Another big AML scandal was revealed yesterday by the International Consortium of Investigative Journalists (ICJI). But whilst the Panama Papers made Cameron and a few choice politicians lose their lunch appetite one afternoon, the FinCEN Files have brought the dark corners of financial institutions HSBC, Standard Chartered, Deutsche Bank and BNY Mellon into a glaring spotlight.
We are not talking here about some light touch issue, we are talking about money transferred to criminals, corrupted politicians, people and drug trafficking. Serious stuff.
What struck me about the files? Old well-known patterns of behaviour in the traditional compliance banking world, “nothing new, nothing to see here”. What continues to fail? And how can we in crypto compliance learn from this to not fall into the same lax trap? My reflections from reading the FinCEN Files, a (traditional) finance horror story.
Some ‘same old’ methods like the ‘mirror trade’ were on display, although new interesting information came to light about an offending bank such as the average time of 166 days between preparing a SAR (Suspicious Activity Report) report and having it sent to FinCEN, a process which should take seconds in the correct automated fashion. One would laugh if not for the fact the laundered money, the ‘numbers on the screen’, were proceeds from terrorists, exploitation of the weak and every criminally profit-driven act under the sun.
It seems that the cryptocurrency market truly is far more transparent, compliant and safe than the traditional financial sector. For years I have been banging on about the same point. But these files are a vindication if ever there was one.
Looking at the figures one can imagine just how much more systemic the problem is than outlined by the files, comprehensive as they are. The ICJI collectively analysed 2,100 SARs, which was only a pithy 0.02% of the total SARs submitted to FinCEN. 0.02%. Zero point zero, two. From this 0.02% of files it was established by journalists that these global banks moved at the very least more than $2 trillion between 1999 and 2017 in payments the banks themselves believed were suspicious and should be frozen. The true amount of tainted money moved could be … 50 times larger.
KYC failed, again.
In some cases, even with the actual beneficiary. KYC 101. Banks can no longer live without the ‘no beneficial owner = no business’ principle and we cannot accept nominee shareholders. These files show this shroud of secrecy is too ill used. But it is not just the issue of cross jurisdiction law loopholes. What matters is also in a bank’s team. The ‘who’. In banks of a certain size, we simply must not live without specialised KYC departments that are properly appointed, trained and incentivised. And what is most important, simply be able to say no to shady clients without fear of retaliation.
Transaction analysis failed, again.
The schemes analysed were simple and, as a rule, the criminals did not come up with anything new. What’s worse – the correspondent banks raised alarms to no avail, i.e. their inquiries remained either wholly unanswered or without the minimal appropriate investment of resources. Maybe the client was asked about the source of the funds and did not answer, or maybe was not asked about it at all. Correspondent banks’ queries cannot and should not be ignored.
We cannot just wait for a reaction from state authorities and regulators and do everything by ‘gold plate’ requirements. Compliance reports are based on clear analysis and as soon as a financial institution, bank or payment provider has suspicions of foul play, they should skilfully limit their risk.
Not doing so only kicks the can (and cost) further down the road until it snowballs.
The problem however also revolves around the insufficient resources granted to Money Laundering Reporting Officers (MLRO) in organisations. Of course, they are the most important when something starts to burn or there is a loss of control. But until then an afterthought. In a mature firm we are crucial – without which the business fails to conduct operations in a safe and secure manner.
Objectively, however, the role and position of MLROs in organisations is not as strong as it should be, and certainly not as strong as the Basel Committee might have imagined in recent documents. I believe that we will see the times when AML will be a separate unit in each bank. But we lack a strong voice from forward-thinking ‘first mover’ regulators like the FCA. Without them taking the lead, the systematic issues raised by the FinCEN files will fall far from the mark.
Reflecting on what is written above, some may try to hide a smile. I would not be surprised. Conversing on subjects that cost extraordinary amounts of money in an era where every cent is watched from all angles is not the norm. But is there any other way out of systemic issues apart from continuing to speak on them?
If those in crypto are waiting in silence for the same lax issues to happen – they will. It is better to learn from another industry’s mistakes, be proactive rather than reactive, but unfortunately that attitude doesn’t always work.
For that last postulate – for some maybe just as ‘cosmic’ (and comical) as the rest – the tone in AML must come from above. From the Management Board. Otherwise, no amount of swaps in key positions, wider organisational changes or new IT systems will help.
The FinCEN Files will change AML ‘efficiency’ with certainty. If only we knew how, when and where. But I think I do know what should.