Trends in Anti-Money Laundering and Sanctions Compliance

The trinity of requirements that sit at the center of financial institutions’ customer due diligence efforts—anti-money laundering, know your customer, and sanctions compliance—are growing more complex in an interconnected world plagued by financial crime, terrorism, and tax evasion.

While regulators want greater efforts to ensure the transparency of customer data, banks themselves are struggling with the cost and complexity of these screening demands. We took a look at some trends, current and predicted, that could significantly affect how AML and KYC compliance efforts evolve.

Expect More and Bigger Fines

Speaking at SIBOS, a banking and financial conference held last week in Boston, Andrew Szubin, director of the Treasury Department’s Office of Foreign Assets Control, tried to persuade an audience that his agency wasn’t “looking for a scalp or to raise up a victory flag” for hitting big banks with heavy fines for poor AML or sanctions compliance.

Nevertheless, he conceded that, for many, “OFAC has become a four-letter word.” And, despite assurances that his agency wasn’t in an arms race with other regulators to issue bigger fines, the fact remains that those penalties have been staggering. Among the banks to reach large settlements with OFAC to resolve charges were JPMorgan ($88 million), Bank of America ($16.6 million), and HSBC ($375 million).The agency’s largest ever sanctions-related settlement was $963 million, part of a total of $8.9 billion in fines levied against BNP Paribas.

Sanctions compliance will likely remain fraught with peril as the list of prohibited business dealings grows longer and more targeted and more countries are added. “Fifteen years ago it used to be that our sanctions list was this four-page thing and you printed out the PDF and you just eyeballed it,” Szubin said. “You can’t do that anymore.”

More Data Sharing

Banks have traditionally had two obstacles when it comes to sharing AML and KYC data and information. One is that, internally, it is scattered in silos that may not communicate well with each other. Another is that banks have traditionally been reluctant to help each other out due to competitive concerns.

That is starting to change with the introduction of new “utilities,” third party services that banks outsource data collection and due diligence to.. These centralized, outsourced utilities collect customer information and vet banking partners, spreading the cost among multiple industry participants.

“Last year, the message from banks was that we need to collaborate. This year, we are doing things together.”
Luc Meurant, Head, Banking Markets, and Compliance Services, Society for Worldwide Interbank Financial Telecommunication

SWIFT, the Society for Worldwide Interbank Financial Telecommunication, a network that enables banks to send and receive information about financial transactions through a standardized platform, was first out of the gate with its Global KYC Registry in January. The service, which has already garnered the participation of 18 large banks, including HSBC, JPMorgan, and Citgroup, is primarily focused on correspondent banking, which is transactions between financial institutions. Correspondent accounts—often a situation where a large, established bank aids a smaller foreign institution—are under increased scrutiny due to crackdowns on terrorist financing and international money laundering. Others entering the utility space this year include Thomson Reuters, KYC Exchange, Markit , and the Depository Trust & Clearing Corpo.

“Last year, the message from banks was that we need to collaborate,” Luc Meurant, head, banking markets and compliance services for SWIFT, says. “This year, we are doing things together.”

The success of these new efforts relies on banks being comfortable with a third party holding their customer data and trusting that privacy controls are present and working. The need for an outsourced helping hand, however, became apparent given regulatory demands to make KYC data both more transparent and more granular. Meurant says the new requirements are now better described as “know your customer’s customer.”

Beyond Banks

Think your company, safely outside the sphere of financial services, has little to worry about in terms of AML and KYC compliance? Think again.

In the United Kingdom, a debate is underway as to whether KYC programs can extend beyond banks n an effort to protect intellectual property rights. The nation’s Council of Ministers is considering a legal requirement for internet service providers and other “intermediaries” (a term that could include online payment services and Web advertisers) to conduct due diligence on their customers in an effort to stem the online pirating of movies and music. 

More Trade Finance Scrutiny

Trade finance is a “dark hole,” says Hugh Jones, president and CEO of Accuity, a firm that assists banks with payment processing and AML compliance. “People don’t know whether there is a great deal of trade finance or if it’s relatively sparse, but in our opinion it is absolutely enormous.”

