Bracing for Stronger AML Oversight

As the EU responds to historic money laundering scandals, regional banks and regulators must begin to brace for the impact of stronger AML oversight and enforcement. In this first piece in our Steele series on stronger financial crime compliance enforcement for banks in Europe, we review some of the broad bank and regulatory responses to historic money laundering scandals occurring across the region.

The Lasting Impact of Scandals

In recent years, we have seen an increase in bank and regulatory responses to historic money laundering scandals across Europe. As more European banks find themselves snared in high-profile probes accused of financial crime and compliance failures, it has become more and more clear that the enforcement uptick is more than just temporary.

According to the just-announced key updates from European Union politicians, who have pledged to strengthen anti-money laundering (AML) oversight and enforcement in a host of ways, this increase of enforcement is just the beginning.

The European Union is also showing its teeth on this issue in a very public way: formally threatening Cyprus, the Netherlands, Spain and five other countries for tarrying on implementing updated financial crime compliance defenses – even as a banking watchdog bolsters guidelines on how institutions broadly calculate money laundering risks.

The European Union Commission late last month sent letters of formal notice to Cyprus, Hungary, the Netherlands, Portugal, Romania, Slovakia, Slovenia and Spain for not having notified any implementation measures for the EU’s Fifth Anti-Money Laundering Directive (5^th AML) – rules updated more than two years ago with a January 2020 deadline.

The 27 EU states were required to enact by January tighter rules to counter illicit finance infiltration threats in a wide swath of sectors, including crypto exchanges, prepaid cards and anonymous, opaque shell companies.

The rules were proposed in 2016 by the EU Commission in the wake of the Paris terrorist attacks which killed more than 130 people. The continuing clampdown against sullied funds was meant to better uncover and deter terrorists and their financiers and thwart other financial crimes, according to Reuters.

“Anti-money laundering rules are instrumental in the fight against money laundering and terrorism financing,” the EU Commission said in a statement. “Recent money laundering scandals have revealed the need for stricter rules at EU level.”

In the EU, one of the top initiatives to improve AML compliance is the creation of a new watchdog body that would increase scrutiny of larger, riskier banking groups operating in jurisdictions or correspondently connected to regions at a higher risk for money laundering and corruption.

Additionally, this oversight body would more aggressively pressure member-state examiners to put their local houses in order. EU officials have also stated that they are moving forward with a retooled, but still controversial, financial crime (“fincrime”) blacklist, highlighting countries the bloc feels are flouting international best practices.

The EU AML blacklist is also likely to cause compliance confusion and complexity for EU banks if it diverges with similar lists released by EU-ally countries like the United States, resulting in institutions having to choose which jurisdiction and regulatory authority to follow.

In addition, the European Banking Authority (EBA), which had previously left much of the work on AML to the EU Commission, EU Parliament and member state regulatory groups, has been tasked in recent months with throwing its influence and resources into the fincrime imbroglio.

The EBA in February issued a public consultation on revised money laundering and terrorist financing (ML/TF) risk factors Guidelines as part of a broader communication, coordination and cooperation effort on AML and counter-financing of terrorism (CFT) issues. The consultation runs until May 5, 2020.

This update builds on changes to the EU Anti Money Laundering and Counter Terrorism Financing (AML/CFT) legal framework and new ML/TF risks, including those identified by the EBA’s overall implementation reviews of financial institutions, which noted, overall, examiners must focus less on minor program issues and better focus on large-scale failures.

These refreshed fincrime risk guidelines, addressed to banks and regulators, are “central to the EBA’s work to lead, coordinate and monitor the fight against money laundering and terrorist financing,” the authority said in a statement.

In its revised risk guidance, the EBA is proposing key changes on compliance with provisions on enhanced customer due diligence (CDD) measures related to high-risk third countries – such a move would relate to regions known to be strongholds for organized criminal groups, or areas rife with corruption and at or near terror hot spots.

The guidance also adds new sectoral guidelines related to the oversight and processes related to crowdfunding platforms, corporate finance, payment initiation services providers (PISPs) and account information service providers (AISPs), and for firms providing activities of currency exchanges offices.

The updated risk guidelines, and general trends toward stronger compliance oversight and enforcement, should put top AML officers on notice that regional examiners will more rigorously grade the CDD initiatives when analyzing the accuracy and depth of related bank risk assessments.

These moves by EU political and legislative forces are aimed at strengthening AML compliance standards, bolstering regulatory oversight and pressuring banks to provide more Financial Intelligence (fintel) ammunition to law enforcement in order to better identify and eliminate cross-border money laundering networks.

These moves have broad implications for large, international banking groups – those based in Europe and others with extensive operations throughout the bloc. On the ground, European banking groups are already noticing that member state examiners are starting to ask more rigorous questions on fincrime compliance practices.

As EU regulatory agencies more aggressively mirror exam and investigation tactics similar to the United States, regulators in multiple jurisdictions are working together to find the global chinks in a bank’s counter-crime compliance armor.

Danske Bank Scandal Rocks the Bloc

In the last month, Europe has convulsed with updates related to historic, and still-rumbling, money laundering scandals.

In some cases, watchdog bodies have revealed more issues from the Danske Bank debacle, where some $230 billion in suspect Russian funds flowed through the now-defunct Estonian branch.

In other cases, authorities have detailed fresh revelations of weak AML compliance practices at regional banks along with failures to report on suspected aberrant transactional activity. For European banking groups large and small, these changes in enforcement tone and propensity for penalties can be jarring.

Investors have good reason to be nervous. ABN Amro’s chief Dutch rival ING Groep paid a record nearly $1 billion fine last year for “serious shortcomings” in its efforts to prevent financial crime.

