AML failure-why are so many firms incurring fines?
In Jersey last week (Feb 2021), two firms; LGL Trustees Limited (LGL) SG.HAMROS (SGKH Entities) were fined £650,000.00 + £700,00O.00 – read here:
- LGL https://www.comsuregroup.com/news/lgl-trustees-ltd-fined-550k-plus50k-what-is-known-and-what-the-jersey-court-said-about-what-happened/
- SGKH Entities - https://www.comsuregroup.com/news/societe-generale-jersey-jfsc-public-statement-and-fine-510-59967-plus-155-47654-plus-53-37500/
Further afield, Recent fines imposed by both US and UK regulators indicate that the authorities are cracking down on inadequate anti-money laundering controls, even when no evidence exists of firms actually handling laundered proceeds.
- In 2019, the last full year of available data, the UK and US issued 37 AML fines totalling nearly £3bn, and
- 2020 certainly appeared to continue the trend.
The message to banks and all regulated firms is loud and clear –
- Get your house in order, or risk being fined if your controls aren't up to scratch.
- But, given that AML regulation has been with us for over twenty years, just what is behind this and why now?
- First off, it should be noted financial crime, in general, continues to rise, costing the UK economy an estimated £37bn a year, according to the National Crime Agency.
- The situation is much the same in Ireland, and estimates from as long ago as 2016 claimed that money laundering was costing the country over 5bn euros annually.
- Yet detection rates remain incredibly low, with less than 1% of illicit money ever recovered.
- Globally the figures make for more grim reading, with global money laundering activities valued at between 2% and 5% of total GDP according to the Financial Action Task Force (FATF), making it a trillion-dollar industry.
- The pressure is cascading down from governments and policymakers, via the regulators, onto organisations to get on top of the problem.
- In the UK, money laundering regulations have been strengthened several times in recent years, most recently with the implementation of the 5th Money Laundering Directive (5MLD) in January 2020, and 6MLD across EU member states, including Ireland in December.
- And this trend is set to continue.
- Regulatory pressure to comply is consequently a major concern for most firms who are, rightly, now asking, 'are we doing enough?'
Don't Wait Until The Horse Has Bolted
- Firms do well not to wait until the horse has bolted, but act now before they get caught out and risk reputational, as well as financial harm.
- Considering in more detail some of the recent AML failures and the fines levied, a number of familiar themes emerge.
- It's rare to find that failures boil down to wilful negligence; regulatory reports clearly show that the vast majority of firms are committed to doing the right thing or at least strive to do so.
- Staff on the frontline of AML efforts are rarely morally bankrupt individuals themselves.
- Like most employees, they simply conform to the established organisational culture – 'the way things are done around here'.
- By and large they follow the corporate guidance, either formalised in print or set by example, if at all, by those leading the organisation.
- So, when it comes to institutional failings and the consequential AML fines, it's often the organisation's moral compass that needs resetting, rather than that of its employees.
- The Solicitors Regulation Authority (SRA), regulator of most Law firms in England and Wales stated in its November 2020 report on the findings from its AML visits over 2019-2020
- "When reviewing firms' files, we found that in a large number there were differences between policies, procedures and what the money laundering compliance officer (MLCO) said should have happened, and what actually happened on the ground."
- In other words, whilst the procedures and systems are clearly in place, it's questionable as to whether they are being followed in all cases. Anecdotally we know that the picture is similar in most regulated sectors across the UK and Ireland.
- The pursuit of profit is almost always found to be the Achilles' heel in failures of this kind. Whether it's front line staff not being properly trained in AML processes, short cuts being taken or not even existing, compliance teams failing to hold the frontline staff to account, or an anti-compliance culture that actively laments due process as 'business prevention.'
- Whatever the failings, they can typically be traced back to a failure to manage from the top.
Time and again, similar patterns of issues are found during regulators' AML visits:
- A failure of staff to report anything 'suspicious' usually stems from inadequate KYC and AML procedures and, therefore a lack of recognition of something being suspicious.
- Poor identity verification and risk assessment checks, allowing known criminals through the door.
- Poor Customer Due Diligence – usually due to an absence of proper risk assessment or an effective risk-based approach. This easily allows 'risk' through the net and combined with a lack of internal investigation of suspicious activity, results in inadequate SARs reporting.
- A lack of understanding or appreciation of money laundering risks throughout the organisation as a result of inadequate ongoing training programmes.
So, what's the moral of this tale?
- It's really about CEOs and their boards appreciating the importance of a compliance culture that is engrained throughout the organisation, from the top table, right down to the reception desk. Hearts and minds must be awoken to the risks and implications of processing the proceeds of crime and allowing illicit monies into the financial system, not just to their own organisation but also to society.
- Putting the moral imperative aside, the stakes for non-compliance are high for any firm. Providing a somewhat stark warning to companies, HMRC says its fines are imposed at a level that is both proportionate to the failure, and that deters non-compliance, not to mention breaches can also carry a two-year prison term.
- Leaders of financial institutions need to make it their mission to root out sources of laundered and illicit monies from their institution and create a culture that considers doing so, a good thing.
- That collective willpower combined with the best possible technology-led data and analytics tools for effective customer authentication and enhanced due diligence checks will put any organisation in the best possible position to avoid AML misdemeanours and the inevitable wrath of the regulator.
So, the message is clear:
Whether you're a behemoth of the financial world, or a fintech challenger, the same regulatory and moral responsibility lies on you to keep on top of both new AML regulations and the rapidly changing and newly emerging forms of financial crime that misuse use the system to launder the proceeds of serious crime.