The Use of Third-Party-Checks to Launder Money
28th January 2017
Bachir El Nakib, Founder, Senior Consultant Compliance Alert (LLC)
Money laundering is the name given to the steps taken to hide the source of illegal income. Criminals who obtain cash through illegal activities cannot do anything with it unless they are able to hide the illegal sources of cash by having them pass through legitimate business, thus laundering the money. Money mules are significant in the process of cashing out compromised financial accounts. A money mule is a person who receives and transfers illegally acquired money on behalf of others. Money mules may or may not receive a commission in return for their involvement. They have played an important role in fraud and money laundering for decades. Some mules are aware that they are part of an illicit scheme, while others are unaware or merely suspect it. As new technologies and trends emerge, money mules and criminal organizations exploit systems to defraud people. Unknowing mules are likely recruited through online job advertisements and spam email. Job titles may include, but are not limited to, “mystery shopper,” “payment processing agent” or “money transfer agent.” Mules may also be recruited through romance and lottery scams.
They also may be recruited through romance and lottery scams. Unknowing mules are vulnerable adults who are often older, lonely and potentially financially strapped. Fraudsters will start relationships with these individuals through online dating sites, social networking sites and/or job advertisements websites that have long been a target for cyber criminals. These websites are targeted by malware for credentials theft and are used for mule recruitment and malware distribution. A recent Zeus malware configuration analysed by IBM’s security team uses HTML injection to advertise a mule recruitment site when a victim visits CareerBuilder.com. It will likely affect thousands of job seekers.
The fraudster, acting as a predator, will attempt to cultivate a relationship with the victim based on lies.
Schemes that target unknowing participants are typically focused on employment and relationship scams. At some point, the victims of these schemes (particularly the employment scams) may become knowing, or at least half-suspecting, mules. They realize that they may be part of an illicit scheme but will continue to try to make money because of personal circumstances.
Recent trends are showing that money mule herders, people who specialize in recruiting and organizing mule activity, are starting to utilize the U.S. government’s Visa Waiver Program (VWP) for their illicit activities.
The VWP is an international agreement between 38 countries. The U.S. State Department states that it currently allows citizens of participating countries to travel to the United States without a visa for stays of 90 days or less if they meet certain requirements. Travellers must be eligible to use the VWP and have a valid Electronic System for Travel Authorization approval prior to travel. The VWP permits travel within the United States for purposes of tourism and certain business activities.
VWP mule activity has been observed in the past 12 to 18 months. The activity, to date, involves young adults from VWP countries being recruited to travel to the United States and open deposit accounts. Upon their arrival, the mules will open multiple bank accounts at various financial institutions in their true name and then provide the bank account information to their handlers.
The scheme usually involves an electric funds transfer deposit to the mule account, but it has also been used to deposit tax refund checks obtained through tax refund fraud schemes. The mules know that they are involved in an illicit scheme, but they don’t likely view what they are doing as illegal. Furthermore, they believe — or have been told — that they are beyond the reach of U.S. law enforcement once they are back in their home country.
Mobile Money Mules
Another potential emerging trend has to do with money mules and mobile devices. There is little if any data on this trend, though it is certainly on the rise. The concept of the mobile money mule will make its way onto the landscape of fraud and money-laundering vectors over the next few years, for which financial institutions will need to account.
It is evident that consumers desire the ability to perform banking transactions on their mobile devices. A review of data about mobile banking adoption from the U.S. Federal Reserve Board found the following:
- Thirty-three percent of all mobile owners and 51 percent of all smartphone owners have used mobile banking in the past year.
- Twelve percent of mobile phone owners who are not using mobile banking now think that they will in the next year.
- Ninety-three percent use mobile banking to check balances.
- Fifty-seven percent use mobile banking to transfer money between accounts.
- Forty- five percent have deposited a check in the past year, up from 21 percent in 2016.
- Seventeen percent have used their phone to make a payment in the past year.
- Sixty-six percent of the mobile payments were bill payments through an online banking system.
Recent history has shown that cybercriminals proficiently adapt and exploit new technologies and trends. As consumers increasingly adopt mobile banking technology, there will naturally be a demand to do more types of transactions from their mobile device. Financial institutions will strive to provide customers with the option to do everything via mobile that they can do now at a physical branch. The customer experience and lower cost of transactions will drive that expansion.
This technology will not likely change the money mule process; however, it may make it easier for criminal syndicates. They will have the ability to establish new accounts through the mobile channel rather than having the money mules physically go into a branch. This removes the potential detection of suspicious account openings through human interaction.
The ability to open accounts and direct all other transactions through the mobile channel will increase the velocity with which criminal groups may operate. This gives them more flexibility in the way they communicate and interact with their mules.
One may speculate that increased mobile transaction offerings may eliminate the need for criminal groups and mule herders to recruit money mules. If new accounts could be opened and all other transactions could be executed via mobile, why would a money mule be needed? Accounts could be opened in fake names with fake credentials as they are today, but from the mobile platform. Electronic fund transfers could be initiated out of the financial institution to a third party from a mobile device. The less human interaction that is needed, the more flexibility is provided to the criminal.
