Tag Archives: finance

Is There a Calculator On That Slide Rule?

(Imagen 4)

Once again I’m painting a picture, this time of two people: the IT chick, deftly wielding her slide rule as she sizes up hardware and software, and the finance dude, deftly wielding his calculator as he tabulates profit, loss, and other money stuff. Each of them in their own little worlds.

Despite the thoughts of Norman Marks in his post “Cyber is one of many business risks.”

  • “Many years ago, my friend Ed Hill, a Managing Director with Protiviti at the time, coined the expression ‘there is no such thing as IT risk. There is only business risk.’”
  • “The [Qualsys] report reveals a persistent disconnect between cybersecurity operations and business outcomes. While 49% of respondents reported having formal risk programmes, only 30% link them directly to business objectives. Even fewer (18%) use integrated risk scenarios that consider both business processes and financial exposure.”

I admit that I often draw a clear distinction between technical risk and business risk. For example, the supposedly separate questions regarding whether a third-party risk management (TPRM) algorithm is accurate, and what happens if an end customer sues your company because the end customer’s personally identifiable information was breached on your partner company’s system.

Imagen 4.

So make sure that when your IT chick wields her slide rule, the tool has an embedded calculator on it to quantify the financial effects of her IT decisions.

Is There a Calculator On That Slide Rule?

Oh Heck, I Look Like a Scammer

Scamicide recently talked about a “free piano scam” where the scammer gifts the victim a piano for free—if the victim pays delivery costs northwards of $600—in advance. Guess what never gets delivered?

The post goes on to say:

“A big indication that this is a scam is that the moving company asks for payment by Zelle or cryptocurrencies.  No legitimate business asks for payment by Zelle or cryptocurrencies, but scammers often do because of the anonymity for these types of payments and the difficulty in tracing or reversing payments made in this manner.”

Well, Bredemarket doesn’t REQUIRE Zelle…but I take it. (No crypto.)

AML Fun: Be a Home-based Money Mule!

The term “money mule,” which first appeared around 2005, refers to a person who transfers illicit money for someone else—sometimes knowing that the activity is criminal, sometimes unknowingly. 

That new job

Scamicide warns us of money mule scams, although this work at home job may sound innocent enough:

“[Y]our job is to receive goods, often electronics that have been shipped to you, inspect them and then reship them to an address provided to you by your new employer.”

So the employee is being paid to inspect goods. What’s wrong with that?

“The problem is that these goods have been purchased with stolen credit cards and you have just become an accomplice to the crime when you ship them to someone else who will then sell them to turn the merchandise into cash.”

Trouble

And if the employee plays their cards wrong, they can end up on an Anti-Money Laundering blocklist.

Why? Perhaps the money launderers aren’t just after a profit. Perhaps, as the U.S. State Department’s Bureau of International Narcotics and Law Enforcement Affairs notes, that home-based employee may be supporting terrorism: 

“Among those who seek to disguise the illegal proceeds of their crimes are drug traffickers, terrorists, corrupt public officials, and organized criminal groups.”

A student job

And there are consequences for the money mules, knowing or not. A foreign student in the UK applied to a job ad with this job description:

“your job content is: use your mobile banking during daily part-time working hours, according to my requirements: help the company collect and transfer money, transfer to the account designated by the company, the company has every day Many orders.”

The company assured the student that everything was legal, so the student took the job. Things went well, until:

“And today my bank sent me a message saying they’ve frozen my account and will still do so unless i explain what certain transactions are for.”

Because the banks can also get in trouble if they violate AML laws.

Money muling doesn’t pay in the long run.

Possible FinCEN Changes

H/T ComplyAdvantage. From FinCEN.

“[On June 18] the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) held the 62nd semi-annual plenary meeting of the Bank Secrecy Act Advisory Group (BSAAG). Deputy Secretary of the Treasury Michael Faulkender delivered remarks at the event laying out guiding principles for BSA modernization.”

https://www.fincen.gov/news/news-releases/fincen-holds-62nd-bank-secrecy-act-advisory-group-bsaag-plenary

ComplyAdvantage itself states:

“The most eye-catching update is that the Treasury will attempt to “change the AML/CFT [Anti Money Laundering/Combating the Financing of Terrorism] status quo” so the BSA “explicitly permits financial institutions to de-prioritize risks” and direct resources towards higher-risk areas. The Treasury also intends to streamline reporting processes to minimize the SAR [Suspicious Activity Report] and CTR [Currency Transaction Report] burden on organizations.”

https://www.linkedin.com/pulse/us-plans-bsa-modernization-singapore-implements-corporate-iuzxe

Applying Common Sense to Employment Fraud

Jobseekers need to know their potential employer when something about a job opportunity doesn’t feel right. And there are ways to do that.

