- April Newsletter: BSA/AML Compliance Hits the Big Leagues
-
Posted on April 25th 2012, by Jeremy Kroll
Dear Friends,
There has been a lot of news around the subject of Anti-Money Laundering (AML) laws and the Bank Secrecy Act (BSA) recently.
On April 5th, Citibank agreed to a consent cease and desist order from the Office of the Controller of the Currency stemming from a AML monitoring mistake in 2006, according to the Wall Street Journal. Citibank is hardly alone in being tripped up by BSA/AML enforcement. The Vatican also had to endure a very public embarrassement recently when it was bothadded to a US watch list of countries the US government considers “vulnerable to money laundering” and had an account with JP Morgan Chase closed.
These stories remind us how even the most prominent institutions can unexpectedly be stymied in their attempts at complying with Anti-Money Laundering regulations.
The Cost of Compliance
One consultant’s report suggests that $5 billion was spent on AML in 2011, expanding at a rate of 7.8% annually (with the cost of AML software rising at a 10.4% annual rate.) By 2013, the total AML burden will be nearly $6 billion. That’s a lot of money.
At K2 Global, we’ve been developing a new approach to our AML compliance consulting that combines long investigative experience with novel technologies that will help a bank’s team streamline the investigative process while adding a dramatic new way to visualize the enormous amounts of data generated in the banking process. We offer mid-size banks and broker/dealers a best-in-class Financial Intelligence Unit at a manageable cost.
The Vatican’s Campaign for the “White List”
I want to focus for a moment on the Vatican story. From the headlines, you might have gotten the sense that the Vatican was being punished for not taking AML seriously. But that’s not what happened.
The Vatican spent much of 2011 enacting new laws to shore up its AML controls. The US State Department watch list that placed the Vatican within the category of “concern,” alongside countries like Ireland , Chile and Poland, was a positive step for the Papal state which is looking forward to June when the European Commission releases its “white list” of countries that meet the highest standards of anti-tax fraud and money laundering provisions. The Vatican hopes to be on that list.
Even with the progress that’s been made, one account at a Vatican bank called the Institute of Works of Religion (IOR) could derail the Vatican’s hopes. JP Morgan Chase closed a so-called “sweeping” account. JP Morgan Chase made a decision to close the account because they did not receive enough information on the account’s wire transfers. That action clearly illustrates the rising standard of scrutiny in AML compliance.
K2 Global’s BSA/AML Capabilities
At K2 Global, Vincent D’Amelio and Thomas Bock lead our Bank Secrecy Act and Anti-Money Laundering compliance team. In the last year, they have begun to implement KYC programs, conducted risk assessments and assisted in the global implementation of a transaction monitoring system on behalf of financial service clients.
A key focus in for this year and in the future will be a shift to how financial institutions use AML compliance management software. Vincent, Tom and their team can help these financial institutions choose the right software to eliminate the silos created by automated systems and create an enterprise-wide view of AML risk.
In addition, using K2 Global’s proprietary software, our team can help financial institutions visualize relationships between parties and analyze suspicious activity in a more efficient and cost-effective manner.
If your institution, or a client’s institution, would like to hear more about our capacity to advise on AML Program implementation, transaction monitoring “look backs,” or any other BSA and AML-related matters, I’d be happy to go into further detail about how our growing team can benefit you and your enterprise. Please feel free to get in touch.
Best,
Jeremy Kroll
CEO and Co-Founder
K2 Global Consulting N.A., LLC
www.k2global.net - Federal Prosecutors Sting Google, Snare Page
-
Posted on January 30th 2012, by Jeremy Kroll
The new law enforcement environment for the business community isn’t confined to the financial markets. Google just paid a record-setting $500 million fine for accepting prohibited ads for pharmaceutical drugs. But the importance of the story isn’t that the size of the fine or the fact that Google seems to have opened itself up to taking greater responsibility for the actions of its advertisers, something it has been loathe to do up until now.
As the Wall Street Journal points out, there’s another headline in this story which is the lengths the government was willing to go to make this case. To begin with, prosecutors enlisted a real con artist to front their sting on Google. They found David Whitaker in a Federal prison and set him up as an illegal pharmacy:
Mr. Whitaker was arrested in Mexico in March 2008 for entering that country illegally and returned to the U.S. to face charges of wire fraud, conspiracy and commercial bribery in the iPod case. Mr. Whitaker told U.S. authorities about the alleged role Google played in helping his Mexico-based pharmacy.
