The Association of Governance, Risk & Compliance
Current Trends in AML Webinar Transcript
February 2021
Our panelists were:
- Holger Pauco-Dirscherl, Senior Financial Crime Professional, Germany
- Dr. Nicholas Ryder, Professor in Financial Crime, UWE Bristol, UK
- Sandip Patel, Managing Partner, Aliant Law, UK
How are criminals exploiting the new vulnerabilities opened up by the COVID-19 lockdown?
Sandip: Absolutely. Criminals never stand still and the pandemic is a once in a generation opportunity to expand their portfolio of crimes we now know. It’s more than anecdotal evidence that the money laundering threats have increased and so we’ve seen, whilst all of us are working from home, banks, offices and branches are closed because of public health issues, customers are therefore carrying out more transactions remotely and, if that continues over the medium to long term and the economic downturn continues, then criminals will thrive.
So just very quickly by way of example, the primary fraudulent activities include—this is not an exhaustive list. Impersonation of officials, we’ve seen that in relation to bank officials and more permanently here with broad impersonation of tax authorities and that is a growing risk. Counterfeiting of essential goods such as medical supplies and medicines. In the course of my work as a lawyer, I’ve had direct experience of counterfeit PPE fundraising for failed charities and fraudulent investment scams on the increase. We know that from a recent report by Europol and, of course, general cyber crime, they’re still there, that’s proliferated, so that’s in a nutshell a short list of what’s been happening.
Nicholas: I really agree with what Sandip has said. I think we are seeing a significant increase of cyber crime and one of the things that I’ve noticed and I think my students have noticed is the number of spamming and phishing emails that we get purported to be from certain government departments offering you, for example, a tax rebate that’s linked to COVID. I think the other intriguing part with regards to the furlough scheme in the UK is, of course, the fraud, which is associated with that scheme. There was a report last year by the National Audit Office that claimed the amount of fraud linked to the furlough scheme was approximately 3.2 billion pounds, so I think that what we are seeing now are more reported investigations by HMRC, more prosecutions and ultimately even more convictions.
But, yeah, I think just to really echo what Sandip said in his answer, we are seeing a lot more cyber crime impersonation and financial fraud so, if anything, it just shows that your white collar criminals will never sit still, they will try to, I suppose, attack might not be the right word, but to victimize the more vulnerable members of society, maybe where people’s anxiety levels are quite high, then people just might reply to that email that they shouldn’t have replied to or open that web link or open that text message so you can understand why people might be a little bit more off guard with some of these comments.
Holger: Yeah, we are living in a situation or in a time where a lot of people are afraid and the criminals are exploiting this fear quite effectively. As you said, they’re not sitting still, they’re quite innovative and there’s always trial and error with new schemes and typologies.
Do you think lawmakers and regulators are fast enough in coping with this speed and getting information out, not only to potential victims, but also to banks so that they can adjust their transaction monitoring, filters, etc.?
Nicholas: That’s a very good question and I think, based upon the research that I’ve been involved in for the last 15 years, sadly a lot of the response by law enforcement agencies and government is going to be reactionary. I think it’s very difficult to pre-guess an emerging typology or an emerging pattern. I think that governments have a very difficult job in responding. We’ve seen obviously new guidance published by the Financial Action Task Force (FATF). I know we’ll probably address this a little bit later on but I think part of the difficulty is trying to get a consistent message across to consumers and investors of these potential fraudulent scams. Maybe the members of the panel and people listening who are experts in the field are very well aware that they shouldn’t be replying to an email or they shouldn’t be able to play into a get-quick-rich scam and, of course, it’s members of the public who might be vulnerable consumers struggling financially with the pandemic who’ve lost their job will think, “Well, maybe I should try out this investment and hand over my life savings or a proportion of them.”
Given the aid packages released and the limited safeguards placed on these payouts, banks were pressured to identify potential fraudulent payouts. Was this necessary and how should banks react to this?
Sandip: Well, that’s a really good point. In my view, the present system of STRs or SARs is simply not fit for purpose because the obligation is placed upon the banks to be the gatekeepers but also the police, so to speak. In my view, it’s just simply not realistic to expect banks to scrutinize the internal transactions of when we’re dealing with money payment providers (MPPs). So, for example, wallet providers or mobile money providers, the data’s simply not available and transaction values are often small. Nicholas will know more about this in the course of his research. So it’s simply, the present situation we all accept I think is unsatisfactory and it’s been exacerbated by the pandemic because compliance is made all the more difficult by remote working. There is anecdotal evidence that stultified AML initiatives but we won’t know really what the true picture is until we see some visibility in about 12 months to 18 months time, but to assume the banks are the regulators is, I think, living in the old world where the law enforcement agencies followed the money. The new paradigm is following the data now and so that’s proving very difficult. In my view, the future lies in great collaboration and partnership between banks, on the one hand, and fintechs and MPPs, on the other. I think that will create a better system and also replacing the antiquated SARs and STRs system, which we all know is too large and part window dressing. Later on we’ll come to the banking scandals, which were last year where banks received record fines. So it’s quite clear that it’s not working and I’ve got some of my views and I’m sure Nicholas has his about how that could be approached.
