The subject of cryptoasset risk management, and in particular the pseudo-anonymity of crypto currencies, continues to be a divisive subject, with polar views on whether the development of cryptoassets with anonymity should be trumpeted for offering privacy from the state or whether it merely offers criminals just another means of evading detection.
Whatever our personal views and risk appetite, the subject of cryptoasset risk management is one that is important for risk and compliance professionals and must be understood. More than five years ago, Great Chatwell Academy developed an online programme of learning for cryptocurrencies, because we felt that it was important for risk professionals to cut through the prejudicial headlines that appeared to suggest that crypto was solely the domain of criminals, and to understand more about the scope of underlying blockchain developments, and to recognise how crypto can be managed to offer a new and largely ignored source of global commercial revenue, and a possible viable means of international payments.
Of course, much has happened over the past five years, with crypto headlines ranging between significant frauds and crime and terrorism successes, and law enforcement successes in detecting criminal conduct and recovering huge sums of illicit funds.
In this edition of Chatterbox, we continue to share information that we believe is important to grow the awareness for readers of credible risks whilst acknowledging that a risk-based approach to managing and mitigating crime risks is possible for those who do wish to explore the subject.
SECTION 1 – INTRODUCTION TO CRYPTO
What is ‘Crypto’?
FATF Glossary of Terms
History of Cryptocurrency
SECTION 2 – REGULATORY RESPONSE
Managing the Risks – Red Flags
Subject Focus: Central Bank Digital Currency (CBDC)
SECTION 3 – ENFORCEMENT ACTION
AML Compliance Enforcement
In a world where terms are often used interchangeably, even incorrectly, by commentators and the media it is useful to establish formal meanings. Is it Crypto or digital or virtual, centralised or decentralised, convertible or non-convertible?
We begin this newsletter with a short Glossary of terms, taken from the Financial Action Task Force1 (FATF) as a lead international influencer.
Central Bank Digital Currency (CBDC)
Digital representation of fiat currencies issued by a national government. A digital form of central bank money that is different from balances in traditional reserve or settlement accounts.
Centralised Virtual Currency
Has a single administrating authority that controls the system. Value can be fixed by the administrator set against a fiat currency or it can be floating, e.g. ‘Linden dollars’ in the online game Second Life.
Convertible (or open) Virtual Currency
Has an equivalent value in real currency and can be exchanged back-and-forth for real currency, e.g. Bitcoin.
Short for Crypto Assets or Cryptocurrency.
Digital representation of value or rights which may be transferred and stored electronically, using distributed ledger technology or similar technology.
A math-based, decentralised – convertible – virtual currency that is protected by cryptography, i.e., it incorporates principles of cryptography to implement a distributed, decentralised, secure information economy.
Decentralised Virtual Currency (a.k.a. cryptocurrency)
Distributed, open-source, math-based peer-to-peer virtual currency that has no central administrating authority, and no central monitoring or oversight, e.g. Bitcoin.
A digital representation of either virtual currency (non-fiat) or e-money (fiat) and thus is often used interchangeably with the term “virtual currency”.
A monetary value, represented by a claim on the issuer, which is:
i. stored on an electronic device
ii. issued upon receipt of funds
iii. accepted as a means of payment by undertakings other than the issuer.
FATF Virtual Asset
A virtual asset is a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities, and other financial assets.
FATF Virtual Asset Service Providers
Any natural or legal person who as a business that conducts one or more of the following activities or operations for or on behalf of another natural or legal person:
Initial Coin Offering (ICO)
A Virtual Asset Service Provider generally used as a means to raise funds for new projects from early backers. The issuer offers a digital asset for sale in exchange for fiat currency or another virtual asset, telling prospective purchasers that the capital raised from the ICO sales will be used to fund development in a project such as a digital platform or new software. Purchasers of the digital asset expect a return on their investment or to participate in a share of the returns provided by the project.
Non-convertible (or closed) virtual currency
Intended to be specific to a particular virtual domain or online world, including the Metaverse. Each Metaverse has its own set of coins used for paying everything, including non-fungible tokens (NFTs) and virtual real estate.
Non-fungible token (NFT)
Unique digital asset built on blockchain technology, used as collectibles rather than as payment or investment instruments. A type of Crypto asset but not considered by FATF as falling under the definition of Virtual Asset. NFTs use the same blockchain technology that powers cryptocurrencies, but they are not a currency.
