Feeling the benefit

One of my very favourite things in my professional life is the concept of criminal benefit.  I like what this says about our attitude to crime and those who commit it.  Put very simply – and I am sure a lawyer or asset recovery specialist could elaborate enormously – when decisions are being made in sentencing and confiscation hearings, what matters is not the amount of money the criminal originally stole or made illegally, but what benefit he has accrued from that money.  In a ridiculous example, if someone picks my pocket and steals a pound and then buys a lottery ticket with that pound and wins a million quid, then their benefit is one million pounds – and any subsequent confiscation proceedings will seek to recover the million, not just the original pinched pound.  As you can imagine, criminals are not keen on this way of calculating things.

But there’s no getting away from it, as a recent case confirmed.  Between early 2010 and late 2011, Cornishmen Gary Fulton and Daniel Wood were involved in a missing trader scam – a sort of carousel fraud.  In June 2016 they both pleaded guilty to money laundering and were jailed – Fulton for four-and-a-half years and Wood for seven.  In June 2017 they appealed (R v Fulton and Wood 2017 EWCA Crim 308, for those of you who track these things), on the basis that their sentences had been calculated on the total amount laundered in the scam (there were demonstrably 597 transfers involving about €35 million), with the judge assessing the relevant harm as £30 million.  Fulton’s defence, however, contended that the relevant loss was the loss to foreign revenue authorities, and as the tax in Germany was 19% and that in the Czech Republic 20%, the relevant harm was only £6.1 million.  Moreover, as Fulton claimed that he was involved in only 60% of the trading, he felt that his sentence should be based on 60% of £6.1 million, making £3.6 million.

Sadly for the two gentlemen concerned, the Court of Appeal was not with them on this point, noting that it is inherent in the concept of money laundering that criminal property will be mixed with other money in the financial system.  Thus the criminality of the offence must be gauged by the nature and scale of the laundering, not the nature and scale of the underlying crime.  As the appeal judges correctly observed, it is the whole amount involved, not merely the part that comprises criminal property, which impacts the financial system.  Dismissing their appeals, Mr Justice Popplewell said the original trial judge was entitled to take the whole sum into account when considering how serious their roles were.  Sitting with Lord Justice Gross and Judge David Griffith-Jones QC, he added: “We take the view the sentences were not excessive, let alone manifestly so.”  And so say all of us.

Posted in Legislation, Money laundering | Tagged , , , , , , , | Leave a comment

Near-o tolerance

A recent article in the Economist made a very valid point about recent AML endeavours – that sometimes they can have unfortunate consequences.  I have blogged quite a bit about “de-risking”, or what the FATF calls “the wholesale cutting loose of entire classes of customer”.  In the past year, dire warning about the dangers of dealing with money service business and with charities have resulted in these businesses finding themselves unable to open bank accounts or send wire transfers.  As the Economist explains, echoing the FATF’s own concerns, what this does is send these businesses into the arms of the unregulated financial system, so that even legitimate transfers with no criminal undertones are now impossible to record and monitor.

The Economist is clear where it thinks the fault lies: “Popular though it has become to bash banks, they have been acting rationally.  The blame for the damage that de-risking causes lies mainly with policymakers and regulators, who overreacted to past money laundering scandals.”  However – and not that they need it, as they’re big enough to defend themselves – I feel that it’s important to point out that the FATF has always suggested that financial services firms should take informed decisions, not the wholesale approach.  Moreover – and crucially – they also accept that mistakes will occasionally be made, but that the application of the risk-based approach is so much the better way that occasional failures should be accepted.  In the statement they issued after their plenary meeting in October 2014, they were quite clear: “The risk-based approach should be the cornerstone of an effective AML/CFT system, and is essential to properly managing risks.  The FATF expects financial institutions to identify, assess and understand their money laundering and terrorist financing risks and take commensurate measures in order to mitigate them.  This does not imply a ‘zero failure’ approach.”

Institutions have sometimes used AML as an excuse – a scapegoat – for doing things the way they want to, from demanding certain documents to refusing business.  And de-risking is simply the latest example of this.  The AML intention as viewed by regulators is always to make a reasoned, risk-based, individual response to a situation, but – as the Economist points out – profitability is thrown then into the mix: “No wonder banks dumped less-profitable clients tainted by the merest hint of risk.”  The article calls for “a new approach to financial regulation – one that accepts mistakes can be made in good faith”, and I would contend that this is what we have already.  What we need to balance it is a new approach to AML by institutions – one that accepts that all AML decisions must be made in good faith.

Posted in AML, Money laundering | Tagged , , , , , , , , | Leave a comment

Standing my AML ground

Money laundering and I – or rather, AML and I – have been on intimate terms for more than two decades now.  The muscle memory in my fingers is such that I cannot type the word “money” without following it with “laundering”, and almost any word beginning with a capital M ends up as “MLRO”.  I feel rather protective of AML, even maternal towards it.  We’ve been through a lot together.  We weathered the storm in 2005 when the Third European Money Laundering Directive allowed that upstart, that impostor, that johnny-come-lately terrorist financing to have equal billing, so that all of a sudden everyone wanted to talk about some hybrid creature called AML/CFT (and sometimes AML/CTF – even uglier).

But recently things have Gone Too Far.  As I have said in earlier posts, the new AML legislation in the UK has the most ghastly name: the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 – so that’s someone else muscling in on AML territory.  And in Guernsey they are now talking of renaming the MLRO as the FCRO – Financial Crime Reporting Officer.  The cuckoo in the AML nest.

I am often asked whether I can deliver training on “financial crime, including money laundering, corruption, tax evasion, cybercrime and so on”.  To me, this makes little sense.  Money laundering is not a financial crime: it is the financial crime.  All of the others are simply crimes that generate money – with some of them doing it by abusing financial institutions.  Once the basic crime is committed – whether it’s drug trafficking or bribery or cyber-fraud or art theft  or tax evasion – the criminals proceeds are then available for the main event: money laundering.

Money laundering is not like other crimes: it is not done to make money, but rather to preserve and disguise money from other activities.  (Granted, there are a few professional money launderers who make their living from money laundering, and when we consider how to prosecute them – for laundering the proceeds of laundering – it’s something of a legal minefield.)

So please: let’s restore money laundering to its rightful place as the financial crime supreme, the one that touches every other acquisitive crime.  Demoting it to the status of a standalone crime, just something else that can be done to make money, downplays its importance, its spread and its danger.  AML for one, and one for AML!

Posted in Legislation, Money laundering, AML | Tagged , , , , , , , | 2 Comments

Measuring the uncountable

One of the hardest aspects of any AML regime is measuring its effectiveness.  A bit like insurance, it’s trying to quantify what might have happened if you hadn’t had it.  (That sounds like a nightmare sentence from the translation paper of my French “O” level!)  The FATF has struggled with this, and in 2013 it brought in a revised mutual evaluation methodology to include an effectiveness element which focuses on “the extent to which the legal and institutional framework is producing the expected results”.  And one of the outcomes that it measures is the use of financial intelligence, for instance by gathering “information on STRs (e.g., number of STRs/cases analysed; perception of quality of information disclosed in STRs…”  To those tasked with hosting an FATF (or FATF-style) mutual evaluation in their jurisdiction, this must come as a blessed relief: at last, something that can actually be counted – although “perception of quality” opens another can of AML worms…

Nonetheless, in recent years we have seen much more openness from FIUs about their work – at least at this statistical end of things.  And the Italians are the latest.  In a widely-reported presentation, Claudio Clemente – Director of the UIFI, Italy’s FIU – announced that there has been a “trend of exceptional growth in the influx of reports which, in 2016, reached 101,065 overall, a level eight times higher than was reported when the FIU was established [ten years ago]”.  Now this sounds good – or does it?  If more reports are made, does that mean that more money laundering is being spotted?  Or that more money laundering is happening, and actually the proportion of it being spotted is the same?  Or – if there’s a spike in reporting in one year, for instance – could the heightened vigilance be attributed to something like a tax amnesty, or a local banker going to prison, or even something as pedestrian as the improvement of the reporting mechanism or form?

“Perception of quality” is just as hard to pin down.  Signor Clemente tells us that 60,000 of the reports made in 2016 – 70% of them – were deemed by the Financial Guard’s Special Unit of the Monetary Police to be “of investigatory interest”, which suggests that there was something in them.  When I read annual reports put out by FIUs, there is rarely any mention of the quality of the SARs that they receive, beyond the bald fact of how many are passed on for investigation.  Anecdotally, I am told that things are improving all the time: MLROs are learning what FIUs will need to know in order to launch an investigation, and FIUs are learning what MLROs can and cannot be expected to know about their clients.  But, as with almost everything in the AML world, the improvement is hard to measure.

Posted in AML, Money laundering | Tagged , , , , , , , , | 5 Comments

Yippee – more acronyms!

Last week I discovered that something that exercised me a great deal – the “once a PEP, always a PEP” stance of Guernsey, Jersey and the Isle of Man – did not seem to concern the MLROs in those jurisdictions (or at least the ones who read and comment on this blog – in person, many tell me that it is a pain in the due diligence backside).  And as Guernsey puts out its draft updated regulations and Handbook for consultation, I find myself in a similar position.  They have proposed two innovations which I think will cause workability difficulties for MLROs – but I may well be wrong.

The first is the introduction of a new layer of due diligence.  We have the familiar CDD, and its variants SDD and EDD (although these have been renamed SCDD and ECDD), but then, to quote from the draft Handbook: “In addition to customers assessed by the firm as posing a high risk… and for which ECDD is to be applied…, there may be circumstances where the firm enters into or continues a business relationship, or undertakes an occasional transaction, with a customer which exhibits one or more of [these] characteristics: (a) the customer is not resident in the Bailiwick; (b) the firm provides private banking services to the customer; (c) the customer is a legal person or legal arrangement used for personal asset holding purposes; (d) the customer is a company with nominee shareholders or that issues shares in bearer form…  [In these circumstances] the firm shall undertake ACDD [additional customer due diligence] in order to mitigate the particular risks arising.”  And then a description of what ACDD is appropriate for each of the four circumstances cited is given – such as “understand the reason(s) behind the customer seeking to establish a business relationship or carry out an occasional transaction in the Bailiwick”, and “take reasonable measures to establish the source of funds and source of wealth of the customer”.

Personally I find this confusing.  Isn’t this meant to be part of EDD (sorry, ECDD)?  Is it taking away some of the latitude granted by the risk-based approach, and specifying situations in which ECDD-ish measures must be taken?  As I say, I may well be being over-sensitive about this: what do you MLROs – who (if you were in Guernsey) could have to apply this new regime – think of it?

And this brings me to my second point of concern: the MLRO.  For the Guernsey MLRO will soon, if the draft gets it way, be a distant memory.  Instead, we will have the Financial Crime Reporting Officer (FCRO) and the Financial Crime Compliance Officer (FCCO).  Quite apart from the implication that the poor old MLRO will now have to become expert in assessing suspicions of every type of financial crime (fraud, cyber-fraud, identity theft, corruption, tax evasion, etc.), I do wonder about the wisdom of creating a job title that will be instantly unrecognisable to other jurisdictions.  Neighbouring Jersey already has enough trouble explaining its MLRO/MLCO split to the rest of the world.  And although I can see the benefit in trying to emphasise that it’s not all about money laundering (there’s terrorist financing too), I do worry that it’s going to end up like my one-woman campaign against the term “road tax”.  (It’s not road tax, it’s vehicle excise duty, calculated on the engine size and emissions of the vehicle, which is why I don’t have to pay it for my bicycle – but that doesn’t cut much ice with van drivers who yell at me that I should pay road tax or get off the road.)  I can tell the GFSC from long experience that being technically right but out on a limb is energy-sapping and ultimately a waste of time.  But again, I may be making an MLRO mountain out of an FCRO molehill – what do you think?

Posted in AML, Legislation, Money laundering | Tagged , , , , , | 15 Comments

Thoroughly Modern Piggies

So tell me: what did you do this weekend?  Sit in the garden?  Sail to France?  Slap a few prawns on the barbie?  I did none of these: instead, I sat at my desk, surrounded by the new Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, wielding a red pen, and updated five piggy books.

But let’s start at the beginning.  On Friday I was minding my own business, writing an article, when an email came in announcing that HMT had put out a press release about the new Regs.  “Crack down on terrorist and criminal financing”, said the headline. “Terrorists and criminals will find it harder to move money through the UK financial system thanks to new rules coming into force on 26th July 2017.”  I did a double-take: July?  Had we missed the deadline by exactly a month?  Was it normal to bring out new Regs on a Wednesday?  Or was it a misprint?  I called everyone I could think of at HMT – barring Gladstone, the Treasury cat, who never gives much away – and eventually tweeted them.  After an exciting hour, it was confirmed that it was indeed a typo, and that we were all systems go for the MLD4-sanctioned deadline of 26 June.