The practice is when financial institution intermediaries help finance shipping deals when a seller or exporter requires prepayment for shipped goods. Jones’ concern is that this process often relies on outdated technology—nearly everything is paper-based. “It is very tough to check the transaction all the way from end to end,” says Jones. “It is very easy to game.”

Jones says the transactions are a common outlet for money laundering and that regulators will soon be giving trade finance more scrutiny. “Someday a regulator will look at this and if you are a large global bank you will get fined,” he says.

It is essential that banks involved in the business of trade finance deploy adequate systems and controls to prevent breaches, said Florence Vicentini, an executive at FircoSoirt, during a panel at SIBOS. “There is no international standard for KYC, and the speed of performing KYC and other compliance checks has a major impact on banks’ operational costs. Banks must have adequate due diligence regarding dual-use goods and the illegal movement of money.”

Regional Banks Are Not Immune

The overwhelming number of AML-related fines and penalties has gone to big banks. The bad news for smaller, regional institutions is that their reprieve may be short-lived.

Jones says regional banks are under the impression that they are safe. “No money laundering happens at my bank,” he has been told. “I know my clients, and we only have a few billion dollars in assets.”

NEW AML GOALS

The following, from a Notice of Proposed Rulemaking issued earlier this year by the Treasury Department’s Financial Crimes Enforcement Network, outlines new and expanded customer due diligence efforts. Objectives include:

Clarifying and strengthening customer due diligence requirements for U.S financial institutions, including an obligation to identify beneficial owners, advances the purposes of the BSA by:

Enhancing the availability to law enforcement, as well as to the federal functional regulators and SROs, of beneficial ownership information of legal entity customers obtained by U.S. financial institutions, which assists law enforcement financial investigations and regulatory examinations and investigations;

Increasing the ability of financial institutions, law enforcement, and the intelligence community to identify the assets and accounts of terrorist organizations, money launderers, drug kingpins, weapons of mass destruction proliferators, and other national security threats, which strengthens compliance with sanctions programs designed to undercut financing and support for such persons;

Helping financial institutions assess and mitigate risk, and comply with all existing legal requirements, including the BSA and related authorities;

Facilitating reporting and investigations in support of tax compliance, and advancing national commitments made to foreign counterparts in connection with the provisions commonly known as the Foreign Account Tax Compliance Act (FATCA); and

Promoting consistency in implementing and enforcing CDD regulatory expectations across and within financial sectors.
Source: Department of Treasury.

“With that sense of security, they under-invest in compliance systems,” he says. “They ‘check the box,’ but are not doing much more because they don’t think they have the risk. They earn money by loaning money, not by spending it on compliance costs.”

However, Jones says, smart criminals will increasingly shy away from big banks because they are under heightened regulatory scrutiny and made great strides improving their AML compliance programs. A small bank with less-adequate screens, recordkeeping, and controls is a far easier target.

“I suspect you will find that smaller banks will start seeing fines levied at them,” Jones says. “The regulators have already sent a message to the big ones and they are all trying to comply furiously. Now, they will go after the small ones. They went for shock and awe at the top, now they will move down.”

Governance and Culture

This past summer, the Treasury Department announced a  Notice of Proposed Rulemaking that would amend existing Bank Secrecy Act regulations to crack down on anonymous shell companies and hidden beneficial owners by demanding that institutions know and verify the true identities of who owns, controls, and profits from companies they service.

Alongside the rule proposal, the Treasury Department’s Financial Crimes Enforcement Network released a six-page compliance advisory to financial institutions urging them to ensure that leadership supports and understands compliance efforts and that programs to manage AML risks are not compromised by revenue interests. The guidance stressed creating a “culture of compliance,” where relevant information from the various departments within the firm is shared with compliance staff and banks devote adequate resources to their compliance function.

The importance of that latter effort cannot be understated, says Alison Clew, the global and U.S. leader of Deloitte’s anti-money laundering and economic sanctions practice. “What the regulators are looking for now is governance and culture, because without it the other stuff doesn’t have anything to hang on,” she says.