Risk In:Review #21 - 25 June 2023
Anthony Hope
Risk & Compliance Executive | Fintech Founder & Innovator | Strategic Leader | Expert Speaker
Welcome to Risk In:Review, your weekly newsletter curating the best of the week’s news stories from the crossroads between risk management and technology in Asia Pacific.
Keep updated with the latest news and insights by clicking on?subscribe.
Perspectives
Singapore commands the spotlight this week, as the echoes of 2020’s Wirecard scandal continue to be felt. DBS, OCBC, Citibank, and Swiss Life, have been fined an aggregate SGD 3.8 million for violations associated with Wirecard. Additionally, two ex-Wirecard executives received prison sentences in Singapore. DBS’s fine of SGD 2.6 million is particularly noteworthy, as it marks the largest AML/CTF-related fine that the bank has incurred in the last decade. This follows a string of earlier compliance-related issues, including SGD 1 million fines in 2016 and 2020.
Singapore has also been active in the Central Bank Digital Currency (CBDC) space. The Monetary Authority of Singapore, in collaboration with the Bank of Italy, the Bank of Korea, and the International Monetary Fund (IMF), unveiled a white paper on Purpose-Bound Money (PBM). PBM is an exciting concept in digital currencies that could tackle privacy issues inherent in CBDCs. The paper raises the potential for the private sector to develop the 'wrapper' in a PBM while utilising a central bank-issued CBDC as the foundational digital currency. Concurrently, the IMF is developing a global platform for CBDCs to facilitate cross-border transactions. These initiatives, although distinct, could potentially converge to create a global regulatory framework for digital currencies that also safeguards consumer privacy.
Across the Pacific, the US Justice Department has indicted four Chinese chemical manufacturers and eight individuals for allegedly trafficking chemicals instrumental in producing the opioid fentanyl. This move signals a decisive stance by the US in tackling the supply chains contributing to the opioid crisis and underscores the Justice Department's willingness to reach beyond the US to address the problem at its source.
Lastly, following in the footsteps of Singapore's COSMIC and Australia’s Fraud Reporting Exchange (FRX), the Hong Kong Police Force has launched the Financial Intelligence Evaluation Sharing Tool (FINEST). Developed in conjunction with the Hong Kong Monetary Authority and the Hong Kong Association of Banks, FINEST aims to provide a secure and streamlined platform for sharing data related to suspected financial crimes.?These three models all take different approaches to exchanging data to address the continuing issue of fraud and scams. The question is whether there will be a convergence as best practice from these markets continues to evolve??
This Week In:Review
Australia
China
Hong Kong
Korea
Singapore
Best of the Rest
Australia In:Review
ANZ Banking Group has introduced over 170 algorithms and AI technology in a bid to thwart scams and financial crimes against its clients. The scams predominantly involve third parties obtaining remote access to computers to pilfer account details, followed by investment, romance, and inheritance scams. ANZ stated that these innovations have so far saved AUD 20 million across various payment channels. The bank also made a considerable investment in AI and machine learning to identify ‘mule accounts’ – accounts that receive money from scam victims. A trial run identified nearly 1,400 high-risk accounts since April 2023. Furthermore, ANZ has taken steps to restrict payments to certain high-risk cryptocurrency platforms and imposed holds on some payment forms. Collaborating with telecommunications firms, ANZ has enabled the Do Not Originate service, informing consumers of potentially malicious calls, and is preventing the misuse of its brand in scam text messages. These implementations supplement other initiatives, such as behavioural biometrics, which discern fraudulent online applications. Shaq Johnson, ANZ’s head of customer protection, emphasised that the investment in these technologies is vital in adapting to ever-evolving scams and safeguarding customers, revealing that AUD 61 million was protected from cybercriminals over the past nine months.
