Trade-Based Money Laundering

The AML landscape is evolving continuously, so fraudsters come up with new ways to launder money. One of these new and unique ways to exploit the financial systems and launder money is cross-border trade.

Trade-based money laundering is becoming an issue. To prevent trade-based money laundering, new steps are being taken.

In this guide, we’ll dive into trade-based money laundering, and how it works.

What is Trade-Based Money Laundering?

Trade-based money laundering is when a fraudster moves illegal funds through the international trade system to clean them. TBML practices often include:

  • Falsification of original price.
  • Quantity and quality of the imported/exported goods.

TBML takes advantage of the complicated system of the trade system. Especially the international trade system where multiple parties and jurisdictions are involved. Multiple jurisdictions mean overlapping KYC, AML, and CDD rules and regulations.

TBML is slowly becoming a major concern for governing bodies around the world. It rose to its peak during the COVID era when supply chains and the regulatory landscape were disturbed. 

Since then, several global firms have embedded supply chain risk management into their AML programs. Over 45% of global businesses claim that they’re focusing on improving the management of supply chain risks in 2023 and beyond.

How Does Trade-Based Money Laundering Work?

Fraudsters use trade-based money laundering in a number of ways, but the most common ones include:

  • Over-invoicing – The exporter submits an invoice that’s overpriced to the importer, generating a payment that exceeds the value of the goods shipped. Importers often transfer the stated amount on the invoice instead of checking for the real value. 
  • Under-invoicing – The exporter sometimes submits an invoice that has less value than the products. They ship the goods with greater value and then transfer that value to the importer.
  • Multi-invoice – The exporter sends an invoice to the importer multiple times for the same product/shipment. The exporter then transfers greater value from the importer to the exporter. 
  • Over-or under-shipment – The exporter ships more goods than they previously agreed on. They end up transferring greater value to the importer. Or, the exporter ships fewer goods than agreed on. The importer often pays the original amount without checking the goods.
  • Misrepresenting the Quality – Goods shipped to the importers are purposefully misrepresented as being of higher quality. The importer pays for the high-quality goods but receives cheaper quality.

Examples of Trade-Based Money Laundering

There are some examples of trade-based money laundering that every business should be aware of. Prevention can only happen when businesses are aware of the latest trends.

Here are the biggest examples of trade-based money laundering:

  • A letter of credit for a high-value cross-border import is highlighted to have anomalies when it is examined by the routing bank. When the bank investigates deeper, it reveals missing and unrecognized documentation with the import agents. The bank then rejects the transaction and returns the drawing documents.
  • The first beneficiary of a multi-million dollar letter of credit has to supply medical goods for another country’s Bureau of Health. However, the second and ultimate beneficiary of the credit issues invoices that don’t match those submitted by the first. It’s shown that the first beneficiary has the invoices marked up by 300% and is additionally revealed to have a connection with the firm acting as the agent to the Bureau of Health.
  • Several shell companies purchase electronics with funds derived from criminal activities and later sell the goods to buyers in high-risk countries that don’t have any due diligence. The shell companies receive the money. The banks that handle the transactions notice a number of red flags. The biggest red flag is that the companies are registered in high-risk countries.

Steps to Identify Trade-Based Money Laundering

Businesses may have an easier time spotting TBML activity if they’re familiar with the methodologies associated with it.

Here are the indicators of TBML:

  • Unusually complicated or illogical corporate structures, such as the use of shell companies or companies registered in high-risk countries. 
  • Trading entities registered at mass registration addresses with no reference to any specific unit.
  • Trading businesses that have addresses that don’t reflect the businesses in which they’re engaged. 
  • Missing, counterfeit, or fake trade documents. 
  • Trading businesses that don’t have an online presence or that have an online presence that doesn’t match their business’s stated services. 
  • Trading activities that don’t reflect a stated line of business, for example, car dealers trading in textiles or precious metals. 
  • Payments for imports that aren’t made by parties other than the account holder.
  • Trading entities that purposefully complicate the use of financial products.
  • Inconsistencies or discrepancies across trade documents such as contracts and invoices. 
  • Trade documents with values that aren’t consistent with market values or other comparable transactions. 
  • Trading entities that make very late changes to payment arrangements. 
  • Frequent cash deposits are just under the reporting thresholds.

