Anti-money laundering challenges
August 2011 | TALKINGPOINT | FRAUD & CORRUPTION
FW moderates a discussion on the challenges of anti-money laundering between Eric L. Lewis at Baach Robinson & Lewis, Ed Shorrock at Baker and Partners, and Atif Yusuf at Deloitte.
FW: Would you agree that there has been a shift in the enforcement of money laundering away from drugs and terrorism toward tax evasion, driven by a political agenda to recover government finances? If so, how has this affected the approach to AML enforcement activity?
Shorrock: In the offshore environment there has been a notable shift, which can be seen by the rush of jurisdictions to sign up to Tax Information Exchange Agreements and climb up the ladder to be on the OECD white list. April 2009, when the G20 targeted non-cooperative jurisdictions, including ‘tax havens’, was definitely a watershed moment in this respect. In an effort to rebuild national balance sheets, this has translated into increased resources being allocated to revenue authorities and innovative deals with jurisdictions such as Liechtenstein and Switzerland. Providers of financial services have become more sensitive – though not in all cases – to ensuring that any tax planning is well understood and properly advised, but the real difficulty has been for providers and regulators to draw a dividing line between tax evasion and tax avoidance.
Yusuf: The inception of AML legislation revolved around narcotics but it has since moved into other areas. Regarding tax evasion and similar issues, the premise still rests on ill-gotten wealth, whether that involves smuggling or other means of evading tax. On the terrorism side, since 9/11 the addition of nine guidelines from the United Nations has meant that most countries are now formalising a terrorism framework in their legislation as well, so this is very much on the agenda, at least from a policy perspective, across the globe.
Lewis: In the US, there has certainly been much more focus on pressuring foreign financial institutions and foreign governments to compel disclosure of foreign information regarding potential US tax avoidance. Senator Carl Levin issued a report estimating that $100bn has been stashed offshore by US taxpayers, a huge amount of potential revenue in a time of massive deficits. Pressuring foreign banks and governments to turn over information regarding US nationals is ‘low hanging fruit’ politically and legally, and many taxpayers will pay up voluntarily before their information is turned over. These cases are easier to make than complicated money laundering cases, where massive amounts of data need to be sifted to find suspicious patterns or terror finance cases, where the transfers are often small and hard to track. Resources are limited and there is no doubt that the focus on tax evasion has the effect of shifting resources in that direction.
FW: What differences exist between jurisdictions in terms of enacting and enforcing AML legislation? How might these variations play out over the next five years?
Yusuf: Enacting legislation and then enforcing legislation are two different things. When you look at the less developed economies, the last few years have seen a focus on improving the design of the regulatory environment and the framework itself. Companies, for example in the Middle East, have seen excessive regulation over the last three or four years, and that has been translated into policies and frameworks at the company or financial institution level. Some economies in the developing world are further along the road but some are much further behind. There is a gap between jurisdictions, not just in terms of the AML legislation itself but also enforcement practices. Countries that have not yet been evaluated by the Financial Action Task Force (FATF) will see an increased number of mutual evaluations which will undoubtedly result in more advanced regulation, and a drive towards effective compliance.
Lewis: The real problem is not in the enacting of legislation; it is in the commitment and resources to enforce anti-money laundering laws. Many jurisdictions, particularly those with traditional commitments to bank secrecy, may have laws on the books but do little in terms of proactive enforcement. Resources are scarce and the Know Your Customer (KYC) exercises are often perfunctory, ‘tick the box’ exercises with little support for the compliance function. To have real teeth, the US government and governments in other major money centres need to be aggressive in making sure that correspondent banks are actively enforcing an AML regime that would be adequate in those money centres. Unless KYC includes knowing one’s customers’ customers, there will be a race to the bottom in international money laundering enforcement with money coming into the system through banks in countries with lax enforcement regimes.
Shorrock: The irony here is that because offshore jurisdictions have been under the microscope they are more likely to have enacted legislation which covers ‘all crimes’. However, there is no point in having AML legislation which is not enforced and what I think supranational bodies like FATF and the OECD will be saying over the next five years is “Well done, good start – now let’s see how effective you are in policing and enforcing the law”. This should apply to both onshore and offshore jurisdictions. However, the political reality is that, since major onshore jurisdictions are the ones providing support to these bodies, the focus will continue to be offshore. It plays well to the public and gives the politicians a bogeyman to target – unfortunately, recoveries from tax evasion are unlikely to be a major contributor to national treasuries. The problems are more fundamental than that.