Payments provider Cuscal, in collaboration with its partner Zepto, has imposed new restrictions on cryptocurrency exchanges in Australia. Last month, Cuscal terminated payment services to Binance Australia, which consequently lost the ability to facilitate Australian Dollar bank transfers via PayID. Cuscal updated its Merchant guidelines, setting new conditions for digital currency exchanges. According to a document seen by CoinDesk, these requirements include a 24-hour hold on first-time inbound payments, real-time user identity verification, and unspecified transaction limits for cryptocurrency exchange payments. Blockchain Australia, the nation's industry representative, criticised these restrictions, stating they seem to be exclusively aimed at digital currency exchanges. The organisation supports measures to secure digital transactions but advocates for the preservation of users’ autonomy in managing their finances. The extent to which Australian exchanges are affected by these restrictions is uncertain as Cuscal and Zepto’s clientele data is not public. However, Michael Bacina, Blockchain Australia Chair, remarked that this development could have a significant impact in Australia, where users expect both security and freedom in financial transactions. The industry body had invited stakeholders, including Cuscal, for a roundtable discussion on 27 June to deliberate on the issue.
Joe Longo, the Chair of the Australian Securities and Investments Commission (ASIC), has highlighted the potential of artificial intelligence (AI) in enhancing efficiency in financial markets’ risk management and operations. However, during a speech at the ISDA/AFMA Forum, he cautioned that the rapid evolution of AI could bring new risks, such as market abuse, misinformation, discrimination, and bias. Longo emphasised that there is no consensus on AI regulation and urged for thoughtful consideration of this issue. He cited a government discussion paper titled “Safe and Responsible AI in Australia” and encouraged participation in shaping the country’s approach to AI regulation. Longo warned against hastily adopting new technologies without robust governance and operational resilience, reminding entities that existing obligations regarding good governance remain unchanged despite technological advancements. In the next financial year, ASIC plans to consult on extending automated order processing rules to futures markets in response to AI developments, and aims to update its electronic trading guidance. Additionally, ASIC will continue monitoring AI applications and evaluate risks and opportunities, whilst also paying attention to other developments like crypto technology, asset digitisation, carbon markets, foreign exchange, and lending.
China In:Review
China’s security and surveillance industry is concentrating on bolstering its defences against external threats, such as hackers and advancements in artificial intelligence (AI), amid growing geopolitical tensions with the United States. At the Security China exhibition in Beijing, a focus on self-reliance and system hardening against cyber-attacks was evident. Fan Weicheng, Director of Tsinghua University’s Center for Public Safety Research, highlighted the potential dangers of AI, including deceptive imagery and videos. Chinese academics are developing an early warning system to manage disruptive technology that could affect national security. In light of Washington's efforts to limit China’s access to American technology, there is a push for China to develop local products and become self-sufficient. However, this focus is juxtaposed with concerns regarding the social and political risks of technologies. While some experts, including OpenAI CEO Sam Altman, advocate for Sino-American cooperation in managing AI risks, the political landscape and divergent approaches to technology make collaboration challenging. China’s extensive use of surveillance technology contrasts with the United States’ more restrained approach, albeit with some exceptions. The uncertainty remains whether the two nations can reconcile their differences and work collaboratively in the evolving AI landscape.
Hong Kong and China have been collaborating to develop an international central bank digital currency (CBDC) payment system using the digital yuan for cross-border transactions. The project, led by the Bank of China (Hong Kong) Limited, recently completed its second pilot, which involved testing high-frequency, small-value transactions at retail outlets and restaurants. The pilot began with 500 participants and later expanded to 2,100, mainly targeting UBuy stores and online retailer JD.com. Additionally, prominent banks such as Standard Chartered, HSBC, and Hang Seng Bank contributed to this phase.
While there were positive outcomes, the pilot also revealed significant flaws. Consumers raised concerns regarding the limited number of merchants that accepted the digital yuan and the lack of expertise among staff in handling the new currency. For instance, some cashiers took an extended period to locate the terminals that could process digital yuan payments.
The project is expected to widen its scope beyond retail, transport, and restaurants, primarily catering to tourists travelling from Hong Kong to mainland China. Despite a surge in the digital yuan’s adoption in early 2022, the momentum has waned, prompting the People’s Bank of China to expand the pilot to more cities and introduce additional functionalities.