Holger: Nicholas, you were addressed quite often now and at least please share your views on this. And Sandip made a brilliant point in my view that it’s all about following the data because the whole financial crime risk management world is getting more about IT solutions, about the use of data and collecting all the bits and pieces that you have and then to fill the missing gaps, so please jump in.
Nicholas: Yeah, just to address some of the points that Sandip raised. Yeah, he’s correct, the STRs regime has not been fit for purpose for many decades and I think it’s intriguing that the UK, in its most recent mutual evaluation report by the FATF, which has been ranked the highest of 60 countries from a terrorism financing point of view, and I’ve got some sort of questions about that really and SARs, but of course you’ve got a very detailed law commission review that was published in June 2019 and the recommendations have not yet been implemented. So if they make it, I’m not saying all the recommendations are good, there are some useful ones, there are some maybe not so good, but why hasn’t that been implemented? Everyone knows the financial burden that banks are under to comply, everyone knows that lack of definition of suspicion, everyone knows defensive reporting and this fear factor that if a reporting entity does not reply or fill in an SAR they’re going to get heavily fined by the city regulator. To the Deutsche Bank, a fine of 173 million pounds but no evidence of money laundering but the fine’s imposed. But if you go back 20 years to the Sani Abacha case and money laundering in the city of London, according to a then FSA inquiry, 60% of banks under investigation were found to be involved in that money laundering scam but yet not one was fined. So the contrast in 20 years is that if they’re actively involved, we won’t fine you, but if maybe your due diligence procedures aren’t up to scratch, we will fine you a significant bit, it appears to be very inconsistent.
I think you’re spot on, the data is essential in terms of digitization, and there are many different companies now who are offering software to assist with your customer due diligence obligations. I know that, for example, law enforcement agencies are actively using this but I think it’s about obtaining a more holistic understanding of a money launderer. So, to me, follow the data has to be used in association with the exchange of information, and I think Sandip correctly pointed out the public sector and the private sector where this to me is, according to FATF, the UK has the best model in terms of JMLIT, that’s the Joint Money Laundering Intelligence Taskforce. Now, there are issues with that but if that’s meant to be the right way forward, then the Dutch are going to step through that by having private-to-private exchange of information between five banks. So maybe is that the next evolution perhaps in the battles against money laundering?
Holger: Those are really good points and Sandip was also correct that all of these new payment providers they have better IT capabilities and they’re also in a better position to really connect the data. Just when I think about when we talk about phones like this here, no one of us uses a phone that is older than two years. If it comes to our children even after six months, they’ve already started complaining about it’s too old, but we talk about banks using core banking systems and a lot of legacy systems being decades old, no one of us would use a computer being 30 years old yet there are a lot of banks using core banking systems being 40 years old and even more. It’s just hard to really get all of the necessary data for such a holistic view. And then we are working with the systems in silos, a transaction monitoring in a silo, a KYC system in a silo, a sanctions screening in a silo and a lot of other data around there, which is just not to be connected. Part of the solution are these data lakes they are building now where you just put all of the data in a big data lake and then access it. But do you think, Sandip, this would be a solution or will it even increase problems?
Data lakes. Part of the solution or will it increase the problems?
Sandip: I don’t think it’s a solution. I think it will create more problems. There’s a huge issue of data privacy surrounding data lakes and until there’s going to be international cooperation agreement on standards, there’s little point in having data lakes as some sort of panacea. And, in my view, and picking up from what you just said by Holger and Nicholas, the fact is that these MPPs have huge technological excellence and are far advanced than the mainstream banking system, and we’re already seeing changes in people’s behavior. Take, for example, the African countries. Mobile payments became popular across the continent through telecom companies, effectively becoming cash couriers outside of the formal payment systems. Let’s move the whole process or what we term as traditional banking away from traditionally established practices for AML. It doesn’t mean that we have to start again; it’s not reinventing the wheel. I think there is a possibility or real commitment to develop a globally accepted common set of standards and expectations around KYC, AML screening, sanctions and compliance.
