Don't Become a Victim of Cuckoo Smurfing

Background

Recent actions by the Australian Federal Police involving the pursuit of victims of Cuckoo Smurfing[1], should send shivers down the spines of all Australian exporters; international migrants intending to come to Australia and foreign based families sending money to Australia to pay for their children’s education or cost of living.  Large exporters of services for example, education providers and migration agents are particularly vulnerable. 

Cuckoo Smurfing

Cuckoo Smurfing is not a legal term. It is a money laundering technique used by organised crime to pay for the importation of narcotics or to move the proceeds of crime offshore.  It involves criminals intercepting lawful international payments into Australia and substituting that money with the proceeds of crime.  And while this paper relates to Australia, Cuckoo Smurfing is a global problem.

The term Cuckoo Smurfing refers in part to the Cuckoo bird which lays its eggs in the nest of other bird species.  Those birds then raise the cuckoo bird chicks as their own (refers to the European Cuckoo bird as the Australian Cuckoo bird does not raise its young that way).  And smurfing is a reference to a group of criminals who move from bank to bank conducting transactions usually under threshold reporting levels[2].  In relation to money laundering, it involves criminals, without the knowledge or consent of an account holder, depositing money from crime in their account.  While legal or clean money, the customer was expecting to receive, usually from offshore, is hijacked and given to offshore based crime groups.

Other Descriptions

The Cuckoo Smurfing description is not particularly helpful.  It could be more usefully described as the “Matching Technique” or the “Lateral Transfer Technique”.  Matching would refer to the fact that the money deposited into an account in Australia by criminals, matches exactly the amount of money given offshore by a customer to a money remitter. Not a dollar more or a dollar less.  Australian based criminals ensure that no customer is left short changed as it would cause the customer to contact their bank and/or the person who sent the money.  That might generate a suspicion somewhere, which criminals seek to avoid.

While lateral transfer would refer to an offshore based customer wanting to send money to Australia giving money to the money remitter who gives it to crime group.  And a similar sum of money is deposited into the account nominated by the offshore party in Australia. One transfer occurs offshore and the other is transferred on shore.

Cuckoo Smurfing Process

AUSTRAC reports that Cuckoo Smurfing involves 4 simple steps.  But AUSTRAC is not an investigation agency and does not investigate money laundering.  The technique is more complex than that and involves:

1.     A customer living overseas wanting to send money to Australia, provides funds to a money remitter in a foreign country for transfer to an Australian bank account.  The money remitter may or may not be authorised or approved to operate in the jurisdiction it operates from.  The money could be sent by the customer as payment for goods or services bought from an Australian exporter, or income being sent home to family, or to themselves or as a gift for family and friends. The bank account receiving the money therefore, may not be in the name of the remitting customer.

2.     Without the knowledge of the remitting customer, the money remitter has been corrupted by organised crime.  He/she has been engaged to launder money for crime syndicates situated offshore from Australia.  To this end, the foreign remitter sends to a money laundering syndicate operating in Australia; remittance information provided by the customer; including the amount of money to be sent, the IBAN and account number and the name of the account the money is to be paid into.  The remitting customer does not consent to his/her information being used in this manner.

3.     The money laundering syndicate operating in Australia then collects bulk cash from criminal syndicates in Australia.  The money is either the proceeds of crime or funds to be used to pay for the importation of narcotics or both.

4.     The money laundering syndicate then divides the bulk money up into separate packets of cash.  These packets or bundles correspond exactly to the amount of money that has to be deposited into the Australian account nominated by the customer.  If the customer, sent $7,000 to Australia, then $7,000 would be selected from the bulk funds collected from the crime group and deposited into the account.

5.     If a number of customers located offshore each sent money to Australia under $10,000, then the money would be deposited into their account as per their instructions.  From an intelligence perspective, multiple customers each nominating an account to receive money would appear that the crime group is structuring the deposits.  But this is not correct.  Structuring is not a legal term, but a process to launder money by engaging in a transaction with a reporting entity (in this case a bank) under the reporting threshold. 

6.     However, if a customer sends funds equal to or greater than the reporting threshold via an offshore money remitter, then the money laundering syndicate has available to it two options to deposit the crime money into the nominated account/s. The group can either structure the funds into the account or deposit the total amount.  For example, if the offshore customer sends $16,000 to Australia to pay for university fees for their child or as a payment related to their immigration process, then the crime group could deposit the entire amount in cash or break up the amount and make each deposit under $10,000.

7.     For the Australian based money laundering syndicate, both approaches involve risk.  Structuring the deposits poses the greatest risk, as that action amounts to an offence against Section 142 of the Anti-Money Laundering & Counter-Terrorism Financing Act 2006.  It is on the basis that the funds have been structured and are therefore an instrument of crime, that the AFP has taken action to restrain the funds held in the account of people innocent of any crime (the receiver of the funds sent by the offshore based customer).

8.     Deposit of the cash by the money laundering group on or over the threshold amount (as per the overseas customer’s instructions) poses the least risk.  While it would be reported as a Threshold Transaction to AUSTRAC, it is unlikely to be singled out and selected for further analysis by the financial intelligence unit or a law enforcement agency.  The transaction would probably be drowned out in the “white noise” of other significant cash transactions being made that day either at a particular bank or in a busy business area (Cuckoo Smurfing money laundering syndicates prefer operating in the larger cities of Sydney and Melbourne for that reason).

9.     Once the money has been deposited, the money laundering syndicate notifies the offshore money remitter that the transaction has been undertaken.  The money remitter then pools each sum of money given to it by legitimate customers and later passes those funds in bulk to an organised crime group.  The money is either to be used to pay for the importation of narcotics into Australia or is to be laundered by the crime group that wanted to shift illegal funds offshore.   

 Money Mule Schemes

Cuckoo Smurfing is not to be confused with a money mule scheme, where account holders are recruited on line to receive into their accounts money which is not theirs to receive.  And who get paid a commission for their involvement.  Which they deduct from the funds they have received and forward the balance onto another account as instructed by the crime group who recruited them.