How to Prevent and Detect TBML?

Since TBML can involve multiple parties and jurisdictions, and some of the schemes are very complicated to detect. To mitigate the risk of TBML, compliance teams need to have an understanding of business-wide risk assessments to determine their risk exposure.

Here’s how to prevent and detect TBML:

  • Robust CDD

To uncover TBML, businesses of all kinds should implement CDD measures that use a combination of technology and expertise.

Businesses need to obtain a clear picture of all entities they do business with. To able to do that, businesses need to verify documents, ownership documents, address documents, and more. Compliance teams should ensure they have access to real-time document verification solution that helps them verify the identity of every entity they have to verify.

  • Reputable Adverse Media Screening

Since adverse media can be a TBML structural risk indicator, businesses need to make sure their negative news screening solution can differentiate between true adverse media content at scale.


Flaws in Knowledge-Based Authentication (KBA)

Knowledge-based authentication (KBA) has been the industry standard for over 20 years as a method of identity verification. KBA has been an outdated mode of verification for a long time. This is a flawed approach to verifying identities as it uses stagnant data. The same data has been breached and accessed by thousands of users worldwide. Personal data and knowledge-based question’s answers are readily available on the dark web. 

Fraudsters have become more proficient in answering all the credit-based questions than the people who have to rely on the quizzes. 

This flaw was first recognized in 2015 which led the National Institute of Standards and Technology (NIST) to limit the use of KBA in their latest version of Special Publication. The latest publication is the most widely used ID verification standard in the United States.

However, KBA is commonly used by state and local agencies to verify identities. The most common uses include motor vehicle registration, online portal access, and notarization. 

KBAs are considered to be the backup for manual identity verification. But it’s still not a good enough solution as KBA data has been breached multiple times. Personally identifiable information goes as low as $1 on the dark web.

Current Problem with KBAs

The biggest problem with KBAs is that the data is available with ease almost everywhere on the dark web. Once fraudsters have answers to questions, they’re easily able to bypass security measures and gain illegal access to user accounts. 

Fraudsters often find methods of least resistance to gain access to illegal access to systems. If businesses choose to use knowledge-based authentication to verify identities, they are only using a flawed method.

To properly identify identities and verify users with ease, businesses need to move forward from Knowledge-Based Authentication (KBA). Solutions like DIRO document verification tool, and other verification solutions can help businesses verify the identities of users ideally.

DIRO’s document verification solution can quickly and accurately verify identities and prevent the risk of fraud while ensuring the integrity of user accounts.

Why Businesses Shouldn’t Rely on KBA

Hackers and fraudsters have exploited the breaches and data thefts to quickly bypass the login systems. Using solutions like DIRO document verification can help businesses with far more accurate verification and huge cost savings.

1. Flaws in KBA

The biggest flaw in KBA lies in its reliance on static and outdated information. Information like Social Security numbers, addresses, and personal details, are easily stolen.

Hackers and fraudsters have exploited these beaches regularly to collect necessary information. Moreover, the easy availability of personal data on the dark web and social media has significantly reduced the effectiveness of KBAs.

2. NIST Non-Approval of KBA

The NIST has made KBAs a non-approved technology in their latest version of Special Publication 800-63-3. This highlights a growing acknowledgment of KBA, which highlights how ineffective the knowledge-based authentication process is.

KBA’s deprecation signifies a need for more secure and sophisticated alternatives to make sure accounts are verified properly.

3. Risks of Relying on KBA

Businesses that solely rely on KBAs are at a serious risk of hurting their business. It makes sense that state agencies use KBA for verifying the identity of users as it’s easy to use and familiar.

With modern cybersecurity threats becoming increasingly sophisticated, businesses and governments need to use a more secure solution.

4. Adoption of Biometrics

Using biometric verification in the identity proofing process can enhance the security of the process. As biometric data is unique to each individual and cannot be easily replicated or stolen.

Technologies such as fingerprint recognition, facial recognition, or retinal recognition can provide a more robust and secure way of verifying identities.

5. Behavioral Analytics

Instead of using biometrics data, businesses can use behavioral analytics data to verify if a user account is hacked. By using a user’s behavior patterns, such as typing speed, mouse movements, or smartphone usage habits are unique to each user. 

