The Discreet Science
What We Do (September Newsletter)
Dear Friends,
I’ve been writing you a lot in recent months about K2 Intelligence’s capabilities in Anti-Money Laundering and OFAC compliance. One reason for that focus has been our anticipation of the recent headlines surrounding Standard Chartered, HSBC and Bank of America. To be blunt, our people have been predicting this level of regulatory scrutiny and aggressive action for some time; we expect this activity to increase in the coming months.
You may also have seen this Newsweek Daily Beast story about the Kroll family’s historic role in sovereign asset recovery and how the Arab Spring may eventually lead to major new efforts in that area.
The importance of these two fields—where K2 Intelligence has a big presence—should not overshadow the range of work that our partners and investigators perform. Let me take a moment of your time to outline what we do.
K2 Intelligence’s work can be organized into four different groups: Investigations, Expertise, Compliance and Analytics.
Investigations
Our primary role is performing investigations of all types. Whether a firm has an internal problem or an investor wants deeper diligence on a company and its management or a corporation needs to vet its employees better, K2 Intelligence performs these investigations with a combination of experienced hands and cutting-edge technology.
Expertise
Many of our clients begin using our investigative services but the relationship often migrates toward providing intelligence on markets and anticipating regulatory moves. With investors traveling farther afield in search of return, we provide the with visibility and expertise. If your focus is geographic, we have networks in Russia, Latin America, Africa, India and the Middle East. In terms of markets, we have in-depth knowledge of a variety of commodities. And for those who need regulatory or market insight, we have a secure network of experts available answer questions on demand.
Compliance
In addition to our work in Anti-Money Laundering and OFAC compliance, K2 Intelligence has extensive experience consulting on the Foreign Corrupt Practices Act and UK Bribery Act. K2 Intelligence partners have consulted for some the world’s leading energy trading firms and financial institutions on these matters. We provide independent testing—which moves your program of notional to actual compliance—that helps our clients anticipate further scrutiny. Our partners also consult with governments on anti-corruption programs making K2 Intelligence one of the most respected names in the field.
Analytics
K2 Analytics has grown out of our use of powerful technology developed to combat fraud and has been employed extensively in the intelligence community and in the war on terror. Using a range of technology and tailored to our investigator’s experience in asset searches, complex litigation and monitoring, K2 has created a suite of tools that transforms the haze of big data into cogent narratives that simplify and solve a wide range of problems.
Obviously, this is the broadest description of our services. I’d be happy to have a more detailed discussion of how our partners and investigators can help solve your business problems. Please feel free to get in touch directly.
Best,
Jeremy M. Kroll
CEO and Co-Founder
K2 Intelligence, LLC
K2Intelligence.com
Taming the AML Monster (July Newsletter)
Dear Friends,
This month it was revealed that Bank of America had seen Mexican drug lords use the bank to hide money in its accounts and invest illegal proceeds. Then, if that revelation was not startling enough, a Senate subcommittee issued a remarkable report on the AML and OFAC deficiencies at HSBC.
That global bank was cited for numerous lapses that included a 3-year failure to do any AML monitoring on $15 billion in bulk cash transactions; more than 28,000 undisclosed OFAC-sensitive transactions involving $19.7 billion; and a backlog of 17,000 unreviewed suspicious activity alerts.
Because the Senate subcommittee’s report chastises the Office of the Comptroller of the Currency for allowing these problems to “fester,” it is hard to imagine an outcome from the hearings that does not include a massive new focus on AML and OFAC monitoring across the global banking landscape.
That new scrutiny will significantly add to the cost of compliance and increase the likelihood a financial institution will have its growth frozen by a red flag or its continuing operations hampered by the effort to comply with AML and OFAC monitoring regulations.
Fast, Effective AML/OFAC Monitoring
Now might be a good time for me to remind you that K2 Intelligence has developed a suite of AML/OFAC services that will allow financial institutions to deal with alerts and compliance needs with greater speed and cost-efficiency than the services that are currently in use today.
At the center of our AML/OFAC capability is our proprietary K2 Analytics program which will allow banks and other financial clearing houses to isolate, track and investigate transactions in the most effective manner.
The Problems at HSBC
Contrast that with what Reuters recently revealed about HSBC’s AML/OFAC programs:
“Former employees in the New Castle office describe a febrile boiler-room environment overseen by managers uninterested in investigating transactions with possible links to drug trafficking, terrorist financing, Iran and other countries under U.S. sanctions, and other illegal activities. Instead, they say, the single-minded focus was on clearing out the paperwork as fast as possible.”
No matter how overwhelming the task, AML/OFAC compliance should not be an exercise in clearing paperwork. Our AML/OFAC solutions are designed to swiftly discern and address real concerns without creating a backlog of make-work.
Join Us for Breakfast
On Tuesday, July 31st, we will be facilitating a discussion of AML and OFAC challenges over breakfast in our offices. We are most interested in hearing about your needs and concerns, especially in light of this extraordinary spate of news, we hope you’ll join us. Please register here for the event or feel free to get in touch directly.
Best,
Jeremy M. Kroll
CEO and Co-Founder
K2 Intelligence, LLC
K2Intelligence.com
June Newsletter: Our Clients Ask for Reputational Diligence
Dear Friends,
The recent embarrassment visited upon Yahoo!’s board of directors—and its former CEO Scott Thompson—reminds me of an important trend that I would like to bring to your attention.
Thompson, you will remember, padded his resume. Not satisfied with his college degree in accounting, the tech company CEO added a computer science degree to his CV, something a run-of-the-mill background check may not have picked up.
Only when an activist investor started really digging was it discovered that Thompson’s alma mater didn’t even have a Computer Science department in the 1970s when he attended. The story has received so much attention for the way it cast doubt upon the new CEO’s personal ethics and his fitness to run a large corporation.
But I draw a different conclusion: in today’s high-pressure communications environment, discovery is inevitable. There are too many interested parties with too much access and too many reasons to ferret out any detail about a prominent figure. The same applies to companies—only more so.
Reputational Diligence
Smart players in the global business world have begun to ask us to perform a thorough and independent review of their reputation and its basis in fact. You could call it Reputational Diligence. These assignements are designed to give the subject an understanding of how others will perceive their backgrounds, their actions or the corporate entities they own or operate through. Our clients know that they’re getting a window on what others see during a cursory search for information before an important meeting or what information might come to light in the heat of a deal.
A staple of modern corporate strategy is having the ability to uncover damaging information about one’s opponents. This practice, which began as opposition research in politics, has now become widespread in business. It is to our clients’ benefit to know ahead of time what their opponents might seize upon, what regulators might flag and what they can begin to ameliorate before engaging in a significant venture.
Reputational Diligence can take two forms: a check of public records or an in-depth reputational review covering a subject’s entire career, his or her ownership interests and any political connections that have played a role in his or her business. Proper reputational diligence also evaluates the subject’s operational behavior against an industry’s standards and practices.
Deep Diligence
Our background research goes beyond “due” diligence. Our client’s come to us for “deep” diligence. (It’s their word, actually.) That includes determining as best we can the truth of various allegations, understanding the subject’s social and media footprint and gauging sentiment about the subject and his or her actions.
We do our research using proprietary technology and in-depth interviews. Our in-house analysts research extensively and collaborate with knowledgable sources and investigators in cities around the world where the subject has had dealings. We look through holding companies and corporate entities then consult the relevant experts—whether local/national law enforcement or knowledgeable industry participants—to best determine reality and risks.
At the end, we produce a truly independent report that allows the subject to see himself or herself through the eyes of the rest of the world. Armed with this knowledge, our clients can explain, dispel or capitalize upon the impressions we’ve uncovered. Our work is confidential, frank and authoritative, an invaluable tool for anyone who wants to ensure they don’t get blind-sided or a rare opportunity to set the record straight before a reputation is unfairly diminished.
June, A Busy Month
June has a been a big month for us. I want to take a moment to share with you all that has happened. K2 Global Consulting became K2 Intelligence and we moved offices a few blocks in Manhattan to accommodate our growing staff, including:
- Louis Vetter who joined us as a forensic accountant. He has served as the expert to the trustee in a highly publicized Ponzi scheme and testified in numerous adversary proceedings.
- Dana Irvis who comes to us from the New York County District Attorney’s Office, where she most recently worked in the Major Economic Crimes Bureau investigating complex white-collar crimes including money laundering, commodities trading fraud and mortgage fraud.
