In quest for credibility, EU to push forward on thorny AML country blacklist, embolden bloc-wide compliance effectiveness 

EU officials are still working on re-introducing a controversial fincrime compliance blacklist of “high-risk third countries” to help financial service firms better risk-assess certain jurisdictions for financial crime threats – a move required by the bloc’s latest anti-money laundering directive.

The EU Anti-Money Laundering (AML) country designations is just one way the bloc is attempting to help member states better gauge geographical financial crime risk and help itself be mentioned in the same breath as global watchdog groups like the Paris-based Financial Action Task Force, Transparency International Corruption Perceptions Index, Basel AML Index and others.

To be seen as an international leader in fighting financial crime, the EU, not surprisingly, created a list pointing out the perceived compliance and investigative flaws in laws, practices and outcomes of other jurisdictions – a move already undertaken by a bevy of other countries, including the United States.

But that is not all the EU has done to respond to the Danske Bank and other dirty money scandals shocking the bloc – where Baltic and Nordic regions have become portals for suspect Russian funds.

The Danske Bank money laundering scandal and a litany of related probes have resulted in Estonia kicking Danske out of the country and has sparked a bevy of investigations into banks in the Nordic and Baltic regions, the U.S., and Europe – particularly Swedbank and Deutsche Bank, among others.

At the supranational level, the Danske scandal has caused European Union financial oversight bodies and regulators, at the country and bloc level, to engage in a raucous game of naming, blaming and shaming, with defensive accusations and offensive recriminations at all levels.

But the real question that no EU regulatory body wants to honestly answer?

How and why the Danske Bank scandal could occur in the first place and fester for so long under the noses of supposedly top-flight member state examiners.

EU officials have engaged in some serious soul-searching and analyzed nearly a dozen banks that in recent years have failed in their AML duties, both to see broader patterns across multiple institutions, but also better understand where laws, legislation and regulatory oversight failed at the EU level – and move the country forward on the road to AML effectiveness.

Overall, the EU has concluded in recent months, many banks throughout the bloc suffered a host of failures, both related to technology and human decision-making and overall expertise related to the risk strata of particular institutions.

In short, EU reviews uncovered that member state banks:

  • Employed individuals sorely lacking in overall financial crime expertise;
  • Employed AML and other analysts who worked with systems they didn’t fully understand or know how to utilize;
  • Had AML teams at certain institutions who missed linked transactions indicating larger illicit groups activity;
  • Had AML professionals who failed to report on transactions clearly indicative of suspicious activity.

Similarly, parliamentarians also didn’t hold back against regulators, at the member state and EU level, that were supposed to identify AML compliance failures before the dam burst.

Several EU reports noted examiners didn’t engage in aggressive enough reviews of institutions, particularly those dealing with higher risk entities and regions – like Russia and Eastern Europe – and even when regulators found evidence of clear AML compliance issues, they were inconsistent in terms of penalty responses and lacked a unified enforcement approach.

EU, U.S. Treasury skirmish over divisive blacklist

However, one of the most high-profile ways the EU is attempting to assert its financial crime compliance dominance, authority and foreign geopolitical influence is through the publication of its controversial AML blacklist.

A previous incarnation of this AML blacklist caused a public row with the United States, with top U.S. Treasury officials formally chastising the EU list and urging banks not to comply.

In February 2019, the U.S. Treasury issued a terse, stern rejection of the EU financial crime compliance blacklist ranking of what the bloc considers regions “posing significant threats” to the financial system.

To read the full U.S. Treasury statement, click here.

To read the full details of the earlier EU blacklist, click here.

The U.S. Treasury harshly graded the updated ranking released by the European Commission of nearly two dozen jurisdictions with purported lax AML and terror finance defenses.

This list includes countries such as Saudi Arabia, Iran, Nigeria and North Korea, but failed to name and shame current flashpoint locales, such as Estonia, Malta or Russia.

The EU at the time believed these 23 jurisdictions were at a high risk for illicit funding flows, stating they “pose significant threats” to the bloc’s financial system as a result of “strategic deficiencies” in their AML and counter-financing of terror (CFT) regimes.

The U.S. Treasury, however, disagreed on both the listing of the countries and the efficacy of the methodology underpinning the ranking. Therefore, U.S. banks don’t have to follow the list or be responsible for broad changes to internal scoring and monitoring protocols.

Will this latest list last?

In late 2019, EU ministers exchanged views on the main elements of the Commission’s revised methodology for preparing a list of “high-risk third countries” in the area of money laundering and terrorist financing.

Once the updated methodology is settled, the EU commission will then put forward a new draft list of countries in the form of a delegated act, EU officials said.

