U.S. and U.K. Treasury Revisit AML Risks

For the first time in ten years in the United States—and for the first time ever in the United Kingdom—financial institutions have some much-needed insight into how these two countries intend to prioritize money laundering and terrorist financing risks, enabling compliance officers in the financial services industry to better allocate their limited resources.

In October, the U.K.’s HM Treasury and Home Office published its first national risk assessment of money laundering and terrorist financing risks. The report follows the release of the U.S. Treasury Department’s own first-ever national terrorist financing risk assessment as well as an update of its national money laundering risk assessment, which was last updated in 2005.

Compliance officers will want to revisit these reports, given that regulators intend to use these assessments to inform new regulations looking ahead to 2016. “We will use the information in these assessments to continue to adjust or develop policies to ensure that we continue to effectively combat money laundering and terrorist financing,” Jennifer Fowler, deputy assistant secretary for the Treasury Department’s Terrorist Financing and Financial Crimes, said in a statement.

Fowler cited as an example the Treasury Department’s Financial Crimes Enforcement Network’s upcoming customer due diligence rule, intended to clarify requirements for banks, broker-dealers, and other financial firms under the Bank Secrecy Act. The proposed rule will also influence how firms should approach AML compliance and the examinations that assess those efforts. It is expected to be finalized in early 2016.

Compliance officers in the United Kingdom can similarly expect a sharper focus on AML efforts. “The findings of the [national risk assessment] will shape the government’s response to money laundering and terrorist financing and will inform the risk-based Anti-Money Laundering Action Plan that the Home Office and HM Treasury have committed to producing,” the report said.

Some of the stated priorities of the action plan include:

Enhance law enforcement response to tackle the most serious threats

Reform the suspicious activity reports (SARs) regime

Address inconsistencies in the supervisory regime that have been identified through this assessment

Transform information-sharing between law enforcement agencies, the private sector, and supervisors

At a minimum, the AML reports give financial institutions more facts and trends to bolster their own AML risk assessments. “These reports should complement existing tools and resources for a risk-based approach to compliance,” says Alex Zerden, founder and principal of Toccoa Strategies, an international risk advisory firm.

Vulnerabilities

In its AML report, U.S. Treasury said the underlying money laundering vulnerabilities remain largely the same as those identified in its 2005 report. These include:

Use of cash and monetary instruments in amounts under regulatory record-keeping and reporting thresholds

Opening bank and brokerage accounts in the names of nominees to disguise the identity of the individuals who control the accounts

Creating legal entities without accurate information about the identity of the beneficial owner

Misuse of products and services resulting from deficient compliance with AML obligations

Financial institutions wittingly facilitating illicit activity

“The first thing financial institutions can do is ensure that their anti-money laundering risk assessments provide broad coverage that addresses the specific money laundering threats detailed in the reports.”
Fred Curry, Principal, Deloitte

“The first thing financial institutions can do is ensure that their anti-money laundering risk assessments provide broad coverage that addresses the specific money laundering threats detailed in the reports,” says Fred Curry, a principal of Deloitte. An example of that, he says, might be focusing more on alternative payment mechanisms, including funds moved through mobile devices, pre-paid cards, crypto currencies, and third-party payment processors.

Additionally, Curry says compliance should target their training so that employees responsible for client on-boarding, account maintenance, and transaction monitoring know how to identify, investigate, and report unusual activity that may relate to the specific threats that are discussed in these reports.

Both the U.S. and U.K. AML assessments also similarly identified systemic failings in banks’ AML compliance programs as another vulnerability resulting in the misuse of products and services to facilitate money laundering and terrorist financing. “Banks put themselves in a vulnerable position when they fail to maintain effective compliance programs,” U.S. Treasury said in the AML report.

In the United Kingdom, the financial sector faces “significant intelligence gaps, in particular in relation to ‘high-end’ money laundering,” the U.K. report said. “This type of laundering is particularly relevant to major frauds and serious corruption, where the proceeds are often held in bank accounts, real estate, or other investments, rather than in cash.”