Cuckoo smurfing victims expect to receive the money sent to them.  It is payment for goods, services, or for other lawful purposes.  The money is not derived from crime.  It is sent by people who owe them money or who are giving or sending them money to be applied for a lawful purpose.  It is not stolen from people by way of a scam or fraud as is the case in money mule schemes.  Victims of Cuckoo Smurfing do not in any way benefit from the money laundering scheme and do not consent for their information or their accounts to be used in the process.

“Victims of Cuckoo Smurfing do not in any way benefit from the money laundering scheme and do not consent for their information or their accounts to be used in the process”

 Who Incurs the Risk?

With Cuckoo Smurfing, Australian based drug groups outsource their money laundering risk to professional money laundering syndicates.  By doing so, they reduce the risk to their operations should law enforcement decide to “follow the money”.  The crime money they dispose of, is concealed in the accounts of innocent people.  While they have access to or if paying for a drug shipment, have available to them, clean money which will be applied offshore. 

The Chinese say “If you put your ladder against the wrong wall, every step you take is in the wrong direction”.  The banks receiving the deposits, incur little if any risk.  If a bank forms a suspicion about a cuckoo smurfing deposit and raises a Suspicious Matter Report in relation to it, the bank will report their customer, usually not anyone involved in making the deposit!!  Once received by AUSTRAC and by a law enforcement agency, unless they know about the scheme, it will cause them to chase the wrong people.  As the AFP is currently now doing.  It is going after the victims of crime, instead of the real criminals.  The AFP has placed its ladder against the wrong wall.  And it is going in the wrong direction. 

“If you put your ladder against the wrong wall, every step you take is in the wrong direction”

 Who is At Risk from AFP Operations

Since the AFP commenced applying the civil forfeiture provisions of the Proceeds of Crime Act 2002 to the deposited funds that have been structured, then any and all funds of that nature are at risk of being restrained and subsequently forfeited.  The AFP claims that the funds are an instrument of crime.  Which is defined as any money or property used or intended to be used in the commission of an offence. The offence nominated by the AFP is structuring or more precisely, conducting a transaction with the sole or dominant purpose of avoiding a Threshold Report being made, a contravention of Section 142 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.

Potential victims of AFP action include, if they are not already:

·       Mum’s and Dad’s sending money to their children in Australia for education and cost of living expenses.

·       People seeking to immigrate to Australia who send money to Australia to pay for fees, to buy a house etc

·       Foreign investors sending money to Australia to invest in Australian property, shares, or industry

·       Australian exporters who are paid by customers who purchased their goods or services.

How to Reduce the Risk of Becoming a Victim

Money that is targeted and intercepted by cuckoo Smurfing money laundering syndicates is linked to offshore money remitters.  Any person seeking to send money to Australia should engage a bank to send the money or a large international money remittance service.  While the charges are higher and the currency conversion rate (the spread between buying and selling) is not as attractive as on offer by smaller remitters, using a bank or large remittance service, eliminates the risk of misuse of any money by criminals.

Similarly, an Australian entity expecting funds from overseas, should insist that the offshore entity use a bank to remit the money or if they are an exporter, use a trade finance arrangement (e.g. a letter of credit). 

 What to do if you are a Victim

If you are expecting funds to be sent to you from overseas, they will be received into your account as a credit entry.  It will be recorded as an electronic transfer.  As in any international or domestic transfer between entities, no money actually moves.  Only value.  The easiest way to determine if your account or business account has become a target of Cuckoo Smurfing money laundering syndicates is to check the deposit made into the account.  If the credit entry was generated by a cash deposit either as a lump sum or several lump sums made in close proximity to each other in time and place, then it is highly likely your account has been compromised. 

Prior to the AFP changing strategy and pursuing the funds deposited into Australian bank accounts by Cuckoo Smurfing money laundering syndicates, holders of those accounts and the owners of the money, had nothing to fear.  The AFP pursued those behind the money laundering.  Advising the police, or AUSTRAC on what was happening was an appropriate response.  The AFP could be trusted.

But now, customers whose accounts have been compromised are advised NOT to contact the AFP or AUSTRAC.  When it comes to Cuckoo Smurfing, the AFP can no longer be trusted to act in the public interest and uphold and protect the rights of victims.  And victims are advised not to discuss the issue with their bank.  The bank if it suspects cuckoo smurfing will report the activity to AUSTRAC who will report it to the AFP.  The bank will not and have not protected its customers from Cuckoo Smurfing activity.

“When it comes to Cuckoo Smurfing, the AFP can no longer be trusted to act in the public interest and uphold and protect the rights of victims”

Any person who is suspected of being a Cuckoo Smurfing victim is advised to first seek LEGAL advice before doing anything.   Not only is the person a victim of cuckoo smurfing but also a victim involving the theft and misuse of their personal financial information. Dealing in identification information to commit an offence[3] and dishonestly obtaining or dealing in personal financial information,[4] are indictable offences under Commonwealth criminal law. 

Malkara Consulting can provide guidance on lawyers who have experience in handling Cuckoo Smurfing matters involving proceeds of crime action.  Malkara Consulting can also provide advice to any lawyer or law firm who has a client concerned that they have been a victim of Cuckoo Smurfing.

[1] See Commissioner of the Australian Federal Police v Kalimuthu [No 3] [2017] WASC 108. [on-line]. Available http://egreaves.com.au/wp/wp-content/uploads/2017/04/Commissioner-AFP-v-Ganesh-Kalimuthu-Anor-2017-WASC-108.pdf (2017, April 22).

[2] A US derived term which refers to the fictional small blue humanoids with a gnome like appearance that live in mushroom shaped houses.  The Chinese refer to them as ants and in other jurisdictions as money mules.

[3] Section 372.1 Criminal Code Act (Cth).

[4] Section 480.4 Criminal Code Act (Cth).

The Deadly Wind. An Alternative Platform for the Delivery of WMD

There were many reasons why terrorists were able to successfully attack the United States of America on September 11, 2001. But as the 911 Commission identified; the most important failure was one of imagination by US authorities.  There was an absence of creative thinking by intelligence, law enforcement and military agencies. The type of thinking that identifies all potential threat scenarios involving large scale terrorist attacks anywhere.  And while that might sound very critical of US agencies; I doubt any country in the western world at that time was focused on predicting the strategic thinking of al Qaeda.

