Financial crime, including money laundering, continues to plague the global economy, despite increased efforts by companies, regulators and financial institutions (FIs) to turn the tide.
Of course, over the last 12 months or so, the COVID-19 crisis has not helped. The impact of the pandemic has increased threat vectors – especially for FIs, by altering ‘normal’ red flags and complicating customer on-boarding and identification processes.
As regulatory changes, new guidance and enforcement actions continue to mount, it is vital that organizations remain compliant and up to date with AML regulations. Financier Worldwide canvassed the opinions of leading professionals around the world on the latest trends in anti-money laundering. Our Salvatore LaScala, Partner and Global Investigations and Compliance Practice lead shares trends and insights on the United States in the Anti Money Laundering 2021 In Depth Feature.
Could you provide an insight into recent trends shaping financial crime in your country of focus? How great a risk does financial crime, such as money laundering, now pose to companies?
Financial crimes, including money laundering and fraud, continue to pose a threat to financial institutions (FIs) across the US. 2020 was an unparalleled year for regulators, financial institutions and their customers. As of Q1 2020, the COVID-19 pandemic had caused shifts in the timing of regulatory examinations and the nature of regulatory guidance in the US and across the globe. Furthermore, FIs changed the way employees worked and had to swiftly put business continuity plans and other controls into action to protect data.
The US saw only a brief pause in regulatory examinations during the early months of the pandemic and soon saw a return to normalcy as regulatory reviews and enforcement action teams adapted to working more remotely. In Q2 2020, the Federal Financial Institutions Examination Council (FFIEC) provided updated guidance to their Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) Examination Manual and in Q3 2020 the International Consortium of Investigative Journalists (ICIJ) Financial Crimes Enforcement Network (FinCEN) Files leak piqued the interest of the financial sector and federal bodies, shedding light on suspicious activity reports filed historically. In addition, the US has created partnerships with countries in the European Union (EU) on the provision of technical assistances in AML, counterterrorism and proliferation. These types of partnerships exemplify the common phrase ‘international better practice’.
In your experience, what are the main types of financial crime that organizations are encountering? What are the typical sources of such risks?
There will always be bad actors leveraging illicit practices, particularly in times of need. Money laundering, human trafficking, elder abuse and sanctions exposure continue to be the main sources of risk for FIs. Moreover, all industries have seen increased incidences of fraud as a result of the changes in commerce and how we transact due to the pandemic. As a result, typical ‘red flags’ might look different and FIs will need to adjust transaction monitoring accordingly. For example, FI customers that typically transacted face-to-face now transact remotely and other processes, such as onboarding and identification processes are more vulnerable to identity theft and various online fraud typologies. This challenge relates to both banking and nonbanking institutions and payment processers who are also seeing significant increases in transactions and online merchant activity.
What legal and regulatory initiatives are set to have a significant bearing on this issue in your country of focus? How would you describe the nature and extent of the demands being placed on companies to help reduce financial crime?
The ICIJ FinCEN Files have been an area of discussion in the US and worldwide. On 20 September 2020, the ICIJ FinCEN Files exposed previously filed suspicious activity reports (SARs) between 2000 and 2017. For many, this turn of events highlighted a need for discussion between regulatory bodies and the financial sector. On 16 September 2020, FinCEN announced solicitation of enhancing the effectiveness of AML programs, welcoming questions and feedback “to potential regulatory amendments under the Bank Secrecy Act ”. Although institutions’ involvement in reducing financial crime is ongoing, this suggests that the nature and extent of the demands being placed on companies is open for discussion. Moreover, cryptocurrencies and other alternative currencies continue to be a focus for US enforcement officials. The Financial Action Task Force (FATF) recently published guidelines for virtual currencies, however the US is still catching up. In 2020, there were a number of enforcement actions against large FIs, law firms and individuals convicted of compliance failures and laundering through cryptocurrency exchanges.
How important has technology become in the fight against financial crime? How are innovative AML solutions being used to enhance systems and processes?
As financial crimes become more complex and increase in scale, it is evident that technological solutions are here to stay. Artificial intelligence and Machine Learning (AI/ML) and robotic processing automation (RPA) technology have become exceedingly attractive in many institution’s fight against financial crimes and evaluating solutions to enhance BSA, AML and sanctions oversight. AI/ML helps financial institutions and bring to light key pockets of risk and vulnerabilities that were otherwise difficult to identify or emerging and therefore potentially redirect their attention to areas of risk they did not previously have the ability to focus on “RPA” or robotic process automation allows institutions to more efficiently disposition alerts with the benefit of affording financial crimes specialists more time evaluating fraud and AML typologies than preparing investigative exhibits. Additionally, the use of blockchain analysis and crypto-tracing tools have been recent developments to assist with completing due diligence and enhancing transaction monitoring to trace the movement of virtual currency. It should be noted that technological enhancements may not be vital for an institution, depending on the size of the institution’s compliance program or risk exposure.
In the wake of enforcement action, do companies need to proactively review and revise their practices?
Institutions must be proactive in reviewing and refreshing their compliance programs. FIs should keep abreast of new enforcement actions, regulatory news and changes. Senior management, including the board of directors and compliance staff, should hold regular discussions regarding inefficiencies in the programs or controls that are not working as anticipated. Ongoing training is vital in keeping up with the everchanging AML and sanctions landscape, particularly for the board of directors to nurture a culture of compliance throughout the organization. This is especially relevant with respect to blockchain technology and crypto-related sanctions evasion typologies. Historically, the majority of regulatory fines issued in the US have been sanctions-related. In 2020, we saw examples of enforcement actions put into place for the first time, specifically with respect to broker-dealers and institutions offering convertible virtual currency services. Last year marked the first time in history that the Commodity Futures Trading Commission brought an action under 17 CFR § 42.2. Additionally, FinCEN announced the first-ever Bitcoin penalty in violation of AML laws.
Once a company suspects or confirms it has fallen victim to financial crime, what initial action should it take?
Once a financial institution determines that it has fallen victim to a financial crime, the business, legal and compliance staff should immediately work with other employees to document the facts, convene the relevant committee of the Board of Directors and notify the appropriate regulatory and/or low enforcement agencies. Whether it is fraud, money laundering or a sanctions-related violation, the financial institution should undertake a root cause analysis and identify the weakness or absence of controls, including overall governance structure, that permitted the wrongful activity to occur. A renewed look at the risk assessment and a compliance program gap analysis should also be undertaken to determine the precise program control and process weaknesses. Such analyses might include a skills assessment of staff and an accountability and oversight investigation, if warranted. .
Many institutions have integrated the approach to fighting financial crime by consolidating fraud, AML and other criminal investigations to ensure that each discipline shares knowledge seamlessly and to consolidate similar governance and control structures. As noted by the FFIEC in the recently updated 15 April 2020, examination manual, “Banks have flexibility in the design of the BSA/AML compliance programs, which will vary based on the bank’s risk profile, size or complexity, and organizational structure. Minor weaknesses, deficiencies, and technical violations alone are not indicative of an inadequate program”.
What essential advice would you offer to companies looking to improve the way they manage financial crime risk? How much of a challenge is it to tailor new innovations to a company’s operational realities?
It is important for institutions to stay well informed with respect to regulatory changes, particularly when regulatory change is imminent. Institutions should also prioritize critical matters and reassess those priorities throughout the year and revisit their risk assessments and risk tolerances to ascertain whether they are measuring financial crime risk and the counterbalancing effect of financial risk controls effectively.
Special thanks to Katia Bonsignore for contributing to this article.