Anti-Money Laundering – Fix now!

www.thecouncil.se | www.ekelow.se
Anti-Money
Laundering –
Fix now!
April 2014
By Charlotte Bergwall Nilsson, Ulf Löfven and Heinz Sjögren
Anti-Money Laundering (" AML") has under a short period of time become a
strategic business activity. Large values are at stake, especially when considering a
company's reputation and brand value. Since 1991, all financial companies in the European
Union are required to meet the requirements set out in the Anti-Money Laundering Directive
regulationsi. The flora of rules within AML has increased considerably over the years, also
encompassing companies outside the financial sector. The tools to meet these challenges
are complex, but not impossible to implement.
The third industrial revolutionii is re-vamping the modern information landscape, where new
technology has enabled the dissemination and availability of information in ways not possible
before. However, this development has a downside. Information is now used and distributed
with a substantially higher degree of user anonymity.
In general, anonymity and mobility has increased dramatically in recent years. Enhanced
Internet functionality, more efficient and faster hardware and software technology, cheaper
transportation, as well as changing borders within Europe have all been contributing factors,
whose consequences have radically hampered efficient law enforcement. In the hope of
reducing this overall anonymity and making it possible to follow financial transactions and
monetary flows, national and supranational regulatory bodies are constantly producing new
laws and regulations.
According to the World Bankiii, no country is excluded from being a target for money
laundering and terrorist financing. A high level of awareness and preparedness may,
however, reduce the risks of being a target in international dubious transactions. We, The
Council and Ekelöw Infosecurity, assert that companies or institutions that are far ahead in
the AML area are most probably less likely to be affected by, or even subjected to, criminal
transactions.
AML issues are also related to long-term sustainability. Consumers, customers, partners and
staff evaluate these issues in their choice of provider and employer. In an increasingly faster,
borderless, globalized and digitized world, those who embrace AML issues will increase their
credibility and strengthen their brand value. In essence, working with AML as a strategic
issue is a competitive advantage, much like having a higher credit rating.
New rules
Rules and regulations are nothing new in the financial world. Still, one event sparked the
recent wave of increased regulatory requirements, namely the terrorist attack on the World
Trade Center in New York City 9/11 2001. In the wake of this event, President George W.
Bush passed The USA Patriot Act in October 2001iv. It includes a collection of legislative
changes that resulted in a distinct tightening of existing rules aimed at gaining control of
international money laundering activities and suspected terrorist financing.
The European Union (“EU”) was not slow to follow, and has also continually tightened their
guidelines in the AML areav. The latest update was on March 11 of this year when the
European Parliament voted through the proposal to revise and further strengthen the existing
AML Directive for the fourth timevi.
EU’s AML Directive vii sets rules for the financial sector plus several other industries such as
law firms, accounting firms, real estate and construction sector, jewelers, casinos, etc. The
trend is towards having AML-rules affecting a wider range of companies and industries.
1
www.thecouncil.se | www.ekelow.se
The European Banking Authority (“EBA”) came out with new guidelines for internal control,
GL44viii, in 2011. These guidelines are now being incorporated into national regulations
around the EU. An example can be seen in the new rules from the Swedish Financial
Supervisory Authority, which apply from the beginning of April 2014 ix. In these new rules, the
Board of Directors responsibilities, tasks and to some extent even their individual
competence is regulated specifically. The guidelines require, among other things, that the
Board decides and regularly evaluates a documented risk strategy and risk appetite for the
company and decides on a framework for managing corporate risks. With these enhanced
responsibilities follow an increased risk for sanctions, should the rules not be complied to.
Many companies see the regulatory requirements only as a need to review and correct AML
management. The cost is therefore often seen as an unnecessary expense. However, for
financial companies, credibility and trustworthiness is the cornerstone of the business and
thus the company's survival is totally dependent upon it. Therefore, AML issues are
paramount for continued business operation, whereby all expenses to lower risk in this area
should rather be considered and treated as an insurance premium.
Large sums of money
Failing to comply with the rules that exist has proved costly. There are several examples in
which the most conspicuous are found in the finance industry. One of the largest penalty
examples comes from the international bank HSBC, which was forced to pay more than USD
1.9 billion in 2012 to U.S. authorities. The amount was a mix of actual fines for involvement in
money laundering to terrorists, payment to Iran and Mexican drug cartels, as well as cutting a
deal not to be accused of similar past omissions x.
