The intermediary Bank has an
obligation under its customer KYC, Codes of Practice/Ethics and AML policies to
have satisfied itself as to the bona fides of the party (and/or company)
opening the account that all parties including beneficial owners involved are
legitimate. The intermediary account may
be operated by an offshore entity.
Accordingly, more though research must be conducted – and not
necessarily from a desktop.
4
When we make a payment via our
computer or mobile APP, which is “unusual”, we will receive an alerting TXT to
our mobile phone or to our email, from our bank: (a) alerting us to the
transfer with instructions to call the bank if it’s not us making the transfer,
and/or (b) providing a validation code number, if it is a transfer of our
making.
5 The overarching problem
lies not with the original transfer as the customer/victim is comfortable
making the investment. The problem arises
however, with the intermediary Bank.
That is, when the money is transferred to a scammers' account. Does a
liability exist with intermediary bank?
Salient point
being, that the bank algorithms can and do detect “unusual” activity.
Question? If $100.000 is transferred from the account
of a Loyal Core Client (1) who does not regularly transfer $100K, such a
transaction presumably precipitates a TXT code for validation, which in turn
suggests that banks' algorithms are constantly searching.
APP fraud also involves Credit Card
companies.
On one occasion I
was contacted by a credit card provider, enquiring whether I had purchased at
MacDonalds, as this purchase was not a usual transaction for me. This alerted me to the fact that I had lost
my card and that it was being used unlawfully.
The salient
point being, that the Credit Card company algorithms detected an unusual
transaction.
APP fraud also involves telecommunications
providers. Scammers contact victims
either via email or a telephone call.
On a number of
occasions, I (and I’m sure many readers too) have answered incoming mobile
phone call from a number showing a New Zealand telco providers prefix, to be
confronted with a foreign accent offering “opportunities”. These calls immediately alerted to me that
he/she was a scammer. On each occasion,
after politely declining the offer, I called back the number shown in my phone,
which failed to connect.
Something is missing.
APP scammers use NZ Telco facilities. Where is the co-ordination among Telecoms
providers and banks? What level of due
diligence are Telcos obligated to apply when issuing a phone number/contact
capability?
Banks harbouring clients who receive
transfers of large amounts from another NZ bank, being amounts of money which
are immediately transferred offshore?
Does this practice obligate Banks to revisit KYC and/or reconsider AML
protocols?
Remember, as soon as funds are
transferred by the victim, they have been obtained by a fraud and are subject
to money laundering.
Criminal activity within the hallowed halls
of banking institutions, should be the responsibility of internal bank investigators
(invariably ex cops).
Does Client information protection outweigh
interface with bank police and/or Telco company police?
Surely, long serving loyal bank clients deserve protection and care by the ostensible masters of financial
transactions?
Dismissing mistakes by KYC’d clients, as
self-negligence, is in my view, a step too far.
Liability?
If bank algorithms are as effective as the
above examples suggest, I contend that Banks do have liability where they fail
to “place on hold” (2 days) transactions of unusually large amounts, to allow
bank police to earn their salaries by examining the integrity the “unusual”
transfer.
Last Resort
Acting in accordance with New Zealand law
and not being “influenced” by foreign government “interests”, the NZ Police Financial
Intelligence Unit, may be the last step in the process of investigating
international criminal fraud and money laundering, but based on my recent informing
FIU (2) of specific “activities”, in compliance with NZ law, as a former
Police Inspector in charge of Criminal Intelligence Units, I hold the opinion
that they need to, lift their game.
Remedy?
New Zealand’s Government takes up the
cudgel in Parliament where it formulates a Bill for approval in the House,
which clarifies the current ambiguity, by imposing a code of conduct on all banks,
credit card companies and telco providers, rendering such providers liable for
losses suffered by its KYC’d approved core clients and potentially liable for
criminal money laundering charges.
Ross Meurant BA MPP Company Director. Former Police Inspector O/C Criminal Intelligence Unit & V.I.P. Security planning. Former Member of Parliament. Former Honorary Consul.
(2) https://www.police.govt.nz/advice/businesses-and-organisations/fiu
2 comments:
I go into a shop to buy an ice-cream.
I give the person behind the counter $5 and watch them coop the ice-cream into a cone and then they give it to me.
I don't like the ice-cream, it fails to satify.
Mr Meurant would then have the Reserve Bank of New Zealand, as the issuer of the $5. note, reimburse me that $5.
Only the specific details of the transaction are changed.
Hi Tinman, your comments are theoretically correct, albeit simplistic. There is absolutely no question that the best protection for your money is you. However, does the intermediary bank (as Meurant explains clearly) not have an obligation to check the bona fides in an account opening application. If bank research conducted on the account pays only lip service to the banking process - why bother at all. On the other hand, had the intermediary bank completed KYC research to a level that I as a bank consumer and regular online user, they would act/serve as a gate keeper and through that work shed New Zealanders from the wiles of these miscreants. That is even before AML raises itself. Stop it at source I say. PC Plod
Post a Comment