Any sudden change in the patterns of a user can be an indicator of fraud.

Final Take

Relying on Knowledge-based authentication (KBAs) for identity proofing has been flawed for a long time. Relying on data that has been beached and stolen countless times to identify a user isn’t a great idea.

By using more secure options like the DIRO document verification solution, businesses can quickly and ideally identify user identities.


iGaming Regulations and KYC

Latin America is quickly becoming a fast-growing market for iGaming operators. According to reports, over 70% of iGaming operators plan to expand to Latin American and Central American markets in the next couple of years.

The iGaming market in Latin America is highly diverse and entertaining and it has been growing in recent years. One of the biggest factors behind this is the growing availability and affordability of high-speed internet smartphones. Another driving force is the increasing love for online gaming in Central and South America.

As Latin America represents a complicated map of jurisdictions with 34 countries and union territories, regulation has been a problem. But recently, there has been a positive shift in the regulatory space as well.

To help out both the iGaming operators and the players, we’ve created this guide for iGaming regulations and KYC in Latin America.

iGaming Regulations in Argentina

In Argentina, the gambling regulation is controlled by the country’s 23 independent provinces and the autonomous city of Buenos Aires. Several provinces in Argentina and Buenos Aires have legalized online gambling.

The authority that acts as a watchdog for AML regulations is the Congreso de la Nacion Argentina. It keeps an eye out for all the operators to see which ones aren’t following the regulations.

The regulatory landscape and the licensing regulation vary from province to province. All the operators have to screen players to prevent money laundering and make sure that gaming transactions go through state-owned banks.

iGaming Regulations in Brazil

With a population of over 200 million and a huge fan following for all things sports, Brazil has a quickly growing gambling market. Unfortunately, there’s no regulatory framework right now. Without a regulatory framework, it will be next to impossible for the iGaming industry to thrive.

Brazil has a history of high taxes, and if sports betting is subject to similarly high rates of taxation, it could discourage the investment in the market.

iGaming Regulations in Chile

The future of regulated iGaming in Chile is currently unclear as it attempts to both regulate and prohibit offshore online gambling companies. There’s a land-based gaming industry that’s riddled with lawsuits because of grey market operators. 

If there ends up being a regulatory framework in Chile, the platform will be directly under Superintendencia de Casinos de Juego (SCJ) and operators will have to maintain strict security standards. 

iGaming Regulations in Colombia

Colombia was the first Latin American country to regulate online gambling. All types of iGaming are allowed and regulated in Colombia, including, casinos, bingo, poker, and sports betting. 

Colombia’s national regulator, Coljuegos has built a strong regulatory framework that ensures operators follow all the rules. Coljuegos also allows operators to apply for licenses and submit reports digitally, making the entire process fairly seamless. 

This entire framework has led to reliable data and regular reports on the performance of the industry. 

iGaming Regulations in Mexico

Mexico is one of the most popular markets for iGaming operators. 95% of the online casino operators are looking to expand to Mexico in the span of the next 5 years.

Mexico has a population of over 120 million and a mobile penetration rate of about 60%. This makes Mexico one of the largest iGaming markets in Latin America.

All the land-based casinos in Mexico are completely regulated. However, the online gaming market is in the grey area of regulations. Online casinos and sports betting operators don’t require digital licenses. They operate in partnership with a land-based license-holder casino.

iGaming KYC Compliance in Latin America

The requirement for financial transfers and the risk of fraud is always a factor of concern for the iGaming industry. To successfully manage fraud, the iGaming industry needs to have proper regulations.

Local compliance is continuously acting as a key barrier in Latin American markets. Businesses are also aware that they are likely to incur additional scrutiny in Latin American markets.

Newly regulated markets attract both wanted and unwanted attention. As iGaming markets open up, it’s more than likely that national regulators will implement strict rules on KYC and ID verification.

iGaming operators will need to adapt to these regulations and implement sophisticated measures to ensure compliance and build customer trust.


What is KYC?

Know your customer (KYC) is a requirement for regulated industries. In KYC, businesses have to verify the identity of customers before onboarding them. Businesses must carry out continuous monitoring to ensure customers are legit and they don’t pose a threat to the business.

What KYC checks are available in Latin America?

