tm blog

In a recent tm:tv session, tmgroup’s CEO Joe Pepper explored how and why the residential property market continues to be a money laundering target. Joined by Simon Wilkinson, Board Member of Propertymark (NAEA), Olly Thornton-Berry, Co-Founder & MD of Thirdfort Limited, James Liffen, Partner and Head of Mishcon de Reya's Residential Property team, and Andrew Kimpton, Mortgage & Protection Adviser, Just Mortgages, the panel discussed how issues surrounding inconsistency, lack of regulation, and reliance on paper-based processes need to be addressed to help the industry move forward. You can watch the full session here.

£4.5 billion is laundered through residential property every year

Money laundering continues to be a huge challenge, with £4.5 billion of “dirty money” estimated to have gone through the residential property last year, and some believing the actual figure is closer to £30 billion. Why is this such a problem? Looking at the bigger picture, money laundering activity typically passes funds to terrorist groups, drug dealers, and other unsavoury characters. Yet there are also terrifying, direct consequences for property professionals too, with jail time and unlimited fines at stake for those (even unintentionally) finding themselves involved in such activity. 

However, we’re beginning to see changes for the better, as Simon Wilkinson, Owner of the Wilkinson Partnership and Board Member of Propertymark (NAEA) comments:

“Beyond the introduction of the 5th and 6th AML Directives, heavy fines and high profile cases have come into play. HMRC have also been doing more audits over the last few years, so property professionals are taking AML practices far more seriously. Unfortunately, we’re still seeing a handful of ‘rogue’ agents not following proper practices and leaving themselves open to sanctions, which will be a question of when they get prosecuted – not if.”

Manual processes leave gaping holes for criminals to take advantage of 

Why is residential property so attractive to money launderers? Quite simply, it enables a quick and easy way to “clean” hundreds of thousands of pounds in a single transaction. Coupled with many law firms, estate agents, and mortgage brokers still using older, manual methods to complete AML due diligence, this provides huge motivation for criminals to develop new and increasingly sophisticated methods to outsmart “the human eye”. 

In a world where fake bank statements, ID documents and utility bills can be bought online for as little as £5, the industry needs to take a long hard look at how it is practicing AML due diligence, as Simon Wilkinson, Board Member of Propertymark (NAEA) continues:

“Part of the problem is the lack of regulation across the industry resulting in poor practices being rife. This is evident in the latest research from the SLC and SRA as, at the end of last year, a series of random surveys from the SLC found that two-thirds of firms were non-compliant with their AML rules, whilst the SRA found that 65% were just using a boilerplate template for their AML due diligence.” 

Artificial Intelligence and facial recognition technology can help detect fraud

Fortunately, innovative technology providers are rising to the challenge and solutions are now available that use Artificial Intelligence, facial recognition technology, and more, to verify identity documents and source of funds – saving time and reducing risk, as Olly Thornton-Berry, Co-Founder & MD of Thirdfort Limited comments:

“It’s very easy for a fraudster to change an ID to a new address to outsmart a simple database check. However, when this is layered with Artificial Intelligence that can detect whether a document is real or fake, and facial recognition technology to prove that an individual is who they say they are, it suddenly becomes a lot harder for criminals to succeed.”

The pandemic-led surge in remote-working practices has helped to boost the adoption rates of technology-led AML checks too, as James Liffen, Partner and Head of Mishcon de Reya's Residential Property team comments:

“Since lockdown began, we’ve had to bring in practices we didn’t even think were available, such as companies doing online verification checks for us. While we were always very thorough and comfortable we were doing a good job, digital solutions now offer us that extra layer of protection. It’s proved a fantastic opportunity to see how technology will be vital moving forward. Even when we go back to the office, we’ll be using it.” 

Digital collaboration will be key to stamping out money laundering

Moving forward, it’s clear the time has come for property professionals to “go digital” in order to better protect their businesses and their clients from money laundering activity, and put a stop on the billions of pounds of “dirty money” flowing through the residential property market each year. As consumers become increasingly tech-savvy, it’s equally important that the industry moves away from the manual time-consuming processes and duplication of effort we are currently seeing. 

The industry also needs to consider practical solutions as to how multiple providers can all work together to deliver a joined up, time-saving and secure solution to everyone involved, as Andrew Kimpton, Mortgage & Protection Adviser, Just Mortgages comments: 

“As more solutions come to market, I think we’ll need to adopt a system similar to how we all currently work with credit reference agencies, allowing various property professionals to work with their choice of provider, but still receive the same information.” 

Individual providers also need to consider how they communicate and collaborate with industry partners to enable this, as Joe Pepper, CEO at tmgroup comments: 

“Collaboration across the industry is key to success and building solutions with open APIs will help to facilitate this, so we are increasingly able to join solutions together to not only make things better for property professionals and consumers, but make it harder for criminals to succeed.”

Want to find out more? Watch the full “Dirty Money in the Property Market” tm:tv session here.

In the second instalment of our evolving tech world article, Paul Albone gives his 3 top tips on how best to protect your firm from a cyber-attack and discusses the value placed on accreditations within the industry. Click here to read part 1.

Q. What are the three critical things that firms must do to protect against cyberattacks?  

1. Make all your staff aware of the threats of cyber-attacks

Cyber-attackers use malicious code and software to alter system behaviour and data, resulting in disruptive consequences that can comprise a firm’s systems and lead to cyber-crimes such as information and identity theft, or systems being compromised. 

Cyber-attacks come in many guises, so invest the time and effort in training all your staff. There are a number of good online interactive courses to test and measure staff awareness of cyber-attacks.