It is challenging to anticipate the ways in which mobile banking will enable criminal groups’ ability to commit fraud and launder money through the use of money mules. What is known, based on past evidence, is that they will adapt and exploit new technologies and services.
In the area of compliance priorities, companies do not normally treat third-party payments as a high-risk activity. However, with increasing focus on illicit proceeds and tightening of AML/Terrorist Financing requirements, companies have to focus on this issue.
Between 2008 and 2012 a group of Florida-based drug traffickers tied to a Mexican cartel laundered their dirty cash by depositing it into accounts at a local branch of a national bank. The traffickers’ Texas-based suppliers then withdrew the money from the accounts as cash and turned it over to couriers who smuggled it into Mexico.
As the global banks try to meet their legal and regulatory obligations to avoid helping drug traffickers and other criminals launder ill-gotten gains, one of their most daunting challenges is dealing with cash deposits, especially those that people make into the accounts of others.
There are legitimate reasons for so-called third-party cash deposits, such as parents sharing money with children or business managers banking receipts, “99 percent” of such transactions are above board, the remainder, however few, are allowing the drug cartels to readily move money around and out of the country, John Tobon, assistant special agent in charge of ICE homeland security investigations in Miami, said in an interview. Tobon, who plays a key role in U.S. efforts to combat cartel money laundering, would prefer banks stop allowing the transactions.
From the standpoint of risk – not only of laundering money but also of landing the bank in the crosshairs of regulators or the Justice Department – banks that allow third-party cash deposits are “running with scissors,” Failure to comply with the BSA carries significant civil and criminal penalties. In 2012, HSBC entered into a $1.9 billion settlement with U.S. authorities after weaknesses in its anti-money laundering program allowed drug cartels to launder hundreds of millions of dollars.
Of the four largest U.S. banks, JPMorgan Chase & Co took a decision to de-risk such deposits and stopped allowing third parties to deposit cash into customers’ personal accounts. It requires identification from anyone placing currency into a business account, JPMorgan’s policy came as it was operating under two regulatory consent orders and a deferred prosecution agreement with the Justice Department over alleged lapses in its anti-money laundering program while the other three U.S. banking giants — Bank of America, Citi, and Wells Fargo — mentioned that their institutions have in place appropriate controls to manage risk and comply with the BSA. All declined to disclose the details of their institutions’ controls focused on third-party cash deposits, with some citing concerns that criminals might use the information to their advantage.
When banks detect any transactions that seem to be linked to illicit activity they report them to the relative FIU via so-called Suspicious Transaction Reports (STRs) or Suspicious Activity Reports (SARs) which are then made available to law enforcement authorities.
In simple terms, financial transactions involving suspected proceeds of illegal activity or facilitation of illegal activity create significant money laundering risks.
Companies that receive payments for invoices have to scrutinize who is paying the company and ensuring that they are the same party. For example, if I send Customer A an invoice for $1000, and I receive a payment for that invoice from an unknown third party from a galaxy far, far away, I may be conducting a financial transaction involving suspected proceeds of illegal activity.
Due diligence of a third-party payment from a different or unknown entity is important to determine:
- Who is the third-party payor?
- What is the relationship between the customer and third-party payor?
- Why am I receiving a payment from this person?
Assuming I find out who owns the third-party payor and I verify the legal existence of the entity and the absence of any red flags related to that entity, I have to ask my customer why they need to use a third-party payor to pay my bills.
If the third-party payments are coming from a traditional third-party payment processor, that requires additional due diligence to avoid money laundering risks. A company that is set up to process payments on behalf of numerous companies has to be subjected to due diligence to ensure that the processor is not funneling illegal proceeds into the mix of payments to the company.
Third party payments can be made from separate but related companies, such as a financing company associated with the company’s customer, or from separate companies that are owned by a common parent. Sometimes customers have to rely on an importing company (e.g. third party payor) as the importer of record for logistics purposes and make payments through that specific entity.
The third-party payment process, like most compliance issues, requires follow up investigation on specific facts and documentation of an internal process to verify information before accepting such payments. Like due diligence of potential third-party agents, receipt of funds from unknown third parties has to be a risk area that companies address. Otherwise, companies could be liable for conducting financial transactions involving illegal proceeds, such as bribery funds or money stolen from legitimate owners.
A third-party payment questionnaire should be prepared and used to collect documentation to support any decision to move forward with a third-party payment arrangement. As part of
the due diligence, a background check, credit check and basic due diligence inquiry is the starting point of the due diligence process.
As the potential risks are resolved, the company may require certifications, representations and warranties to move forward with a particular third-party payment arrangement.
The complexity of the financial world creates real and significant risks from accepting third-party payments. It is important to identify the issue, build appropriate controls, document the due diligence review and then implement appropriate risk mitigation measures – it is a familiar refrain but one that applies to third-party payments.
Trade-Based Money Laundering
The current issues using third party checks to launder money necessitate to put in force a procedure to assist in preventing and detecting these illicit activities.