Trusting the person who says to trust your gut

I’ve previously talked about how common sense can minimize the chances of being fooled by a deepfake.

But common sense can help prevent other types of fraud such as employment fraud, as noted by Rachel Lund, chief risk officer with Sandia Area Federal Credit Union.

“Trust your gut- if it feels off, it probably is.”

But can we trust Lund? 

Using search engines for employment fraud scam research

Let’s look at another tip of hers:

“Research the company: Google “[Company Name] + Scam” and see if anything comes up.”

Although you can use Bing. Google isn’t the only search engine out there.

So I entered “Sandia Area Federal Credit Union Scam” into Bing…and found out about its warnings about scams.

From Microsoft.

As far as Bing is concerned, Scandia Area Federal Credit Union is not a scammer itself.

But Bing (and Google) are old fashioned dinosaurs.

Using generative AI for employment fraud scam research

So I clicked on the tab for Copilot results. (ChatGPT isn’t the only generative AI tool out there.)

From Microsoft.

Well, it’s good to know that a regulated credit union isn’t a scammer.

So credit unions are fine

But what about something with a slightly sleazier reputation…like stuffing envelopes?

From Microsoft.

OK, Copilot isn’t hot on envelope stuffing opportunities. 

So envelope stuffing isn’t fine

But what if we get personal?

From Microsoft.

TL;DR: “That’s not us.”

Know your business. Know your employer.

Go Forward. Move Ahead.

(Wildebeest bridge picture via Imagen 3)

A few of you know the particulars of this story about avoiding long-term risk for short-term gains. But the particulars aren’t critically important to most readers.

The business risk of new markets

One time a company wanted to enter a new market. This new market would completely change the way the company did business, both from a technological perspective and from a business perspective.

While the technological challenges were daunting, as usual the business challenges were even more so.

The biggest risk to the company was that the new market operated on a different revenue model, one in which revenue was deferred.

  • In the company’s current market, revenue started at contract signature.
  • But in the new market, the company would have to wait over a year and a half after the contract was signed before it received a dime of revenue.

In a publicly traded company, or even a privately held one, the powers that be are reluctant to undertake an initiative where they won’t get any revenue for 18 months.

“The quarter ends in less than 8 weeks. We want revenue NOW!”

So the company hemmed and hawed about entering the new market, scared of the financial risk. Finally it told its prospect that they’d enter the new market…if the prospect would make an immediate down payment. The prospect was not pleased and went with the company’s competitor instead. And the competitor continued to dominate this market.

For a time.

A few years later, the original company decided to accept the financial risk and, in the words of Devo, “go forward” and “move ahead.” And luckily for the company, it wasn’t too late. The company successfully entered the new market and became a dominant force.

Quarterly gains via risk aversion

We see this today, where a number of companies are struggling to survive. They do the prudent thing, letting go of the employees who don’t provide immediate revenue and concentrating on those who do. The engineers who can code something NOW! The salespeople who can get contract signatures NOW!

This isn’t necessarily the wrong thing to do. If your firm is about to close its doors, you have to do whatever you can to keep the business operating.

But what after that?

Continue to act in a reactive way, chasing the next short term deal?

Good luck.

Why Invela TPRM?

During my three months working with a third-party risk management (TPRM) client, I never heard anyone mention Invela.

Perhaps with reason. Although LinkedIn says the company was founded in 2024, it didn’t post its first blog until April 20, 2025, or its first LinkedIn posts until April 21.

But the second blog post, dated April 21, is the one that matters.

“Invela has officially launched a transformative network to bolster consumer protection and foster innovation within the open banking ecosystem. The Invela Network, developed in collaboration with industry-leading specialist partners, promises to revolutionize how financial institutions manage third-party risk…”

The post goes on to cite the Consumer Financial Protection Bureau (CFPB), but…well…that’s nice.

Invela’s TPRM solution specifically targets the open banking segment of the financial services industry. Open banking, featuring companies such as Plaid, Kong, and Camunda (among others), facilitates the interchange of financial data, rather than keeping it within each bank’s walled garden.

Which of course increases risk.

Hence companies such as Invela.

I was unable to find a “why” story for Invela that compared to the why story I previously found for Ubiety Technologies. Obviously the Invela people never read my book.