2. Find your network and system weak spots that could be exploited by a cyber-attacker 

Normally, this takes the form of an independent security vulnerability test by an external supplier. When choosing a supplier, always ensure they are CREST accredited. The CREST scheme assures a firm that the supplier follows strict testing processes for network and system security assessments. The test findings will help a firm prioritise and plan any security vulnerability remediation measures required.

3. Protect your firm with a solid insurance policy

Take out a stand-alone cyber insurance policy, ensuring that it provides your firm with access to a 24/7 incident response team and, as with any insurance policy, ensuring that you understand what is and is not covered.  

Q. What would you recommend as a good starting point when it comes to improving IT performance?

I would start from the business view and work inwards to IT. For example, is there a clear “line of sight” from the business goals into the IT roadmap? Without this, there is a high probability that valuable IT resources are working on low value, non-important activities.

Then, ensure the fundamentals are in place by measuring KPIs, activities and progress. Are IT operations providing the right level of activity and keeping key stakeholders within the firm informed? If not, establish regular reporting covering both high-level and detailed views. 

It’s also important to regularly inspect a system’s performance metrics at all levels in the system infrastructure. How are systems performing? Where are the hot spots? What are the most commonly occurring errors being raised in the system? 

Once you’ve determined this, ensure the IT roadmap has a continuous system improvement plan running right across it to address these issues. Proactive and regular corrective measures are always better than responding to sudden system incidents that can cause significant disruption to a firm.

Q. What is the value of accreditation (such as ISO 27001) and how do you achieve this status?

Our tmgroup journey towards ISO 27001 accreditation originally stemmed from our GDPR compliancy programme. For this, we ensured demonstrable processes were in place to protect the data held on an individual. This involved a comprehensive assessment of our data, processes, controls, risks, protection and privacy across our entire IT systems landscape. As part of this, we reviewed and updated all of our information security management policies and privacy policy. 

For ISO 27001, the key requirement was to demonstrate that our information security management is under control and in place on an ongoing basis. Our accreditation means that tm have passed the strict security requirements set by ISO 27001 in the integration, management and storage of our clients and internal data.

We also have Gold Partner status with Microsoft, which sets us apart as a high calibre business partner and assures our clients that our solutions are designed and developed to the highest standards.

With thanks to Paul Albone, COO at tmgroup

Ever wanted to know how IT teams can evidence their value? Here, in the first of 2 articles, Paul Albone, tmgroup’s Chief Operating Officer (COO), answers pivotal questions on everything from integration to how smaller firms can make the most of their existing IT resources to keep pace with the competition. Be sure to keep an eye out for part 2!

Q. How do firms with a small in-house IT resource keep up with their larger counterparts?

Play to your strengths and be agile. 

Small in-house IT teams are able to rapidly respond to the firms ever changing needs, whilst larger IT counterparts certainly have the scale, but the proportional increase in potential challenges and communication breakdown, bureaucracy and system complexity can slow down responsiveness and agility.

Q. How can IT teams evidence the value they bring to a firm?  

IT teams should consider what they are able to do for a firm over other alternatives. Being in tune with the firm’s needs and delivering repeatedly and consistently are crucial to demonstrating value.

Furthermore, IT teams should assess what key performance indicators exist between IT and the business. Having clear expectations set between the firm and the IT team is important to ensure IT stays focused on what is important to the firm.

Q. How do firms effectively integrate new platforms with legacy systems that may have been in place for many years?

Firms must assess risk before changing any element of their legacy systems. High risk approaches involve legacy systems being changed in-situ to integrate with new platforms and invariably lead to unnecessary complexity and instability of legacy systems. 

Instead, adopt an approach whereby a “wrapper” is built around the legacy system, usually in the form of an API or web service, so that the new platform and legacy system can interact with each other without affecting the underlying functionality of the legacy system.

Q. How can firms effectively evaluate the systems that are on offer to work out which ones are right for them?

Whether it’s a new case management system, CRM or any other system, firms can fall into the trap of focusing on “what” the system can do, rather than what the firm “needs” the system to do.

When choosing a system, always work from the outset of what the firm is trying to achieve as a successful outcome. Involvement and buy-in from all representatives of the firm is paramount to ensure all needs are considered. This will help define clear goals and the success criteria the system must meet.

Also consider requirements such as system performance and availability needs, multi-firm access, support for smartphones or tablets, API availability and data integration. Then look at the systems on offer and always set up a trial with the supplier – with success measures agreed upfront.

Q. How should a Chief Information Officer (CIO) cultivate a partnership between IT and the rest of the business?

Chief Information Officers (CIOs) have traditionally been seen as an internal facing leader of IT. Instead, businesses now need their CIOs to act as consultants to the business, able to seamlessly work across the business, their clients and internal teams to translate the business goals into delivery across a firm’s products and data. They should also consider the ever-present aspects of risk, compliance and security. To make the partnership effective, CIOs must make their plans clear and understandable to all.

Q. How can IT teams communicate effectively with their colleagues in other departments to manage change effectively?

Managing change effectively requires keeping messages clear at all times – whether this is to communicate the direction taken, or update the team on progress and challenges faced. 

Visual tools such as roadmaps, project plans and progress trackers with a simple Green, Amber or Red status are highly effective for communicating with colleagues in other departments. 

Aim to keep visuals at a high-level, so that messages can be understood easily at all times. Communication tools such as Microsoft Teams or Trello are extremely effective for providing real-time information to colleagues in a collaborative environment.