Welcome to 'The FinCrime Connection', where we unpack the most significant stories in financial crime. This month, we highlight three key developments that financial crime professionals should have on their radar.
Story 1: New NZ Legislation Mandates Customer Risk Rating Before Service Provision
Starting 1 June, New Zealand reporting entities will face new legislative requirements regarding customer risk assessment. The amendment states:
"A reporting entity must risk-rate a new customer when conducting customer due diligence. The reporting entity must keep a record of the customer's risk rating and review the customer's risk rating."
While this practice has long been recommended as part of good AML procedures, the change now makes it a legal requirement for all reporting entities.
What This Means for Financial Institutions
This legislative change emphasises not just initial risk assessment but the ongoing review of customer risk profiles. Financial institutions should:
- Update AML programs to include ongoing risk assessment processes, not just initial evaluations
- Implement different review periods based on risk levels (high, medium, low)
- Use transaction monitoring to inform ongoing customer risk assessment
- Ensure all risk rating processes are thoroughly documented
The key takeaway is that risk assessment is now a continuous process throughout the customer lifecycle, not just an onboarding requirement. Transaction data should inform your view of customer risk and trigger appropriate reviews.
Read more about the legislation
Story 2: Cyber Attack on Australian Superannuation Companies Affects 9,000 Customers
A recent coordinated cyber-attack on several Australian superannuation companies has resulted in approximately 9,000 customers having their accounts compromised, highlighting vulnerabilities in the sector.
The Rising Threat of Coordinated Attacks
This incident underscores a concerning trend: criminals are increasingly launching coordinated attacks that target multiple customers simultaneously rather than focusing on individual accounts.
While IT and security teams represent the first line of defence against such threats, financial crime teams play a crucial role in detecting and mitigating damage after breaches occur.
How Financial Crime Teams Can Respond
Financial crime professionals should consider:
- Reviewing transaction monitoring rules to ensure they can detect patterns indicative of cyber-attack victims
- Implementing rapid response procedures to flag and freeze potentially compromised accounts
- Working closely with IT security teams to understand attack vectors and translate these into detection scenarios
The faster a compromised account can be identified, the greater the chance of recovering funds and preventing similar attacks in the future.
Story 3: UK Financial Intelligence Unit Reports Increase in SAR Quality and Impact
The UK's National Crime Agency has published its latest Suspicious Activity Reports (SARs) Annual Report, showing significant developments in financial crime reporting.
The total volume of SARs increased slightly to over 872,000 for the reporting period from April 2023 to March 2024. However, the most notable finding was that while "Defence Against Money Laundering" (DAML) reports decreased following the increase in the reporting threshold from £100 to £1,000, their effectiveness improved dramatically.
Improved Reporting Quality Driving Better Outcomes
The number of DAML reports that successfully prevented criminals from accessing the proceeds of their crimes—where no previous law enforcement investigation was underway—increased by 61%. This suggests that financial institutions are submitting higher-quality reports, which enable direct law enforcement action.
Building Better Partnerships
The report highlights that the NCA conducted 302 engagement sessions with reporters, including feedback sessions, presentations, and best practice workshops. These collaborative efforts appear to be yielding positive results, as evidenced by improved reporting quality and better outcomes.
For financial institutions, this reinforces the importance of investing in quality reporting processes and staff training to ensure that when suspicious activity is detected, the information provided to authorities is actionable.
Read the full NCA SARs Annual Report
Stay Vigilant
These cases demonstrate that financial crime prevention requires constant vigilance and adaptation. As criminals evolve their tactics, financial institutions must continually assess and strengthen their controls.
Join us next month for more insights from The FinCrime Connection, brought to you by Jade ThirdEye.
This blog is based on the April episode of The FinCrime Connection, hosted by Claire Rees and Colin Dixon from Jade ThirdEye. Claire brings over 20 years of financial crime expertise from her experience in financial services, while Colin is our AML Solution Specialist, based in New Zealand, who has been with Jade ThirdEye since its inception in 2012.