- Mitch Silber will lead our new K2 Analytics division as it develops and deploys new products and services. He will be building upon his experience as the Director of the NYPD Intelligence Division’s Analytic and Cyber Units where he used some of the most sophisticated technologies available to the government. With K2 Intelligence, Mitch will be able to adapt those same tools to private sector uses.
One area of our work that Mitch will be helping to support is our Anti-Money Laundering Compliance and Fraud Detection and Prevention for financial institutions. We will be hosting a breakfast at our offices on July 31st where our practice leaders will explain more how AML and Anti-Fraud measures are converging. If you’d like to attend, please register here or feel free to get in touch.
Best,
Jeremy M. Kroll
CEO and Co-Founder
K2 Intelligence, LLC
K2Intelligence.com
April Newsletter: BSA/AML Compliance
BSA/AML Compliance Hits the Big Leagues
On April 5th, Citibank agreed to a consent cease and desist order from the Office of the Controller of the Currency stemming from a AML monitoring mistake in 2006, according to the Wall Street Journal. Citibank is hardly alone in being tripped up by BSA/AML enforcement. The Vatican also had to endure a very public embarrassement recently when it was bothadded to a US watch list of countries the US government considers “vulnerable to money laundering” and had an account with JP Morgan Chase closed.
On April 5th, Citibank agreed to a consent cease and desist order from the Office of the Controller of the Currency stemming from a AML monitoring mistake in 2006, according to the Wall Street Journal. Citibank is hardly alone in being tripped up by BSA/AML enforcement. The Vatican also had to endure a very public embarrassement recently when it was bothadded to a US watch list of countries the US government considers “vulnerable to money laundering” and had an account with JP Morgan Chase closed.
These stories remind us how even the most prominent institutions can unexpectedly be stymied in their attempts at complying with Anti-Money Laundering regulations.
The Cost of Compliance
One consultant’s report suggests that $5 billion was spent on AML in 2011, expanding at a rate of 7.8% annually (with the cost of AML software rising at a 10.4% annual rate.) By 2013, the total AML burden will be nearly $6 billion. That’s a lot of money.
At K2 Global, we’ve been developing a new approach to our AML compliance consulting that combines long investigative experience with novel technologies that will help a bank’s team streamline the investigative process while adding a dramatic new way to visualize the enormous amounts of data generated in the banking process. We offer mid-size banks and broker/dealers a best-in-class Financial Intelligence Unit at a manageable cost.
The Vatican’s Campaign for the “White List”
I want to focus for a moment on the Vatican story. From the headlines, you might have gotten the sense that the Vatican was being punished for not taking AML seriously. But that’s not what happened.
The Vatican spent much of 2011 enacting new laws to shore up its AML controls. The US State Department watch list that placed the Vatican within the category of “concern,” alongside countries like Ireland , Chile and Poland, was a positive step for the Papal state which is looking forward to June when the European Commission releases its “white list” of countries that meet the highest standards of anti-tax fraud and money laundering provisions. The Vatican hopes to be on that list.
Even with the progress that’s been made, one account at a Vatican bank called the Institute of Works of Religion (IOR) could derail the Vatican’s hopes. JP Morgan Chase closed a so-called “sweeping” account. JP Morgan Chase made a decision to close the account because they did not receive enough information on the account’s wire transfers. That action clearly illustrates the rising standard of scrutiny in AML compliance.
April Newsletter: BSA/AML Compliance Hits the Big Leagues
Dear Friends,
There has been a lot of news around the subject of Anti-Money Laundering (AML) laws and the Bank Secrecy Act (BSA) recently.
On April 5th, Citibank agreed to a consent cease and desist order from the Office of the Controller of the Currency stemming from a AML monitoring mistake in 2006, according to the Wall Street Journal. Citibank is hardly alone in being tripped up by BSA/AML enforcement. The Vatican also had to endure a very public embarrassement recently when it was bothadded to a US watch list of countries the US government considers “vulnerable to money laundering” and had an account with JP Morgan Chase closed.
These stories remind us how even the most prominent institutions can unexpectedly be stymied in their attempts at complying with Anti-Money Laundering regulations.
The Cost of Compliance
One consultant’s report suggests that $5 billion was spent on AML in 2011, expanding at a rate of 7.8% annually (with the cost of AML software rising at a 10.4% annual rate.) By 2013, the total AML burden will be nearly $6 billion. That’s a lot of money.
