Global Watchdog – Money laundering risks in focus

The Financial Action Task Force (FATF) – a watchdog for global money laundering and terrorist financing requires countries to identify, assess and understand the risks of money laundering (ML) and terrorist financing that they may be exposed to. Understanding these risks can help countries in the implementation of anti-money laundering and counter-terrorist financing measures in order to mitigate such risks. The guidance provided by FATF states that adoption of a risk-based approach is pivotal in the allocation of AML & CFT measures efficiently as it allows for AML / CFT measures to be commensurate with the “identified risks”. Even though, FATF has provided guidelines explaining the general principles of risk assessment, the responsibility to determine how to assess these risks falls on each country according to its own unique profile and national context.

Financial institutions across the globe are faced with the challenge of addressing the risk of money laundering and terrorist financing on a daily basis and while adherence to the guidelines of regulators helps them, there is still work on their part in assessing the risk of money laundering to begin with. Money laundering risk assessment involves application of analytical processes in order to measure the likelihood that the financial institution might unwittingly engage in the crimes of money laundering or terrorism financing. Ineffective risk assessment might result in threats to economy such as fraud, corruption and bribery, smuggling and drugs trafficking, etc. The results of which include are not just faced by the country’s economy but also its government and social well-being. The economic consequences of money laundering risks are not just restricted to the undermining of integrity of financial institutions but also loss of control of economic policy, loss of revenue as well as economic distortion and instability whereas social costs involve an increase in criminal activities such as drug trafficking and smuggling etc.

Emerging trends – ML/TF/PF risks

Since the start of the COVID-19 pandemic towards the end of 2019 and the lockdowns imposed worldwide thereafter, digital transactions have taken over the world by storm. The sudden hike in digital movement of currency all over the world opened new avenues for money laundering and terrorist financing. Therefore, the regulators had to rush in to crack down on the new types of risks emerging from this era of digital banking. A need to revise the previously known risks related to ML / TF / PF was felt all over the world.

1. Inadequate anti-money laundering measures for digital banking

While laws and institutions were already in place to combat the risks of ML / TF / PF, the measures put in place by them were thought to be insufficient in addressing the risks associated with the sudden increase in the volume of digital transactions. With the pandemic situation now seemingly over and a return to normal working conditions now finally looking in sight, the risks, however, remain the same due to inclination of more and more people towards digital banking systems. Regulators around the world are therefore pushing banks to use better software as increasing compliance teams in size will not be enough. It is, however, worth noting that the use of cutting-edge technology in addressing the enhanced risk of ML / TF / PF will still prove to be inadequate if not continuously evolved and updated.

2. The rise of trade-based money laundering

 Trade-based money laundering is the process of moving funds through trade transactions in order to disguise its source. FATF President Marcus Pleyer in 2021 declared trade-based money laundering a new kind of fraud. The use of corporate structures / trade entities in recent years has been on the rise since it enables the money launderers / terrorist financiers to embed their ill-gotten money into transactions that appear to be in normal course of business. Financial institutions are, therefore, required to perform enhanced due diligence procedures in order to identify trade entities that are being used for such purposes. In March 2021, FATF and Egmont Group published a report on risk indicators of trade-based money laundering. According to the report, some risk indicators of entities involved in trade-based money laundering are:

• Unusually complex and illogical corporate structures
• Trade entities registered in areas with weak AML / CFT compliance
• Use of mass registration address as the registered address of the entity
• Lack of online presence of the entity
• Nominees acting as senior managers or owners in order to conceal actual beneficial owners

[Trade Based Money Laundering: Risk Indicators published March 2021]

3. Cryptocurrency

The continuously evolving landscape of virtual currency allows fraudsters to use them in order to avoid regulators. Even though efforts are being made globally to bring cryptocurrency into the purview of regulators, there is still a long way to go to minimize the risks of ML / TF / PF using cryptocurrency. The United States, for example, has developed federal cryptocurrency legislation which is not just aimed to address the risks of ML / TF / PF but also tax avoidance and other illicit transactions. Crypto exchanges in U.S fall under the regulatory scope of the Bank Secrecy Act (BSA) and other countries such as Canada, Singapore and Australia among others have also brought the virtual currency into the ambit of their respective regulatory bodies.

4. Poor Beneficial Ownership Registers

Identification of UBOs (ultimate beneficial owners) is a challenging task since ownership structures are made complex on purpose so as to conceal their identities. Use of shell companies, legal persons, nominees are some of the commonly used measures by fraudsters to conceal the identities of ultimate beneficiaries. The recent Pandora papers highlighted the magnitude of poor beneficial ownership registers maintained all over the globe. Countries still do not have in place, an efficient beneficial ownership registration in place which can be used to bar legal persons and entities from being used for money laundering and terrorism financing. Financial institutions now bear the responsibility of performing measures to obtain maximum information about clients whether natural persons or legal entities so that risk of ML / TF / PF could be minimized.

