Recent banking scandals have highlighted the challenges facing businesses and the growing global threat of money laundering and terrorism financing.
In the past three years, anti-money-laundering/counterterrorism-financing (AML/CTF) has swept across corporate Australia. Westpac and CBA have each lost both chair and CEO against the backdrop of AML/CTF scandals. NAB, AMP and Afterpay are among other businesses that have failed to comply with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. Maximum penalties for most breaches of the Act are a staggering $21m per breach. Ratings agency S&P says AML/CTF compliance problems are dragging on the profits of all the big four banks.
AML/CTF scandals are not just an Australian phenomenon. While Westpac was descending into strife in Australia for 23 anti-money laundering alleged breaches in 2019, on the other side of the world, the CEO of Sweden’s venerable Swedbank and the chairman of Denmark’s Danske Bank were both felled by revelations of suspicious transactions at their banks’ Estonian branches. The year before, US Bancorp and Rabobank both paid hundreds of millions of dollars in US fines, while Dutch regulators fined ING US$900m. In 2018, the European Central Bank (ECB) withdrew the licence of Malta’s Pilatus Bank altogether.
The challenge of preventing money laundering and terrorism financing seems impossible to fully meet. On one calculation, the pile of “bad money” laundered globally each year now tops US$3 trillion in 2018 dollars. That’s based on rough estimates used by the United Nations Office on Drugs and Crime, and originally made in 2011. More reliable figures don’t exist.
Lessons for boards
Anti-money laundering/counter-terrorism compliance:
- Understand your company’s AML/CTF risks.
- Ensure your organisation’s AML/CTF risk assessment is current.
- Check that the elements of your AML/CTF program are being implemented and maintained.
- Make certain management is creating “a culture of compliance” for AML/CTF.
- Be sure the organisation is devoting sufficient resources to the task.
- Keep abreast of emerging risks.
- If a breach occurs, make certain AUSTRAC is satisfied with management’s remediation.
Sources: AUSTRAC, FTI Integrity, Waterstone AML, Allens, Evelyn Horton. AUSTRAC provides checklists and resources on AML/CTF governance for directors at austrac.gov.au/aml-ctf-governance
Worse, authorities only intercept 0.2 per cent of the total, according to those same UN calculations. Even the figure of 0.2 per cent requires huge effort. Reporting suspect transactions is a difficult task that is getting harder. The volume of global payments continues growing at an estimated six per cent each year, with payment technologies continually evolving.
AUSTRAC’s publicity material says its expert analysts use the information they gather to gain “a complete intelligence picture”. But Brad Brown, national manager of AUSTRAC’s intelligence partnerships division, declines to provide a figure for AUSTRAC’s intercept rate, and “can neither confirm nor deny” whether AUSTRAC is above the 0.2 per cent rate. In 2018–19, the agency received reports on 250,000 “suspicious transactions”.
The post-transaction monitoring systems that banks and other financial institutions use to catch these transactions share one big problem: they throw up huge numbers of “false positives” that can never be confirmed as criminal. Nick Van Benschoten, principal of economic crime policy at UK banking and financial services trade association UK Finance, speaks of a “data deluge” that has left finance firms struggling with too many alerts, and few of them leading to useful actions.
A 2017 report by the Royal United Services Institute (RUSI) found 80–90 per cent of suspicious transactions reported by private bodies “are not providing operational value to active law enforcement investigations”. Yet the volume of suspicious reports keeps growing by 11 per cent in the US and UK annually.
Last year, financial consulting firm FTI estimated that US$14.9b of fines had been levied for AML and sanctions offences globally since 2013. However, most offences go unpunished.
The 2017 RUSI report summed up this grim scorecard: “The current system for reporting suspicions of money laundering, terrorist financing and other serious crimes through the international financial system is not working effectively.”
A vast array of companies has been enlisted in recent years to try to improve the interception of laundered money. Westpac and CBA are the most visible, but Australia’s AML/CTF rules apply to a wide range of transactions that are valued at more than $10,000. Rod Francis, a senior managing director at global compliance firm FTI Consulting and a veteran of compliance leadership roles at Citi, UBS, Credit Suisse and Morgan Stanley, runs through a list of some of the parties affected: solicitors, lawyers, accountants, payment intermediaries and casino operators. Of course, there are many more.
Jason Masters FAICD is a director and governance adviser, as well as a former NSW Ombudsman. He sits on the board of Uniting Financial Services, a $1.5b revenue financial institution, which he says has been working to better understand its AML/CTF obligations since the CBA money laundering scandal. But AML/CTF even applies to a cemetery Masters helps to oversee. “The average price of a grave in Sydney is more than $10,000, which puts it above that threshold, and it’s a tradable item.”
Breaches of AML/CTF regulations can effectively take away control of a company. “Management and boards are finding themselves in the peculiar situation of no longer being in charge of their destinies,” wrote Norton Rose Fulbright law firm’s financial crime advisor Sven Stumbauer in an International Banker article in June 2019. As investigations ramp up and the prospect of penalties rises, “some financial institutions will now have to spend a multiple of the amount on mounting a regulatory defence and response while at the same time augmenting their control structures with haste”. It is better to take the time to get it right.
The Fintel Alliance
AUSTRAC’s world-first private-public partnership aims to combat money laundering and terrorism financing.
In the traditional model of financial intelligence, each bank sits in the market without any overview of financial crime. As Waterstone AML’s Amanda Wood puts it, “The banks have to guess what it is that is of interest to law enforcement.” Companies don’t even get told whether their information helps enforcement agencies, she says.
AUSTRAC’s Fintel Alliance — like similar bodies in the UK, Hong Kong and Singapore — aims to bring the major banks and other large finance and gambling companies into the AML/CTF intelligence loop. Effectively seconded by AUSTRAC, these companies’ personnel collaborate with law enforcement, share information and test new technology solutions together. AUSTRAC’s Brad Brown says the organisation is viewed as a global leader in such collaboration. AUSTRAC reports the Fintel Alliance “contributed to the arrest of 108 persons of interest” in 2018–19.
“When international bodies around AML get together to talk about what is the future, this is what they talk about — these collaborative partnerships between the public and private sector,” says Wood.
FTI Consulting’s Rod Francis calls such bodies “critical” to delivering timely insights into financial transactions and would like to see more collaboration. However, he describes their record of success to date as “wobbly”, constrained by data privacy requirements and communications issues.
Brown says the Alliance is working to strengthen relationships and build an enduring capability, adding, “You crawl before you walk, before you run.”
A toxic topic
Evelyn Horton FAICD, a former head of regulatory affairs at Macquarie Group, provides an extra reason to elevate AML/CTF compliance: the toxic subject matter. If you breach AML/CTF laws, you are likely to end up in online news services, radio and TV stories, newspapers and everywhere else in a sentence that includes your brand name and terms such as “meth labs”, “gangland murders” and “cocaine smuggling”. Or, in the case of Westpac in late 2019, “child sexual exploitation”.
Horton says when the media describes such breaches, “there’s almost no way the sentence ends well”. AML/CTF episodes have all the ingredients to be media disasters — another crucial reason for boards to work at making sure they don’t happen.
How boards should act
Across the globe, AML/CTF regulators are including directors in their activities. US courts have already begun to examine how boards act in deciding AML/CTF cases. In mid-2019, a senior Bank of England official warned that bank board members will have to pay increasingly close attention to automated anti-money laundering checks.
Stumbauer and other experts advise that to satisfy regulators, boards at financial institutions need to do more than just “set the tone at the top”. Regulators will look at specific board actions as they decide whether — and how hard — they sanction such organisations. Therefore, boards need to create a culture of compliance, adequately resource compliance staff and ensure they reach regulatory-compliance and corporate governance goals (see checklist).
If this sounds straightforward, consider the experience of Francis, who tells of discovering one client’s functioning transaction monitoring system had seven years of unexamined reports.
Amanda Wood, of consultancy Waterstone AML, was Westpac’s money-laundering reporting officer in 2017–19, as well as heading financial crime compliance for CBA, and general manager of compliance for AUSTRAC. As she points out, Australian law imposes a specific obligation on boards to oversee their AML/CTF program.
Masters says an important skill for directors who maintain that oversight is knowing the right questions to ask. Boards need enough expertise in their ranks to provide “a good counterbalance to the views from management”. Other voices of counterbalance, such as internal audit, also need to be listened to, he says.
At the top of Wood’s list of questions for directors are assurance practice queries. “How is management satisfying itself that the controls that have been built to manage this risk class are effective?” she asks. “What reports are the board getting from management around those matters?”
Compliance is far from a one-off activity. David Lehmann, a principal in the PKF Integrity services business, notes that the AML/CTF Act calls for organisations covered by the legislation to conduct periodic independent reviews of their compliance programs. If and when AML/CTF issues arise, Horton recommends boards behave as Macquarie Group’s board did — by ensuring they get reports not just on progress in fixing the problem, but on how the regulator has responded to those fixes. Notes Horton, “Management thinking they’ve completed an action on time is different from a regulator agreeing that it’s been completed.”
Patience is running out
Within regulatory bodies, as FTI states, “patience is running out with delays in implementing strong anti-financial-crime controls”. Groups such as the G7’s Financial Action Task Force (FATF) and the European Union continue to tighten the rules in an effort to improve their intercept rate.
Yet there is still pressure for tougher enforcement. US think-tank Global Financial Integrity says, “Bankers who knowingly commit crimes and allow bank accounts to be used to shelter criminal money should be held personally accountable.”
For boards, AML/CTF is here to stay.
Already a member?
Login to view this content