At K2 Global, we’ve been developing a new approach to our AML compliance consulting that combines long investigative experience with novel technologies that will help a bank’s team streamline the investigative process while adding a dramatic new way to visualize the enormous amounts of data generated in the banking process. We offer mid-size banks and broker/dealers a best-in-class Financial Intelligence Unit at a manageable cost.
The Vatican’s Campaign for the “White List”
I want to focus for a moment on the Vatican story. From the headlines, you might have gotten the sense that the Vatican was being punished for not taking AML seriously. But that’s not what happened.
The Vatican spent much of 2011 enacting new laws to shore up its AML controls. The US State Department watch list that placed the Vatican within the category of “concern,” alongside countries like Ireland , Chile and Poland, was a positive step for the Papal state which is looking forward to June when the European Commission releases its “white list” of countries that meet the highest standards of anti-tax fraud and money laundering provisions. The Vatican hopes to be on that list.
Even with the progress that’s been made, one account at a Vatican bank called the Institute of Works of Religion (IOR) could derail the Vatican’s hopes. JP Morgan Chase closed a so-called “sweeping” account. JP Morgan Chase made a decision to close the account because they did not receive enough information on the account’s wire transfers. That action clearly illustrates the rising standard of scrutiny in AML compliance.
K2 Global’s BSA/AML Capabilities
At K2 Global, Vincent D’Amelio and Thomas Bock lead our Bank Secrecy Act and Anti-Money Laundering compliance team. In the last year, they have begun to implement KYC programs, conducted risk assessments and assisted in the global implementation of a transaction monitoring system on behalf of financial service clients.
A key focus in for this year and in the future will be a shift to how financial institutions use AML compliance management software. Vincent, Tom and their team can help these financial institutions choose the right software to eliminate the silos created by automated systems and create an enterprise-wide view of AML risk.
In addition, using K2 Global’s proprietary software, our team can help financial institutions visualize relationships between parties and analyze suspicious activity in a more efficient and cost-effective manner.
If your institution, or a client’s institution, would like to hear more about our capacity to advise on AML Program implementation, transaction monitoring “look backs,” or any other BSA and AML-related matters, I’d be happy to go into further detail about how our growing team can benefit you and your enterprise. Please feel free to get in touch.
Best,
Jeremy Kroll
CEO and Co-Founder
K2 Global Consulting N.A., LLC
www.k2global.net
Federal Prosecutors Sting Google, Snare Page
The new law enforcement environment for the business community isn’t confined to the financial markets. Google just paid a record-setting $500 million fine for accepting prohibited ads for pharmaceutical drugs. But the importance of the story isn’t that the size of the fine or the fact that Google seems to have opened itself up to taking greater responsibility for the actions of its advertisers, something it has been loathe to do up until now.
As the Wall Street Journal points out, there’s another headline in this story which is the lengths the government was willing to go to make this case. To begin with, prosecutors enlisted a real con artist to front their sting on Google. They found David Whitaker in a Federal prison and set him up as an illegal pharmacy:
Mr. Whitaker was arrested in Mexico in March 2008 for entering that country illegally and returned to the U.S. to face charges of wire fraud, conspiracy and commercial bribery in the iPod case. Mr. Whitaker told U.S. authorities about the alleged role Google played in helping his Mexico-based pharmacy.
Federal prosecutors, seeking to test the allegation, set up a task force in early 2009 with Mr. Whitaker’s help. On weekdays, he was escorted from the Wyatt Detention Facility in Central Falls, R.I., to a former school department building in North Providence, R.I. There, under the watch of federal agents, he set a snare for Google.
Posing as the fictitious Jason Corriente, an agent for advertisers with lots of money to spend, Mr. Whitaker bypassed Google’s automated advertising system to reach flesh-and-blood ad executives. Federal agents created www.SportsDrugs.net, designed to look “as if a Mexican drug lord had built a website to sell HGH and steroids,” Mr. Whitaker said in his account of the sting.
Google first rejected it, along with an anti-aging website called www.NotGrowingOldEasy.com. But the company’s ad executives worked with Mr. Whitaker to find a way around Google rules, according to prosecutors and Mr. Whitaker’s account.
