Author: admin

Bitcoin and the Regulation of Digital Currency

Bitcoin and the Regulation of Digital Currency

Despite strong debate over the regulation of digital currency, Bitcoin users and governments agree consumer protection is important. In the UK, the FCA is yet to produce a full regulatory framework for Bitcoin, but profits and losses are taxable.

The FCA is working with Bitcoin startups in the UK to develop a ‘regulatory sandbox’. This would act as a voluntary framework of best practice standards to protect consumers and stabilise prices.

Calls for further regulation are generally focused around three main issues: volatility; anonymity and exploitation; and inclusion.

Bitcoin is a volatile currency. Most major currencies average between 0.5 and one per cent. According to the Bitcoin Volatility Index, Bitcoin was almost five per cent in March 2017. While proponents believe regulation would help steady the price, critics claim the volatility will be comparable to major currencies by 2019. They argue that while prices may have gone up, volatility is decreasing. As disclosing your identity to use Bitcoin is not necessary, fears of criminal exploitation and money laundering have led to strong calls for increased regulation.

Indeed, the EU published draft legislation on 9 March, that would allow financial intelligence units to collect and store identifying data on digital currency users.

Privacy rights activists oppose this action, arguing money laundering and criminal activity are discouraged by the open, transparent nature of the block-chain.

Proponents of regulation argue the reason banks and other major financial institutions have thus far rejected the inclusion of Bitcoin is due to a lack of regulation.

Critics claim the banks will never accept crypto-currency, as the peer-to-peer nature of the network only makes banks more obsolete.

The future of Bitcoin will certainly include some form of loose regulation. However, if financial authorities push too hard, they could see Bitcoin trading fall further into the dark web and into the hands of criminal enterprise, simultaneously losing the incredible potential this technology holds.

We deliver concise due diligence on online and virtual businesses, vendors, agents and other counter-parties to satisfy financial crime compliance and AML demands, so that our clients can operate with confidence.

For further information about our due diligence, background checks and investigation services please contact us on info@tenintel.com.

Our Intelligence | Your Assurance

Anti-counterfeiting news from Dubai | January 2018

Anti-counterfeiting news from our Dubai Team | January 2018

Brand Owner’s inaugural case for seizing diverted medical devices in the UAE

TenIntelligence’s Brand Protection Team in Dubai recently completed a significant instruction for a multinational medical devices and pharmaceutical client, regarding the sale of diverted medical devices.

Diverted products can be described as the “practice in which genuine products intended for a particular market are diverted and sold in another, usually without the knowledge or permission of the brand owner”.

What’s the problem with original products being diverted?

When products are diverted to another jurisdiction, other than where they were originally intended, there is no “control” on how they are stored and handled. Consider the impact of medical devices which may be affected by temperature, for example. What would the effect be to a medical
device when exposed to high temperatures? Would the device work or would it have serious health and safety implications or repercussions? Who would be to blame if a patient used the product and it didn’t work or caused a serious health problem – the retailer or the brand owner?

By performing due diligence, conducting site visits and making purchases of their branded products (which were not for sale directly in the shop), the client was able to thoroughly examine the packaging and cross check all reference numbers to confirm the products had been diverted.
Although the medical devices were original, they did not comply with local legislation, (GSO: 1943:2016).

With evidence provided and samples secured by our team, information was passed to a local law enforcement authority (Dubai Economic Department) and a complaint filed against the trader. The inspectors thoroughly checked the premises (and the secret storage area identified by our team), resulting in the seizure of  approximately 240 boxes.

All cases are important; however, this was especially significant as it was the first time the brand owner filed a complaint in the UAE in relation to diverted products. It was also our first task for this client – a nice win-win!

Luxury fashion house successfully raids premises in Jebel Ali Free Zone and Secret Apartments in Dubai

TenIntelligence regularly provides intelligence to a well-known fashion power house; collecting precise and clear details relating to traders selling
counterfeit versions of their products. The information supplied includes layouts of showrooms, how to enter secret storage areas, and quantities
available (as seen). Think of it as buying a house, a buyer reviews the floor plans prior to purchasing – we draw these floor plans, indicating where the counterfeited products are located, and identify how to access these secret rooms (remote control, by a key stored in a specific cupboard, drawer, location etc.). The floor plans have assisted local law enforcement authorities in locating these “secret” areas, thus yielding a larger quantity of fake products.

