MONEY LAUNDERING is about much more than white-collar crime. It is a process which fuels the activities of criminal gangs that are extremely harmful to European society as a whole.
It provides criminal organisations with a wide range of possibilities to conceal the source of illicit proceeds stemming from financial fraud and corruption, counterfeiting and smuggling, illegal drugs crime and human trafficking.
Criminal organisations across the world continuously grow in scale and complexity facilitated by the global integration of the financial system and the rise of new technologies.
Banks today consider money laundering not only as a compliance problem but as a societal challenge.
Regrettably, the prescriptive elements of the AML/CFT regime have over time created a division between the management of financial crime risk and the management of financial crime compliance risk, with the latter overwhelming the former. That is why putting a truly effective AML/CFT framework in place is of utmost importance.
Yet data shows the existing framework does not lead to optimal results. According to Europol, although the total number of Suspicious Activities Reports (SARs) filed between 2009 and 2014 has risen by 61.5%, only 1.1% of criminally obtained assets were confiscated during the same period.
Against this increasing volume of SARs, just over 10% of them are estimated as useful to EU law enforcement and are further investigated after collection. There is little evidence this has changed for the better over the last few years.
The upcoming EU AML/CFT legislative package is a major opportunity to address the existing shortcomings, which the European Banking Federation (EBF) has also addressed in its AML Blueprint in March 2020.
The scope of the envisaged changes as laid down in the European Commission’s AML/CFT Action Plan suggests that there is a common understanding between the Commission and the banking sector on most outstanding issues.
This momentum should not be missed. To be effective, the fight against financial crime cannot remain solely in the hands of the public authorities or solely in the hands of the industry. Joint efforts are required for tackling the identified problems such as regulatory and supervisory fragmentation, and lack of efficient information exchange.
REGULATORY and SUPERVISORY HARMONISATION v. FRAGMENTATION
Regulatory fragmentation is one of the reasons for the ineffectiveness of the current framework. It complicates the work not only of multinational banking groups, but also of regulators and law enforcement.
Fighting money laundering is different from fighting other crimes, as regulated private sector entities are expected to play a crucial role in detecting it. They control access of customers to the financial system.
Adequate Know Your Customer (KYC) / Customer due diligence (CDD) processes are the backbone of an effective AML/CFT policy. However, the current regulatory fragmentation and rule-based approach do not allow obliged entities to dedicate resources effectively.
The possibilities for verification of information identifying a person continue to vary across EU Member States due to different traditions. The EBF calls for a new EU KYC/CDD regulatory concept to be built upon a uniform set of key customer information. A more intensive use of e-identification is also necessary in an increasing non-face-to-face onboarding environment.
We also need a strengthening of the risk-based approach (RBA). Today financial crime is mainly tackled through a tick-the-box rule-based exercise instead of an effective and well-informed exercise in risk mitigation and suspicious activity reporting.
The RBA has been weakened by the inconsistent implementation of risk-sensitive measures under the Anti-Money Laundering Directives (AMLDs).
The current “one-size-fits-all” approach is counter-productive as it results in many customers being classified in a high-risk category where flexibility and discretion could be left to banks to follow their data, develop high-quality intelligence and apply mitigation measures.
Fragmentation can also be felt in diverging national approaches to supervision. Supervision in most Member States focuses on the application of prescriptive and inflexible processes and requirements, rather than on the management of ML/TF risks. The unintended consequences include concerns of disproportionate customer burdens and potentially de-riskingcertain customer segments.
A reinforced and more flexible approach to supervision, focusing on managing the AML/CFT risks rather than on inflexible rules-based compliance, would be much more effective. A new single EU AML supervisor may be able to bridge the gaps between the varying approaches to supervision, provided it meets some fundamental requirements.
NEW EU AML AUTHORITY – POTENTIAL and RISKS
The establishment of an EU AML Authority (AMLA) has the potential to improve the AML/CFT framework across the EU and to contribute to a more consistent implementation of the single EU rulebook.
To this end, the AMLA must get the right mandate, clear and well-calibrated competences, avoiding any overlaps and duplication with those of national supervisors.
A precise definition of its scope is a crucial success factor for the new AMLA. Merely adding another layer of reporting obligations would not improve the existing AML/CFT setup.
A model with direct supervision of selected entities may prove to be effective if the selection follows a risk-based approach rather than on the size of entities, and is extended to encompass non-financial entities as well. This would allow the AMLA to concentrate on the riskiest institutions whereas the rest would be supervised indirectly.
Moreover, we have witnessed in the last years a strong need for enhanced cooperation between Financial Intelligence Units (FIUs) and financial institutions. Supervision is important because of the potential impact money laundering can have on financial stability.