The US Justice Department has indicted four Chinese chemical manufacturing companies and eight individuals for allegedly trafficking chemicals used to manufacture fentanyl, a synthetic opioid contributing to the US opioid crisis. This marks the first time Chinese firms have been charged with trafficking fentanyl precursors within the US. Attorney General Merrick Garland revealed that one company shipped over 200 kilograms of fentanyl-related precursor chemicals to the US, sufficient to produce around 50 kilograms of fentanyl, equating to enough lethal doses to potentially kill 25 million individuals. The indictments accuse the companies of selling these chemicals to Mexico's Sinaloa cartel, which has been instrumental in distributing the drug across the US. The Deputy Attorney General, Lisa Monaco, stated that these cases represent a landmark in combating the fentanyl supply chain at its source. Among the indicted is Hubei Amarvel Biotech and its executives Qingzhou Wang, Yiyi Chen, and Fnu Lnu (alias Er Yang), charged with fentanyl trafficking, precursor chemical importation, and money laundering. Wang and Chen were arrested and await transportation to New York for trial. The Chinese embassy has not commented on the allegations.
Hong Kong In:Review
The Hong Kong Police Force (HKPF) has launched the Financial Intelligence Evaluation Sharing Tool (FINEST), a platform developed in partnership with the Hong Kong Monetary Authority (HKMA) and the Hong Kong Association of Banks (HKAB). FINEST aims to offer a secure and efficient method for sharing corporate data concerning suspected financial crimes among banking institutions. This platform will facilitate improved collaboration between law enforcement and banks, thereby increasing the success rates in identifying and tackling financial crimes. Moreover, FINEST is expected to enhance intelligence sharing, strengthen due diligence, and foster industry-wide cooperation. Initially, five banks, including Bank of China (Hong Kong) Limited and Standard Chartered Bank (Hong Kong) Limited, have joined the platform, and other banks will progressively join to maximise coverage of Hong Kong's banking sector. A spokesperson for the HKPF emphasised that this initiative highlights the significance of collaborative efforts to combat financial crimes and bolster Hong Kong's status as a global financial centre.
Hong Kong is witnessing the emergence of blockchain-based security products, as the city aims to expand its Web3 industry beyond cryptocurrencies. Recently, UBS and Bank of China International Holdings (BOCI) announced a blockchain-based structured note, marking the first private security product on a public blockchain in Hong Kong. This follows a government-backed green bond offered on a private blockchain platform by Goldman Sachs in February. BOCI's product is notable as it is offered on Ethereum, known for its smart contracts. Unlike traditional notes that are held by central securities depositories, the UBS and BOCI product is created as a smart contract and registered on the Ethereum network, which, according to a UBS spokeswoman, allows for greater interoperability and connectivity across market participants. The tokenised green bonds by the Hong Kong Monetary Authority were issued on a permissioned blockchain, ensuring privacy for regulated finance. Allen Huang from Hong Kong University of Science and Technology said this development bolsters Hong Kong’s image as a financial hub with a pro-blockchain ecosystem. Meanwhile, Jack Poon from the Hong Kong Polytechnic University mentioned that the collaboration between a Chinese state-owned bank and a Swiss bank is significant, indicating a long-term commitment to exploring blockchain technologies.
Korea In:Review
Do Kwon, the cryptocurrency entrepreneur behind the USD 40 billion collapse of the terraUSD and Luna tokens, has been sentenced to a four-month jail term in Montenegro for forging official documents. He was arrested at Podgorica Airport while trying to fly to Dubai. Han Chang-joon, former finance officer at Kwon's company Terraform Labs, also received a four-month sentence for the same charges. Both Kwon and Han pleaded not guilty. They can appeal the verdict within eight days of receiving the court's written notification. The time they've already spent in custody since their March arrest will be included in their sentences. Kwon also faces charges in the US and South Korea related to the collapse of the two digital tokens. In February, the US Securities and Exchange Commission (SEC) charged Kwon and Terraform Labs with "orchestrating a multi-billion dollar crypto asset securities fraud". A South Korean court has issued arrest warrants for Kwon and five others related to the case. Montenegro has no extradition treaties with either the US or South Korea.
