5 AML Risk Lessons from 2018’s Major Financial Crime Scandals

We take a look at where compliance departments should focus their energy in the year ahead.

Financial services institutions have three main concerns for the year ahead: the costs of compliance, potential reputational damage and regulatory fines.

Rapidly changing Know Your Customer (KYC) regulations, from the Fifth Money Laundering Directive (5MLD) to FinCEN’s CDD Final Rule, have placed more stringent requirements on global banks. Meanwhile, associated data choices – from external content sources, open source research and customer data – seem endless.

Banks have tried to address the issue by hiring more people to meet their CDD/KYC obligations, but the due diligence required to keep up is outpacing the teams hired to tackle it. Further, it takes banks longer than ever to onboard new clients. Lengthening time frames present competitive challenges, lost opportunities, poor customer experience and a slower path to value.  

As we look ahead to 2019, we see few signs of this dramatically changing. Regulators will continue to strengthen AML regulations and step up enforcements globally this year, but financial institutions can get ahead of their risks. From tackling UBOs to effectively managing high-risk accounts, we offer five key takeaways from 2018’s most significant money laundering cases alongside crucial areas for compliance teams to focus on in 2019.

Five Steps for Addressing AML Risk Factors in 2019

1. Develop a clear understanding of the ultimate beneficial owners of an organization

In a blockbuster case of 2018, ING Bank was fined $900 million for AML reporting failures. The Dutch bank failed to properly vet the ultimate beneficial owners (UBOs) of client accounts, with the lapse enabling illegal activity to take place for years.

Though there are further compliance issues within ING, the main takeaway from this case is that UBOs remain a significant source of money laundering risk. The Panama and Paradise Paper leaks revealed just how easy it is for individuals to hide behind legal entity structures, and the problem is ongoing. To curtail illegal transactions and stay on the right side of regulation in 2019, financial institutions will need better insight into their customers, and the risks they introduce.

2019 Focus: Get ready for 5MLD and strengthen your UBO identification process

2019 will be a crucial time for financial institutions to update and enhance their UBO identification process. The FinCEN CDD Rule, which came into effect in May 2018, has already set financial institutions on the path toward stronger beneficial ownership checks.

Financial institutions will also need to prepare for the imminent arrival of the 5th Money Laundering Directive (5MLD), which makes a number of important changes to the AML regime in the EU. due to be implemented in January 2020.

One of the key changes is the opening up of beneficial ownership registers. Complex business structures are one reason why money laundering connected to UBOs often goes undetected. Greater transparency will make it far easier for financial institutions to manage risk and catch potential problems from the start.

The progression from 4MLD to 5MLD makes it clear that regulators have their sights set on the money laundering risks surrounding UBOs. However, the identification of UBOs is a complicated process, especially as many analysts complete checks manually. Financial institutions will benefit from technology solutions that enhance the onboarding process, providing access to all necessary data sources and automating the collection of data on UBOs to thoroughly vet beneficial owners.

2. Create a strategy for monitoring high-risk accounts

At the close of 2018, UBS Financial Services Inc was fined $15 million for failing to structure their AML programs to identify and monitor suspicious high-risk client transactions. These clients were predominantly residents of countries that have weak money laundering systems, such as Panama, Mexico and Venezuela.

At one UBS branch, there were over 6,000 client accounts relating to non-resident aliens (NRAs) with over $9 billion running through them. Despite the volume and elevated AML risk, UBS’ detection systems were found to be too narrow, with potentially suspicious activity not generating alerts.

The lesson here is that banks need to prioritize updating their processes to monitor for AML risk beyond initial onboarding.

2019 Focus: Establish risk-based procedures for conducting enhanced due diligence

Moving into 2019, financial institutions will need to make sure that transaction monitoring is proportionate to the risk associated with each account.

As outlined in FinCEN’s CDD rule, financial institutions must conduct ongoing monitoring for reporting suspicious transactions and, on a risk adjusted basis, maintain and update customer information.

5MLD targets high-risk countries specifically, requiring financial institutions to conduct enhanced due diligence to address elevated levels of money laundering risk, particularly from countries with weak controls. To prepare, financial institutions will needs to review their existing risk rankings and update them to align with emerging requirements.

