Your IT teams probably know this, but bankers should know that European researchers in Germany have found widely used email encryption standards (PGP and S/MIME) can be hacked and are unsafe. Because of flaws in this encryption, and the fact that there are no reliable fixes, researchers are warning people to uninstall or disable such features and stop using them until a fix can be found.
In the world of BSA/AML, things are just as dicey at times. Banks are now complying with new rules for reporting beneficial ownership of 25% or more, but be forewarned that regulators may ask for information about beneficial owners with as little as a 10% stake in a customer business. The reason is that disclosure is based on risk level of every client, not just those who are beneficial owners of 25% or more.
Low-risk clients are those for which banks can easily validate identity and sources of wealth. A person whose account shows the same automatic salary deposit every two weeks and a similar pattern of debits and withdrawals every month is likely in the low-risk category. This is particularly true if the amounts involved are modest or if the account holder draws a salary from a governmental department or organization.
Medium risk flags include customers whose identity was not crystal clear when the account was opened and those who do business in areas that have a history of unlawful trading activity. Export-import businesses might be one example.
Beyond what is required automatically by law, customers deemed high risk can occur due to the country of origin, the client's profile, or the product or service involved.
The first category, risk from the country of origin, might include personal or business customers who are located in countries with significant corruption. These can also include those with shaky politics and economies, uncertain legal systems, and a reputation for involvement with drugs or weapons.
The second category, risk from a client profile, includes customers whose activities might include a large, otherwise unexplained geographical distance between the client's residence and the activities taking place; frequent and unexplained asset movements between multiple financial institutions (especially in different geographic areas); all-cash businesses (especially those related to money transfer and gambling); and any situation in which the bank isn't dealing with the account's actual owner or finds it difficult to determine the actual owner.
In short, the less transparent a client is the more suspicious a bank should be. The same rule applies to supervision. A charitable organization or other nonprofit that's regulated is a lower risk than the same organization in a situation where it is not.
The last category, risk from products and services, includes products that are obviously potential ways to launder money, as well as more mundane bank products that might not raise immediate red flags.
Anyone who wants to launder money or finance terrorism will appreciate any bank product that offers anonymity or enables cash transactions. The list can include international services; services that include transaction realization through non-resident accounts; private banking; and services around trading precious metals. Even easily available bank products, such as loans and mortgages, can also be put to nefarious purposes. So, be aware out there.