FW: There has been an increase in international cooperation and asset recovery in the context of cross-border investigations, but challenges persist. What problems arise as a result of the extraterritorial reach of certain nations, and what impact can this have on multinational companies?
Lewis: There is no doubt that many countries resent the reach of the US and particularly its use of the Patriot Act and AML legislation to police its revenue laws and to overrule bank secrecy laws in a haphazard rather than targeted way. In my view, if the US were viewed as focusing on the core areas of criminal proceeds and terror finance in exercising its extraterritorial reach, that would facilitate cooperation that is now not always forthcoming. Foreign banks and jurisdictions are willing to be more flexible if they believe that the proceeds of serious crime are at stake, but they are not willing to sacrifice their banker-customer confidentiality regimes to serve as surrogate tax police.
Shorrock: The most obvious example of extraterritorial reach is the US with use of the PATRIOT Act, the OFAC sanctions regime and FCPA legislation. However, the UK Bribery Act has also deployed tentacles across the world affecting UK citizens and multinationals which have activities in the UK. The key point is that this is likely to be a continuing trend and whilst it may be politically and economically sensitive, multinational companies have to recognise that legal borders between nations are coming down. Playing a game of arbitrage between nations is becoming more risky – the days of parking suspect business in a loosely regulated jurisdiction are numbered. As a result, multinational companies will have to be run to the highest common regulatory denominator.
Yusuf: This will always remain a very challenging topic. At least in the Middle East, we have seen a number of major frauds taking place in the recent past and, therefore, money laundering at a peak. When money crosses borders, it ends up in different legal jurisdictions, which obviously has a number of ramifications. My own experience is that there are still many gaps in the legal requirements one has to go through to trace and recover assets across borders. Enormous challenges still exist, not least the differences that exist between principle legislation and regulation in this area, which can be quite different even between countries that have adopted common guidance. Companies today are complicated, not just because they conduct different types of business and deliver different and more sophisticated products, but, because they are prevalent in different jurisdictions and structured uniquely from their competitors. All of that makes AML implementation very difficult. Money asset recovery is of extreme importance, particularly now given the enormous amount of distress and fraud.
FW: Although the systems and tools to detect money laundering and terrorist financing are improving, are criminals continuing to devise more sophisticated techniques to bypass these processes? What role does technology play in the fight against money laundering?
Shorrock: Inevitably, as in any conflict, once one side develops a particular tactic or weapon, the other will develop countermeasures. In short it is an arms race. On one side are the individuals and corporates; on the other side are legislators, regulators and enforcers. Technology though, has one big advantage in the fight against money laundering. If used correctly it can be a valuable tool in harvesting large amounts of information and processing it to identify suspect activity. It also delivers transparency but the key is access to the systems which hold the right information – whether it be open source information or transaction databases. Also, you can have all the tools and systems you like but you can’t beat human intuition and scepticism – indeed, they are essential.
Lewis: Technology is critically important in money laundering detection, but less important in terror financing. Indeed, in terror finance, the techniques are probably becoming less sophisticated, largely bypassing the formal banking system. In money laundering, the software becomes far better, but in many cases, particularly in jurisdictions that are new to enforcement, the software is not employed, people are not trained, and a glut of false positives leads to a lack of follow up.
Yusuf: There are always loopholes, and they emanate primarily from law and regulation. Money laundering in western and developed economies often uses legal or regulatory loopholes. For example, in the UK one might buy and sell an expensive car as a mechanism for laundering money through a seemingly legitimate transaction. Here in the Middle East and in Africa, a cash based economy is still predominant so the movement of cash will be the source and the technique for money laundering. Determined money launderers always find ways and means to circumvent the system. Therefore, it is very important, not just that anti-money laundering tools and systems are effective in the environment they operate in, but also that jurisdictional gaps are plugged.
FW: What special challenges are presented in identifying terrorist financing? Do normal AML procedures work? Are there things banks should be doing or is this entirely a job for governmental intelligence?
