As money laundering is typically secretive, it can be difficult to estimate just how much is laundered each year, though the UNODC suggests that it’s around 0.8 to 2 trillion US dollars; an eye-watering amount. This has been fuelled even more so by the impact of the pandemic, meaning there is a growing need for anti-money laundering (AML) and know your customer (KYC) defences as financial crime levels rise.
It's no surprise then, that fighting financial crime costs global institutions a staggering amount of money - with more than $213 billion US dollars spent on financial crime compliance in 2020. Moreover, a recent study reports that mid-to-large financial institutions in the highest spending EMEA markets typically fork out $45-48 million US dollars on anti-money laundering compliance - a double-digit percentage increase on 2019 levels.
Despite this high spending, more than 99% of money laundering proceeds remain in the hands of criminal gangs. It's not just the massive amounts of money that go unseized that’s troubling, but how it emboldens these criminals involved in terrorism, drug trafficking, human exploitation, arms trafficking, fraud, tax evasion and a host of other illegal activities.
A lack of informed data often causes financial institutions (FIs) to try and mitigate these risks by exiting markets where these risks are perceived to be higher. Therefore the current anti-money laundering system can restrict operational efficiency and revenue growth for banks due to a lack of standardisation and over-reliance on risk-based methods such as de-risking - therefore failing FIs and the markets they operate in.
From compliance programmes all the way up to regulation - why isn't the current system working? Here are 5 reasons:
1. Current AML programmes focus more on technical compliance than effectiveness
An important problem with current AML programmes, Wolfsberg emphasises in its Statement on Effectiveness, is that national supervisors focus solely on technical compliance, not necessarily on the effectiveness of anti-money laundering measures. In trying to optimise on technical compliance and legal policy implementation through increased spending, FIs are not allocating enough of these resources into trying to prevent crime or locating the origin of it.
To encourage more firms to detect and deter illicit activity, the Wolfsberg Group points to the Financial Action Task Force’s guidance on effective outcomes, encouraging all jurisdictions to promote AML/CTF programmes that:
- comply with all AML/CTF laws and regulations;
- provide useful information to relevant government agencies in defined priority areas;
- establish a reasonable and risk-based set of controls to mitigate the risks of an institution being used to facilitate illicit activity.
In spite of the importance of this guidance, the results of these measures might differ depending on whether an institution uses ‘confiscated assets’ or ‘seized assets’ as its bar, as well as the illicit markets they focus on, leaving it difficult to make meaningful comparisons between firms.
2. There is a lack of standardised regulation across the industry and markets
In line with a risk-based approach to financial crime, regulators and the global financial services industry are calling for improved anti-money laundering measures. Whilst this call for action has created more regulation for FIs to try to implement, much of it is ambiguous and open to the interpretation of the institutions themselves.
For example, a risk-based approach to financial crime management was established by the Financial Action Task Force (FATF) in its guidance note from 2014. They state that “a risk-based approach means that countries, competent authorities, and banks identify, assess, and understand the money laundering and terrorist financing risk to which they are exposed, and take the appropriate mitigation measures in accordance with the level of risk.” They also address what banks, countries, and competent authorities should do to mitigate money laundering and terrorist financing. According to this FATF guidance, organisations should decide where to focus their efforts, and they are encouraged to take stronger measures in high-risk situations and simpler ones in low-risk situations; this approach is also intended to prevent institutions from hastily de-risking in a way that could impair the functioning of markets.
Similarly, the Office of Terrorism and Financial Intelligence and the Financial Crimes Enforcement Network (FinCEN) released a joint statement in 2019, outlining common practices for assessing the money laundering and terrorist financing risk profle of institutions. Building on the FATF principles, the statement outlined how both bodies had been able to allocate more resources to higher-risk areas, and fewer to lower-risk areas when conducting their examinations, although the statement fell short of establishing new requirements.
Although providing guidance in these cases is laudable, this kind of regulation still allows a wide variety of processes to be implemented. As far as measuring and defining financial crime risks across countries, product lines, and customer types, there are no set guidelines. Institutions determine their own risk appetite, establish mitigating controls, and allocate resources for risk management based on their own internal policies. As a result, a lack of industry standards may lead to FIs taking limited action or taking wildly different actions in response to financial risk.
3. An over reliance on the risk-based approach to financial crime leads to operational setbacks
Compliance and management are largely risk-based. That means policy and resources are prioritised based on the highest levels of security and transactional risk. This is why the process is flawed:
Risk-based calculations still rely largely on manual processes, despite improvements in other areas of risk management. Traditional AML compliance operations gather, queue, and review unusual or suspicious transactions individually before approving or declining them. In the modern world, payments have become faster due to technology adoption and online banking, and compliance teams are under increasing pressure to process payments more quickly.
