25/07/2023

In this edition, we take a look at recent regulatory developments, the impact of the UK Government’s latest Economic Crime Plan on industry and how the regulators have been turning up the heat on the firms they supervise – as well as covering some of the other key stories relevant to those in financial crime compliance operations.

Is the regulatory pressure cooker about to blow?

The pace of regulatory change is unrelenting and ramps up pressure for regulated businesses to implement new processes to meet its new compliance obligations.

The Economic Crime Corporate and Transparency Act (ECCT) continues its passage through Parliament on route to being passed into law, with a number of amendments being made to broaden its scope. Its primary focus remains to reform Companies House and implement identity checks on directors and shareholders thus helping to prevent misuse of company structures for financial crime. However, it also contains other reforms, such as action to help enforce recovery of illicit crypto-assets and measures to encourage greater information sharing between firms to tackle financial crime.

Further amendments are being considered by Parliament and the final Bill is due to complete its passage in the Autumn.

Details are still quite light in many areas, but firms should be monitoring the likely effects on their compliance teams. For example, as the new identity verification regime is implemented, to what extent cancan this information be relied on by compliance teams when performing , or will it need independent verification?

Regular updates are posted by UK Government, the latest from June can be found here.

AML regulation is constantly being beefed up, as we reported in our last issue. This quarter, it’s been the turn of the regulators; The Gambling Commission, HMRC and OPBAS; all have issued reports discussing their findings based on recent supervisory activity and each has raised a number of areas of concern, including:

The Gambling Commission recently updated its anti-money laundering guidance for casinos in recognising the increased risk from proliferation financing whereby a casino could inadvertently receive funds from individuals involved in illegal activity involving biological or nuclear weapons. Attempting to close this loophole, the guidance expects casino operators to implement risk assessment in their firm’s policies, controls, procedures and training of analysts in proliferation financing . Whilst wholly necessary and justifiable, this adds yet another layer of complexity for compliance teams in the sector, over and above their standard money laundering and terrorist financing obligations and will represent further time and resources commitments to what are often already stretched operations.

All 22 professional body supervisors come under the OPBAS umbrella and monitor AML within the legal and accounting sectors in general. In its recent annual report, OPBAS makes clear that the overall standard of supervision – with a few exceptions – is not where it should be and announced it is reviewing its enforcement powers, where needed, to drive improvements. The number one area of focus will be in encouraging wider adoption of a risk-based approach. As supervisors do this, the firms they regulate in the legal and accountancy professions will be under greater pressure to adopt a risk-based approach in their client onboarding procedures. Firms in the professional services sectors are strongly advised to ensure their AML controls are up to speed. These sectors were identified as ‘high risk’ in the last national risk assessment recognising the extent their services are vital for financial criminals to operate as they attempt to launder and conceal the proceeds of their illicit activities through the misuse of corporate structures and bogus accounts.

In June, the HM Treasury (HMT)had released a consultation document on the Reform of the AML and CFT Supervisory Regime, outlining potential reforms to address weaknesses identified in the 2022 review. Consultation lays four models:

• OPBAS+: This model doesn't involve any structural changes, but it grants enhanced powers to boost the effectiveness of supervision by Professional Body Supervisors (PBSs).
  
  
• PBS Consolidation: In this option, either two or six PBSs will retain responsibility for AML/CTF supervision. They'll be responsible for different sectors, with one focusing on accountancy and another on legal sectors, or each sector having its own PBS in each jurisdiction.
  
  
• Single Professional Services Supervisor (SPSS): Imagine a single body taking care of supervising all firms. That's exactly what this model is all about - streamlining everything under one roof.
  
  
• Single Anti-Money Laundering Supervisor (SAS): In this scenario, a single public body will be in charge of AML/CTF supervision, leading to the Financial Conduct Authority (FCA) and the Gambling Commission (GC) stepping down from supervisory roles.

This consultation will be open for responses until September, so if you're involved in the financial sector, make your voice heard and share your thoughts on these potential reforms.