Yusuf: This is an interesting point that differs depending on what part of the world you are in. The London Underground bombers used in the region of £4500 to finance the event that took place on 7 July 2005. The money came through legitimate banking channels, that is, through people who were bona fide customers of financial institutions in the UK. It is very hard, even through normal AML procedures such as KYC, and any other regulatory procedures that exist, to identify these scenarios. On the other hand, in countries in the Middle East and Africa, where large movements of cash are not unusual, from a banking AML perspective there are procedures and tools, which, if implemented effectively, can prevent such funding at its source, and can help identify suspicious activity before it achieves its ends.
Lewis: Normal AML procedures are necessary but not sufficient in dealing with terror finance. The sums are often too small and they are often moved outside the banking system. In the past, state support of terrorism has allowed funds to be moved by sovereigns. Normal AML procedures should be applied to avoid terrorists thinking they can resort to the normal banking system, but this is primarily a job for governmental intelligence supplemented by very strong enforcement of laws which bar walk-up business in banks or transactions being performed for non-account holders.
Shorrock: Terrorist financing differs from traditional money laundering as the focus is on outputs rather than inputs. By that I mean that terrorist financing is based on a strategy of often using ‘clean’ funds which are designed to be spent for ultimately lethal purposes. Traditional money laundering is usually based on illicit funds which are then hidden and held for a number of years. The two require completely different mind sets to identify but unfortunately the tag of ‘AML/CFT’ blurs this when it should be treated separately. In terms of identifying terrorist financing this is ultimately a partnership between banks and other financial institutions (including DNFBPs) and government. Clearly government bodies rely on the raw data from institutions but the intelligence services are the ones who can investigate and prosecute, if necessary.
FW: We have seen a number of high profile penalties imposed by regulators on financial institutions for non-compliance with anti-money laundering guidelines. In the wake of this enforcement action, are more financial institutions proactively reviewing and amending their practices?
Lewis: Yes, there have been more and higher profile penalties, but it is still my view that banks that are looking at this as an economic proposition will view these penalties as a reasonable cost of doing business. Money laundering remains good business and only a real culture of compliance in the bank will stop banks from taking on business that they should not. The compliance function needs to be empowered and relationships, particularly lucrative banking relationships that are based overseas where there is no real contact with headquarters, must be scrutinised closely. There remain significant incentives within banks to accept rather than reject certain business and to view the KYC exercise as formulaic rather than substantive. Penalties need to be made more predictable and significant and responsible officials need to face personal criminal liability.
Shorrock: We have seen an increasing focus on policies and procedures within financial institutions which has been driven by the publicity generated by high profile cases. However, this is not the case across the board, with some institutions believing that they are already robust enough. It only takes one instance of non-compliance to generate both regulatory and potentially criminal sanctions. For example, in the Jersey case of Caversham v Bell, it took only one instance of a failure to maintain procedures to establish the identity of a beneficiary for a criminal sanction to be applied. Until an institution has practical experience of a failure it is often blind to its own deficiencies.
Yusuf: Globally we have just experienced a financial crunch followed by a recession and now a nascent recovery. In times like this, governments, regulators and tax departments look for revenue sources where they can plug gaps and loopholes. Issuing AML penalties is one area. Organisations are so big, so advanced, and so complex that, even in developed economies, controls do lapse and do cause leakages. It is one thing to have effective policies and frameworks in place but it is obviously another thing to make sure they are fully compliant. We continue to see non-compliance with AML policies, procedures, guidelines and regulations, and therefore we will continue to see fines. This is likely to continue and in some ways it helps to raise awareness within the financial community and encourage self regulation and better compliance.
FW: What advice would you give to financial institutions on establishing internal controls and processes to address AML issues? What are the benefits and drawbacks of a risk-based approach, for example?
Shorrock: A common mistake is to adopt a standard set of policies and procedures without thinking about how it applies to the specific characteristics of the business, such as exposure to particular geographies, customers, types of services offered and how they are delivered. This requires a detailed analysis of the underlying AML risks as it applies to these variables and then designing specific policies and procedures to address them. A benefit of a risk based approach is that it allows resources to be properly focused where the risk is greatest and not to spend valuable time and money on low risk areas. As with all risk management exercises, the starting point is to recognise that all business carries risk and that it is not possible to mitigate everything. One of the drawbacks of this is that it requires a thinking approach to AML which absorbs senior management time and not all institutions are prepared to devote sufficient resource to this.