The use by North Korean agents of sarin gas, a weapon of mass destruction, to kill the half-brother of North Korean President Kim Jong Un, raises international risk levels to a new high. Sarin gas is easy to produce.  For example, in 1993, the Japanese Aum Shinrikyo, a doomsday cult, developed and successfully tested sarin gas at a remote cattle station in Western Australia. On 20 March 1995, the sect released sarin gas into the Tokyo subway killing 12 people and injuring over 1,000.  That incident demonstrated the ease at which a terror group can develop a deadly weapon in a country’s backyard and use it.  Had the Aum Shinrikyo sect, combined the sarin gas with a better delivery system; they might have been more successful with their attack in Tokyo.  Development of or the use of poisonous gas by terrorists or by agents of rogue states, such as North Korea, in other countries such as the United States is not beyond possibility.    

One potential delivery system for weapons of mass destruction, particularly biological and chemical weapons are hot air balloons.   During World War 2, the Japanese were credited with developing the world’s first intercontinental missile threat.  In response to the US attack on Tokyo and other cities in Japan during what is known as the Doolittle Raids, the Japanese military and scientists identified that balloons could be launched from Japan and using Pacific wind currents, deliver bombs to the United States.   

US intelligence estimated that the Japanese launched over 9,000 balloon bombs during the war, of which only 290 were known to have successfully landed, including 73 in Canada.  Among the reasons for the poor success rate was the fragile construction of the balloons and the use of a weak anti-freeze solution that did not prevent their batteries from freezing. The balloons were made primarily of paper, but launched in the winter months when the jet stream is the strongest, they could travel at over 200 miles per hour at a height of between 20,000 to 40,000 feet.  The balloons could carry a thermite (incendiary) bombs and a high explosive anti-personnel bomb.

The balloon carrying bombs had two primary purposes:

1.     The incendiary devices they carried were designed to start fires in the vast North American forests; and

2.     Cause panic and casualties amongst the citizens of North America

Of real concern to US authorities at that time was the potential use of the balloons to disperse chemical or biological agents across the United States.  The Japanese were already experimenting in China with chemical weapons, but they were not deployed on the balloons. 

It is not beyond possibility that North Korea could already possess this simple means to deliver high explosive bombs, biological or chemical agents to the United States and its allies.  The recent assassination in Malaysia of Kim Jong-nam, the half-brother of the North Korean president, using sarin nerve agent suspected of being delivered by North Korean agents, confirms that the country has that weapon in its arsenal and is prepared to use it on foreign soil.

Balloon bombs if used by North Korea would have a number of tactical benefits to that country:

·       They are cheap and easy to acquire

·       Difficult to detect on radar and at night

·       Powered by the wind, they have a long endurance range and therefore the capacity to deliver weapons, particularly biological weapons over a wide area of a country as they travel

·       Can be launched from any location in North Korea or any ship particularly one positioned close to the United States

·       If they are bright and colourful they might not be seen as a potential threat by any person who observes them flying

·       Exponentially increases the number of systems available to deliver weapons of mass destruction.  The majority of balloons do not have to carry any weapons at all and merely act as decoys or dummies increasing the chances that the balloons actually carrying weapons make it to their intended targets.  If North Korea launched thousands of balloon bombs at North America in one massed attack; it would strain the resources of the US and Canadian military to track and destroy them all in time before some detonated or deployed their dangerous cargo.

And North America does not have to be and probably would not be the sole target of North Korea. Balloon bombs could be launched in a mass attack on Japan and South Korea, who would have less time to identify the threat and respond. 

In 2003, the Pong Su, a North Korean cargo ship delivered 125 kilograms of heroin onto a southern Australian beach, near the city of Melbourne.  It is not beyond the capability of the North Koreans to launch a balloon carrying a weapon from a boat sailing near the Australian coast or the remote coastline of any other country opposing it or allied to the United States.  An attack on any country including the United States could be part of a larger scale attack or counter-attack in response to US action involving multiple delivery systems. 

The potential use of balloons to deliver weapons does not have to be restricted to North Korea.  They are a potential delivery device of weapons of mass destruction by terrorists.  Balloons are easy to acquire in Western countries.  And many countries including the United States and Australia for example, have large numbers of commercial hot air balloon operators and host hot air balloon festivals in warmer months. In the United States, there are 15 hot air balloon festivals scheduled for April and May 2017 alone.   It would be easy for terrorists (or North Korean agents) to acquire a balloon or join a balloon flight either on a single flight or part of a large balloon flight festival and release biological agents or other weapons as they travelled.  Few, if any, people would suspect an attack was occurring and who was conducting it, until it was too late.

It is frightening to imagine, what might have happened if the Aum Shinrikyo Sect, having developed Sarin gas in remote Western Australia, had decided to test it in Perth or another Australian capital city, by flying over it and releasing the weapon from a balloon.  Thankfully, they tested it on sheep and killed hundreds with it.  Or delivered the weapon from a balloon flying above Tokyo, with the delivery mechanism and dangerous toxin carried only by the wind.

Al Qaeda’s capability to kill and destroy was underestimated which resulted in the death of thousands of people and billions of dollars being lost from the US and global economy.  It is imperative that the world remains vigilant and remembers the mistakes of the past by not suffering from a lack of imagination in identifying potential risks from terrorists and rogue states.

  

Chris Douglas, APM

Proprietor, Malkara Consulting

Perth, Western Australia

www.malkaraconsulting.com

 19 April 2017

 Bibliography

 

1.     Carroll, R. (2014).  How Japan’s fire balloons took the second world war to American soil. The Guardian [on-line]. Available  https://www.theguardian.com/us-news/2014/oct/30/japan-secret-weapon-balloon-bomb-world-war-oregon (2017, April 17).

