Risk In:Review #73 - 22 September 2024
Anthony Hope
Risk & Compliance Executive | Fintech Founder & Innovator | Strategic Leader | Expert Speaker
Welcome to Risk In:Review, your weekly newsletter curating the best of the week’s news stories from the crossroads between risk management and technology in Asia Pacific.
Keep updated with the latest news and insights by clicking on subscribe .
Perspectives
It’s been a busy week at the intersection of risk and technology. This week’s Perspectives focuses on three very different headlines: Singapore’s decision to mandate face authentication for ‘higher risk’ bank transactions; a start-up in India combatting recruitment fraud with artificial intelligence (AI); and new guidance from Hong Kong’s police around the risk of child-targeted cybercrime.
Starting with Singapore, in a bid to bolster digital security, the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) have announced the gradual introduction of Singpass Face Verification (SFV) for major retail banks.
Over the next three months, this measure will enhance the digital token setup process for retail banking customers, adding another layer of security to Singapore’s national digital identity system.
SFV aims to simplify authentication while fortifying protection against unauthorised access, making it more challenging for scammers to exploit compromised credentials.
Singpass, already integrated into numerous government and commercial services, will now leverage biometric face verification, developed by iProov, to authenticate identities during banking transactions. This technology matches a customer's face against national records, ensuring that only the authorised individual can activate their digital token.
By doing so, it mitigates risks of scams involving SMS one-time passwords (OTPs), phished credentials, or bank card information, which have been commonly exploited by fraudsters.
The implementation of SFV comes as part of a broader strategy by Singapore’s banks to curb fraud. This includes phasing out OTPs for login purposes and introducing features like Money Lock, which allows customers to restrict access to their funds for digital transactions.
Turning to India, RippleHire, a leading talent acquisition cloud platform, is revolutionising the recruitment landscape through AI-driven innovation to tackle recruitment fraud. RippleHire’s AI capabilities focus on combating candidate duplication, fraud, and impersonation – issues prevalent in markets such as India and Southeast Asia.
By reading and verifying resumes against existing databases and employing facial recognition, the platform ensures the authenticity of each candidate. This approach helps to create a fairer recruitment ecosystem, reducing the risk of fraudulent activities that could undermine hiring processes.
The integration of AI into recruitment platforms is not without challenges, especially ethical concerns around bias in candidate screening. To address this, RippleHire anonymises resumes to focus on skills and experience rather than personal identifiers that could introduce bias.
The platform's AI is continuously monitored for fairness, and the company prioritises transparency in its decision-making processes. RippleHire’s approach demonstrates how AI, when responsibly managed, can significantly enhance the efficiency and integrity of recruitment.
Finally, on a more sombre note, the Hong Kong police have issued a warning about child-targeted cybercrime, with over 900 cases involving students recorded last year. These crimes include romance scams and "naked-chat blackmail," often exploiting young people through online platforms.
The police emphasise the need for collaborative prevention efforts involving teachers, parents, and social workers to educate and protect youth from these threats. They also highlight the growing issue of juveniles being unknowingly involved in criminal activities such as money laundering.
This Week In:Review
Australia
China
Hong Kong
India
Korea
Singapore
Best of the Rest
Australia In:Review
The Reserve Bank of Australia (RBA) has prioritised work on a wholesale Central Bank Digital Currency (CBDC) due to its greater economic benefits compared to a retail version and lower challenges.
Assistant Governor Brad Jones announced Project Acacia, a three-year digital money plan focusing on improving wholesale markets with tokenised money and new settlement infrastructure.
The RBA will continue to reassess retail CBDC options, with a follow-up paper expected in 2027. Any retail CBDC adoption would require government approval and legislative changes.
China In:Review
A Chinese government-linked cyber crime group, known as ‘Flax Typhoon’, ‘RedJuliett’, and ‘Ethereal Panda’, attempted to use distributed denial of service (DDoS) attacks to prevent the takedown of a global botnet that compromised up to 1.2 million Internet of Things (IoT) devices.
The botnet, controlled by the Integrity Technology Group (Integrity Tech), utilised Mirai malware to exploit devices such as routers, IP cameras, and digital video recorders since 2021.
The FBI, NSA, and Cyber National Mission Force (CNMF) revealed that 260,000 devices in 19 countries were actively exploited as of June 2024. The cyber group operated command and control servers through over 80 subdomains, using an application called ‘Sparrow’ for DDoS attacks and data theft.
