Latest leak lessons

This is a tricky time to write a blog post, as everywhere is swirling with stories from the “FinCEN Files”.  I have explored the leaks on the ICIJ website, read the reputable (and disreputable) press sources and watched the “Panorama” programme on the BBC (“Banking Secrets of the Rich and Powerful”).  I shall leave the dissection of the details to them, but a few things have struck me.

First, I am disappointed at how the SAR process is being, well, misrepresented.  I am always delighted when money laundering hits the headlines (if a little embarrassed that the UK is always, but always, involved) because it tells the general public about what we AMLers do, and why we ask for identity documents, and why we might be concerned about that large payment they are making to a lovely chap they have been chatting with in Afghanistan or Nigeria or China.  But sometimes the educational opportunity is squandered with inaccurate or incomplete information.  For instance, the BBC newsreader, breaking the story on the late-night news on Sunday, said: “SARs are how banks can report their wealthiest clients if they do anything suspicious.”  This makes it sound as though SARs are for PEP/rich people only – not for all clients.  And it seemingly restricts the system to banks.

Then on Monday morning I opened my Economist Espresso update [I can’t stomach full news first thing in the day – this little digest is all I can tolerate] and read this: “SARs are to be filed to the American government when a bank suspects a client’s assets have been acquired nefariously.  They also indemnify the banks from taking further action – thus allowing them to move trillions of dollars in suspicious transactions, which facilitates money-laundering.”  For now, I shall put to one side my ongoing battle with the Economist about the hyphen that they insist on putting in “money-laundering”.  But SARs do not indemnify anyone – unless this is an American flavour of the system…?  (I don’t work in the US so have only a passing acquaintance with the niceties of their AML legislation, such as it is.)  In the UK, making a SAR is far from a “get out of jail free, well done for spotting that and now you can launder to your heart’s content” card: it may provide you with a defence to a charge of failing to disclose, but as for indemnifying the reporting institution so that it can carry on without doing anything else about that dodgy money, well, that’s not my view of how it works.  I’d be grateful for any clarification re US or UK “indemnification”.  And none of the sources so far has mentioned that SARs must also be submitted by lawyers, accountants, TCSPs, etc. – they make it sound as though all the responsibility lies with the banking sector.

The “Panorama” programme contains the usual mix of “can you believe it?” and “we told you so” stories.  Diligent MLROs will already be well aware of the dangers of using “box-ticking, lawyer-ish reasons why they haven’t done anything wrong” (Edward Lucas of the Center for European Policy Analysis).  But one lesson they could take from the programme is that of Christopher Harborne aka Chakrit Sakunkrit.  Mr Harborne holds a British passport in that name, and a Thai one as Mr Sakunkrit.  (Which means that any financial institution he uses which is unaware of his dual identity cannot be certain that they have the full picture when it comes to exposure to their client.)  In recent years, thanks to the explosion in golden visas and passports for investment, I have been advising MLROs to ensure that their CDD procedures include the question: “Is this your only nationality?”  It seems that we should then ask a follow-up/variant question: “Do you hold a nationality in any other name?”  Or perhaps just go for it, Senator McCarthy-style: “Are you now, or have you ever been, a money launderer?”

Posted in AML, Money laundering, White collar crime | Tagged , , , , , , , , , , , , , , , , , , | 4 Comments

Sixth sense

Right, here’s a little quiz for you: as of today, it’s 78 days until what?  Points deducted if you simply say, “Thursday 3 December” – although points added if you know that that’s my mother-in-law’s birthday [note to self: remind husband].  In all the excitement about MLD5 and Brexit and the thrill of breaking international legislation (oh, plus a pandemic – and please can we stop calling it a “global pandemic” because pandemos already means everybody…), we have clean forgotten to get worked up about MLD6.  And MLD6 requires that “Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive by 3 December 2020”.