As blockchain-based tokens NFTs securely map ownership rights to digital assets. These can be objects in virtual worlds or digital artworks, with digitalised characters from sports as an area of growing popularity.
Originates in FATF Recommendation 16, when implemented in a jurisdiction requires at a minimum that Virtual Asset Service Providers (VASPs) share the information on the identities of the originator and beneficiary whenever the amount transacted is above $1,000. Countries can choose to implement guidance in a way that best suit local crypto industries.
A digital representation of value that can be digitally traded and functions as a medium of exchange; and/or a unit of account; and/or a store of value but does not have legal tender status in any jurisdiction. It is not issued nor guaranteed by any jurisdiction and fulfils the above functions only by agreement within the community of users of the virtual currency.
Cryptography pioneer David Chaum published a thesis whilst studying at the University of California. Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms2 proposed the first blockchain.
Chaum founded a company DigiCash, the first digital currency, using his breakthrough blind-signature protocol; a form of digital signature in which the content of a message is disguised before it’s signed. DigiCash was designed as an alternative means for users to securely pay for goods and services on the internet.
A landmark paper published under the name of Satoshi Nakamoto, introduced Bitcoin as a new decentralised peer-to-peer electronic cash system. Nakamoto was a pseudonym used by a person (or group of people); the true identity remains unknown despite many unsubstantiated claims and the persona has evolved into something of a philosophical figurehead.
The Nakamoto paper, Bitcoin: A Peer-to-Peer Electronic Cash System3, introduced the concept of blockchain as a new data structure for storing financial transactions, as well as the associated protocol for ensuring validity of the blockchain network.
The Bitcoin protocol was launched as open-source software. It became increasingly popular as a means to send money across borders and attractive to certain people due to the lack of involvement from banks or governments. There could be perfectly legitimate personal reasons for this, but it soon became apparent that vulnerabilities existed for financial crime such as money laundering, terrorist financing and sanctions evasion.
Bitcoin transactions are validated digitally on the Bitcoin network and added to the blockchain ledger in a process called mining. A new coin is added by solving complex cryptographic puzzles to verify blocks of transactions that are then updated on the decentralized blockchain ledger. In return, miners are rewarded with Bitcoin, which is then released into circulation.
In January 2009, U.S. computer programmer Hal Finney received the world’s first bitcoin mining reward. The tokens were received from ‘Satoshi Nakamoto’ which immediately linked the author of 2008 paper to the blockchain launch.
In a now historic payment of 10,000 Bitcoin a programmer purchased two pizzas. This payment amount would equate to a 2022 value of approximately $240 million!
The scheme of the young physics graduate Ross Ulbricht, Silk Road was launched as a massive online illegal drugs market. Regarded as the first darknet market, Silk Road was launched to connect illegal drug sellers with interested buyers online while protecting their identities and transactions using anonymisation techniques which included payment by the cryptocurrency Bitcoin. Recognising that Bitcoin transactions carried an element of transparency, ‘dark wallets’ were invented by Silk Road users with the primary purpose of encrypting and masking all Bitcoin transactions. Silk Road participants who used these Bitcoin wallets to fund their transactions had an added layer of privacy.
The online marketplace was eventually shut down by the FBI in 2013, with Ulbricht arrested and sentenced to life imprisonment.
The Founder of Liberty Reserve was convicted of laundering more than $250 million through the digital currency business. The virtual currency had been used by cybercriminals around the world to launder the proceeds of their illegal activity. Prosecutors called it an ‘underworld cyber-banking system’.
Ethereum (originally launched as Frontier in 2015) provided a platform with ability to trade in more than just cryptocurrency. Ethereum offers several methods of exchange, including a cryptocurrency called Ether.
Ethereum currency grew by more than 13,000% in this twelve-month period.
The total value of the cryptocurrency market reached $1 trillion.
In 2010, Bitcoin was the only viable cryptocurrency. By 2022 over 19,000 different cryptocurrencies had evolved with Ethereum and Tether behind Bitcoin in value as the top three.