As for the major changes, well, I don’t want to spoil your fun as you hunt for them yourselves, but there’s a lot about risk assessment (the government must do a national risk assessment, supervisory bodies must do sectoral risk assessments, and firms’ in-house risk assessments must take these external ones into account).  “Where appropriate with regard to the size and nature of the business” you must: appoint a Board member or similar senior person to be responsible for AML/CFT compliance (and give their name to your regulator); and establish an internal audit function to check your AML/CFT efforts.  If you can’t identify a beneficial owner, you must keep records of all your attempts to do so – I’m really not happy with this one.  There’s plenty of information about EDD – when it must and could be applied, what it must and might entail, etc.   And then there’s that change to record-keeping that I highlighted before, with one small alteration: if you’re looking at transaction records in the context of a client relationship, you must keep them for ten years, or for five years after the end of the relationship, whichever comes first.

The piggies, as I say, are all updated and raring to go – forgive the plug, but now that I’ve spent a whole weekend force-feeding them the new Regs, I want to see them flourish.  Thanks to the magic of print-on-demand publishing, there are no piles of old stock lying around – in a rather fairytale way, no piggy exists until someone orders him.  The link to the updated piggy for UK NEDs can be found here, and the updated four piggies for staff in the UK regulated sector (accountancy, banking, insurance and investment versions) can be found here.

Posted in AML, Legislation, Money laundering, Publications | Tagged , , , , , , , | 10 Comments

A reliability rating for Regs

I regularly visit Switzerland which, being such a lumpy little country, has a lot of weather – and many ways in which the weather can kill you (avalanches, mountain mists, tsunamis, etc.).  (I know you won’t believe me about the tsunamis, but it’s true.)  As a consequence, Swiss weather forecasts are very detailed, and as well as the usual indicators also feature a “fiabilité” rating – how reliable that forecast is.  So if it’s all very settled and not too far in the future, and the forecaster is just about certain that that’s what’s going to happen, it will get a 90% fiabilité score.  More changeable conditions will reduce the fiabilité, sometimes down to as low as 20%.  This is very handy, as it tells you how much to trust what is being forecast.

She’s lost the AML plot, I hear you cry – but my point is this.  Here in the UK we are currently in a strange limbo – and I’m not talking about Brexit and Mayhem.  On 15 March 2017 (beware the Ides…) the UK government published draft new Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.  MLD4 requires them to be in force by 26 June 2017.  The prudent MLRO will of course have looked at the new Regs, going through them with a red pen to pick out those points at which in-house procedures will need to be altered to meet the new standard.  But there’s many a slip ‘twixt cup and lip, as they say (“they” being the ancient Greeks), and I’m certainly not doing my own version of alterations (i.e. updating all my UK piggy books) until I see the final, approved, passed, signed, in-force Regs.

However, what I would really value is a fiabilité indicator for each major change.  I think we can take it as read (95% fiabilité) that the PEP definition is going to extend to bring in domestic PEPs.  But what about that rather troubling suggestion (in s28 of the draft Regs) that if it proves difficult to ascertain the beneficial ownership of a corporate client, it will be permissible to “treat the senior person responsible for managing the customer as its beneficial owner” as long as you have “exhausted all possible means of identifying the beneficial owner of the body corporate” and you “keep records of all the actions… taken to identify the beneficial owner”?  How likely is that to come in?  Personally I’m hoping for a negative fiabilité rating on that one, but we’ll have to wait and see.

And that’s my concern: waiting and seeing is not comfortable for MLROs, who by their nature are happiest with plans and details.  In-house procedures cannot be changed overnight, and the more notice that can be given, the better.

Posted in AML, Legislation, Money laundering | Tagged , , , , , | Leave a comment

It’s for you-hoo!

Apart from the days when I am out preaching the AML gospel, I work alone in an office above my garage.  Although this means that I get all the Jaffa Cakes and can break off to dance to ABBA’s “When I Kissed the Teacher” whenever I need to stretch and loosen my shoulders, it also means that I quickly fall out of touch with modern office manners.  And what has been on my mind recently is the use of the mobile phone.

When mobiles first became ubiquitous, people would bring them into AML training sessions but hide them: for some reason, they thought that I wouldn’t spot them fiddling around under the desk with their phones (at least, I hoped that’s what they were doing under there).  But now mobiles are brought in completely openly, placed brazenly on the desk, and picked up and consulted with impunity, which does rather discombobulate me.  I realise that some of the fault is mine: I should check with the MLRO beforehand, to ask about the in-house policy on phones in training sessions.  (Nowadays of course, in life outside work, it is perfectly acceptable to have your phone with you – and to check it at will – wherever you are: out with friends, in bed, in the cinema, on a date…  So we’re swimming against the tide here.)