As you doubtless remember from the giddy days of October 2018 when MLD6 came into being, this is a slightly different MLD to the usual ones: most of the others have dealt primarily with AML concerns – who is in the AML family, what CDD they need to do, what the risk-based approach means, who should be considered a PEP, and so on.  But MLD6 is all about the crime itself: what exactly is money laundering, who can be punished (and how much) for doing it, and what to do about that pesky dual criminality.  And yes, you’re right: these are Big Topics.  Which have been entirely overshadowed by MBILP*.  And no self-respecting MLRO can go a moment longer without putting MLD6 firmly back on the radar – remember, it’s only 78 days away.

I can’t possibly go into all the detail here, but (a) MLD6 is only sixteen short Articles so doesn’t take long to read in full, and (b) oh, go on then, here are the highlights:

  • Article 2 provides a harmonised list of the 22 offences that are considered to be criminal activity [i.e. a predicate offence that can lead to money laundering] – a Member State can add more, but this is the minimum, and the list includes trafficking in almost anything, environmental crime, tax crimes and cybercrime
  • Article 4 confirms that “aiding and abetting, inciting and attempting” money laundering are also criminal offences
  • Article 6 talks about aggravating circumstances [no, not being a liberal Englishwoman alive in 2020, although that is pretty aggravating], including being a member of an organised crime group, or being an “obliged entity” (i.e. a business covered by AML obligations) and still indulging in money laundering, bringing us to…
  • Article 7, which drops the bombshell that “legal persons can be held liable for any of the [money laundering] offences”, and
  • Article 10 introduces information-sharing requirements between jurisdictions so that a criminal prosecution for connected offences can take place in more than one EU Member State.

Yes, it’s quite the directive.  As for what the UK is doing about it, your guess is as good as mine (and almost certainly contains fewer swear-words).

* MLD5, Brexit, international legislation and pandemic

Thanks to James in Cornwall for reminding me to get my dander up about how MLD6 has been overlooked

Posted in AML, Legislation, Money laundering | Tagged , , , , , , , , , , , | 6 Comments

AML for the autodidact

I’m a big fan of surveys and reports: give me a sniff of a group of compliance types being asked for their take on AML, and I’m there with my hand in the air, begging for the results, like the girlie swot I am.  So when LexisNexis recently published “What Keeps AML and CFT Professionals Awake at Night?”, I downloaded like a demon.  Turns out it’s not – as it so often is for me – trying to figure out why all the women in “Mad Men” love Don Draper when he’s so obviously a cad marinated in Brylcreem, but rather matters more professional in nature.

[A tangential observation, if you’ll permit.  When people ask what I do, I struggle to find the right words.  “AML consultant” is a bit watery, while “AML expert” is boastful.  But the foreword to this report is written by someone described as a “financial services regtech pioneer and expert”.  Now there’s someone not unduly troubled by pesky modesty.]

Anyway, I’ll leave you to read the report yourself, as everyone will take something different from it.  For my part, you’ll not be surprised to hear, I was particularly interested in what the “300 financial crime compliance professionals from a variety of different types and sizes of financial institutions across the UK & Ireland, including banks, asset management firms, fintech and challengers” had to say about staff [AML] training.  And here it is:

  • 77% of respondents “have a formal training process in place to keep staff updated on new criminal methodologies”
  • 72% of respondents expect that staff will seek external training
  • “Half of banks also expect their staff to independently seek external training to supplement their understanding of emerging financial crime methodologies, resulting in inconsistency across the sector”.

In theory, this expectation for staff to seek external training should be positive (knowledge = good, more knowledge = better), but unfortunately I see several problems.  For a start, regulatory expectation across all sectors is that AML training should be tailored specifically to the business and to the job role of the trainee – and any training that a member of staff sources independently is very unlikely to achieve this.  Then if staff are left to their own devices to research “new criminal methodologies”, who knows what rabid, prejudiced or plain wrong accounts they will read, with click-bait and spam lying in wait.  And just how does this DIY, pick-and-mix approach to learning fit with the risk-based approach for the firm, where decisions about who is taught what is supposed to be decided in a cool-headed manner against a background of risk assessment?