December saw successful raids carried out at premises in Jebel Ali Free Zone and Dubai.

The Brand Protection Team attends the 7th Regional Intellectual Property (IP) Crime Conference, Middle East and North Africa

Each year, TenIntelligence attends many IP conferences such as the Regional Intellectual Property (IP) Crime Conference, Middle East and North Africa, as it provides the opportunity to meet with local law enforcement authorities across the region to discuss current trends, enquiries and re-establish links in one arena.

Such events also offer a relaxed meeting environment for both Brand Owners and Intellectual Property Specialists to discuss ongoing and future projects.

For more updates, you can follow us on LinkedIn and Twitter @TenIntelligence.

You can also visit our website at www.tenintel.com/brand-protection, where you can find out how we support clients in the identification, gather intelligence and the execution of enforcement notices on counterfeit branded goods found in the UAE.

To protect your brand and keep your customers safe, contact our brand protection team in Dubai at dubai@tenintel.com, so we can work collaboratively for the identification and safe removal of counterfeit products.

Our Intelligence | Your Assurance

Insights from the London Fraud Forum Conference 2017

Insights from the London Fraud Forum Conference 2017

As always, the conference provided invaluable insights into current fraud trends as well as prevention initiatives and activities by government, law enforcement and the private sector. It is evident that the partnership between these bodies in combating fraud is growing and strengthening.

The London Digital Security Centre

Jon Unsworth, Chief Executive of the London Digital Security Centre (LDSC), gave an overview of how they are helping SMEs in London to operate and grow their businesses online in a secure digital environment. Membership is free and the LDSC delivers masterclasses, workshops, consultations and digital security clinics across London. They also provide affordable and appropriate products for SMEs.

City of London Police Update

Commissioner Ian Dyson highlighted three significant things that are affecting the fraud landscape in the UK: The Crime Survey for England and Wales, the Joint Fraud Task-force and the National Cyber Security Centre.

It was interesting to note that according to the Crime Survey (an independent survey accepted by the Office for National Statistics), fraud and cyber-crime now make up approximately half of crime in the UK. Commissioner Dyson also commented that the Joint Fraud Task-force is growing in capacity.

The launch of the Banking Protocol to protect vulnerable people has seen a good response and is now live in around 35 forces across the UK. The Task-force is now setting its sights on “cardholder not present” fraud. He concluded by saying the National Cyber Security Centre shows the government is serious about cyber-crime. Action Fraud, run by the City of London Police, also has a new system coming in that will make it better and easier for users to report crime.

Cybercrime

Mike Hulett of the National Cyber Crime Unit, part of the National Crime Agency, gave some interesting statistics: 47.5% of all UK crime involves cyber and 68% of large UK businesses had identified a cyber security breach or attack in the past 12 months. He cited the UK’s sophisticated internet infrastructure as the main attraction for online business, luring in cyber criminals and fraudsters.

Mr Hulett explained the 4P approach in tackling cyber-crime: Pursue, Prevent, Protect and Prepare.

Regarding prevention, it was both interesting and alarming to learn that boys between the ages of 11 and 14 are perpetrators and continue to be a specific focus group. Mr Hulett touched on the different types of cyber attacks and gave tips on how to manage risk. He emphasised this involves the whole business, not just the IT department, and that processes, systems and people, should be continually evaluated.

Forensic Linguistics and Fraud

Dr Kate Haworth, of the Centre for Forensic Linguistics at Aston University, presented a case for the inclusion of forensic linguistics in fraud investigations. Dr Haworth asserted that language is a key element in almost any fraudulent endeavour, as it is used to impersonate, persuade or deceive.

One technique of forensic linguistics, which has proved useful in fraud cases, is forensic authorship analysis. This involves analysing language and punctuation use, spelling variations and other linguistic differences to distinguish the most likely
author of a disputed text among a small number of suspects.

Dr Haworth also encouraged the intelligent use of language when interviewing suspects. She recommended the use of the PEACE framework (Planning and Preparation; Engage and Explain; Account clarification and challenge; Closure; Evaluation). This technique involves forming a rapport with the interviewee; explaining the reasons for the interview; listening; probing for details and verifiable information; challenging inconsistencies and asking for explanations; repeating until closure; and, finally, evaluating the information.