Another example is Standard Chartered Bank who paid USD 670 million in fines and
settlement to U.S. government agencies in 2012 for money-laundering hundreds of billions of
dollars for Iran. The transactions had supposedly included thousands of transactions taking
place over several yearsxi.
A third example is Nordea Bank who was fined SEK 30 million in 2013 for inadequate
procedures against money laundering, partly related to TeliaSonera's Uzbekistan –business
xii
. It will also be interesting to follow the consequences of TeliaSonera's Annual General
meeting in April 2014, where the former CEO was not given discharge from liabilities for the
financial year of 2013 due to the same Uzbekistan businessxiii.
In Russia, there has been a dramatic change in attitude and emphasis on the AML issues in
the financial sector since the new Central Bank governor and her team came into office last
year. In the last 6 months of 2013, 35 banks have had their banking licenses withdrawn, in
which several cases were due to various types of “dubious operations”xiv.
One of these banks was the mid-sized well-known Master bank that was accused of “largescale dubious operations” and where the cousin of President Vladimir Putin, Igor Putin, was
on the Board of Directors. The cost for the deposit insurance fund is said to be more than
$900 million USDxv. This shows the serious and independent approach the Central Bank has
taken to shape up the Russian banking sector.
2
www.thecouncil.se | www.ekelow.se
The high attention to AML issues continues, with several banks like Eurotrust, LINK-Bank,
and lately Russky Zemelny Bank having had their licenses revoked during the first quarter of
this year. In all cases, “breaches against the laws against money laundering and financing of
terrorism”xvi xvii were the explanation.
In Russia, there are still more than 900 banks. It is probable that some of these banks may
want to consider coming up to par with international best practice when it comes to methods
of and procedures for avoiding money laundering and terrorist financing. Implementing
improvements within the near future may be crucial for survival, with regulators taking on
these issues more fervently!
What really is AML?
The definition of AML is multifaceted. AML is connected with everything from drug trafficking,
financial fraud, tax fraud, computer crimes, alien smuggling, illegal arms sales, foreign official
corruption or bribery, evasion of exchange control, illegal gambling, insider trading and
financing of terrorism, to name a few xviii. Interpol definition of AML is “any act or attempted
act to conceal or disguise the identity of illegally obtained proceeds so that they appear to
have originated from legitimate sourcesxix”.
Integrate both process and business in a combined approach!
How do you make sure that you know who the customer is and that the business is not
exceeding any legal limits? This needs to be discerned simultaneously as managing
business operations efficiently while performing transactions with high automation, often in a
fraction of a second.
The answer lies in risk management, where the usual practice is to have three lines of
defense for effective management and control. KPMG divides these intoxx:
1. The operational management of the business
2. Internal oversight functions, like risk control and compliance functions
3. Independent audit functions, as internal audit and external audit.
3
www.thecouncil.se | www.ekelow.se
We want to develop the definition of risk management through the use of the following
"toolbox” (illustration below), consisting of four interconnected components.
Illustration: The Toolbox
Competent and Skilled personnel, who through their expertise and being trained in using
skilled queries can detect suspicious transactions, are obvious pillars of all lines of defense.
The constant changes in the AML field require continuous training.
These changes also place higher demands on IT systems and security infrastructures. It puts
even greater demands on efficiency, traceability, and built-in warning functions.
In The Toolbox above, the component Internal control is to include the internal risk and
assurance management of a business, such as risk control, compliance function and internal
audit.
Policy, procedures and guidelines are another area affected when working in an environment
undergoing constant change as well as becoming more complex. Keeping them in order, and
making sure it is possible to discern both the meaning of the rules, but also how the rules are
interrelated is an important task.
From an operational risk point of view, it can be difficult to manage the complexity of the new
requirements for disclosure and monitoring linked to AML:
Who in the organization should do what?
Who should have what knowledge and information?
And who bears the ultimate responsibility?
4
www.thecouncil.se | www.ekelow.se
The division of responsibility between the Board of Directors, internal risk control, compliance,
internal audit and the normal business operations is in many companies perceived extremely
difficult to survey.
This difficulty can be removed if enough effort is put in implementing a process methodology
that overlooks the totality of the various responsibilities. Our method ensures that the
processes and business understanding are joined and built from the top of the company all
the way down to where transactions are actually done. A combination of an understanding of
the business, the clients and daily deal flow, in interaction with proper processes and ITsystems, is essential. There must be an integrated approach that also allows for focus on
details. As in most areas, efforts in the AML area must be effective, appropriate and aligned
to the business while simultaneously meeting regulatory requirements.
