24 May 2019
It’s been 30 years since the Sommet de l’Arche in Paris established the Financial Action Task Force (FATF) to combat money laundering. So where have we come to in Europe and what remains to be done?
The last three decades are not without their accomplishments. Money laundering has been criminalised not just in Europe but in the world over. Predicate offences have widened from drug trafficking to the proceeds of all crimes. Europol has established itself internationally as a police force that fights money laundering. The Egmont Group has grown to a large international organisation of 159 financial intelligence units, representing the operational arm of AML/CFT deterrence to complement the strategic arm of the FATF. Fifteen EU member-states (plus the European Commission) are full-fledged members FATF members and the remaining thirteen are members of Moneyval, the European regional version of FATF. Moneyval includes non-EU/EEA member-states such as Russia and Ukraine. European governments evaluate each others’ AML performance every so often. The term “money laundering”, unheard of in 1989, is now in common parlance.
However, the amount of proceeds of crime recovered as a result of successful money laundering prosecutions, as compared to the amount thought to be available to be laundered, is around 0.1 percent at best. It is a small wonder that commission of the underlying predicate offences remains rife, and increasing, particularly in relation to emerging criminality, such as cybercrime. So why is the European AML system so ineffective in reducing the impact of the underlying crimes upon European citizens?
Three focal points
The major AML issues in Europe can be divided into three distinct categories: governance, risk management and capability. Some feel it is a simple question of reforming the European AML supervisory architecture, but the answer is much more complex and nuanced than that. True, AML deterrence in Europe does need better governance, but merely improving the structure of European authorities won’t keep organised crime lords and other members of the dark economy awake at night unless such is a step is matched with action, commitment and improvements in our capability to fight financial crime.
Key issue: governance
There are many fault lines across Europe in relation to AML governance:
- Firstly, Europe lacks a clearly-stated objective for what its AML regime is meant to accomplish. Yet without clarity of vision, mission and modus operandi, it is difficult to see how progress can be achieved. It should be greater than merely securing the financial and operational integrity of the EU, though that would be a good start. Most governments seem to focus on fining gatekeepers rather than convicting the perpetrators of predicate offences. This is ineffective in terms of reducing the scourge of drug trafficking across Europe, to use one example.
- What’s more, only 15 EU nations are members of FATF. The remaining 13 countries are members of Moneyval. Nineteen of the 28 EU member-states are members of the Eurozone. These fault lines cause dislocations across the EU in terms of deterrence, not just of money laundering, but of financial crime in general.
- There is no EU coordinating body for AML policy except for the European Commission, with certain monitoring and supervisory functions carried out by the European Central Bank and European Banking Authority, and some loose information-sharing arrangements between national authorities.
- The enforcement of criminal laws is reserved for individual member-states. True, there is some coordination of investigations through Europol, and instruments such as the European Arrest Warrant have been created, but usage of such tools varies wildly across the bloc.
Governance is not just about architecture, however. It’s also about “battle rhythm”:
- The gestation periods of European legal and policy measures are far too long. In relation to the EU’s Fourth Money Laundering Directive, for example, the “flash to bang” time (carrying out policy development within FATF to implementation of the associated directive) was well over a decade. This is far too long to deter financial crime effectively, and such lag times undercut efforts to respond to the explosive growth of cybercrime and other issues.
- The mutual evaluation cycle is also around a decade long. With virtually all EU businesses subject to annual examinations and monitoring, why should this concept not also apply to AML deterrence at the governmental level? There is currently no annual assessment of EU member-state performance against the FATF’s recommendations.
Key issue: risk management
No key performance indicators (KPIs) have been set by the FATF or Moneyval, and member-states are not even collecting data on the underlying offences in a coordinated manner, yet this is vital for effective policy development. How can policies possibly be effective if you don’t know the numbers? True, FATF has developed some indicators (known as “Immediate Outcomes”), but these are not the same as KPIs directly tied to predicate offences. An assessment of what really needs to be measured is urgently required in order to develop the correct tools, fund the most effective action and reduce the ever-growing scourge of the underlying crimes. Even the most advanced EU member-states have much to improve, so greater government commitment is necessary.
In order to reduce compliance burdens and increase effectiveness, the concept of risk-based deterrence has been introduced. Although highly attractive conceptually, the risk-based system has stumbled in practice, in large part because it is the regulator who decides what the risk is, rather than allowing firms to carry out their own risk function, with regulators verifying that the risk process works and firms honing their risk-assessment skills. This initiative needs to be less dirigiste if it’s to succeed.
