Cleaning up their acts
Written by Graham Buck
Have efforts to combat money laundering gone off the boil? The focus on liquidity risk and capital risk over the past few years has tended to move the headlines away from Anti-Money Laundering (AML) initiatives, while the attentions of UK companies have been distracted by the Bribery Act and its implications for business dealings.
The work of the Financial Action Task Force, an inter-governmental body that coordinates efforts to combat money laundering and terrorist financing, has also had some success in preventing the problem from escalating.
However, the recent unrest sweeping through the Middle East and North Africa has proved to be a revelation. Leaders of several nations and their families are shown to have sizeable amounts stashed away with UK and European institutions, despite the supposed tightening of money laundering controls. London has been described in the press as “a place for autocrats and oligarchs to deposit their cash and scrub up their images”.
Banks are also under increasing pressure to demonstrate that they have AML systems and controls in place, following hefty fines meted out over the past couple of years, says John Evans, director of financial crime solutions at Logica.
The heaviest was the $536m fine imposed on Credit Suisse in December 2009 by the US Office of Foreign Assets Control (OFAC). The group admitted to processing thousands of transactions involving sanctioned parties over a 20-year period; the majority of them involving Iran. Last August Barclays paid $298m to settle charges by the US Justice Department that it knowingly concealed and facilitated dollar transactions for more than 10 years with banks in countries subject to US sanctions, such as Burma.
“In both cases, the penalties were arrived at after lengthy negotiations,” comments Evans. “Originally they were in the region of $1bn, but the figure was reduced as both banks agreed to put AML measures in place.” OFAC indicated that the penalties are “the tip of the iceberg” and further prosecutions are in the pipeline, he adds.
Playing the part of ‘Mini Me’, the UK’s Financial Services Authority (FSA) also administered a financial slap on the wrist to an offending bank last summer, although RBS's penalty was ‘only’ £5.6m.
“RBS had AML systems in place but wasn't adequately screening customers and payments for potential money laundering and the financing of terrorist activities,” says Evans. Again, payment was reduced – from an initial £8m – as RBS opted to settle early on in the FSA’s investigation.
In many organisations, the culture was such that their people were rewarded for bringing in new business, and its quality and origin were a secondary consideration. Due diligence on new clients was done grudgingly to meet compliance; hence the problems some are now encountering in satisfying regulators on the quality of their customer information.
In the US, where Automated Clearing House (ACH) transactions involving foreign parties are routinely message scanned, banks already err on the side of caution and extend it to domestic payments also, says Evans.
He reports that feedback from the many major financial organisations that his group deals with suggests that more successful detection is achieved only by also incurring huge operational costs.
“Hundreds within their workforces are looking at real time payments and checking these against their watch lists, but this diverts their attentions from investigating suspicious activity.”
The stakes will be raised even higher in 2013. From January 1, the Foreign Account Tax Compliance Act (FATCA) will come into force. This legislation, which clamps down on tax avoidance by Americans, will have a major impact on most non-US banks and brokers that hold and trade US investments either for their own account or on behalf of their clients. They will be required to identify and capture much more in the way of client and withholding information, and to provide this to the US Internal Revenue Service (IRS).
“FATCA has certainly focused minds on the quality of their company's data and their ability to identify and retrieve specific information in order to comply with the regulations,” comments Peter Brooke, director of financial services at
Navigant Consulting. “European firms have protested, but there isn't a lot they can do. As FATCA is such a ‘big stick’ they will have to respond.”
A broad canvas
It’s not only increased regulatory scrutiny, but also a string of high-profile frauds and investor losses, most notably those caused by rogue financier Bernie Madoff, that has made AML a priority for financial institutions and insurers, says Reetu Khosla, director of financial crime solutions at Pegasystems.
As she notes, the general public identifies AML compliance as only pertaining to illicit activities such as drug trafficking, although it covers everything from securities fraud to suspicious money movement.
“The AML problem is something that is governed by the board at most financial institutions,” says Khosla. “The size and scope of the problem is such that AML compliance provides a huge financial burden on the financial institution; it’s an absolute cost centre and the risk is so high for non-compliance.”
Now that the worst of the turbulence that swept through the sector during the credit crunch and its aftermath has abated, AML strategy has moved back up the agenda.
“Financial institutions are trying to identify how they can build efficiency while significantly improving internal controls in their AML programs on a global scale,” she reports. According to insurer Chartis, the financial crime software market is currently showing a compound annual growth rate of 11.5 per cent, taking its value from $460m in 2009 to $712m by 2013. A major driver is new expenditure on AML software in Asia Pacific, the Middle East, Eastern Europe and Africa.
Chartis also predicts a ‘second wave’ of expenditure from firms already engaged in AML risk management as they seek to either replace or improve existing systems. And there is considerable scope for growth, suggests Jeroen Dekker, product manager – risk and compliance at Fiserv. “The major banks generally have AML systems in place and, having been through the initial implementation and got them up and running, are now focusing on making them more efficient and effective.
“Yet some regions are only in the early stages of AML initiatives, while many smaller banks are still reliant on spreadsheets.”
Specific growth areas identified by Chartis are credit and debit card fraud and insurance fraud technology solutions, as well as integrated financial crime risk management systems.
And the target is constantly moving, adds Evans. “Insurers are now putting in the same methods as banks did a few years ago as money laundering becomes more of a problem for them. So they are buying solutions that detect suspicious activity.”
CIOs step up
The market offers a range of solutions, including cover for a specific type of AML; fraud detection; various Know Your Customer (KYC) capabilities; screening for sanctions and Politically Exposed Persons (PEPs) and/or a level of case management.
There is also the well-established World-Check, a web-based risk screening service that is widely used by financial institutions for checking on the individuals that they deal with.
However, there is no ‘silver bullet’, warns Khosla. There is also a tendency for AML products to respond to developments in money laundering techniques, but to remain ‘one step behind’ as criminals’ methods become increasingly sophisticated.
As a result, many larger organisations are moving towards applying rules-based business process management (BPM) and financial crime case management technology. These can be wrapped around existing systems to improve efficiency and control; for example case processing to identify relationships between apparently unrelated events and adapting to meet new requirements as risks change.
Systems are only as good as the data input to them and are not good where judgement and sense are required, adds Navigant Consulting’s Brooke. “That is why many firms are looking to remediate KYC data on tens of thousands of accounts. Large scale remediation will require sophisticated case management systems.”
Another noticeable change is in the role of the company’s chief information officer (CIO). His or her role within a financial service company has extended and has become more comprehensive, suggests Mark Dunleavy, financial services specialist at Informatica. This is in part due to regulation such as Basel II, the Markets in Financial Instruments Directive (MiFID) and the US Patriot Act, which are all well-founded and carry the best intentions. Yet at the same time, their scope is limited and more focused on specific departments rather than being comprehensive or holistic.
“This has already been realised by many organisations, as their CIOs have been pointing it out now for several years and their message is finally getting across. There is now recognition of the need to break out of data silos, utilising master data management to get a single view of both customer and risk,” he concludes.