Anti-money laundering issues for financial institutions
December 2013 | TALKINGPOINT | FRAUD & CORRUPTION
FW moderates a discussion on the anti-money laundering issues faced by financial institutions between Steve Beattie, a principal at EY, Donald N. Lamson, a partner at Shearman & Sterling LLP, and Marc Oliver Schmidt, head of AML Compliance at UBS Deutschland AG.
FW: Could you provide an insight into how the global problem of money-laundering is climbing the political and regulatory agenda?
Beattie: I should highlight that the topic is not only climbing the political and regulatory agenda, but is also increasingly on the agenda of the Boards of Directors of large financial services companies. The focus on money laundering intervention and holding financial services firms accountable for deficiencies in their programs has been increasing across the globe. While it is commonly recognised that the US has rigorous AML program expectations, we are also seeing the emergence of increased focus of other countries and their related regulatory authorities. More than ever, financial services firms who are functioning globally need to not only be aware of and address their home office regulatory needs, but there is also the need to be have full awareness of AML rules and regulatory expectations in countries where they maintain a presence. While the topic is climbing the agenda, there is still a lack of full consistency in terms of expectations, areas of focus, and strength of enforcement. As global payments proliferate, and the world economy becomes further integrated, I would expect the topic of AML to continue its ascent on the agenda.
Lamson: US regulators have recognised the issue of money laundering and have sought to combat it for some time. Following the terrorist attacks on 11 September 2001, the US strengthened its commitment with new laws, regulatory guidance and more aggressive enforcement. Regulators world-wide increasingly are coming to accept that money laundering is a problem, and are beginning to better cooperate and coordinate their responses to this problem. Greater coordination is also taking place among regulators, policymakers and the private sector. For example, in the US, the National Anti-Money Laundering Task Force held its first meeting in October and will meet monthly going forward. Along with such efforts, regulators and banks are developing increasingly sophisticated tools to detect money laundering, helping to better monitor suspicious transactions and verify customer information.
Schmidt: The near $1,500bn estimated by the International Monetary Fund (IMF) in 1999 that is laundered world-wide every year continues to cause alarm. In the 1990s, international efforts to curtail money laundering made very important progress. The Financial Action Task Force (FATF) recommendations built internationally acknowledged minimum standards. We have seen self-regulation initiatives like the Wolfsberg Group, supranational regulations like the EU Anti-Money Laundering Directive and a large number of national legislative initiatives. On the one hand we still see jurisdictions in the race to comply with these standards. On the other hand, compliant jurisdictions look back and realise that regulatory compliance in a technical sense did not resolve the problem of money-laundering per se. However, it is clear that no jurisdiction that wishes to remain competitive can allow itself to lag behind international standards. In view of the strained public finances, the trend towards transferring increasing responsibility to the private sector continues.
FW: Financial institutions are being placed in the frontline of anti-money laundering solutions. How have their compliance obligations changed in recent years?
Lamson: The obligations of banks have steadily increased in recent years and there’s no reason to believe their obligations will lighten anytime soon. Regulators have come to view financial institutions as essential allies in the fight against money laundering. While financial institutions have been penalized in the last few years for their lack of effectiveness in implementing appropriate anti-money laundering measures, they are realizing the negative impact of money laundering on their reputation and business objectives. Financial institutions are thus re-evaluating their processes and technology and regulators expect that banks should approach their obligations with energy and resources. As a result, banks have devoted significant resources to build out and improve anti-money laundering compliance systems. That process will continue indefinitely as regulators’ expectations expand.
Schmidt: In recent years, financial institutions have faced new but quite specific requirements. Subsequent to new regulations, institutions have done their homework by implementing new processes and new systems. External auditors have checked for accurate implementation. Today, financial institutions are obliged to regularly assess what area of their business are a target for money laundering. This inherent risk has to be compared with the existing internal safeguards. If the existing safeguards do not appropriately mitigate the inherent risk, the institution has to derive new or adjusted internal safeguards or refrain from that specific high risk business activity. That is the reason why there is no longer a standard AML Framework that fits all.
Beattie: The role and stature for AML Compliance professionals has certainly increased in recent years. While a number of years ago, the AML Compliance functions may have been more focused on policy, there is now a trend to having these teams assist in the implementation and enforcement of that policy on a global scale, which can also include monitoring the adherence to that policy across the organisation. These responsibilities are not limited to AML Compliance teams. There is an increased expectation for business line involvement and accountability, which means further bolstering the effectiveness of the first line of defense. In addition, there continue to be a number of emergent expectations that can impact a financial services firm across many areas, including operations, compliance and technology. Topics such as having a single, holistic view of clients and their risk, and breaking down silos to converge AML, Fraud and other financial crimes related topics introduce numerous challenges related to data quality and cross-organisation coordination. A number of firms we have worked with often fully study recent AML cases, industry events and guidance from enforcement agencies to determine and implement typologies to enhance their monitoring programs. In short, institutional compliance responsibilities and their importance have and will continue to increase for the foreseeable future, particularly given their critical role in identifying and intervening on money laundering activities.
