The damning revelations from the “FinCEN Files” leaks have once again put Europe and its supposed world-leading anti-money laundering (AML) rules under the spotlight.

A spate of European banks—Denmark’s Danske Bank, Germany’s Deutsche Bank, and the U.K.’s HSBC and Barclays Bank—are among many of the world’s largest financial institutions that apparently shifted dirty money around the globe and profited from the funds.

That so many of the leaked suspicious activity reports (SARs)—which do not confirm criminal behavior but should prompt further inquiry—featured European companies suggests the European Union’s battle to combat money laundering and terrorism financing is still ongoing.

The revelations have prompted a quick response from the Council of Europe, the continent’s leading human rights organization. It has called on EU member states to redouble their efforts to sign, ratify, and effectively implement the “Warsaw Convention”—the only international treaty that gives national authorities the power to halt suspicious transactions at the earliest stage to prevent their movement through the financial system—and has invited non-European countries to consider joining. It has also recommended the global AML standard setter—the Financial Action Task Force (FATF)—to include requirements for suspension of suspicious transactions.

As yet, the FATF has not made any public comment on what steps it may take.

But it is Europe that is taking the brunt of the criticism—which is not surprising given its recent turgid history with major money laundering scandals. The Danske Bank scandal in 2018 has proved to be Europe’s biggest example, and investigations are ongoing into other major European banks, including ABN Amro of the Netherlands and Swedbank of Sweden.

“Banks are still failing to combat money laundering because that isn’t their goal under AML regulations. Their goal is to meet compliance requirements and pass on that information to the relevant authorities for further investigation.” 

Charles Delingpole, CEO, ComplyAdvantage

To its credit, the European Union has been legislating to combat money laundering for nearly 30 years and continues to do so with increasing frequency. While the first three AML directives appeared in the space of 14 years, the latest three have been knocked out in less than 30 months—with the sixth directive set to come into force in June 2021.

The European Commission has in the past tried to present the swift passing of legislation as a triumph. Many others take a more realistic view, however, mainly because most indicators show money laundering is increasing despite legislators’ efforts. Furthermore, the quickening pace of passing legislation also suggests the Commission is behind the curve and is imposing rules to deter money laundering risks that have already been superseded by other activities.

Perhaps worse still, the Commission is also acutely aware the appetite—and tools—to enforce these directives varies widely between EU member states, as does the willingness and capability to cooperate and share information across the 27 jurisdictions.

While EU directives are meant to bring harmonization of rules, they allow for national variations as the legislation is imported into domestic legal frameworks. As such, this can effectively result in 27 different versions of the same set of rules, and gaps can develop in how they are understood and enforced. And some EU member states have failed to incorporate the new rules on time, leaving them targets for criminals to filter cash through their financial systems.

Following the 2018 money laundering scandals at Danske Bank, Dutch bank ING, and Latvia’s failed ABLV, the European Commission laid the blame for the EU financial sector’s AML failings on three factors: delayed and insufficient supervisory actions to tackle weaknesses in financial institutions’ AML risk management; a lack of coordination and information sharing between national supervisors and regulators; and a lack of cooperation with countries outside of the European Union to tackle the problem globally.

The situation led Commission Vice President Valdis Dombrovskis to concede that “anti-money laundering supervision has failed all too often in the EU.”

Consequently, this May the Commission unveiled a 12-month, six-point plan to better enforce, supervise, and coordinate the EU’s rules on combating money laundering and terrorist financing while shutting down any remaining loopholes and any weak links in the EU’s rules. Key among the proposals were ensuring EU rules are applied effectively throughout all member states through better monitoring, setting up a mechanism whereby EU countries’ financial intelligence units coordinate more effectively and share information more easily, and establishing an EU-level supervisor. Currently, it is still up to each member state to individually supervise how the AML directive works in practice.

Lawyers say the lack of harmonization across the EU is a barrier to compliance.

Andrew Northage, a partner in the regulatory and compliance team and head of international trade at law firm Walker Morris, says the divergences across the European Union about how strongly countries should embed the directives on AML have led to wide variances in how the rules are enforced.

For example, he says, in the United Kingdom a significantly larger proportion of SARs are submitted than in comparable EU countries because the legal threshold for making a report is so low.

A bank, law firm, or other business in the regulated sector must make a SAR when it knows or suspects money laundering is taking place. According to Northage, “the possibility only needs to be more than fanciful for the test for suspicion to be met.”

As a result, firms believe it is best to be cautious: nearly 500,000 SARs were made in the United Kingdom last year, which was a rate six times higher (per €1 billion, or U.S. $1.2 billion, of assets) than France and Germany.

The U.K.’s Law Commission, the body in charge of reviewing U.K. legislation and legal practice, declined to introduce a statutory definition of “suspicion” last year, a move that Northage believes would have gone some way to improve the quality (as well as reduce the volume) of reports and allow regulated firms to focus their compliance systems on the “real wrongdoers.”

“With such a low threshold, it is not surprising that banks and others choose to protect themselves by making a report as the current framework therefore seems more geared towards enabling action to be taken against banks and professional services firms than catching criminals,” he says.

Other experts believe there is an uneven focus on reporting suspicious activity rather than preventing it.

“Banks are still failing to combat money laundering because that isn’t their goal under AML regulations,” says Charles Delingpole, CEO of FinTech firm ComplyAdvantage. “Their goal is to meet compliance requirements and pass on that information to the relevant authorities for further investigation.” He also says that “identifying criminal activity is a significant task and moving from ‘suspicion’ to ‘action’ is not a leap that can be taken easily.”

Stephen Baker, senior partner at law firm Baker & Partners, believes the problem is not just a lack of cooperation or coordination among regulators but also among banks’ own departments.

“Many financial institutions—particularly the major institutions—have separate departments respectively trying to protect the organization from money laundering and fraud. It is common experience that often the different departments do not communicate, much less cooperate, about the risks that threaten the institution that they both exist to serve,” he says.