The undercover team removed a link to buy the drugs directly instead requiring customers to submit an online request form and Google approved it. “The site generated a flood of email traffic from customers wanting to buy HGH and steroids,” Mr. Whitaker said.
To pay Google’s fees for the growing online traffic, undercover agents made payments every two or three days with a government-backed credit card.
Not every case will get this kind of high-profile treatment. But government’s willingness to mount a complex, sustained sting operation against a company like Google suggests law enforcement views business as one its main theaters of operation.
Con Artist Starred in Sting that Cost Google Millions (Wall Street Journal)
WSJ Reveals Low-Cost Hacking for Hire
The Wall Street Journal ran a story about two Kuwaiti brothers engaged in a long-running feud over their family assets. What makes the story more than a simple soap opera is how it reveals the low cost of hiring computer hackers willing to gain access to sensitive online information like email accounts:
Although the brothers’ feud involves big money, documents filed in two civil cases in September 2009 suggests just how simple and affordable online espionage has become. Computer forensic specialists say some hackers-for-hire openly market themselves online. “It’s not hard to find hackers,” says Mikko Hyppönen of computer-security firm F-Secure Corp.
One such site, hiretohack.net, advertises online services including being able to “crack” passwords for major email services in less than 48 hours. It says it charges a minimum of $150, depending on the email provider, the password’s complexity and the urgency of the job. The site describes itself as a group of technology students based in Europe, U.S. and Asia.
An unfortunate byproduct of the internet has been the ease with which highly specialized services like hacking are made available. What’s frightening about this story is to see just how cheap hacking talent is to hire and that it can be hired on an hourly or project basis.
This story has an obvious implication: the threshold for hacking is much lower than previously thought. Most businesses view hacking as something conducted by specific groups for malicious ends. But the potential to hire hackers for to gain access to specific information during a lawsuit or competitive business situation raises the need for a broader range of businesses to have a regular security audit.
Hackers for Hire Are Easy to Find (Wall Street Journal)
December Newsletter: Managing Reputation and Risk
Today we sent out our December newsletter, entitled “Managing Reputation and Risk.” If you didn’t receive it, you can read the full text below (and be sure to click here to sign up for future newsletters).
Dear Friend:
As the holidays approach, I’ve begun to reflect on K2 Global’s first full year in business. The model of a pioneering organization that Jules and I envisioned—a lean investigative team that combines old-school skills with new technology and a global reach—has really come to fruition.
Throughout 2010 our focus was on getting our firm launched. In 2011, we concentrated on filling out our team with a group of experienced and well-connected investigators, case managers, intelligence analysts, technology and legal experts. In fact, we’ve been so good at attracting talent, our London office recently relocated to a new, larger space and our headquarter office in New York is ready to burst.
A lot of hard work has also begun to bear fruit this year. The most gratifying part has been re-connecting with old friends and building strong new client relationships.
In the many conversations I’ve had over the last year, I and my colleagues and have noticed a number of issues that keep cropping up. All of these of these issues revolve around risk – not just financial risk but reputational risk too. This risk is introduced by the parties you do business with, the actions of your employees, and the data your company generates. Most of the solutions we offer to manage that risk involve using a combination of our investigative expertise and the technologies at our disposal.
The biggest is issue is uncertainty. I recently spoke to the Financial Times (check out the whole article, “Risk and Reward“, over at FT.com.) about how “volatility is the new norm.” I don’t think I’ll get an argument from you about the truth of that statement. But I do believe that many of our clients don’t fully understand that they already possess a lot of the information that can help manage that vulnerability and risk. And though many of the lurking threats to your business come from outside of your enterprise, a surprising number may already be present within your business.
For example, in recent years we’ve seen the emergence of a global effort to crack down on business practices that were once conveniently tolerated. That includes increased scrutiny from regulators; new laws in the form of the UK Bribery Act and stepped up enforcement of the Foreign Corrupt Practices Act; as well as more government prosecution of insider trading cases. We’ve obviously thought a lot about these issues, and our Head of Compliance, Jason Golub, has written quite a bit about them on our blog. In Europe, Matteo Bigazzi, who has been recently promoted to head our London office, has also posted on the UK Bribery Act.