The environmental impact of cryptocurrency has become more apparent. The size of the Bitcoin blockchain is approximately 400 gigabytes and mining for bitcoin alone is estimated to create up to 22.9 million metric tons of carbon dioxide emissions per year. Research by the U.S. Columbia University4 estimates that Bitcoin alone used an estimated 150 terawatt-hours of electricity in the year to May 2022 – more than Argentina, with 45 million people. This accounts for 0.40 percent of the entire world’s electricity consumption as of July 2022.
Financial Action Task Force
Recognising the money laundering and terrorist financing implications of virtual assets, FATF adopted changes to its Recommendations in October 2018. An amendment now requires service providers in relation to these products to be regulated for anti-money laundering and countering the financing of terrorism (AML/CFT) purposes. The FATF Glossary was updated to reflect the terms “virtual asset” (VA) and “virtual asset service provider” (VASP). The amended Recommendation 15 requires that VASPs be licensed or registered, and subject to effective systems for monitoring or supervision.
In June 2019, FATF adopted an amended Interpretive Note to Recommendation 15. This further clarified how the requirements should be applied, with particular reference to:
i. application of the risk-based approach to VA activities and VASPs
ii. supervision of VASPs for AML/CFT purposes
iii. licensing or registration
iv. preventive measures, such as customer due diligence, recordkeeping, and suspicious transaction reporting
v. sanctions and other enforcement measures
vi. international co-operation.
The amended Interpretive Note was released alongside publication of Guidance for a Risk-Based Approach for Virtual Assets and Virtual Asset Service Providers. Updated in 20215 to reflect the fast-moving and technologically dynamic nature of this sector, the Guidance offers support on application of the risk-based approach to VAs and VASPs. It is intended to help national authorities in developing regulatory and supervisory responses and to help private sector firms engaging in VA activities to understand their AML/CFT obligations and how to achieve effective compliance.
An interesting point in the Guidance is that supervision principles make clear only competent authorities, and not self-regulatory bodies, can act as VASP supervisory or monitoring bodies. Country authorities had the choice of creating a new supervisory body as a competent authority or placing the responsibility with an existing competent authority, the latter approach being more common.
In the UK, the Financial Conduct Authority (FCA) are the anti-money laundering and counter-terrorist financing supervisor of UK VASPs under the Money Laundering Regulations, using the terminology ‘Cryptoassets’. Businesses carrying on certain defined activities must comply with the MLRs since 10 January 2020, a legal regime introduced by the statutory instrument Money Laundering and Terrorist Financing (Amendment) Regulations 2019. FCA responsibility under this regime is limited to AML/CTF registration supervision and enforcement only.
Cryptoasset exchange providers and custodian wallet providers now fall within the regulatory environment. Cryptoasset exchange provider activity includes Cryptoasset Automated Teller Machine (ATM) and Initial Coin Offering (ICO).
The FCA monitor and review VASP business activity within the UK and publish a list of unregistered cryptoasset businesses on the Financial Services Register. These are businesses that appear to be carrying on cryptoasset activity without being registered for anti-money laundering purposes. Research following initial publication found this impacted upon 110 such businesses which ceased operation.
As a regulator, the FCA issue consumer warnings relating to supervised products and services, this extends to Cryptoassets.
In March 2022, the FCA warned operators of crypto ATMs in the UK to shut their machines down or face enforcement action. No registered cryptoasset firms had been approved to offer crypto ATM services, this meant any ATMs operating in the UK were doing so illegally and consumers should not be using them!
In May 2022, the FCA repeated previous advice to consumers on the risks of investing in cryptoassets. The FCA supervises cryptoasset exchange providers and custodian wallet providers, however it has not been given regulatory oversight over direct investments in cryptoassets and non-fungible tokens (NFTs). There are no consumer protections for those who buy cryptoassets and NFTs. The FCA advise that if you buy cryptoassets you should be prepared to lose all the money you invest. There are controls on those marketing cryptoassets with an obligation to state that cryptoassets are not regulated by the FCA and are not protected by financial compensation schemes, requirements that are often ignored.
FCA enforcement staff work closely with other regulators and law enforcement agencies, to detect serious misconduct, including money laundering and terrorist financing.
The UK Joint Money Laundering Steering Group (JMLSG) publishes Guidance to assist those in financial industry sectors in relation to the prevention of money laundering and terrorist financing. Part 2, s226 of the Guidance Notes relates to ‘cryptoasset exchange providers and custodian wallet providers’. Such defined businesses based in the UK are relevant persons for the purposes of the ML Regulations. They are required to register with the FCA as the relevant competent authority.
