The fight against money laundering - 'Legislation alone is not enough'

These negative actions affect citizens and companies across the world, and undermine economies, depriving us of prosperity, economic growth, and employment. According to McKinsey up to USD 2 trillion is laundered annually through the global banking system. This translates roughly into 2% to 5% of global GDP. Yet, when it comes to recovering/freeze the criminal proceeds, the figures are lower. As reported by Europol, only about 2% of criminal proceeds are frozen, and 1% is confiscated in the EU. Still, the Financial Action Task Force (FATF) says that such figures only intended to give an estimate of the magnitude of money laundering, which could incur even higher losses, and thereby recommends treating it with caution.

Recognising this growing problem, regulators are developing strict policies and impose great fines on financial institutions that are caught laundering money. Compliance officers find themselves caught between two forces; on one hand, they must answer in real-time to the high level of fraud sophistication happening in finance linked with KYC/AML, and on the other, they must comply with a complex regulatory environment.

While trying to balance these requirements, these officers are beefing up their AML efforts. But are their AML efforts too literal, lack substance, not ingrained into the company culture, as many times they fail to reduce financial crime?

Industry experts agree that to fight financial criminality the company culture, developing a culture of compliance, is crucial – how people act when no one watches? However, many times ‘when it comes to fighting money laundering, people are focusing on the letter of the law, but it is the spirit of the law that needs to be understood and applied’ says Markus Schultz (Global Head Change Management Financial Crime Compliance from ING Bank the Netherlands).

With the ‘spirit of the law’ in mind, we will explore what new measures/laws regulators are exploring/launching to fight financial crime, especially in Europe. Further on we will delve deeper into what do compliance managers do/need to do to get the money laundering fighting process right.

Lack of cooperation/fragmentation in AML fight about to change (?)

At the moment there is a fragmented legal framework in Europe and a lack of cooperation among national AML/CFT authorities when it comes to fighting money laundering and terrorist financing. So far, European countries have failed to transpose the AMLD legislation into their domestic law due to lack of resources (insufficient staffing in the competent authorities, shortcomings in the application of the risk-based approach, and mitigating risks from the misuses of shell companies, golden visas, and citizenship schemes), and other reasons. As a result, differing interpretations of the AML directive across the Member States have created potential loopholes exploited by criminals.

The emergence of new technologies (blockchain), products, and related services (remote identification) over the last decade has been one of the major changes to the global financial system. These innovations have the potential to spur financial innovation and efficiency and improve financial inclusion, but they also create new opportunities for criminals and terrorists to launder their proceeds or finance their illicit activities.

The disruption to the financial/banking industry brought by COVID-19 is fuelling an increasing interest in regtech solutions, capable of solving money laundering issues by applying innovative tech (AI, ML, Big Data, etc.) during the onboarding and monitoring process of clients.

After analysing what is currently happening in the regulatory space in Europe, the European Commission concluded that Member States need a better implementation of existing rules. EU’s AML/CFT legislation needs to become more granular, more precise, and less subject to diverging implementations. To limit divergences in the interpretation and application of the rules, certain parts of the AMLD need to be turned into directly applicable provisions, a goal hopefully to be achieved by AMLD6.

Action plan to support the effectiveness of AML/CFT measures from the European Commission

In May 2020, the European Commission (EC) issued an action plan promising fresh measures to fight money laundering and terrorist finance (ML/TF). The commission has stressed some key aspects that need to be addressed to achieve this objective:

• necessity of a more detailed and harmonised rulebook – different interpretations of the AML/CFT framework across Member States have created potential loopholes that can be exploited by criminals;

• high-quality and consistent supervision, including conferring specific supervisory tasks to an EU body – the EBA has been mandated to oversee and instruct national authorities to carry out different AML/CFT related tasks, and to enhance coordination with supervisors from outside the EU.

• dealing with the emergence of new technologies which have not only spurred financial innovation and improved financial inclusion, but they have also created new opportunities for criminals and terrorists to launder their proceeds or finance their illicit activities. As a result, the EC raised awareness that the EU legislation needs to address the implications of technological innovation in the case of virtual assets (providers), use of digital identification for remote customer identification and verification of customer identity, establishing business relationships remotely. Furthermore, as many technology companies have entered the payments space, the commission agrees that a review will be needed to assess whether the categories of payment service providers currently covered by AML/CFT legislation are adequate.