2.     Gregory, P. (2006).  Pong Su Smuggler Jailed for 23 Years. The Age Newspaper. [on-line]. Available http://www.theage.com.au/news/national/pong-su-smuggler-jailed-for-23-years/2006/04/06/1143916634557.html (2017, April 17).

3.     Jolley, M. (2004).  North Korea.  Pong Su.  ABC Foreign Correspondent. [on-line]. Available http://www.abc.net.au/foreign/content/2004/s1162110.htm, (2017, April 17).

4.     Klein, C. (2015). Attack of Japan’s Killer WWII Balloons, 70 Years Ago. History.com. [on-line], Available http://www.history.com/news/attack-of-japans-killer-wwii-balloons-70-years-ago [2017, April 17].

5.     Morton, E. (2014).  The Tokyo Sarin Cult's Outback Australian Test Ranch. Slate. [on-line].  Available http://www.slate.com/blogs/atlas_obscura/2014/02/28/the_secret_sarin_test_ranch_in_outback_australia.html (2017, April 17).

6.     Rizzo, J. (2013). Japan’s Secret WWII Weapon: Balloon Bombs.  National Geographic. [on-line]. Available http://news.nationalgeographic.com/news/2013/05/130527-map-video-balloon-bomb-wwii-japanese-air-current-jet-stream/ 27 May 2013. (2017, April 17).

 

Terrorism Financing & Credit Card Fraud

Introduction

The current AML/CFT frameworks that exist to combat the financing of terrorism are based largely on an anti-money laundering and arrangement introduced in the 1980’s.  Those frameworks have been amended and expanded following various amendments to the Financial Action Task Force recommendations and subsequent implementation by national governments.

AML/CFT frameworks adopt a risk based approach to the detection, reporting and prevention of money laundering and terrorism financing. This risk based approach shifts responsibility from AML/CFT regulators to reporting entities.  It is a significant change from the previous framework with reporting entities now required to do more than just comply with relevant AML/CFT legislation.  The shift was a necessary adjustment because a focus by reporting entities on compliance and reporting alone did not necessarily identify and manage money laundering and terrorism financing risks.

The adoption of a risk based approach means that the level of understanding by reporting entities of the sources of terrorist financing in particular sources of funding derived from criminal activities is more onerous under the AML/CFT framework than under the previous compliance focused regulatory regimes. However, as will be identified later, there is a question as to whether reporting entities and for that matter by extension Financial Intelligence Units and law enforcement agencies understand the nature of the risk posed by the use by terrorists and foreign fighters of the proceeds of fraud.

Putting aside minor variations to various report titles, the AML/CFT reporting framework in most countries comprises:

  • Threshold Reports,
  • Cross Border Currency Reports, and
  • Suspicious Transaction Report/Suspicious Matter Reports (STR/SMR).

Other than a Suspicious Matter Report all report types are mandatory when certain conditions are satisfied.  While acknowledging that all of the AML/CFT reports are important, a criminal investigation including a terrorism investigation are more likely to be triggered when an STR/SMR is filed with an FIU.  This is due to the greater emphasis placed by law enforcement, revenue and intelligence agencies on “suspicions” communicated by reporting entities in particular by financial institutions.

AML/CFT reporting frameworks were established during an era when the risk of terror attack particularly a home grown terrorist attack was low.  They have not kept pace with recent international and domestic developments in terrorism or with developments in payment technology.  None of the reports are filed in real time by the reporting entities and FIU’s do not have access to any real time transactions.  As a consequence an FIU, police and intelligence agencies are not able to monitor and track in real time the movements and activities of a terror suspect using the financial foot print he or she leaves behind.  This is a major weakness in an AML/CFT framework.
 

Reporting of Suspicious Matters

The reporting of a suspicious matter report by a reporting entity requires the raising or forming of the requisite suspicion by that entity.  If no suspicion is raised in relation to any matter arising from the provision or delivery of a service by that reporting entity then no STR/SMR is raised and sent to an FIU.

 The forming of the suspicion by the reporting entity is subjective.  An STR/SMR only becomes a mandatory report when the level of suspicion in relation to the issues contained in relevant AML/CFT legislation is reached. 

What one reporting entity might regard as suspicious and therefore warrants being reported to an FIU, another reporting entity assessing similar information might not.  The time for reporting a suspicious transaction does not arise until the reporting entity forms the relevant suspicion.  In the case of an organisation this means when a responsible officer of the organisation forms the suspicion.  For example, if a bank teller thinks that a transaction is suspicious and reports it to the relevant Money Laundering Reporting Officer (MLRO) the bank time to report the transaction does not commence to run until the MLRO officer forms the suspicion.  There could be some delay in the identification of the behaviour by a front line officer and the reporting of that information to an FIU by the MLRO in the financial institution. 

If the MLRO does not agree with the suspicions raised by the officer who initially reported the behaviour then no suspicion is grounded and no STR/SMR is sent to the FIU.  The process is very subjective and when left to staff with little or no training or experience with investigating crime, particularly terrorism then the effectiveness of the system is brought into question.

And this is where a problem can arise from the perspective of law enforcement and intelligence agencies.  Information held by a reporting entity might not be suspicious when that organisation views it in isolation.  But if that information was combined with information filed by another reporting entity or with intelligence held by a law enforcement/intelligence agency it might form a strong suspicion or a higher level of proof that results in the generation of an active investigation into the reported activity.  But if no information is reported then nothing will happen.  An important piece of information could be lost which in relation to terrorism might have potential tragic consequences for our community.

“The process is very subjective and when left to staff with little or no training or experience with investigating crime, then the effectiveness of the system is brought into question”

 

Credit Card Fraud & Terrorism

In relation to the reporting of suspicious matters, the main area of concern is the reporting of suspicious activity relating to terrorism and terrorist financing.  By extension this includes the reporting of information that potentially relates to foreign fighters recruited to engage in terrorist activities abroad primarily in Syria, Iraq and Somalia. 

