ASIC flags rise in share sale fraud
ASIC has flagged a rise in share sale fraud primarily in connection with issuer-sponsored holdings. It also notes a heightened risk where market participants offer white labelling services to other intermediaries.
Share sale fraud arises when a person sells shares that don’t belong to them. Generally, they use stolen or fraudulent identity documents to open a trading account and the security reference number (SRN) is fraudulently obtained from a share registry statement. The bank account nominated for settlement is the fraudster’s own account.
Having robust account opening and customer due diligence practices as well as procedures to identify and escalate risks can help prevent share sale fraud and other forms of cybercrime. ASIC Information Sheet (INFO 237) recommends a number of controls for protecting stockbrokers against fraud. One of the recommended controls is to compare the geographical location of the IP address used to submit an application with the address of the prospective applicant.
But what happens when a VPN is used?
A VPN, or Virtual Private Network, provides online privacy and anonymity by creating a private network from a public internet connection. This anonymity can be seen as an attractive element to potential money launderers who are seeking to mask their IP address. In September, police laid charges in relation to a $10m fraud involving retirement and share trading accounts. Of note, the police stated “Members of the alleged syndicate used VPNs to hide their identities online”
The team at LAB have developed a feature to show whether or not the application is coming from a VPN and have also partnered with a fraud score provider.
Phase 1.5 of the AML/CTF regime introduced into Parliament
The Government has introduced the Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill into Parliament, also known as Phase 1.5 of the AML/CTF regime. The Bill has been referred to the Senate Legal and Constitutional Affairs Legislation Committee which is due to report by 7 February 2020.
Phase 1.5 introduces a number of changes including expanding the circumstances in which reporting entities may rely on customer identification and verification procedures undertaken by a third party. It also expands exceptions to the prohibition on tipping off to permit reporting entities to share suspicious matter reports and related information with external auditors, and foreign members of corporate and designated business groups. Phase 1.5 does not implement regulation of Designated Non-Financial Business and Professions (e.g. lawyers, real estate agents, accountants).
Complying with the AML/CTF Act relies on robust systems and processes and a strong risk culture. It is critical to have thorough due diligence procedures including KYC, and to be able to recognise activities or transactions that don’t fit the usual patterns.
For information on obligations under the AML/CTF Act, refer to the Austrac website.
Open Banking and Consumer Data Rights (CDR)
Open Banking and Consumer Data Rights (CDR) are scheduled to launch in February 2020. They enable easy switching between banks by giving customers the option to share data securely with accredited parties.
The ACCC will soon open applications for accreditation to receive data. Its draft guidelines list what information applicants will need to provide and their ongoing obligations. It is expected that there will be graduated tiers of accreditation – high risk data and uses will require stronger protections.
Applicants will need to provide evidence, through an independent audit, that they meet the requirements set out in the CDR Rules. These cover roles and responsibilities, information security, information asset identification and classification, implementation and testing of controls, and incident management.
An accredited data recipient will have continuing obligations. The ACCC and the Office of the Australian Information Commissioner (OAIC) will monitor compliance.
The Select Committee on Financial Technology and Regulatory Technology is looking at extending CDR to superannuation.
How does this impact your customer application process?
We are consulting directly with the ACCC on Open Banking as we look to provide opportunities to strengthen the application and onboarding processes with electronic verification of bank account details.
What else is on our radar?
- AML hits the spotlight in the wake of Westpac’s breach. Westpac is paying heavily for breaching the anti-money laundering provisions. Fines may run into billions of dollars, not to mention the impacts on reputation, revenue and employees
- Draft laws to stamp out money laundering will impact travellers and extend due diligence requirements for Australian banks, more here
- IAPP-EY Privacy Governance Report 2019 shows an increase in requests for data, more here
- Joint report from ASIC and the Dutch Authority for the Financial Markets examine effectiveness of disclosures, more here