Anti-money laundering (AML) failures come at a heavy price.
Just ask the UK’s NatWest Bank, which in December was hit with a criminal conviction and £265m (€318m) fine for breaching AML regulations. In the same month, the Financial Conduct Authority slapped HSBC with a £64m (€77m) fine for failings in its AML processes. Earlier in the year ABN AMRO’s anti-money laundering shortcomings in the Netherlands cost it €480m.
Such cases reflect authorities’ growing determination to crack down on dirty money flows. This is a global trend, and it’s not just banks in their crosshairs.
In the US, the introduction last January of the Anti-Money Laundering Act 2020 represented the most substantial reform of the country’s AML and counter-terrorism financing (CFT) laws since the USA Patriot Act of 2001.
Among its provisions, the new Act requires corporations and limited liability companies to disclose their beneficial owners to the Treasury Department’s Financial Crimes Enforcement Network (FinCEN). The Act also gives US regulators expanded authority to obtain documents from foreign financial institutions and levy higher penalties for AML violations. Meanwhile, new proposed bipartisan legislation seeks to make non-financial businesses and professions subject to the same AML responsibilities as financial institutions.
The laws are tightening in Europe too. Last year the European Commission put forward an extensive package of legislative proposals aimed at strengthening the EU’s AML and CFT rules by improving activity detection and closing loopholes used by criminals.
The proposals include a new regulation, plus an update to the Anti-Money Laundering Directive, which will see “aiding and abetting” by money laundering “enablers” become a criminal offence. Extending the criminal liability will mean companies can be prosecuted for any involvement in money laundering or terrorist financing, including where they fail to prevent an individual in their organisation from breaching AML rules and regulations.
Bottom line: AML violations – intentional or otherwise – will not be tolerated. So firms had better ensure their controls and processes are up to the job.
AML pain points
But while getting your AML controls wrong is expensive, getting them right can be tough. The rules are often complex, with different jurisdictions adding their own spin.
The new EU legislative proposals, for example, will make customer due diligence measures more granular. Politically exposed persons in particular will be subject to enhanced due diligence on a risk-based approach.
Beneficial ownership laws will also be tightened, with new requirements around nominees and foreign entities, and more detailed rules to identify beneficial owners of corporates and other legal entities. This echoes the US Anti-Money Laundering Act 2020, under which corporations and limited liability companies must now disclose their beneficial owners.
But identifying and tracking underlying beneficial owners (UBOs) demands levels of transparency and ongoing monitoring that many institutions struggle to meet. Digging into the details of every UBO behind complex structures is often a manually-intensive exercise that takes up significant time and resources.
Detecting unusual or suspicious transaction activity and customer data changes, and issuing Suspicious Activity Reports (SARs) to the relevant regulatory bodies is another challenge. Definitions of suspicious activity change over time and across jurisdictions, and monitoring capabilities need to keep pace. At many firms, suspicious activity monitoring depends on manual reviews and is conducted in retrospect. SARs must also be filed within 30 days of detecting any suspicious activity, so the speed of reporting can be critical.
Identifying fraud involves many steps and is prone to manual error too. The risk of false-positive alerts is high. Without an efficient way to identify and discount those false positives, firms will be hit by unnecessary delays and costs.
Get your AML in shape
With so much at stake, robust AML capabilities that span the entire client lifecycle, from onboarding to ongoing monitoring and offboarding, have become a must – not just for banks, but financial institutions of all stripes.
In our next blog, we’ll examine what that capability looks like in practice.