Anatomy of AML – what to look for and how to improve controls
Recent fines imposed by both US and UK regulators give a strong indication of an intent to crack down on inadequate anti-money laundering controls amongst regulated entities. So, can asset managers in Ireland expect to be next in the regulator’s sights?
Increasingly these crackdowns can come about even when no evidence exists of firms actually handling laundered proceeds. In 2019, the last full year of available data, the UK and US issued 37 AML fines totalling nearly £3bn, and whilst Irish firms have yet to experience fines on anything like this scale, the regulator’s tendency towards levying fines certainly looks set to continue into 2021, so it could be only a matter of time.
The message to all regulated firms in Ireland and the UK is loud and clear – get your house in order, or risk being fined if your controls aren’t up to scratch. However, AML regulation has been with us for over twenty years, so just what is behind this recent raft of crackdowns?
First off, it should be noted financial crime in general continues to rise. In the UK it’s costing the economy an estimated £37bn a year, according to the National Crime Agency. The situation is much the same in Ireland and estimates from as long ago as 2016 1 claimed that money laundering was costing the country over 5bn Euros annually. Yet detection rates remain incredibly low, with less than 1% of illicit money ever recovered. Globally, the figures make for more grimmer reading still, with global money laundering activities valued at between 2% and 5% of total GDP according to the Financial Action Task Force (FATF), making it a trillion Dollar industry.
Pressure is cascading down from governments and policy makers, via the regulators, onto organisations to get on top of the problem. In the EU, Money Laundering Regulations have been strengthened several times in recent years, most recently with the implementation of the 5 th Money Laundering Directive (5MLD) in January 2020, and 6MLD across EU member states from December 2020, including Ireland. More recently the EU has announced an action plan for all EU countries to strengthen rules, achieve a common definition of money laundering offences, appoint an EU supervisor and improve information sharing between national financial intelligence units. And this trend is set to continue. Regulatory pressure to comply is consequently a major concern for most firms who are rightly now asking, ‘are we doing enough?’
Fund managers in Europe and the USA are potentially exposed to similar risks, particularly where intermediaries are involved in introducing or selling investment products. A risk-based approach in applying customer due diligence is essential in such cases, since specific risks vary depending on the nature, scale and complexity of firms’ operations.
Several factors may increase the risk of money laundering and bribery and corruption:
- Non face-to-face business – attractive for money launderers hiding behind stolen or fabricated identities.
- Customers from or with links to countries that are considered high risk from a money laundering and/or corruption perspective.
- Wealthy and powerful clients, particularly where they insist on a high degree of confidentiality.
- The use of offshore trusts and shell companies to distance beneficial owners from their funds.
- High value and/or unexpected transactions.
- Payments or inducements, without a clear business rationale, to third parties
Fund managers must carry out a thorough risk assessment across their entire business, including significant third parties and ensure risk policies and procedures are in place to adequately deal with customer on-boarding and ongoing monitoring, with appropriate levels of due diligence.
Considering in more detail some of the recent AML failures and fines levied, a number of familiar themes emerge. It’s rare to find that failures boil down to wilful negligence; regulatory reports clearly show that the vast majority of firms are committed, or strive, to doing the right thing.
When reviewing firms’ files, regulators commonly report gaps between policies and practices. In other words, what the Compliance Officer says should happen, isn’t what actually happened on the ground. Anecdotally at least, we know that the picture is similar in most regulated sectors across the UK and Ireland.
Following visits by regulators, a number of firms found they needed:
- Better KYC and AML procedures in order to recognise, and subsequently report, something actually being suspicious.
- More robust identity verification and risk assessment checks to prevent problems from occurring in the first place.
- Improved Customer Due Diligence, including proper risk assessment or an effective risk-based approach.
- Enhanced training programmes to promote a thorough understanding and appreciation of money laundering risks throughout the organisation.
CEOs and their boards must appreciate the importance of a compliance culture that is engrained throughout the organisation, from the top table, right down to the reception desk. Funds professionals must be made fully aware of the risks and implications of processing the proceeds of crime and allowing illicit monies into the financial system, not just to their own organisation, but to society as a whole.
Additionally, the stakes for non-compliance are high for any firm. With increasing amounts of regulation though the 5 th and 6th anti-money laundering directives and the latest guidance from the Financial Action Task Force (FATF), regulators everywhere are under increasing pressure to take a more robust approach in supervising the firms they audit and monitor.
Leaders of financial institutions need to make it their mission to root out sources of laundered and illicit monies from their institution and create a culture that considers doing so, a good thing.
That collective willpower combined with best possible technology-led data and analytics tools for effective customer authentication and enhanced due diligence checks will put any organisation in the best possible position to avoid AML misdemeanours and the inevitable wrath of the regulator.
So, the message is clear: whether you’re a financial services behemoth, or a new Fintech entrant to the funds industry, the same regulatory and moral responsibility lies on you to keep on top of both new AML regulations and the rapidly changing and newly emerging forms of financial crime that misuse use the system to launder the proceeds of serious crime.
1Grant Thornton report, 2016