Despite the consistent efforts adopted by banks to fight money laundering and financial crime, fines for AML breaches have hit an all-time high. In 2022, financial institutions were fined a grand total of $4.17 billion (€3.95 billion) worldwide, with around $55 billion (€52 billion) raised overall since the global financial crisis. As compliance departments continue to face regulatory and internal challenges, it is projected that fines will continue to grow in the coming years.
On the 20th of September 2020, the world of financial institutions was swept in a storm by the Financial Crime Enforcement Network (FinCEN) Files – a leak of 200.000 suspicious activity reports from banks across the globe that shed light on the ease with which such banks aided criminals in laundering money. The financial institutions involved included some of the biggest names in the world of finance such as Deutsche Bank, Bank of New York Mellon, Commerzbank, and Bank of China amongst others.
The facility with which criminals can launder their ill proceeds has been well known for several years. According to U.N. estimates, between $800 billion to $2 trillion are laundered every year with a rate of confiscation from authorities amounting to only 0.2% of the total. This means that 99.8% of all money laundering goes undetected.
Yet, the financial institutions involved in FinCEN Files all have adequately staffed compliance departments with AML analysts, state-of-the-art transaction monitoring software, and certified compliance officers. With 30 years of efforts to thwart money laundering, and an average of $20 billion spent yearly by banks on compliance programs just in the EU, why do most AML programs fail?
How does a compliance culture impact the success of AML programs?
One of the biggest short fallings of AML programs is the lack of a strong compliance culture within the financial institution, particularly within management. A compliance culture can be defined as the norms and values that a financial institution adheres to that are embedded in the everyday work that the employees carry out.
A strong culture of compliance must begin from the top and spread its way down to the lower echelons of the institution until it reaches every staff member. This is known as tone at the top, meaning that a company’s principles and ethical standards must be championed and propagated by leadership first.
Often this is not the case. Senior managers or board directors may not have the appropriate knowledge of compliance and AML, don’t know the financial crime risks related to their institution’s business model, products and services, and are unaware of the problems related to their AML programs, let alone how to spot them. Management will often focus on compliance and AML to avoid being fined from regulators without really grasping the importance of such programs in the fight against criminal activity.
Certain managers may also deliberately turn a blind eye towards suspicious behaviour and transactions in the name of business and high gains, in so far as to treat money laundering fines directed towards their financial institutions as trivial. During the FinCEN Files analysis, the International Consortium of Investigative Journalists (ICIJ) discovered that four major banks – JPMorgan Chase, HSBC, Standard Chartered Bank, and Bank of New York Mellon – kept on doing business with dangerous clients after having been subjected to AML fines.
How does training affect the failure of AML programs?
Training all personnel of a financial institution in the importance and detection of money laundering and financial crime is an important step in disrupting criminal activity. While a strong compliance culture sets the tone for the ethical standards that a bank wants to pursue, training gives the practical tools and skills needed to carry out such standards.
There’s often a lack of awareness from staff members, particularly the first line of defence, in knowing how to spot suspicious behaviour and understanding the importance of AML and KYC. This misunderstanding frequently creates resistance towards the compliance department whose investigations and vigilance are viewed as a roadblock towards growing business relationships.
Proper training towards all employees should focus on the importance of AML and compliance, the social and internal consequences of non-compliance, relevant policies & procedures, money laundering techniques (often missing from training), and the steps to take once the suspicious behaviour is spotted. Training when and how to properly draft an STR is also important as it eliminates the problem of reporting everything that is somewhat suspicious which floods FIUs with false positives.
Criminal organizations and terrorist groups hire professional money launderers tasked with subverting AML detection mechanisms. They possess detailed knowledge of compliance and anti-money laundering instruments, and legal manoeuvres including what red flags could raise suspicions. There’s no reason why a bank’s employee shouldn’t as well.
Why is data a major factor in the failure of AML programs?
A major issue with a lot of financial institutions is their inadequate and confused way to handle client data. Information on clients found in internal systems is often incomplete and outdated or hard-to-find and improperly archived in physical and electronic files and dossiers.
Data is often held across disparate digital systems that don’t speak to one another and is a major problem for financial institutions that want to update their system capacities with extra data analysis features. At times client data is not yet fully digitized but still exist in a hardcopy format, making it harder to extract the information in an efficient and quick manner.
Remediating such complications can be costly in terms of effort, money, and time. However, incomplete or inconsistent data can result in improper KYC, loss of important information on the client, fragmentary transaction monitoring, and partial vigilance – all factors that aid criminal activities.
How are transaction monitoring systems responsible for AML failures?
An inadequate transaction monitoring system may hurt a financial institution more than improve its detection of suspicious behaviours.In September of 2020, the Australian bank Westpac was fined a staggering 1.3 billion Australian dollars for its failure to implement a proper transaction monitoring system and an effective customer due diligence program.
Despite the billions of dollars that have been invested in industries that developed such software, it is estimated that these monitoring systems generate roughly 95% of false positives. The garbage alerts generated by the systems are a heavy extra cost to financial institutions both in terms of money to fine-tune the software and in terms of time as hours of investigations are gone to waste.
The failure to fine-tune and improve the efficiency of detection of transaction monitoring systems result in missing a large portion of suspicious transactions. Solutions have already been put forth with the use of artificial intelligence and machine-learning. Next generation software that utilizes AI to scan transactions and flag suspicious ones are already being developed. However, for the time being most financial institutions are disinterested in investing in such solutions for budget reasons.
How can AI & RPA help?
Artificial Intelligence (AI) and Robotic Process Automation (RPA) can analyse a vast number of transactions and spot suspicious behaviour more precisely than a human being. This can free AML and compliance analysts’ time which they can dedicate to more meaningful endeavours such as investigations. However, human interaction is still important to identify new and emerging threats and to fine-tune the software to detect such risks.
What can we conclude from past AML failures?
AML failure can be regarded as a decision – a willingness to not comprehend AML and its importance, to not improve and correct AML programs, and to not obtain the proper instruments needed to carry out the job. Most financial institutions have the tools to implement an effective AML program but choose not to in the name of business or due to ineptitude.
AML practices should not be performed because the regulator said so and because the non-compliance with regulations would result in hefty fines. Instead, there should be an understanding that the efforts to thwart and disrupt criminal activity are a moral obligation to safeguard the economy and society from corruption, human trafficking, drug trafficking, environmental crimes, terrorism, and other offenses that damage our communities.
Managers and board directors need to be culpable for their blind and willing actions towards facilitating money launderers for the sake of gains. The notion of “too big for jail” for banks and bankers must end by means of severe punishments that go beyond fines and promises of reforms. Penalties must include jail time and other serious legal actions.
The success of an AML program depends on the entire financial institution sharing the same values and mission in fighting financial crime and stopping the flow of illicit money in the financial system.
CorruptionAMLFinancial InstitutionsComplianceKnow your CustomerRiskAnti Money LaunderingKYCTone at the TopFinancial operationsTransaction MonitoringEthicsCompliance expert
