For my sins, I start every working day with a trawl of the latest money laundering stories. As I scan them, I am doing mental triage:
- Really significant developments go onto the Newsroom page of my website
- Those, and other stories of general money laundering interest (including prurient interest), are tweeted
- Developments which are not exactly news-worthy but still might be of interest or professional relevance to MLROs (a judge’s pronouncements on the nature of suspicion, for instance) are filed away for future use in workshops and training.
In the background to this triage is my own personal standard for deciding whether to share information at all: has it progressed far enough, or is it still basically a rumour? For me, the cut-off point is the laying of charges. If someone is arrested on suspicion of money laundering, I might just tweet it if it is someone really well-known, but usually I will wait until charges are laid, as this tells me that the authorities believe that they have a strong case and we’re definitely out of rumour territory.
And it occurs to me that MLROs might well be performing a similar calculation. It is expected by regulators, particularly when you are dealing with PEP and other high risk clients, that an adverse media check will form part of the take-on and monitoring procedures. But what if the results thrown up are sensationalist tittle-tattle or crowing Schadenfreude rather than actual reporting of events? As ever, it’s a risk-based decision, which must take into account the source and vintage of the information and whether it can be corroborated. (For instance, if I am checking the reliability of a story, I will look to see whether the BBC or Reuters is carrying it.)
So why is this on my mind? Well, it’s the latest legacy of that grubby man Jeffrey Epstein. Last week the New York State Department of Financial Services announced that it had levied a US$150 million penalty against Deutsche Bank in part for failing “to properly monitor account activity conducted on behalf of the registered sex offender despite ample information that was publicly available concerning the circumstances surrounding Mr Epstein’s earlier criminal misconduct. The result was that the Bank processed hundreds of transactions totaling millions of dollars that, at the very least, should have prompted additional scrutiny in light of Mr Epstein’s history.” In a statement to his staff, Deutsche Bank CEO Christian Sewing said: “Onboarding [Epstein] as a client in 2013 was a critical mistake and should never have happened.” Indeed: even the most unimaginative compliance officer could have toddled over to Wikipedia and read that in 2008 (five years before the onboarding) Epstein had been convicted of procuring an underage girl for prostitution and was placed on the sex offenders’ register for life. And even if Deutsche Bank was happy to take on this reputational nightmare of a client, his transaction patterns should have set alarm bells ringing: “payments to individuals who were publicly alleged to have been Mr Epstein’s co-conspirators in sexually abusing young women” and “payments to Russian models, payments for women’s school tuition, hotel and rent expenses, and (consistent with public allegations of prior wrongdoing) payments directly to numerous women with Eastern European surnames”. I’d give almost anything to read the file notes detailing the enquiries made by Deutsche Bank staff about those payments – if the word “niece” appears, you can consider me a Dutch uncle.
Do you think this is a substantial expansion of the AML role?
Of course, the situation shouldn’t have arisen at all – conviction for sex offending, reputational risk, goodbye. And in fact the bank did belatedly terminate the relationship in 2018. But leaving aside the ill-advisedness of the relationship, it seems a little scary that compliance officers are required to don their Sam Plank top hat and venture into an investigation of newspaper allegations and speculated criminal activity.
In future, I imagine institutions will be even less likely to accept clients with any hint of scandal. (I do wonder though whether most of the $150m fine was because of Danske Estonia and FBME, but that would get fewer headlines for the New York State Department of Financial Services.)
I’m not sure that it’s a change – the JMLSG guidance (in the UK) has long advised MLROs to consider reputational risk: “Are there any adverse media reports or other relevant information sources about the customer? For example, are there any allegations of criminality or terrorism against the customer or their beneficial owners? If so, are these credible? Firms should determine the credibility of allegations on the basis of the quality and independence of the source data and the persistence of reporting of these allegations, among others. The absence of criminal convictions alone may not be sufficient to dismiss allegations of wrongdoing.” The Epstein case was clear-cut in one respect, because it had gone beyond allegations and into conviction. But you may well be right that “bank cosies up to convicted sexual predator” was considered a better headline than “bank’s AML processes let it down again”!