KYC checks include data, documents, biometrics, and PEPs sanctions list checks. Each business uses a different method of verification. Some businesses combine verification methods to enhance due diligence.


Third-Party Fraud – Definitions and Examples

Third-party fraud is when a fraudster uses an individual’s or company’s information to commit fraud. Third-party fraud is more commonly known as identity theft. It is the type of fraud that impacts most individuals across the globe every year.

In 2023 alone, over 1.4 million cases of identity theft were reported to the FTC. The number is expected to double by the next year.

Third-party fraud is committed by all types of criminals – from individuals trying to use a stolen credit card or take out a loan in somebody else’s name.

While third party fraud usually involves using someone else’s personal information to commit fraud, some fraudsters also use synthetic identities.

The primary victims of third-party fraud are financial institutions, retailers, eCommerce stores, and, of course, the people whose identities have been stolen.

Difference Between Third-Party, First-Party, and Second-Party Fraud

If you want to know how third-party fraud differs from first and second-party fraud, it helps to understand the other types:

  • First-party fraud is committed by a person or a company in their own name. Most common examples of first-party fraud include falsifying information for credit applications, claiming dishonest refunds, or disputing legal transactions to claim chargeback fraud.
  • Second-party fraud involves using an individual’s or company’s details. But the fraud is committed by someone who has given those details voluntarily. Someone may allow their account to be used for money laundering, or they may work with a fraudster in a “fake merchant” scam.

In both first-party and second-party fraud, the legit holder of the details (or accounts) is involved in the fraud. In third-party fraud, the individual or the company whose details are being used has no idea that their information has been stolen.

Types of Third-Party Fraud

Third-party fraud comes in all shapes and sizes, and fraudsters constantly work to find new and inventive ways to commit the fraud.

Some of the most common types of third-party fraud include:

  • Account takeover fraud – As the name suggests, this type of fraud involves criminals gaining access to individual bank accounts. Then, they use the bank account to make purchases or divert funds.
  • Credit Card Fraud – Credit card fraud involves all kinds of frauds that happen due to stolen or cloned credit cards. Once a fraudster illegally obtains a credit card, they use it to make purchases or take cash loans.
  • New Account Fraud – This type of fraud involves fraudsters opening new accounts using stolen personal details. New account fraud can also happen with synthetic identities or by combining fake and legitimate information.

Examples of Third Party Fraud

Here are some of the best real-life examples of third-party fraud:

  • In 2017, a fraudster named Kenneth Gibson opened around 8,000 false PayPal accounts in the names of employees of a company he worked for in the past. He kept moving money around in small amounts, which he withdrew via an ATM. It was the repeated trips to the ATM that led to the discovery of the fraud.
  • Anthony Lemar Taylor stole the identity of golfer Tiger Woods, initially by fraudulently obtaining a driver’s license in his name. He used the stolen identity to purchase goods worth $17,000, which included a car and a 70-inch TV. Eventually, he was caught and sentenced to jail.
  • In 2018, fraudster David Matthew Read went on a $169,000 “shopping spree” using a replacement American Express Black card that he managed to obtain in the name of the actress Demi Moore.

While these fraudsters got caught, a huge number of third party fraud goes undetected and unpunished. However, a vast amount of third-party fraud goes unpunished.

Third-Party Fraud Trends

Businesses like banks, credit reference agencies, and card providers are the ones who report new trends in third party fraud.

In January 2023, Experian reported that third-party fraud was growing in relation to current accounts, savings, card, and loan accounts.

One particular trend is an evolution in fraudster’s methods to collect personal data they need to carry out the scams. Trends include:

  • Fake job advertisements
  • Messages pretending to be family members
  • Fake investment schemes
  • Message about fake government assistance grant schemes
  • Emails pretending to be businesses.

Some other fraudsters look to take advantage of the popularity of crypto investments and use underground fraud as a service.

How to Prevent Third Party Fraud?

Preventing third-party fraud is becoming more and more important for both individuals and businesses.

The basics of preventing fraud, such as using complex and unique passwords, installing cybersecurity software, and being vigilant when using public WiFi networks, are important. Educating your user base on how to stay vigilant is also important.

A huge number of third-party fraud happens due to human error. People need to be trained to recognize spam emails and fake websites.

Businesses should think about investing in third-party software that helps verify the identities of businesses and consumers.