That said, my concern is less about etiquette than about concentration.  I know we think we can multi-task, but actually we can’t.  The current fixation with mindfulness is the predictable outcome of a realisation that although we can do several things at once, it really means that we’re doing none of them well.  And – I would suggest – if you’re reading an email or surfing the web during a training session, you’re not listening to the trainer or processing what is said.  And where will it go next?  Actually, I know: in a recent training session, I had someone answer their phone (I’ve had this before) and then stay in the training room and have a loud conversation (that, I will admit, was a first).

So help me out here, those of you who work in offices: what is the expectation these days?  Phones in all meetings?  Can you check/surf/email/talk – or only some of those?  And do you find it enervating to try to do it all?  Would you actually find it a welcome relief to have a phone-free session?

Posted in AML, Training | Tagged , , , | 12 Comments

Now and forever

As regular readers will know, I have a great fondness for Guernsey.  It has a mild climate, lovely scenery, excellent food – and a rather admirable AML regime.  (That last bit doesn’t make it into the VisitGuernsey brochures or telly ads, but it matters a lot to me.)  In many respects, the Guernsey AML regime takes a more pragmatic, more workable and indeed more demanding approach than that of the UK.  But in one key area the Guerns have it wrong, and those who are reading this will know what I am going to say.  Yes, it’s their definition of PEPs.  Well, not the definition exactly, but rather their longevity.

As was first suggested by the Third Money Laundering Directive *wavy lines to suggest time shift back to 2005* and then confirmed by the Fourth one, PEPs can be de-PEPped when they have been out of power for a year.  Or, to put it in official terms: “Where a politically exposed person is no longer entrusted with a prominent public function by a Member State or a third country, or with a prominent public function by an international organisation, obliged entities shall, for at least 12 months, be required to take into account the continuing risk posed by that person and to apply appropriate and risk-sensitive measures until such time as that person is deemed to pose no further risk specific to politically exposed persons.”  Now I have talked before about how I don’t think a year is quite long enough, and how – if they’d bothered to ask me, which they didn’t – I would have advised, say, five years.  And I have also said that I think the Guernsey approach (shared by Jersey and the Isle of Man) is barking: in those three jurisdictions, it’s once a PEP, always a PEP, with only the shuffling off of the mortal coil putting an end to the EDD.

And so it was with feverish anticipation that I clicked on the draft amendment to Guernsey’s AML legislation that was issued last week for consultation.  I’m leaving the real excitement of a close read and a red pen mark-up until Friday (I used to be a schoolteacher, and always have a red pen to hand) but I couldn’t resist a peek at the PEPs.  In all honesty, I had fully anticipated the ditching of the eternal PEP – but then I thought we’d vote Remain and that the Americans would choose Clinton.  And indeed my unerring streak of mis-prediction continues, for there it is in the draft amendment: “’politically exposed person’ means… a person who has, or has had at any time, a prominent public function…”  I may need a really thick red marker for this one.

Posted in AML, Due diligence, Legislation | Tagged , , , , , , , , | 9 Comments

A fine fortnight

What else could I blog about today but the seemingly daily fines on financial institutions for AML failings?  Here’s what has happened (you can see the links to all of these stories on the Newsroom page of my website):

  • 22 May: Citicorp agrees to pay US authorities US$97.4 million [about £75.7 million] in settlement of an AML enquiry into the activities of its unit that dealt with Mexican remittances
  • 30 May: the Monetary Authority of Singapore fines Credit Suisse and United Overseas Bank a total of S$1.6 million [about £900,000] for AML failings around the 1MDB theft, while the US authorities fine Deutsche Bank US$41 million [about £32 million] for AML failings, AND the Irish authorities fine Bank of Ireland 3.15 million euros [about £2.75 million] for – you guessed it – AML failings
  • 2 June: the French authorities fine BNP Paribas 10 million euros [about £8.7 million] for (all together now) AML failings

Now either these regulators are planning maHOOsive summer picnics, or there is something going on.  Looking at the detail of the findings (and there’s not much visible to the outsider), common themes are: weaknesses in conducting initial CDD; insufficient monitoring of potentially suspicious transactions; and failing to make timely SARs.  The general picture seems to be that the institutions became so focused on profitable/critical business that they failed to spot atypical transactions and activity and – if they do spot it – they fail to report their concerns to the authorities.

As we gird our loins to deal with the obligations of MLD4 (only nineteen days away now) before taking a breath and starting to consider the even-more-complex potential of MLD5, it is worrying to read that so many institutions – large, important, established, international institutions – are still struggling with the absolute basics: keep an eye on your clients and react if they do something odd.

Posted in AML, Due diligence, Money laundering | Tagged , , , , | 1 Comment