Avoiding restriction and coercion is important, particularly when working with law enforcement. Keep questions open-ended and be aware of the function of the language you use.

The Kweku Adoboli Rogue Trader Case: The Investigating Officer’s Perspective

Detective Sergeant Paul Curtis gave his account of the rapid investigation involving Kweku Adoboli, a former trader at UBS who lost $2 billion as a result of unauthorised trading. DS Curtis’ team was thrown into a complex case involving technical trading methods.

In just a few hours, his team was forced to learn the intricacies of Adoboli’s fraud. DS Curtis explained that fraud investigations have three areas of focus: material, assets, and people. His team had to work quickly to understand these.

In the end, Adoboli owned up and was convicted. The fallout was catastrophic for UBS. DS Curtis emphasised the necessity for strong internal controls, particularly in financial markets. Adoboli had been able to run his fraudulent trades without supervision, and when the first alert of losses came in, passed it off as a delayed return, before only doubling down on his fraud and making the situation worse. His fraud could have been easily prevented.

For further information, visit www.tenintel.com/investigations, where you can find out how we support clients with fraud investigation and digital forensics support.

Email us at info@tenintel.com and follow us on LinkedIn and Twitter @TenIntelligence for all updates.

Our Intelligence | Your Assurance

GDPR – Get Data Privacy Ready!

GDPR – Get Data Privacy Ready!

With the introduction of the most comprehensive Europe-wide data privacy legislation to date in the form of the General Data Protection Regulations (GDPR) that come into effect on 25 May 2018, the main question in most business owners’ minds is “are we ready”?

This legislation replaces most of the provisions of the UK’s Data Protection Act 1998 (DPA) and other local data protection laws across the EU. Yes, it is a game changer; no, we shouldn’t fear it. GDPR is designed to give individuals greater and better control over their personal data, establishing a single set of rules across Europe. It also finally provides organisations with a concise approach to managing, processing and protecting personal data.

The continued and unstoppable growth of cyber-crime means organisations of all sizes need to rethink their approach to the security of information and data. Thinking you are ‘too big or too small’ to suffer a data breach or hack isn’t enough and GDPR is a timely reminder of how important it is. Did you know at least 60% of small businesses never recover after a serious data breach or cyber-attack? Everyone knows the importance of staying safe and secure in a digital world; under GDPR the consequences of a breach could result in fines of up to 4% of annual turnover.

Attacks are becoming increasingly more sophisticated and stealthy, targeting people, networks and devices. There are many questions you should be asking yourself now, but to start: Do you know where your data is? Do you meet your legal obligations, including the new GDPR, to keep data secure? Do you have a breach response plan?

With the introduction of our Data Privacy Division at TenIntelligence, our primary focus is to help businesses be resilient, to protect themselves and their customers and to swiftly recover and resume operations if an attack or breach is suffered.

For further information, visit www.tenintel.com/cyber-security, where you can find out how we support clients with data protection and digital forensics support.

Email us at info@tenintel.com and follow us on LinkedIn and Twitter @TenIntelligence for all updates.

GDPR – the basics:

• GDPR introduces greater rights and choice for individuals, while imposing tighter controls and requirements on data controllers and processors.

• GDPR has world-wide application. It will cover all organisations, wherever located, which hold or process personal data of EU citizens.

• Brexit will not affect the application of GDPR in the UK.

• GDPR broadens the definition of ‘personal data’ to include, inter-alia, web-based identifiers and IP addresses.

• It will introduce much stricter rules for obtaining valid consent from data subjects.

• Newly introduced, mandatory Privacy Impact Assessments will have to be conducted by organisations.

• Organisations will be required to apply the principle of ‘Privacy by Design’ to all their processes and systems.

• Data subjects will acquire a new ‘Right to be forgotten’.

• Data Breaches will have to be reported to the relevant authority within 72 hours of an organisation discovering a breach.

• Penalties are hefty and substantial – it could amount to the greater of 4% of an organisation’s annual worldwide turnover or €20million.