Singapore In:Review
The Monetary Authority of Singapore (MAS) has fined three banks, DBS Bank, OCBC Bank, and Citibank Singapore, along with the insurer Swiss Life Singapore, a total of SGD 3.8 million for breaching anti-money laundering and counter-terrorism financing regulations, in relation to the Wirecard scandal. The fines were imposed after MAS found that these financial institutions had insufficient controls, including failing to inquire into the background and purpose of transactions, and not maintaining relevant customer due diligence information. DBS was fined SGD 2.6 million, OCBC SGD 600k, Citibank SGD 400k, and Swiss Life SGD 200k. Although the breaches were deemed serious, MAS did not find any willful misconduct by the staff of these institutions. The institutions have undertaken prompt remedial actions including improving procedures, processes, and staff training. This action by MAS is part of broader efforts to maintain the integrity of the financial system in Singapore. The Wirecard scandal, which unfolded in 2020, involved the German payment processor Wirecard and was marked by the revelation that billions in assets listed on the company’s books did not exist, leading to its collapse.
Two former Wirecard Asia executives, James Wardhana and Chai Ai Lim, have been sentenced to 21 months and 10 months in jail respectively for conspiring to misappropriate funds, marking the first criminal convictions related to the accounting frauds at Wirecard. The German payments company collapsed in June 2020 after disclosing that half of its claimed annual revenue did not exist. Another individual involved, Edo Kurniawan, remains at large. James Henry O’Sullivan, who is charged with abetting the falsification of documents through companies associated with Wirecard, is set to stand trial in Singapore. In Germany, a court case involving three Wirecard executives, including former CEO Markus Braun, is ongoing and expected to last until at least 2024. Wirecard's ex-COO, Jan Marsalek, is also at large. Wirecard was established in 1999 and reached a valuation of EUR 24 billion at its peak. However, it filed for insolvency in June 2020 after auditors revealed that USD 2.1 billion of supposed deposits were missing. Braun, accused of misrepresenting Wirecard's accounts and market manipulation, was arrested and charged along with Oliver Bellenhaus and Stephan von Erffa.
The Monetary Authority of Singapore, the Bank of Italy, the Bank of Korea, and the International Monetary Fund have jointly released a white paper investigating the concept of Purpose-Bound Money (PBM) and its potential applications. PBM is a digital currency designed for specific uses via programming. It comprises two key components: a wrapper, which is governed by smart contract code defining the conditions for utilising the digital currency, and a store of value. PBMs can resolve privacy issues concerning central bank digital currencies (CBDCs), due to their programmable nature, which can be tailored for both public and private sectors. Policymakers can set limitations on use cases and decide which entities can issue and distribute these digital currencies. The white paper highlights that the wrapper in a PBM could be developed by a private sector entity while using a central bank-issued CBDC as the underlying digital currency. Moreover, the study explores alternative methods for programming money, such as programmable payments that permit the establishment of recurring transactions or expenditure limits using an API. The white paper also emphasises the need for global collaboration in the exploration and development of CBDCs and digital money formats.
Ripple has secured an in-principle approval for a Major Payments Institution License from the Monetary Authority of Singapore (MAS). This license enables Ripple's Singapore branch to offer regulated digital payment token products and services, and further expand its customers' use of its crypto-enabled On-Demand Liquidity (ODL) platform, which experienced a fivefold growth in Singapore year-on-year. Ripple's Chief Legal Officer, Stu Alderoty, commended Singapore for adopting a progressive approach to digital asset regulation, balancing consumer protection, market integrity, and innovation promotion. Ripple’s Singapore office has seen a 50% year-on-year growth in staff numbers, hiring in various sectors including business development, compliance, and legal. The license allows Ripple to tap into Singapore's burgeoning licensed digital assets market. Alderoty expressed that the clear regulatory framework is attracting responsible players in the digital assets space. To date, MAS has approved 190 Major Payment Institution licenses and 11 Digital Payment Token Service licenses, with over 680 applications for payment services licenses received since January 2020. Ripple joins other major companies like Coinbase and Circle that have secured licenses in Singapore.