The commission of credit card fraud is a crime type that is misunderstood when it comes to the financing of terrorism.  Without any nexus to terrorism it is often only treated as a local crime problem to be solved by police.  And credit card fraud would only be considered a terrorist financing matter if the fraud was connected to terrorist activity or someone engaged or suspected of terrorist activity.  Or alternatively, the credit card fraud is reported as being suspicious and that suspicion relates to terrorism financing.  From the perspective of terrorist financing, the risk posed by credit card fraud is the least understood risk by reporting entities, FIU’s and police agencies.  It is difficult for financial institutions to assess and manage the risk because often they manage financial crime risks in separate crime silos.

“From the perspective of terrorist financing, the risk posed by credit card fraud is the least understood risk by reporting entities, FIU’s and police agencies”.

 

The problem that confronts a reporting entity (usually a financial institution) in relation to credit card fraud is establishing the requisite reasonable suspicion that the funds derived from credit card fraud relate to the financing of terrorism.  Financial crime and engaging in terrorist activity are clandestine activities which are planned and executed to prevent the identification and investigation of those involved in the crime.  Often the nexus between criminal activity and terrorism is not obvious to bank staff charged with identifying such activity. That issue is compounded by the lack of experience and training by staff of terrorist funding. It is also not always obvious to police investigators involved in the investigation of the offences.

From engagement with employees and managers in the AML/CFT environment it has become apparent that financial institutions do not or have not, either on every occasion or on many occasions submitted to an FIU, STR/SMR’s detailing credit card fraud activity where no person has been identified as the suspect involved in the crime. It is also not always certain that credit card fraud involving known offenders is reported to an FIU via the STR/SMR process as those fraud incidents are usually dealt with by the bank or not dealt with at all as the amounts involved are below the acceptable “risk appetite” of the bank. 

The identification and investigation of offenders is a function of the police.  Generally it is usually not the responsibility of an FIU.  While the responsibility of a reporting entity is to detect, report and monitor.  Police and intelligence agencies will use a range of sources including STR/SMR’s submitted by other reporting entities to identify those involved in the crime and the intended use of the funds.  But those actions and powers used by law enforcement agencies are only “triggered” by the receipt of financial intelligence such as an STR/SMR from a financial institution.

If that situation outlined above is occurring, then it is of serious concern from a terrorism financing perspective.  Credit card fraud is a major source of funding for groups planning a terrorist act.  The following examples highlight the issue:

  1. The convicted ‘‘Millennium bomber,’’ Ahmed Ressam, who took part in a plotted attack on Los Angeles International Airport, opened a store in Montreal, Canada, where he obtained credit card information and passed it on to Al-Qaeda associates.
     
  2. The 1998 US Embassy bombings in Africa and the first World Trade Centre bombing in 1993 were funded by criminal activities which included credit card fraud.
     
  3. An al-Qaeda cell in Milan, Italy stole credit card information that was remitted to a Frankfurt cell to procure chemicals for explosives.
     
  4.  Algerian Armed Islamic Group (GIA) cells in Europe provided the bulk of the organization’s funds through petty theft and credit card fraud.
     
  5. The Salafist Group for Prayer and Combat (GSPC)[1] based in Algeria and highly active in Western Europe (particularly in France) have also been involved in a range of crimes such as car theft, credit card fraud and document forgery.
     
  6. In 2005 a Melbourne based terrorist group engaged in systematic credit card fraud involving payment to taxi drivers to provide them with the credit card numbers of unsuspecting taxi passengers.
     
  7. In the UK two Liberation Tigers of Tamil Eelam (LTTE) members were arrested for obtaining credit and debit card information at over 200 petrol stations that used pumps through the use of skimming machines.
     
  8. Ali Al Marri was arrested in Illinois in December 2001 for having lied to FBI Agents about having contact with facilitators of the 9/11 terrorist attack. At the time of his arrest, Al Marri had 36 credit card numbers and account information in his possession. A subsequent search of his computer found he had compiled over 1,000 credit card numbers and other identifying information.
     
  9. Mohammed Belaziz, a Salafist, was arrested on 25 September 2001 in Spain.  Inquiries revealed that Belaziz and other members of his cell had been financing their operations through credit card fraud.
     
  10. The terrorists who bombed the trains in Madrid in March 2004 supported themselves through drug trafficking while another Al Qaeda cell in Spain supported itself over an extended period of time through credit card fraud.
     
  11. The Liberation Tigers of Tamil Eelam (LTTE) who established cells in as many as 38 countries in Europe, North America, the Middle East and Australia funded operations through extortion, narcotics trafficking, credit card fraud, social security fraud, counterfeit currency, piracy, people smuggling, and gun running.  Special cells operating within the LTTE focused on each criminal activity.
     
  12. Imran Samudra admitted prior to his execution for his role in the Bali nightclub bombings in 2002 that together with another JI member he encouraged jihadists to engage in hacking and online credit card fraud and money laundering.
     
  13. Younis Tsouli a British citizen and his partner, Tariq al-Daour, began acquiring stolen credit card numbers on the web, purchasing them through various online forums, such as Cardplanet.   When Tsouli and al-Daour were arrested, al-Daour had accumulated 37,000 stolen credit card numbers on his computer, which they had used to make more than $3.5 million in charges.  Tsouli used 72 credit cards to register 180 websites, hosted by 95 different companies which were used to launder the proceeds of the credit card fraud.

The examples above demonstrate that credit card fraud is an important source of revenue for terrorist groups or terrorist supporters. But from a terrorist financing perspective it is one of the most difficult financial crimes to detect and to investigate.  And as discussed above it is extremely difficult to draw the nexus between the funding and its intended purpose namely financing terrorism. 

However, the investigation by law enforcement agencies into the source of terrorist funding is frustrated if they do not know where to look.  Important leads are often identified via suspicious matter reports lodged by reporting entities.  And if reporting entities such as financial institutions do not submit STR/SMR’s reporting the commission of financial crime, law enforcement agencies are blind as to the activity. Whether an offender is identified by the reporting entity or not is totally irrelevant. Consequently all instances of credit card fraud should be reported in real time to an FIU whether or not an offender is identified.
 