Of course, I imagine that most firms will provide in-house training and hope that staff will then augment that (rather than replacing it) with their own reading and learning.  But – back to the survey report – the numbers suggest that there are still plenty of firms (23% of respondents) with no formal training process for keeping their staff abreast of “new criminal methodologies”.  Surely the least a financial sector employee can expect is to be given the information he needs to be able to do his job to the correct legal standard.  Thank heavens for the “training defence” (e.g. section 330(7)(b) of the UK’s Proceeds of Crime Act 2002) – you might need it.

Posted in AML, Training | Tagged , , , , , , , , | 5 Comments

Osh Ghosh begone

I have had no legal training, but on the plus side I have a high boredom threshold and I love reading – both of which are, I believe, essential for lawyers.  This means that I can generally work my way doggedly through any piece of legislation.  I remember that the first one to give me real pause for thought – and several lovely lawyers did try to explain it to me – was the Mareva injunction.  (That’s a freezing injunction, for those of you too young to remember the original “Crackerjack”.)  But my legal understanding has been rocked to its shaky foundations by a recent ruling by the (UK) Court of Appeal that for nearly four decades we have been using the wrong test to decide whether someone has acted dishonestly.

Dishonesty is one of those peculiar concepts: you feel that everyone should know what it means, and everyone probably does on an instinctive level – but courts cannot act on instinct and so a way has to be found to define what is almost too obvious to be defined.  For years, I have been applying – in my AML capacity, and also as a magistrate here in the UK – what is cheerfully called the Ghosh test of honesty.  It is named in honour of Dr Deb Baran Ghosh, a surgeon who defrauded the NHS.  He appealed his guilty verdict in 1982 on the grounds that the trial judge had instructed the jury to use their common sense to determine whether Dr Ghosh’s conduct had been dishonest or not.  His defence team argued that the judge should have instructed the jury that dishonesty was about the accused’s state of mind (a subjective test) rather than the jury’s point of view (an objective test).  From this was derived the Ghosh test of dishonesty, which features what lawyers like to call two “limbs”:

  • First you have to decide whether what the defendant did was dishonest according to the ordinary standards of reasonable and honest people (which is an objective test) – if not, that’s an end to it.
  • But if the answer is yes, then you have to decide whether the defendant realised that reasonable and honest people would regard what he did as dishonest – so it’s not a matter of what he personally thought, but whether he realised what ordinary and reasonable people think.

(So if you organise a collection in the office to buy someone a wedding present and instead spend it on a slap-up lunch for yourself, the jury would be asked if ordinary people regarded that to be dishonest, and if so, did you know that ordinary people thought that way.)

Does your head hurt yet?  Congratulations if you’ve just about grasped the Ghosh test… but it turns out that we’ve been doing it wrong for 38 years, because in R v Barton and Booth 2020, the Court of Appeal decided that the correct test of dishonesty is not Ghosh, but Ivey – specifically, Ivey v Genting Casinos (UK) 2017.  And now we have a different pair of two limbs:

  • First you have to decide what the defendant knew or genuinely believed the facts to be – which is a subjective test (never mind whether we would have thought the same – what did he believe the facts to be?).
  • And then you have to consider whether, if ordinary decent people knew or believed those facts, would they consider what the defendant did was dishonest?

(So the greedy office collector might say that he thought his colleagues would be thrilled to see him having a lovely lunch rather than wasting the money on a fondue pot, and the jury would have to decide whether he really thought that.)

The key change seems to me – and again, I’ve had NO LEGAL TRAINING – to be that the defendant’s state of mind is the primary issue to be considered, rather than the attitudes/beliefs/prejudices/hopes/dreams of Ghosh’s “reasonable and honest people” or Ivey’s “ordinary decent people”.  And what difference will this make?  Well, I’ve spent the morning reading various papers written by barristers, law schools and other legal experts and they all agree: only time will tell.  At least they’re honest.

Posted in Legislation, White collar crime | Tagged , , , , , , , , , , | 5 Comments

Is that why it’s called a PEP rally?

I am of An Age where every working surface in our house has been equipped with a cheap pair of reading glasses – who knows when I will need to read that care label, cooking instruction or baffling piece of American guidance?  But even wearing my very best pair of specs, polished robustly, and with the font size turned up loud, I am still questioning what I am reading.

On 21 August 2020, FinCEN – the American FIU – issued a “Joint Statement on Bank Secrecy Act Due Diligence Requirements for Customers Who May Be Considered Politically Exposed Persons”.  (The other parties involved are all the big hitters: the Board of Governors of the Federal Reserve System; the Federal Deposit Insurance Corporation; the National Credit Union Administration; and the Office of the Comptroller of the Currency.)  US banks have asked for clarification on “how to apply a risk-based approach to PEPs consistent with the CDD requirements contained in FinCEN’s 2016 CDD Final Rule” – which seems a bit late in the day to me, but hey-ho.  And three points in the clarification have me reading and re-reading in case it’s one of those situations where I have missed a crucial word, such as “not” or “must” (or “federal incarceration”).

The first is this: “The Agencies do not interpret the term ‘politically exposed persons’ to include US public officials.”  Out of step with the rest of the world, the US definition of PEP is still outward-looking only.  (Further reading reveals that there is the definition of the “senior foreign political figure” contained in the section of the Bank Secrecy Act that refers to private banking – but this is a niche concept, and only private banking services are required to take any notice of it.)

The second head-shaker is this: “BSA[Bank Secrecy Act]/AML regulations do not define PEPs, but the term is commonly used in the financial industry to refer to foreign individuals who are or have been entrusted with a prominent public function, as well as their immediate family members and close associates.”  Why on earth do those regulations not define PEPs?  Everyone else does – FATF, Basel, EU – so why not the US?

And now for the real WT* moment: “There is no regulatory requirement in the CDD rule, nor is there a supervisory expectation, for banks to have unique, additional due diligence steps for PEPs.  The CDD rule also does not require a bank to screen for or otherwise determine whether a customer or beneficial owner of a legal entity customer may be considered a PEP.  A bank may choose to determine whether a customer is a PEP at account opening, if the bank determines the information is necessary for the development of a customer risk profile.  Further, the bank may conduct periodic reviews with respect to PEPs, as part of or in addition to the required ongoing risk-based monitoring to maintain and update customer information.”

Like, dude, seriously?  Are US banks really not required even to ask the PEP question unless they fancy doing so?  Or is it my glasses?

Posted in AML, Due diligence, Legislation, Money laundering | Tagged , , , , , , , , , , , , , | 4 Comments

Happy holidays!

Well hello everyone – I’m back.  And while I was away on my hols, I did wonder whether taking time off in the summer was the responsible thing to do.  As long ago as 1831, astronomer and statistician Adolphe Quetelet took advantage of the new French habit of publishing annual crime statistics (they started in 1827) to observe that crime rates are not constant through the year but instead vary by season.  He refined his understanding in his 1831 book “The Propensity to Crime”, in which he described a “thermic law” of crime: in short, crimes against the person peak during summer months and crimes against property peak during winter months.  In 1911 Cesare Lombroso – sometimes called the “father of criminology”, and much given to reading people’s faces and skulls to detect criminal tendencies – came to the same conclusion, observing that rapes were much more common in warm weather.  (Interesting fact, for your next Italian holiday: in his will, Lombroso requested that his head be preserved after death so that it could be measured according to his own theories, and it is still displayed, pickled in a jar, at the Museum of Psychiatry and Criminology in Turin.  Go on: the kids will love it!)