As the regulator for Money Services Businesses (MSBs), HMRC recently issued a total of £3.2m in fines to no less than 240 firms over a six month period to December 2022, a recent report from Gov.UK revealed. MSBs perform a vital role in enabling international wire transfers, but have long been recognised as high risk for money laundering. The message from the regulator is loud and clear – review and tighten up your AML controls, or risk a heavy fine, or worse.

On top of this, UK Banks have been fined an eye-watering total of $222million in the past 12 months. So, what does this mean if you are an AML-regulated business – how can you learn from the persistent failings of others? It’s usually the same story: inadequate risk assessment at onboarding leads to insufficient due diligence taking place, resulting in a lack of ongoing monitoring and failure to properly follow AML policies.

The key to adopting a Risk-based Approach in customer onboarding is creating a well- structured initial risk assessment, taking into consideration a number of factors that could indicate the possibility of money laundering or terrorist financing risk. This will be different for onboarding individuals or companies, but each will generate a risk scoring matrix based on many different factors such as jurisdiction, nature of activity, wealth/cash balances, any previous adverse history etc. This is used to determine the appropriate level of customer due diligence needed for that relationship. It is a more complex than the traditional ‘one size fits all’ approach to onboarding but ultimately is a more effective way to identify possible financial crime.

Keeping an eye on law enforcement and policy makers...

The National Crime Agency (NCA) is home to the UK’s Financial Intelligence Unit, which recently published two important documents: the latest SARS in Action report, and the UKFIU Reporters Booklet, which is aimed at the reporting community in all AML regulated businesses.

They both provide great examples of how SARs actually lead to criminal conviction and underline the importance of making good quality disclosures. SARs in Action looks at four big compliance trends: fraud, romance scams, money mules and fraud communications, providing a rich source of detailed information, case studies and practical tips to help compliance teams understand patterns of behaviour. In one such example, the huge volumes of commercial packaging waste recycling has spawned a swathe of fraudulent companies taking advantage of the credit mechanisms. If you are onboarding a new company involved in waste recycling, the report proves a useful checklist of seven possible red flags which could indicate a company is fraudulent and looking to launder its illicit profits. It goes without saying that you should use high-quality data sources when conducting checks on a company claiming to operate in the waste recycling sector and conduct proper business verification due diligence.

The SARS in Action report can be downloaded here, and the UKFIU Reporters Booklet can be found here.

The UK government is taking the opportunity to improve SARs reporting from Financial Intelligence Units of regulated firms. In its last report, the UK’s FIU at the NCA, reported that the number of SARs submitted rose to by over 20% to nearly 900,000. However, is also in the scope of the new ECCT Act, which features proposals to improve the quality of reporting and reduce the administrative burden on businesses to have to always submit a Defence Against Money Laundering (DAML) request. Firms should monitor the updates, ensuring that appropriate steps are taken to communicate these messages to compliance staff, and review processes where amendments may be required to reporting controls.

The Financial Action Task Force (FATF) full Plenary meeting took place in June, from which came three important updates worth keeping an eye on:

• FATF members agreed to publish its latest update on Implementation of standards on Virtual Assets and Virtual Asset Service Providers, first published in 2019. The fast-moving nature of this sector has typically meant regulations lag behind the latest developments. This update aims to address that, covering a wide range of regulatory requirements to be implemented in the crypto sector and making clear than many jurisdictions are falling well short of the standards. One area highlighted as needing urgent attention is implementation of the so-called ‘travel rule’ which specifies due diligence be applied at both ends of a payment transaction exchanging identifying information. Achieving this in the crypto sector is no easy task and can only be done with the right technology.
  
  
• In an announcement that surprised everyone, alongside Vietnam and Cameroon, Croatia was added to the ‘grey’ list in June due to shortcomings in its national AML controls – the only EU country to find its way onto the list. One of the challenges for UK-based financial institutions is the discrepancies that occur between the FATF grey list and the UK’s own list of high-risk third countries, usually due to a time lag caused while the UK assesses the impact of adding newly-listed countries. The list also known as ‘Schedule 3ZA’ is part of the Money Laundering regulations and was updated on 23rd June. It can be found here. The schedule gives details of every country listed and the reasoning. For firms with customer exposure in countries contained in the list, enhanced due diligence measures should be taken and firms are advised to regularly review schedule 3ZA to keep abreast of when newly grey listed countries are added by HM Treasury.
  