Trade-based money laundering is the process of disguising the proceeds of crime through the use of what appear to be legitimate trade transactions, often by misrepresenting the price, quantity or quality of imported or exported goods. Examples of trade-based money laundering include:
- Over- or under-invoicing of goods and services: The key element of this technique is misrepresentation of the price of goods or services in order to transfer additional value between an importer and exporter.
- Multiple invoicing of goods and services: This technique involves issuing more than one invoice for the same transaction, thereby justifying multiple payments. Employing several different financial institutions to make these additional payments makes these transactions even harder to detect.
- Over- or under-shipments of goods and services: The key element of this technique is misrepresentation of the quantity of goods being shipped.
- Falsely described goods and services: This involves misrepresentation of the quality or type of goods or services.
Financial institutions participating in international trade financing by providing pre-export financing, issuing correspondent banking agreements, and/or confirming letters of credit, discounting drafts and acceptances, or offering fee-based services such as providing credit information on buyers. Because trade-finance is more document intensive than many other banking activities, it is more susceptible to documentary fraud, which can be linked to money laundering and terrorist financing.
There are a number of red flags that may help reveal trade-based money laundering activities, including:
- Significant discrepancies between (a) the description of the goods on the bill of lading and the invoice; (b) the description of the goods on the bill of lading or invoice and the actual goods shipped; and/or (c) the value of the goods reported on the invoice and their fair market value.
- The size of the shipment appears inconsistent with the scale of the exporter's or importer's regular business activities.
- The type of commodity being shipped appears inconsistent with the exporter's or importer's regular business activities.
- The type of commodity being shipped is at high risk for money laundering (e.g., high-value, low-volume goods which present valuation difficulties).
- The shipment does not make economic sense (e.g., the use of a 40-foot shipping container to transport a small amount of low value goods).
- The commodity is transhipped through one or more jurisdictions for no apparent economic reason.
- The method of payment appears inconsistent with the risk characteristics of the transaction (e.g., the use of an advance payment to a new supplier for a shipment from a high risk country).
- The customer directs payment of proceeds to an unrelated third party.
- The transaction involves the receipt of a payment from a third party entity that has no apparent connection with the transaction.
- The transaction involves the use of repeatedly amended or frequently extended letters of credit done for no apparently legitimate reason.
A sound specialised-enhanced-customer-due-diligence-procedures to gain a thorough understanding of a trade-based customer's underlying business activities, and your role in a trade-based transaction will dictate the appropriate degree of due diligence. For example, issuing banks should conduct sufficient due diligence on prospective import or export customers before providing a letter of credit. The due diligence should include gathering sufficient information on both the applicant and beneficiary, including their identities, nature of business and, if possible, sources of funding.
International trade finance transactions frequently involve the use of Society for Worldwide Interbank Financial Telecommunication (SWIFT) messages. Banks need to monitor the names of the parties contained in these messages and compare those names against OFAC lists, government lists of known or suspected terrorists or terror organizations, and any internal bank lists of known or suspected money launderers.
Bank procedures are recommended to require a thorough review of all applicable trade documentation to check for discrepancies and irregularities. The sophistication of the documentation review process should be commensurate with the size and complexity of the bank's trade finance portfolio.
Banks and Financial Institutions always need to be aware of the potential for money laundering through the use of third-party checks. A third-party check is a check made payable to a payee who then transfers the rights to the check to a third-party by endorsing the check over to that third-party. Many individuals and businesses have legitimate reasons for using third-party checks for their transactions, but such checks are also often used to launder illicit funds. For example, bank regulators have reported that significant numbers of U.S. dollar third-party checks have been presented to banks located overseas, even though both the payee and payor appeared unconnected to the country where these checks were presented for payment. When negotiated, the checks became part of international letter packages sent to correspondent banks in the U.S.
Keep an eye out for the following possible indicators of third-party check abuse:
- Checks payable to payees with no connection to the city, area or country where the checks are cashed or deposited.
- Checks for unusually large amounts.
- Checks from a bank based in a jurisdiction different from the residence of the payor, particularly where there is no apparent connection between the issuer (payor) and beneficiary (payee) of the check.
- Checks written for amounts just below currency reporting requirements, which are then cashed out.
- Checks that appear to have no legitimate commercial purpose.
- Multiple endorsed third-party checks used for the settlement of a single purchase or transaction.
- Multiple checks from the same payor to the same payee, but with different payor signatures on each check.
- Multiple checks from the same payor to the same payee, often consecutively numbered, but with different signatures and handwriting on the payee endorsements.
- Checks made out to different payees, often from the same payor, but bearing the same handwriting on the payee endorsements.
- Checks dated several weeks or months before the deposit date.
A careful consideration of these "Red Flags" will help banks to identify and minimize third-party check abuse.
1) (1) Scrutinizing Third Party Payments by Michael Volkov - July 14, 2015
2) (2) Financial Institutions Alert by David M. Rosenfield - April 2008
3) (3) U.S. Treasury reports highlights of laundering cash deposits, Bret Wolf (Reuters) 17 June 2015