I think everyone will be familiar with the Wolfsburg Group, I’m not a member of it, I’m not a proponent of it but I do recommend people look at their standards on payment transparency and fintechs because there’s a pretty good set of solutions there which organizations will build upon to create a universal framework.
Holger: But the data protection limitations, this is something I think that limits the fight against financial crimes quite massively. I think that there’s always a balance between people having the right to know where the data is and how it’s used and the overarching goal of fighting financial crime as a society. Nicholas, you mentioned public-private partnerships and I think our colleagues in the United States, they’re quite developed when it comes to private-public partnerships. I also think that the UK already did a lot of steps in the right direction, not as far as the US is doing it. But when I take a look at the other European countries or if I’m going outside of Europe, it’s even worse, I think we are not really there and mostly it’s concerns about data privacy issues and potential disclosure of data related to ongoing investigations to banks. So do you think this is a way forward in the fight against financial crimes?
Are public-private partnerships (PPPs) the way forward in the fight against financial crimes?
Nicholas: I think based upon the research that I conducted, and we published a paper last December in the Journal of Business Law, we sort of concluded that JMLIT in the UK is a step in the right direction. It’s only been in existence for six years and it seemed to be as a best international practice but there are limitations to what JMLIT is involved in. So from my understanding, it does not apply to the legal profession, it doesn’t apply to the property sector, so you have two parts of the financial system, which you could suggest are at risk from money laundering and fraud. So why are they not part of that broader discussion? I genuinely am surprised by that. And then what we recommended in the paper, we sort of identify in new money laundering, in particular terrorism financing trends, so we sort of justified a new typology but we call it the social media type or sort of networking model, where terrorists can now finance activities on social media platforms, Twitter, Instagram and Facebook. So why aren’t social media companies also part of that discussion? Because the legal framework for JMLIT means it is exempt from GDPR operations. So with information highway or gateway, a change of information allowed under legislation four years ago. But to me that is the way forward, I don’t think we’re quite there yet for the perfect model, and it’s as if since the UK’s creation of JMLIT, Thailand, Singapore, Hong Kong and other nations are now beginning to follow a similar model. I think it’ll be intriguing to see how that evolves over the next two-three years.
Holger: We have a question, which is going in the same direction but on the other side, talking about private-private partnerships, utilities. So we’ve seen in the Nordic countries building up a KYC utility, we see the Netherlands have now transaction monitoring utility where banks and private sector actors combine their efforts in order to more effectively fight the financial crimes. So Sandip, what is your view on it? Is this a good way forward to evolve in the fight against financial crimes?
Private-private partnerships. Is this another good way forward in the fight against financial crimes?
Sandip: Yes, I think it’s a positive direction, the general direction is in the last 12 months that I’ve seen and we’ve all seen a general upsurge in public-private initiatives. And according to RUSI, which is the Royal United Services Institute in its report last August, there were 23 financial crime information sharing partnerships in existence today and Nicholas has already spoke about JMLIT, which the UK was the first to vanguard this. And it’s been pretty successful in the fight against money laundering. But as Nicholas identified, the results thus far are insubstantial, it’s a useful tool but given the scale of financial crime that we’re looking at, it’s huge, and so this is basically a step in the right direction but there are many more steps to make and the number of regulated entities involved in such partnerships is very small, it’s tiny at the moment. And so the problem with this is the volume of information shared and the public sector resourcing and partnership is limited in that respect. And so it’s positive but what we need is collaborative analytics with the banks and to identify the networks, so that’s how I would describe this being and therefore information sharing, which is data-driven.
Holger: I think the colleagues in the Netherlands are going a bit towards this direction where they exchange already financial data in order to more effectively monitor transactions. And I also think that this would be a possible model to also include state actors at one point to really use both the data but also get the first-hand insights and I think there are some kind of these partnerships in the US already where there’s also data sharing on transactions and involvement of state actors. But another struggle at the moment in fighting financial crimes is the constant struggle between homeschooling, Netflix and day-to-day financial crime fighting activities on the job. So how do you cope with these different struggles, Nicholas? And what do you think about how banks are struggling with the current work from home situation and homeschooling?
How is remote work or work from home affecting the fight against financial crimes?