Federal prosecutors, seeking to test the allegation, set up a task force in early 2009 with Mr. Whitaker’s help. On weekdays, he was escorted from the Wyatt Detention Facility in Central Falls, R.I., to a former school department building in North Providence, R.I. There, under the watch of federal agents, he set a snare for Google.
Posing as the fictitious Jason Corriente, an agent for advertisers with lots of money to spend, Mr. Whitaker bypassed Google’s automated advertising system to reach flesh-and-blood ad executives. Federal agents created www.SportsDrugs.net, designed to look “as if a Mexican drug lord had built a website to sell HGH and steroids,” Mr. Whitaker said in his account of the sting.
Google first rejected it, along with an anti-aging website called www.NotGrowingOldEasy.com. But the company’s ad executives worked with Mr. Whitaker to find a way around Google rules, according to prosecutors and Mr. Whitaker’s account.
The undercover team removed a link to buy the drugs directly instead requiring customers to submit an online request form and Google approved it. “The site generated a flood of email traffic from customers wanting to buy HGH and steroids,” Mr. Whitaker said.
To pay Google’s fees for the growing online traffic, undercover agents made payments every two or three days with a government-backed credit card.
Not every case will get this kind of high-profile treatment. But government’s willingness to mount a complex, sustained sting operation against a company like Google suggests law enforcement views business as one its main theaters of operation.
Con Artist Starred in Sting that Cost Google Millions (Wall Street Journal)
- WSJ Reveals Low-Cost Hacking for Hire
-
Posted on January 30th 2012, by Jeremy Kroll
The Wall Street Journal ran a story about two Kuwaiti brothers engaged in a long-running feud over their family assets. What makes the story more than a simple soap opera is how it reveals the low cost of hiring computer hackers willing to gain access to sensitive online information like email accounts:
Although the brothers’ feud involves big money, documents filed in two civil cases in September 2009 suggests just how simple and affordable online espionage has become. Computer forensic specialists say some hackers-for-hire openly market themselves online. “It’s not hard to find hackers,” says Mikko Hyppönen of computer-security firm F-Secure Corp.
One such site, hiretohack.net, advertises online services including being able to “crack” passwords for major email services in less than 48 hours. It says it charges a minimum of $150, depending on the email provider, the password’s complexity and the urgency of the job. The site describes itself as a group of technology students based in Europe, U.S. and Asia.
An unfortunate byproduct of the internet has been the ease with which highly specialized services like hacking are made available. What’s frightening about this story is to see just how cheap hacking talent is to hire and that it can be hired on an hourly or project basis.
This story has an obvious implication: the threshold for hacking is much lower than previously thought. Most businesses view hacking as something conducted by specific groups for malicious ends. But the potential to hire hackers for to gain access to specific information during a lawsuit or competitive business situation raises the need for a broader range of businesses to have a regular security audit.
Hackers for Hire Are Easy to Find (Wall Street Journal)
- December Newsletter: Managing Reputation and Risk
-
Posted on December 19th 2011, by Jeremy Kroll
Today we sent out our December newsletter, entitled “Managing Reputation and Risk.” If you didn’t receive it, you can read the full text below (and be sure to click here to sign up for future newsletters).
Dear Friend:
As the holidays approach, I’ve begun to reflect on K2 Global’s first full year in business. The model of a pioneering organization that Jules and I envisioned—a lean investigative team that combines old-school skills with new technology and a global reach—has really come to fruition.
Throughout 2010 our focus was on getting our firm launched. In 2011, we concentrated on filling out our team with a group of experienced and well-connected investigators, case managers, intelligence analysts, technology and legal experts. In fact, we’ve been so good at attracting talent, our London office recently relocated to a new, larger space and our headquarter office in New York is ready to burst.
A lot of hard work has also begun to bear fruit this year. The most gratifying part has been re-connecting with old friends and building strong new client relationships.