The Financial Crimes Enforcement Network (FinCEN) is responsible for the regulatory framework for Virtual Currencies in the United States and provides formal Guidance and Advisory on the threats posed by virtual currency misuse.
The FinCEN rules define certain businesses or individuals involved with ‘Convertible Virtual Currencies’ (CVCs) as money transmitters, subject to the same registration requirements and range of anti-money laundering measures as other money services businesses, such as AML/CFT program, recordkeeping, and reporting responsibilities.
A 2019 FinCEN Advisory on Illicit Activity Involving Convertible Virtual Currency7 was issued to assist financial institutions in identifying and reporting suspicious activity concerning how criminals exploit convertible virtual currencies CVCs for criminal purposes. The coverage was extensive and included money laundering, sanctions evasion, and other illicit financing purposes, particularly involving darknet marketplaces.
When implementing FATF recommendations, the autonomous nature of jurisdictional regulation allows decisions appropriate to each individual country. Details can vary, whilst remaining within the FATF framework, and it may be beneficial to consider an approach in addition to the UK.
Singapore provides a useful example on the impact of the FATF evaluation process. The latest mutual evaluation of Singapore took place in 2016. Whilst generally positive, it highlighted that virtual currencies were considered an important area of future growth. The national risk assessment conducted as part of the jurisdictional risk-based approach under Recommendation 1 identified further study was required into the subject; this took place with a resulting strategic plan.
The Monetary Authority of Singapore (MAS) is the competent authority with responsibility to regulate digital assets and the service providers in Singapore.
The majority of providers offering digital asset services in Singapore have licencing requirements under the Payments Services Act 2020. However, certain gaps have been identified and the Financial Services and Markets Bill is to be introduced in 2022 to enhance the regime and align better with FATF standards.
One particular issue is that current legislation does not capture businesses which only provide services to non-Singapore residents. In future, even if the funds do not flow through Singapore, facilitating transfers of money between people in different jurisdictions will be regulated by MAS.
Singapore’s FSM bill will also regulate financial advice on the purchase or sale of digital tokens and expand the definition of regulated business beyond cryptocurrencies to include digital representations of capital markets products including ‘shares, debt instruments, and funds’8.
In May 2022, the Government of Jersey published a National Risk Overview of Virtual Assets Money Laundering & Terrorist Financing9.
The report is a product of the government working with a series of public and private sector stakeholders and experts in the Virtual Asset Service Provider (VASP terminology used in line with FATF) sector on a high-level risk overview of the exposure in Jersey to ML and TF risks stemming from virtual assets and related activities.
Jersey has been progressive in the area of virtual assets and was one of the first jurisdictions globally to enact legislation in 2016 that brought within scope of AML provisions entities that offer exchange services between virtual assets and fiat currencies.
The report concludes that although the VA sector in Jersey is currently small, it is rapidly evolving and with it the risks it presents. Potential risks need to be kept under constant review and the government is proactively taking steps to identify, assess, and understand the ML and TF risks.
The following are specific higher-risk factors relating to the customer of a regulated firm who:
The 2020 FATF Report Virtual Assets Red Flag Indicators of Money Laundering and Terrorist Financing10 contains a collection of red flag indicators of suspicious VA activities or possible attempts to evade law enforcement detection, as identified through more than one hundred case studies collected since 2017.
There are three different types of CBDC, these vary depending on the technology used:
i. digital central bank tokens that can be used by financial institutions, for example interbank settlements
ii. accounts at the central bank for use by the general public
iii. a digital form of cash that could be used by the general public in retail payments.
Currently only large financial institutions can hold deposits at central banks such as the Bank of England. A CBDC extends this facility to businesses and consumers who can use the process for their everyday payments needs. It exists alongside cash and bank deposits, rather than replacing them.
A CBDC overcomes certain consumer issues associated with a bank, for example the risk of collapse or commercial policy changes. A CBDC is managed by a central bank and therefore has the same security as cash, unlike a decentralised virtual currency, such as Bitcoin, which has no central administrating authority.
The CBDC is not a financial asset in itself but a digital form of a national currency and draws its value from the national physical currency, to which it is pegged at parity.
CBDCs have many benefits but also come with serious concerns, such as the risk of cyber-attack. The process relies upon giving millions of customers access to the central bank.