Oversea-Chinese Banking Corporation (OCBC) has introduced a fully digital account-opening service for individuals relocating to Singapore from Malaysia, Indonesia, mainland China, and Hong Kong. Through the OCBC O39 Digital app, individuals can remotely open Singapore dollar and multi-currency accounts within minutes, in contrast to the traditional method which could take days or weeks by visiting a branch. The streamlined process aids the relocation process, as having a bank account is crucial for salary crediting and securing accommodation. OCBC utilised artificial intelligence, data analytics, biometrics, blockchain, and cloud technologies in collaboration with OneConnect Financial Technology to digitalise the process. This launch is timely as Singapore sees an increase in foreigners moving to the country for work and study, with a 6.6% growth in this segment from 2021 to 2022, according to Singapore Department of Statistics. OCBC anticipates a four-fold increase in the monthly average of foreigners opening OCBC accounts in 2024 compared to 2022. Users of the app will have access to a range of features including wealth management services, international remittances, and equities trading.
Best of the Rest In:Review
The International Monetary Fund (IMF) is developing a global platform for Central Bank Digital Currencies (CBDCs) to facilitate transactions between countries, as stated by IMF Managing Director Kristalina Georgieva. Speaking at a conference attended by African central banks in Rabat, Morocco, Georgieva highlighted the importance of interoperability among CBDCs to enable more efficient and fair transactions. She urged central banks to establish a shared regulatory framework for digital currencies, warning that the absence of such a framework could give way to cryptocurrencies. CBDCs are digital currencies regulated by central banks, while cryptocurrencies usually operate in a decentralised manner. Georgieva noted that 114 central banks are exploring CBDCs, with approximately 10 having implemented them. She emphasised the potential of CBDCs in advancing financial inclusion and reducing the cost of remittances, which currently averages 6.3%, equivalent to USD 44 billion annually. Additionally, she asserted that CBDCs should be asset-backed, considering cryptocurrencies backed by assets as investment opportunities, but deeming them speculative investments when not backed by assets.
Sumsub, a London-based identity verification company, has upgraded its biometric liveness detection technology with enhanced deepfake detection. Sumsub's technology detects spoofing attempts during Know Your Customer (KYC) processes by collecting face biometrics and generating 3D FaceMaps. These are then referenced for authorising transactions and logins. The integrated deepfake detector strengthens this system. Sumsub released statistics indicating that in 2022, Spain led in deepfake fraud, accounting for 49.7% of global cases, followed by the UK (9.3%) and the US (4.2%). From 2022 to Q1 2023, there was a significant increase in the proportion of deepfakes among all fraud types, notably in Canada (4,500%), the US (1,200%), Germany (407%), and the UK (392%). Sumsub is transitioning from a KYC provider to a biometric platform offering full-cycle verification, integrating user and business verification, transaction monitoring, fraud prevention, and case management into a single dashboard.
ChatGPT users are advised to be vigilant following the leak of over 100,000 ChatGPT account credentials on the dark web. Group-IB, a Singapore-based cybersecurity firm, reported that credentials dating from ChatGPT’s launch in June 2022 to May 2023 have been compromised. The US, France, Morocco, Indonesia, Pakistan, and Brazil are among the most affected countries. Group-IB indicated that a peak of 26,802 logs containing compromised ChatGPT accounts was reached in May 2023, predominantly in the Asia-Pacific region. OpenAI, ChatGPT's parent organisation, emphasised that this situation arises from malware on users’ devices, rather than a breach at OpenAI, and that they have industry-standard security practices in place.
The dark web marketplace is trading logs containing compromised information, which mostly result from information stealer malware. The Raccoon info stealer is notably prevalent, compromising 78,348 accounts. Other malware types such as Vidar and RedLine were also used, though on a smaller scale.
Compromised credentials not only grant access to personal information but also to chats stored within the OpenAI application. This could encompass sensitive content ranging from business plans to personal diaries, and even classified documents. Users are urged to employ strong passwords, enable two-factor authentication, and follow cybersecurity best practices to mitigate risks.
I hope you find Risk In:Review informative and helpful.?