In September 2018, ING Groep, the Netherlands’ largest financial institution, stated it would pay Dutch authorities €775 million, or $900 million, in a historic settlement for broad failures in its financial crime compliance controls that allowed illicit groups to launder an estimated hundreds of millions of dollars for years.

In the same week, French banking behemoth Société Générale stated it was expecting to pay a penalty of €1.1 billion, or $1.27 billion, to a host of U.S. federal and state investigative and regulatory authorities for breaching U.S. sanctions – the second time in recent months the bank had to negotiate a high-profile settlement for financial crime compliance failures.

Investigators Follow Tendrils of Laundering Scandal

In November 2018, German authorities raided Deutsche Bank, related to its role in the Danske scandal, while the former head of the Danske Bank in Estonia was found dead after disappearing from his home.

Two Maltese banks have stopped operations since last year because of money-laundering allegations.

Additionally, several top leaders at Danske and other banks like Swedbank have seen massive executive turnover while other EU institutions, like Deutsche Bank, face a bevy of probes around what they saw coming from Danske and what they reported to authorities.

In the latest case of ABN Amro, Dutch prosecutors stated the institution had tarried in reporting certain suspicious transactions too late, or not at all, over an extended period. They also added that it failed to properly investigate client behavior and did not sever ties with suspect clients in a timely fashion, according to published reports.

The Dutch central bank earlier this year ordered ABN Amro to review all Dutch retail clients for possible money laundering or other criminal activities, according to Reuters.

Nordic, Baltic Banks, Authorities on the Defensive

The more stringent approach by regulators in the Netherlands is also being mirrored in places like Estonia, Malta, Sweden and several Nordic and Baltic jurisdictions that, for the most part, had stayed out of conversations about regions with seemingly more lax financial crime countermeasures.

Earlier this year, Nordic and Baltic regulators stated formally they would be working to better communicate, coordinate and cooperate in fighting massive money laundering scandals.

This rocked the regions, as many of the banks in their charge similarly stated they would be banding together to share resources, to better know and risk rank customers, and more quickly uncover financial crime and compliance risks.

Over a span of a few short weeks, financial regulators in Denmark, Estonia, Finland, Iceland, Latvia, Lithuania Norway and Sweden agreed to craft a permanent working group to bolster cumulative efforts to identify, investigate and prosecute money laundering, terrorist financing and other financial crimes.

The regulators stated at the time that they would “maintain regular contact and exchange experiences and information with the goal of being more effective in the prevention of money laundering,” in their home jurisdictions related to countering larger, multi-country schemes.

That pairs with a similar move by institutions on the private side of the AML equation.

A half-dozen of the Nordic region’s largest financial institutions stated they would be marshaling forces and sharing resources to craft a broad customer risk assessment facility to strengthen efforts to counter money launderers.

The joint venture, called the Nordic Know Your Customer (KYC) Utility, has a “singular focus on developing an efficient, common, secure and cost-effective Nordic KYC infrastructure.”

To read the full joint regulatory release, click here.

To read the joint banking release on the KYC utility, click here.

KYC initiatives are a longstanding part of global AML regulations and best practices.

These efforts typically underpin a numeric customer risk assessment and ranking, usually low, medium or high, that correspondingly tunes bank transactional monitoring systems to detect and report aberrant activity to AML analysts and, then, if warranted, to law enforcement.

The company “will be owned and controlled by the founding banks, however, the plan is that the company will also offer its services to third parties,” according to the banks. “The initiative will contribute to ensuring a healthy financial environment, prevent financial crime and to protect customers and society.”

EU Officials Chastised for Regulatory Gaps

As countries tied to the money laundering scandals respond and attempt to save face, EU authorities have found themselves facing a firestorm of criticism for not keeping the fincrime compliance reins tight enough on member states in the wake of the Danske Bank debacle.

In order to better communicate, coordinate and cooperate in and out of Europe on financial crime trends, vulnerabilities and focal points, the European Banking Federation recently issued a clarion call to arms with its inaugural Financial Crime Strategy Group (EBF FCSG).

The European Union is also considering stronger rules to counter the flow of dirty money into the region’s banks and other economic sectors in response to the embarrassing scandals. It is additionally updating blacklists, designating regional fincrime compliance and tax scofflaws.

To view the full AML update, click here.

Key Takeaways

With the spate of recent, and also historic, banking scandals, investigations and record penalties for AML compliance failures across the EU, these actions are strong evidence of a permanent change in examination philosophies, enforcement ethos and willingness to penalize for perceived egregious or longstanding failures.

This is in stark contrast to the more conciliatory and collegial tone many EU and member state regulators had taken in prior years with financial institutions, allowing these operations to police themselves through AML independent reviews and consequently letting auditor findings guide regulatory exams – rather than examiners engaging in a deep, broad analysis from the outset.

As we noted above, these moves by regulators, investigators and EU politicians have broad implications for banks headquartered or operating in the EU.

The harsher regulatory tone will require banks of all sizes to devote more budgets to improve financial crime defenses across the board, including more resources to review and rank customers, tune and update related AML transaction monitoring systems and get creative and aggressive in engaging full spectrum compliance training for those in and out of compliance roles.

These improvements should be done with more than just AML aims in mind, with banks working to buttress programs to better identify fraud, gird themselves against cyberattacks and the growing scourge of business email compromise fusillades and corruption – cognizant that violations of bribery laws is a massive focal point for the EU, U.S. and other countries.

With regulators in multiple jurisdictions eager to see banks innovating on financial crime compliance, it opens the door for critical and powerful partnerships with companies like Steele, which offers dedicated technologies, like artificial intelligence, training, resources and thought leadership to help banks better identify compliance risks across the spectrum, exceed regulatory expectations and be a true ally in the fight against financial crime.