All this boils down to your need to develop a “First-to-Know” policy about your own company’s risks and vulnerabilities. Much of this knowledge lies within the data you’re already collecting about your communication, transactions and products, To that end, we’ve spent much of the last year building and acquiring technologies that help us interrogate massive data sets. These new tools allow us to help you detect outlier activities (and non-obvious relationships) before they get out of hand.
We can apply these data analysis technologies to outside data sources as well – for example, a number of our clients look to us to understand how they are portrayed by traditional media, how users of social networks perceive them, and whether the larger Web holds information that can reveal lurking threats or notable opportunities.
We’ve written more about “big data” analysis and our approach to understanding cyber threats on our blog as well, but we invite you send us a note or call us at 212-694-7000 if you’d like to get a greater understanding of our considerable technical capabilities.
After the roller coaster of 2011—and the prospects for more of the same in 2012—I’m sure we’re all ready to take a breath, enjoy the holidays and get ready for the New Year. I want to wish you, your colleagues and all of your families the best.
Best,
Jeremy Kroll
CEO and Co-Founder
K2 Global Consulting
www.k2global.net
The Perils of a Public Persona
As many more businesses are driven by the personality of an individual and that figure’s visibility through the press, social networks and the internet, K2 has seen a rise in the need to protect those individuals from potential physical and reputational threats created by becoming a public figure and the increased accessibility of internet age.
More exposure, as always, means more risk. The internet is an intemperate place where many individuals express their frustrations in a vacuum and many lose the grounding they would have in a physical context. Anonymity (or, the prospect thereof) dulls or negates many people’s sense of repercussions. At K2 we’re seeing a rise in cyber-aggression cases, and there is no single profile for those behind online threats and attacks.
Traditionally, when prominent or public figures have reached out to us with safety concerns, it was due to a physical threat. Over the years, we’ve honed our skills and built a network of contacts to help us keep our clients safe in these situations. But, the idea of security itself is changing.
Increasingly, our investigators see an overlap between traditional methods of safeguarding clients from unexpected threats and innovative new techniques for dealing with malicious campaigns that primarily take place online. K2 Global’s case managers and analysts have added an array of tools for dealing with the now-essential online component of a person’s (or business’s) reputation to our traditional methods of safeguarding your person or your reputation.
When called in to assess a client’s security, K2 Global’s team will generally begin with a physical assessment of a client’s place of business and possibly their residence.
A physical assessment typically includes:
- An examination of entry and egress points
- An estimation of existing security measures
- A review of emergency plans
But now K2 also frequently performs a baseline sentiment analysis of the internet content related to our clients which helps define the pre-existing tone of comments and coverage of our clients.
Once our investigators have established this critical benchmark, they are in a better position to monitor the tone of online activity going forward. This is designed to allow the investigators to flag any potentially hostile sentiment before it escalates into violent or disruptive behavior.
If such behavior is detected, we’ve learned that going directly to law enforcement is not always the best course of action. Often times dealing with aggressive online behavior is more permanently resolved by making contact with—or through—an intermediary who is trusted by the aggressor.
In recent cases, K2 has identified friends, colleagues or associates of individuals presenting threats to our clients and developed strategies for how these people could become allies in dealing with the underlying causes for aggression.
However, if these “soft” tactics fail, K2 has vast experience in dealing with law enforcement at the federal and state and local levels, as well as industry specific regulatory bodies. When a hard plan of action is necessary, K2 partners with clients to guide them through this process with all necessary care and speed.
Where the threat is less focused, our investigators are still able to give our clients traction toward regaining a sense of security.
For example, K2 has been called in to determine the source of disparaging news leaks and misinformation that can become a threat to a client’s interests. Again, K2 has a wide array of tools and experts at our disposal that can help determine whether such information is coming from an abuse of trust within a company or an overtly hostile party on the outside. Once the nature of a leak was identified, we were able to design and implement security arrangements that efficiently and effectively mitigated the problem.
There is no one solution to the many problems that can arise in a world increasingly connected by social media, and in lives increasingly lived online. Our unique approach is to match the best traditional investigative methodology with the optimal technology solutions to provide our clients with a holistic sense of security in the digital age.
Our goal is always to keep clients safe. As a next-generation investigations firm, we know that this task has evolved from simply providing security in the face of physical threats to including ways to address all forms of cyber-aggression and online harassment.