Finding seasonal patterns in white collar crime is harder – perhaps because it is often perpetrated from a desk, and in our centrally heated and air-conditioned times, criminals can be comfortable all year round.  However, there are frauds that happen at certain times of year.  Big festivals – Christmas, Chinese New Year, Eid – are usually associated with big spending on food and gifts, and this offers increased opportunities for online scams, theft of credit card details and general scumbaggery.  Festivals that require heading “home for the holidays” will put travel fraudsters on alert, setting up websites to sell fake tickets and skim identity and payment details.  And once you’re on the move, hackers are on standby for when you just can’t resist using that free wifi on the train or plugging into that complimentary phone-charging point at the airport.

From an AML perspective, perhaps our biggest seasonal concern is everyone going on holiday at once.  If the office is actually closed, that’s less risky: there’s no business being done, so there’s no worry about reduced or accelerated AML checks.  But if the office is open but half the staff have already gone on leave while the other half are watching funny video clips on Youtube and mainlining the Christmas candy, well, that’s a money launderer’s best possible present.

Posted in AML, Fraud, Money laundering, Organised crime | Tagged , , , , , , , | Leave a comment

A word to the wise

MLROs and compliance folk are creatures of precision.  I (proudly) count myself among them, and I know that when I am designing procedures or assembling training materials or writing this blog, I make sure that I check my sources very carefully.  For the most part, my sources are legislation (money laundering, terrorism, and AML/CFT), regulatory guidance, and pronouncements by industry bodies, law enforcement agencies and organisations like the FATF.  But I do not rely on memory, even though I have been reading these materials for – literally – decades: I always return to the source to make sure that I am quoting/using/interpreting exactly the right words.  Because the exact wording matters.

Take the situation in Jersey, for instance.  (It really is a “for instance”: every jurisdiction has similar examples – it just happens that most recently I have been working for a Jersey client.)  Their AML legislation is called the Money Laundering Order, and one of its requirements is this: “[When dealing with a PEP client] the specific and adequate [enhanced] measures… must include… measures to establish the source of the wealth of the politically exposed person and source of the funds involved in the business relationship or one-off transaction.”  The phrase “[take] measures to establish” is found in many pieces of AML legislation around the world, and gives MLROs all manner of headaches.  It’s not the same as “establish” – or I assume not, otherwise legislators would simply use that single word – and it’s certainly not the same as “verify” or “prove” (thank goodness).

Further vocabulary niceties are introduced in Jersey’s guidance (again, not picking on Jersey: just being lazy and using the example most readily to hand).  In the chapter of the guidance that deals with CDD, local firms are told that they must understand ownership, find out the identity of the customer (and beneficial owners, etc.), obtain information on purpose and intended nature of relationship, and obtain evidence of identity.  And the section looking in detail at ownership structure states that “understanding ownership involves taking three separate steps: requesting information from the customer (or a professional); validating that information; and checking that information held makes sense”.  Not for one moment do I think this is accidental, or a writerly trick to avoid using the same word over and over again: these terms have been chosen precisely.

Therefore – across the legislation and guidance – the Jersey MLCO/MLRO is assessing and allowing for the minute differences between establishing, obtaining, finding out, understanding, requesting, checking and validating.  Now I’m (a) an English graduate, (b) an AML obsessive, and (c) a natural pedant, but that strikes even me as quite the challenge.  And once the MLCO/MLRO has it straight, s/he has to communicate it to the Powers That Be in order to get approval of the approach (and budget) needed to achieve the establishing/obtaining, etc., and then communicate the subtle differences to staff through clear and unambiguous procedures.  Perhaps any of us tasked with writing legislation, guidance or procedures should keep in mind the observation of Winnie the Pooh that “it is more fun to talk with someone who doesn’t use long, difficult words but rather short, easy words like, ‘What about lunch?’”.

I’m taking the next three weeks off work and will be spending my time not thinking about AML.  Well, not much.  The next post on this blog will appear on Wednesday 19 August.