However, supervision is only an ex-post action. We need a more effective framework where a stronger focus is put on effective information exchange between the players entrusted with AML responsibilities.
Currently two-way communication channels between financial institutions and FIUs are extremely rare. An FIU coordination and support role at EU-level could remedy this.
FINDING A NEEDLE IN A HAYSTACK
An enabling environment for information sharing between banks and also between banks and public authorities is the most effective tool to respond to the challenges stemming from the lack of bilateral communication channels.
It would lead to an improvement in the overall quality of SARs and reduce the number of false positives. Otherwise banks are left partially “in the dark”, in a situation where they see only bits and pieces of the full picture involving money laundering.
This is one of the reasons behind the high number of false positives and low SAR conversion rates highlighted above. Yet it is difficult to point a finger at either banks or FIUs for these deficiencies.
Banks in Europe and worldwide continuously put efforts in ensuring compliance with the SAR regime and with the broader AML/CFT framework. The total projected cost of financial crime compliance across key global markets is estimated at $180.9 billion, of which $136.5 billion in Europe. On the other hand, the large number of SARs poses a significant challenge for FIUs, which are often not in a position to match banks’ resources.
In such information overflow, identifying the relevant pieces that could support criminal investigations may feel like finding a needle in a haystack. In this context, better cooperation between FIUs and financial institutions is an absolute priority.
Public-private partnerships (PPPs) provide for a potential solution to this issue and should hence be better exploited. They enable banks, FIUs and law enforcement authorities to sit at the same table and work together towards the interception of activities of complex criminal networks.
Although typically conceived as national initiatives, they may also be of international character in order to target criminal activities taking place across borders, e.g. Europol’s Financial Intelligence Public-Private Partnership (EFIPPP).
Yet there is a lack of legal certainty as regards information sharing within PPPs and its compliance with GDPR requirements. Actually, the GDPR provides for sufficient leeway and the notion that AML compliance would necessarily be in tension with personal data protection rules rests on a misconception.
The problem thus lies not within the GDPR, but in its differing interpretation. An EU-level guidance on the interrelation between both sets of rules would bring more clarity and better foster PPP cooperation.
The benefit from exchanging information in the AML/CFT domain should not be limited to PPPs, but also extend to inter-banking information sharing as well. New technologies could particularly enable this type of information exchange.
One of the main technology-based tools to tackle financial crimes are shared utilities that allow for matching KYC information from different datasets and setting up common transaction monitoring facilities, without banks having direct access to other banks’ datasets.
Such technological solutions give a clearer overview of suspicious transactions and facilitate the discovery of ML/TF patterns they would otherwise not be able to identify by looking solely at their own database.
The Dutch initiative – Transaction Monitoring Netherlands (TMNL) – is among the pioneers of setting up such a shared transaction monitoring utility and initiatives are emerging in other countries such as Denmark.
THE WAY FORWARD
It is evident that to lift the spell of dirty money, we need to crack down the current regulatory and supervisory fragmentation and to move from the existing tick-the-box rule-based approach, which focuses on very prescriptive compliance requirements, to a more intelligence-led approach.
The current rules are disproportionate, inflexible and provide neither obliged entities nor supervisors with the appropriate tools and should support a more holistic threat picture and intelligence-led prioritisation of efforts.
To make the existing framework truly effective, we need to put our focus on several key areas. Crucially, the current fragmentation has raised the costs for gatekeepers and has enabled criminals to exploit “the weakest link.” More harmonized KYC/CDD rules and a strengthened risk-based approach is hence needed.
Fragmentation also extends to the diverging national approaches to supervision. A new EU AML authority could bring added value in that regard, but only under certain preconditions, such as having the mandate to exercise direct supervision over the riskiest entities and to cover all obliged entities.
An enabling framework for relevant information sharing in the AML/CFT context is strongly required. The current SAR regime has proven to be ineffective. Banks, FIUs and law enforcement authorities should join forces and foster an intelligence-led approach where SARs are lower in numbers and higher in quality. New technological solutions can only support this process.
Finally, the feeling is that banks and the EU Commission see to a large extent eye to eye in terms of main challenges to be addressed. Most importantly, they all agree that the current framework needs to change.
Whether the upcoming AML/CFT legislative package would manage to effectively solve at least most of the current issues, it remains to be seen soon.
Wim Mijs will speak at the AML Intelligence Boardroom Breakfast Series ‘Adoption of Europe’s AML Action Plan’ on Monday next, May 17.
Share this on:
Follow us on: