Sunglasses all round

This will be my last post for a little while, as I am taking a holiday.  No, I am not jetting off to glamorous locations on the strength of pots of royalties from Ned the pig and Edward the MLRO – I’m going round New England on a tandem.  Curiously, there is a compliance conference on in Boston while I am there, but when I mentioned it, my tandem captain gave me a very hard stare – apparently I talk about AML rather too much as it is, without bringing it on holiday with us.  Who knew?

Those of you who have sent me lovely encouraging messages about Ned might like to know that he is selling steadily – about three copies a week.  (You thought I was going to say three copies an hour, didn’t you?)  It’s fewer than I had hoped, I will admit, but it’s early days – he is only a piglet.  Being on holiday will mean that I cannot manically check my sales figures (get me! sales figures!) every eight minutes, which is probably a healthy development.  Having complained about it at the time, I now rather miss the pressure of having to publish a book a week – I shall use my pedalling time to think of my next oeuvre, as well as plenty of US-inspired blog posts.

Normal blog service will resume on Wednesday 30 May.

Showing some restraint

Recently I have been bathing in Schadenfreude.  No, this is not the natural successor to Badedas, or a spa town in Bavaria: from the German for “damage joy”, it is pleasure derived from the misfortune of others.  I’m not a particularly vindictive person – except when it comes to filthy dirty money launderers.  (And Conrad Black, but that’s probably unreasonable.  Maybe.)  The source of my Schadenfreude at the moment is the marvellous success that the Serious Organised Crime Agency and others are having in demanding that criminals repay their proceeds of crime, and then throwing them into jail when they don’t.

For instance, on 27 April 2012, brothel-keeper Thomas Carroll was sentenced to another ten years in prison for failing to repay £1.9 million.  Even more wonderfully, he will continue to owe the outstanding amount, with an additional £416 per day accruing in interest – mwah-ha-ha-ha!  In a sort-of-related story (if you follow my drift) and indeed on the same day, a man who made £14.4 million from selling fake Viagra was ordered to pay that back within six months or face another decade inside – and still owe the money.  Such actions, taken in tandem with the Serious Crime Prevention Order and other orders (which I have lauded before), ensure that ongoing efforts to confiscate their assets will be a thorn in the side of criminals – which is exactly how we like it.

International men of mystery go offline

As you may have read (for instance, here on the Beeb website), the website of the Serious Organised Crime Agency has been taken offline after a cyber-attack.  I’m not certain how it all works, but basically you get so many computers to visit a specific website at once that the website collapses under the strain – a bit like M&S on the first day of the sales.  In practical terms, what this means is that when you try to visit the SOCA website, you get an error message.  As a SOCA spokesman says: “[Such attacks] are a temporary inconvenience to website visitors but do not pose a security risk.  SOCA’s website contains only publicly available information and does not provide access to operational material.”

This is SOCA in a nutshell.  As you can probably imagine, I have been an FIU groupie for years.  I can still remember the excitement of going to the offices of the National Criminal Intelligence Service (SOCA’s predecessor, for the babies among you) just off the Embankment in London (overlooked, rather wonderfully, by the penthouse to which Jeffrey Archer was bailed during his perjury trial).  We had to go through several layers of security, which only made it all the more thrilling for me, to get into the rather drab building with the usual carpet-tiles and damp-stained ceilings.  On all of their paperwork, the address was only ever given as “PO Box 8000, London” – indeed, they still use this address.  (But outside the offices was a large sign saying “NCIS” – so it was hardly the most secret of locations.)  SOCA is now in a new building, but I have quite forgotten where it is.  I did visit once, when SOCA was first created, but they do not encourage visitors – particularly AML-fevered ones like me, showing an immoderate interest in SARs and the people who handle them.  Embarrassment aside, SOCA needs to get its website back online soon, otherwise how can people read about how to submit SARs?  I assume that SAR Online (for SAR submission) is unaffected by the attack….