In the many conversations I’ve had over the last year, I and my colleagues and have noticed a number of issues that keep cropping up. All of these of these issues revolve around risk – not just financial risk but reputational risk too. This risk is introduced by the parties you do business with, the actions of your employees, and the data your company generates. Most of the solutions we offer to manage that risk involve using a combination of our investigative expertise and the technologies at our disposal.
The biggest is issue is uncertainty. I recently spoke to the Financial Times (check out the whole article, “Risk and Reward“, over at FT.com.) about how “volatility is the new norm.” I don’t think I’ll get an argument from you about the truth of that statement. But I do believe that many of our clients don’t fully understand that they already possess a lot of the information that can help manage that vulnerability and risk. And though many of the lurking threats to your business come from outside of your enterprise, a surprising number may already be present within your business.
For example, in recent years we’ve seen the emergence of a global effort to crack down on business practices that were once conveniently tolerated. That includes increased scrutiny from regulators; new laws in the form of the UK Bribery Act and stepped up enforcement of the Foreign Corrupt Practices Act; as well as more government prosecution of insider trading cases. We’ve obviously thought a lot about these issues, and our Head of Compliance, Jason Golub, has written quite a bit about them on our blog. In Europe, Matteo Bigazzi, who has been recently promoted to head our London office, has also posted on the UK Bribery Act.
All this boils down to your need to develop a “First-to-Know” policy about your own company’s risks and vulnerabilities. Much of this knowledge lies within the data you’re already collecting about your communication, transactions and products, To that end, we’ve spent much of the last year building and acquiring technologies that help us interrogate massive data sets. These new tools allow us to help you detect outlier activities (and non-obvious relationships) before they get out of hand.
We can apply these data analysis technologies to outside data sources as well – for example, a number of our clients look to us to understand how they are portrayed by traditional media, how users of social networks perceive them, and whether the larger Web holds information that can reveal lurking threats or notable opportunities.
We’ve written more about “big data” analysis and our approach to understanding cyber threats on our blog as well, but we invite you send us a note or call us at 212-694-7000 if you’d like to get a greater understanding of our considerable technical capabilities.
After the roller coaster of 2011—and the prospects for more of the same in 2012—I’m sure we’re all ready to take a breath, enjoy the holidays and get ready for the New Year. I want to wish you, your colleagues and all of your families the best.
Best,
Jeremy Kroll
CEO and Co-Founder
K2 Global Consulting
www.k2global.net - The Perils of a Public Persona
-
Posted on December 14th 2011, by Jeremy Kroll
As many more businesses are driven by the personality of an individual and that figure’s visibility through the press, social networks and the internet, K2 has seen a rise in the need to protect those individuals from potential physical and reputational threats created by becoming a public figure and the increased accessibility of internet age.
More exposure, as always, means more risk. The internet is an intemperate place where many individuals express their frustrations in a vacuum and many lose the grounding they would have in a physical context. Anonymity (or, the prospect thereof) dulls or negates many people’s sense of repercussions. At K2 we’re seeing a rise in cyber-aggression cases, and there is no single profile for those behind online threats and attacks.
Traditionally, when prominent or public figures have reached out to us with safety concerns, it was due to a physical threat. Over the years, we’ve honed our skills and built a network of contacts to help us keep our clients safe in these situations. But, the idea of security itself is changing.
Increasingly, our investigators see an overlap between traditional methods of safeguarding clients from unexpected threats and innovative new techniques for dealing with malicious campaigns that primarily take place online. K2 Global’s case managers and analysts have added an array of tools for dealing with the now-essential online component of a person’s (or business’s) reputation to our traditional methods of safeguarding your person or your reputation.
When called in to assess a client’s security, K2 Global’s team will generally begin with a physical assessment of a client’s place of business and possibly their residence.
A physical assessment typically includes:
- An examination of entry and egress points
- An estimation of existing security measures
- A review of emergency plans
But now K2 also frequently performs a baseline sentiment analysis of the internet content related to our clients which helps define the pre-existing tone of comments and coverage of our clients.
Once our investigators have established this critical benchmark, they are in a better position to monitor the tone of online activity going forward. This is designed to allow the investigators to flag any potentially hostile sentiment before it escalates into violent or disruptive behavior.