  
• It is well known that some charities and not-for-Profit organisations act as a front for illicit activity, including fund raising that ends up financing terrorist organisations. New concerns in this area have led to FATF reviewing its guidance and issuing a new FATF best practices paper, Combating the Abuse of Non-Profit Organisations. Based on adoption of risk-based measures to combat economic crime, this was discussed by delegates and agreed to be published for consultation. A summary of everything discussed at the recent plenary can be found here.

Does the new Economic Crime Plan go far enough?

In April, the UK Government finally released its updated plan to tackle financial crime, covering the period 2023-2026. The financial crime community waited with bated breath to see what it would cover and the potential impact on the sector. Having now seen the plan, the question on everyone’s lips is, does it really goes far enough?

The plan sets out three overarching objectives: reduce money laundering and recover more criminal assets; combat kleptocracy and drive down sanctions evasion; and finally, cut fraud.

It sets out a range of specific actions against each objective, all of which, if successful, would start to reverse the tide of financial crime. Critical to success is the safe passage of the Economic Crime and Corporate Transparency Act, funded via implementation of the Economic Crime Levy and strengthening of the public-private partnership.

Critics of the plan argue that key to strengthening this partnership is funding, particularly in the public sector. Until law enforcement resources get the technology, staffing levels and ability to deal with the avalanche of suspicious activity reporting they receive, effective investigation of financial crime will not be possible. The new economic crime levy is estimated to raise around £400m – a drop in the ocean to the many billions being spent on financial crime compliance by the private sector. Fraud and money laundering – costing the economy many billions a year – is seen as a national security risk yet funding continues to fall well short of where it should be to make a difference.

The full Economic Crime Plan can be found here.

Improving AML efficiency through technology is now an imperative

Ever increasing costs of compliance, customer demand for the ‘frictionless’ onboarding journey and increasing regulatory demands are combining to create pressure on firms to take a fresh look at their technology.

Anyone attending AML-focussed conferences or webinars recently will likely have found AML technology to be high on the agenda. The recent Anti-Financial Crime Exchange UK event brought together practitioners from a wide range of banks, financial institutions and leading technology and data vendors. Over the two days, a mix of talks, workshops, one-to-one meetings and networking sessions generated a passionate and informed conversation about how AML technology needs to respond to the demands from industry to transform financial crime prevention and improve efficiency. The fact that one expert panel asked the question “to what degree can anti-financial crime technology act as facilitator for business growth?” shows how far the industry has moved in its attitude towards AML compliance.

Treating AML compliance as a core strategy and part of the business growth agenda may seem counter-intuitive, but more and more leading firms are doing exactly that. Investing in technology, proactively managing data and upskilling staff will only help give the business competitive edge.

AI-based technologies such as machine learning and natural language processing all have a role to play but one of the key challenges is knowing where to start and understanding the technology landscape. A strategic partnership that includes all internal stakeholders, digital transformation experts and technology vendors can massively improve the odds of ‘getting it right first time’ when it comes to creating solutions bespoke for your financial institution.

As the Total Cost of Compliance, 2023 reports, despite AML costs continuing to rise, there is a strong appetite across the sector for increasing adoption of technology-led AML solutions. Transitioning to this approach, in parallel with retaining the vital role skilled anti-financial crime leaders play, is the assumed best way forward.

Follow the money... latest research from UNCTAD

An interesting report emerged from the United Nations Conference on Trade and Development detailing the first ever official data on illicit financial flows.

Financial Crime Investigators have long been exponents of the mantra, ‘follow the money’ when tracking movement of assets and money flows in relation to financial crime and money laundering.