Our Intelligence | Your Assurance

Industry Insight: Providing a new level of Due Diligence

Industry Insight - Providing a new level of Due Diligence

We have recently seen a substantial increase in requests for Industry Insight research, interviews and regulatory references complementing our background checks and enhanced due diligence.

The driving force behind this seems to be an increase in regulatory requirements and scrutiny as well as “good governance”. A large proportion of the Industry Insight interviews and Regulatory References we conduct are in relation to senior executive hires or directors of listed companies; as well as listed companies themselves.

But what does Industry Insight entail and why is it such a vital part of enhanced due diligence?

Industry Insight and regulatory references complements and adds value to quantitative data and information in respect of individuals, entities and markets. It provides clients with deepened understanding and valuable context in respect of people, entities, and events/circumstances. It is especially valuable when trying to capture sensitive or adverse information; such as previous litigation and bankruptcy.

Conducting Industry Insight interviews requires skill and a great deal of preparation, including full and proper background research to enable the interviewer to gain maximum benefit. To obtain quality responses the interviewer needs to know when and how to adapt lines of questioning or probe for further information or explanations.

A standard list of questions is not sufficient. It is also important the credibility and relevance of the interviewee is thoroughly researched beforehand.

Industry insight interviews and regulatory references can be face-to-face, although telephone interviews are more common as they are more time and cost effective and not restricted geographically.

In most cases the individual will provide authorisation for our team to speak with independent sources; however, in light of GDPR provisions, there are legitimate interest levels preventing financial crime which needs to be carefully considered. Discreet or covert interviews can also be conducted, when required.

For further information on our due diligence, intelligence and investigation services please contact us on info@tenintel.com.

Our Intelligence | Your Assurance

Social Media and Pre-Employment Screening

Social media and pre-employment screening

Social media searches often highlight potential issues and suitability risks not evident from a candidate’s CV.

Social media due diligence could assist companies to identify adverse or negative content in respect of prospective employees. This could not only spare potential embarrassment and reputational risk, but also save costs, time and effort of appointing someone who may need replacing shortly after.

Social media searches involve the scanning of an individual’s online profiles (Facebook, Twitter, Instagram, LinkedIn etc) as well as media and web blogs to identify any potentially adverse content or references.

Sometimes these searches may be limited due to the individual’s privacy settings; however, even comments made on blogs and websites leave a footprint and can potentially be identified.

We were recently instructed by an international client to conduct due diligence on an individual, Mr J, who was proposed to be appointed to the Board of a public listed company. On his disclosure form Mr J stated he was a director of a construction company. However, searches of his Facebook and Twitter account identified links to a support group for a prominent controversial political figure, Mr. P.

Further investigation identified an alias for Mr J that led our investigators to the discovery he was in actual fact the head of security of Mr P, his so-called association with the construction company merely being a smokescreen. No PEP list contained any reference to Mr J’s political connection to Mr P. If it wasn’t for the enhanced due diligence into Mr J’s social media profile, this would not have been discovered.

Social media searches need to be conducted with care and with regard to an individual’s privacy. However, information obtained from these searches could be instrumental in deciding whether a candidate poses any risk to your company’s internal operation or external reputation.

Due diligence is a very complex and challenging undertaking. A thorough background check into senior executives and new hires should entail rigorous interrogation and analysis of information gathered from a range of open sources, such as: subscribed databases; press articles; company registries; court searches; public records and documents; reference checks; employment and education verifications, as well as social media platforms. It is critical to identify all the possible risks, as the additional cost for the supplementary phases is minimal compared to the possible losses incurred from a bad business decision.

For more information regarding our due diligence service, please email us via info@tenintel.com. Our team is looking forward to providing assurance and help your organisation make informed decisions.

For more updates, you can follow us on LinkedIn and Twitter @TenIntelligence.