We choose to illustrate this in the following diagram:
Process experts
Process
Business experts
Strategy
Security
Information security
AML
IT management
KYC
Risk
Sanctions
ICAAP
MIFID
Credit processes
Business planning
ISO-certification
IT infrastructure
Governance
Credit risk
Risk Management
Compliance
Operational risk
GL44
Policies, procedures och instructions
Illustration: Process and Business
5
www.thecouncil.se | www.ekelow.se
The conclusion is that AML management is a strategic important parameter for any business,
where use of internal and external expertise is vital to stay ahead. It's about nurturing and
strengthening the corporate brand and making sure that one is in line with or ahead of the
competition! The requirements will only increase! Actions must start on Board of Director
level, and the work must be constructed on the basis of ongoing processes as well as in the
daily business and operations.
For a Financial Institution the AML issues and infrastructure are crucial. Areas that constantly
need to be examined and updated are:








Policies and procedures
Payments processes
Security
Know Your Customer routines
Credit scoring
Regulatory awareness
Management reporting
Required official reporting
*
*
*
The mixture of strong capabilities in business operations and risk management, with
capabilities in process and security handling, is the basis for the cooperation between The
Council and Ekelöw Infosecurity AB. The combination of our knowledge and experience
enables us to offer unique overall solutions in all aspects within the AML field.
Please contact Heinz Sjögren at [email protected] (ph. +46 708 441 162) or
Charlotte Bergwall Nilsson at [email protected] (ph. +46 706 633 357)
for more information on how we can help your company.
6
www.thecouncil.se | www.ekelow.se
i
Financial Conduct Authority, AML-directives EU.pdf, Number COM/2013/045
ii
Professor Lars Magnusson, 1999, “The third industrial revolution”
iii
World Bank – ref guide to AML.pdf
iv
Financial Crimes Enforcement Network; United States Department of the Treasury Internet home
page: www.fincen.gov/statutes_regs/patriots/
v
IBA Anti-Money Laundering Forum, Europe
http://www.anti-moneylaundering.org/Europe.aspx
vi
European Parliament / Newsroom / Plenary Session, “Parliament toughens up anti-money
laundering rules”, March 11, 2014; www.europarl.europa.ey/news/en/news-room
vii
Financial Conduct Authority, Anti-Money Laundering Counter Terrorist Financing Directive, Number
COM/2013/045, http://www.fca.org.uk/your-fca/documents/antimoney-laundering-counter-terroristfinancing-directive
viii
European Banking Authoritty, “EBA Guidelines on internal governance (GL44)”, London, September
27, 2011; www.eba.europa.eu
ix
Swedish Financial Supervisory Authority Regulatory Code, FFFS 2014:1,
“Finansinspektionen’s Regulations and General Guidelines regarding governance, risk management
and control at credit institutions”
x
”HSBC to pay $1.9 billion U.S. fine in money-laundering case”, Reuters,
Aruna Viswanatha and Brett Wolf, 11 December 2012
xi
New York Times, December 6, 2012; “Standard Chartered to Pay $330 million to Settle Iran Money
Transfer Claims” by Neil Gough
xii
Swedish Financial Inspection, Press release, April 16, 2013, “Nordea receives remark and
administrative fine of SEK 30 million”
xiii
TeliaSonera press release, “TeliaSonera’s Annual Meeting , April 2, 2014”
xiv
http://www.bloomberg.com/news/2014-01-31/russia-s-central-bank-revokes-licenses-including-mybank.html
xv
http://www.reuters.com/article/2013/11/20/russia-cbank-master-bank-idUSL5N0J51V420131120
xvi
http://www.reuters.com/article/2014/02/11/russia-cbank-licences-idUSL5N0LG07S20140211
xvii
http://www.reuters.com/article/2014/03/18/russia-cenbank-licences-idUSL6N0MF0RO20140318
xviii
Protiviti Risk & Business Consulting, ”Guide to U.S. Anti-Money Laundering Requirements”, page
10
xix
Interpols definition av money laundering, http://www.interpol.int/Crime-areas/Financial-crime/Moneylaundering
xx
Audit Committee Institute, Sponsored by KPMG, ”The three lines of defence”, 2009
7
www.thecouncil.se | www.ekelow.se

Download Report