FW: How important is it for financial institutions to understand and execute the principles behind Know Your Customer (KYC) and Customer Due Diligence (CDD)? What penalties might they face for failing to undertake such checks?
Schmidt: The routine application of the KYC principle is a must. External auditors regularly draw samples to check for the institution’s adherence to the principle. Even if the institution is actually not misused for money laundering, non-compliance with the respective regulations can lead to administrative fines. Even if we still see moderate fines in many jurisdictions, the reputational damage rapidly exceeds a fine once the institution’s non-compliance becomes public. In addition, the regulator may issue specific instructions to get the institution compliant. If the regulator presumes supervisory or organisational fault,the responsible management comes into focus. In the end, non-compliance can constitute grave professional misconduct for responsible managers. If non-adherence to the KYC principle resulted in or facilitated actual misuse of the institution for money laundering purposes, penalties can reach high levels. We have recently seen in the US, $1.9bn fines. In the worst cases, the continued existence of the institution is at risk, and criminal proceedings could take place.
Beattie: I think it’s important to steer away from concern about 'penalties' in the traditional sense, including regulatory criticism or sanctions. The true importance of having a fully effective KYC program is that it is one of the key strategies to prevent laundering from occurring. The front line evaluation of customer risk, and fully understanding the expected customer activities, can help avoid the issue of on-boarding bad-actors and becoming a conduit for money laundering. The industry has numerous examples of the 'risk to brand' introduced by these events. From a business perspective, some firms have already seen that an inefficient or unclear KYC requirement can actually hurt client relationships and reduce their competitiveness in the marketplace. A fully effective client on-boarding program consistently applied across the organisation, that integrates KYC requirements into the business as usual activities, can be a competitive differentiator.
Lamson: As the most common targets for concealment and projection of laundered money, it is absolutely critical for financial institutions of all sizes to understand and execute those principles to enable them to properly verify the identity of, and assess the risks associated with, new and existing customers. Regulators examine extensively for compliance and failure to comply can result – and has resulted – in enforcement actions with significant monetary penalties. Bankers review those actions closely to determine if regulators have increased their expectations of financial institutions. Of particular focus has been an increased call to improve standards on beneficial ownership, meaning knowledge on the part of financial institutions about who ultimately controls, owns and profits from client companies.
FW: To what extent are criminals devising more sophisticated techniques to bypass the tools, processes and technology being used to clamp down on money laundering?
Beattie: We now live in a world where there are 'professional money launderers' who sell their services to criminals and other bad actors. As such, there is a constant attempt to identify new methods to avoid detection as financial services firms continue to enhance the sophistication of their AML programs. The increased proliferation of alternative payment methods, including, for example, global remittances and mobile money, introduce potential new laundering vehicles and increased challenges for financial services firms. We are also seeing virtual currency introduced as a new money laundering method, and I expect increased product and services innovations will continue to evolve industry vulnerabilities. Despite these changes, there is still a focus on less sophisticated money laundering techniques, ranging from structuring to rapid movement of funds. As long as there are very large financial services firms with millions of customer relationships, even these base methods will remain a challenge to detect and intervene.
Lamson: We’re seeing a never-ending game of cat and mouse. As financial institutions develop more sensitive and sophisticated tools to detect money laundering, criminals are devising more elaborate means to foil those systems. Criminals have an alarming amount of technology at their disposal, offering numerous alternative paths to launder illegal proceeds. Regulators, in turn, are building on their experience in fighting money laundering to demand better systems from the institutions they regulate. These systems employ advanced technology that allow for better customer screening and monitoring of suspicious transactions, as well as sophisticated data-mining software that quickly searches public records and establishes linkages among criminals who are part of money laundering rings. So the process goes on and on. These increasing regulatory expectations pose increasing challenges to financial institutions. However, it is critical that institutions stay one step ahead of financial crime patterns.
Schmidt: The funding of criminal activities or concealing of criminal assets can benefit from the latest achievements in electronic money transfer that facilitates anonymous transfers – for example prepaid cards and online payment systems. However, an essential success factor in money laundering remains the concealment of sources of money using the classic methods – smurfing, shell companies and trusts, multi-layered structures, fake companies, nominees and so on.
FW: What steps do you see financial institutions taking to proactively review and amend their anti-money laundering framework? What advice would you give on establishing appropriate internal controls and processes?
Lamson: Given increasing expectations from regulators and faced with the reputational risk of failing to detect money laundering activity, financial institutions are devoting significant resources to the latest generation of anti-money laundering technology. Investing in these sophisticated information systems enables firms to more quickly and efficiently gather information about customers and suspicious transactions. However, it is not enough for institutions to just put these AML programs in place. Financial institutions must also invest in on-going training of personnel responsible for handling funds and opening accounts to make sure that these employees recognise the red flags of money laundering. Furthermore, firms must appoint a dedicated AML compliance officer and ensure appropriate procedures are in place to enable their employees to come forward and report any suspicious findings.
