More questions than answers? The EU’s new anti-money laundering authority
The EU is set to establish a new Anti-Money Laundering Authority next year. Sebastian Diessner writes that while the new authority is a step in the right direction, there remain more questions than answers over how it will function and where it will be based.
Until recently, the question of who is in charge of cracking down on money laundering in Europe should arguably have been answered with: ‘the US’. After all, it has been the US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) that has acted as the sheriff in terms of discovering and penalising major scandals among European banks failing to live up to their anti-money laundering and counter-terrorism financing requirements in recent years.
These have included investigations into the Estonian branch of Danske Bank for laundering no less than €200 billion over the course of a decade and several probes into Deutsche Bank, including for its implication in a laundromat scheme that enabled the laundering of another $20-80 billion (many details of which only became known through the FinCEN Files leak), in both cases out of Russia.
But this might be about to change. The European Union has belatedly woken up to the challenge and has proposed legislation which effectively strips the European Banking Authority (EBA) of its few anti-money laundering powers, to the benefit of a proper EU-wide authority – a step which had long been called for by MEPs and outside observers. With the zeal of a convert, the new Anti-Money Laundering Authority (AMLA) is now supposed to be established by 1 January 2023 already, although it is only expected to be operational by the beginning of 2024, to be fully staffed by 2025, and to directly supervise financial institutions as of 2026. As a result, a number of key questions remain.
Why now?
Debates about centralising capacities to fight money laundering at the European level are at least as old and contentious as those around Europe’s economic and monetary union. When the euro was set to be introduced in the late-1990s, Germany in particular became one of the holdouts who staunchly opposed progress in the area of anti-money laundering, on the spurious grounds that it would force the German state to interfere with its independent judiciary. In reality, according to participants at the time, it seemed that policy-makers rather sought to protect an industry of legal and accounting professionals who benefitted greatly from lucrative financial activities that enabled money laundering (professionals which the Council of Europe’s Moneyval committee nowadays refers to as ‘gatekeepers’ and the US House of Representatives as ‘enablers’).
Why and how (and perhaps even whether) such long-standing opposition has finally been overcome is a pertinent question for future research. For now, we may take ‘comfort’ with the functionalist explanation that the sheer scale of the problem, and the failures to resolve it, have become plain for all to see: according to one recent report, 90% of the biggest European banks have been found culpable of money laundering activities in the past decade.
One root cause of the current malaise has been the patchy transposition and enforcement of previous anti-money laundering directives on behalf of EU member states and the leeway they were given by the European Commission, which has resulted in a fragmented regulatory landscape marked by a critical lack of coordination. The new authority will be expected to rectify some of these shortcomings.
What will it do?
The current legislative proposals suggest at least three main functions for the new authority: the harmonisation of supervisory practices in both the financial and non-financial sectors; the coordination of financial intelligence units (FIUs) and other institutions across member states; and, most importantly perhaps, the direct supervision of high-risk and cross-border financial entities.
However, the list of possible tasks and responsibilities appears to be growing by the year, now also encompassing the supervision of crypto assets and perhaps even the enforcement of economic sanctions related to the war in Ukraine. All of this raises immediate follow-up questions, including how AMLA’s relationships with existing national and international authorities will be structured, which risks it will prioritize, and, above all, how many and which entities it will directly supervise. Moreover, the exact set of functions that AMLA is ultimately expected to fulfil will (or at least should) influence the upcoming battles over finding an adequate home for the authority, which are about to kick off in earnest.
Where will it be based?
The most immediate question, perhaps, relates to AMLA’s location. Although the authority is slated to become established and open its doors over the course of the coming year, where exactly those doors will be still remains anyone’s guess. What does it take to host an EU regulatory agency?
If the epic battle over who would become the new host of EBA after Brexit (officially fought out between Brussels, Dublin, Frankfurt, Luxembourg, Paris, Prague, Vienna, and Warsaw at the time) is anything to go by, the brochure of the successful Paris bid suggests that it is all about making the location attractive and accessible to prospective staff (the same goes for Amsterdam’s successful bid to host the European Medicines Agency, trumping no fewer than 18 other offers from across the EU). The recently adopted Council position on concluding a headquarters agreement for AMLA is sparse, but it does highlight the need for ‘the best possible conditions to ensure the proper functioning of the Authority, including multilingual, European-oriented schooling and appropriate transport connections’.
At a more fundamental level, however, the allocation of agencies between member states is one of the major horse-trading exercises which characterise EU politics and which may or may not ultimately be decided by the actual qualities of the prospective host countries and cities. Organisational synergies and geographical distribution are among the key variables that will need to be reconciled. Here is a selection of the various potential hosts that have been floated together with some of the arguments that may speak for or against them:
Germany (Frankfurt)
One might deem it a supreme irony – given the aforementioned opposition to supranational anti-money laundering capacities and underwhelming track record in preventing money laundering – but Germany is one of the main contenders for hosting AMLA (and is said to have already made budget preparations to this end, in addition to announcing an own national authority). This is in large part due to the significant overlaps between anti-money laundering and financial supervision, the latter of which is currently under the auspices of the Single Supervisory Mechanism housed at the Frankfurt-based European Central Bank. Among others, a major money laundering scandal at the ECB-supervised Latvian bank ABLV in 2018, which was first flagged by FinCEN, put the central bank on the spot for its lack of information and powers in anti-money laundering.
