Gustavo Fideney and Alvaro Ruiz Ostos conclude a two-part series with a discussion on the role of the anti-money laundering compliance officer, the critical need to mitigate reputation risk and some of the scandals that have built the current AML compliance landscape.
Click to read Part 1, Anti-Money Laundering in Financial Services: A Primer.
Third Line of Defense – The Anti-Money Laundering Compliance Officer
Obliged entities (financial institutions fall in this section) receiving alerts must perform an extra level of analysis, under the responsibility of the AMLCO, who will receive profiles on the parties in question in the onboarding process or whose suspicious transactions are red-flagged by analysts. In this step, the AMLCO will have broad as well as precise knowledge of laws and regulations governing financial transactions and will most probably be held responsible for something occurring under his command.
This would be like the chief of the bouncers in our nightclub; he will handle serious matters once the bouncers at the door have spotted that something is not right.
Now let’s talk about the AMLCO’s responsibilities. He or she will – most of the time – be joined by a committee to determine whether the institution is comfortable receiving such a client or whether the transaction appears to be legitimate. For example, if the AMLCO realizes our potential client has been involved in corruption scandals, he or she will reject the relationship to safeguard the institution’s reputation. Reputation is paramount in the financial services industry. We will touch on its implications later.
Moreover, if the AMLCO understands the transaction is performed by a sanctioned entity or finds dubious information related to the user, he will be obligated to draft a suspicious activity report (SAR) to be delivered to the competent authorities, the financial intelligence units (FIUs).
In short, those are the lines of defense in which financial institutions yield their reputation and business to defend themselves against ML/FT. It is not the scope of this paper to introduce the reporting requirements in which banks, for example, report dubious transactions to the FIUs (as this depends on each local/national authority’s laws and regulations), nor what happens when FIUs produce the dockets later to be delivered to prosecutors/judges for later investigating the entities responsible for the SARs. Here, we intend to explore in a limited way how financial institutions work these cases.
In case you are questioning whether this is common procedure for financial institutions, it is – even when players involved vary in quantity, shape and structure.
Laws Behind the Lines of Defense – European Union Directives
Remember we spoke about reputation? This word is the key to our field.
Nightclubs and financial institutions alike must maintain a positive reputation to make sure their businesses are deemed respectable. Would you go to a nightclub where you know troublesome people harass guests every night? Probably not. The same applies to financial institutions; customers tend to choose institutions with which they know their money will be well kept and where it will not be used for notorious purposes. However, banks must also be concerned with their reputation with regulatory bodies (the “watchdogs”). Local authorities trust that financial institutions are following the directives imposed by law and that they are constantly policing their customers to make sure they do not facilitate the execution of financial crimes.
Watchdogs usually trust that they don’t have to micromanage their governed institutions for them to stay within the legal parameters, and that their period audits won’t come back with any negative findings that will lead to more time and money spent in the form of investigations to determine if there was a flaw – and subsequently need to impose a fine. When fines are levied, they are usually large. There are countless cases that demonstrate the aforementioned risks (we’ll cover this shortly).
The legal parameters we mentioned are displayed on the so-called European Union Anti-Money Laundering Directives. Particularly the 4th and 5th Directives (the 6th is to be implemented by December 2020).
European banking authorities set guidelines on how the signing states should police their financial institutions in a communitarian legal framework. Afterward, AML authorities in each country monitor each institution’s efforts to safeguard the financial system. These mandates ensure that the due diligence and transaction monitoring measures we mentioned earlier are carried out efficiently.
The 4th AML Directive
AMLD4, or the 4th AML Directive – in operation since June 2017 – sets the framework for “preventing the use of the financial system for money laundering or terrorist financing.” This directive is focused on implementing a “risk-based approach” in which financial institutions should analyze, identify, assess and mitigate AML/CFT risks posed by new or existing customers during the due diligence purposes, as we previously mentioned. This directive also dictates ongoing monitoring, beneficial ownership of the accounts, and the need for record keeping, among others needs.
The 5th AML Directive
AMLD5, or the 5th AML Directive – in operation since January 10, 2020 – went further and enhanced the existing regulation to prepare the financial system to do battle against criminal activity. In this regard, we could see further developments on the beneficial ownership front, including a greater focus on defining cryptocurrencies and the risk they pose, limits on pre-paid cards and, most importantly, a greater focus on high-risk third countries.
The 6th AML Directive
AMLD6, or the 6th AML Directive – in countdown mode, as it will be operative in December 2020 – goes even further and emphasizes the framework for transferring funds or property that come from illegal activities, the consequences for trying to disguise the true nature of the funds used by the customer and the wide range of penalties that will be imposed on our financial institutions should they fail to follow the regulations.