A brief on AML / CFT updates

Regulatory agencies around the world along with international groups such as the Financial Action Task Force and International Consortium of Investigative Journalists are working tirelessly to counter global money laundering and terrorist financing by tightening restrictions around companies / individuals and broadening their own reach. While the recommendations of FATF are not legally binding on Financial Institutions, however, most countries around the world are constantly amending their AML regulations on the basis of recommendations put forward by FATF from time to time. During the last year, FATF made a number of recommendations such as a revised guidance on Virtual Assets and Virtual Assets Service Providers which are briefly defined below:

• VA is a digital representation of value that can be digitally traded or transferred and used for investment or payment purposes.
• VASP is any natural or legal person who has any digital business activities related to VA.

The need for revised guidance on Virtual Assets was felt due to the recent innovation of Non-Fungible tokens (NFTs) and stable coins which have presented new security challenges for regulators around the world. The guidance issued by FATF was therefore intended to help private sector entities who are looking to enter in VA or VASP activities to better understand their obligations related to AML / CFT as well as assist countries and their regulatory bodies to design and implement a risk based framework for supervision of VA and VASP activities.

Other updates by FATF issued in June 2021 last year included:

• Purchase and sale of monetary instruments record keeping whereby banks are now required to keep record of individuals making a financial transaction of US$ 3,000 or more.
• International transportation of currency or monetary instruments reporting for banks to effectively evaluate the risk of money laundering and terrorist financing.
• Reports of foreign financial accounts of individuals and companies
• Other special measures such as obtaining information relating to beneficial ownership

Moreover, as stated above, a report on Risk Indicators for Trade Based Money Laundering was also issued which was designed to enhance the ability of entities to identify suspicious activities associated with laundering of money using trade transactions.

Impact of Pandemic on AML

The COVID-19 pandemic that started in 2019 brought itself new risks of pandemic related fraud and cybersecurity risks among other challenges. The changing political and economic landscape due to the pandemic forced the regulators to respond to these new cybercrimes and frauds by permanently changing the risk profiles of financial institutions since the fraudsters were presented with new opportunities of committing frauds as well as laundering money. The lockdown prompted a shift towards a more digitally enabled banking system but lack of controls for such a change opened new avenues for ML / TF / PF. Moreover, the financial need of businesses made it convenient for criminals to use reputable but failing entities in order to carry out illegal activities. The vulnerabilities of existing systems also revolved around the changing financial behavior of the customers which impacted the ability of financial institutions to detect anomalies. Increasing unemployment and a huge increase in digital transactions left many citizens vulnerable to fraud. Financial patterns of customers significantly changed due to lockdowns imposed worldwide and work from home scenarios. Countries, where remote transactions were less frequently used, were left with no choice but to make huge investments into the financial sectors to introduce tech-based solutions since the physical operations had come to halt.

Many countries had to face economic contraction resulting in a number of vulnerabilities for money laundering. Funds from illicit sources were used to exploit under-performing businesses in different sectors such as real estate, transportation and industrial cleaning sectors since these were most affected by the pandemic. Concerns about economic meltdown resulted in an unusual increase in the number of cash withdrawals which combined with the restrictions of lockdown increased the criminal activities all over the world. Another vulnerability faced by financial institutions was the increase in individuals turning to unregulated financial services since it was appealing to individuals who had lost their job. Pandemic also created more room for insider trading as large shifts in value created opportunities for insider trading. Misuse of virtual assets created further vulnerabilities since just like with cash, stockpiling of virtual assets increased due to concerns over the state of economy in many different countries.

The pandemic highlighted the significance of use of technology in financial institutions in their efforts to combat ML / TF / PF. However, it was also felt that the use of technology alone is not sufficient in this battle. The change in customers’ behavior due to the pandemic required the banks to ensure that their KYC process needs to be able to reassess the nature of customers and their expected behavior. The use of strategic data analysis tools to identify suspicious transactions was also felt necessary rather than the old “anticipated versus actual” analysis.

The FATF in their report “Covid-19 related Money laundering and Terrorist Financing” issued in December 2020, highlighted many issues such as counterfeiting of medical goods, investment fraud and exploitation of economic stimulus measures during the pandemic period. Economic factors such as unemployment, bankruptcy of companies, stockpiling of cash by organized criminal groups were also identified as vulnerabilities that fraudsters would look to exploit. However, with the world now back to normal business routine after almost two years, it looks like finally regulators are in a position to devise strategies for AML / CFT that are more proactive rather than the reactive approach that was used during the whole pandemic period.

