Given the spate of recent fines by UK and US regulators against banks for failure to comply with anti-money laundering regulations, it’s worth exploring the question of why the banks keep coming up short.
The most recent headline was the £7.6 million ($12.6 million) fine the UK Financial Conduct Authority (formerly the Financial Services Authority) levied against Standard Bank in January for failings relating to its AML policies and procedures. The FCA highlighted the bank’s shortcomings particularly in terms of ensuring all aspects of its AML policies were applied appropriately and consistently to its corporate customers connected to Politically Exposed Persons, or PEPs. A PEP is defined in the regulations as “an individual who is or has, at any time in the preceding year, been entrusted with a prominent public function,” and an immediate family member, or a known close associate of such a person. In the eyes of the regulators, PEPs are thought to pose a higher risk of money laundering, and therefore the expectation is that they require greater due diligence from the banks.
The fine levied against Standard Bank was the first under the UK's new penalty regime, which is expected to result in higher fines. But the crackdown on AML compliance really began in earnest back in 2002, says Richard Burger, a former senior enforcement lawyer at the FSA who is now a regulatory partner at City law firm RPC.
“It's like shooting fish in a barrel with a hand grenade,” says Burger commenting on the frequency with which banks are being fined for AML noncompliance. It is not that the banks aren’t doing anything to enhance their AML processes and policies—they are the first to point out that they invest millions in AML compliance and transaction monitoring systems annually, for fear of being fined. But because the AML regulations—in the UK at least—are principles based, Burger says they are open to interpretation, which increases the likelihood that regulators will find some gaps in banks' systems and processes. However, it seems some financial institutions haven't really picked up on the need for enhanced due diligence around PEPs.
And ahead of the introduction of the EU's 4th Money Laundering Directive , Jim Muir, director at financial data management specialist AutoRek , says the FCA has focused on improving initiatives against money laundering by introducing hefty fines for banks whose existing systems are not good enough.
It begs the question, how much do banks really know about their customers or, to phrase it another way, how much do they really want to know? After all, doesn't overzealous customer due diligence tend to go against a bank’s commercial remit of accepting customer deposits and facilitating the flow of funds globally between accounts, for which it can earn a nice sum? Trying to determine beneficial ownership of offshore trusts, which are managed through various entities, can be time consuming and costly. “The main challenge that banks face when trying to comply with AML regulations is dealing with complex, multicustomer, spaghetti systems,” says Muir. “As a result, organizations do not have the right controls or practices in place to manage risk.” Muir notes that it is not unusual for payments to be made to an unintended, illegitimate recipient before all the necessary checks are completed.
In order to meet regulatory demands, banks need to identify and understand the activity of their clients at all times. That requires strong data management processes, says Muir, which effectively establish the identity of “beneficial owners” of corporate bodies or partnerships, monitor customers’ business activities and automatically escalate anything suspicious while storing all documents relating to financial transactions, procedures and processes.
But is the amount of time and money banks invest in AML really worth it when the only payoff is keeping the regulators off their backs, and even then that is not guaranteed? More important, does screening transactions against sanctions, PEPs and internal lists really help catch potential money launderers? It's not as if the newspapers are filled with stories of money launderers caught as a result of AML screening, and the banks themselves don't appear to be particularly satisfied with the performance of their internal transaction monitoring systems .
Jackie Harvey, professor of financial management at Newcastle Business School, highlights the potential overreporting of SARs (Suspicious Activity Reports), which are filed by compliance officers whenever a suspicious transaction is identified. In its 2013 SARs Annual Report , the UK's National Crime Agency says there was an increase of almost 38,000 in the number of SARs reported from 2012 to 2013, which it attributed to outreach work and heightened awareness rather than the greater risk of money laundering. Banks were by far the largest reporters of SARs, says the NCA, submitting approximately 80% of the total. “It is believed that this is possibly in response to regulatory actions within the global financial sector,” the NCA stated. This seems to support Harvey's assertion that more SARs are being reported for fear of regulatory penalties than for the actual uncovering of criminal activity.
Some, however, stress the importance SARs play in intelligence gathering, even if they don't directly result in a criminal prosecution.
“It supports the efforts of anticrime and intelligence agencies,” says Burger. And the intelligence gleaned from AML compliance is also useful for the banks, he argues, as it could be used to sell customers more targeted services and products.
Most banks, however, don't look at this way. They see AML and KYC as largely an onerous and costly box-ticking exercise, so much so that they are now attempting to close accounts in certain markets where the costs of compliance outweigh the returns. Barclays Bank , for example, tried to close approximately 250 money transfer accounts in Somalia for fear of falling foul of AML regulations.
Has the regulation gone a step too far? By closing accounts, don't the banks risk discriminating against legitimate businesses that have done nothing wrong, effectively cutting them off from access to the international money system? And how does this stack up against banks' social obligation to provide access to international clearing services for those that are not direct participants in payment systems?