Posted in AML, Legislation, Regulation | Tagged , , , , , , , , , , , | Leave a comment

Friends in low places

For my sins, I start every working day with a trawl of the latest money laundering stories.  As I scan them, I am doing mental triage:

  • Really significant developments go onto the Newsroom page of my website
  • Those, and other stories of general money laundering interest (including prurient interest), are tweeted
  • Developments which are not exactly news-worthy but still might be of interest or professional relevance to MLROs (a judge’s pronouncements on the nature of suspicion, for instance) are filed away for future use in workshops and training.

In the background to this triage is my own personal standard for deciding whether to share information at all: has it progressed far enough, or is it still basically a rumour?  For me, the cut-off point is the laying of charges.  If someone is arrested on suspicion of money laundering, I might just tweet it if it is someone really well-known, but usually I will wait until charges are laid, as this tells me that the authorities believe that they have a strong case and we’re definitely out of rumour territory.

And it occurs to me that MLROs might well be performing a similar calculation.  It is expected by regulators, particularly when you are dealing with PEP and other high risk clients, that an adverse media check will form part of the take-on and monitoring procedures.  But what if the results thrown up are sensationalist tittle-tattle or crowing Schadenfreude rather than actual reporting of events?  As ever, it’s a risk-based decision, which must take into account the source and vintage of the information and whether it can be corroborated.  (For instance, if I am checking the reliability of a story, I will look to see whether the BBC or Reuters is carrying it.)

So why is this on my mind?  Well, it’s the latest legacy of that grubby man Jeffrey Epstein.  Last week the New York State Department of Financial Services announced that it had levied a US$150 million penalty against Deutsche Bank in part for failing “to properly monitor account activity conducted on behalf of the registered sex offender despite ample information that was publicly available concerning the circumstances surrounding Mr Epstein’s earlier criminal misconduct.  The result was that the Bank processed hundreds of transactions totaling millions of dollars that, at the very least, should have prompted additional scrutiny in light of Mr Epstein’s history.”  In a statement to his staff, Deutsche Bank CEO Christian Sewing said: “Onboarding [Epstein] as a client in 2013 was a critical mistake and should never have happened.”  Indeed: even the most unimaginative compliance officer could have toddled over to Wikipedia and read that in 2008 (five years before the onboarding) Epstein had been convicted of procuring an underage girl for prostitution and was placed on the sex offenders’ register for life.  And even if Deutsche Bank was happy to take on this reputational nightmare of a client, his transaction patterns should have set alarm bells ringing: “payments to individuals who were publicly alleged to have been Mr Epstein’s co-conspirators in sexually abusing young women” and “payments to Russian models, payments for women’s school tuition, hotel and rent expenses, and (consistent with public allegations of prior wrongdoing) payments directly to numerous women with Eastern European surnames”.  I’d give almost anything to read the file notes detailing the enquiries made by Deutsche Bank staff about those payments – if the word “niece” appears, you can consider me a Dutch uncle.

Posted in AML, Money laundering | Tagged , , , , , , , , , , | 2 Comments

Performance negated pay

Much has been written in recent weeks about the pandemic’s impact on AML endeavours – how to conduct CDD checks on clients who cannot leave their homes, and whether to accelerate acceptance of online CDD documents (is the risk of accepting them now smaller than the risk of rejecting them?).  But poor beleaguered MLROs are simultaneously wrestling with another oversight issue which has been exacerbated – but not created – by the dreaded virus.  My thoughts on this have been prompted by a recent Bartleby column in The Economist newspaper (“Tale of the century”, 13 June 2020), which looks at what he has learned over the course of writing a hundred columns – and “the most remarkable discovery was how much is written about management”.