Off-white collar crime

I’ve never met him, but I think I’m going to like David Green, the incoming Director of the UK’s Serious Fraud Office.  In various newspaper interviews last week (such as with the FT and the Telegraph), he sounded very fierce indeed.  As well he might: working as a criminal solicitor in the east end of London before joining the bar, he ended up as head of HM Revenue & Customs Prosecution Office where he had a 92% conviction rate (compared to the SFO’s rate of 70%).  He’s not interested in low-level stuff such as boiler-room scams, mortgage frauds or bent solicitors: “In a time of finite resources, such resources as you have are obviously best employed against significant strategic targets.  I don’t want the SFO to be mired in cases which are not top-end fraud.”  And those “significant strategic targets” should watch out: there will be little negotiating with the new regime.  As Mr Green puts it so well: “White-collar crooks are crooks.  Crooks are crooks – no matter what colour their collar is.”  Oooo, I think I feel a girlish swoon coming on…

Training for MLROs

I hear through the grapevine (yes, it’s a long grapevine, even in Tarzan terms) that in recent briefings to industry, a regulator has been saying that there is a dearth of good training for MLROs.  In the jurisdiction in question, I run two workshops a year, for sixteen MLROs each time, so I’m reaching only a fraction of the MLROs available for training.  How are the rest keeping themselves up-to-date?

We all know that regular staff are the very devil to train when it comes to AML, but I would have thought that MLROs, of all people, would know how fast-changing is this subject.  Granted, we haven’t had many amendments to legislation in the past couple of years, but with the FATF’s recently updated Recommendations, and a fourth EU money laundering directive on the horizon, it’s only a matter of time.  Perhaps it’s like a mother giving up her own food to nourish her children: with a limited training budget, the caring MLRO focuses on his staff rather than himself.  But it’s like they say on the planes: fit your own mask before helping others with theirs.  How can the MLRO guide his staff through the ever-moving world of AML/CFT if his own compass has not recently been calibrated?  (I’m growing weary of this analogy and rather wish I hadn’t started.)  So, MLROs, put yourselves first for a change: you know you’re worth it.

(By the way, the poll on who should join Edward on his next adventure is still open.  At the moment, Winston the teddy bear is in the lead – and I know you’re all voting for him just to watch me struggle to write a stuffed animal into the plot.  I can do it – just watch me.  But in case you feel that there might be someone better, I’ll leave the poll open for a few more days.)

The blame game

This week, for the last time, I watched “The Apprentice”.  What a nasty programme it is.  The two teams competed on some daft task – selling gourmet fast-food in Scotland, I think – and were measured by the amount of profit they made.  The winning team bounced off for their reward, while the losing team turned to the important business of ripping each other to shreds.  ”It’s our team leader’s fault – he was hopeless,” said one (despite having earlier said that the leader had done well).  The team leader however was of the view that “I believed them when they said they knew all about sales, but they were useless”.  Just what is this teaching people about team-work and striving together towards a shared goal?  (Mind you, why am I surprised?  Wasn’t it Sralan himself who praised the winner of a previous series for telling lies on his CV?)

I was talking to some MLROs not long ago, and they said that it is a pity that due diligence can sometimes become a battlefield, with regulated firms taking one position and regulators another.  With the risk-based approach, there is surely an expectation that people’s views of what is appropriate and proportionate will vary – indeed, most guidance makes reference to any risk analysis taking account of the “experience” of the regulated sector.  It seems a shame, therefore, that such differences should be labelled “wrong” (except in the most egregious circumstances, when there is clearly a dereliction of duty).  Quite apart from the bad feeling that this combative approach creates, it misses the crucial central purpose of it all: aren’t we supposed to be on the side of the angels, working together to defeat the money laundering forces of evil?  Please let’s not emulate the model of “The Apprentice”: a group paying lip service to co-operation when it suits them, but then turning on each other as soon as problems are encountered.

Ned completes his world tour

Ned tells me that he was mobbed by groupies when he landed at Ronaldsway Airport in the Isle of Man last night – apparently the shades were no disguise, and there was lots of squealing.  Yes, “Anti-Money Laundering: A Guide for the Non-Executive Director (Isle of Man Edition” is now on sale – which completes the quartet.  The IoM is slightly more complicated than the other jurisdictions that Ned has visited (UK, Guernsey and Jersey) as it has two regulators, but thanks to some good friends on the island, he was able to steer a steady course through the Codes and guidance.

While I was writing about the IoM, I bumped up against a common area of concern for me: how to refer to things in the right way, to avoid offending or upsetting the locals.  For instance, is it IOM or IoM?  On the advice of a contact in Douglas, I plumped for the latter. When I visit Gib, I call it Gib because the locals do – but have to be very careful to avoid the word “island” (look at a map, and you’ll see that Gib is actually an isthmus, joined to Europe by a thin thread of land – on which the planes land).  It’s not that I think people are so insecure that they will drum me out of the place for getting it wrong; it’s more that I want to show that I have cared enough to find out, and that I don’t want to come over all imperial by imposing my UK-speak on other jurisdictions.  And Ned, of course, aspires simply to be a pig of the world.