In assessing how deterrence should work, many regulators have latched on to the three-lines-of-defence principle. This follows the old military concept of castle building—the outer wall representing the first line of defence, the inner wall the second line of defence, and the keep the final line. While fine for mediaeval strongholds, the only organisation building castles these days is Walt Disney.
This concept of defence as applied to financial institutions has the customer-facing staff as the front line, compliance as the second line and audit in the castle keep. As a fortification against money laundering, the principle is outmoded and ineffective, not to mention it encourages the wrong mentality. Better a system of integrated active defence, where all anti-money laundering assets are designed to work together in a manner similar to that of militaries that implement Integrated Air Defence Systems and Integrated Carrier Battle Groups.
Key issue: capability
Training of law enforcement in how financial markets work is generally below what it could be. Virtually all law enforcement officers are given some financial investigation training, but this is not the same as instruction in the operation of financial markets such that law enforcement has a chance of recognising egregious behaviour, apprehending the perpetrators and obtaining necessary evidence. Some kind of specialist financial police are needed, properly trained and supported, in all countries. Commitment currently ranges from Financial Investigation Units consisting of just one law enforcement officer, to specialist financial police like the Guardia di Finanza with a force of around 70,000 persons.
Fines levied on banks are in the billions, yet at the same time governments appear unwilling to fund even small law enforcement projects. One member-state agency seeking €5 million to upgrade its creaking IT system so that it can cope with suspicious activity reports has finally been promised the funding, but not until 2023.
AML compliance has become an end in itself, highly bureaucratic, with the real objectives having become lost in a mass of organisational data kleptomania. Digitisation of business has given rise to a search for an automated AML nirvana, reducing human input to a bare minimum. Yet money laundering deterrence is a human issue and programming errors can increase costs dramatically, as battles to reduce false positives have shown.
Compliance is also often seen as all cost with little or no benefit. CEOs appear to prefer running the risk of massive fines to ensuring that their business models and compliance functions are properly aligned, effective and efficient. Far from scandals having changed such attitudes, they have been perpetuated, as the recent response by Scandinavian banks demonstrates.
The way forward
So where does the solution lie? The following steps and options are recommended for consideration:
- Develop clarity of vision and mission. Processes need to have an impact on the underlying threats, or there is no point introducing them.
- Assess whether a new AML body is needed within Europe at policy coordination level. This could be separate, or be the policy arm of Europol, for example.
- Ensure coordination works between EU member-states, EEA member-states, and non-EU/EEA states, at all levels, and with similar bodies in related areas, such as ENISA.
- Improve cross border cooperation, at all levels, including data collection, intelligence generation, policymaking, investigation, information exchange, prosecution, etc.
- Adopt key performance indicators (KPIs) that relate to the underlying criminal threats that AML laws are intended to impact. These need to be thought through, rather than being measures which are adopted purely as they are a measure and/or are easy to measure (such as the number of suspicious activity reports filed with law enforcement). The right metrics are needed to combat the threat. Data collection techniques in this area are also in need of improvement.
- Allow firms to develop and use risk-based systems to improve effectiveness.
- Carry out effective benefit-cost analysis (rather than cost-benefit analysis) of proposed new measures.
- Adopt active, coordinated defences, rather than the static three-lines-of-defence model, with all its attendant difficulties referred to above.
- Encourage training and spending on specialised financial police.
- Increase funding and support of law enforcement, particularly of undercover operations and IT systems, enabling law enforcement to follow the money trail from commission of crimes.
- Improve training standards to a new EU level, including the courts process, policy makers, investigators and intelligence analysts.
So what are the options for Europe? In essence, they are to carry on as now (“EU AML 1.0”), with little success. Alternatively, Europe can counter money laundering with renewed vigour, centralising that which needs to be centralised, integrating all AML defence systems and ensuring that this “EU AML 2.0” works in each of the various member-states, particularly given the differences in threat, vulnerability and risk of those member-states.
Looking at the figures on drug deaths, terrorism, fraud, cybercrime, organised crime, etc., in each of the member-states, and the negative impact these have on the whole of the EU, things could be different. Money laundering, like climate change and the threats to the natural world, is a truly European issue and needs a truly European response. We must not be found wanting.
Financial Markets Law International
Count this content towards your CPD minutes, by signing up to our CPD WalletFREE CPD Wallet