Schmidt: Beyond the implementation of required regulatory measures, financial institutions would be well advised to pay very close attention to a comprehensive risk assessment that covers all areas of business, even if conducted by subordinated entities. A profound and complete analysis of the institution's products, clients and transactions is essential. Even those allegedly proven should be questioned. The assessor must get to know and understand each product and its related transactions. After assessing the inherent risk of money laundering associated with the products, clients and transactions, an inventory of the existing internal safeguards is necessary. The safeguards need to be assessed with regard to their process and design effectiveness before assigning a mitigating effect to them. After comparing the inherent risks with the existing safeguards the institution should have a comprehensible idea what the residual risks are and where the AML Framework should be adjusted. If the internal controls and processes are derived from regular risk assessment, they are deemed appropriate.
Beattie: Many financial institutions have already recognised that there needs to be a constant evolving of their AML framework, recognising that a current leading practice can quickly become trailing when compared to the industry. These forward looking firms have worked with us on developing 'Maturity models', and 'Target Operating Models' to organise their efforts and align to the areas of greatest impact. We have also witnessed an increased focus on local and global risk assessments, and using these risk assessments to drive control design, technology investments, and product/client decisions. An interesting phenomenon is also the 'de-risking' occurring in the industry, whereby products and clients are offloaded from their related firms. Our advice is to build mechanisms to monitor the sustainment of an effective AML program, compare to and learn from your peers, and recognise that leading programs can quickly become trailing without this constant investment.
FW: As the risk and penalties related to AML seem to expand, do you believe the AML obligations for financial institutions are only set to increase? What advice can you offer to firms on maintaining best practices in this area?
Schmidt: The major transfer of responsibility to the financial industry has already been carried out. Regulators will now concentrate on enforcement, and more intensively inspect processes and the design effectiveness of institutions’ safeguards. Nevertheless, I expect one or the other specification and a tightening of AML obligations. It is rather the non-financial sector that might be faced with increasing AML obligations in the near future. Before further regulatory specifications, financial institutions should continue to establish a sound industry standard. However, they should maintain close direct professional exchanges with other institutions, and continue to observe the market and specialist press.
Beattie: I don’t know that obligations have necessarily increased. The core expectations for a sound AML program have generally remained the same, but the complexity, globality and opaqueness of many products have increased, so the obligations to address these areas brings additional challenges. We are also witnessing the increased expectations and enforcement of many globally dispersed regulatory authorities, as regulators continue to roll out revised standards and increase the size of their examination teams. In summary, I think firms need to recognise that many of the breakdowns of AML programs involve the basic elements: knowing your client, monitoring their activity, understanding your key risks related to products and clients, adapting controls appropriately, sustaining program effectiveness and constantly developing talent to lead these important topics.
Lamson: AML obligations will only increase over time. Financial institutions will have to increase compliance budgets as well as devote additional personnel to manage new AML technology developed in response to new threats. Firms must focus not just on the development and implementation of AML compliance policies and procedures but also on consistent application. Financial institutions must continue to review and test the effectiveness of their AML programs. In this regard, firms need to coordinate with their examiners and maintain a dialogue on what they see and what needs to improve. Firms also should be active in industry groups to make sure they keep abreast of best practices.
Steven Beattie is the Anti-money laundering (AML) services leader for EY. He is responsible for America's leadership and global coordination of EY’s AML and economic sanctions-related efforts across banks, asset managers, broker/dealers and insurance companies. Mr Beattie brings extensive hands-on experience in compliance organisation and structure, risk assessment and mitigation, control assessment and operational, technology improvement strategies and regulatory response. He is frequently published on key AML and economic sanctions-related topics, in particular with a focus on risk-based governance and implementation, and leading operational and technology strategies. Mr Beattie can be contacted on +1 212 773 6378 or by email: Steven.Beattie@EY.com.
Donald N. Lamson is a partner in the global Financial Institutions Advisory & Financial Regulatory Group at Shearman & Sterling LLP. He advises international banks and financial institutions on bank regulatory and supervisory issues involving derivative activities, capital markets, M&A, changes in control, investments, internal investigations, enforcement and consumer compliance. Prior to that, he spent 30 years at the OCC, the regulator of national banks. Detailed to the Treasury Department, he helped draft the Administration’s proposal for financial reform, which later became the Dodd-Frank Act. Mr Lamson can be contacted on +1 202 508 8130 or by email: firstname.lastname@example.org.
Marc Oliver Schmidt is head of AML Compliance at UBS Deutschland AG. Besides AML, he is responsible for the institution's anti-bribery, corruption and fraud prevention program. Mr Schmidt is a lawyer with 13 years hands-on banking experience. He started his compliance career implementing MiFID requirements at one of the largest German public banks. He worked as chief compliance officer at Westdeutsche ImmobilienBank AG, specialising in commercial real estate financing, before joining UBS Deutschland AG in 2011, helping to transform the compliance function into a holistic and cross-divisional compliance organisation. Mr Schmidt can be contacted on +49 69 2179 6891 or by email: email@example.com.
© Financier Worldwide
Donald N. Lamson
Shearman & Sterling LLP
Marc Oliver Schmidt
UBS Deutschland AG