Nicholas: The joys of homeschooling, yeah. I’m not a compliance officer, I’m not a practitioner so I can’t say how an AML officer will work, but it must be very difficult where you might be stuck in the office, stuck in flat somewhere and you’re trying to, I mean, how much impact does the broad bandwidth have on accessing certain documents and information so it’s bound to be significantly harder. And I think as Sandip and I alluded to at the start of the webinar today, the amount of frauds that are now being committed are obviously going to increase, the scams in terms of online phishing emails and texts that we all get. So it probably made it, I’d say, significantly more difficult for financial institutions to comply with a multitude of financial crimes and, if anything, I wouldn’t go as far as saying that the COVID crisis will be as bad as the 2007-2008 financial crisis in terms of financial crime, but I think in terms of the next chapter of research, I think that COVID is going to be in terms of academic scholars and think tanks for the next 5-10 years because there’s going to be more prosecution. So I think it’ll be intriguing to see how we step back and appraise government initiatives and what the sector has done.
Sandip: My children are of an age where I don’t have to teach them. Lucky for them as well otherwise I would not make a good teacher unlike Nicholas. The key areas, which have been impacted by COVID-19 crisis and obviously depending on the magnitude of each country’s outbreak because it’s not been universal, some countries have suffered more than others. But in general terms, first of all, primarily one looks at supervision and so AML and CFT on-site inspections, we all know have been postponed or substituted with desk-based inspections. We don’t know yet what impact it has on the quality of compliance but we know in some instances on-site inspections only conducted for high-risk sectors or entities. There have also been delays in new AML and CFT policy, we know that some countries are going to roll out initiatives, they postponed them because obviously the policymakers have other things to deal with. Regarding sanctions and remedial actions, a number of countries have introduced suspensions on decisions, we’ve seen that. So putting on hold including fines, suspensions on AML and CFT violation suspensions on clients. We’ve also seen a delay in registering new companies and registries, which is a real problem when we’re dealing with UBOs. Also there’s been an impact on STRs and I speak about jurisdictions still relying on paper-based reporting systems that have proved to be inadequate. Also inadequate database software, Holger, you mentioned antiquated legacy systems which still exist because they’re too complicated to remove and we’ve seen a delay in processing a report. I think this stage is mostly anecdotal but, as Nicholas said, you know people will be looking at this in the years to come to see how this is really truly impacted.
Holger: And you’re absolutely right just also talking about these basic struggles that there are no online processes for registrations, that there are public offices not being able to work remotely. But not only public offices but also private companies where the colleagues don’t have cell phones and don’t have laptops and suddenly they should work from home because they’re not allowed to go to the office anymore. So we were struggling already in the 21st century with such basic things where each one of us says it’s crazy. But just to move away from these basic struggles up to a more sophisticated IT solution. So do you think based on the pandemic and all the things surrounding it, we will see maybe an explosion of IT innovations helping us in the fight for financial crimes and also helping law enforcement in their fights against financial crimes?
Will we see a surge in IT solutions to fight financial crimes as a result of the pandemic?
Sandip: Absolutely. I mean technology as we all know plays a big part because as I keep saying we all agree if you follow the data you need technology to follow the data. And how will technology transform KYC and AML solutions. A lot is said about artificial intelligence. It’s not there where we truly have artificial intelligence but I do feel that technology, which is AI-leveraged, is already having an enormous impact on AML compliance and will continue to do so. I think they’ll be more invested in technology especially with AI links to it. So we know that GCHQ today announced that it was going to adopt AI more readily in its work. I think that’s in relation to information but that’s just by way of example. So the areas which will have an impact upon workflow automation, the cumbersome manual identity verification, that’s all going to be dealt with by AI in the future and rightly so, dealing with massive amounts of data especially document recognition.
I think the most attractive feature of AI is going to be the ability to identify various transactions leading to UBOs. I think that’s going to be a real challenge so what is called link analysis and I think that’s going to play a big part. And also AI will have obviously a natural language processing as I mentioned the ability to read and comprehend detail is going to have enormous impact on maintaining sustainable compliance with AML. So the short answer to your question is yes.
Holger: I totally agree that especially AI capabilities to identify links and networks at least within your own data but also using data from the public space is getting more and more important because we cannot just limit ourselves to only the data that we have in-house. But what is your academic view on this, Nicholas. Do we see an explosion in IT innovations in the fight against financial crimes?
Nicholas: Yes. I think it’s inevitable and one of the current funded projects I’m involved in is funded by the British government and I can’t go into too much details because of confidentiality issues. But what we’re looking to do with a tech company is how they’re using software that can assist with your money laundering, fraud, and terrorism finance investigation. So, for example, if you look at one of the examples of JMLIT working was the London Borough market attack in 2017 where they claimed they were able to identify how it was financed within 12 or 24 hours, which is very quick for terrorism financing. And their software, which exists, that shows that that work can be done now in under 10 minutes, obviously it’s always going to be retrospective, it’s never going to be preemptive, so for me I think new technology, artificial intelligence, hopefully not the level of Skynet in Terminator 2, but you get my point it will facilitate into investigations, I think it will in terms of speeding up the investigation process.