AML CONTROLS

Below is an excerpt from the U.S. Treasury Department’s anti-money laundering national risk assessment, outlining the Financial Crimes Enforcement Network’s advisory to financial institutions.
In August 2014, FinCEN issued an advisory to financial institutions, including banks, calling attention to recent anti-money laundering (AML) enforcement actions and emphasizing the culture of an organization is critical to its compliance. FinCEN advised financial institutions that they can strengthen their organization’s [Bank Secrecy Act] compliance by ensuring that:

Its leadership actively supports and understands compliance efforts;

Efforts to manage and mitigate BSA/AML deficiencies and risks are not compromised by revenue interests;

Relevant information from the various departments within the organization is shared with compliance staff to further BSA/AML efforts;

The institution devotes adequate resources to its compliance function;

The compliance program is effective by, among other things, ensuring that it is tested by an independent and competent party; and

Its leadership and staff understand the purpose of its BSA/AML efforts and how its reporting is used.
Source: U.S. Treasury Department

The Home Office and HM Treasury judged the threat in this sector to be significant. Sixty percent of current money laundering cases under investigation by HM Revenue and Customs, the U.K.’s tax and customs authority, are the result of funds that were initially moved through banks, compared with 11 percent moved through money service businesses. 

In fact, as part of its AML action plan, the Home Office and HM Treasury said in the report that one of its priorities will be to plug these intelligence gaps, “particularly those associated with ‘high-end’ money laundering through the financial and professional services sectors.”

Emerging Threats

Fowler cautioned financial institutions to remain vigilant in updating their AML compliance programs, given that criminals are always finding new ways to exploit new products and services. “We expect institutions to identify and manage their own risk,” she said.

One emerging threat identified in both reports, for example, are virtual currencies—BitCoin, in particular. “BitCoin and virtual currency operators can pose heightened money laundering risks as parties involved in such transactions are typically anonymous,” says Curry.

Exacerbating the risk of virtual currencies is that many still have a limited understanding of how digital currencies are used for money laundering, according to the U.K.’s AML report. Nonetheless, the U.K. Treasury said “the money laundering risk associated with digital currencies is low, though if the use of digital currencies was to become more prevalent in the United Kingdom this risk could rise.”

Terrorist Financing

U.S. and U.K. regulators’ interest in terrorism financing also continues to rise. From a compliance standpoint, the United Kingdom noted a “marked overlap between money laundering and terrorist financing; both criminals and terrorists use similar methods to raise, store, and move funds.”

Unlike the United Kingdom, the U.S. Treasury devoted an entire 70-page report to terrorism financing, warning that banks are an attractive means for terrorists “because of the speed and ease at which they can move funds within the international financial system.” In particular, the report warned that some correspondent banking relationships inherently pose a higher risk due to the challenges of “intermediation,” where multiple intermediary financial institutions may be involved in a single funds transfer transaction.

These relationships could potentially indirectly expose a U.S. financial institution to risk, including terrorism financing, if the foreign financial institution does not effectively implement AML and CFT (combating the financing of terrorism) controls, the report said. Knowing your customers and conducting enhanced due diligence on high-risk foreign correspondents are ways to mitigate financial crime risk, the report said.

Several banks today—such as Deutsche Bank, Barclays, JPMorgan, Citi, HSBC, and many more—are more efficiently reducing their risk related to correspondent banking through SWIFT’s KYC Registry, an industry-driven financial crime compliance initiative. The KYC Registry is a secure place where banks can exchange KYC information on correspondent banks and share that information with selected counterparties in turn.

During remarks last month, Treasury Acting Under Secretary Adam Szubin discouraged financial institutions from simply “de-risking” their operations by terminating, restricting, or denying services to high-risk clients. “We believe that most risks can and should be managed, not simply avoided altogether,” Szubin said.

“We tell financial institutions to take a reasonable risk-based approach that addresses illicit finance risk on a client-by-client basis,” Szubin added. “That means that we require institutions to be vigilant as they identify potential risks that different clients present and to design and implement effective AML/CFT programs that assess and address those risks.”