Despite attempts to thwart the disruption, including launching a DDoS attack against authorities, the FBI successfully gained control of the botnet’s servers and disabled the malware.
The attack had widespread impacts, including significant financial losses and operational disruptions for affected organisations. Authorities have urged device manufacturers and users to adopt ‘secure by design’ principles, disable unused services, update software, and implement strong security measures to protect against such threats.
China was once a major player in crypto mining, attracting companies with its low energy costs and favourable regulations. By 2021, it accounted for approximately 70% of global mining activity.
In 2019, President Xi Jinping’s push for blockchain technology further solidified China’s technological edge over the United States.
However, this changed in May 2021 when China imposed a sweeping ban on cryptocurrency mining and transactions, citing concerns about financial risks and illegal activities like money laundering.
The crackdown sent miners fleeing, with many relocating to nearby Kazakhstan, drawn by its abundant coal power. Kazakhstan’s share of global cryptocurrency mining surged to nearly 20%, but the energy demands of mining operations soon led to fuel price hikes and widespread power outages.
Public outcry forced the government to cut miners off from the national grid by the end of 2021.
The exodus proceeded to the United States, which now accounts for over 40% of the global cryptocurrency ‘hashrate.’ US mining operations utilise approximately 2% of the country’s electricity, which is equivalent to the power required for an entire state, such as Utah.
Though not as incendiary as Kazakhstan’s experiences, the increased energy use has prompted environmental worries, particularly in rural areas where Chinese-owned businesses have started operations.
One such company, Bit Mining, relocated to Akron, Ohio, after leaving China and briefly operating in Kazakhstan. Residents there and in various cities around the United States, including Rockdale, Texas, and Bono, Arkansas, have expressed opposition to mining operations, citing noise, environmental damage and a lack of local job creation.
While local opposition remains strong, the crypto business is gaining political influence. In California, lobbying activities resulted in the veto of a law regulating digital financial assets. On a national scale, pro-Bitcoin lobbyists have spent millions of dollars to prevent the Securities and Exchange Commission from overseeing cryptocurrency.
As the United States deals with the environmental and economic consequences of Bitcoin mining, the future remains unclear. Local communities continue to demand stricter regulations or moratoriums on new projects.
Chinese crypto trading through over-the-counter (OTC) desks surged to USD 23.7 billion in the second quarter of 2024, highlighting the resilience of underground trading despite China’s blanket ban on crypto activities imposed in 2021.
Chainalysis reports that the actual scale of these activities could be far larger due to hidden trades via social media groups and service providers, making the true scope challenging to track.
The surge in crypto trading, driven by a sluggish stock market, has been facilitated by the use of Virtual Private Networks (VPNs) and decentralised exchanges. OTC desks, which allow private, large-scale transactions without public disclosure, have become a preferred method for traders circumventing the ban.
Bitcoin mining, initially hit hard by the ban, has rebounded significantly, and the country continues to show strong interest in non-fungible tokens (NFTs) and metaverse projects.
With Hong Kong’s pro-crypto regulations, there is growing speculation that China may eventually soften its stance on cryptocurrencies.
China’s top courts recently classified transactions involving cryptocurrencies, online game coins, and live-streamer tips as money laundering activities, citing their use in evading capital controls and enabling cross-border transactions.
This crackdown reflects China’s stringent stance on digital assets but may inadvertently affect its booming video game industry, which generated CNY 303 billion (USD 42.7 billion) in 2023.
With 670 million gamers, China’s gaming sector thrives on high internet penetration and popular mobile titles like Honour of Kings and Genshin Impact, contributing significantly to in-game revenues.
Hong Kong In:Review
Hong Kong police have raised concerns over the increasing exploitation of young citizens in cybercrime operations, with over 900 students falling victim to romance scams and “naked-chat blackmail” in the past year.
The release of the third edition of the police’s youth crime prevention handbook highlights these issues and aims to educate young people, parents, and educators on recognising and preventing such crimes.
Commissioner of Police Raymond Siu Chak-yee stressed the growing prevalence of cybercrime as more people engage in online dating, investing, and shopping. He noted that young victims are often manipulated into participating in illegal activities, such as money laundering, without understanding the consequences.
Among the cases reported, the majority of blackmail incidents via nude chat involved students, with 311 cases involving minors. Additionally, police reported 450 instances of compensated dating scams, where young people were duped into buying cryptocurrency or game point cards as deposits for fictitious services.