Many countries have gone beyond proof of concept and launched pilot schemes or full CBDC.
There are as yet no plans to introduce a CBDC in the UK. In November 2021, the Bank of England issued a statement confirming a 2022 consultation on whether authorities are content to move into a ‘development’ phase which will they believe will span several years, with earliest date for launch of a UK CBDC as the second half of the 2020s decade.
In October 2020, the Central Bank of the Bahamas introduced the Sand Dollar as a digital legal currency equivalent to the traditional Bahamian dollar. Launch followed a successful 2019 pilot on the island and the Sand Dollar became the first ever nationwide CBDC in the world.
The Central Bank of Nigeria launched the eNaira in 2021 following successful pilot and it is predicted to bring multiple benefits. These include an increase in financial inclusion as coverage will expand to anyone with a mobile phone, even if they do not have a bank account. 36 percent of the adult population of Nigeria do not have bank accounts, 38 million people unbanked, and the target is to enable up to 90 percent of population to use the eNaira.
Nigeria is among the key remittance destinations in sub-Saharan Africa, with remittance receipts amounting to $24 billion in 2019. Typically, these payments are made through international money transfer operators with fees up to 5 percent of the transaction value. The eNaira will allow wallet-to-wallet transfers free of charge.
Nigeria has a large informal economy, with little transparency to payments. As a centralised virtual currency, the eNaira is account-based with fully traceable transactions. Widespread eNaira adoption will increase financial inclusion, bring greater transparency to informal payments, and strengthen the tax payment base.
In April 2020, China became the first major economy in the world to pilot a digital currency. The pilot for the e-CNY operated in ten regions across China before it was introduced to Olympic Games venues in February 2022. The Games were thought to provide an international centre stage to test the capabilities of the e-CNY.
The central bank, People’s Bank of China (PBoC), was able to test the scalability of e-CNY transactions, an area of technical difficulty which has come under scrutiny and criticism. The rate of maximum predicted transactions per second (TPS) is 300,000, which sounds capable however the private-sector online payment platform Alipay popular in China has a current TPS capability of 544,000. The U.S. initiative for the digital dollar has a potential TPS of to 1.7 million.
China has plans for cross-border testing of e-CNY for use beyond the domestic market. It is working with the Bank of International Settlements and countries such as Hong Kong and the United Arab Emirates.
In conclusion, the IMF Managing Director recently stated: If CBDCs are designed prudently, they can potentially offer more resilience, more safety, greater availability, and lower costs than private forms of digital money.
According to the New Scientist publication, UK police have seized cryptocurrency worth £322m in the five years leading to 2020. Almost all of the seized cryptocurrencies were Bitcoin, with small amounts of Ethereum, and others.
The 2021 Serious and Organised Crime Threat Assessment published by EUROPOL highlighted how criminals are increasingly incorporating digital technologies into their activities, adding that new money laundering techniques involving cryptocurrencies have proliferated recently.
UK Action Fraud has warned the public against fraudsters who ‘cold call’ victims and use social media platforms to advertise ‘get rich quick’ investments in mining and trading in cryptocurrencies such as Bitcoin11.
Case study: Crypto proceeds of crime auction
In 2019, UK police officers had a case dealing with the proceeds of crime in the form of cryptocurrencies. Traditional proceeds of crime such as houses, cars and jewellery are regularly sold at auction to realise funds which are then subject to forfeiture. In this case, cryptocurrencies in the form of Bitcoin, Ripple and Ether had been seized from the former TalkTalk hacker Elliot Gunton who had received them as payments for selling hacking services and stolen personal details online.
This first ever UK-based auction of cryptocurrencies ran for 24 hours, with bidders vetted to ensure only ethical buyers participated. With bids made from across the world including Brazil, Australia and Singapore, the auction raised £240,000.
Case studies: Fraudulent Crypto Schemes
Eastern Metal Securities
In the first case12 , the fraudster ran an investment scheme that induced victims to purchase shares in the scheme called Eastern Metal Securities using cryptocurrency such as Bitcoin and others. Roger Nils-Jonas Karlsson promised victims extremely high returns tied to the price of gold. Funds provided by victims were transferred to Karlsson’s personal bank accounts and use to finance a high spending lifestyle.
