Over the last two years, perpetrators of money laundering have taken advantage of economic upheaval and technological developments to pursue increased opportunities for financial crime. Digital payments and blockchain technology, for example, have helped create avenues for criminals to launder funds at new levels. Meanwhile, the backdrop of the coronavirus (COVID-19) pandemic has played into their hands, allowing criminals to capitalize on sudden, widespread change and disruption. Our Salvatore LaScala shares trends and insights on the United States in the Anti Money Laundering 2021 In Depth Feature. Click here to download the full report.
To what extent is financial crime growing in frequency and complexity? How would you summarize recent trends in your country of focus?
A. The growth in digital payments and blockchain technology is creating new opportunities for criminals to launder funds at faster speeds and larger scales than they might have been able to previously. For example, through the use of convertible virtual currencies (CVC), criminals are becoming more sophisticated with respect to the techniques they are using to obscure the source of illicit funds, which includes the use of mixers, tumblers, decentralized exchanges and a web of unhosted CVC wallets. This growing trend has certainly received the attention and focus of the US government. In June 2021, the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) noted this concern in its Money Laundering and Countering the Financing of Terrorism National Priorities. FinCEN indicated that combating cybercrime-enabled CVC financial crime (e.g., ransomware) is a national priority, as it is a growing trend that has been used by some of the most prolific threat actors to advance their illegal activities and nuclear weapons ambitions.
Could you outline some of the key legal and regulatory developments in your country of focus affecting anti-money laundering (AML)? To what extent are companies operating under heightened scrutiny, and reacting accordingly?
A. The Anti-Money Laundering Act of 2020 (AMLA), signed into law on 1 January 2021, is intended to clarify and streamline certain AML and Bank Secrecy Act (BSA) obligations and establish new regulatory requirements to strengthen, modernize and improve compliance programs. The AMLA does not, however, materially change the current compliance obligations of covered financial institutions (FIs), except in limited circumstances – those “engaged in the exchange of value that substitutes for currency or funds” and antiquities dealers. Even businesses “engaged in the exchange of value that substitutes for currency or funds” and antiquities dealers, which are now covered FIs under the BSA, require the Treasury to promulgate implementing regulations before their BSA obligations are enforceable. There has also been legislation proposed in the wake of the Pandora Papers scandal: the Establishing New Authorities for Business Laundering and Enabling Risks to Security Act (ENABLERS Act). The ENABLERS Act could bring additional companies under increased regulatory scrutiny, as it would require the Treasury to promulgate requirements for financial middlemen. This will include, but is not limited to, investment advisers, art dealers, attorneys involved in financial activity, trust or company services providers, certified public accountants, and third-party payment services.
How would you describe AML monitoring and enforcement activity in your country of focus? What problems may arise for multinational companies as a result of the extraterritorial reach of certain laws, and greater collaboration between national agencies?
A. US sanctions use and enforcement has undoubtedly increased and has become a remedy more frequently utilized over the past 20 years. The pace of these changes can be challenging to FIs. As FIs expand their global reach, they must prepare for sanctions risks that may not have been as pronounced pursuant to a more US-centric business model. Moreover, US persons must comply with US sanctions laws regardless of where they are located, including in a foreign host country without such sanctions. Specifically, a US person cannot even process a transaction while outside the US that would be prohibited in the US. Therefore, we recommend that global FIs continually engage in an ongoing sanctions risk assessments, including personnel reviews, to mitigate their risk.
What steps should companies take to ensure adequate processes, programs and policies are in place to support AML?
A. However simple it may seem, an FIs’ first step toward ensuring adequate AML controls should be establishing a strong tone at the top by making AML and sanctions a corporate policy priority. Detailed policies and desktop procedures documenting sanctions alert dispositions, well documented systems and data lineage, and oversight, accountability and training must be priorities. Moreover, FIs need to undertake robust AML and sanctions risk assessments to identify areas that require the most attention and highlight the strengths and weaknesses of mitigating controls, and call attention to additional resources or technology investment, when needed.
In what ways can companies utilize technology to help manage risks arising from AML?
A. The sheer volume of transactional activity that FIs must monitor is simply mind-boggling. The explosion of digital payments, the increased sophistication of money laundering methods and networks, and enhanced regulatory scrutiny has further necessitated the need for advanced, automated solutions to identify illicit behavior. There is a wealth of opportunity for machine learning (ML), artificial intelligence (AI) and robotic process automation (RPA) initiatives, which can be applied in many different areas, including AML and sanctions. This technology is essential for FIs to elevate their transaction and compliance monitoring, and they must prioritize these opportunities.
What advice would you offer organizations on integrating technology into their processes to enhance the efficiency of their AML capabilities and allow them to detect unusual behavior and identify red flags?
A. For FIs, FinTechs and less traditional payments, businesses deciding whether to implement ML, AI and RPA should prioritize their needs based on risk and the strength of existing mitigating controls. They should also stay heavily involved in the business requirements process and development and testing of rules such that they remain responsive during the implementation process. This is even more important in the current digitalized payment environment because there are more limited use cases from which technology companies can draw experience. Regardless of your buy vs. build decision, documentation, transparency and strong information technology governance represent smart investments. Additionally, find a true subject matter expert to conduct before, during and after implementation validation services. FIs should be available to represent compliance’s concerns so that compliance resources do not fall behind on ‘business as usual’ tasks, which continue regardless of system implementations.
Be certain that you and your technology providers, especially with respect to AI and ML, are ready to articulate how the technology works in a highly transparent manner. You should be able to explain to regulators, examiners, internal audit and compliance assurance personnel why certain alerts were created and others were not, regardless of how sophisticated the process is. If the technology cannot be explained and is too much of a ‘black box’, explaining why you believe you have identified the most effective and efficient set of alerts could be impossible. Moreover, it may be difficult to explain why alerts that were generated prior to the new system and no longer activating were not compelling, even though you might have filed suspicious activity or suspicious transaction reports on them in the past. Sophisticated compliance-related technology tools will likely be better received if they are transparent and introduced in stages that might include transparent segmentation that makes existing rules more effective and efficient, supervised predictive ML that helps focus teams on the highest-risk activity, statistically valid back testing to assure interested parties that your assumptions are correct, and comprehensive suspicious transaction reports or suspicious activity report filings likely to assist law enforcement.
The good news is that AMLA has convinced regulators to be open to and to encourage ML in AML projects, though nascent ML applications will predictably be met with some apprehension about their effectiveness. From a big-picture perspective, financial institutions should embrace the massive upside potential that supervised models can provide by reducing false positives and highlighting that risk typologies that money launderers might have otherwise evaded have become alerted transactions.
Do you expect the risks posed by money laundering to increase in the months and years ahead? Do companies need to continually improve their systems in order to deal with current and emerging threats?
A. While it is difficult to say whether the risks will increase, financial crime schemes are constantly evolving. This makes the anti-financial crime effort a perpetual game of ‘whack-a-mole’. When one means of fraud or money laundering is locked down with good controls, criminals will test other FIs that have not implemented controls and ultimately find another weakness to exploit to take its place. As a result, controls should not remain stagnant, because criminals typically figure out how to get around them. Effective and transparent cutting-edge tools such as AI and ML are a way to stay ahead of the curve.
Special thanks to Gregory Schwarz for co-authoring this article.
However simple it may seem, a financial institution’s first step toward ensuring adequate AML controls should be establishing a strong tone at the top by making AML and Sanctions a corporate policy priority.
Salvatore LaScala, Partner & Head of Global Investigations and Compliance Practice