If such behavior is detected, we’ve learned that going directly to law enforcement is not always the best course of action. Often times dealing with aggressive online behavior is more permanently resolved by making contact with—or through—an intermediary who is trusted by the aggressor.
In recent cases, K2 has identified friends, colleagues or associates of individuals presenting threats to our clients and developed strategies for how these people could become allies in dealing with the underlying causes for aggression.
However, if these “soft” tactics fail, K2 has vast experience in dealing with law enforcement at the federal and state and local levels, as well as industry specific regulatory bodies. When a hard plan of action is necessary, K2 partners with clients to guide them through this process with all necessary care and speed.
Where the threat is less focused, our investigators are still able to give our clients traction toward regaining a sense of security.
For example, K2 has been called in to determine the source of disparaging news leaks and misinformation that can become a threat to a client’s interests. Again, K2 has a wide array of tools and experts at our disposal that can help determine whether such information is coming from an abuse of trust within a company or an overtly hostile party on the outside. Once the nature of a leak was identified, we were able to design and implement security arrangements that efficiently and effectively mitigated the problem.
There is no one solution to the many problems that can arise in a world increasingly connected by social media, and in lives increasingly lived online. Our unique approach is to match the best traditional investigative methodology with the optimal technology solutions to provide our clients with a holistic sense of security in the digital age.
Our goal is always to keep clients safe. As a next-generation investigations firm, we know that this task has evolved from simply providing security in the face of physical threats to including ways to address all forms of cyber-aggression and online harassment.
- Bahrain Office Contact Information
-
Posted on June 30th 2011, by Jeremy Kroll
Please note our new contact details in Bahrain:
PO Box 20705
Bahrain Financial Harbour
King Faisal Highway
Manama, Kingdom of BahrainTel: +973 1750 2886/7
- New Bahrain Office Opens
-
Posted on June 30th 2011, by Jeremy Kroll
June 28th, 2011 – K2 Global’s Bahrain office hosted a party at the Capital Club to celebrate the opening of its new office in the Bahrain Financial Harbour. K2 Bahrain is led by its Managing Director Rodrigo Quintero and Director Saadiah Lababidi. They can be contacted at +973 1750 2886/7 or Emailed at rquintero@k2global.net or slababidi@k2global.net.
Please note our new contact details in Bahrain:
PO Box 20705
Bahrain Financial Harbour
King Faisal Highway
Manama, Kingdom of BahrainTel: +973 1750 2886/7
Please feel free to get in touch should you or your company have questions regarding working in the MENA region.
- Concerns Post-Galleon Verdict
-
Posted on May 12th 2011, by Jeremy Kroll
It has been an eventful regulatory time-period culminating in yesterday’s guilty verdict of former Galleon Group CEO Raj Rajaratnam. In an effort to keep our clients and friends up-to-date on what we see as some of the regulatory and risk issues that will be at the forefront of the financial industry post-Galleon we have assembled some insights which we’d like to share. While by no means an exhaustive list, these are some of the high-level concerns we believe organizations should be focused on when evaluating and mitigating insider trading and other regulatory risks:
- Aggressive investigatory techniques – the prosecutor’s successful prosecution of Rajaratnam will embolden them to continue using aggressive investigatory techniques previously used in drugs/gang cases included wiretapping. The new reality will be one with securities regulators continued use of more aggressive techniques to identify potential insider trading.
- Role of Relationships – the Rajaratnam case, as well as other cases brought by the government, make it clear that regulators are focusing on identifying far-reaching trader, PM and analyst relationships and how they are connected to potentially illicit trading. With Rajaratnam and others we have seen business school relationships, personal relationships, expert network relationships, etc all built into the government’s case. Financial organizations must proactively understanding and evaluate the social, personal, extracurricular and education relationships their employees have both before there is a trade issue and in mitigating relationship issues before they become organizational risk. The Rajaratnam trial made it clear that regulators are relationship mapping and overlaying that against anomalous trading in order to identify potential insider trading.
-Role of Expert Networks – While organizations continue to use expert networks there are questions as to whether there will be sweeping regulatory reform around their use. We have already seen Secretary of the Commonwealth of Massachusetts William Galvin propose regulations to add conditions to the use of “matching or expert network services” by investment advisers which are registered in Massachusetts. In addition to further regulatory oversight and scrutiny there is the issue around organizations continued inability to “know” the expert they are using and whether expert networks will put in place more robust compliance policies to increase transparency around who their experts are, who they know and where they are connect. Organizations must take proactive steps to identify risk in their use of expert networks and the relationships they expose you to.