In July 2021, Karlsson was convicted of securities fraud, wire fraud and money laundering charges that defrauded thousands of victims of more than $16 million.
My Big Coin
In this case13 the fraudster founded a fraudulent cryptocurrency and virtual payment services company based in the U.S. Randall Crater marketed a fraudulent digital currency called My Big Coin to investors with false representations on the nature and value of the coins. He claimed that My Big Coin was a valid form of crypto, backed by $300 million in gold and other assets, and he had a partnership with Mastercard. This was entirely false and Crater misappropriated over $6 million of investor funds which he used for his own personal gain, spending hundreds of thousands of dollars on high value items such as art and antiques.
In July 2022, Crater was convicted of wire fraud, money-laundering and operating an unlicensed money transmitting business that defrauded investors of more than $6 million.
Case studies: Crypto Thefts
UK: James Parker
In the first case14 , four UK offenders were convicted in 2022 of fraudulently obtaining and laundering Bitcoin and other cryptocurrency worth tens of millions of pounds from an Australia-based cryptocurrency exchange. A fraudster identified and then exploited a loophole on a cryptocurrency trading platform which allowed him to dishonestly obtain credits. He passed this information on to others, who also exploited the weakness. The initial fraudster, James Parker, dishonestly obtained crypto assets worth £15 million from his trading account, his associates acting under his guidance dishonestly withdrew £2.7 million and £1.7million from their accounts. The stolen cryptocurrency was converted into cash and then laundered through various foreign based online accounts.
Parker died before the trial took place. His associates were found guilty of fraud and money laundering.
The second case involves theft of cryptocurrency on an extremely large scale. Hackers had been inside the servers of Bitfinex, a virtual currency exchange, for weeks before attempting an attack. They watched users on the cryptocurrency exchange buy and sell Bitcoins, and studied the commands that controlled the security system, looking for vulnerabilities that were then exploited.
The 2016 hack of Bitfinex netted the thieves virtual currency that at 2022 figures is valued at approximately $4.5 billion. The large-scale investigation by numerous law enforcement bodies has so far seized over $3.6 billion in cryptocurrency linked to the hack. At the height of Bitcoin value in 2021 the stolen Bitcoins would have been worth more than $8 billion, making this case the largest theft in history.
Two individuals linked to the wallets that received stolen Bitcoin were arrested in 202215 for conspiracy to launder $4.5 Billion in stolen cryptocurrency and face trial.
In 2021, Financial Crimes Enforcement Network (FinCEN), the U.S. regulator for crypto exchanges fined BitMEX16 $100 million for failing to implement and maintain a compliant anti-money laundering program and customer identification program, and for failing to report certain suspicious activity.
BitMEX conducted at least $200 million worth of transactions with known darknet markets or unregistered money services businesses providing mixing services, conducted transactions involving high-risk jurisdictions and failed to file a Suspicious Activity Report (SAR) on at least 588 specific suspicious transactions.
This was followed in 2022 by fines placed upon the founders17 of BitMEX for their personal role in the AML failings. Arthur Hayes and Benjamin Delo were each ordered to pay a $10 million criminal fine.
This case highlights the increasingly proactive approach of regulations to cryptocurrency supervision and the personal accountability of those within firms responsible for AML compliance.
Great Chatwell Academy of Learning (GCAL) are the trusted provider of personal and corporate training and development for financial crime compliance and risk management professionals.
GCAL courses are tailored to match the work-based learning outcomes of individuals and businesses, and each course is unique, offering a blend of current regulatory technical guidance and practical-based experiential learning including the use of case study analysis and interactive exercises.
And, we are delighted to be back in the classroom! We are of course continuing to provide online learning, but we are equally excited to be delivering in-person sessions.
Contact Lee for more details and to schedule your training at: firstname.lastname@example.org
If you or your team are required to identify and investigate facts, figures, adverse media, suspected fraud, or suspicious activity, then we’d like to introduce you to our online OSINT (Open-Source Intelligence Investigation Training) programme.
Learn how to identify undisclosed earnings, assets, and movement, and to validate information using the Internet more effectively, confidently, and efficiently.
GCAL now offers a full consultancy risk management service, and we are currently engaged by a wide variety of regulated and non-regulated businesses to provide help and guidance on a range of operational risk and compliance challenges.
If we can help, please do not hesitate to contact me or any other member of our team at: email@example.com.