Yusuf: There is almost unanimous agreement on risk based regulation rather than a substantive approach. But there are regulators who prefer a highly risk based approach and there are regulators who prefer a less risk based, more prescriptive approach. There are advantages and disadvantages to both and a fine balance has to be struck. Too much regulation has a negative impact on doing business. Equally, we have seen in recent years the results of being too lax. At the moment it is a tick box exercise, and we need to embed a culture of AML in the overall organisation, where it is not just compliance at the top level. Every individual, particularly those facing the customer on a daily basis, need to understand their obligations and act accordingly. Without that, AML remains a secondary or tertiary box ticking exercise which people find a way around.
Lewis: The principal challenge in respect of financial institutions’ internal controls and processes is a fundamental view on the business side that compliance is antithetical to profit. Basically, the customer service and business side of a financial business treats the compliance department as though its sole purpose is to keep the bank from making money. Compliance rarely is insulated from this negative attitude by top management. Accordingly, I strongly advise financial institutions to work toward a cooperative environment in which the ‘front office’ business side and the compliance side can work together to assure that business that is developed is not only profitable but that the financial institution will be able to keep that profit rather than pay it to the government in the form of fees and penalties.
FW: In the current market, is there a need to go beyond Know Your Customer (KYC) and carry out Customer Due Diligence (CDD), to gain an understanding of a customer’s business and its rationale for structures and transactions? What practical problems does this pose and what barriers exist to prevent effective CDD? Equally, how do institutions balance the profit motive with the need to ensure compliance, which is especially difficult in financially constrained times?
Yusuf: Transactions are now more difficult and different than in the past. There is no checklist for every type of transaction that the banks create. It is not the job of compliance to continue devising standardised operating procedures and checklists for the front office to follow. In my view it is about the need to embed a basic culture, in the front office particularly, and to balance the act of deal-making and achieving compliance at that stage. In addition, compliance should be a second or even third line of defence. The basic first defence should be at the front office level. There is a good argument to be made for making penalties more severe to encourage compliance, certainly in developed economies. One has to accept that major financial institutions, regulated in a major global economy, have to abide by certain standards where failure to do so will result in being penalised accordingly. However, before this is done effectively, lesser developed economies need an incubation period while they implement new regulations and guidelines.
Lewis: Without understanding the customer’s business and the rationale for structures and transactions, it is difficult to evaluate effectively whether the transactions indicate money laundering. In one case, as an example, $160bn went through a single account for a remittance company whose transaction flow should have been a tiny fraction of that amount. The bank had no clue as to the real business of the company. CDD is essential and it requires an actual dialogue. CDD is obviously a pure cost centre and there is no doubt that institutions would rather do less than more and resent being gatekeepers at their own cost. But there is no other way to do this. Governments need to make sure that these procedures are followed rigorously and that compliance is real. Banks must view this as a required element of the service they provide and calculate it into the price of the services they provide.
Shorrock: CDD is at the heart of the risk based approach. Old style KYC measures, where institutions simply established the identity of the customer, are no longer sufficient. However, it is clearly impractical for detailed CDD to be done by large financial institutions so it is permissible to categorise a class of business, such as current accounts from a particular category of customer based in a low risk jurisdiction, as low risk. For more complex products and higher risk customers, the issues require more analysis. The practical problem is that customers have historically not been used to being asked for this information, and this might result in them playing regulatory arbitrage in seeking out a provider with the lowest standards. Ultimately, the barrier is often cultural where senior management do not effectively communicate their commitment to compliance. Although the profit motive is strong, a short term dash for business does not sit well with a longer term strategy for growth and quality.
FW: What challenges arise when money centre banks take on clients who are located elsewhere, particularly in high risk areas? Are banks delegating the KYC and AML obligations and are they being carried out on a uniform basis system-wide?
Lewis: Trillions of dollars are on deposit from clients who reside elsewhere and who never have any effective interface with US compliance personnel. These functions are often delegated to local branches or subsidiaries that often do not have a compliance infrastructure. When the relationship manager in Bahrain, for example, is the gatekeeper for a dollar account in New York, it is likely that the AML function will be performed perfunctorily at best. A foreign dollar accountholder must withstand at least as much scrutiny as a dollar accountholder who walks into a New York bank branch.