Banks’ Fines and Reputational Risks – The Scandals
During the last decades, we have seen the worst financial scandals in history, with shortcomings ranging from laziness to lack of screening processes. Every year, $2 trillion is laundered. Following are several unhappy examples of banks’ failings:
- Bank of Credit and Commerce International (BCCI) in Luxembourg, with headquarters in Belgium: $23 billion laundered during the 1990s. After a PwC investigation, it was found that the institution was laundering money for Saddam Hussein, Abu Nidal and Samuel Doe, among other infamous characters.
- Nauru in Australia: $70 billion laundered during the 2000s. Al-Qaeda’s chosen bank for money laundering.
- Danske Bank in Denmark: $228 billion laundered. After the scandal arose in 2018, this became the largest scandal in Europe to date. Allegedly, money was laundered through the Danske Bank starting in 2007. Fifty percent of the accounts were opened by non-residents, many of whom were residents in high-risk jurisdictions or locations. Despite the material risk, this concern was not called out or reflected in their AML procedures. Second, Danske Bank’s KYC protocols were inadequate to identify ultimate beneficial owners (UBOs) and assess connected risk. Finally, Danske Bank failed to assign proper risk levels to ensure the monitoring of high-risk transactions.
- Standard Chartered Bank: $250 billion laundered during the 2000s. Standard Chartered Bank broke sanctions against Iran by working with Iranian customers, and in 2012, it was fined with $670 million. Failing to implement AML practices and ignoring sanctions against Iran, Cuba, Syria, Sudan, Burma and Zimbabwe led the Financial Conduct Authority (FCA) in the U.K., as well as the securities authorities in the U.S., to fine the bank up to $1.1 billion.
- Wachovia Bank: $380 billion laundered during 2007. This U.S. bank, purchased by Wells Fargo during the financial crisis of 2008, was deeply immersed with Mexican cartels and exchange offices. During 2007, the bank paid $160 million in fines to the U.S. government.
- Deutsche Bank: $10 billion laundered in Russian funds; paid $425 million in fines in 2017 to settle claims.
- ING Bank: Fined $900 million for AML reporting failures for not properly determining the ultimate UBOs of client accounts (the bank paid $619 million in fines in 2012 for facilitating billions of dollars in payments through the U.S. banking system on behalf of Cuban and Iranian clients.)
- S. Bancorp: Paid $600 million to settle U.S. allegations in 2018 for failing to guard against money laundering.
The aforementioned led to modifications in screening processes, serious adjustments in KYC protocols and an expansion in compliance departments, where qualified professionals are needed now more than ever.
Banks across Europe are taking significant pains to mitigate risks by fighting money laundering and other practices. One clear (and recent) example is the action taken by six major Nordic banks against this problem; Danske, Swedbank, Handelsbanken, Nordea and DNB created a customer checking center last year (the KYC Utility) to crack down on money laundering, with the clear objective of eradicating scandals and rebuilding the Nordic banks’ reputations. Still, there is much work to be done.
Taking a peek into the extensive – and most probably unfinished – list of money laundering scandals involving financial institutions leaves us thinking about the need for strict screening and transaction monitoring controls; robust, flexible and adaptable processing management systems/engines; and qualified compliance professionals (all down the line) to defend the institution’s and stakeholders’ interests. Even though compliance – and AML in banking, in particular – may seem to be expensive programs, evidence shows us that they are not at all costly when compared with the outcomes of not having the required AML measures and not complying with local and regional rules and regulations. Banking compliance may indeed be considered costly, but I wonder what would Wirecard, Dankse, Deutsche, Standard and ING (and the list goes on…) think now?
The evidence we have provided shows that not having an effective AML compliance program is far more expensive than having one. As insurance companies claim, it is better to have one and not need it, than to need one and not have it.
Let us remember how important financial institutions are to our economies. They’ve played a key role in businesses’ and individuals’ success, providing the financial boost that enables them to pursue the dreams upon which our current societies are built. However, painful examples such as 9/11 and the growth of ISIS demonstrate that terrorists depend on financial institutions as much as non-criminal groups do. Both require millions of dollars to be carried.
We must make sure that our financial institutions take matters into their own hands to avoid unnecessary customers. Bottom line: Next time you are trying to open an account and find it is taking more time than expected, remember that your bank is also at work attempting to avoid the heartbreaking consequences of financing criminal activities.
The party doesn’t have to end soon, but we must make sure that everybody stays safe.
Disclaimer: This is an opinion article; the authors do not work directly or indirectly for any screening software provider company, nor do they provide legal advice to them. The information provided is based on their experiences working in governmental agencies, banks and law firms.