But I think it still has to be managed by a money laundering investigator within the police forces. But I think it’s all good having new software to help the banks to comply with the onerous regulations. But this also applies to the National Crime Agency, it also applies to the FCA. And, of course, if you look at the 2018 FATF report, one of their criticisms is the NCA needs new computer software systems, it needs more stuff. So we can argue that AI will do X-Y-Z but ultimately there needs to be direction from the government to provide more funding, to allow training of officers with the new forms of technology depending on what company they contract with. But I think it’s about ideally a system for all police forces that allows them to, if it’s open source data or if it is, you know, I’m not a technology expert, I couldn’t tell you, but that’s what they need I think to embrace a bit more but holistically you think is a policy deliverable.
Holger: I totally agree with you that at the moment and I also think for the foreseeable future we are not at the point where the human investigator will be completely replaced but all of this IT solutions can support him and lift the burden of a lot of manual boring tasks and enable more high-class work. And what I always find fascinating in the movie series The Godfather is the evolution of the mafia that you can see there. So in the first one they’re street sharks, shooting on the streets and then bullying shops for a couple of dollars. And in the last one we talk about lawyers, accountants, real estate and all those things. I think if there would be a fourth part that they would be now IT doctors and cyber criminals and everything so that there’s a real evolution, which is sometimes fascinating also to see. What about onboarding and KYC, we already touched it a bit. Have we left a time where we go to a bank for an onboarding? Does anyone ever see the inside of a bank again if he’s not working there? What do you think, Sandip, do we evolve from remote onboarding to everything on the online world?
Will customer onboarding shift online and what are some of the challenges posed by this?
Sandip: I think so. My wife was saying that we’re losing another bank in our local town again and so we’re going to be left with one high street bank. It’s inevitable that all our banking requirements we dealt with remotely online in the future. And so, of course, identification verification will be technology-based so we have digital ID systems today, we have biometric technology fingerprints, we have smartphones, we have digital device identifiers, high-definition scanners, etc. And all this is going to prove essential when it comes to identity proofing and enrollment when you talk about onboarding, which is essential. Just in order to establish whom you are. So I think yeah the authentication of identity will become more technology-based undoubtedly. There are obvious risks with any new emerging technology, as we always know, how reliable such technology is. There is also an issue about trust as well between the traditional practices of banks, where one walked into a bank, met the bank manager, bank manager saw you, you saw him or her, and there was a face-to-face relationship, so trust is built. People still have a concern about trusting machines. But I think that’s a hurdle, which will be easily overcome in due course.
Holger: I also think it’s a getting harder for banks to keep clients because it’s harder to say goodbye to Sandip and not if it’s just a website and another website then it’s very easy also to go to another bank and just go for the best pricing, so it’s not about persons anymore. So do you think that there are new risks emerging from this virtualization of onboarding?
Sandip: Yeah, well, there are always. Risks include compromise of broader digital ID infrastructure, the more technology there is that the criminals will seek to infiltrate that and steal data. There are authentication risks, risks created by stolen account credentials, we know that happens all the time. It happened to me recently personally when my bank contacted me and said have you booked four holidays abroad last night. And I said in a pandemic, I don’t think so. And the other risks that we know, facial recognition rendered unreliable from facial expressions so one’s got to be careful with facial recognition technology because we know changes in facial hair, makeup, color can give very different results. Poor management of systems is always a problem because that can compromise the integrity of authenticators and may enable unauthorized access. And then there are always the unknown risks of new technology, which we’ll only discover in due course.
Holger: But Nicholas when was the last time you visited a bank and what do you think about all of this remote onboarding from an academic point of view. The next 20 years of academic work is secured or do you think it’s not such an interesting part to also follow this development?
Nicholas: I think it’s intriguing. I think the onboarding is inevitable and I think Sandip raised the important point about bank closures and that’s nothing new. Banks have been closing their branch network for the last 30 years and, in a previous life for my PhD, I did some research on access to financial services before focusing on financial crime and that was a common conclusion, that banks were shifting in very rural areas. Do we go down the road to implement legislation to compel banks to maintain a branch network, as we have in America with the Community Reinvestment Act, I doubt it. I think software is always going to be a problem, the reliability of it, the administration of it, yeah, I think it does present some intriguing challenges. But they’ll come down to, I think, how consumers will, once probably the vaccination process continues to be rolled out across the world, will people then feel comfortable going back into high streets and going back into their bank. I mean the last time I went into my bank was maybe 15 or 16 months ago, but of course with the pandemic, I’ve not been back into the office since last March, which is quite scary actually. So I think it’s an ongoing problem and, yeah, I don’t quite know how to resolve it really.