Shorrock: The key problem is that centralised booking operations are removed not only physically from their clients but also do not have the immediate connections and understanding of the local environment to know what risks are present. Business such as this is often conducted through relationship managers who are based in those locations – if you want evidence as to how this model can, and often does, break down in the context of high risk business, I would encourage you to read the UK FSA’s report entitled ‘Banks’ management of high money-laundering risk situations’. It is a worrying read some 10 years after the FSA’s report on the Abacha scandal.
Yusuf: From a regulatory perspective there is no such thing as global regulation, though there are the FATF requirements and bodies like the UN, the IMF and the World Bank which put out guidance. But this is a grey area at the moment. Common market practice is, if you are dealing with a customer who is a customer of another institution, located in a regulated environment, you need to check for some form of mutual evaluation by the FATF. If an acceptable rating has been granted, then technically the institution or intermediary should be reliable. Therefore, a financial institution cannot completely absolve itself simply because it operates in an acceptable regulatory environment. It still needs to undertake a basic amount of due diligence on the financial intermediary or institution that it is dealing with.
FW: What special challenges are presented by correspondent banking? Are banks required to know their customer’s customer? Is that a realistic expectation and is it happening?
Shorrock: Correspondent banking has been at the centre of many money laundering investigations, especially where the US banks, which clear dollars for their respondent banks, are concerned. The main problem is that the correspondent bank is one step removed from the underlying customer and the lack of real time and detailed knowledge results in correspondents often relying on explanations for unusual transactions. Smaller correspondent banks continue to fail to undertake even the most basic due diligence exercises in terms of monitoring relationships. The risk is further amplified where there are chains of correspondent banks – one weak link in the chain and the AML risk rises dramatically.
Yusuf: After 9/11 the US introduced the Patriot Act which had more stringent requirements, particularly for correspondent banking. Specifically, there were sanctions introduced by the US on countries including Iran. However, even after introducing extensive and stringent guidelines and regulation, it is still very difficult, not just because companies may intentionally try to do business with those entities, but because they may be doing business with entities who then in turn may be doing some business through a sanctioned country that gets caught by US legislation. Without having a global response to this, it is almost impossible to curb some of these aspirations on correspondent banking.
Lewis: Knowing the customer’s customer is difficult and perhaps not entirely realistic. It is not happening. But without that requirement, money launderers and terrorists simply need to take one extra step to evade effective detection. Vast sums of money are moved through the nostro accounts of correspondent banks. If those correspondent banks are not performing effective screening, then dirty money will flow through money centres without a trace. The system is only as strong as its weakest link and countries with poor regulation all have banks moving dollars through New York. Both money centre banks and US regulators need to take affirmative steps to make sure that AML screening is as uniform as possible.
Eric L. Lewis is a founding partner at Baach Robinson & Lewis. He practices in the areas of civil, commercial and white collar criminal litigation with an emphasis on transnational disputes and international insolvencies. Mr Lewis served as Principal US Counsel to the Liquidators of Bank of Credit and Commerce International, and Madoff International Securities Limited. He has coordinated multinational fraud litigation throughout the world. He is an elected member of the Council on Foreign Relations, the American Law Institute and the American Bar Foundation among others. Mr Lewis can be contacted on +1 (202) 833 8900 or by email: firstname.lastname@example.org.
Ed Shorrock is director of Regulatory Services at Baker and Partners. He has an extensive knowledge of Jersey’s financial services industry and a wealth of experience which is not just limited to regulatory matters. He has dealt with cases which have required a technical and practical knowledge of insolvency, trust, company and criminal law including money laundering. He is a Fellow of the Institute of Chartered Accountants in England & Wales and delivers training courses on topics of corporate governance and risk management. Mr Shorrock can be contacted on + 44 (0) 1534 766 254 or by email: email@example.com.
Atif Yusuf is a director at Deloitte and leads the Financial Services Regulatory Practice for the Middle East. Mr Yusuf has extensive experience of working with banks and financial institutions in assisting with M&A, restructuring and regulatory advice, with a deep expertise in Anti Money Laundering and Regulation in the Middle East. He can be contacted on +971 4 506 4805 or by email: firstname.lastname@example.org.
© Financier Worldwide
Eric L. Lewis
Baach Robinson & Lewis
Baker and Partners