• enforced Union-level criminal law provisions and information exchange – to speed up access to financial information and facilitate cross-border cooperation, the Commission has given law enforcement authorities direct access to the central bank account mechanism. Furthermore, the EC has also encouraged public-private partnerships (PPPs) to make better use of financial intelligence. The Commission promised to issue guidance on PPPs by Q1 2021. Some current public-private financial information-sharing partnerships examples include the UK's Joint Money Laundering Intelligence Taskforce (JMLIT), the US FinCEN Exchange, Germany's Anti Financial Crime Alliance (AFCA), the Netherlands' Fintell Alliance (FA-NL), and others.

• strengthening the international dimension of the EU AML/CFT framework - criminals do not act locally and information should be shared at the international level. Therefore, for the first time, the new plan also includes the methodology to identify high-risk third countries. The Commission is developing a technical facility to provide technical assistance to third countries to raise their capacity and address weaknesses in their domestic AML/CFT frameworks. Furthermore, the Commission endorsed the new FATF mandate and intends to play a prominent role in reinforcing global standards.

What does the 6AMLD bring?

The 6th AML directive (AMLD6) aims to support financial institutions and authorities in their fight against money laundering and terrorism financing by expanding the scope of existing legislation (AMLD5). The directive came into effect for regulated entities operating within the EU on 3 December 2020. Entities operating outside of the EU must be compliant by 3 June 2021.

The new directive should motivate banking executives to review their program policies, procedures, and AML technology so that compliance officers make any needed improvements to be prepared for the implementation deadline. Directive key highlights include:

• standard categorisation of predicate offenses - 6AMLD provides a harmonised list of the 22 predicate offenses that constitute money laundering, including certain tax crimes, environmental crime, and cybercrime;

• increased jail sentences - a minimum jail term of at least four years for money laundering offenses, which is up from the current one-year minimum term;

• ‘aiding and abetting’ - anyone who helps money launderers will themselves be committing the crime of money laundering;

• extension of criminal liability to legal persons, if it is established that they failed to prevent a ‘directing mind’ from within the company from carrying out the illegal activity (the punishments can range from temporarily banning organisations from doing business to the permanent closure of businesses);

• Member States cooperation reinforced – because a crime may be committed in one jurisdiction before its financial proceeds are laundered in another (dual criminality), Member States will be required to criminalise money laundering related to six predicate offenses, whether or not these offenses are lawful in the jurisdiction they are committed.  The six predicate offenses are as follows: participation in an organised criminal group and racketeering; terrorism; human trafficking and smuggling migrant smugglings; sexual exploitation; illicit trafficking in narcotics and psychotropic drugs; and corruption.

Will this be enough? THE PEOPLE

The Commission is stepping away from tackling ML/TF through legislation alone. EC’s action plan has stressed the need for cooperation across the globe, plus the delivery of support at the EU level and horizontal and vertical information exchange. However, when under 1% of global financial crime is caught, will all this enhanced activity change the statistics? Will this new approach be enough to make a noticeable difference?

Well… it may be a very good start. This could begin to drive the required mindset change. To understand the spirit of the law, company culture needs to be changed.

How people act when no one watches

Compliance starts with people and companies’ culture, with a constant readiness for worst-case scenarios of fraud, as to be able to ‘put circuit brakes to stop when something bad happens’. Many times, after a money laundering scandal bursts a bank starts to implement stricter internal policies, uses advanced tech to fight fraud, but gradually ‘Corporate Alzheimer’ strikes (as Markus Schultz, ING likes to say), and businesses ‘forget’ about these scandals, and again just tick compliance boxes to be on track.

Compliance - part of your growth strategy

Banks, financial institutions are advised to look for financial crime constantly and proactively, including investigating and analysing suspicious activity, rooting out vulnerabilities, and taking steps to lower an organisation’s risk of becoming a victim. However, according to risk specialist Simone Aurighi, companies should embed risk management within all their processes, making it a cultural attitude, rather than artificially implement a top-down framework. Compliance must, therefore, be a part of the strategy and seen as a benefit to an organisation, rather than a burden.

Usually, business owners choose a framework and place it on top of the existing environment. As processes need to be strengthened and controlled, many times the risk management department imposes unwelcomed changes and requirements causing employees tend to resist these. As the risk processes will only be as robust and safe as the onboarded people, it is crucial that the founders of a company hire the right people. Thus, the effort should begin at the recruiting level. Then, human resources should invest time in developing and shaping new employees, training them on the challenges that the company is facing.

All in all, businesses should ensure from day one that all their future employees understand what the most significant threats and risks for their business are and expect them to act accordingly to prevent them. As many founders of companies complain they weren’t adequately informed or properly educated beforehand, they need to be convinced that they need to protect their business and their interest. Industry events and courses on topics such as risk management enable managers to learn about new risk management strategies, technologies, and how to cooperate with their peers.

About Mirela Ciobanu