Bartleby makes the observation that the typical corporate structure is “a system created in the 20th century for mass-manufacturing companies”, with middle managers existing to communicate “guidance from top executives to the workforce” – but this function now belongs to the corporate intranet.  Similarly, old ways of measuring performance have become outdated: the “widgets produced per hour” model (simple and tempting though it is) is simply not fit for the service sector.  To put the tin lid on it, “a focus solely on shareholder value, associated with the 1990s boom, is no longer appropriate” – firms must now take notice of wider social issues such as environmental concerns and social responsibility.  Yet many employees in the financial sector are still paid at least a proportion of their salary depending on financial performance.

For the MLRO, this is a problem.  The MLRO does not want staff merely to bring in more business: he wants them to bring in the right kind of business.  And sometimes, of course, the most profitable business is profitable precisely because it is the wrong kind of business: it is too risky for any right-minded firm to take on, and so it dangles enormous fees and promises of future largesse to tempt the unwary.  (Some years ago I briefly considered doing a PhD looking into the impact of bonus-based remuneration on the acceptance of dodgy clients, but was put off when I realised how much statistical analysis was involved – statistics and I are not easy bedfellows.)  But still, the problem remains.  A regulator told me recently that during one supervisory visit he had seen an organisation reducing staff bonuses if client take-on forms and accompanying CDD checks were done poorly in more than 10% of applications – now there’s an idea whose time might have come…

Posted in AML, Due diligence, Money laundering | Tagged , , , , , , , , , | Leave a comment

Nose in, fingers out

Recently a client asked me how to deal with difficult directors.  How to train them, you mean? I asked – how to encourage them to attend AML training and take note of our pearls of wisdom?  No, she said: I means directors who are bullies and tell other directors that AML is nonsense, who have zero respect for compliance and storm out of board meetings where AML policies are being discussed because it’s all a waste of time, who tell staff that AML is not worth bothering with and who generally set a Very Poor Example.  Heavens, I thought: I had no idea.  So I did some reading – looking for examples and suggestions – and although much of what I found was focused on creating an effective board of directors and choosing the right people in the first place, I did come across some compliance-specific tips that I can share with you.

First, the title of this post.  One of the common complaints about directors is that they forget what a director is for.  The clue is in the name: a director directs, while managers manage and staff do.  Many directors – particularly those who have risen through the managerial ranks – find it difficult to step back from detail.  But that’s what they need to do: the board sets the direction and the managers figure out the best way to get there.  Hence the mantra: nose in, fingers out.  So if you have a director who objects to how the MLRO is actually achieving the AML objectives of the firm – but still achieving them – remind him/her of the mantra.

Second, there is the relentlessly negative director.  This will never work, that’s not what we need to be doing, I don’t see why AML matters when it’s not generating profit.  Constant disagreement can hamper decision-making and frustrate the management who are trying to get things done.  It is the job of the chair of the board to make sure that the board is working effectively, and if s/he has not noticed (or become immune to) the detrimental effect of the negative director, you should bring this to their attention.

Third, you have the bullying director.  Boards are, by design and by intent, collegiate in nature: they are not a pyramid structure, with a leader and minions.  Agreement achieved by bullying is dangerous and destructive: the whole board can end up falling in behind a very strong and intimidating leader, which makes the board structure (and indeed philosophy) pointless.  Again, if you think this is happening, you need to alert the chair.  Quite what you do if the bully is the chair, I’m not sure – ideas please!

And if you want to see how bad it can be, take a look at this case from Dubai: in May 2016 two directors of a bank in Dubai (Raphael Lilla and Kapparath Muraleedharan) were fined for bullying a Senior Executive Officer and a Compliance Officer into opening accounts which they considered too high risk.  Thankfully the bullying was recognised as just that, and moreover the DFSA press release praised the SEO and CO for standing up to it: “The DFSA also commends the Senior Executive Officer and the Compliance and Money Laundering Reporting Officer for taking action to mitigate the risks to which the Firm was exposed, and for notifying the DFSA.”

Posted in AML, General thoughts | Tagged , , , , , | 2 Comments