Looking Forward – Future of AML Compliance

AML compliance is likely to face unparalleled challenges in the near future with the gradual adoption of technological solutions by financial institutions all across the globe. The Fintech and Regtech sectors have seen exponential growth during the last couple of years and the trend is set to continue well into the coming years with technologies such as invisible banking looking to supersede the old age banking system. The new AML solutions being introduced by Fintech and Regtech firms that are based on technologies such as machine learning not only simplify and improve customer due diligence process but are also able to analyze transaction data and raise timely alerts. It is however important for the financial institutions to establish and enhance their own data management capability by introducing frameworks for smooth collection, consolidation and governance of data related to AML and CFT.

In order to successfully implement the data management and technological changes as stated above, a revision of AML related budgets is expected by the financial institutions and regulators alike. In order to achieve the desired results of AML compliance, financial institutions are expected to significantly increase their AML budgets so as to make sure that they have the desired resources both in terms of human capital (with the required knowledge and experience) and technology to combat the risks of ML / TF / PF.  Organizational structures and process flows are expected to become simpler and flexible to counter the continuously evolving landscape of AML compliance with a focus on maintaining a positive culture of information sharing and regular trainings of employees. Regulatory bodies on the other hand are expected to regularly review the policies and procedures of financial institutions and provide feedback on what changes are needed to further strengthen their AML compliance framework with a focus, particularly on the rising crypto trade around the world.

Other than the technological changes, other changes are also expected. In an effort to stop money launderer information-sharing programs are set to evolve with collaboration between both the public and private sectors expected to gain further momentum in the future. Regulatory bodies and government agencies will look into finding secure channels for information sharing whereas internally, compliance and AML teams will look to establish more resilient and reliable workflows. Moreover, manual analysis jobs in the financial institutions will continue to trim down while technology takes its place into the compliance framework. AML professionals are, however not expected to become redundant since the Fintech and Regtech companies will be able to use their expertise into building technological solutions for AML compliance. It will however be necessary for AML personnel to continuously update their knowledge on not only the regulatory changes but also the upcoming technologies if they are not to be left behind in the coming days.

Need of the Hour – AML / CFT challenges

In order to combat money laundering and terrorist financing activities on a global level, technological innovation is the key. New technologies which can assist the financial institutions in assessing the risks of ML / TF / PF timely and accurately are the need of the hour since when used responsibly, such technologies/products will increase financial inclusion and therefore, bring in more persons/entities into the regulated financial system. Since the start of the pandemic, the world has changed drastically and in response, financial systems have also changed with the introduction of new digital payment methods, rise of virtual assets such as bitcoin and an ever-increasing number of online transactions. However, it is significant that these digital innovations continue to evolve.

A risk-based approach is the key to understanding the risks of money laundering and terrorist financing faced by financial institutions all across the world. Inadequate risk assessment can lead to decision making that is inaccurate and heavily based on human input. An assessment performed by FATF shows that some countries are still in practice of using rules-based approach since they consider the implementation of the risk-based approach challenging. Use of technology is the only measure that can solve such a conundrum since it can significantly improve the collection and processing of data. Traditional risk assessment tools such as Excel limits the possibilities of correlating data and are unable to allow analysis of large-scale data accurately. Innovative tools which can help in analyzing data in real-time and with a certain degree of accuracy are useful in identification of new risks which the traditional tools were not able to do and therefore add value. Another challenge faced by regulators is that of financial inclusion. FATF reports that one billion people around the world find it difficult to provide adequate documents for opening a bank account. Technological solutions such as digital ID can help solve such problems and enable financial inclusion. Manual control measures are prone to errors that technological solutions can not only address but also improve the customer experience as well as contribute to costs savings. Customer due diligence process can also be streamlined using digital solutions that use a mixed approach of client screening and matching. Ultimately, a problem-solving approach is pivotal in adopting technologies for AML / CFT which does not create an additional burden or unwarranted consequences.