- Mosaic Theory – The Rajaratnam defense relied on a “mosaic theory”, arguing that the Raj’s trade decisions were based on a “mosaic” of information rather than any one specific piece of inside information. Rajaratnam’s conviction may all cast continued doubt on the mosaic theory as a plausible defense in these insider trading cases. This will add pressure to CEO’s/GCs/Compliance to monitor the source of trade ideas and perform due diligence around where ideas came from, what relationships played a part in trade decisions and who was responsible for the idea.
- Insider Trading as a Case – Many believed that the government would be unable to prosecute an insider trading case of this magnitude successfully. What we’re hearing is that with the use of aggressive techniques and relationship mapping these cases are actually easier to bring before a jury than many other convoluted securities and accounting cases (i.e. options backdating, auction rate securities). The average citizen understands what it means to pass inside information through relationship and, as the verdict indicates, they were not confused by what they heard. This will further embolden regulators to bring insider trading cases.
-Settling and Rolling Over – Finally, Rajaratnam tested whether the government could successfully prosecute him and he lost. The result is the prosecution will seek the longest possible sentence based on the sentencing guidelines for him (20 years or more). Future defendants won’t make the same mistake and will settle their cases for less years and by cutting deals. Moving forward you will also see more potential defendants cutting deals with the regulators in order to reduce their own sentence and these deals will include rolling over on other industry participants involved in insider trading, particularly those the government is interested in pursuing.
Overall, we believe that the Rajaratnam guilty verdict will lead to more cases brought by regulators and more focus by the industry on proactively mitigating risk around insider trading. This will include evaluating employees and their relationship networks, examining outlier trades and the source of trade ideas and the role of extended relationship networks. The organizational risk of not doing this has now multiplied – investor flight, loss of reputation and now prison.
If you have any questions or would like to continue this dialogue around specific risk and regulatory concerns your organization is grappling with, please call us or fill out the form below and one of our experts will get in touch with you.
- Galleon Verdict
-
Posted on May 11th 2011, by Jeremy Kroll
This morning, a federal jury convicted Raj Rajaratnam, former CEO of the hedge fund Galleon Group, on fourteen counts of securities fraud stemming from Rajaratnam’s insider trading activities.
The jury’s guilty verdict will embolden regulators to continue to aggressively investigate and prosecute insider trading cases based on similar fact patterns. The regulators will focus sharply on extensive relationships, expert networks and anomalous trading. The verdict will similarly increase the hedge fund industry’s focus on proactively mitigating insider trading risk including evaluating employees and their relationship networks, examining outlier trades to investigate the source of a trade idea, and determining how external relationships affect trade decisions. The government’s successful prosecution of Rajaratnam further highlights the risks facing financial industry participants in the current regulatory and investment environment — including investor redemptions, loss of reputation, and criminal prosecution.
- Insider Trading Risk: Our Thoughts on Berkshire
-
Posted on March 31st 2011, by Jeremy Kroll
The financial community is understandably shocked by the resignation of Berkshire Hathaway’s David Sokol, who until this week was on the short list of successors to Warren Buffet. For those of you who missed the story, Sokol bought millions of dollars in the chemical company Lubrizol just before encouraging Buffett to acquire them.
Sokol’s decision to buy shares in Lubrizol and then pitch it to Buffett (and, it seems, Citigroup as well) shows an amazing lack of judgment. It certainly constitutes an ethical violation that threatens to tarnish Berkshire Hathaway’s and Buffett’s’ squeaky-clean reputations. We’ll have to sit tight to see to whether Sokol and Berkshire will be merely embarrassed or wind up facing insider trading charges.
As risk mitigation consultants, we encourage our clients to pay attention to cases like these and view them as a reason look closely at their own compliance strategies. If you’re a CEO or investment manager, you might want to ask yourself what you would do tomorrow if you were presented with an outlier trade in your organization, or if you’ve done enough proactive internal intelligence and analysis to mitigate such issues before they blow up.
Twitter
Feed