Real Time Reporting

Under the current AML/CFT reporting frameworks operating in the world none of the reports submitted by reporting entities are received by an FIU in real time.  Consequently the information received by intelligence and law enforcement agencies is dated.  At best the transactions or events reported occurred at least 24 hours previously but in most cases several days previously, particularly where the responsible officer is assessing the information.  When it comes to preventing terrorist acts this time delay could have fatal consequences.

Credit card transactions are monitored by financial institutions in real time.  Often those organisations review transactions independently but when patterns of fraud develop the major financial institutions consult with each other and exchange intelligence on the activity leading to the identification of suspects and prevention of loss and on occasions to the apprehension of offenders.  If suspected terrorists or foreign fighters are using credit cards anywhere in the world they or the person using the card can be tracked live.

The same technology could be applied to the use of debit cards and to the identification of any device (computer, laptop, smart phone) used to access bank services and any IP address associated with it.  This live examination of financial data, IP addresses and hardware is very useful in combating fraud and in terrorist financing cases would be an extremely valuable tool.

Application of the technology by intelligence and law enforcement agencies would enable suspects to be tracked live with connections being made between people, places and transactions in real time.  This information is probably more effective than current intelligence that is sent to an FIU via the existing AML/CFT reporting frameworks which is often several days late.

“This live examination of financial data, IP addresses and hardware is very useful in combating fraud and in terrorist financing cases would be an extremely valuable tool”.

 

Reporting Credit Card Fraud

It appears that the involvement of terrorists in credit card fraud only becomes apparent after they have achieved their intended purpose which often results in their death and the death of innocent people.  That is clearly not an acceptable outcome.  And as referred to earlier unless a nexus between the terrorist or terrorist group and the credit card fraud is made, no STR/SMR alerting the authorities to the issue will be filed by the relevant reporting entity. Given the covert nature of terrorist financing and the difficulty of establishing the connection between credit card fraud and terrorist activity, in particular acts of preparation relating to a future terrorist attack, it might be prudent to report all fraudulent credit card activity to an FIU.

The issue for consideration is determining the best way to communicate information to the intelligence and law enforcement community about credit card fraud to determine if it might relate to terrorist financing?  There are possibly two solutions to the problem.

The first approach would involve financial institutions sending to an FIU reports of all credit card fraud activity involving both identified suspects and no known offenders.    There are however, two significant issues with this approach:

  1. The FIU would be OVERWHELMED with information and would not have the capacity or capability to analyse it.  The FIU would require assistance from Police and from people with experience in analysing credit card data to assess the material, and
     
  2. There is a risk that the information would be communicated using the current format and not be sent or processed in real time. 

The second approach involves the development of a specialised team to be situated in an FIU Headquarters.  The team would comprise specialists from the FIU, Police and each of the major banks.  The seconded police would be specialists in terrorism investigations with access to all relevant databases holding information on all known terrorist suspects or persons who are suspected of being associated with or recruited to be foreign fighters.  The bank officers would be specialists in credit card and bank fraud and have access to the databases of participating banks which detect and monitor credit card transactions and fraud.  This approach has a number of advantages:

  1. Credit card transactions including credit card fraud would be communicated in real time to the team.
     
  2.  Suspects identified by the bank would be passed to the police and cross matched against police and intelligence records to determine if they had come to notice as being suspected terrorists or foreign fighters.  All information received would be stored in police databases for future reference.
     
  3. Where no offender is identified the credit card fraud activity would be matched against other activity known to have occurred involving suspected terrorists or foreign fighters.  For example: mobile phone metadata of known suspects would be compared to credit card fraud transactions to identify potential connections between them (e.g. common locations and time of events).
     
  4. The FIU and police would provide the details of terror suspects and foreign fighters to the banks who would identify the credit card account details of those persons and continue to monitor their activity in real time.  The transactions and data would be fed back to the FIU and police for analysis with other data.  FIU and police would obtain the account data from the banks without the need to obtain a warrant or production order.  
     
  5. The team would operate on a mutual benefit basis.  Any information obtained by the FIU and police that identifies any person or group involved in credit card fraud that does not relate to terrorism would be communicated back to the banks to enable them to take appropriate action either alone or in conjunction with other police agencies.

Financial institution staff working with the FIU would be subject to the same security vetting processes undertaken by police and intelligence employees occupying similar positions of responsibility.  With this approach the skills of bank employees in analysing credit card fraud and the information derived from their activities are combined with the expertise and information held by the FIU and law enforcement representatives.  And the information being analysed is viewed in real time.

 

 

 

 

[1] Now known as the Organization of al-Qa’ida in the Land of the Islamic Maghreb.

Risk Management: Illicit Drug Use by Employees

She sat across from the interview table and it could be seen from her poor physical health that this young woman had committed the fraud upon the bank due to a drug habit.  The long sleeve top she was wearing hid the injection scars and her withered veins destroyed by the drug she was using.  It was not difficult to identify the new point of entry for her habit.  One of her eyes was blood shot and looked off centre.  With no more veins to pick in her arms, legs and feet she needed an entry point that would enable a successful and quick hit.     

Her personnel file recorded she was in her early twenties but she carried the wear and tear of someone twice her age.  According to her manager she was a great worker. She paid attention to detail, was extremely focused and never needed to take a break including lunch often relieving for other staff to enable them to eat during peak periods.  It was the amphetamine she was injecting that gave her the stamina to work harder, longer and with greater concentration than her colleagues.  Over a period of months as she relieved staff in key areas of the bank and learned the various processes, she was able to put in place her scheme that defeated all internal controls and resulted in the fraud.  But no one would believe she did it because she was such a nice person and so productive. Her co-workers were surprised to learn she was a drug addict.

That incident occurred over 30 years ago and while it is a good example of the threat posed by drug addicted employees it highlights two issues.  The difficulty in detecting an employee with a substance abuse problem without direct management intervention and how a drug addiction will drive a person to find ways to circumvent internal controls including the manipulation of the people around them. 