Police data reveals that while arrests of minors for drug, criminal damage, and triad offenses have declined due to preventive efforts, there has been a significant rise in arrests for theft, fraud, and other deceit-related offenses. Many young people unknowingly engaged in money laundering by renting out or selling their bank accounts to criminal syndicates.
The police handbook highlights five key categories of crime: robbery, theft, fraud and money laundering, online sex crimes, and online deception and deepfakes. It offers real case studies, legal outcomes, and guidance for parents and educators to help safeguard youth against falling into criminal activities.
领英推荐
The Hong Kong government is set to unveil new policies for the finance sector to promote the use of artificial intelligence (AI) in traditional trading, investment banking, and cryptocurrency markets.
The Financial Services and the Treasury Bureau (FSTB) is drafting a framework focused on the ethical use of AI, with the guidelines expected to be finalised and announced during the Hong Kong FinTech Week from 28 October to 1 November 2024.
The policy aims to enhance AI adoption while ensuring responsible use, drawing on global experiences to shape an effective regulatory environment. An FSTB spokesperson highlighted the need to balance innovation with ethical considerations in AI’s application within the financial market.
Hong Kong’s push comes amid restrictions on prominent AI tools like OpenAI’s ChatGPT due to the ongoing US-China tech conflict, prompting a focus on local AI development. In August, the Hong Kong Monetary Authority (HKMA) issued principles for generative AI, emphasising governance, transparency, and data protection in consumer-facing applications.
The HKMA stressed the accountability of senior management for AI decisions, particularly those affecting customer data and privacy. Potential AI uses identified include chatbots, personalised product development, and robo-advisors, underscoring the technology’s growing role in financial services.
India In:Review
Indian authorities are investigating the “Datameer” crypto trading app, which allegedly defrauded over 700 locals of INR 10 million. The scheme promised investors high returns of up to 50%, convincing them to invest through a fake app that later shut down, with the scammers disappearing along with the funds.
Despite India’s lack of solid crypto regulations and high taxation, the country leads the Chainalysis 2024 Global Crypto Adoption Index, reflecting a growing demand for cryptocurrencies.
However, this surge has also made investors vulnerable to scams. The Datameer app, which appeared in April 2024 and operated for five months, attracted both small and large investors through social media promotions.
Preliminary investigations suggest that the perpetrators are spread across India, with potential connections to Hong Kong. Authorities are working with cyber wing experts nationwide to further uncover the scam’s extent and possible international links, particularly in China.
India has achieved a high level of technical compliance with Financial Action Task Force (FATF) standards, significantly enhancing its framework against money laundering, illicit finance, and terrorist financing.
In a joint assessment with the Asia-Pacific Group on Money Laundering (APG) and the Eurasian Group (EAG), the FATF commended India’s progress but identified areas needing further improvement, particularly in regulating the non-financial sector and virtual asset providers.
The FATF report, presented in Paris, acknowledged India’s advancements but stressed the importance of adopting a risk-based approach to protect non-profit organisations from exploitation in terrorist financing. It also highlighted the need to ensure that financial crime prosecutions are completed with appropriate sanctions.
While India’s anti-money laundering and counter-terrorism financing (AML/CFT) framework has made strong progress, the FATF noted that implementation of preventative measures in the non-financial sector and virtual asset service providers remains in the early stages.
Improved supervision and cash restriction enforcement, especially for dealers in precious metals and stones, were identified as priorities due to their material impact.
India’s financial authorities were commended for their coordination and international cooperation efforts. However, the FATF emphasised the need to address delays in prosecutions. India is now under “regular follow-up” and will report back to the FATF Plenary in three years.
The Madras High Court has ruled that police cannot freeze entire bank accounts during fraud investigations, allowing only the fraud-related amounts to be frozen. The ruling came after a petitioner’s account was frozen for over a year due to a cryptocurrency investigation.
The court emphasised that freezing entire accounts disrupts livelihoods and financial stability, and investigative agencies often fail to inform account holders and courts about such actions. Justice G. Jayachandran highlighted that freezing entire accounts deprives individuals of their financial means and business operations.
In the case of Mohammed Saifullah, whose HDFC Bank account was frozen by the Telangana State Cyber Security Bureau (TSCSB) in relation to a cryptocurrency fraud case, the court ruled that Saifullah could access his account, provided he maintained a balance of ?2.48 lakh, the amount under investigation.
