Even though the US Patriot Act and the Bank Secrecy Act impose a number of anti-money laundering obligations on global banks, many times banks end up attracting fines, penalties, and forfeitures for AML violations. The financial ramifications of AML violations are huge. The US government records show that global banks, including a number of European banks, paid USD 12 billion in fines, penalties, and forfeitures between 2009 and 2015. So why do banks run afoul of AML laws when the implications are well known? A review of the recent penalties imposed on European banks for AML non-compliance, highlights gaps in process controls and governance that led to non-compliance and facilitated money laundering. It’s worth examining the issues that led to the penalties to find out how to avoid similar situations.
Hiding client identity a common AML infraction
Here are five instances where different banks were penalized for AML non-compliance. One of the banks (Credit Agricole) was penalized for clearing the transactions of Iranian and Sudanese companies linked to the development of weapons of mass destruction. The end customer’s identity could not be traced for these transactions due to the way in which the transactions were handled. The payments were routed through special purpose vehicles that bore no obvious connection to the actual clients.
In another instance, Commerzbank ran several schemes to process payments on behalf of Sudanese, Iranian, Burmese, and Cuban entities, and the identifying information was omitted from the transactions. In a third instance, Deutsche Bank processed transactions on behalf of US-sanctioned countries and entities including Iran, Libya, Syria, Burma, and Sudan using non-transparent methods and practices.
In yet another case, Barclays bank was penalized for processing transactions for entities that were on US sanctions lists. In our final example, the Barclays bank did not collect the required information from its clients. A lower level of due diligence was applied than required by government policies and details of the transactions were kept strictly confidential, thereby facilitating money laundering.
Closer examination shows wide-ranging AML non-compliance
Although, all five instances are apparently straightforward sanctions-related violations, a detailed review indicates wide-ranging non-compliance. For example, let’s take the omissions and commissions of a bank that was penalized for facilitating payments on behalf of Iranian and Sudanese entities: Certain schemes offered by the bank, such as the following, helped their clients conceal the true nature of the transactions.
- Non-transparent payment messages, known as cover payments, not only concealed the involvement of sanctioned entities, but also removed information identifying the entities from payment messages.
- The bank also created a ‘safe payment solution’ mechanism that involved routing payments through special purpose vehicles controlled by an Iranian company. Such vehicles were incorporated outside Iran and bore no obvious connection to the Iranian client.
- Due to a lack of coordination between the European operations of the bank and the New York branch, it failed to raise the necessary red flags in time, resulting in the New York branch clearing the transactions and also not filing Suspicious Activity Reports (SARs).
These transactions show a blatant compliance failure on the part of the bank: the bank’s inadequate process controls failed to stop the transactions.
Getting AML compliance right
Implementing a few best practices can help avoid AML non-compliance issues. In our view, the level of moderate compliance controls led to the removal of ‘negative’ information from wire messages in such a way that the messages got past compliance filters. How do you avoid this issue? First, the AML transaction monitoring and sanction screening platforms must never allow manual ‘process superseding’. Only senior managers must exercise such power and a four-eye check method is the best solution for such a process. Second, by using wire-stripping detecting solutions, you can prevent amended payments from being processed, intentionally or otherwise.
As a best practice, you must also implement a reliable compliance program supported by an adequate level of operational independence. A reliable AML compliance program includes obtaining all mandatory information from the clients, duly identifying the level of due diligence to be applied, and completing the appropriate due diligence program. In addition, ensure ongoing monitoring of accounts by applying all controls according to the risk levels. Finally, you must support the overall program by investing in technology and qualified human resources to ensure operational effectiveness and avoid financially crippling fines and penalties.