Netherlands (The Hague)
Despite Amsterdam being the financial (and national) capital of the Netherlands, it is the administrative capital The Hague which hosts two key agencies that are already cooperating successfully with member states in the fight against money laundering, namely Europol and Eurojust, thus creating obvious potential for synergies. While the Netherlands’ largest bank ING has had its own major failings in the area of anti-money laundering, those have at least been dealt with at home by Dutch prosecutors, including a landmark probe into ING’s former CEO (and current UBS CEO) Ralph Hamers.
Italy (Rome/Milan/Palermo/Turin)
The names of various Italian cities have circulated in terms of applying to host the new authority. Italy is deemed to have made ‘good progress in establishing the legal, regulatory and operational framework’ for anti-money laundering and counter-terrorism financing, according the latest follow-up report by the G7-initiated Financial Action Task Force, owing in large part to the leadership of the Banca d’Italia’s Financial Intelligence Unit.
Austria/Estonia/Ireland/Latvia/Lithuania/Poland
Vienna, Tallinn, Dublin, Riga, Vilnius, and Warsaw have all been rumoured in recent months to be throwing their respective hats into the ring as well. Achieving some geographical balance in the overall distribution of agencies will surely feature in the upcoming discussions, as is common for the EU (see figure above for an overview).
In sum, we currently have far more questions than answers indeed. Consequently, more work by policy-makers – and closer observation by researchers and other stakeholders – on the details of the EU’s anti-money laundering agenda over the coming months and years will be needed if one is to make sure that the question of who is in charge of anti-money laundering in Europe can finally be answered with: ‘the EU’.
Article Credit: https://blogs.lse.ac.uk/europpblog/2022/09/22/more-questions-than-answers-the-eus-new-anti-money-laundering-authority/
EU Regulators, Money Laundering
Deutsche Bank in $26.3 million shareholder settlement over Epstein, Russian oligarch ties
Deutsche Bank AG agreed to pay $26.25 million to settle a U.S. shareholder lawsuit accusing the German bank of lax oversight while doing business with risky, ultra-rich clients like Jeffrey Epstein and Russian oligarchs.
The preliminary all-cash settlement filed on Friday in federal court in Manhattan requires approval by U.S. District Judge Jed Rakoff, who in June allowed the proposed class action to proceed.
Shareholders led by Yun Wang, who traded Deutsche Bank stock in 2018 and 2020, claimed that the bank had known its know-your-customer and anti-money laundering controls were ineffective, and that its share price fell as problems emerged.
Deutsche Bank denied wrongdoing in agreeing to settle. Chief Executive Christian Sewing and his predecessor John Cryan are also defendants, and also denied wrongdoing.
A bank spokesman declined to comment. Sewing has since taking over in 2018 tried to show investors that Deutsche Bank has addressed its internal controls shortfalls.
The lawsuit faulted Deutsche Bank’s work with Epstein, the late financier and sex offender, and with Danske Bank’s Estonia branch, which become embroiled in a money laundering scandal.
New York’s Department of Financial Services fined Deutsche Bank $150 million in July 2020 over its relationships with Epstein and Danske Estonia.
Shareholders also objected to Deutsche Bank’s taking on oligarchs like billionaire Roman Abramovich as clients, in what they called the bank’s “relentless pursuit of profits.”
Friday’s settlement covers Deutsche Bank investors in the United States from March 14, 2017 to Sept. 18, 2020.
Lawyers for the plaintiffs said the $26.25 million payout is 49.4% of the “likely recoverable” damages available, compared with a median 1.8% in settled securities class actions in 2021.
The lawyers may seek up to one-third of the settlement fund for legal fees.
The case is Karimi v Deutsche Bank AG et al, U.S. District Court, Southern District of New York, No. 22-02854.
Article Credit: https://uk.finance.yahoo.com/news/deutsche-bank-26-3-million-203844292.html
Money Laundering, PEP’s
AML efforts of European banks hampered by deficient on-boarding
The anti-money laundering efforts of European banks is being hamstrung by failures to manage key customer data and perform proper due diligence, regulators say
Banks’ failure to collect know-your-customer (KYC) data and their tendency to manage high-risk customer due diligence manually are hampering their anti-money laundering (AML) efforts, according to regulators in the United Kingdom. Further, many banks’ assessment of financial crime risk has also been found to be inadequate.