Moreover, since correspondent banks cannot make compromises in this area, meeting both customers' expectations and AML compliance obligations can be more challenging to strike a balance between.
Many processes are conducted annually, taking up to six months to complete, by which time they may be outdated. It’s also been some time since the existing AML framework has been able to keep up with the demands of international payments. As payment systems meet the ever-intensifying needs of consumers, businesses, and FIs, this trend has intensified, increasing volume, velocity, and variety of transactions.
Due to a lack of data involved in decisions to enter different markets or work with different customers, some of these processes can't provide objective insights - preventing opportunities from being evaluated fairly and limiting institutions' ability to spot new areas for growth.
4. Lack of data can make it hard to evaluate counterparty risk effectively, causing large threats to go unnoticed
Correspondent banks play a crucial role in cross-border payments by allowing banks to process international transactions without having to maintain physical presences in all the jurisdictions where they do business. The payments are instead facilitated through the provision of banking services by one bank (the correspondent bank) to another (the respondent bank).
Correspondent banks are typically the largest, most active international banks that provide services to customers with more complex needs, including foreign exchange and cross-border payments and wire transfers. Correspondent banking is perceived by the market to be a much greater risk when it comes to financial crime, since correspondents are not acting on behalf of their own customers.
The key problem for correspondent banks is that they need to be able to show that their respondent bank customers have adequate financial crime controls in place and this is difficult without appropriate reporting metrics, tools and analytics readily at their disposal. Despite the Wolfsberg Group guidance on managing correspondent banking activity risk and its industry standard questionnaire for due diligence processes, access to the full level of detail required to evaluate correspondent banking risk comprehensively remains a challenge. The failure of several recent efforts to identify high risk scenarios has demonstrated this.
For example, several banks in Danske Bank's network, including Deutsche Bank, reduced correspondent banking exposure after a $200 billion money laundering scandal at Danske Bank. In both cases, institutions were found to have treated financial crime risk as an operational and regulatory issue rather than a governance one. This limited stance left a dangerous lack of clarity at the highest levels of authority, blurring the lines between risk factors and ultimately contributing to a failure of internal controls.
5. A wave of de-risking closes doors for regional markets
As a result of these multiple failures to detect counterparty risk at scale, several financial institutions have pulled out of certain markets.This has triggered a wave of de-risking - precisely the kind that the FATF had hoped to avert, washing across the global financial services landscape and sweeping away a number of important correspondent banks. For example, there has been a 22% drop in active correspondent banks between 2011 and 2019, and a similar concentration of activity amongst fewer entities.
In both the local and wider economies, the loss of so much correspondent banking activity has had negative consequences on mid-tier and regional players, who have had to deal with the loss of revenue, since they rely on correspondent banking relationships to serve more complex and profitable international customers. In their place, large players with established global reach have hoovered up demand; reducing competition and choice for customers, as well as the overall level of correspondent banking service revenue in the system.
De-risking has also led to financial crime risks shifting to the fringes of the industry, where high standards and controls might otherwise be lacking. For example, a range of non-bank financial institutions (NBFIs) and other informal non-banking channels have gained in popularity. In some cases, less stringent reporting or fully opaque business practices can effectively make AML and counter-terrorist financing impossible to monitor, leading to greater problems down the road. Non-governmental organisations (NGOs) and humanitarian organisations in countries like Bangladesh and Mexico have also reported a negative impact on financial inclusion and access to funds.
So how can we improve the AML system?
Many FIs lack adequate systems to assess whether their compliance systems are achieving desired outcomes, or even to define what those outcomes are.
In order for the system to work, institutions need to have a single source of truth to benchmark against. A transparent, objective monitor is needed that provides standardised criteria, increases trust between corresponding banks and counterparties, and prevents unnecessary de-risking that could lead to market instability - all while remaining efficient.
In-step Elucidate’s FinCrime Index (EFI); a benchmark that leverages data-analysis and machine learning to score and price risk, providing a comprehensive view of a bank’s own risk, as well as that of its counterparties.
The EFI generates nine scores based on high quality data across a range of risk themes, enabling an objective and nuanced view of crime exposure, and ensuring accurate and fair evaluations can be made, along with relevant comparisons between institutions.
In accordance with the results of this index, FIs do not necessarily need to de-risk, as they can identify areas of risk and allocate resources accordingly when operating in high growth or distressed regions. To learn more about this solution, book a demo today with one of our team.