Holger: We have seen since the implementation of the 4th MLD, this UBO registers popping up in in each of the member states but also in other countries now and in the European Union we had a very fragmented implementation of this requirement. Some of them are public, some not, some are openly accessible, some are not, so what are your thoughts about these registers? Are we going in the right direction? What needs to be changed and do we need to have something like an onboarding at these registers in order to summarize all the data and collect all the data at one single point? So, Nicolas, what are your thoughts around these registers?
UBO registers. Is this a step in the right direction?
Nicholas: I think it’s maybe a step in the right direction. Again, I don’t think it’s a perfect answer to the problems and I think, as Sandip said earlier, if you are collecting data, is that system open to abuse? How secure is the software? Can the software be hacked and information be stolen? So we’ve seen a gluttony of examples in the last 15 years of cyber hack activists who want to be paid in Bitcoin and we’ve seen ISIS sympathizers who will impose ransom ware on multinational corporations and if it’s paid in Bitcoin, of course, then that provides a high level of anonymity. I think it’s a step in the right direction but again I still don’t quite know what the perfect solution will be.
Sandip: I’m in total agreement with Nicholas. Again it’s a step in the right direction but in my view no one should view UBO registers as providing a holy grail for KYC. They’re useful in the sense they provide another data point, which is going to be used for streamlining KYC processes and indeed allowing for greater introduction of automation. But the experience with UBO registers has been patchy in Europe and generally, and ironically there is a view that they could actually be counterproductive because you could find yourself in a situation where banks will find it harder to keep check of criminals in their books because they’ll use tactics to bypass KYC checks by making sure that their customer provided data, which has passed, is different. And so we know, for example, or there is a great fear that more companies will be using nominee directors including employment of relatives and other straw men to ensure that legitimate owners will fall below the 25% reporting threshold and, hence, it becomes easier to conceal the identity of a company’s UBO.
And so there are real problems with UBO registers as we know because they’re populated through self-reporting. Some are open, some are not. The United States has a very different view on registers, as to whether they should be public or not. And just looking at European Union, according to my calculations, only 13 countries have open registers at the moment and we all know that there are certain countries that will simply not even provide any form of register. So I’m ambivalent at the moment about the efficacy of UBO registers, I think it’s a step in the right direction but it’s nowhere near the panacea that it’s claimed to be.
Holger: I totally agree with both of you but what I’m thinking about is if you have things like this KYC utility in the Nordic countries, wouldn’t it make sense to make a private-public partnership and include those transparency registers into this work to really have a more holistic view on clients, to have more data, to also identify and verify existence of UBOs, and then things like this? Would this transparency register be one of the good points for these PPPs?
Would transparency registers be beneficial to the work carried out by private-public partnerships (PPPs)?
Nicholas: Again, to me, the private-public partnership as a model, I think it is the way forward. I think Sandip made a very valid point earlier that banks are financial policemen and there’s a whole academic debate regarding that particular role, I think anything that can provide clearer guidance and information to reporting entities, that speeds up the process, that maybe drives down compliance costs, I think probably would help. But again I think the bottom line is it doesn’t matter what method you have in place in terms of KYC, customer due diligence, the money launderer will always be one step ahead. And I think we’ve always seen that through new forms of technology, whether they go back to money mules again to avoid financial institutions. I mean look at how 911 was financed, the multiple wire transfers to a bank in Tampa Bay, simply destroyed the Bank Secrecy Act and it’s viability to tackle terrorism finances. So I think it’s important to build up a more robust system and I think this is a step to be welcomed.
Holger: I totally agree with you that the criminals are normally one step ahead of us just because they think like criminals, they are just thinking in ways that the honest people like we all are not used to think like. I was asked by a participant in the training if they are always one step ahead could we win this fight. And my answer is it’s not about winning the fight. We cannot win it but we cannot afford to lose it and this is why we need to make sure that it’s only one step that they are ahead and not more than one step or getting more and more. So we just need to fight hard in order not to lose the fight because we just cannot afford it.