3. Establish board-level oversight and a standard AML program

A review of 2018 has to include the biggest case of the year — Danske Bank. It’s estimated that, until the whistle was blown in 2013, over $220 billion was laundered through the Estonian branch of the Danish bank over a nine year period.

Several factors elevated Danske Bank’s money laundering risk, which tie into the trends we’ve outlined so far. First, 50% of accounts were opened by non-residents, many who lived in high risk locations. Despite the material risk, this concern was not called out or reflected in their AML procedures. Second, Danske Bank’s KYC protocols were inadequate to identify UBOs and assess connected risk. Finally, Danske bank failed to assign proper risk levels to ensure monitoring of high-risk transactions.

There’s still a lot to unravel from this jaw-dropping case, but there’s one clear message for all global financial institutions — the tone on risk and compliance must be set from the top.

Board-level support naturally leads to stronger compliance programs — ones that are sufficiently resourced and prioritized across the organization. A standard AML strategy must be rolled out organization-wide, with no exceptions. Had this been the case at Danske, the chances of a significant money laundering scandal occuring at a branch office would have been significantly reduced.

2019 Focus: Continue to build collaboration with the C-Suite

The C-Suite is paying more attention than ever to the issue of risk management and compliance. Compliance risk poses a significant threat to an organization’s reputation and often to the reputation of individual executives. Add in large regulatory fines and personal penalties, and it’s no surprise that compliance has been pushed to the top of the corporate agenda. Compliance departments that maintain strong lines of communication at the board level are able to regularly report on areas of concern and gather resources to respond before an issue gets out of hand.

4. Make the most of your budget by adopting innovative technology and automation solutions

US Bancorp was fined $600 million in February for failing to protect against money laundering. According to the Office of the Comptroller of the Currency (OCC), the bank failed to assess customers correctly and had an under-resourced compliance team, resulting in suspicious transactions not being reported correctly.

Compliance costs directly impact profitability, and many teams find themselves managing budgets that are being squeezed even as compliance needs heighten. Using innovative technology solutions releases compliance staff from the large volume of manual work involved in managing AML risk and allows them to be more strategically focused. Automation solutions, for example, ensure higher degrees of accuracy, improve efficient. and screen all entities more effectively.

2019 Focus: Embrace innovation and new opportunities for information and resource sharing

In December 2018, FinCEN released a statement encouraging banks to begin evaluating innovative solutions to combat money laundering, including artificial intelligence and digital identity technologies. Emerging solutions facilitate everything from transaction monitoring to robust onboarding processes, significantly reducing AML risk to meet regulators’ demands. Notably, FinCEN reassures financial institutions they won’t be penalized for weaknesses in existing procedures revealed by pilot programs, as long as existing programs aren’t deemed deficient.

Also of note, in October, an interagency statement was released relating to the sharing of resources to manage Bank Secrecy Act (BSA) compliance. For firms who are working with limited budgets, resource sharing opens up the possibility of collaboration with other banks with a joint purpose. There are significant opportunities for increased efficiencies in relation to cost and time without compromising on the ultimate goal of reducing money laundering risk.  

5. Focus on maintaining sanctions compliance

The last of our five lessons relates to the $5.3 million fine imposed on J.P. Morgan for violating Cuba and Iran sanctions, among others. J.P. Morgan self-disclosed the violations, and has since updated their compliance programs to address future risk. Other financial institutions should take note and evaluate their own risk. With sanctions connected to high-risk countries, those pegged for stronger monitoring under 5MLD, financial institutions will have to adapt to stay compliant.

2019 Focus: Adopt solutions that keep pace with the complex sanctions regime

People and organizations move on and off sanctions lists constantly. The shifting landscape makes it difficult for compliance teams to keep up, even at the largest banks. Financial institutions will need to update their capabilities to reduce their AML risk, including with solutions that can continually review sanctions list to keep tabs on high-risk transactions and accounts.

At Opus, our mission is free your business from the complexities of managing AML risk. Get in touch with our team to learn how we can help you address AML risk factors in 2019 and beyond.

Kelvin Dickenson
Follow Kelvin on Twitter, @kelvindickenson