The list will likely include more transparency into the weighting of fincrime and compliance aggravating and mitigating factors and weaving in more current country evaluation scores tied to effectiveness from the Paris-based Financial Action Task Force (FATF).

The EU’s Fifth directive on anti-money laundering and terrorist financing, adopted in May 2018, “sets out an obligation to identify third country jurisdictions which have strategic deficiencies in their anti-money laundering and terrorist financing regimes that pose significant threats to the financial system of the EU.”

The moves to point out the flaws in other countries is also a way the EU is attempting to take some of the pressure and focus on the gaping AML vulnerabilities in its own borders, identified in several EU Commission (EC) reports, one in particular that reviewed fincrime compliance failings across nearly a dozen EU institutions.

The EC’s report on ten recent cases of money laundering in EU banks identified four main categories of shortcomings:

  • Ineffective or lack of compliance with the legal requirements for AML/CTF systems and controls
  • Governance failures in relation to AML/CTF
  • Misalignments between risk appetite and risk management
    • Negligence of group AML/CTF policies, according to law firm Crowell & Moring

The reports also identified shortcomings by member state regulators, including lack of staff and AML/CTF expertise, intervening only after significant risks had occurred or when faced with repeated compliance and governance failures, and inadequate enforcement of AML/CTF rules when enforcement did occur.

A glimpse of the future of EU AML compliance for banks, non-banks, gatekeepers?

EU officials are currently charting the course of the bloc’s AML and financial crime strategies based on the answers to several key questions, with possible answers having direct import to bank compliance programs, law enforcement efforts to capture and share information and the overarching regulatory approach, including:

  • What would be the most appropriate scope of further reforms?
    • Possible answer: The EU could create special AML obligations for banks with higher-risk customers or operating in riskier regions.
  • Would this be only for the financial sector/some sub-sectors (e.g. banks, investment firms, payment institutions, insurers)?
    • Possible answer: The EU is cognizant that regulators in the U.S. and other countries are themselves adopting a “risk-based approach” so may focus on riskier banks, and less on, say, insurance operations, which are technically also a financial institution.
  • Is a separate AML/CFT approach necessary for the non-financial sector?
    • Possible answer: EU-partner the U.S. just recently announced a major shift in enforcement philosophy, away from banks with strong AML programs and moving resources to reviewing money services businesses (MSBs), money remitters, crypto exchanges and the like. In some cases, these operations can have weaker AML controls, due to resource constraints, lack of access to training or because the sector is still in its infancy.
  • Is the creation of a new EU body a valid way forward, or is any existing body the best option?
    • Possible answer: This body would be needed to address several oversight gaps, including ineffectiveness and inconsistency across member-state regulators, and to see the big picture of individual member-state regulators missing broader fincrime patterns. This body could also help cooperate and communicate between regulators, law enforcement and country financial intelligence units.

The answers to those questions will form the new foundation of the EU’s overall efforts to better detect and prevent all financial crimes and related illicit funding flows.

In updated AML laws, key unknown remains implementation

Similar to the U.S. and other countries like the United Kingdom and Canada, the EU is looking beyond banks to strengthen AML countermeasures more broadly to staunch some of the $2 trillion in funds laundered annually on a global basis.

For instance, new rules and potential updates under consideration currently could increase controls over key sectors believed to be at a higher risk of money laundering, such as financial services, gaming and real estate, according to EU officials, adding that higher scrutiny and AML obligations could extend to lawyers, accountants, tax advisers and other financial gatekeepers.

At the same time, though, multiple EU commission reports note that some of the identified challenges across the EU could be addressed by the latest Fifth Anti-Money Laundering Directive (AMLD5), which member states must transpose into national law by January 2020.

In the latest go-around, the EU’s chief AML law has been substantially buttressed in several critical ways in a broad spectrum bid to remove investigative stumbling blocks, improve information sharing and strengthen oversight and implementation of past rules and the latest updates.

In short, the updated EU AML rules will address several gaps, according to Crowell, including:

  • ensuring implementation of beneficial ownership registries for companies and publicly available registers for trusts and other legal arrangements;
  • limiting the anonymity offered by virtual currencies, wallet providers and pre-paid cards;
  • improving information sharing rules between AML/CTF supervisors and prudential regulators;
  • strengthening the authority of the European Banking Authority to collect, analyze and disseminate information and to act where Union law has been breached.

The European commission as well “proposed additional measures to build on these steps, including the enhanced cooperation between Financial Intelligence Units and the possible interconnection of bank account registries and data retrieval systems,” according to the law firm.

“Effectively tackling corruption, trafficking, tax evasion or terrorism means effectively tackling the illegal money flows that finance these activities,” said one top EU official in a statement. “As crime becomes increasingly cross-border, the EU needs to adapt its regulatory framework to ensure the security of its citizens and the integrity of its financial system.”