One widely quoted estimate by the International Monetary Fund places the aggregate size of money laundering in the world at between two and five percent of global GDP1. And while the illicit nature of money laundering means no precise statistics are available, it is fair to say that bad actors have traditionally had the upper hand. This post explores some of the competing priorities and developments that have caused banks to play catch up, and whether the tide is now turning with the advent of collaboration and technology.
One widely quoted estimate by the International Monetary Fund places the aggregate size of money laundering in the world at between two and five percent of global GDP1. And while the illicit nature of money laundering means no precise statistics are available, it is fair to say that bad actors have traditionally had the upper hand.
A bank is a corporate entity that is allowed, usually by specific licence issued by an appropriate authority, to accept third party deposits and hold them on behalf of their owners. Furthermore, they may wish to use the deposits that are placed under their security to provide credit to other customers in the form of loans.
It quite simple, when described in those terms; the whole process of banking should be simple - if you have nothing to hide.
Not only do we need banks, to receive our salaries and pay our bills etc., but banks also need us and other banks to borrow from and equally to lend money to. Money makes money, and all that. Banks are consistently looking at new, sometimes innovative, ways of not only doing more business with their existing customers but also establishing worthwhile relationships with new customers.
This is a core focus for retail and corporate banks and is a prerequisite for their shareholders. But it can also cause problems. Not opening your doors wide enough won’t let enough new customers in, potentially making a bank a less attractive investment choice. Conversely, opening your doors too wide can invite legal entities, be they corporates or individuals, whose motives are far from legitimate but need access to the global banking system.
Risk appetite should drive business strategy as much as business strategy drives risk appetite.
Regulatory penalties are nothing new and we have seen significant fines levied against several leading banks. These actions serve as a reminder of the financial, but also the reputational, costs of getting compliance wrong. The word ‘remediation’ is also not new and has regularly been heard and actioned in banking circles almost since know your customer (KYC) guidelines were implemented almost two decades ago.
Banks needed to move with the times. Traditional banks’ rate of growth has outstripped their KYC functions’ capabilities and, quite simply, risk indicators got missed. Prospects, and existing customers, were not being screened to a defendable standard and things needed to change. Banks are now very familiar with what is referred to as a ‘control’ environment in which they currently operate.
Criminals are always looking at ways they can launder their money. In some instances, it would be fair to say banks have been less concerned about the provenance of money they have allowed into their bank.
Potentially, a further level exists, that of ‘structuring’, which involves moving money around financial centers whose focus on KYC is not at the level of, say the UK or the US – jurisdictions traditionally referred to as tax havens. (link to Pandora Papers post)
Structuring is carried out, in the main, to further obscure the origin of funds as well as making it appear more legitimate. Structuring makes the money trail harder to follow. Generally speaking, these are professional facilitators working with the intention of making the source of funds appear as opaque as possible.
This is where financial institutions could do more to collaborate and make information about mutual clients available so that patterns can be established to determine if transactions are suspicious. This can also aid the fight against modern slavery and people trafficking.
Compliance functions can, when looking at policies and processes, be disorganized. Therein lies perhaps the biggest issue. Typically, spending on compliance is seen as an inhibiting factor as it offers very little by way of immediate and tangible return on investment. People leave and often don’t get replaced.
A silo mentality prevails in some shape and form in all the banks that I have had the pleasure of working for, and often silos exist within silos. Not ideal, when you consider that these functions are facilitators of business, not inhibitors. It is also noteworthy that many of the KYC, client lifecycle management and remediation teams within large banks are unsustainable in their current formats due to costs, quality and availability of experienced staff.
Things clearly need to change and an argument that is growing in strength is the removal of ‘hard’ renewal deadlines e.g. annual review for high risk clients, every other year for medium risk clients and every three years for low risk clients, and a move to ongoing KYC.
The European Union, in many of their Anti-Money Laundering Directives, call for greater cooperation between member states in their collective efforts to thwart financial crime. If they are setting the ‘tone from the top’, it is perhaps somewhat understandable to see the lack of cooperation that currently exists between most of the bigger banks.
Meanwhile, in the US, section 314 (b) of the US Patriot Act permits financial institutions, upon providing notice to the United States Department of the Treasury, to share information with one another in order to identify and report to the federal government activities that may involve money laundering or terrorist activity. A perfect example of legislation leading best practice in the financial services industry.
Granted, when Ernest Walton first split the atom, it is unlikely that he would have understood the full gruesome, potential consequences of his actions. Similarly, when Satoshi Nakamoto (or whoever it really was) came up with the idea of Bitcoin, their intention was not to provide a new and improved currency that could be used by the criminal underworld to hide their ill-gotten gains.
Crypto has somewhat polarized banks. Some don’t understand crypto, have zero appetite for it, and run in the opposite direction at the mere mention of the word. At the other end of the spectrum, some banks want to be at the forefront of developments and would consider creating their own exchange or even digital currency.
What this shows again is the huge diversity that currently exists and the fact that one size most definitely does not fit all.
Another interesting angle that criminals have adopted is the use of money laundering through gaming. Virtual in game assets can have a tangible value in the real world and, to some extent, these movable assets have been exploited as methods of transferring illicit money.
There are several things that banks, be they traditional or challenger, can do to make their individual and collective lives easier.
First, data can be made available via a suitably disinterested party.
Take the example of the Joint Money Laundering Intelligence Taskforce, or JMLIT for short. This was initially a 12-month pilot project developed by the Home Office, National Crime Agency (NCA), City of London Police, the British Bankers’ Association (BBA) and other financial institutions. The plan was to create a hostile environment for criminals and in practice this involves many of the major banks being been given a ‘seat at the table’ with the NCA selecting a target. They then request information from all the banks on their target and compile or augment their files to assist with their enquiries.
A public/private partnership is a promising way forward. There’s no competitive edge to be gained and, chances are, a bank who perceives a client to be a bad actor will almost certainly be perceived as a bad actor by their peers as well.
Another great example of positive collaboration is the FinTech FinCrime Exchange (FFE). This is a platform that was established by FINTRAIL and the Royal United Services Institute (RUSI) to share information on criminal typologies and controls. Their members help to strengthen the sector’s ability to detect and counter the global threat of financial crime. What an excellent initiative.
Furthermore, five leading banks in the Netherlands have shown good cooperation around transaction monitoring by forming Transaction Monitoring Netherlands (TMNL). Together with the Dutch Banking Association (NVB) they plan to look at how feasible it is to monitor payments collectively, rather than independently, with a view to identifying suspicious transactions whilst employing economies of scale. Clever.
Aside from collaborative initiatives, new technology such as artificial intelligence is starting to deliver on its promise to revolutionize financial crime prevention. Significant developments have been made in this space and improvements in coverage, accuracy, speed and automation will help reduce the limitations and shortcomings of the past.
With numerous collaborative initiatives already in place, and more in the works, the collective opinion of those working in financial crime prevention suggests this is the right way forward. Perhaps, then, it is a question of willingness to overcome barriers that exist so that these initiatives can become more effective.