Our Intelligence | Your Assurance

Money Laundering Regulations (MLR 2017)

The new Money Laundering Regulations are here:

Businesses need to be aware of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”), which came into force on 26 June 2017.Broadly speaking, this introduces a greater emphasis on risk assessments and an enhanced risk-based approach in respect of anti-money laundering/counter-terrorism financing (AML/CTF) compliance programmes. Sonel Martin highlights some of the changes:

  1. MLR 2017 does away with “automatic” simplified due diligence (SDD) categories. Instead, each business area or function – as well as individual relationships and transactions – requires a risk assessment to decide whether a lower degree of risk exists and SDD can be applied. This should take into account a list of specific risk factors referred to in the MLR 2017.
  2. Enhanced due diligence (EDD) is required in respect of PEPs, correspondents, larger or complex transactions, as well as transactions with unusual patterns. More generally, EDD has to be applied in any case where there exists a higher risk of money laundering. Again, MLR 2017 refers to a list of high risk factors that should be considered.
  3. The definition of politically exposed persons (PEPs) for AML requirements is extended to include domestic PEPs, “members of the governing bodies of political parties” as well as “directors, deputy directors and members of the board or equivalent function of an international organisation”.
  4. This substantially broadens EDD’s scope. Where a person ceases to be a PEP, entities should continue to monitor the risk they pose for at least another 12-months.
  5. The threshold for customer due diligence (CDD) in respect of cash transactions has been reduced to €10,000.
  6. Under MLR 2017, estate agents are required to conduct CDD on the purchaser and the seller.
  7. A new blacklist of high-risk jurisdictions is to be published from time to time. Any transactions or business relationships in such jurisdictions will require EDD.

 

Application of AML/CTF requirements will clearly demand more than a tick box approach; focused risk assessments and comprehensive due diligence, supported by documented evidence, in respect of individual business relationships, customers and third parties will be essential to avoid
potential personal liability.

Our Intelligence | Your Assurance

UK Financial Crime Regime

Changes to the UK Financial Crime Regime

The Criminal Finances Act 2017 (CFA) came into force on 30 September 2017. It introduces further changes to the UK financial crime regime that may necessitate a review of businesses’ existing compliance programmes and financial crime controls. Proper and comprehensive risk assessments will be key.

One of the main measures is the introduction of criminal corporate offences, where a company (or partnership) fails to prevent the facilitation of tax evasion by “associated persons” (including employees and global contractors). Currently, where an employee of a company facilitates the evasion of tax by a customer, both the employee and customer will be committing an offence, but not necessarily the company.

The company or partnership will, however, have a defence if it can show that it had “reasonable procedures” in place to prevent the facilitation of tax evasion. The Government is to issue final guidance in this regard. Companies need to consider their current processes and procedures in light of these changes, as well as the guidance, to ensure compliance and avoidance of strict liability under the proposed new offences. Contravention of the CFA will be punishable by unlimited fines.

The CFA will also make it possible for the suspicious activity reports (SARs) moratorium period under the Proceeds of Crime Act to be extended by further periods of 31 days, up to a maximum of 186 days. This may prove challenging to firms managing customer relationships during such extension periods without falling foul of the tipping off provisions.

Other changes proposed by the CFA include:
• Unexplained Wealth Orders will enable law enforcement agencies to obtain court orders to require individuals who are suspected of being linked to serious crime and whose assets are disproportionate to their known income, to explain the source of their wealth. Failure to do so could result in such assets being treated as “recoverable property” under the Proceeds of Crime Act.
• Enforcement agencies’ existing rights to obtain Disclosure Orders in fraud and corruption investigations will be extended to AML investigations and will be afforded to a wider range of agencies.
• Regulated firms will be able to share information about specific suspicious activities and lodge joint SARs.
• Law enforcement agencies will be given enhanced powers to seize and forfeit property and assets in the UK and obtain freezing orders over bank accounts where there is a reasonable suspicion they represent or hold proceeds of crime.

Through these changes the Government is trying to send a clear message “we will not stand for money laundering or the funding of terrorism through the UK”. At what cost and burden this will come to businesses in practical terms, remains to be seen.

Our Intelligence | Your Assurance

Fraud is alive and kicking

Fraud is alive and kicking

It exists in every industry. Alongside the emergence of cyber-enabled-crime, it is extremely alarming.

So is fraud preventable?

Whilst anti-fraud controls and audit measures can help prevent the occurrence of fraud, the unfortunate truth is that companies are still vulnerable to the threat of internal fraud or perpetrated by employees within the company. The Association of Certified Fraud Examiners (ACFE) reported in their 2016 Global Fraud Study that the median financial loss to each victim company was £100,000 whilst a disturbing 76% of employees or managers had committed the fraud.

workplace investigations

How do you spot a fraudster?