The judge underscored the need for investigative agencies to adhere to legal provisions requiring timely notification of account freezes to both account holders and the courts, as mandated by Section 102 of the Criminal Procedure Code and Section 106 of the Bharatiya Nagarik Suraksha Sanhita (BNSS).
RippleHire, an intelligent talent acquisition cloud platform founded in 2012, serves over 1 million users in 50+ countries. CEO Sudarsan Ravi discusses the role of AI in talent acquisition, addressing recruitment fraud, and the ethical considerations involved in AI-driven candidate screening.
Sudarsan acknowledges that AI has often been more hype than substance in recruiting, but he notes significant advancements since late 2022, such as facial recognition in Digi Yatra and large language models like GPT-4. AI now plays a pivotal role in streamlining recruitment processes, from resume screening to candidate engagement, transforming talent acquisition.
RippleHire leverages AI to combat candidate duplication, fraud, and impersonation, particularly in markets like India and Southeast Asia. The platform’s AI reads resumes, verifies them against databases, and employs facial recognition to ensure authenticity, creating a fair recruitment ecosystem.
AI can be integrated with existing recruitment platforms by understanding regional fraud dynamics, such as the purchase of fake identities and credentials. RippleHire’s AI cross-verifies resumes, detects discrepancies, and uses facial recognition to validate candidates throughout the hiring process, ensuring consistent candidate authenticity.
Sudarsan views AI and fraud as a continuous battle, with AI evolving to counter emerging fraud tactics. Future advancements in AI will be crucial, but organisations must build robust technological infrastructure to stay ahead of increasingly sophisticated fraud attempts.
Sudarsan highlights the ethical concerns of AI bias in candidate screening. RippleHire mitigates this by anonymising resumes, focusing on skills and experience, and monitoring AI for fairness. The platform ensures transparency in its AI decisions, prioritising ethical standards in the hiring process.
Korea In:Review
South Korea’s Joint Virtual Asset Investigation Team, a dedicated crypto fraud unit launched last year, has seized approximately USD 107 million in assets from suspects in the past 12 months.
The unit, operating from the Seoul Southern District Prosecutors’ Office, includes members from the Financial Supervisory Service, Korea Exchange, and National Tax Service. Since its inception, the unit has indicted 41 individuals and arrested 18 suspected masterminds involved in various high-profile crypto fraud cases.
The unit has confiscated luxury items, including over a dozen supercars and a building in Cheongdam, Gangnam District. Properties in Jeju Island and Gangwon Province were also seized, as suspects allegedly lived lavishly on embezzled funds.
Victims, many of whom lost their life savings, described being lured by fake promises and manipulated chat room conversations where scammers boasted about their gains and fabricated phone calls with crypto exchange officials.
One victim, who lost USD 38,000, recounted being misled by false claims of quick earnings and fake investment endorsements, only to realise the entire scheme was a scam. Another victim expressed anger, highlighting the danger of crypto fraud, which he believes is even more insidious than traditional voice phishing due to its deceptive allure and high financial stakes.
On 20 September 2024, South Korea’s Financial Services Commission (FSC) pledged to support the second phase of crypto legislation, aiming to create a level playing field as the virtual asset industry increasingly intersects with traditional finance.
The new legislation will address regulatory challenges related to security tokens, central bank digital currencies (CBDCs), and introduce business activity regulations, including the use of real-name accounts for corporations and institutions.
The FSC’s initiative seeks to align South Korea’s regulatory framework with global standards, enhancing investor protection and fostering a transparent environment for corporate participation in the virtual asset market. Proposed changes to the Capital Market Act are under consideration to include clearer guidelines on digital assets.
Key elements of the new regulations will include stricter anti-money laundering (AML) and know-your-customer (KYC) standards for virtual asset service providers, as well as operational and qualification requirements.
By collaborating with international regulatory bodies, South Korea aims to ensure its digital asset regulations are globally compatible, reducing the risk of regulatory arbitrage and strengthening the overall safety of the crypto market.
Singapore In:Review
Singapore has mandated the use of Singpass Face Verification for high-risk banking transactions, aiming to curb the growing incidence of scams in the country.
Over the next three months, retail banks will implement this facial recognition technology to enhance the security of digital token setups, as announced by the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS).
The facial recognition system will be triggered during high-risk scenarios, supplementing existing authentication methods like SMS one-time passwords (OTPs). The verification process involves matching the customer's face against Singapore’s national records, making it more difficult for scammers to hijack digital tokens using stolen credentials.