We talked about the fragmentation in the European Union with regards to the transparency registers but it’s not only about this. A lot of regulation and legislation is very fragmented and this is increasing the cost of especially international banks tremendously, at the same time, also the complexity. So Sandip, what is your view? Do we need more streamlined international legislation in order to help the fight? Or would this help criminals more than it would help banks and law enforcement?
Do we need more streamlined international legislation to fight financial crime?
Sandip: No, what we do need is more international cooperation and coordination because this is an international problem dealt with domestically by individual initiative. The European Union has their relationship, the United States, some countries don’t at all, so absolutely it requires more coordination. Can I just give you an anecdote? When you say one step ahead, I met a very eminent US law official in money laundering many years ago and he said if the crooks are three steps ahead, you’ll never catch them. And he said most of them are three steps ahead.
But look then on the bright side, we’ve got the sixth MLD, which I hope will result in more implementation of money laundering legislation because we’ve got more cooperation there, we’ve got dual criminality for specified offences and also greater cooperation within the directive, which I’m hopeful about. There’s the harmonization clarification of predicate offences, which was a real problem in tackling money laundering before. A tougher punishment regime, which is good, minimum prison sentences and also a common definition for predicate offenses. There’s also the extension of criminal liability to legal persons, which I think is going to make a big impact in relation to legal company persons being companies and incorporated partnerships. I think that may well be a game changer because that puts firms directly in the sites of regulated compliance failures.
Holger: Do we get to a European regulator after all of the scandals that we have seen at Dansk Bank, Deutsche Bank, all of them, do we get towards a single regulator? Do you think that the legislation in the European Union will shift from a directive to an AML regulation, where only those small parts, which cannot be part of a regulation, will be in an accompanying directive? So what are your views on it?
What are your thoughts on the creation of a super regulator at a EU level?
Nicholas: I think the creation of a super regulator is littered with potential problems. We’ve tried that model in the UK with the Financial Services Authority that was set to be in 97 under Tony Blair. That had teething problems, that had a number of particular issues in relation to the levels of compliance. I wanted to pick up one intriguing point that Sandip did mentioned with sixth MLD and the extension of liability companies and I think that’s a really important development because the UK’s approach to imposing criminal sanctions on companies is flawed. I mean it’s limited by common law interpretations; it’s limited by a rather lackluster enforcement strategy. So I think that’s to be welcomed within 6th MLD. It will be intriguing to see how the British government implements that obviously with Brexit. I think that the benefit of directives, it does give member states some discretionary implementation of the directives and whether a one-fits-all approach will be appropriate, I doubt because the money laundering threat and risks will vary from country to country as well.
Sandip: Now that the United Kingdom has left the European Union… The United Kingdom would not accept the European Union regulator for the purposes of regulating and enforcing any of the MLDs, that just simply will be politically unacceptable. But looking at it realistically, the politics would be against such a super regulator either in the European Union or G7 countries. That’s just not going to happen really, so I think that there’s greater benefit to be had in greater cooperation with law enforcement but also the harmonization of laws and that’s why I think the 6th MLD really will have some effect. Because up until now countries have said, “Well, we’ve had a different AML regime to you, etc.,” and then you get bogged down in issues like, “Can we share this, do we do this or not?” If countries all have the same regulatory regime, then that reduces the risk of non-cooperation, so I think that’s a positive step but no to a super regulation.
Holger: Do you think Brexit will impact the overall collaboration and cooperation between the UK and the European Union in the fight against the financial crime both from a financial institution perspective but also from a government perspective?
Will Brexit impact collaboration and cooperation between the UK and the EU in the fight against financial crimes?
Sandip: No, I don’t think it should. I think politics can be put to one side when it comes to combating money laundering and I think everyone agrees to that. Obviously, there’s going to be potentially some issues about data sharing and information sharing and that’s a problem we haven’t really resolved yet but I think all the countries, all the members of the European Union, the United Kingdom government accept that it requires international cooperation because of the scandals we had last year with Goldman Sachs and Westpac, the bank in Australia. You mentioned the Nordic banks, I mean that was huge, that was essentially 200 billion dollars and involved incredible money laundering on an unprecedented scale, where Deutsche Bank 150 million dollars, so I think it’s in everyone’s interest including the treasuries of each country to maintain strict compliance coordination because these are vast amounts of money, which are being pulled into treasury coffers at a time of diminishing tax returns.
Holger: So we have heard from the Boris Johnson government already that they want to lift the burden of regulatory chains from the financial industry, to invoke a giant and to put free trade zones at the borders of the European Union and do you expect this to happen or will the AML regime stay the same just because no one wants to risk an inflow of incriminated money?