The loss in that case was money.  That incident occurred in an era when information was held by an organisation in manual form and in a non computerised records system, access to a large amount of sensitive data by any one individual was rare.  But today, business is different.  The evolution of the digital age has brought significant productively benefits and outreach for all organisations.  For local and global companies the world is now their market.  But it has also created different risks. Information and funds are more centrally controlled and have to be protected by new systems.  And while the barriers preventing unauthorised access to funds and information are significant, the weakest link is still the human factor.

Adding to changes in the business environment bought on by digitalisation have been changes to illegal business operations.  Organised crime has evolved too.  New and more sinister drugs are being marketed today in addition to the traditional hard drugs of heroin and amphetamine.  With the latest drug scourge being methamphetamine or “ice” which is a global problem.  And the threat from drugs while being discussed at national and international levels of government does not appear to have reached the boardrooms of many medium to large companies.  Few directors understand the threat posed to their business by organised crime.  And fewer still are asking themselves who is consuming the billions of dollars in drugs sold globally each year and do any of them work for their company?  Company directors are holding the mistaken view that drug consumption occurs somewhere else and is undertaken by other people but not by their employees.

Drug addicted employees are a major threat to any organisation but particularly to those that hold financial assets and information.  Information is shaping as being the biggest asset that many organisations possess today.  It comes in many forms, from national security data for those involved in defence contracts to valuable information about customers and customer behaviour which organisations are using to gain a competitive edge.  All information has a sale price. It is valuable not just for the organisation holding it but also for competitors, organised crime and national and foreign governments.

Putting aside the threat posed by drug addicts who need funds to feed their habit, they can and are subject to manipulation by any of those external interest groups, but particularly by criminal groups.  Employees who use narcotics easily come to the attention of crime gangs.   Organised crime lieutenants prey on unsuspecting victims who buy and or use narcotics in popular distribution centres such as night clubs.  Once targeted, employees are threatened or blackmailed into covertly working for criminals. Organised crime has a global reach and any large national and international company is a prime strategic target for criminal groups.  Infiltration of these companies can be achieved by corrupting current employees or recruiting corrupted graduates to work in targeted organisations.  But penetration is made easier if the employee has an illicit drug problem.

So what should an organisation do to protect itself?  One measure that it could introduce is mandatory random illicit drug testing of all potential new employees, current employees and all contractors who have access to a company’s premises, assets or information.  While a number of companies have adopted compulsory drug testing it has usually being introduced from a health and safety perspective, not from a security perspective.  Compulsory drug testing is common in the mining industry but not in other industries.  No one would want a drug addicted surgeon operating on them.  Or an addict addicted to amphetamine or methamphetamine managing a large investment portfolio, foreign currency trading transaction or a large commercial project. But Anecdotal evidence suggests that illicit drug use amongst high income or highly stressful occupations is common.

It is acknowledged that enhancement of any internal control measure comes at a cost.  And if it is not cost effective to drug test all employees and contractors then all workers who occupy high risk positions as deemed by a risk management plan, should be routinely randomly tested for the presence of illicit substances.

If illicit drug testing is implemented all board members should submit to a regular test and ensure that their participation receives wide publicity throughout the organisation.  It demonstrates commitment to the program and to the core values of the company.  And every time an employee undertakes a random drug test, the procedure reinforces in them, company values.

Drug testing together with an effective whistleblower program; employee declarations of past drug use and past and current affiliations with criminals and crime groups is recognition by senior managers that it understands all the risks facing the business and is taking action to mitigate them. 

While some company directors may be more concerned about privacy, a greater area of concern is the risk that illicit drug dependant employees pose to other employees, to customers and to the organisation.  Those needs far outweigh individual privacy issues.

Sophisticated investors, shareholders and customers are becoming more concerned about the safety of their investments and the information an organisation holds about them.  They would be unforgiving of any company director or manager who failed to properly assess all of the risks and take appropriate action to mitigate them.

Money Laundering and Foreign Property Ownership in Australia

On 2 May this year, the Australian Federal Treasurer the Honourable Joe Hockey MP announced a foreign investor moratorium for any person who illegally purchased Australian property without first obtaining prior approval from the Foreign Investment Review Board (FIRB).  Under the moratorium foreign investors will have until 30 November 2015 to “self report” by disclosing to the Australian Government their illegal real estate purchases or face potential prosecution.

Additional measures announced by the Treasurer include increasing penalties from the current 2 years to 3 years imprisonment or a fine of up to $127,500.  Those foreigners who self disclose will be forced to sell their properties but according to the Treasurer they will not be subject to criminal prosecution. The Australian Taxation Office will be tasked with administering the new regime when it is implemented.

The Treasurer also announced that third parties who knowingly assist a foreign investor to breach the rules will also be subject to civil and criminal penalties under the new arrangements.  Despite the assurance from the Treasurer, a foreign investor who self-reports under this scheme may expose themselves and involved third parties to criminal prosecution or other legal action. While not mentioned by the Treasurer third parties could include real estate agents, settlement agents, solicitors and bankers who have either in some way been involved in the movement of money relating to the sale or purchase of property or in the purchase or settlement of Australian property purchased illegally by a foreign person.  Australian citizens and permanent residents who are friends or family members of foreign investors who are often involved in the purchase of Australian property could also be captured by the changes. 

While legislation relating to the new measures is yet to be drafted, of concern is that the Treasurer made no reference to how the current foreign investment framework and the new policy will work in conjunction with other federal laws in particular the money laundering provisions in the Criminal Code Act 1995 and the forfeiture provisions of the Proceeds of Crime Act 2002.  

Australian federal money laundering laws are perhaps the most powerful criminal money laundering provisions in the world. The laws apply to all Commonwealth indictable offences, which is an offence that carries a penalty of imprisonment greater than 12 months.  Offences relating to the illegal purchase of real property (referred to as Australian Urban Land) in Australia by a foreign person carry penalties not exceeding 2 years imprisonment.  Federal money laundering law therefore applies to indictable offences in the Foreign Acquisitions and Takeovers Act 1975.

The money laundering laws apply to property (real and personal) as well as money. And the laws capture the proceeds of crime, which could include the sale of any property purchased illegally and to instruments of crime which include funds used to the purchase property illegally. If a foreign investor therefore has purchased property in contravention of the current foreign investment rules or under the new regime or sells property purchased illegally then there is a high chance they will also commit a money laundering offence.