Fraud investigators follow the Fraud Triangle theory.

Those who commit fraud usually fall into three elements: motivation, opportunity and rationalisation. Each of these elements plays a part in committing fraud.

Motivation/Pressure

Motivation typically starts from financial pressure; such as paying for a nice lifestyle, educating children privately, covering financial mistakes or internal losses, to cover gambling habits or even paying for a divorce.

Fraud researcher Dr. Steve Albrecht believed that the most likely motivating fraud factors from the list of personal characteristics were:

  • Living beyond their means or income
  • An overwhelming desire for personal gain
  • High personal spending and debt
  • Too close an association with customers and contractors
  • Feeling that salary was less than their worth or responsibility
  • Demonstrates a strong desire to beat the system
  • Excessive gambling habits
  • Undue financial pressure from friends, family or peers
  • Lack of recognition for performance

Opportunity

This is when an opportunity presents itself to the individual often through inadequate controls or by taking advantage of the trust granted by their position. Yet believing they will not get caught.

Dr. Abrecht’s study also ranked a list of factors allowing the opportunities to commit fraud without being caught:

  • Lack of proper procedures for authorisation of transactions
  • Placing too much trust in key employee positions
  • No segregation of key duties and accounting functions
  • Lack of clear lines of authority and responsibility
  • Absence of frequent policy and procedure audits
  • Lack of independent checks on performance

Rationalisation

How do they justify their choice to commit fraud?

Rationalisation is often the key element when ethics enter the equation and moral judgement is tested.

The individual will justify their behaviour in some manner to lessen their guilt.

The individual will believe it is not a criminal act, perhaps justifying their decision by paying the money back, or thinking that no-one will notice.

During our investigations, we often see perpetrators confess by believing that the company owes it to them for all the hard work they had put in over the years, thus rationalising their behaviour.

Where to look?

We are often asked where the most common areas of fraud occur.

Here are our top ten hot spots for employee fraud:

  • False personal and company expenses
  • Corrupt relationships with suppliers or vendors. When is a gift a bribe?
  • Shell companies and false invoices
  • Payroll for ghost employees
  • Fictitious financial reporting
  • Theft of confidential information
  • Conflict of interest
  • Inventory theft
  • Purchase frauds
  • Inflating sales figures for bonuses

What happens when you suspect a fraud?

Once a suspicion has arisen, don’t panic but act quickly. Seize the initiative by developing a course of action. Analyse the available evidence and circumstances surrounding the suspicion, retain accurate records, develop a fraud theory and set out your objectives in an investigation plan. Whatever the investigation, each case must begin with the intention that it will end in litigation.

Cases of fraud and corporate dishonesty are diverse. Individuals will show different motivations, take deceitful opportunities and rationalise their actions. Uncover the truth using our ten-point guide for planning an investigation:

  1. Analyse the existing evidence and identify who appears to be involved in the fraud.
  2. Prepare and test your fraud theory. Look at the precise methods of the fraud when, where, why, who and how?
  3. Who benefited from the fraud? Was it for personal gain or to hide internal losses?
  4. Consider the possibility of a worst case scenario. Did it involve other people, competitors, customers or suppliers?
  5. Refrain from alerting the suspects of your interest. Nor should you search through their work computers, laptops or emails without first forensically securing an original hard drive image as evidence.
  6. What evidence is there to prove or disprove the suspicions?
  7. Where is, or who has the relevant evidence and how can it be legally obtained?
  8. Consider the preferred outcome in terms of disciplinary action, prosecution or litigation if the suspicions are true (try to resist disciplinary action until the facts have been established).
  9. Identify and retain the necessary skilled resources to achieve the objectives and legally collect the best evidence from digital forensics, surveillance, interviews, profiling, communication analysis, and expenses records etc.
  10. All evidence and records should be preserved and secured. Any movement of evidence must be catalogued showing the continuity of movement.

 

Please follow us on LinkedIn and Twitter @TenIntelligence.

You can also visit www.tenintel.com/investigations, where you can find out how we support clients with fraud investigation and digital forensics support.

Our Intelligence | Your Assurance