However, the principals at Invela come from companies such as Mastercard (although I could find no information on Invela’s CEO Steve Smith). But the Invela leadership team presumably knows their market. We will see if they know their marketing.

Which reminds me…if you need help with your cybersecurity product marketing, Bredemarket has an opening for a cybersecurity client. I can offer

  • compelling content creation
  • winning proposal development
  • actionable analysis

If Bredemarket can help your stretched staff, book a free meeting with me: https://bredemarket.com/cpa/

When Beneficial Ownership Diverges From Legal Ownership

I recently discussed some proposed changes to the way in which beneficial ownership information (BOI) is collected. However, even after the changes are made, FinCEN will still collect BOI for foreign firms.

Hungary, facial recognition, and geolocation

Biometric Update recently published a story about facial recognition in Hungary, and its use to identify people who display rainbows and dress in ways “that diverge from the gender they were assigned at birth.” I’m going to zero in on one portion of the story: the facial recognition provider involved.

The company FaceKom has been around under different names since 2010 but has seen significant growth during the past few years thanks to investments from the Central European Opportunity Private Equity Fund (CEOM). The fund has no direct links with [Prime Minister Orbán’s son-in-law, István] Tiborcz. However, it is registered on the same address in Budapest where several companies owned by Orbán ‘s son-in-law operate.

Ah, geolocation! The Chi Fu Investment Fund Management Zrt.’s address of record is 1051 Budapest, Vörösmarty tér 2.

And do you know what else is at that address?

A Western Union Currency Exchange.

From https://interchangefx.com/branches/vorosmarty/.

Well, that’s enough to drive some conspiracy theorists crazy.

Beneficial ownership and legal ownership

So I didn’t find the smoking gun, but I do want to take this opportunity to point out what BENEFICIAL ownership is. Investopedia:

A beneficial owner is a person who enjoys the benefits of ownership even though the title to some form of property is in another name.

Using the Hungarian example (without the Western Union part), it’s not enough to say that CEOM and/or Chi Fu Investment Fund Management Zrt. (I don’t know enough Hungarian to confirm they are one and the same) does not list István Tiborcz (or Victor Orbán) as an official owner or co-owner.

As Unit21 points out, you don’t have to literally own (either on your own or through a trust) 25% of an entity to be a beneficial owner. Here’s another criterion of a beneficial owner:

Any individual that holds a significant ability to control, manage, or direct the legal entity

De facto control without de jure control could very well be wielded by a powerful politician, or his son-in-law.

(Imagen 3)

FinCEN Domestic BOI Changes: Terrorists Have Not Already Won

A Bredemarket message about financial identity and anti-money laundering (AML) enforcement.

A huge loophole?

Tell your firm’s fraud-fighting story: https://bredemarket.com/cpa/

(Money laundering picture from Imagen 3)

Don’t Know Your Business and Corporate Transparency Act Limited Enforcement (Oh BOI Again)

AuthenticID shared the following:

“In March, the U.S. Treasury Department announced it would no longer enforce the Corporate Transparency Act, the anti-money-laundering law that requires millions of businesses to disclose the identity of their real beneficial owners.”

Not entirely accurate as we will see, but the details are gated. But not at JD Supra:

“On March 26, 2025, FinCEN issued an interim final rule and request for comments, removing the requirement under the Corporate Transparency Act (CTA) for both U.S. companies and U.S. persons to report beneficial ownership information to FinCEN. The rule is effective March 26, 2025. Thus, subject to additional rule changes, U.S. companies and U.S. individuals no longer have to file an initial Beneficial Ownership Information Report (BOIR) or otherwise update or correct a previously filed BOIR.”

As the interim rule itself clarifies, foreign companies still have to report.

“On March 2, 2025, Treasury announced the suspension of enforcement of the CTA against U.S. citizens, domestic reporting companies, and their beneficial owners, and Treasury further announced its intent to engage in a rulemaking to narrow the Reporting Rule to foreign reporting companies only.”

The interim rule itself addresses the convoluted history (one, two, three) of FinCEN’s attempts to enforce anti-money laundering (AML) laws as court challenges persist.

I will let you judge whether this is welcome relief from bureaucracy for American companies, or a huge FinCEN loophole that facilitates AML financial identity evasion by simply letting companies represent themselves as domestic, allowing them to launder as much money as they please for terrorists, drug dealers, and others.

Not that I have an opinion on that.

(Business terrorist image Imagen 3/Google Gemini)