Plan of action – the US Treasury releases the FinTech report
With some fanfare the US Treasury last week released its report into “Non-bank Financials, FinTech and Innovation”. The report is a long-awaited commitment to modernizing the US financial system by encouraging the adoption of new technology. Most of the key FinTech buzzwords like cloud computing, machine learning, digital identity and regulatory sandboxes get a mention and are considered by the report as beneficial to the development of the US financial system. A strong line on cryptocurrencies is noticeably vacant from the 222-page document, which feels like a missed opportunity for the Treasury. The use of blockchain technology in financial services, however, is generally supported.
Alongside the FinTech report, the Office of the Comptroller of the Currency (OCC) announced that it will start accepting applications for its controversial “FinTech Charter”. Successful applicants will be able to function nationwide as if they were a regulated bank. The idea of a FinTech Charter was endorsed by the aforementioned report but renewed opposition from state regulators may already be the horizon. The US has some catching up to do when it comes to readying its financial framework for the contemporary landscape. The recommendations made by this report will hopefully kick off this process.
Are the days of Fin7 numbered?
Fin7 is one of the world’s most prolific organized cybercrime gangs. They are known for their attacks on financial institutions using the specific malware “Carbanak”. In 2015 they earned over $1 billion by hacking into banks, inflating accounts and transferring money into their own accounts. They also have a reputation for commanding ATMs to spew out cash. After a two-year-long investigation, the FBI last week arrested three of its ringleaders on 26 separate criminal charges. The game is unlikely to be up for Fin7 however, with a US attorney admitting that “we are under no illusion that we have taken this group down altogether. But we have made a significant impact.”
So why are these arrests important? Fin7, unlike other cybercrime gangs, operates with a level of sophistication akin to nation-state actors. Unlike nation-state actors however, they are solely financially motivated and should be viewed as a significant threat to banks. The FBI and associated FireEye investigation offer unprecedented insight into how the group operates. One question answered by neither, however, is where all the money goes? After salaries and expenses are paid and research and development conducted for new tools, how do cybercrime gangs spend their money? If banks understood more about the spending behaviors of cybercriminal gangs maybe more could be done to stop them.
Another chink in the EU’s armor?
Documents leaked to Reuters last week reveal that Deutsche Bank, Germany’s largest lender is struggling to perform proper Know Your Customer (KYC) checks. This should be worrying for a bank who, in 2017, was fined $700 million for weaknesses in its overall anti-money laundering framework. The documents show that in the bank’s operations in South Africa, Russia, Ireland, Spain and Italy, it was not uncommon for the vast majority of KYC checks, especially those in relation to the source of wealth, to not be carried out to a sufficient standard.
Deutsche is not the only German AML gatekeeper to receive bad press recently. Back in July, an investigation by German newspaper, Handelsblatt uncovered systemic problems at the country’s newly revamped Financial Intelligence Unit (FIU). The new FIU is said to be so poorly resourced that it takes months for reports of suspicious activity that could be related to terrorism to reach the desks of the police. The situation is so bad that an opposition politician said that “the relaunch of the FIU seems to have been an out-and-out failure”. With both the FIU and Deutsche Bank struggling to fulfill basic AML requirements Germany’s regulators should be concerned. The last thing they would want is to follow in the footsteps on Latvia or Malta.