Will there be a relaxation of AML regulations in the UK as a result of Brexit?
Nicholas: What I can say about the government efforts to tackle financial crime is that we’ve had the economic crime plan in July 2019, we’ve had multitude of reports published, national risk assessments, but the government are basking under the FATF conclusions in 2018. But if you take away the overall gloss, you will find some fundamental flaws within the UK’s money laundering or counterterrorism financing legislation. So, for example, we’ve just finished a study that looks at fraud and terrorism financing. Now, the government’s fraud policy, it doesn’t mention terrorism financing. That’s a bit of a problem. The government’s terrorism financial policy, have a guess? Doesn’t mention fraud. So you have against the background of the Russia reports and the allegations of illegal money in the city of London in the property sector, which, of course, have been brushed under the carpet by the government, they’ve been dismissed. So I’m a little bit skeptical as to what the government’s real financial crime policy is because I don’t know what it is yet. I get the impression that the Home Office is under increasing pressure to deliver the economic crime plan but obviously with the budget coming next week, we don’t really know how much funding will be provided for law enforcement agencies or new initiatives to tackle financial crime.
Holger: And it’s a great point, I think we can make a complete new session about the connection of fraud and terrorism financing, because there is a lot of cases, we also had a case in Germany where the ISIS-related terrorists used a VAT carousel in what they call the economic jihad in order to finance terrorist attacks so quite interesting. What’s your view on this Sandip? Will there be a lifting of AML regulations as a result of the Brexit or do we stay the same?
Sandip: Absolutely not. There won’t be a relaxation in AML restrictions or compliance. I think what Boris was talking about was making it easy to do business, the city to be freer to gain access to other markets, not the city becoming more attractive to the money launders. It’s got a bad enough reputation as it is at the moment as a result of Brexit enhancing it as being the capital of money launderers or international capital. In fact, the banks don’t want it. Actually, the banks when it comes to AML want to maintain the standards now and actually build upon them to an extent, which is not as we’ve been through with the UBO’s, which is not replication in the European Union. So, for example, if you go to a country and I just use it by way of example, Hungary, they’ve not adopted parts of the fourth MLD, let alone the fifth and the sixth. So I think it’ll be the city when it comes to AML will be, no, there will be no relaxation in that respect.
Nicholas: I can add in there, a great point by Sandip, the difficulty is that if you deregulate, you will end up attracting more illicit money and what we’ve seen with the Big Bang in the 1980s, the Gower report, all the sub deregulation that I loved as a student, sadly it does attract more and more illicit money into the city. So I think Rosalind Wright, the former head of the Serious Fraud Office (SFO), did some research about 10 to 12 years ago and her conclusion was that deregulation leads to an increase in financial crime. So I would happily defer to the head of the SFO’s opinion.
Holger: I see that we’re already near the end of our session, just a quick question, Nicholas, are the banks, the financial industry, the weak link in the chain? So is the answer to all of the money laundering scandals really to put more fines on banks and then to put more regulatory pressure on banks or do we have a very regulated situation there but the weaklings are in fact somewhere else?
Are the financial institutions the weak link in the fight against money laundering? Or are the weak links elsewhere?
Nicholas: Let’s put my head above the parapet for this one. What we’ve concluded, I did a 2014 study on the 2007-2008 financial crisis, and we identified multiple examples of financial crimes committed by financial institutions and committed by agents or employees. What we found is that the use of financial penalties as a stick does not work. And I think in some cases it’s become part of banking practice to set money aside to pay for financial penalties. So what we’ve then seen is the use of deferred prosecution agreements (DPA), primarily in America after the debacle with Arthur Anderson and the collateral consequences of that reversal of strategy in America. But if you take HSBC, for example, in the 2012 DPA, did that have an effect? Yeah, the bank altered its corporate governance structures. But, yet again, these companies become persistent repeat offenders but I don’t think it’s purely on the financial sector. I think all sectors are at risk, whether it’s estate agents, lawyers, financial advisors, other multinational corporations, so I don’t quite know what the perfect enforcement mechanism is. I think a lot of good tools exist in the UK and across Europe, but I don’t think they’re effectively used. So, for example, one of the new offenses is reckless misconduct, so if a bank becomes insolvent, the director can then be prosecuted for that insolvency. But it begs the question: How many banks in the UK have become insolvent? They’re too big to fail, too big to jail. So you have this various use, whether there’s a hybrid of DPA prosecutions of individuals, I don’t quite know what the perfect answer is. But I think it’s difficult for banks to comply with because they are seen as an easy target