Some UK banks, are failing to collect customer information such as income and occupation details. In some cases, customer risk assessment frameworks are underdeveloped or non-existent, which translates into poor initial due diligence and weak enhanced due diligence for high-risk customers and politically exposed persons, UK regulators said.
Inadequate customer due diligence will make transaction monitoring systems less effective, the UK Financial Conduct Authority (FCA) noted in April.
“One of the problems is not being aware, habitually, of the actual risk they are managing,” says Gabriel Cozma, head of Lysis Financial and Fintech at the Lysis Group in the UK, adding that too often banks ignore the risk. “And once you don’t understand the risk, you cannot apply controls. How would you create scenarios and rules when you don’t really understand the risks you have to manage?”
Deficiencies highlighted
Business-wide risk assessments that the FCA reviewed were “generally poor”, with insufficient detail on the financial crime risks to which the business was exposed. The FCA observed a lack of consistency in customer risk assessment.
“We also see instances where there are significant discrepancies in how the rationale for specific risk-ratings are arrived at and recorded by firms. There is often a lack of documentation recording the key risks and the methodology in place to assess the aggregate inherent risk profile of individual customers,” the FCA said in 2021.
The FCA has had a particular focus on failures observed at UK retail banks and challenger banks. UK enforcement action against NatWest and HSBC, together with Credit Suisse’s 2022 guilty verdict in a Swiss court for laundering Bulgarian drug dealers’ cash, and Deutsche Bank’s continuing AML/KYC failures, are just a handful of examples which demonstrate that global systemically important banks are experiencing similar challenges in the battle against dirty money.
Spending billions
Big banks have reported that they spend billions on financial crime prevention and employ thousands of experts to run transaction-monitoring programs. NatWest Group, for example, has said it is investing about £1 billion on financial crime controls over the next five years and has more than 5,000 staff working in specialist financial crime roles.
NatWest has paid out £279 million in three UK fines for financial crime control failures since 2010. The bank’s latest set of interim results from August 2022, however, stated that Royal Bank of Scotland International was referred to the Isle of Man’s Financial Services Authority’s enforcement division after an inspection of AML/CFT controls and procedures relating to specific customers.
Indeed, banks’ continued reliance on spreadsheets and other manual processes means their approach to financial crime compliance and detection lacks coherence and consistency. “We often identify instances where CDD [customer due diligence] measures are not adequately performed or recorded. This includes seeking information on the purpose and intended nature of a customer relationship (where appropriate) and assessments of that information,” the FCA said in 2021.
Firms are unable to track clients effectively in a spreadsheet for AML and KYC purposes, and spreadsheets are not conducive to tracking changes in client behavior or bringing any consistency to continuing due diligence. Yet few banks have invested in workflow technology that could bring more consistency and assurance to client on-boarding, continuing due diligence and client management, particularly when it comes to high-risk clients.
Managing financial crime policies through spreadsheets and static documents such as PDFs posted on an intranet portal means policies and guidance are difficult to access or may not be current, which makes taking a consistent approach to financial crime risk assessment and client onboarding difficult.
“Of course, firms use some technology in places, but some of the challenges and what we’re seeing now is the risk of workflow type solutions that provide some level of consistency across the board,” says Henry Balani, head of industry and regulatory affairs at regtech firm Encompass Corporation in London.
Manual processes
When regulators mention manual processes, most of the time that means firms are using a spreadsheet to manage financial crime risk across a range of activities, such as onboarding or transaction monitoring. For example, the FCA’s 2017 final notice fining Deutsche Bank £163 million for the mirror trading-related control failures notes that the bank lacked automated AML systems for detecting suspicious trades.
“When it was informed by Deutsche Bank’s operations team that ‘providing a spreadsheet will not be possible as this is done manually by a team member and capturing so many records will be painful’, the AML team did not persist with its enquiries,” the FCA wrote in its 2017 enforcement notice.
Deutsche Bank says it has since “beefed up” resources to combat money laundering, spending 2 billion euros between 2019 and 2020 and employing 1,600 members of staff worldwide “to fight financial crime”. In April 2021, however, the German financial markets regulator BaFin ordered Deutsche Bank to further improve its AML safeguards and comply with due diligence obligations. And in May 2022, prosecutors, federal police, and other officials searched the bank’s Frankfurt headquarters to investigate suspicions of money laundering it had reported to the authorities.
Manual processes also come up in relation to sanctions screening, which the FCA has been assessing following the introduction of sanctions on Russian individuals and companies. The FCA has found “varying levels of adequacy”, and much of that hinges on whether firms are using manual or automated screening systems. “Issues we have identified tend to be around the effectiveness of firms’ customers’ sanction-screening processes,” explains Nikhil Rathi, the FCA’s chief executive, in a letter to the Treasury Select Committee on July 4.
The FCA had written to firms that use manual sanctions-screening tools to remind them to have “well-established and well-maintained systems and controls to counter the risk of their business being used to further financial crime, including evading sanctions,” Rathi said.