Ned lands in Jersey

Ned – the pig in shades – has braved the April weather to take a Trislander across to Jersey, and landed there yesterday.  For those of you who don’t have the foggiest what I am on about, this means that “Anti-Money Laundering: A Guide for the Non-Executive Director (Jersey Edition)” is now available for purchase via the Book Depository (with an extra 10% off at the moment, and free delivery to Jersey).  If you’re reading this actually on the blog, you can also click on the book cover over there → → → → →

There is something of a mystery with this Jersey edition.  As you may recall, all editions are published by an American print-on-demand place called CreateSpace, which lists them automatically on Amazon.com.  From there, they are picked up by the UK book database called Neilsen, and this hopefully means that they are chosen for listing by Amazon.co.uk and the Book Depository (which is the point at which I publicise them).  But a copy of the Jersey edition sold directly via the CreateSpace website within an hour of my publishing it.  So no publicity, no links, no nothing: did someone just happen to Google-search those exact terms at the right moment, or did they buy it thinking it was about New Jersey?  I can imagine Tony Soprano leafing through it in his office behind the lap-dancing club – now that would be product placement!

Casting my vote for feedback

I’ve been working in Guernsey this week, and they held their election on Wednesday.  An election is basically the most public manifestation of the basic human need for feedback; with an election, the politicians find out whether the people think they have been doing a good job or not.  (Nicholas Sarkozy take note.  In Guernsey, the father of the house lost his seat, while the Chief Minister just scraped in.  Ouch.)  We all need to know whether what we are doing is – for a start – the right thing.  We then like to know whether it is appreciated, or making a difference, or valued – or even noticed.  I hand out feedback forms after workshops, so that I can learn how to improve for the next one.  (People are pretty sick of feedback forms, so I sweeten the deal by giving a pound to charity for each form returned to me.)

At a workshops for Guernsey MLROs this week, I asked them what they wanted from their FIU and their regulator.  ”Feedback!” they chorused.  Staff need to know from their MLRO that they are spotting and reporting the right things.  MLROs need to know from their Board that they are implementing an effective and proportionate AML/CFT regime, and from their FIU that they – like their own staff – are spotting and reporting the right things.  FIUs need to know from their law enforcement partners that they are collecting and passing on the right intelligence.  And law enforcement agencies need to know from the public that they are pursuing and prosecuting the right crimes.  It all takes time and resources, but – as anyone who has ever had any dealings with children knows – it is crucial to the learning and compliance process.  We all need to know we’re getting it right – it’s why we bloggers blog (with an implicit plea for comments) rather than simply posting our thoughts on a static website.  And it’s certainly an easier way of getting feedback than standing outside a Guernsey polling booth in the wind, rain and hail.

Ee bah gum – eVerification of eID

Verification of identity is like driving: we all think we know how to do it well, and probably better than other people, but if we were to take our driving test again (and especially the scary written test that the young people have to do now), we might find that we’re not quite as faultless as we had thought.  And one of the issues that is causing us to rethink the basics of VoI is the advent of electronic ID.

An MLRO in Jersey emailed me last week for a little discussion about eID.  In Jersey, great emphasis is placed on photographic ID – and the whole point of that is that you meet the person to whom it belongs, otherwise (duh!) it could be anyone.  (That said, my own passport photo could be almost anyone except me – and actually looks most like Kim Jong-un’s grumpy older sister.)  Moreover, Jersey requires that for standard and higher risk clients, their place of birth is verified – so you can’t use eID as no system captures that information.  This means that, for Jersey businesses, remote verification (including eID) is out except in very low risk situations.  And yet, who among us has not rolled his eyes at the folly of accepting utility bills as proof of address – knowing that a four-year old could mock one up on Photoshop?  That said, the same four-year old, in between episodes of “In the Night Garden”, could probably set up a believable-looking eID verification website.  (This is why I don’t have children – I fear their capabilities.)

A while ago, the Law Society of England and Wales announced that it had chosen two “preferred eVerifiers” to recommend to its members.  I was very surprised, as I didn’t think that supervisory bodies generally recommended commercial suppliers – or at least that is what they had always told me.  Hmmmmm….  So presumably it is now acceptable for lawyers supervised by the Law Soc to do eID checks instead of paper ones.

So what do you think?  We can probably all accept that eID would be a time-saver for everyone.  But is it good enough to achieve what we (and the regulators) need: the verification, to be best of our professional ability, of a client’s identity?  Could it be used in isolation, instead of paper documents?  Or should the two be used together, to corroborate each other?