man with automatic weapon surrounded by falling banknotes

(Even if You’re Not a Bank)

Is your company in the money-laundering business? It very well might be. As banks become warier and apply more resources to anti-money-laundering (AML) efforts, creative criminals are eyeing nonfinancial companies as alternative means to “cleaning up” their act.

This piece was originally shared on the ACL blog and is republished here with permission.

If your organization is in the financial sector, the chances are high that you’re aware of the regulatory requirements and risks around money laundering and terrorism financing. In the U.S. alone, penalties for failure to comply have been levied in terms of millions – and sometimes billions – of dollars.

But what about other industries? What sort of risks are there and what measures are needed to address them?

The Financial Action Task Force (FATF) recently produced a report entitled “Anti-money laundering and counter-terrorist financing measures: United States – Mutual Evaluation Report.” It provides comprehensive insights (263 pages worth) into the scope and scale of money laundering — estimated as being in the hundreds of billions of dollars globally — as well as its complexity. The report refers to the very large numbers of regulatory authorities involved in anti-money laundering (AML) measures. It points out that the financial sector bears most of the burden in terms of regulations and the general robustness of “the systems and processes for implementing preventive measures, including for onboarding customers, transaction monitoring and reporting suspicious transactions.” This is the aspect of AML that first comes to mind for many people: financial institutions having to “know their customer” and monitor and report on deposits over $10,000.

Corruption is always adapting and expanding…

For both individuals and organizations holding large amounts of illicit funds, (e.g., drug cartels and corrupt politicians), laundering money through financial institutions would seem to be a pretty obvious thing to do. But most criminals now know that this is relatively easy to detect and so, in response, they are turning to a tremendous number of alternative — and often highly creative — ways to “legitimize” funds.

Laundering techniques include everything from “smurfing” funds into small instruments like money orders, processing funds through heavily cash-based businesses such as parking lots, car washes and casinos, and using large amounts of cash for casino gambling. All of these are commonly used methods to turn large sums of cash into something that can be claimed to be legitimately generated. Real estate or luxury goods (e.g., a yacht), purchases and sales offer another relatively easy way to turn bad money into apparently good. Then there are more complex schemes, with carefully structured shell companies and trusts — usually based offshore.

Trade-based money laundering includes a whole range of variant schemes in which the fraudulent movement of funds can be disguised by artificially inflating or deflating the value of goods and services that are invoiced. And the list of potential laundering schemes goes on.

The TATF report acknowledges the challenges in dealing with just some of these schemes, noting that:

“The regulatory framework has some significant gaps, including minimal coverage of certain institutions and businesses (investment advisers (IAs), lawyers, accountants, real estate agents, trust and company service providers (other than trust companies). Minimal measures are imposed on designated non-financial businesses and professions (DNFBPs) …”

Trade-based money laundering: probably the most pervasive, but hardest to detect

For almost any organization involved in international trade, trade-based money laundering (TBML) needs particular consideration from a risk and compliance perspective. The Global Financial Integrity organization has reported research that shows that TBML is by far the most common method of laundering money internationally, particularly for drug cartels, and involves more than a trillion dollars globally. Much of this takes place through over- or under-invoicing for goods and services.

How directly your organization could be used within such schemes depends on multiple factors, but the risk is very real that your organization is involved somehow.

How do you know if your organization is involved in money laundering?

Studying the FATF report is one of many ways to at least start thinking about the possibility that your organization is being used in some money-laundering scheme. The IIA and the Big Four firms have various online resources available that refer to some of the more typical schemes. National regulatory agencies also refer to the sort of things that they look for and expect your organization to be looking for and reporting on.

Once you know the indicators of money laundering, the biggest challenge is to discover whether those indicators exist in the business activities flowing through your organization. And that is where data and analytics play a critical role.

Data analytics are already used extensively to find the easy indicators of money laundering in the more highly regulated industries, such as financial services. Looking for patterns of multiple deposits under $10,000, as well as reporting on those over $10,000, for example, is a relatively obvious and easy thing. But there is a lot more that can be done and the reality is that analytics and the use of data to uncover money laundering are still not used anywhere close to their full potential, particularly in those industries and with those laundering schemes where the risks and needed response are less obvious.

Some relatively basic but effective techniques for detecting TBML schemes include quantity analysis and unit price analysis, in order to identify outliers and anomalies. Other methods include text and web analytics to match, for example, shipping or customs documentation with billing information.

Money laundering undermines the integrity of business activities

How much effort should risk and compliance managers, as well as auditors, put into the risks of money laundering and into AML measures? One response, for those in less regulated industries at least, could be to simply ignore the risks and assume that regulatory authorities are too busy to spend time looking at your organization.

Apart from the risks of penalties from regulatory authorities, which may or may not be that great, there is arguably a bigger picture issue to be considered: Criminal activities and the associated multiple ways of laundering of funds undermine the integrity of business and financial and social structures around the world (not to mention the associated risks of reputation damage and exposure to loss).

There are several good reasons why it is worth thinking about the likelihood that your organization’s customers, vendors or business partners are somehow using your organization to facilitate the money-laundering process.


John Verver

image001John Verver is acknowledged internationally as an expert authority and thought leader on the application of data analysis technology in audit, risk management, and compliance. He is regularly asked to speak at global audit, compliance, risk, and control conferences and is a member of the advisory board of the Continuous Auditing Research Lab. John was also a key contributor to the Institute of Internal Auditors’ Global Technology Audit Guide #3 on continuous auditing, assurance monitoring, and risk assessment.

John Verver is currently a strategic advisor to ACL. Until recently he was a vice president with ACL, with overall responsibility for ACL’s product and services strategy, as well as for relationships with key organizations in the audit, compliance, risk, and control market. His previous responsibilities at ACL included leadership and growth of ACL’s professional services organization, including consulting, training, and technical support. He led the overall development of ACL’s industry-transforming continuous controls monitoring solution.

Prior to joining ACL, John spent 15 years with Deloitte in the UK and Canada. During his tenure, he was director of computer services, with responsibility for IT audit and security services, as well as accounting systems consulting and implementation. He subsequently became a principal, responsible for building and managing the system development and implementation practice in British Columbia.

John is a Chartered Accountant, Certified Management Consultant and Certified Information System Auditor. He has served on the Council of the Institute of Management Consultants of British Columbia and on committees of the Institute of Chartered Accountants of BC. He has an honors degree from King’s College, University of London, England.

Related Post