With the help of the United Nations Office on Drugs and Crime (UNODC) illicit financial flows in and out of multiple countries has been captured and converted into statistical data related to drug trafficking, people trafficking and migrant smuggling. The full data set is available here.

The study lays bare the extent to which criminal activity leading to money laundering impacts society, particularly in already poor countries. It also highlights where there are vulnerabilities in the financial system, requiring more in-depth enhanced due diligence in checking both individuals and businesses. For businesses with exposure in these regions, all third-party relationships will require enhanced due diligence to identify possible bribery and corruption risk and potential reputation damage, as well as monitoring for Environmental, Social and Governance (ESG) risks with customers and third parties in the regions covered by this study.

This summary of the research from UNCTAD is worth a read and can be found here.

Sanctions Update

At the recent Risk Ready Partner Summit event hosted by LexisNexis® Risk Solutions for its clients and partners, delegates raised several issues around understanding and implementing trade embargoes, dealing with complex sanctions arrangements, and identifying sanctions evasion tactics.

Cooperation, sharing knowledge, hearing from the experts are a few of the reasons that make attending industry events like this wholly worthwhile.

For guidance and analysis on the past 12 months’ global sanctions activity and a 360-degree view of enforcements and changes across all major global regulators, make sure you download the latest Sanctions Pulse eBook and Infographic.

Banks agree to share intel in fight against financial crime

At the time of writing, details remain sketchy, but a number of UK Banks are discussing with the National Crime Agency and other government agencies possible ways to share relevant information to help stem the flow of dirty money entering the financial system. Better intelligence has long been recognised as key to combatting money laundering and terrorist financing, but efforts have been held back by existing legislation and data privacy laws. New measures being introduced in the ECCT Act will help remove the shackles and give businesses more confidence to share relevant intelligence.

This cross referencing of data on high-risk customers using fusion technology systems will enable patterns of money laundering behaviour to be spotted much more quickly, allowing law enforcement to act using new powers granted under the ‘Super SARs’ provision in the 2017 Criminal Finances Act.

The story so far can be found in this Reuters article.

FCA licenses new UK crypto exchange

Crypto exchanges have had their fair share of bad press in recent times, not least of which the collapse of FTX as a result of mismanagement of funds, poor liquidity and a rush of withdrawals. Binance attempted to buy the failed exchange, but pulled out when the extent of mishandled customer funds became clear.

Despite numerous lawsuits emerging in the USA, the FCA recently licenced Bitstamp to operate in the UK as a crypto exchange, citing its commitment to the highest standards. This makes it the first crypto-asset service to be granted a licence since the FCA began its consultation in February.

The positive message this sends can only be good for the crypto industry. No doubt there will be many more challenges ahead, but adherence to AML regulations, identity management, customer due diligence and high standards of governance are the route to success in the long term.

FATF Chairman predicts a wave of digital financial crime

Speaking in Singapore in July, FATF Chairman, T. Raja Kumar predicted a surge in tech-based financial crime as a result of widespread adoption of technology by post-pandemic society.

Kumar stated “Criminals are able to move illicit funds more rapidly, more easily than ever before – exploiting technology and rapid payment systems to move their ill-gotten gains quickly across one or more jurisdictions to mask the money movement trail and stymie law enforcement.”

In response, he said that FATF will reduce the frequency of its Mutual Evaluation Reports on countries’ AML control systems to 6 years, from its current 10/11 year cycle.

It will also shift from technical compliance to an ‘outcomes’ based approach, targeting improvements in the rate of recovery of illegal assets from its presently pitiful level of 1%.

High level speeches like this are worth following as they set the tone for the direction of AML regulation in the future and compliance teams can expect a change in tone both in the regulations and their supervision in the years ahead For too long, the approach has largely been a rules-based and tick-box. The tone of Kumar’s speech, if adopted, points to an approach where the measure of success will be based on reducing levels of money laundering and increasing the rate of recovery of assets.

Finews Asia reported the speech here.

That’s it for this quarter. With the summer holidays rapidly approaching we wish our readers happy holidays. As always, we welcome your views and contributions and look forward to our next update in the Autumn.