Besides the inability to effectively use a risk-based and the challenge of financial inclusion, there are regulatory and operational challenges to deal with as well. Financial Institutions are still in the early stages of developing expertise and resources to fully understand the new technologies. Regulatory processes also need adjusting according to these new technologies in order to be able to use them effectively. Furthermore, the quality of data inputted into these new solutions is another challenge since the optimal use of these solutions is highly dependent on simplicity and reliability of data being input. Therefore, in order to successfully implement a tech-based solution for AML / CFT, it is pivotal that the data collection process in the financial institutions is improved. Operational challenges mostly relate to significant investment that is required in the development and implementation of AML / CFT solutions. However, the investment does not necessarily mean the cost of purchasing the new technologies but also the cost of training staff on the use of new systems, the migration of data from old to the new system, testing the accuracy of data migration process, performing user acceptance test and many other factors. For financial institutions, cost-benefit analysis due to lack of regulatory incentives is the main obstacle to the willingness to uptake innovative solutions for AML / CFT. Interpretation and explanation of results using digital solutions is another challenge for financial institutions and regulators alike. However, if caused due to unavailability of relevant expertise and lack of awareness, this issue can be addressed by regular training of users and emphasis on how the use of such technology will help the staff in their daily work routines.

Cost of AML Non-Compliance – Sanctions and Penalties

With money laundering techniques becoming more and more complex and their volume continuing to amplify, financial institutions are facing both the risks associated with money laundering as well as the need to comply with Anti-money laundering regulations imposed across the globe by regulatory bodies and governments alike. Non-compliance of these regulations not only results in punitive fines and criminal proceedings but also the risk of becoming a sanctioned entity as a result of participating in the act of money laundering or terrorist financing whether intentionally or unintentionally. The risks faced by financial institutions have further intensified as financial sanctions are being imposed on governments and financial institutions but also individuals especially politically exposed persons (PEPs). Financial institutions are now expected to exercise further scrutiny over the financial activities of PEPs and verification of fund movements to and from their accounts since in many cases, many of these individuals become sanctioned by global regulatory authorities. Therefore, financial institutions are expected to focus on the need to adequately evaluate the risks of exposure to PEPs keeping in view the recent changes and developments related to fines and sanctions by global authorities.

In 2020, 24 financial institutions were fined approximately 3.2 billion dollars whereas this figure dropped to 2.7 billion dollars. In 2021, the number of financial institutions fined during 2021 increased significantly to 80 entities across the globe. Below are the most significant cases of fines placed over financial institutions in 2021:

AmBank Malaysia

A 700-million-dollar settlement was reached by Malaysian AmBank for its role in the 1MDB scandal in 2021 for its failure to report a $681 million payment from Middle East in one of its PEPs account. The individual was later found guilty of money laundering and corruption whereas the hefty penalty is likely to have a significant impact over AmBank’s earnings.

Capital One Bank USA

Credit Card firm Capital One was found guilty and was fined $390 million by US Department of Treasury’s Financial Crimes Enforcement Network (Fin CEN) for violation of Bank Secrecy Act (BSA) for its failure to report thousands of suspicious activity reports (SARS) from 2008 to 2014. It is estimated that over 50,000 transactions amounting to $16 billion were not reported.

Duetsche Bank

The German bank was fined more than $130 million for violation of Foreign Corrupt Practices Act (FCPA) as a result of an investigation carried out by the US Securities and Exchange Commission (SEC) for a bribery and commodities fraud scheme. It was found that senior executive leaders were involved in payment of bribes amounting millions of dollars to consultants in order to bolster the bank’s business around the world.

11 Banks in UAE

Enforcement action against 11 banks by the United Arab Emirates Central Bank resulted in a combined penalty of $12.5 million for AML failings. The identities of the banks were not disclosed publically, however, the money laundering controls placed by these banks were found to be inadequate in 2019. These fines were the first such step by UAE Central Bank since FATF had criticized the UAE for its failure to act in the past against money laundering and recently UAE was added to the grey list of FATF’s high-risk jurisdictions.

Apple Bank for Savings USA

Another bank that was fined a mammoth $12.5 million for violation of Bank Secrecy Act was Apple Bank for Savings in USA. The fine was imposed by Federal Deposit Insurance Corporation (FDIC) for the bank’s failure to comply with the FDIC’s instructions of improving and enhancing its AML compliance program during the period from 2008 to 2014.

Besides the aforementioned examples, other banks such as ING, Future Bank, NatWest and ABN Amro were also fined millions of dollars for their failure to fully comply to the AML / CFT guidelines by respective financial regulators. However, from the examples stated above, key take way points can be summarized as follows:

• Transactions pertaining to PEPs need to be reported to local regulators on a timely basis.
• In order to stop criminals and fraudsters from abusing the financial system, suspicious transactions must be reported to regulatory as well as law enforcement agencies
• Anti-bribery and corruption policy needs to be enforced in financial institutions by the senior management who must set the tone themselves.
• Regulated entities must ensure that necessary controls are in place in the financial system for adequate AML compliance
• Any failings discovered during the inspection by regulatory agencies must be addressed on a timely basis.

Written by:
Ahsan Iqbal