“Australian federal money laundering laws capture instruments of crime (money used to purchase property illegally) and to proceeds of crime (which includes funds derived from the sale of property purchased illegally)”

Breaches of federal money laundering law carry penalties up to 25 years imprisonment and/or a fine of up to $255,000 if any property involved (either purchased or sold) is more than $1 million in value.  A summary of the penalty provisions relevant to federal money laundering law is attached. Many purchases by foreigners of Australian property would probably fall into the high value category and therefore attract the harshest penalty. This could have significant implications for any foreign investor.  They and any involved third party could potentially be charged with money laundering if they follow the Treasurer’s advice and disclose and sell their property.  And the Treasurer despite his announcement, he and FIRB cannot grant immunity from prosecution.  Only the Commonwealth Director of Public Prosecutions (CDPP), an Australian prosecution body, has the authority to do that.

Third parties such as real estate agents, family members and others who assist foreign investors may be charged with money laundering offences even if their conduct was reckless or only negligent. Full knowledge of the circumstances is not required. The Australian Federal Police investigate most money laundering matters in Australia and they are prosecuted by the CDPP.

Australia was one of the first countries to implement criminal money laundering laws.  They were initially implemented to combat the laundering of the proceeds of drug traffickers.  Australian federal money laundering laws were later extended to apply to all indictable offences.  Primarily the money laundering laws were expected to target organisers of human trafficking, people smuggling, illegal gun running and tax evasion.  But the extension to all indictable offences means that foreign nationals and third parties could be captured by and prosecuted on a similar scale to drug dealers who launder their illegal money.

Australian federal money laundering legislation has extended jurisdiction.  The law applies to Australian citizens and Australian companies operating offshore from Australia.  And to any other entity or person where the money or property is intended to become an instrument of crime or there is a risk the property could become an instrument of crime or the money is the proceeds of crime.  Consequently a third party operating offshore could be bound by Australian money laundering law if they are involved in the transmission of funds to Australia that will be used or there is a risk it could be used to illegally purchase property.

Similarly, if the offshore third party for example a bank, a lawyer or a corporate service provider receives funds from Australia that were derived from the sale of property purchased illegally then they could potentially face prosecution for money laundering.  Third parties (i.e. bank or lawyer) based in Australia who facilitate the movement of funds derived from the sale of an illegally purchased property to other offshore third parties could face a criminal charge of money laundering.

“a third party operating offshore could be bound by Australian money laundering law if they are involved in the transmission of funds to Australia that will be used or there is a risk it could be used to illegally purchase property”

But more confronting is that under the current foreign investment regime there is already a risk that the illegally purchased property or proceeds of the sale of any property could be seized as proceeds of crime. Seizure can occur whether or not someone is charged with or convicted of a criminal offence.  But the change in the penalty for breaching the foreign ownership rules to 3 years imprisonment increases the options available to seize the property or the proceeds of any sale under the Proceeds of Crime Act 2002.

Other than the indictable offences in the Foreign Acquisitions and Takeovers Act 1975 relating to the purchase of Australian property illegally, the AFP can allege a money laundering offence as a way of seizing property or the proceeds of the sale of illegally acquired property and applying for its confiscation.  They don’t need to lay a criminal charge to do this. “Reasonable suspicion” a very low legal standard is all that is needed to initiate court action.  This could also occur if the foreign investor has evaded Australian tax.  And as announced by the Treasurer, the Australian Taxation Office will use data matching with other agencies to identify violators.

“Reasonable suspicion a very low legal standard is all the AFP needs to establish to initiate civil forfeiture action in relation to property purchased illegally in Australia. The increase in the penalty to 3 years expands the options available to the AFP”

Foreign investors who have bought property illegally or have sold it could face the might of the AFP’s normal investigative powers (such as search warrants) as well as specific powers under the Proceeds of Crime Act. For instance, the federal police can also compulsorily question people in connection with the purchase and sale of the property. There is no right to silence.  It is very powerful legislation.

A foreign investor who follows the Treasurer’s advice and discloses their property may not only be forced to sell. They could find themselves facing serious criminal charges and loss of all their property. Third parties who are involved in property transactions with foreign nationals should also be cautious in their dealings. 

The policy changes in relation to foreign ownership of real property in Australia announced by the Treasurer have been put forward without due consideration to the wider issues that have been raised in this paper.  The serious criminal and financial implications makes it prudent for foreign investors and third parties to get specialist legal advice before making a self-report of any breach of Australia’s foreign investment rules. Advice should also be sought from a specialist in criminal money laundering legislation and Australian federal civil forfeiture investigations (as opposed to a specialist in Australian anti-money laundering legislation and framework).

The Australian Treasurer has no power to tell the AFP or the DPP what to do, they are independent agencies. It would be folly to place faith in assurances given by the Treasurer at least until the legislation implementing the new measures has been drafted.

Please note this publication expresses an opinion only.  It does not constitute legal or financial advice and does not take into account individual circumstances. It is highly recommended to seek specialist advice before taking any action in relation to the issues raised in this article.

 

__________________________________________________________________

 

Australian criminal money laundering laws and related offences contained in the Anti-Money Laundering & Counter-Terrorism Financing Act 2006 are complex.  Further complications arise when those offences are combined with any forfeiture action initiated under the Proceeds of Crime Act 2002.  Malkara Consulting is the only Australian consulting firm with extensive experience in the investigation of Australia’s criminal money laundering legislation and AML offences and in the application of the conviction and civil forfeiture provisions of the POC Act.  No other Australian consulting firm has the experience teaching money laundering and civil forfeiture in Australia and offshore.

Consequently Malkara Consulting is available for an initial consultation to examine individual cases and circumstances and discuss available options, including if necessary where to obtain legal advice.

Malkara Consulting is also available to deliver training sessions on Australian criminal money laundering provisions and the relevant forfeiture provisions contained in the Proceeds of Crime Act 2002.

 

Chris Douglas, APM

Malkara Consulting

Perth, Western Australia