Singpass, Singapore’s national digital identity platform, was introduced in 2003 and is used for a range of services across government and private sectors. It supports biometric authentication and two-factor authentication (2FA), with over 4.2 million users and 41 million monthly transactions.
Customers without Singpass accounts will need to register and download the app to use digital tokens for banking.
This initiative is part of broader security measures, including a kill switch feature and the phasing out of OTPs for customers with digital tokens, as DBS, OCBC, and UOB banks have announced.
According to ABS director Ong-Ang Ai Boon, the move enhances customer protection against unauthorised access, but customers are also encouraged to maintain good cyber hygiene.
Singapore-based crypto platform BingX announced on Friday that it suffered a cyberattack resulting in the theft of over USD 44 million.
The attack was detected Thursday night when blockchain security firms noticed millions of dollars being moved from BingX’s hot wallet. Initially, the company attributed the disruption to "wallet maintenance," but later confirmed abnormal network access indicating a hacker attack.
BingX swiftly implemented emergency measures, including transferring assets and suspending withdrawals. The platform reported that only a minor amount of assets were kept on the platform for withdrawal demands. An audit by blockchain security firm SlowMist estimated losses at USD 44.7 million, while other reports suggest the total could be as high as USD 48 million.
Vivien Lin, BingX’s Chief Product Officer, stated that the platform would fully compensate for the losses using its own capital, and confirmed that trading services were unaffected. Although withdrawals and deposits were temporarily halted, BingX began gradually restoring these services within 24 hours.
As part of their recovery efforts, the platform managed to freeze USD 10 million. BingX is working with blockchain analytics firms SlowMist and Chainalysis to track the stolen funds, and plans to conduct a further question-and-answer session once the total losses are confirmed. Best of the Rest In:Review
A Singaporean living in the United States and an accomplice have been charged with conspiring to steal and launder USD 230 million in cryptocurrency, according to the US Department of Justice.
The accused, Malone Lam, a 20-year-old Singaporean residing in Miami and Los Angeles, and Jeandiel Serrano, 21, from Los Angeles, were arrested by the FBI on Wednesday night.
Lam, who operates under online aliases such as “Anne Hathaway” and “$$$,” and Serrano, known as “VesaceGod” and “@SkidStar,” allegedly conspired to fraudulently obtain over 4,100 bitcoin from a victim in Washington DC, valued at over USD 230 million at the time. The pair appeared in court on Thursday following their arrests.
The Department of Justice stated that Lam, Serrano, and other conspirators have been involved in stealing cryptocurrency and laundering the stolen funds through exchanges and mixing services since at least August 2023.
Best of the Rest In:Review
North Korea’s notorious Lazarus Group, a major criminal entity in the crypto world, has had nearly USD 7 million frozen by stablecoin issuers and exchanges following an investigation led by blockchain investigator ZachXBT.
The investigation revealed that Tether, Circle, Paxos, and Techteryx froze almost USD 5 million of the group's assets after being alerted to illicit activities, with additional amounts frozen by various crypto exchanges.
ZachXBT’s research, published in April, traced stolen funds from over 25 hacks targeting companies and individuals between August 2020 and October 2023. The investigation highlighted the Lazarus Group’s use of peer-to-peer marketplaces and Chinese over-the-counter traders to convert crypto into fiat money.
The frozen funds could eventually be returned to victims once legal processes are completed. ZachXBT criticised Circle, the issuer of USD Coin (USDC), for its slower response in freezing the illicit funds compared to other stablecoin issuers, though Circle may have awaited a court order before acting.
The Lazarus Group’s activities have caused approximately USD 3 billion in losses over the past six years, according to a November 2023 report by cybersecurity firm Recorded Future. The ability of stablecoin issuers to freeze funds linked to illicit activities has been crucial in combating these and similar financial crimes.
I hope you find Risk In:Review informative and helpful.
AML &, Regulatory Compliance Officer, Financial Crime & Fraud Investigator with 20+ years of global experience | Champion of cross-cultural adaptability & operational excellence | Author
1 个月?I believe tools like AI and biometric verification can greatly improve security. However, it's important to ensure these technologies are used in a way that is fair and easy for people to understand. In my work, I've seen how combining innovation with responsibility can really help reduce fraud and improve trust. The focus on AI in recruitment and the risks of cybercrime, especially involving children, show just how vital it is for us to stay informed and vigilant in today's digital world.